import redhat-rpm-config-128-1.el8
This commit is contained in:
parent
efd46b0e7d
commit
b0ea5741e2
@ -13,6 +13,8 @@ this:
|
||||
|
||||
This will invoke the `./configure` with arguments (such as
|
||||
`--prefix=/usr`) to adjust the paths to the packaging defaults.
|
||||
Prior to that, some common problems in autotools scripts are
|
||||
automatically patched across the source tree.
|
||||
|
||||
As a side effect, this will set the environment variables `CFLAGS`,
|
||||
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by
|
||||
@ -25,7 +27,8 @@ environment variables using
|
||||
%set_build_flags
|
||||
|
||||
early in the `%build` section. (Again, existing environment variables
|
||||
are not overwritten.)
|
||||
are not overwritten.) `%set_build_flags` does not perform autotools
|
||||
script rewriting, unlike `%configure`.
|
||||
|
||||
Individual build flags are also available through RPM macros:
|
||||
|
||||
@ -66,11 +69,24 @@ For other considerations involving shared objects, see:
|
||||
|
||||
* [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)
|
||||
|
||||
# Customizing compiler flags
|
||||
# Customizing compiler and other build flags
|
||||
|
||||
It is possible to set RPM macros to change some aspects of the
|
||||
compiler flags. Changing these flags should be used as a last
|
||||
recourse if other workarunds are not available.
|
||||
recourse if other workarounds are not available.
|
||||
|
||||
### Disable autotools compatibility patching
|
||||
|
||||
By default, the invocation of the `%configure` macro replaces
|
||||
`config.guess` files in the source tree with the system version. To
|
||||
disable that, define this macro:
|
||||
|
||||
%global _configure_gnuconfig_hack 0
|
||||
|
||||
`%configure` also patches `ltmain.sh` scripts, so that linker flags
|
||||
are set as well during libtool-. This can be switched off using:
|
||||
|
||||
%global _configure_libtool_hardening_hack 0
|
||||
|
||||
### Lazy binding
|
||||
|
||||
@ -145,6 +161,63 @@ to the RPM spec file to disable these strict checks. Alternatively,
|
||||
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
|
||||
command line). The latter needs binutils 2.29.1-12.fc28 or later.
|
||||
|
||||
### Post-build ELF object processing
|
||||
|
||||
By default, DWARF debugging information is separated from installed
|
||||
ELF objects and put into `-debuginfo` subpackages. To disable most
|
||||
debuginfo processing (and thus the generation of these subpackages),
|
||||
define `_enable_debug_packages` as `0`.
|
||||
|
||||
Processing of debugging information is controlled using the
|
||||
`find-debuginfo` tool from the `debugedit` package. Several aspects
|
||||
of its operation can be controlled at the RPM level.
|
||||
|
||||
* Creation of `-debuginfo` subpackages is enabled by default.
|
||||
To disable, undefine `_debuginfo_subpackages`.
|
||||
* Likewise, `-debugsource` subpackages are automatically created.
|
||||
To disable, undefine `_debugsource_subpackages`.
|
||||
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
|
||||
for background information.
|
||||
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
|
||||
`_unique_debug_srcs` control how debugging information and
|
||||
corresponding source files are represented on disk.
|
||||
See `/usr/lib/rpm/macros` for details. The defaults
|
||||
enable parallel installation of `-debuginfo` packages for
|
||||
different package versions, as described in
|
||||
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
|
||||
* By default, a compressed symbol table is preserved in the
|
||||
`.gnu_debugdata` section. To disable that, undefine
|
||||
`_include_minidebuginfo`.
|
||||
* To speed up debuggers, a `.gdb_index` section is created. It can be
|
||||
disabled by undefining `_include_gdb_index`.
|
||||
* Missing build IDs result in a build failure. To ignore such
|
||||
problems, undefine `_missing_build_ids_terminate_build`.
|
||||
* During processing, build IDs are recomputed to match the binary
|
||||
content. To skip this step, define `_no_recompute_build_ids` as `1`.
|
||||
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
|
||||
(DWARF compression) processing. Undefine this macro to disable this
|
||||
step.
|
||||
* Additional options can be passed by defining the
|
||||
`_find_debuginfo_opts` macro.
|
||||
|
||||
After separation of debugging information, additional transformations
|
||||
are applied, most of them also related to debugging information.
|
||||
These steps can be skipped by undefining the corresponding macros:
|
||||
|
||||
* `__brp_strip`: Removal of leftover debugging information. The tool
|
||||
specified by the `__strip` macro is invoked with the `-g` option on
|
||||
ELF object (`.o`) files.
|
||||
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
|
||||
processes static `.a` archives instead.
|
||||
* `__brp_strip_comment_note`: This step removes unallocated `.note`
|
||||
sections, and `.comment` sections from ELF files.
|
||||
* `__brp_ldconfig`: For each shared object on the library search path
|
||||
whose soname does not match its file name, a symbolic link from the
|
||||
soname to the file name is created. This way, these shared objects
|
||||
are loadable immediately after installation, even if they are not yet
|
||||
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
|
||||
invoked yet).
|
||||
|
||||
# Individual compiler flags
|
||||
|
||||
Compiler flags end up in the environment variables `CFLAGS`,
|
||||
@ -202,6 +275,11 @@ The general (architecture-independent) build flags are:
|
||||
variables. (If the address of a variable is never taken, it is not
|
||||
possible that a buffer overflow is caused by incorrect pointer
|
||||
arithmetic involving a pointer to that variable.)
|
||||
* `-fstack-clash-protection`: Turn on instrumentation to avoid
|
||||
skipping the guard page in large stack frames. (Without this flag,
|
||||
vulnerabilities can result where the stack overlaps with the heap,
|
||||
or thread stacks spill into other regions of memory.) This flag is
|
||||
fully ABI-compatible and has adds very little run-time overhead.
|
||||
* `-grecord-gcc-switches`: Include select GCC command line switches in
|
||||
the DWARF debugging information. This is useful for detecting the
|
||||
presence of certain build flags and general hardening coverage.
|
||||
@ -240,13 +318,6 @@ added by default. This can be switched off by undefining the
|
||||
These compiler flags are enabled for all builds (hardened/annotated or
|
||||
not), but their selection depends on the architecture:
|
||||
|
||||
* `-fstack-clash-protection`: Turn on instrumentation to avoid
|
||||
skipping the guard page in large stack frames. (Without this flag,
|
||||
vulnerabilities can result where the stack overlaps with the heap,
|
||||
or thread stacks spill into other regions of memory.) This flag is
|
||||
fully ABI-compatible and has adds very little run-time overhead, but
|
||||
is only available on certain architectures (currently aarch64, i386,
|
||||
ppc64, ppc64le, s390x, x86_64).
|
||||
* `-fcf-protection`: Instrument binaries to guard against
|
||||
ROP/JOP attacks. Used on i686 and x86_64.
|
||||
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
|
||||
@ -260,24 +331,18 @@ not), but their selection depends on the architecture:
|
||||
useful because unwind information is available without having to
|
||||
install (and load) debugging ienformation.
|
||||
Asynchronous unwind tables are enabled for aarch64, i686, s390x,
|
||||
and x86_64. They are not needed on armhfp, ppc64 and ppc64le due
|
||||
and x86_64. They are not needed on ppc64le due
|
||||
to architectural differences in stack management. On these
|
||||
architectures, `-fexceptions` (see above) still enables regular
|
||||
unwind tables (or they are enabled by default even without this
|
||||
option).
|
||||
* `-funwind-tables`: A subset of the unwind information restricted
|
||||
to actual call sites. Used on ppc64, ppc64le. Also implied by
|
||||
to actual call sites. Used on ppc64le. Also implied by
|
||||
`-fexceptions`.
|
||||
|
||||
In addition, `redhat-rpm-config` re-selects the built-in default
|
||||
tuning in the `gcc` package. These settings are:
|
||||
|
||||
* **armhfp**: `-march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard`
|
||||
selects an Arm subarchitecture based on the ARMv7-A architecture
|
||||
with 16 64-bit floating point registers. `-mtune=cortex-8a` selects
|
||||
tuning for the Cortex-A8 implementation (while preserving compatibility
|
||||
with other ARMv7-A implementations). `-mabi=aapcs-linux` switches to
|
||||
the AAPCS ABI for GNU/Linux.
|
||||
* **i686**: `-march=x86-64` is used to select a minimum supported
|
||||
CPU level matching the baseline for the x86_64 architecture.
|
||||
`-mtune=generic` activates tuning for a current blend of CPUs.
|
||||
@ -296,7 +361,7 @@ tuning in the `gcc` package. These settings are:
|
||||
(z14).
|
||||
* **x86_64**: `-mtune=generic` selects tuning which is expected to
|
||||
beneficial for a broad range of current CPUs.
|
||||
* **ppc64** and **aarch64** do not have any architecture-specific tuning.
|
||||
* **aarch64** does not have any architecture-specific tuning.
|
||||
|
||||
# Individual linker flags
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
#! /bin/sh
|
||||
#! /bin/bash -efu
|
||||
|
||||
# heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>.
|
||||
# with modifications by Michael Brown <Michael_E_Brown@dell.com>
|
||||
@ -14,7 +14,8 @@ IFS=$'\n'
|
||||
# completeness, so that we can determine when drivers are folded into
|
||||
# mainline kernel.
|
||||
#
|
||||
case "$1" in
|
||||
is_kernel_package=""
|
||||
case "${1:-}" in
|
||||
kernel-module-*) ;; # Fedora kernel module package names start with
|
||||
# kernel-module.
|
||||
kernel*) is_kernel_package=1 ;;
|
||||
@ -25,6 +26,11 @@ if ! [ -z "$is_kernel_package" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Check for presence of the commands used
|
||||
which /sbin/modinfo >/dev/null || exit 0
|
||||
which sed >/dev/null || exit 0
|
||||
which sort >/dev/null || exit 0
|
||||
|
||||
print_modaliases() {
|
||||
declare class=$1 variants=$2 pos=$3
|
||||
if [ -n "$variants" ]; then
|
||||
@ -35,7 +41,7 @@ print_modaliases() {
|
||||
}
|
||||
|
||||
combine_modaliases() {
|
||||
declare tag class variants pos n
|
||||
declare tag class variants="" pos="" n
|
||||
read class
|
||||
while read tag; do
|
||||
for ((n=0; n<${#class}; n++)); do
|
||||
@ -58,19 +64,15 @@ combine_modaliases() {
|
||||
print_modaliases "$class" "$variants" "$pos"
|
||||
}
|
||||
|
||||
for module in $(grep -E '/lib/modules/.+\.ko$') $*; do
|
||||
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') "$@"; do
|
||||
# | head -n1 because some modules have *two* version tags. *cough*b44*cough*
|
||||
modver=$(/sbin/modinfo -F version "$module"| head -n1)
|
||||
modver=${modver// /_}
|
||||
|
||||
modver=${modver//[^0-9a-zA-Z._]/_}
|
||||
# only add version tag if it has a version
|
||||
if [ -n "$modver" ]; then
|
||||
[ -z "$modver" ] || modver=" = $modver"
|
||||
|
||||
/sbin/modinfo -F alias "$module" \
|
||||
| sed -nre "s,(.+),modalias(\\1) = $modver,p"
|
||||
else
|
||||
/sbin/modinfo -F alias "$module" \
|
||||
| sed -nre "s,(.+),modalias(\\1),p"
|
||||
fi
|
||||
| sed -nre "s,[^][0-9a-zA-Z._:*?/-],_,g; s,(.+),modalias(\\1)$modver,p"
|
||||
done \
|
||||
| sort -u \
|
||||
| combine_modaliases
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
Summary: Red Hat specific rpm configuration files
|
||||
Name: redhat-rpm-config
|
||||
Version: 125
|
||||
Version: 128
|
||||
Release: 1%{?dist}
|
||||
# No version specified.
|
||||
License: GPL+
|
||||
@ -113,6 +113,11 @@ Requires: %{_bindir}/grep
|
||||
Requires: %{_bindir}/sed
|
||||
Requires: %{_bindir}/xargs
|
||||
|
||||
# iconv modules have been split out of glibc into a separate package (#1971664)
|
||||
# so let's ensure packages that require them at build time but haven't yet
|
||||
# added an explicit BuildRequires will continue to work (#2013328)
|
||||
Requires: glibc-gconv-extra
|
||||
|
||||
# -fstack-clash-protection and -fcf-protection require GCC 8.
|
||||
Conflicts: gcc < 8
|
||||
|
||||
@ -205,6 +210,16 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
|
||||
%{_rpmconfigdir}/macros.d/macros.kmp
|
||||
|
||||
%changelog
|
||||
* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 128-1
|
||||
- modalias.prov: handle compressed kmods, sanitise alias/version strings
|
||||
(#1976000)
|
||||
|
||||
* Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 127-1
|
||||
- Add Requires: glibc-gconv-extras to cover for the split (#2013328)
|
||||
|
||||
* Mon Nov 29 2021 Florian Weimer <fweimer@redhat.com> - 126-1
|
||||
- buildflags.md: Documentation updates (#2005079)
|
||||
|
||||
* Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
|
||||
- Add missing macros.fedora-misc file (#1874576)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user