rpms/redhat-rpm-config
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import redhat-rpm-config-129-1.el8

Browse Source
This commit is contained in:
CentOS Sources 2022-05-10 03:06:01 -04:00 committed by Stepan Oksanichenko
parent a95bffd78c
commit 4b5db1da17
4 changed files with 126 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
SOURCES/brp-mangle-shebangs
View File

@ -93,7 +93,14 @@ while IFS= read -r line; do
fi fi
read shebang_line < "$f" if ! read shebang_line < "$f"; then
echo >&2 "*** WARNING: Cannot read the first line from $f, removing executable bit"
ts=$(stat -c %y "$f")
chmod -x "$f"
touch -d "$ts" "$f"
continue
fi
orig_shebang="${shebang_line#\#!}" orig_shebang="${shebang_line#\#!}"
if [ "$orig_shebang" = "$shebang_line" ]; then if [ "$orig_shebang" = "$shebang_line" ]; then
echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit" echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit"

103
SOURCES/buildflags.md
View File

@ -13,6 +13,8 @@ this:
This will invoke the `./configure` with arguments (such as This will invoke the `./configure` with arguments (such as
`--prefix=/usr`) to adjust the paths to the packaging defaults. `--prefix=/usr`) to adjust the paths to the packaging defaults.
Prior to that, some common problems in autotools scripts are
automatically patched across the source tree.
As a side effect, this will set the environment variables `CFLAGS`, As a side effect, this will set the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by `CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by
@ -25,7 +27,8 @@ environment variables using
%set_build_flags %set_build_flags
early in the `%build` section. (Again, existing environment variables early in the `%build` section. (Again, existing environment variables
are not overwritten.) are not overwritten.) `%set_build_flags` does not perform autotools
script rewriting, unlike `%configure`.
Individual build flags are also available through RPM macros: Individual build flags are also available through RPM macros:
@ -66,11 +69,24 @@ For other considerations involving shared objects, see:
* [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries) * [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)
# Customizing compiler flags # Customizing compiler and other build flags
It is possible to set RPM macros to change some aspects of the It is possible to set RPM macros to change some aspects of the
compiler flags. Changing these flags should be used as a last compiler flags. Changing these flags should be used as a last
recourse if other workarunds are not available. recourse if other workarounds are not available.
### Disable autotools compatibility patching
By default, the invocation of the `%configure` macro replaces
`config.guess` files in the source tree with the system version. To
disable that, define this macro:
%global _configure_gnuconfig_hack 0
`%configure` also patches `ltmain.sh` scripts, so that linker flags
are set as well during libtool-. This can be switched off using:
%global _configure_libtool_hardening_hack 0
### Lazy binding ### Lazy binding
@ -145,6 +161,63 @@ to the RPM spec file to disable these strict checks. Alternatively,
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
command line). The latter needs binutils 2.29.1-12.fc28 or later. command line). The latter needs binutils 2.29.1-12.fc28 or later.
### Post-build ELF object processing
By default, DWARF debugging information is separated from installed
ELF objects and put into `-debuginfo` subpackages. To disable most
debuginfo processing (and thus the generation of these subpackages),
define `_enable_debug_packages` as `0`.
Processing of debugging information is controlled using the
`find-debuginfo` tool from the `debugedit` package. Several aspects
of its operation can be controlled at the RPM level.
* Creation of `-debuginfo` subpackages is enabled by default.
To disable, undefine `_debuginfo_subpackages`.
* Likewise, `-debugsource` subpackages are automatically created.
To disable, undefine `_debugsource_subpackages`.
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
for background information.
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
`_unique_debug_srcs` control how debugging information and
corresponding source files are represented on disk.
See `/usr/lib/rpm/macros` for details. The defaults
enable parallel installation of `-debuginfo` packages for
different package versions, as described in
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
* By default, a compressed symbol table is preserved in the
`.gnu_debugdata` section. To disable that, undefine
`_include_minidebuginfo`.
* To speed up debuggers, a `.gdb_index` section is created. It can be
disabled by undefining `_include_gdb_index`.
* Missing build IDs result in a build failure. To ignore such
problems, undefine `_missing_build_ids_terminate_build`.
* During processing, build IDs are recomputed to match the binary
content. To skip this step, define `_no_recompute_build_ids` as `1`.
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
(DWARF compression) processing. Undefine this macro to disable this
step.
* Additional options can be passed by defining the
`_find_debuginfo_opts` macro.
After separation of debugging information, additional transformations
are applied, most of them also related to debugging information.
These steps can be skipped by undefining the corresponding macros:
* `__brp_strip`: Removal of leftover debugging information. The tool
specified by the `__strip` macro is invoked with the `-g` option on
ELF object (`.o`) files.
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
processes static `.a` archives instead.
* `__brp_strip_comment_note`: This step removes unallocated `.note`
sections, and `.comment` sections from ELF files.
* `__brp_ldconfig`: For each shared object on the library search path
whose soname does not match its file name, a symbolic link from the
soname to the file name is created. This way, these shared objects
are loadable immediately after installation, even if they are not yet
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
invoked yet).
# Individual compiler flags # Individual compiler flags
Compiler flags end up in the environment variables `CFLAGS`, Compiler flags end up in the environment variables `CFLAGS`,
@ -202,6 +275,11 @@ The general (architecture-independent) build flags are:
variables. (If the address of a variable is never taken, it is not variables. (If the address of a variable is never taken, it is not
possible that a buffer overflow is caused by incorrect pointer possible that a buffer overflow is caused by incorrect pointer
arithmetic involving a pointer to that variable.) arithmetic involving a pointer to that variable.)
* `-fstack-clash-protection`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead.
* `-grecord-gcc-switches`: Include select GCC command line switches in * `-grecord-gcc-switches`: Include select GCC command line switches in
the DWARF debugging information. This is useful for detecting the the DWARF debugging information. This is useful for detecting the
presence of certain build flags and general hardening coverage. presence of certain build flags and general hardening coverage.
@ -240,13 +318,6 @@ added by default. This can be switched off by undefining the
These compiler flags are enabled for all builds (hardened/annotated or These compiler flags are enabled for all builds (hardened/annotated or
not), but their selection depends on the architecture: not), but their selection depends on the architecture:
* `-fstack-clash-protection`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead, but
is only available on certain architectures (currently aarch64, i386,
ppc64, ppc64le, s390x, x86_64).
* `-fcf-protection`: Instrument binaries to guard against * `-fcf-protection`: Instrument binaries to guard against
ROP/JOP attacks. Used on i686 and x86_64. ROP/JOP attacks. Used on i686 and x86_64.
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in * `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
@ -260,24 +331,18 @@ not), but their selection depends on the architecture:
useful because unwind information is available without having to useful because unwind information is available without having to
install (and load) debugging ienformation. install (and load) debugging ienformation.
Asynchronous unwind tables are enabled for aarch64, i686, s390x, Asynchronous unwind tables are enabled for aarch64, i686, s390x,
and x86_64. They are not needed on armhfp, ppc64 and ppc64le due and x86_64. They are not needed on ppc64le due
to architectural differences in stack management. On these to architectural differences in stack management. On these
architectures, `-fexceptions` (see above) still enables regular architectures, `-fexceptions` (see above) still enables regular
unwind tables (or they are enabled by default even without this unwind tables (or they are enabled by default even without this
option). option).
* `-funwind-tables`: A subset of the unwind information restricted * `-funwind-tables`: A subset of the unwind information restricted
to actual call sites. Used on ppc64, ppc64le. Also implied by to actual call sites. Used on ppc64le. Also implied by
`-fexceptions`. `-fexceptions`.
In addition, `redhat-rpm-config` re-selects the built-in default In addition, `redhat-rpm-config` re-selects the built-in default
tuning in the `gcc` package. These settings are: tuning in the `gcc` package. These settings are:
* **armhfp**: `-march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard`
selects an Arm subarchitecture based on the ARMv7-A architecture
with 16 64-bit floating point registers. `-mtune=cortex-8a` selects
tuning for the Cortex-A8 implementation (while preserving compatibility
with other ARMv7-A implementations). `-mabi=aapcs-linux` switches to
the AAPCS ABI for GNU/Linux.
* **i686**: `-march=x86-64` is used to select a minimum supported * **i686**: `-march=x86-64` is used to select a minimum supported
CPU level matching the baseline for the x86_64 architecture. CPU level matching the baseline for the x86_64 architecture.
`-mtune=generic` activates tuning for a current blend of CPUs. `-mtune=generic` activates tuning for a current blend of CPUs.
@ -296,7 +361,7 @@ tuning in the `gcc` package. These settings are:
(z14). (z14).
* **x86_64**: `-mtune=generic` selects tuning which is expected to * **x86_64**: `-mtune=generic` selects tuning which is expected to
beneficial for a broad range of current CPUs. beneficial for a broad range of current CPUs.
* **ppc64** and **aarch64** do not have any architecture-specific tuning. * **aarch64** does not have any architecture-specific tuning.
# Individual linker flags # Individual linker flags

26
SOURCES/modalias.prov
View File

@ -1,4 +1,4 @@
#! /bin/sh #! /bin/bash -efu
# heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>. # heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>.
# with modifications by Michael Brown <Michael_E_Brown@dell.com> # with modifications by Michael Brown <Michael_E_Brown@dell.com>
@ -14,7 +14,8 @@ IFS=$'\n'
# completeness, so that we can determine when drivers are folded into # completeness, so that we can determine when drivers are folded into
# mainline kernel. # mainline kernel.
# #
case "$1" in is_kernel_package=""
case "${1:-}" in
kernel-module-*) ;; # Fedora kernel module package names start with kernel-module-*) ;; # Fedora kernel module package names start with
# kernel-module. # kernel-module.
kernel*) is_kernel_package=1 ;; kernel*) is_kernel_package=1 ;;
@ -25,6 +26,11 @@ if ! [ -z "$is_kernel_package" ]; then
exit 0 exit 0
fi fi
# Check for presence of the commands used
which /sbin/modinfo >/dev/null || exit 0
which sed >/dev/null || exit 0
which sort >/dev/null || exit 0
print_modaliases() { print_modaliases() {
declare class=$1 variants=$2 pos=$3 declare class=$1 variants=$2 pos=$3
if [ -n "$variants" ]; then if [ -n "$variants" ]; then
@ -35,7 +41,7 @@ print_modaliases() {
} }
combine_modaliases() { combine_modaliases() {
declare tag class variants pos n declare tag class variants="" pos="" n
read class read class
while read tag; do while read tag; do
for ((n=0; n<${#class}; n++)); do for ((n=0; n<${#class}; n++)); do
@ -58,19 +64,15 @@ combine_modaliases() {
print_modaliases "$class" "$variants" "$pos" print_modaliases "$class" "$variants" "$pos"
} }
for module in $(grep -E '/lib/modules/.+\.ko$') $*; do for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') "$@"; do
# | head -n1 because some modules have *two* version tags. *cough*b44*cough* # | head -n1 because some modules have *two* version tags. *cough*b44*cough*
modver=$(/sbin/modinfo -F version "$module"| head -n1) modver=$(/sbin/modinfo -F version "$module"| head -n1)
modver=${modver// /_} modver=${modver//[^0-9a-zA-Z._]/_}
# only add version tag if it has a version # only add version tag if it has a version
if [ -n "$modver" ]; then [ -z "$modver" ] || modver=" = $modver"
/sbin/modinfo -F alias "$module" \ /sbin/modinfo -F alias "$module" \
| sed -nre "s,(.+),modalias(\\1) = $modver,p" | sed -nre "s,[^][0-9a-zA-Z._:*?/-],_,g; s,(.+),modalias(\\1)$modver,p"
else
/sbin/modinfo -F alias "$module" \
| sed -nre "s,(.+),modalias(\\1),p"
fi
done \ done \
| sort -u \ | sort -u \
| combine_modaliases | combine_modaliases

20
SPECS/redhat-rpm-config.spec
View File

@ -6,7 +6,7 @@
Summary: Red Hat specific rpm configuration files Summary: Red Hat specific rpm configuration files
Name: redhat-rpm-config Name: redhat-rpm-config
Version: 125 Version: 129
Release: 1%{?dist} Release: 1%{?dist}
# No version specified. # No version specified.
License: GPL+ License: GPL+
@ -113,6 +113,11 @@ Requires: %{_bindir}/grep
Requires: %{_bindir}/sed Requires: %{_bindir}/sed
Requires: %{_bindir}/xargs Requires: %{_bindir}/xargs
# iconv modules have been split out of glibc into a separate package (#1971664)
# so let's ensure packages that require them at build time but haven't yet
# added an explicit BuildRequires will continue to work (#2013328)
Requires: glibc-gconv-extra
# -fstack-clash-protection and -fcf-protection require GCC 8. # -fstack-clash-protection and -fcf-protection require GCC 8.
Conflicts: gcc < 8 Conflicts: gcc < 8
@ -205,6 +210,19 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
%{_rpmconfigdir}/macros.d/macros.kmp %{_rpmconfigdir}/macros.d/macros.kmp
%changelog %changelog
* Wed Mar 23 2022 Michal Domonkos <mdomonko@redhat.com> - 129-1
- Fix handling of files without newlines in brp-mangle-shebang (#2063036)
* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 128-1
- modalias.prov: handle compressed kmods, sanitise alias/version strings
(#1976000)
* Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 127-1
- Add Requires: glibc-gconv-extras to cover for the split (#2013328)
* Mon Nov 29 2021 Florian Weimer <fweimer@redhat.com> - 126-1
- buildflags.md: Documentation updates (#2005079)
* Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1 * Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
- Add missing macros.fedora-misc file (#1874576) - Add missing macros.fedora-misc file (#1874576)