Commit Graph

98 Commits

Author SHA1 Message Date
Till Maas
d9235d2d90 Enable hardened_build by default 2015-02-19 18:13:04 +01:00
Ville Skyttä
82a41dfa6a Drop brp-* scripts needlessly duplicated with rpm
One possible incompatibility, hopefully non-issue: our brp-strip*
allowed setting strip and objdump to use via args and STRIP and
OBJDUMP env vars whereas the rpm ones allow it through args only
(i.e. %{__strip} and %{__objdump} as far as specfiles are concerned).
2014-04-27 17:09:14 +03:00
Ville Skyttä
20c7e01657 Drop bunch of macro definitions needlessly duplicated with rpm
Specifically, the following are gone from here now: %_prefix,
%_sysconfdir, %_infodir, %_mandir, %_defaultdocdir, %_configure,
%makeinstall, %debug_package, %_use_internal_dependency_generator,
%_missing_doc_files_terminate_build, %_unpackaged_files_terminate_build
2014-04-27 12:02:23 +03:00
Ville Skyttä
20a45694f9 Trim trailing whitespace 2014-04-27 11:58:46 +03:00
Panu Matilainen
43629272a8 - Allow opting out of config.{guess,sub} replacement hack (#991613) 2014-04-08 13:30:58 +03:00
Panu Matilainen
c8cbd244cf - Move the remaining dependency generator stuff to the kmp macro package
- Stop overriding rpm external dependency generator settings by default
- No normal package should ever end up using the old unmaintained
  dependency generator scripts from here, but the kmp system depends
  for now on the way this was previously set up here so letting
  that old cruft live in the non-default package for now.
2014-04-08 12:36:08 +03:00
Panu Matilainen
0e6d36bee9 Split kernel module macros to a separate file 2014-04-07 14:38:58 +03:00
Kevin Fenzi
6c38f18be2 Update libtool hardening hack and re-enable (#978949) 2014-01-25 10:10:32 +02:00
Dhiru Kholia
33b9cbdc67 Enable "-Werror=format-security" by default (#1043495) 2014-01-25 10:10:32 +02:00
Kevin Fenzi
e606f56f34 Make docdirs unversioned on Fedora 20+ (#986871) 2014-01-25 10:03:26 +02:00
Kevin Fenzi
b4b00eca04 Hack around libtool issue for hardened build for now (#978949) 2014-01-25 10:03:26 +02:00
Panu Matilainen
d4c5b38371 - switch from -fstack-protector to -fstack-protector-strong (#978763) 2014-01-25 10:03:26 +02:00
Panu Matilainen
5f7da21873 - make cpu limit for building configurable through _smp_ncpus_max macro - forward "port" from rhel-6 (#669638) 2014-01-25 10:03:26 +02:00
Panu Matilainen
0466a24ccb - Also set FCFLAGS from %%configure (#914831) 2014-01-25 10:03:26 +02:00
Panu Matilainen
2a557175eb - Switch back to manual config.guess/sub copies for reproducability - Replace config.guess/sub from %%configure again (#951442) 2014-01-25 10:03:14 +02:00
Panu Matilainen
b9eb0a184b - Add -grecord-gcc-switches to global CFLAGS (#951669) 2014-01-25 00:41:21 +02:00
Toshio Kuratomi
1891cc0aeb Patch to fix spaces in files used in filtering macros
https://bugzilla.redhat.com/show_bug.cgi?id=783932
2014-01-25 00:35:48 +02:00
Ville Skyttä
e8199cfec5 Drop (un)setting LANG and DISPLAY in various build stages.
rpm >= 4.8.0 takes care of that itself.
2014-01-25 00:35:48 +02:00
Toshio Kuratomi
f41a8a73aa Fix kernel_source macro to match the directory that kernel sources are installed in
https://bugzilla.redhat.com/show_bug.cgi?id=648996
2014-01-25 00:35:48 +02:00
Toshio Kuratomi
2f654df096 Patch _mandir, _infodir, and _defaultocdir to use _prefix
https://bugzilla.redhat.com/show_bug.cgi?id=853216
2014-01-25 00:35:48 +02:00
Panu Matilainen
98d1974f20 - enable minidebuginfo generation (#834073) 2014-01-25 00:14:16 +02:00
Panu Matilainen
3b282b08f2 - revert back to plain -g, -g3 seems to cancel dwz size improvements 2014-01-25 00:13:09 +02:00
Panu Matilainen
1cff11580f - require dwz, enable dwarf compression for debuginfo packages (#833311) 2014-01-25 00:11:43 +02:00
Dennis Gilmore
36225c3b7c Revert "macros: Globally add --disable-silent-rules to configure"
This reverts commit 8174ec3d10.

remove patch that forces --disable-silent-rules to configure it breaks anything set to not ignore unknown configure options
2014-01-24 23:55:03 +02:00
Adam Jackson
5034f24e6a Expose %_hardening_{c,ld}flags independently to make it easier for packages to apply them to selected components 2014-01-24 23:45:05 +02:00
Colin Walters
8174ec3d10 macros: Globally add --disable-silent-rules to configure
Various projects have been adding AM_SILENT_RULES from Automake to
their Makefiles for "developer convenience"; the goal being that they
see warnings more easily.

Now really the right way to do this is to have a make wrapper (or an IDE)
that knows how to filter out warnings, but let's leave that aside for now.

But for debugging builds, we really need the full log data.  Being
able to see exactly how e.g. libtool is being run helps a lot for
debugging link problems as an example.
2014-01-24 23:42:25 +02:00
Adam Jackson
0ae4b38eee redhat-hardened-{cc1,ld}: Move some of the rewrite magic to gcc specs so we don't end up with both -fPIC and -fPIE on the command line 2014-01-24 23:41:09 +02:00
Adam Jackson
51811936c4 redhat-rpm-config-9.1.0-hardened.patch: Add macro magic for %_hardened_build 2014-01-24 23:36:04 +02:00
Adam Jackson
4b29a24132 redhat-rpm-config-9.1.0-relro.patch: LDFLAGS, not CFLAGS. 2014-01-24 23:34:16 +02:00
Adam Jackson
60aea2849e Add -z relro 2014-01-24 23:24:07 +02:00
Panu Matilainen
055d0b77e1 Don't run brp-strip-comment-note when find-debuginfo.sh is run (#568924)
- brp-strip-comment-note is not only unnecessary here but is also
  now messing up things by resetting EI_OSABI to zero (#568921)
- patch from  Roland McGrath
2010-03-01 10:58:17 +02:00
Panu Matilainen
7cf1ad2dbb Enable strict python bytecompile mode (if rpm supports it)
- with %_python_bytecompile_errors_terminate_build set to non-zero,
  byte-compilation errors will abort the build, this helps catch out
  silly "improt foo" syntax errors early on
- not all .py files are valid python (they can be templates, inteded for
  jython consumption etc), and what's valid can depend on the python
  version (notably 2.x vs 3.x) so allow overriding from spec
2010-02-03 12:52:30 +02:00
Panu Matilainen
c73da1f920 Leave rpm's hkp keyserver configuration alone
- rpm < 4.6 used to try and fetch and import any missing keys from
  keyserver automatically on rpmdb iteration if hkp_keyserver was set, which
  caused hideous slowdowns and huge load on pgp keyservers AND was a
  security hazard as rpm thinks imported == trusted key. This is safe
  enable now as rpm will only ever import keys when explicitly told to do
  so with --import
- this makes pgp import directly from PGP servers work, ie
   'rpm --import 0x<keyid>'
2010-01-26 17:48:44 +02:00
Panu Matilainen
2a452bba1e Permit using different python version for brp-python-bytecompile (#521141)
- pass %{__python} macro to brp-python-bytecompile instead of using
  hardwired /usr/bin/python, as suggested by Bowe Strickland
2010-01-26 13:55:54 +02:00
Panu Matilainen
f359c096c2 Remove redundant %find_lang definition
- this was only useful back when we were using our own find-lang.sh
2010-01-22 15:59:04 +02:00
Panu Matilainen
56ed371d31 Remove redundant and deprecated %_initrddir definition (#455279)
- this has been provided by rpm since forever, no need to carry it here
2010-01-22 15:47:15 +02:00
Panu Matilainen
850eda59f8 Disable autotools dependency tracking in %configure (#496522)
- autotools dependency tracking isn't generally useful in rpm builds;
  disabling it results in cleaner build logs and possibly slight build speedups
- patch from Ville Skyttä
2010-01-22 15:43:38 +02:00
Panu Matilainen
c9d2ffe123 Don't set --target in %configure (#458648)
- --target is only ever useful for handful of compiler toolchain packages
  and cross-compiler packages are better off setting it themselves if
  necessary, rpm messing here only gets in the way
- patch originally from Stepan Kasal
2010-01-22 15:39:38 +02:00
Panu Matilainen
f2e3413ddb Enable overriding the default ./configure path of %configure (#489942)
- syncs up with rpm upstream setup
- FFLAGS has a Fedora-specific override forcing us to carry this %configure
  copy, need to fix rpm to permit more fine-grained overrides...
2010-01-22 15:37:33 +02:00
Panu Matilainen
b5b2aedbc1 Add filtering framework for external dependency generator (#516240)
- patch from Chris Weyl
2010-01-22 15:30:02 +02:00
Panu Matilainen
e56e816f47 Enable use of XZ compression for binary rpm payloads
- as per https://fedoraproject.org/wiki/Features/XZRpmPayloads
  - lowish compression preset level to keep deltarpm rebuild time tolerable
  - source rpms dont really benefit from XZ compression as the contents are
    typically tarballs which are already compressed
- patch from Bill Nottingham
2010-01-22 15:26:19 +02:00
Panu Matilainen
159a65fb61 Ensure empty buildroot for %install
- remove any existing buildroot contents and safely create a new one
- patch originally from OpenSUSE / Michael Schroeder, adopted to Fedora
  by Tom "spot" Callaway
2010-01-22 15:24:29 +02:00
Panu Matilainen
e2a80f379c Change default hashing algorithm in file digests to SHA-256 (#485826)
- as per https://fedoraproject.org/wiki/Features/StrongerHashes
- patch from  Miloslav Trmač
2010-01-22 15:22:42 +02:00
Panu Matilainen
3a2d93f311 Limit _smp_mflags to max 16
- patch from Dennis Gilmore
2010-01-22 15:20:08 +02:00
Jonathan Masters
9ed9b4e345 A variety of small cleanups 2008-05-06 19:08:20 -04:00
Jon Masters
83405d773d Update config.guess|sub, sync with RHEL-5. 2008-04-03 03:11:24 -04:00
Jesse Keating
9b11fc216b Enable buildroot check by default 2007-07-05 12:41:21 -04:00
Jeremy Katz
9ffd969654 use stock find-lang rather than the (old) copy (#213041) 2007-06-19 14:38:34 -04:00
Jeremy Katz
d82d89ec83 %{_gnu} gets defined in the platform definitions and _shouldn't_ be
-gnu on some arm arches (Lennert Buytenhek, #243523)
2007-06-19 14:36:18 -04:00
Jeremy Katz
85ff3763b6 allow disabling jar repacking (#219731) 2007-06-19 14:28:50 -04:00