Compare commits
No commits in common. "c10-beta" and "c8" have entirely different histories.
0
.redhat-rpm-config.metadata
Normal file
0
.redhat-rpm-config.metadata
Normal file
20
SOURCES/brp-kmod-restore-perms
Executable file
20
SOURCES/brp-kmod-restore-perms
Executable file
@ -0,0 +1,20 @@
|
||||
#! /bin/bash -f
|
||||
|
||||
## A counterpart of brp-kmod-set-exec-bits that restores original kmod
|
||||
## file permissions
|
||||
|
||||
# If using normal root, avoid changing anything.
|
||||
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/" ] || exit 0
|
||||
|
||||
# Checking for required programs
|
||||
which chmod >/dev/null || exit 0
|
||||
|
||||
[ -r "$RPM_BUILD_ROOT/kmod-permissions.list" ] || exit 0
|
||||
|
||||
while read perm path; do
|
||||
[ -n "$perm" ] || continue
|
||||
|
||||
chmod "$perm" "$RPM_BUILD_ROOT/$path"
|
||||
done < "$RPM_BUILD_ROOT/kmod-permissions.list"
|
||||
|
||||
rm -f "$RPM_BUILD_ROOT/kmod-permissions.list"
|
14
SOURCES/brp-kmod-set-exec-bit
Executable file
14
SOURCES/brp-kmod-set-exec-bit
Executable file
@ -0,0 +1,14 @@
|
||||
#! /bin/bash -fx
|
||||
|
||||
## A hack for making brp-strip taking into account kmod files
|
||||
|
||||
# If using normal root, avoid changing anything.
|
||||
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/" ] || exit 0
|
||||
|
||||
# Checking for required programs
|
||||
which find chmod >/dev/null || exit 0
|
||||
|
||||
find "$RPM_BUILD_ROOT" \
|
||||
-name '*.ko' \
|
||||
-printf '%#m %P\n' \
|
||||
-exec chmod u+x '{}' \; > "$RPM_BUILD_ROOT/kmod-permissions.list"
|
@ -1,4 +1,4 @@
|
||||
#!/bin/sh -efu
|
||||
#!/bin/sh -f
|
||||
# Force creating of DSO symlinks.
|
||||
|
||||
# If using normal root, avoid changing anything.
|
||||
@ -6,8 +6,5 @@ if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Create an empty config file for ldconfig to shut up a warning
|
||||
config=$(mktemp -p "$RPM_BUILD_ROOT")
|
||||
/sbin/ldconfig -f $(basename "$config") -N -r "$RPM_BUILD_ROOT"
|
||||
rm -f "$config"
|
||||
/sbin/ldconfig -N -r "$RPM_BUILD_ROOT"
|
||||
# TODO: warn if it created new symlinks and guide people.
|
@ -1,4 +1,4 @@
|
||||
#!/bin/bash -eu
|
||||
#!/bin/bash
|
||||
|
||||
# If using normal root, avoid changing anything.
|
||||
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||
@ -76,7 +76,7 @@ cd "$RPM_BUILD_ROOT"
|
||||
# (Take care to exclude filenames which would mangle "file" output).
|
||||
find -executable -type f ! -path '*:*' ! -path $'*\n*' \
|
||||
| file -N --mime-type -f - \
|
||||
| grep -P ".+(?=: (text/|application/javascript))" \
|
||||
| grep -P ".+(?=: text/)" \
|
||||
| {
|
||||
fail=0
|
||||
while IFS= read -r line; do
|
||||
@ -142,9 +142,11 @@ while IFS= read -r line; do
|
||||
# /whatsoever/env foo → /whatsoever/foo
|
||||
shebang=$(echo "$shebang" | sed -r -e 's@^(.+/)env (.+)$@\1\2@')
|
||||
|
||||
# If the shebang now starts with /bin, change it to /usr/bin
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1581757
|
||||
shebang=$(echo "$shebang" | sed -r -e 's@^/bin/@/usr/bin/@')
|
||||
# Replace python3 with the desired Python 3 shebang,
|
||||
# if passed as an non-empty environment variable PYTHON3
|
||||
if [ -n "${PYTHON3:+x}" ]; then
|
||||
shebang=$(echo "$shebang" | sed -r -e "s@/usr/bin/python3(\s|$)@${PYTHON3}\1@")
|
||||
fi
|
||||
|
||||
# Replace ambiguous python with python2
|
||||
py_shebang=$(echo "$shebang" | sed -r -e 's@/usr/bin/python(\s|$)@/usr/bin/python2\1@')
|
442
SOURCES/buildflags.md
Normal file
442
SOURCES/buildflags.md
Normal file
@ -0,0 +1,442 @@
|
||||
This document contains documentation of the individual compiler flags
|
||||
and how to use them.
|
||||
|
||||
[TOC]
|
||||
|
||||
# Using RPM build flags
|
||||
|
||||
For packages which use autoconf to set up the build environment, use
|
||||
the `%configure` macro to obtain the full complement of flags, like
|
||||
this:
|
||||
|
||||
%configure
|
||||
|
||||
This will invoke the `./configure` with arguments (such as
|
||||
`--prefix=/usr`) to adjust the paths to the packaging defaults.
|
||||
Prior to that, some common problems in autotools scripts are
|
||||
automatically patched across the source tree.
|
||||
|
||||
As a side effect, this will set the environment variables `CFLAGS`,
|
||||
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by
|
||||
makefiles and other build tools. (However, existing values for this
|
||||
variables are not overwritten.)
|
||||
|
||||
If your package does not use autoconf, you can still set the same
|
||||
environment variables using
|
||||
|
||||
%set_build_flags
|
||||
|
||||
early in the `%build` section. (Again, existing environment variables
|
||||
are not overwritten.) `%set_build_flags` does not perform autotools
|
||||
script rewriting, unlike `%configure`.
|
||||
|
||||
Individual build flags are also available through RPM macros:
|
||||
|
||||
* `%{build_cflags}` for the C compiler flags (also known as the
|
||||
`CFLAGS` variable). Also historically available as `%{optflags}`.
|
||||
Furthermore, at the start of the `%build` section, the environment
|
||||
variable `RPM_OPT_FLAGS` is set to this value.
|
||||
* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
|
||||
the `CXXFLAGS` shell variable).
|
||||
* `%{build_fflags} for `FFLAGS` (the Fortran compiler flags, also
|
||||
known as the `FCFLAGS` variable).
|
||||
* `%{build_ldflags}` for the link editor (ld) flags, usually known as
|
||||
`LDFLAGS`. Note that the contents quotes linker arguments using
|
||||
`-Wl`, so this variable is intended for use with the `gcc` compiler
|
||||
driver. At the start of the `%build` section, the environment
|
||||
variable `RPM_LD_FLAGS` is set to this value.
|
||||
|
||||
These RPM macros do not alter shell environment variables.
|
||||
|
||||
For some other build tools separate mechanisms exist:
|
||||
|
||||
* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
|
||||
package.
|
||||
|
||||
Care must be taking not to compile the current selection of compiler
|
||||
flags into any RPM package besides `redhat-rpm-config`, so that flag
|
||||
changes are picked up automatically once `redhat-rpm-config` is
|
||||
updated.
|
||||
|
||||
# Flag selection for the build type
|
||||
|
||||
The default flags are suitable for building applications.
|
||||
|
||||
For building shared objects, you must compile with `-fPIC` in
|
||||
(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
|
||||
|
||||
For other considerations involving shared objects, see:
|
||||
|
||||
* [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)
|
||||
|
||||
# Customizing compiler and other build flags
|
||||
|
||||
It is possible to set RPM macros to change some aspects of the
|
||||
compiler flags. Changing these flags should be used as a last
|
||||
recourse if other workarounds are not available.
|
||||
|
||||
### Disable autotools compatibility patching
|
||||
|
||||
By default, the invocation of the `%configure` macro replaces
|
||||
`config.guess` files in the source tree with the system version. To
|
||||
disable that, define this macro:
|
||||
|
||||
%global _configure_gnuconfig_hack 0
|
||||
|
||||
`%configure` also patches `ltmain.sh` scripts, so that linker flags
|
||||
are set as well during libtool-. This can be switched off using:
|
||||
|
||||
%global _configure_libtool_hardening_hack 0
|
||||
|
||||
### Lazy binding
|
||||
|
||||
If your package depends on the semantics of lazy binding (e.g., it has
|
||||
plugins which load additional plugins to complete their dependencies,
|
||||
before which some referenced functions are undefined), you should put
|
||||
`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
|
||||
which have such requirements. Under these circumstances, it is
|
||||
unnecessary to disable hardened builds (and thus lose full ASLR for
|
||||
executables), or link everything without `-Wl,z,now` (non-lazy
|
||||
binding).
|
||||
|
||||
### Hardened builds
|
||||
|
||||
By default, the build flags enable fully hardened builds. To change
|
||||
this, include this in the RPM spec file:
|
||||
|
||||
%undefine _hardened_build
|
||||
|
||||
This turns off certain hardening features, as described in detail
|
||||
below. The main difference is that executables will be
|
||||
position-dependent (no full ASLR) and use lazy binding.
|
||||
|
||||
### Annotated builds/watermarking
|
||||
|
||||
By default, the build flags cause a special output section to be
|
||||
included in ELF files which describes certain aspects of the build.
|
||||
To change this for all compiler invocations, include this in the RPM
|
||||
spec file:
|
||||
|
||||
%undefine _annotated_build
|
||||
|
||||
Be warned that this turns off watermarking, making it impossible to do
|
||||
full hardening coverage analysis for any binaries produced.
|
||||
|
||||
It is possible to disable annotations for individual compiler
|
||||
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
|
||||
the annobin plugin must still be loaded for this flag to be
|
||||
recognized, so it has to come after the hardening flags on the command
|
||||
line (it has to be added at the end of `CFLAGS`, or specified after
|
||||
the `CFLAGS` variable contents).
|
||||
|
||||
### Strict symbol checks in the link editor (ld)
|
||||
|
||||
Optionally, the link editor will refuse to link shared objects which
|
||||
contain undefined symbols. Such symbols lack symbol versioning
|
||||
information and can be bound to the wrong (compatibility) symbol
|
||||
version at run time, and not the actual (default) symbol version which
|
||||
would have been used if the symbol definition had been available at
|
||||
static link time. Furthermore, at run time, the dynamic linker will
|
||||
not have complete dependency information (in the form of DT_NEEDED
|
||||
entries), which can lead to errors (crashes) if IFUNC resolvers are
|
||||
executed before the shared object containing them is fully relocated.
|
||||
|
||||
To switch on these checks, define this macro in the RPM spec file:
|
||||
|
||||
%define _strict_symbol_defs_build 1
|
||||
|
||||
If this RPM spec option is active, link failures will occur if the
|
||||
linker command line does not list all shared objects which are needed.
|
||||
In this case, you need to add the missing DSOs (with linker arguments
|
||||
such as `-lm`). As a result, the link editor will also generated the
|
||||
necessary DT_NEEDED entries.
|
||||
|
||||
In some cases (such as when a DSO is loaded as a plugin and is
|
||||
expected to bind to symbols in the main executable), undefined symbols
|
||||
are expected. In this case, you can add
|
||||
|
||||
%undefine _strict_symbol_defs_build
|
||||
|
||||
to the RPM spec file to disable these strict checks. Alternatively,
|
||||
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
|
||||
command line). The latter needs binutils 2.29.1-12.fc28 or later.
|
||||
|
||||
### Post-build ELF object processing
|
||||
|
||||
By default, DWARF debugging information is separated from installed
|
||||
ELF objects and put into `-debuginfo` subpackages. To disable most
|
||||
debuginfo processing (and thus the generation of these subpackages),
|
||||
define `_enable_debug_packages` as `0`.
|
||||
|
||||
Processing of debugging information is controlled using the
|
||||
`find-debuginfo` tool from the `debugedit` package. Several aspects
|
||||
of its operation can be controlled at the RPM level.
|
||||
|
||||
* Creation of `-debuginfo` subpackages is enabled by default.
|
||||
To disable, undefine `_debuginfo_subpackages`.
|
||||
* Likewise, `-debugsource` subpackages are automatically created.
|
||||
To disable, undefine `_debugsource_subpackages`.
|
||||
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
|
||||
for background information.
|
||||
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
|
||||
`_unique_debug_srcs` control how debugging information and
|
||||
corresponding source files are represented on disk.
|
||||
See `/usr/lib/rpm/macros` for details. The defaults
|
||||
enable parallel installation of `-debuginfo` packages for
|
||||
different package versions, as described in
|
||||
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
|
||||
* By default, a compressed symbol table is preserved in the
|
||||
`.gnu_debugdata` section. To disable that, undefine
|
||||
`_include_minidebuginfo`.
|
||||
* To speed up debuggers, a `.gdb_index` section is created. It can be
|
||||
disabled by undefining `_include_gdb_index`.
|
||||
* Missing build IDs result in a build failure. To ignore such
|
||||
problems, undefine `_missing_build_ids_terminate_build`.
|
||||
* During processing, build IDs are recomputed to match the binary
|
||||
content. To skip this step, define `_no_recompute_build_ids` as `1`.
|
||||
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
|
||||
(DWARF compression) processing. Undefine this macro to disable this
|
||||
step.
|
||||
* Additional options can be passed by defining the
|
||||
`_find_debuginfo_opts` macro.
|
||||
|
||||
After separation of debugging information, additional transformations
|
||||
are applied, most of them also related to debugging information.
|
||||
These steps can be skipped by undefining the corresponding macros:
|
||||
|
||||
* `__brp_strip`: Removal of leftover debugging information. The tool
|
||||
specified by the `__strip` macro is invoked with the `-g` option on
|
||||
ELF object (`.o`) files.
|
||||
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
|
||||
processes static `.a` archives instead.
|
||||
* `__brp_strip_comment_note`: This step removes unallocated `.note`
|
||||
sections, and `.comment` sections from ELF files.
|
||||
* `__brp_ldconfig`: For each shared object on the library search path
|
||||
whose soname does not match its file name, a symbolic link from the
|
||||
soname to the file name is created. This way, these shared objects
|
||||
are loadable immediately after installation, even if they are not yet
|
||||
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
|
||||
invoked yet).
|
||||
|
||||
# Individual compiler flags
|
||||
|
||||
Compiler flags end up in the environment variables `CFLAGS`,
|
||||
`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
|
||||
|
||||
The general (architecture-independent) build flags are:
|
||||
|
||||
* `-O2`: Turn on various GCC optimizations. See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
|
||||
Optimization improves performance, the accuracy of warnings, and the
|
||||
reach of toolchain-based hardening, but it makes debugging harder.
|
||||
* `-g`: Generate debugging information (DWARF). In Fedora, this data
|
||||
is separated into `-debuginfo` RPM packages whose installation is
|
||||
optional, so debuging information does not increase the size of
|
||||
installed binaries by default.
|
||||
* `-pipe`: Run compiler and assembler in parallel and do not use a
|
||||
temporary file for the assembler input. This can improve
|
||||
compilation performance. (This does not affect code generation.)
|
||||
* `-Wall`: Turn on various GCC warnings.
|
||||
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
|
||||
* `-Werror=format-security`: Turn on format string warnings and treat
|
||||
them as errors.
|
||||
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
|
||||
This can occasionally result in compilation errors. In this case,
|
||||
the best option is to rewrite the source code so that only constant
|
||||
format strings (string literals) are used.
|
||||
* `-Wp,-D_FORTIFY_SOURCE=2`: Source fortification activates various
|
||||
hardening features in glibc:
|
||||
* String functions such as `memcpy` attempt to detect buffer lengths
|
||||
and terminate the process if a buffer overflow is detected.
|
||||
* `printf` format strings may only contain the `%n` format specifier
|
||||
if the format string resides in read-only memory.
|
||||
* `open` and `openat` flags are checked for consistency with the
|
||||
presence of a *mode* argument.
|
||||
* Plus other minor hardening changes.
|
||||
(These changes can occasionally break valid programs.)
|
||||
* `-fexceptions`: Provide exception unwinding support for C programs.
|
||||
See the [`-fexceptions` option in the GCC
|
||||
manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
|
||||
and the [`cleanup` variable
|
||||
attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
|
||||
This also hardens cancellation handling in C programs because
|
||||
it is not required to use an on-stack jump buffer to install
|
||||
a cancellation handler with `pthread_cleanup_push`. It also makes
|
||||
it possible to unwind the stack (using C++ `throw` or Rust panics)
|
||||
from C callback functions if a C library supports non-local exits
|
||||
from them (e.g., via `longjmp`).
|
||||
* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
|
||||
C++ standard library, such as bounds checking for the subscription
|
||||
operator on vectors. (This flag is added to both `CFLAGS` and
|
||||
`CXXFLAGS`; C compilations will simply ignore it.)
|
||||
* `-fstack-protector-strong`: Instrument functions to detect
|
||||
stack-based buffer overflows before jumping to the return address on
|
||||
the stack. The *strong* variant only performs the instrumentation
|
||||
for functions whose stack frame contains addressable local
|
||||
variables. (If the address of a variable is never taken, it is not
|
||||
possible that a buffer overflow is caused by incorrect pointer
|
||||
arithmetic involving a pointer to that variable.)
|
||||
* `-fstack-clash-protection`: Turn on instrumentation to avoid
|
||||
skipping the guard page in large stack frames. (Without this flag,
|
||||
vulnerabilities can result where the stack overlaps with the heap,
|
||||
or thread stacks spill into other regions of memory.) This flag is
|
||||
fully ABI-compatible and has adds very little run-time overhead.
|
||||
* `-grecord-gcc-switches`: Include select GCC command line switches in
|
||||
the DWARF debugging information. This is useful for detecting the
|
||||
presence of certain build flags and general hardening coverage.
|
||||
|
||||
For hardened builds (which are enabled by default, see above for how
|
||||
to disable them), the flag
|
||||
`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
|
||||
command line. It adds the following flag to the command line:
|
||||
|
||||
* `-fPIE`: Compile for a position-independent executable (PIE),
|
||||
enabling full address space layout randomization (ASLR). This is
|
||||
similar to `-fPIC`, but avoids run-time indirections on certain
|
||||
architectures, resulting in improved performance and slightly
|
||||
smaller executables. However, compared to position-dependent code
|
||||
(the default generated by GCC), there is still a measurable
|
||||
performance impact.
|
||||
|
||||
If the command line also contains `-r` (producing a relocatable
|
||||
object file), `-fpic` or `-fPIC`, this flag is automatically
|
||||
dropped. (`-fPIE` can only be used for code which is linked into
|
||||
the main program.) Code which goes into static libraries should be
|
||||
compiled with `-fPIE`, except when this code is expected to be
|
||||
linked into DSOs, when `-fPIC` must be used.
|
||||
|
||||
To be effective, `-fPIE` must be used with the `-pie` linker flag
|
||||
when producing an executable, see below.
|
||||
|
||||
To support [binary watermarks for ELF
|
||||
objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
|
||||
annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
|
||||
added by default. This can be switched off by undefining the
|
||||
`%_annotated_build` RPM macro (see above).
|
||||
|
||||
### Architecture-specific compiler flags
|
||||
|
||||
These compiler flags are enabled for all builds (hardened/annotated or
|
||||
not), but their selection depends on the architecture:
|
||||
|
||||
* `-fcf-protection`: Instrument binaries to guard against
|
||||
ROP/JOP attacks. Used on i686 and x86_64.
|
||||
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
|
||||
the same compilation. For such architectures, the RPM build process
|
||||
explicitly selects the architecture variant by passing this compiler
|
||||
flag.
|
||||
* `-fasynchronous-unwind-tables`: Generate full unwind information
|
||||
covering all program points. This is required for support of
|
||||
asynchronous cancellation and proper unwinding from signal
|
||||
handlers. It also makes performance and debugging tools more
|
||||
useful because unwind information is available without having to
|
||||
install (and load) debugging ienformation.
|
||||
Asynchronous unwind tables are enabled for aarch64, i686, s390x,
|
||||
and x86_64. They are not needed on ppc64le due
|
||||
to architectural differences in stack management. On these
|
||||
architectures, `-fexceptions` (see above) still enables regular
|
||||
unwind tables (or they are enabled by default even without this
|
||||
option).
|
||||
* `-funwind-tables`: A subset of the unwind information restricted
|
||||
to actual call sites. Used on ppc64le. Also implied by
|
||||
`-fexceptions`.
|
||||
|
||||
In addition, `redhat-rpm-config` re-selects the built-in default
|
||||
tuning in the `gcc` package. These settings are:
|
||||
|
||||
* **i686**: `-march=x86-64` is used to select a minimum supported
|
||||
CPU level matching the baseline for the x86_64 architecture.
|
||||
`-mtune=generic` activates tuning for a current blend of CPUs.
|
||||
`-mfpmath=sse` uses the SSE2 unit for floating point math,
|
||||
instead of the legacy i387 FPU, avoiding issues related to excess
|
||||
precision. `-mstackrealign` ensures that the generated code
|
||||
does not assume 16-byte stack alignment (as required by the current
|
||||
i386 ABI), but stays compatible with application code compiled
|
||||
before the introduction of 16-byte stack alignment along with SSE2
|
||||
support.
|
||||
* **ppc64le**: `-mcpu=power8 -mtune=power8` selects a minimum supported
|
||||
CPU level of POWER8 (the first CPU with ppc64le support) and tunes
|
||||
for POWER8.
|
||||
* **s390x**: `-march=z13 -mtune=z14` specifies a minimum supported CPU
|
||||
level of z13, while optimizing for a subsequent CPU generation
|
||||
(z14).
|
||||
* **x86_64**: `-mtune=generic` selects tuning which is expected to
|
||||
beneficial for a broad range of current CPUs.
|
||||
* **aarch64** does not have any architecture-specific tuning.
|
||||
|
||||
# Individual linker flags
|
||||
|
||||
Linker flags end up in the environment variable `LDFLAGS`.
|
||||
|
||||
The linker flags listed below are injected. Note that they are
|
||||
prefixed with `-Wl` because it is expected that these flags are passed
|
||||
to the compiler driver `gcc`, and not directly to the link editor
|
||||
`ld`.
|
||||
|
||||
* `-z relro`: Activate the *read-only after relocation* feature.
|
||||
Constant data and relocations are placed on separate pages, and the
|
||||
dynamic linker is instructed to revoke write permissions after
|
||||
dynamic linking. Full protection of relocation data requires the
|
||||
`-z now` flag (see below).
|
||||
* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
|
||||
(optional, see above).
|
||||
|
||||
For hardened builds, the
|
||||
`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the
|
||||
compiler driver command line. (This can be disabled by undefining the
|
||||
`%_hardened_build` macro; see above) This activates the following
|
||||
linker flags:
|
||||
|
||||
* `-pie`: Produce a PIE binary. This is only activated for the main
|
||||
executable, and only if it is dynamically linked. This requires
|
||||
that all objects which are linked in the main executable have been
|
||||
compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
|
||||
By itself, `-pie` has only a slight performance impact because it
|
||||
disables some link editor optimization, however the `-fPIE` compiler
|
||||
flag has some overhead.
|
||||
* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
|
||||
linker feature. Lazy binding involves an array of function pointers
|
||||
which is writable at run time (which could be overwritten as part of
|
||||
security exploits, redirecting execution). Therefore, it is
|
||||
preferable to turn of lazy binding, although it increases startup
|
||||
time.
|
||||
|
||||
# Support for extension builders
|
||||
|
||||
Some packages include extension builders that allow users to build
|
||||
extension modules (which are usually written in C and C++) under the
|
||||
control of a special-purpose build system. This is a common
|
||||
functionality provided by scripting languages such as Python and Perl.
|
||||
Traditionally, such extension builders captured the Fedora build flags
|
||||
when these extension were built. However, these compiler flags are
|
||||
adjusted for a specific Fedora release and toolchain version and
|
||||
therefore do not work with a custom toolchain (e.g., different C/C++
|
||||
compilers), and users might want to build their own extension modules
|
||||
with such toolchains.
|
||||
|
||||
The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
|
||||
`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
|
||||
flags that have been adjusted for compatibility with alternative
|
||||
toolchains, while still preserving some of the compile-time security
|
||||
hardening that the standard Fedora build flags provide.
|
||||
|
||||
The current set of differences are:
|
||||
|
||||
* No GCC plugins (such as annobin) are activated.
|
||||
* No GCC spec files (`-specs=` arguments) are used.
|
||||
|
||||
Additional flags may be removed in the future if they prove to be
|
||||
incompatible with alternative toolchains.
|
||||
|
||||
Extension builders should detect whether they are performing a regular
|
||||
RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable). In this
|
||||
case, they should use the *current* set of Fedora build flags (that
|
||||
is, the output from `rpm --eval '%{build_cflags}'` and related
|
||||
commands). Otherwise, when not performing an RPM build, they can
|
||||
either use hard-coded extension builder flags (thus avoiding a
|
||||
run-time dependency on `redhat-rpm-config`), or use the current
|
||||
extension builder flags (with a run-time dependency on
|
||||
`redhat-rpm-config`).
|
||||
|
||||
As a result, extension modules built for Fedora will use the official
|
||||
Fedora build flags, while users will still be able to build their own
|
||||
extension modules with custom toolchains.
|
1462
SOURCES/config.guess
vendored
Normal file
1462
SOURCES/config.guess
vendored
Normal file
File diff suppressed because it is too large
Load Diff
1823
SOURCES/config.sub
vendored
Normal file
1823
SOURCES/config.sub
vendored
Normal file
File diff suppressed because it is too large
Load Diff
@ -25,7 +25,7 @@ function check_rhl {
|
||||
}
|
||||
|
||||
function check_rhel {
|
||||
grep -Eq "(Enterprise|Advanced|CentOS)" $RELEASEFILE && echo $DISTNUM
|
||||
egrep -q "(Enterprise|Advanced)" $RELEASEFILE && echo $DISTNUM
|
||||
}
|
||||
|
||||
function check_fedora {
|
@ -30,7 +30,7 @@ done
|
||||
|
||||
is_kmod=1
|
||||
for f in $filelist; do
|
||||
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*).ko$:\2:p') ]
|
||||
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
|
||||
then
|
||||
is_kernel=1;
|
||||
fi
|
48
SOURCES/find-provides.ksyms
Executable file
48
SOURCES/find-provides.ksyms
Executable file
@ -0,0 +1,48 @@
|
||||
#! /bin/bash
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$'); do
|
||||
tmpfile=""
|
||||
if [ "x${module%.ko}" = "x${module}" ]; then
|
||||
tmpfile=$(mktemp -t ${0##*/}.XXXXXX.ko)
|
||||
proc_bin=
|
||||
case "${module##*.}" in
|
||||
xz)
|
||||
proc_bin=xz
|
||||
;;
|
||||
bz2)
|
||||
proc_bin=bzip2
|
||||
;;
|
||||
gz)
|
||||
proc_bin=gzip
|
||||
;;
|
||||
esac
|
||||
|
||||
[ -n "$proc_bin" ] || continue
|
||||
|
||||
"$proc_bin" -d -c - < "$module" > "$tmpfile" || continue
|
||||
module="$tmpfile"
|
||||
fi
|
||||
|
||||
if [[ -n $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
|
||||
nm $module \
|
||||
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
|
||||
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08x\n", $2, $1)}' \
|
||||
| LC_ALL=C sort -u
|
||||
else
|
||||
ELFRODATA=$(readelf -R .rodata $module | awk '/0x/{printf $2$3$4$5}')
|
||||
if [[ -n $(readelf -h $module | grep "little endian") ]]; then
|
||||
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
|
||||
else
|
||||
RODATA=$ELFRODATA
|
||||
fi
|
||||
for sym in $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
|
||||
echo $sym $RODATA
|
||||
done \
|
||||
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08s\n", $2, substr($3,($1*2)+1,8))}' \
|
||||
| LC_ALL=C sort -u
|
||||
fi
|
||||
|
||||
[ -z "$tmpfile" ] || rm -f -- "$tmpfile"
|
||||
done
|
@ -22,7 +22,7 @@ filelist=`sed "s/[]['\"*?{}]/\\\\\&/g"`
|
||||
unset is_kmod
|
||||
|
||||
for f in $filelist; do
|
||||
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*).ko$:\2:p') ]
|
||||
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
|
||||
then
|
||||
is_kmod=1;
|
||||
elif [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
|
||||
@ -32,8 +32,7 @@ for f in $filelist; do
|
||||
fi
|
||||
done
|
||||
|
||||
# Disabling for now while the Fedora kernel doesn't produce kABI deps.
|
||||
#[ -x /usr/lib/rpm/redhat/find-requires.ksyms ] && [ "$is_kmod" ] &&
|
||||
# printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-requires.ksyms
|
||||
[ -x /usr/lib/rpm/redhat/find-requires.ksyms ] && [ "$is_kmod" ] &&
|
||||
printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-requires.ksyms
|
||||
|
||||
exit 0
|
155
SOURCES/find-requires.ksyms
Executable file
155
SOURCES/find-requires.ksyms
Executable file
@ -0,0 +1,155 @@
|
||||
#! /bin/bash
|
||||
#
|
||||
# This script is called during external module building to create dependencies
|
||||
# both upon the RHEL kernel, and on additional external modules. Symbols that
|
||||
# cannot be reconciled against those provided by the kernel are assumed to be
|
||||
# provided by an external module and "ksym" replaces th regular "kernel" dep.
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
# Extract all of the symbols provided by this module.
|
||||
all_provides() {
|
||||
for module in "$@"; do
|
||||
tmpfile=""
|
||||
if [ "x${module%.ko}" = "x${module}" ]; then
|
||||
tmpfile=$(mktemp -t ${0##*/}.XXXXXX.ko)
|
||||
proc_bin=
|
||||
case "${module##*.}" in
|
||||
xz)
|
||||
proc_bin=xz
|
||||
;;
|
||||
bz2)
|
||||
proc_bin=bzip2
|
||||
;;
|
||||
gz)
|
||||
proc_bin=gzip
|
||||
;;
|
||||
esac
|
||||
|
||||
[ -n "$proc_bin" ] || continue
|
||||
|
||||
"$proc_bin" -d -c - < "$module" > "$tmpfile" || continue
|
||||
module="$tmpfile"
|
||||
fi
|
||||
|
||||
if [[ -n $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
|
||||
nm "$module" \
|
||||
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
|
||||
| awk --non-decimal-data '{printf("%s:0x%08x\n", $2, $1)}'
|
||||
else
|
||||
ELFRODATA=$(readelf -R .rodata "$module" | awk '/0x/{printf $2$3$4$5}')
|
||||
if [[ -n $(readelf -h "$module" | grep "little endian") ]]; then
|
||||
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
|
||||
else
|
||||
RODATA=$ELFRODATA
|
||||
fi
|
||||
for sym in $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
|
||||
echo $sym $RODATA
|
||||
done \
|
||||
| awk --non-decimal-data '{printf("%s:0x%08s\n", $2, substr($3,($1*2)+1,8))}'
|
||||
fi
|
||||
|
||||
[ -z "$tmpfile" ] || rm -f -- "$tmpfile"
|
||||
done \
|
||||
| LC_ALL=C sort -k1,1 -u
|
||||
}
|
||||
|
||||
# Extract all of the requirements of this module.
|
||||
all_requires() {
|
||||
for module in "$@"; do
|
||||
set -- $(/sbin/modinfo -F vermagic "$module" | sed -e 's: .*::' -e q)
|
||||
/sbin/modprobe --dump-modversions "$module" \
|
||||
| awk --non-decimal-data '
|
||||
BEGIN { FS = "\t" ; OFS = "\t" }
|
||||
{printf("%s:0x%08x\n", $2, $1)}' \
|
||||
| sed -r -e 's:$:\t'"$1"':'
|
||||
done \
|
||||
| LC_ALL=C sort -k1,1 -u
|
||||
}
|
||||
|
||||
# Filter out requirements fulfilled by the module itself.
|
||||
mod_requires() {
|
||||
LC_ALL=C join -t $'\t' -j 1 -v 1 \
|
||||
<(all_requires "$@") \
|
||||
<(all_provides "$@") \
|
||||
| LC_ALL=C sort -k1,1 -u
|
||||
}
|
||||
|
||||
if ! [ -e /sbin/modinfo -a -e /sbin/modprobe ]; then
|
||||
cat > /dev/null
|
||||
exit 0
|
||||
fi
|
||||
|
||||
check_kabi() {
|
||||
arch=$(uname -m)
|
||||
kabi_file="/lib/modules/kabi-current/kabi_whitelist_$arch"
|
||||
|
||||
# If not installed, output a warning and return (continue)
|
||||
if [ ! -f "$kabi_file" ]; then
|
||||
echo "" >&2
|
||||
echo "********************************************************************************" >&2
|
||||
echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2
|
||||
echo "********************************************************************************" >&2
|
||||
echo "The kernel ABI reference files (provided by "kabi-whitelists") were not found." >&2
|
||||
echo "No compatibility check was performed. Please install the kABI reference files" >&2
|
||||
echo "and rebuild if you would like to verify compatibility with kernel ABI." >&2
|
||||
echo "" >&2
|
||||
return
|
||||
fi
|
||||
|
||||
unset non_kabi
|
||||
for symbol in "$@"; do
|
||||
if ! egrep "^[[:space:]]$symbol\$" $kabi_file >/dev/null; then
|
||||
non_kabi=("${non_kabi[@]}" "$symbol")
|
||||
fi
|
||||
done
|
||||
|
||||
if [ ${#non_kabi[@]} -gt 0 ]; then
|
||||
echo "" >&2
|
||||
echo "********************************************************************************" >&2
|
||||
echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2
|
||||
echo "********************************************************************************" >&2
|
||||
echo "The following kernel symbols are not guaranteed to remain compatible with" >&2
|
||||
echo "future kernel updates to this RHEL release:" >&2
|
||||
echo "" >&2
|
||||
for symbol in "${non_kabi[@]}"; do
|
||||
printf "\t$symbol\n" >&2
|
||||
done
|
||||
echo "" >&2
|
||||
echo "Red Hat recommends that you consider using only official kernel ABI symbols" >&2
|
||||
echo "where possible. Requests for additions to the kernel ABI can be filed with" >&2
|
||||
echo "your partner or customer representative (component: driver-update-program)." >&2
|
||||
echo "" >&2
|
||||
fi
|
||||
}
|
||||
|
||||
modules=($(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$'))
|
||||
if [ ${#modules[@]} -gt 0 ]; then
|
||||
kernel=$(/sbin/modinfo -F vermagic "${modules[0]}" | sed -e 's: .*::' -e q)
|
||||
|
||||
# get all that kernel provides
|
||||
symvers=$(mktemp -t ${0##*/}.XXXXX)
|
||||
|
||||
cat /usr/src/kernels/$kernel/Module.symvers | awk '
|
||||
BEGIN { FS = "\t" ; OFS = "\t" }
|
||||
{ print $2 ":" $1 }
|
||||
' \
|
||||
| sed -r -e 's:$:\t'"$kernel"':' \
|
||||
| LC_ALL=C sort -k1,1 -u > $symvers
|
||||
|
||||
# Symbols matching with the kernel get a "kernel" dependency
|
||||
mod_req=$(mktemp -t mod_req.XXXXX)
|
||||
mod_requires "${modules[@]}" > "$mod_req"
|
||||
LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \
|
||||
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "kernel(" $1 ") = " $2 }'
|
||||
|
||||
# Symbols from elsewhere get a "ksym" dependency
|
||||
LC_ALL=C join -t $'\t' -j 1 -v 2 $symvers "$mod_req" | LC_ALL=C sort -u \
|
||||
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "ksym(" $1 ") = " $2 }'
|
||||
|
||||
# Check kABI if the kabi-whitelists package is installed
|
||||
# Do this last so we can try to output this error at the end
|
||||
kabi_check_symbols=($(LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \
|
||||
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print $1 }'))
|
||||
check_kabi "${kabi_check_symbols[@]}"
|
||||
fi
|
14
SOURCES/firmware.prov
Normal file
14
SOURCES/firmware.prov
Normal file
@ -0,0 +1,14 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# firmware.prov - Automatically extract any and all firmware dependencies from
|
||||
# kernel object (.ko) files and add to RPM deps.
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') $*;
|
||||
do
|
||||
for firmware in `/sbin/modinfo -F firmware $module`;
|
||||
do
|
||||
echo "firmware($firmware)"
|
||||
done
|
||||
done
|
@ -5,7 +5,7 @@
|
||||
# This material is provided as is, with absolutely no warranty expressed
|
||||
# or implied. Any use is at your own risk.
|
||||
#
|
||||
# Permission is hereby granted to use or copy this program
|
||||
# Permission is hereby granted to use or copy this shellscript
|
||||
# for any purpose, provided the above notices are retained on all copies.
|
||||
# Permission to modify the code and to distribute modified code is granted,
|
||||
# provided the above notices are retained, and a notice that the code was
|
2
SOURCES/kabi.attr
Normal file
2
SOURCES/kabi.attr
Normal file
@ -0,0 +1,2 @@
|
||||
%__kabi_provides %{_rpmconfigdir}/kabi.sh
|
||||
%__kabi_path ^(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.gz$
|
13
SOURCES/kabi.sh
Normal file
13
SOURCES/kabi.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash +x
|
||||
#
|
||||
# kabi.sh - Automatically extract any kernel symbol checksum from the
|
||||
# symvers file and add to RPM deps. This is used to move the
|
||||
# checksum checking from modprobe to rpm install for 3rd party
|
||||
# modules (so they can fail during install and not at load).
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
for symvers in $(grep -E '(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.gz') "$@";
|
||||
do
|
||||
zcat $symvers | awk ' {print "kernel(" $2 ") = " $1 }'
|
||||
done
|
2
SOURCES/kmod.attr
Normal file
2
SOURCES/kmod.attr
Normal file
@ -0,0 +1,2 @@
|
||||
%__kmod_provides %{_rpmconfigdir}/kmod.prov
|
||||
%__kmod_path ^/lib/modules/.*$
|
28
SOURCES/kmod.prov
Normal file
28
SOURCES/kmod.prov
Normal file
@ -0,0 +1,28 @@
|
||||
#!/bin/sh +x
|
||||
# Kernel build can have many thousands of modules.
|
||||
# kmod.prov is run for every one of them.
|
||||
# Try to make this script run as fast as we can.
|
||||
# For example, use shell string ops instead of external programs
|
||||
# where possible.
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
read -r fname || exit
|
||||
|
||||
# Only process files from .../lib/modules/... subtree
|
||||
[ "${fname#*/lib/modules/*}" != "$fname" ] || exit 0
|
||||
|
||||
kmod=${fname##*/} # like basename, but faster
|
||||
|
||||
if [ "$kmod" = "modules.builtin" ]; then
|
||||
for j in $(cat -- "$fname"); do
|
||||
echo "kmod(${j##*/})"
|
||||
done
|
||||
exit 0
|
||||
fi
|
||||
|
||||
kmod=${kmod%.gz}
|
||||
kmod=${kmod%.xz}
|
||||
if [ "${kmod%.ko}" != "$kmod" ]; then
|
||||
echo "kmod($kmod)"
|
||||
fi
|
349
SOURCES/kmodtool
Executable file
349
SOURCES/kmodtool
Executable file
@ -0,0 +1,349 @@
|
||||
#!/bin/bash
|
||||
|
||||
# kmodtool - Helper script for building kernel module RPMs
|
||||
# An original version appeared in Fedora. This version is
|
||||
# generally called only by the %kernel_module_package RPM macro
|
||||
# during the process of building Driver Update Packages (which
|
||||
# are also known as "kmods" in the Fedora community).
|
||||
#
|
||||
# Copyright (c) 2003-2010 Ville Skyttä <ville.skytta@iki.fi>,
|
||||
# Thorsten Leemhuis <fedora@leemhuis.info>
|
||||
# Jon Masters <jcm@redhat.com>
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining
|
||||
# a copy of this software and associated documentation files (the
|
||||
# "Software"), to deal in the Software without restriction, including
|
||||
# without limitation the rights to use, copy, modify, merge, publish,
|
||||
# distribute, sublicense, and/or sell copies of the Software, and to
|
||||
# permit persons to whom the Software is furnished to do so, subject to
|
||||
# the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be
|
||||
# included in all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
# Changelog:
|
||||
#
|
||||
# 2010/07/28 - Add fixes for filelists in line with LF standard
|
||||
# - Remove now defunct "framepointer" kernel variant
|
||||
# - Change version to "rhel6-rh2" as a consequence.
|
||||
#
|
||||
# 2010/01/10 - Simplified for RHEL6. We are working on upstream
|
||||
# moving to a newer format and in any case do not
|
||||
# need to retain support for really old systems.
|
||||
|
||||
shopt -s extglob
|
||||
|
||||
myprog="kmodtool"
|
||||
myver="0.10.10_rhel8"
|
||||
knownvariants=@(debug|kdump|zfcpdump)
|
||||
kmod_name=
|
||||
kver=
|
||||
verrel=
|
||||
variant=
|
||||
|
||||
get_verrel ()
|
||||
{
|
||||
verrel=${1:-$(uname -r)}
|
||||
verrel=${verrel/%[.+]$knownvariants/}
|
||||
}
|
||||
|
||||
print_verrel ()
|
||||
{
|
||||
get_verrel "$@"
|
||||
echo "${verrel}"
|
||||
}
|
||||
|
||||
get_variant ()
|
||||
{
|
||||
get_verrel "$@"
|
||||
variant=${1:-$(uname -r)}
|
||||
variant=${variant/#$verrel?(.+)/}
|
||||
variant=${variant:-'""'}
|
||||
}
|
||||
|
||||
print_variant ()
|
||||
{
|
||||
get_variant $@
|
||||
echo "${variant}"
|
||||
}
|
||||
|
||||
# Detect flavor separator character. We have to do that due to
|
||||
# a systemd-tailored patch for kernel spec[1][2] introduced in Fedora and then
|
||||
# imported in RHEL 8 that broke all OOT kmod infrastructure for the flavored
|
||||
# kernels.
|
||||
#
|
||||
# [1] https://lists.fedoraproject.org/pipermail/kernel/2013-June/004262.html
|
||||
# [2] https://src.fedoraproject.org/rpms/kernel/c/faf25207dc86666a611c45ae3ffaf385c170bd2a
|
||||
#
|
||||
# $1 - kver
|
||||
# $2 - variant
|
||||
get_variant_char ()
|
||||
{
|
||||
variant="$2"
|
||||
[ "$variant" != "default" ] || variant=""
|
||||
|
||||
get_verrel "$1"
|
||||
|
||||
variant_char=""
|
||||
[ -n "$variant" ] || return 0
|
||||
|
||||
# We expect that the flavored kernel is already installed in the buildroot
|
||||
variant_char="+"
|
||||
[ -e "/usr/src/kernels/${verrel}+${variant}" ] && return 0
|
||||
|
||||
variant_char="."
|
||||
}
|
||||
|
||||
print_variant_char ()
|
||||
{
|
||||
get_variant_char "$@"
|
||||
echo "${variant_char}"
|
||||
}
|
||||
|
||||
print_kernel_source ()
|
||||
{
|
||||
get_variant_char "$@"
|
||||
echo "/usr/src/kernels/${verrel}${variant_char}${variant}"
|
||||
}
|
||||
|
||||
get_filelist() {
|
||||
local IFS=$'\n'
|
||||
filelist=($(cat))
|
||||
|
||||
if [ ${#filelist[@]} -gt 0 ];
|
||||
then
|
||||
for ((n = 0; n < ${#filelist[@]}; n++));
|
||||
do
|
||||
line="${filelist[n]}"
|
||||
line=$(echo "$line" \
|
||||
| sed -e "s/%verrel/$verrel/g" \
|
||||
| sed -e "s/%variant/$variant/g" \
|
||||
| sed -e "s/%dashvariant/$dashvariant/g" \
|
||||
| sed -e "s/%dotvariant/$dotvariant/g" \
|
||||
| sed -e "s/\+%1/$dotvariant/g" \
|
||||
| sed -e "s/\.%1/$dotvariant/g" \
|
||||
| sed -e "s/\-%1/$dotvariant/g" \
|
||||
| sed -e "s/%2/$verrel/g")
|
||||
echo "$line"
|
||||
done
|
||||
else
|
||||
echo "%defattr(644,root,root,755)"
|
||||
echo "/lib/modules/${verrel}${dotvariant}"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
get_rpmtemplate ()
|
||||
{
|
||||
local variant="${1}"
|
||||
|
||||
get_variant_char "${verrel}" "${variant}"
|
||||
|
||||
local dashvariant="${variant:+-${variant}}"
|
||||
local dotvariant="${variant:+${variant_char}${variant}}"
|
||||
|
||||
echo "%package -n kmod-${kmod_name}${dashvariant}"
|
||||
|
||||
if [ -z "$kmod_provides_summary" ]; then
|
||||
echo "Summary: ${kmod_name} kernel module(s)"
|
||||
fi
|
||||
|
||||
if [ -z "$kmod_provides_group" ]; then
|
||||
echo "Group: System Environment/Kernel"
|
||||
fi
|
||||
|
||||
if [ ! -z "$kmod_version" ]; then
|
||||
echo "Version: %{kmod_version}"
|
||||
fi
|
||||
|
||||
if [ ! -z "$kmod_release" ]; then
|
||||
echo "Release: %{kmod_release}"
|
||||
fi
|
||||
|
||||
# Turn of the internal dep generator so we will use the kmod scripts.
|
||||
echo "%global _use_internal_dependency_generator 0"
|
||||
|
||||
cat <<EOF
|
||||
Provides: kernel-modules >= ${verrel}${dotvariant}
|
||||
Provides: kernel${dashvariant}-modules >= ${verrel}
|
||||
Provides: ${kmod_name}-kmod = %{?epoch:%{epoch}:}%{version}-%{release}
|
||||
Requires(post): /usr/sbin/depmod
|
||||
Requires(postun): /usr/sbin/depmod
|
||||
Requires(post): /usr/sbin/weak-modules
|
||||
Requires(postun): /usr/sbin/weak-modules
|
||||
EOF
|
||||
|
||||
if [ "yes" != "$nobuildreqs" ]
|
||||
then
|
||||
cat <<EOF
|
||||
BuildRequires: kernel${dashvariant}-devel
|
||||
BuildRequires: kernel-abi-whitelists
|
||||
BuildRequires: redhat-rpm-config kernel-rpm-macros
|
||||
BuildRequires: elfutils-libelf-devel kmod
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ "" != "$override_preamble" ]
|
||||
then
|
||||
cat "$override_preamble"
|
||||
fi
|
||||
|
||||
cat <<EOF
|
||||
%description -n kmod-${kmod_name}${dashvariant}
|
||||
This package provides the ${kmod_name} kernel modules built for
|
||||
the Linux kernel ${verrel}${dotvariant} for the %{_target_cpu}
|
||||
family of processors.
|
||||
EOF
|
||||
|
||||
##############################################################################
|
||||
## The following are not part of this script directly, they are scripts ##
|
||||
## that will be executed by RPM during various stages of package processing ##
|
||||
##############################################################################
|
||||
|
||||
cat <<EOF
|
||||
%post -n kmod-${kmod_name}${dashvariant}
|
||||
if [ -e "/boot/System.map-${verrel}${dotvariant}" ]; then
|
||||
/usr/sbin/depmod -aeF "/boot/System.map-${verrel}${dotvariant}" "${verrel}${dotvariant}" > /dev/null || :
|
||||
fi
|
||||
|
||||
modules=( \$(find /lib/modules/${verrel}${dotvariant}/extra/${kmod_name} | grep '\.ko$') )
|
||||
if [ -x "/usr/sbin/weak-modules" ]; then
|
||||
printf '%s\n' "\${modules[@]}" \
|
||||
| /usr/sbin/weak-modules --add-modules
|
||||
fi
|
||||
EOF
|
||||
|
||||
cat <<EOF
|
||||
%preun -n kmod-${kmod_name}${dashvariant}
|
||||
rpm -ql kmod-${kmod_name}${dashvariant}-%{kmod_version}-%{kmod_release}.$(arch) | grep '\.ko$' > /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
|
||||
EOF
|
||||
|
||||
cat <<EOF
|
||||
%postun -n kmod-${kmod_name}${dashvariant}
|
||||
if [ -e "/boot/System.map-${verrel}${dotvariant}" ]; then
|
||||
/usr/sbin/depmod -aeF "/boot/System.map-${verrel}${dotvariant}" "${verrel}${dotvariant}" > /dev/null || :
|
||||
fi
|
||||
|
||||
modules=( \$(cat /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules) )
|
||||
rm /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
|
||||
if [ -x "/usr/sbin/weak-modules" ]; then
|
||||
printf '%s\n' "\${modules[@]}" \
|
||||
| /usr/sbin/weak-modules --remove-modules
|
||||
fi
|
||||
EOF
|
||||
|
||||
echo "%files -n kmod-${kmod_name}${dashvariant}"
|
||||
|
||||
if [ "" == "$override_filelist" ];
|
||||
then
|
||||
echo "%defattr(644,root,root,755)"
|
||||
echo "/lib/modules/${verrel}${dotvariant}"
|
||||
else
|
||||
cat "$override_filelist" | get_filelist
|
||||
fi
|
||||
}
|
||||
|
||||
print_rpmtemplate ()
|
||||
{
|
||||
kmod_name="${1}"
|
||||
shift
|
||||
kver="${1}"
|
||||
get_verrel "${1}"
|
||||
shift
|
||||
if [ -z "${kmod_name}" ] ; then
|
||||
echo "Please provide the kmodule-name as first parameter." >&2
|
||||
exit 2
|
||||
elif [ -z "${kver}" ] ; then
|
||||
echo "Please provide the kver as second parameter." >&2
|
||||
exit 2
|
||||
elif [ -z "${verrel}" ] ; then
|
||||
echo "Couldn't find out the verrel." >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
for variant in "$@" ; do
|
||||
if [ "default" == "$variant" ];
|
||||
then
|
||||
get_rpmtemplate ""
|
||||
else
|
||||
get_rpmtemplate "${variant}"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
usage ()
|
||||
{
|
||||
cat <<EOF
|
||||
You called: ${invocation}
|
||||
|
||||
Usage: ${myprog} <command> <option>+
|
||||
Commands:
|
||||
verrel <uname>
|
||||
- Get "base" version-release.
|
||||
variant <uname>
|
||||
- Get variant from uname.
|
||||
variant_char <uname> <variant>
|
||||
- Get kernel variant separator character.
|
||||
kernel_source <uname> <variant>
|
||||
- Get path to kernel source directory.
|
||||
rpmtemplate <mainpgkname> <uname> <variants>
|
||||
- Return a template for use in a source RPM
|
||||
version
|
||||
- Output version number and exit.
|
||||
EOF
|
||||
}
|
||||
|
||||
invocation="$(basename ${0}) $@"
|
||||
while [ "${1}" ] ; do
|
||||
case "${1}" in
|
||||
verrel)
|
||||
shift
|
||||
print_verrel "$@"
|
||||
exit $?
|
||||
;;
|
||||
variant)
|
||||
shift
|
||||
print_variant "$@"
|
||||
exit $?
|
||||
;;
|
||||
variant_char)
|
||||
shift
|
||||
print_variant_char "$@"
|
||||
exit $?
|
||||
;;
|
||||
kernel_source)
|
||||
shift
|
||||
print_kernel_source "$@"
|
||||
exit $?
|
||||
;;
|
||||
rpmtemplate)
|
||||
shift
|
||||
print_rpmtemplate "$@"
|
||||
exit $?
|
||||
;;
|
||||
version)
|
||||
echo "${myprog} ${myver}"
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
echo "Error: Unknown option '${1}'." >&2
|
||||
usage >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Local variables:
|
||||
# mode: sh
|
||||
# sh-indentation: 2
|
||||
# indent-tabs-mode: nil
|
||||
# End:
|
||||
# ex: ts=2 sw=2 et
|
268
SOURCES/macros
Normal file
268
SOURCES/macros
Normal file
@ -0,0 +1,268 @@
|
||||
# Per-platform rpm configuration file.
|
||||
|
||||
#==============================================================================
|
||||
# ---- per-platform macros.
|
||||
#
|
||||
%_vendor redhat
|
||||
%_os linux
|
||||
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
|
||||
|
||||
#==============================================================================
|
||||
# ---- configure macros. note that most of these are inherited
|
||||
# from the defaults.
|
||||
#
|
||||
%_localstatedir /var
|
||||
|
||||
%_pkgdocdir %{_docdir}/%{name}
|
||||
%_docdir_fmt %%{NAME}
|
||||
|
||||
%_fmoddir %{_libdir}/gfortran/modules
|
||||
|
||||
%_enable_debug_packages 1
|
||||
%_include_minidebuginfo 1
|
||||
%_include_gdb_index 1
|
||||
%_debugsource_packages 1
|
||||
%_debuginfo_subpackages 1
|
||||
|
||||
#==============================================================================
|
||||
# ---- compiler flags.
|
||||
|
||||
# C compiler flags. This is traditionally called CFLAGS in makefiles.
|
||||
# Historically also available as %%{optflags}, and %%build sets the
|
||||
# environment variable RPM_OPT_FLAGS to this value.
|
||||
%build_cflags %{optflags}
|
||||
|
||||
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
|
||||
%build_cxxflags %{optflags}
|
||||
|
||||
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
|
||||
# the corresponding variable names.
|
||||
%build_fflags %{optflags} -I%{_fmoddir}
|
||||
|
||||
# Link editor flags. This is usually called LDFLAGS in makefiles.
|
||||
# (Some makefiles use LFLAGS instead.) The default value assumes that
|
||||
# the flags, while intended for ld, are still passed through the gcc
|
||||
# compiler driver. At the beginning of %%build, the environment
|
||||
# variable RPM_LD_FLAGS to this value.
|
||||
%build_ldflags -Wl,-z,relro %{_ld_symbols_flags} %{_hardened_ldflags}
|
||||
|
||||
# Expands to shell code to seot the compiler/linker environment
|
||||
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
|
||||
# not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
|
||||
# been set implicitly at the start of the %%build section.
|
||||
%set_build_flags \
|
||||
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
|
||||
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
|
||||
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
|
||||
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
|
||||
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS
|
||||
|
||||
# Internal-only. Do not use. Expand a variable and strip the flags
|
||||
# not suitable to extension builders.
|
||||
%__extension_strip_flags() %{lua:
|
||||
local name = rpm.expand("%{1}")
|
||||
local value = " " .. rpm.expand("%{build_" .. name .. "}")
|
||||
local result = string.gsub(value, "%s+-specs=[^%s]+", " ")
|
||||
print(result)
|
||||
}
|
||||
|
||||
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
|
||||
# extension builders.
|
||||
%extension_cflags %{__extension_strip_flags cflags}
|
||||
%extension_cxxflags %{__extension_strip_flags cxxflags}
|
||||
%extension_fflags %{__extension_strip_flags fflags}
|
||||
%extension_ldflags %{__extension_strip_flags ldflags}
|
||||
|
||||
# Deprecated names. For backwards compatibility only.
|
||||
%__global_cflags %{build_cflags}
|
||||
%__global_cxxflags %{build_cxxflags}
|
||||
%__global_fflags %{build_fflags}
|
||||
%__global_fcflags %{build_fflags}
|
||||
%__global_ldflags %{build_ldflags}
|
||||
|
||||
#==============================================================================
|
||||
# ---- configure and makeinstall.
|
||||
#
|
||||
%_configure_gnuconfig_hack 1
|
||||
%_configure_libtool_hardening_hack 1
|
||||
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
|
||||
# to be added to the list of options passed to the configure script.
|
||||
# Eventually we'll want to turn this on by default, but this gives packagers a
|
||||
# way to turn it back off.
|
||||
# %_configure_disable_silent_rules 1
|
||||
%configure \
|
||||
%{set_build_flags}; \
|
||||
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
|
||||
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
|
||||
done ; \
|
||||
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
|
||||
for i in $(find . -name ltmain.sh) ; do \
|
||||
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
|
||||
done ; \
|
||||
%{_configure} --build=%{_build} --host=%{_host} \\\
|
||||
--program-prefix=%{?_program_prefix} \\\
|
||||
--disable-dependency-tracking \\\
|
||||
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
|
||||
--prefix=%{_prefix} \\\
|
||||
--exec-prefix=%{_exec_prefix} \\\
|
||||
--bindir=%{_bindir} \\\
|
||||
--sbindir=%{_sbindir} \\\
|
||||
--sysconfdir=%{_sysconfdir} \\\
|
||||
--datadir=%{_datadir} \\\
|
||||
--includedir=%{_includedir} \\\
|
||||
--libdir=%{_libdir} \\\
|
||||
--libexecdir=%{_libexecdir} \\\
|
||||
--localstatedir=%{_localstatedir} \\\
|
||||
--sharedstatedir=%{_sharedstatedir} \\\
|
||||
--mandir=%{_mandir} \\\
|
||||
--infodir=%{_infodir}
|
||||
|
||||
# Maximum number of CPU's to use when building, 0 for unlimited.
|
||||
#
|
||||
# This was for some time capped at 16. Please see
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=669638 and
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1384938 for the situation
|
||||
# surrounding this.
|
||||
#%_smp_ncpus_max 0
|
||||
%_smp_mflags %([ -z "$RPM_BUILD_NCPUS" ] \\\
|
||||
&& RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`"; \\\
|
||||
ncpus_max=%{?_smp_ncpus_max}; \\\
|
||||
if [ -n "$ncpus_max" ] && [ "$ncpus_max" -gt 0 ] && [ "$RPM_BUILD_NCPUS" -gt "$ncpus_max" ]; then RPM_BUILD_NCPUS="$ncpus_max"; fi; \\\
|
||||
if [ "$RPM_BUILD_NCPUS" -gt 1 ]; then echo "-j$RPM_BUILD_NCPUS"; fi)
|
||||
|
||||
#==============================================================================
|
||||
# ---- Build policy macros.
|
||||
#
|
||||
#
|
||||
#---------------------------------------------------------------------
|
||||
# Expanded at beginning of %install scriptlet.
|
||||
#
|
||||
|
||||
%__spec_install_pre %{___build_pre}\
|
||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
|
||||
mkdir -p `dirname "$RPM_BUILD_ROOT"`\
|
||||
mkdir "$RPM_BUILD_ROOT"\
|
||||
%{nil}
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
# Expanded at end of %install scriptlet.
|
||||
#
|
||||
|
||||
%__arch_install_post /usr/lib/rpm/check-buildroot
|
||||
|
||||
# Build root policy macros. Standard naming:
|
||||
# convert all '-' in basename to '_', add two leading underscores.
|
||||
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
|
||||
%__brp_compress /usr/lib/rpm/brp-compress
|
||||
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
|
||||
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
|
||||
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
|
||||
%__brp_python_bytecompile /usr/lib/rpm/brp-python-bytecompile "" %{?_python_bytecompile_errors_terminate_build}
|
||||
%__brp_python_hardlink /usr/lib/rpm/brp-python-hardlink
|
||||
# __brp_mangle_shebangs_exclude - shebangs to exclude
|
||||
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
|
||||
# __brp_mangle_shebangs_exclude_from - files to ignore
|
||||
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
|
||||
%__brp_mangle_shebangs PYTHON3="%{__python3}" /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
|
||||
|
||||
%__os_install_post \
|
||||
%{?__brp_ldconfig} \
|
||||
%{?__brp_compress} \
|
||||
%{!?__debug_package:\
|
||||
%{?__brp_strip} \
|
||||
%{?__brp_strip_comment_note} \
|
||||
} \
|
||||
%{?__brp_strip_static_archive} \
|
||||
%{?py_auto_byte_compile:%{?__brp_python_bytecompile}} \
|
||||
%{?__brp_python_hardlink} \
|
||||
%{?__brp_mangle_shebangs} \
|
||||
%{nil}
|
||||
|
||||
%__spec_install_post\
|
||||
%{?__debug_package:%{__debug_install_post}}\
|
||||
%{__arch_install_post}\
|
||||
%{__os_install_post}\
|
||||
%{nil}
|
||||
|
||||
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
|
||||
%%install\
|
||||
%{nil}
|
||||
|
||||
#
|
||||
# Should missing buildids terminate a build?
|
||||
%_missing_build_ids_terminate_build 1
|
||||
|
||||
#
|
||||
## Automatically compile python files
|
||||
%py_auto_byte_compile 1
|
||||
|
||||
#
|
||||
## Should python bytecompilation errors terminate a build?
|
||||
%_python_bytecompile_errors_terminate_build 1
|
||||
|
||||
# Use SHA-256 for FILEDIGESTS instead of default MD5
|
||||
%_source_filedigest_algorithm 8
|
||||
%_binary_filedigest_algorithm 8
|
||||
|
||||
# Use XZ compression for binary payloads
|
||||
%_binary_payload w2.xzdio
|
||||
|
||||
%_hardening_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
|
||||
# we don't escape symbols '~', '"', etc. so be careful when changing this
|
||||
%_hardening_ldflags -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
|
||||
|
||||
# Harden packages by default for Fedora 23:
|
||||
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
|
||||
# Use "%undefine _hardened_build" to disable.
|
||||
%_hardened_build 1
|
||||
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
|
||||
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
|
||||
|
||||
%_annobin_cflags -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
|
||||
|
||||
# Add extra information to binary objects created by gcc for Fedora 28:
|
||||
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
|
||||
# Use "%undefine _annotated_build" to disable.
|
||||
%_annotated_build 1
|
||||
%_annotated_cflags %{?_annotated_build:%{_annobin_cflags}}
|
||||
|
||||
# Fail linking if there are undefined symbols. Required for proper
|
||||
# ELF symbol versioning support. Disabled by default.
|
||||
# Use "%define _strict_symbol_defs_build 1" to enable.
|
||||
#%_strict_symbol_defs_build 1
|
||||
%_ld_symbols_flags %{?_strict_symbol_defs_build:-Wl,-z,defs}
|
||||
|
||||
%__global_compiler_flags -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags}
|
||||
|
||||
#==============================================================================
|
||||
# ---- Generic auto req/prov filtering macros
|
||||
#
|
||||
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
|
||||
|
||||
# prevent anything matching from being scanned for provides
|
||||
%filter_provides_in(P) %{expand: \
|
||||
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
|
||||
}
|
||||
|
||||
# prevent anything matching from being scanned for requires
|
||||
%filter_requires_in(P) %{expand: \
|
||||
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
|
||||
}
|
||||
|
||||
# filter anything matching out of the provides stream
|
||||
%filter_from_provides() %{expand: \
|
||||
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
|
||||
}
|
||||
|
||||
# filter anything matching out of the requires stream
|
||||
%filter_from_requires() %{expand: \
|
||||
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
|
||||
}
|
||||
|
||||
# actually set up the filtering bits
|
||||
%filter_setup %{expand: \
|
||||
%global _use_internal_dependency_generator 0 \
|
||||
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
|
||||
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
|
||||
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
|
||||
}
|
79
SOURCES/macros.fedora-misc
Normal file
79
SOURCES/macros.fedora-misc
Normal file
@ -0,0 +1,79 @@
|
||||
# Some miscellaneous Fedora-related macros
|
||||
|
||||
# List files matching inclusion globs, excluding files matching exclusion blogs
|
||||
# Optional parameters:
|
||||
# – -i "<globs>" inclusion globs
|
||||
# – -x "<globs>" exclusion globs
|
||||
# Globs are space-separated lists of shell globs. Such lists require %{quote:}
|
||||
# use for safe rpm argument passing.
|
||||
# Alternatively, set the following rpm variables before calling the macro:
|
||||
# – “listfiles_include” inclusion globs
|
||||
# — “listfiles_exclude” exclusion globs
|
||||
# Arguments passed to the macro without flags will be interpreted as inclusion
|
||||
# globs.
|
||||
%listfiles(i:x:) %{expand:
|
||||
%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
|
||||
listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
|
||||
%if %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
|
||||
while IFS= read -r finc ; do
|
||||
realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
|
||||
| sort -u | grep -q "${finc}" || echo "${finc}"
|
||||
done <<< "${listfiles_include}"
|
||||
%else
|
||||
echo "${listfiles_include}"
|
||||
%endif
|
||||
%endif
|
||||
}
|
||||
|
||||
# https://github.com/rpm-software-management/rpm/issues/581
|
||||
# Write the contents of a list of rpm variables to a macro file.
|
||||
# The target file must contain the corresponding anchors.
|
||||
# For example %writevars -f myfile foo bar will replace:
|
||||
# @@FOO@@ with the rpm evaluation of %{foo} and
|
||||
# @@BAR@@ with the rpm evaluation of %{bar}
|
||||
# in myfile
|
||||
%writevars(f:) %{lua:
|
||||
local fedora = require "fedora.common"
|
||||
local macrofile = rpm.expand("%{-f*}")
|
||||
local rpmvars = {}
|
||||
for i = 1, rpm.expand("%#") do
|
||||
table.insert(rpmvars, rpm.expand("%" .. i))
|
||||
end
|
||||
fedora.writevars(macrofile,rpmvars)
|
||||
}
|
||||
|
||||
# gpgverify verifies signed sources. There is documentation in the script.
|
||||
%gpgverify(k:s:d:) %{lua:
|
||||
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
|
||||
local keyring = rpm.expand("%{-k*}")
|
||||
local signature = rpm.expand("%{-s*}")
|
||||
local data = rpm.expand("%{-d*}")
|
||||
print(script)
|
||||
if keyring ~= "" then
|
||||
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
|
||||
end
|
||||
if signature ~= "" then
|
||||
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
|
||||
end
|
||||
if data ~= "" then
|
||||
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
|
||||
end
|
||||
}
|
||||
|
||||
# gpgverify verifies signed sources. There is documentation in the script.
|
||||
%gpgverify(k:s:d:) %{lua:
|
||||
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
|
||||
local keyring = rpm.expand("%{-k*}")
|
||||
local signature = rpm.expand("%{-s*}")
|
||||
local data = rpm.expand("%{-d*}")
|
||||
print(script)
|
||||
if keyring ~= "" then
|
||||
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
|
||||
end
|
||||
if signature ~= "" then
|
||||
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
|
||||
end
|
||||
if data ~= "" then
|
||||
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
|
||||
end
|
||||
}
|
8
SOURCES/macros.fedora-misc-srpm
Normal file
8
SOURCES/macros.fedora-misc-srpm
Normal file
@ -0,0 +1,8 @@
|
||||
# Some miscellaneous Fedora-related macros
|
||||
|
||||
# A directory for rpm macros
|
||||
%rpmmacrodir /usr/lib/rpm/macros.d
|
||||
|
||||
# A directory for appdata metainfo. This has changed between releases so a
|
||||
# macro is useful.
|
||||
%_metainfodir %{_datadir}/metainfo
|
282
SOURCES/macros.forge
Normal file
282
SOURCES/macros.forge
Normal file
@ -0,0 +1,282 @@
|
||||
# Map forge information to rpm metadata. This macro will compute default spec
|
||||
# variable values.
|
||||
#
|
||||
# The following spec variables SHOULD be set before calling the macro:
|
||||
#
|
||||
# forgeurl the project url on the forge, strongly recommended;
|
||||
# alternatively, use -u <url>
|
||||
# Version if applicable, set it with Version: <version>
|
||||
# tag if applicable
|
||||
# commit if applicable
|
||||
#
|
||||
# The macro will attempt to compute and set the following variables if they are
|
||||
# not already set by the packager:
|
||||
#
|
||||
# forgesource an URL that can be used as SourceX: value
|
||||
# forgesetupargs the correct arguments to pass to %setup for this source
|
||||
# used by %forgesetup and %forgeautosetup
|
||||
# archivename the source archive filename, without extentions
|
||||
# archiveext the source archive filename extensions, without leading dot
|
||||
# archiveurl the url that can be used to download the source archive,
|
||||
# without renaming
|
||||
# scm the scm type, when packaging code snapshots: commits or tags
|
||||
#
|
||||
# If the macro is unable to parse your forgeurl value set at least archivename
|
||||
# and archiveurl before calling it.
|
||||
#
|
||||
# Most of the computed variables are both overridable and optional. However,
|
||||
# the macro WILL REDEFINE %{dist} when packaging a snapshot (commit or tag).
|
||||
# The previous %{dist} value will be lost. Don’t call the macro if you don’t
|
||||
# wish %{dist} to be changed.
|
||||
#
|
||||
# Optional parameters:
|
||||
# -u <url> Ignore forgeurl even if it exists and use <url> instead. Note
|
||||
# that the macro will still end up setting <url> as the forgeurl
|
||||
# spec variable if it manages to parse it.
|
||||
# -s Silently ignore problems in forgeurl, use it if it can be parsed,
|
||||
# ignore it otherwise.
|
||||
# -p Restore problem handling, override -s.
|
||||
# -v Be verbose and print every spec variable the macro sets.
|
||||
# -i Print some info about the state of spec variables the macro may use or
|
||||
# set at the end of the processing.
|
||||
%forgemeta(u:spvi) %{lua:
|
||||
local forgeurl = rpm.expand("%{?-u*}")
|
||||
if (forgeurl == "") then
|
||||
forgeurl = rpm.expand("%{?forgeurl}")
|
||||
end
|
||||
local silent = false
|
||||
local verbose = false
|
||||
local informative = false
|
||||
if (rpm.expand("%{?-s}") ~= "") then
|
||||
silent = true
|
||||
end
|
||||
if (rpm.expand("%{?-p}") ~= "") then
|
||||
silent = false
|
||||
end
|
||||
if (rpm.expand("%{?-v}") ~= "") then
|
||||
verbose = true
|
||||
end
|
||||
if (rpm.expand("%{?-i}") ~= "") then
|
||||
informative = true
|
||||
end
|
||||
local tag = rpm.expand("%{?tag}")
|
||||
local commit = rpm.expand("%{?commit}")
|
||||
-- Be explicit about the spec variables we’re setting
|
||||
local function explicitset(rpmvariable,value)
|
||||
rpm.define(rpmvariable .. " " .. value)
|
||||
if verbose then
|
||||
rpm.expand("%{echo:Setting %%{" .. rpmvariable .. "} = " .. value .. "\\n}")
|
||||
end
|
||||
end
|
||||
-- Never ever stomp on a spec variable the packager already set
|
||||
local function safeset(rpmvariable,value)
|
||||
if (rpm.expand("%{?" .. rpmvariable .. "}") == "") then
|
||||
explicitset(rpmvariable,value)
|
||||
end
|
||||
end
|
||||
-- Set spec variable values for each known software publishing service
|
||||
if (forgeurl ~= "") then
|
||||
local forge = string.match(forgeurl, "^[^:]+://([^/]+)/")
|
||||
if (forge == nil) then
|
||||
if not silent then
|
||||
rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !\\n}")
|
||||
end
|
||||
else
|
||||
if (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
|
||||
forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
|
||||
if (forgeurl == nil) then
|
||||
if not silent then
|
||||
rpm.expand("%{error:Gitlab URLs must match https://(…[-.])gitlab[-.]…/owner/repo !\\n}")
|
||||
end
|
||||
else
|
||||
explicitset("forgeurl", forgeurl)
|
||||
if (commit == "") then
|
||||
rpm.expand("%{error:All Gitlab URLs require commit value knowledge: you need to define %{commit}!\\nPlease vote on https://gitlab.com/gitlab-org/gitlab-ce/issues/38830\\n}")
|
||||
end
|
||||
safeset("archiveext", "tar.bz2")
|
||||
safeset("forgesetupargs", "-n %{archivename}")
|
||||
if (commit ~= "") or (tag ~= "") then
|
||||
safeset("scm", "git")
|
||||
end
|
||||
local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
|
||||
local repo = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
|
||||
local version = rpm.expand("%{?version}")
|
||||
if (version ~= "") and (version ~= "0") and (tag == "") then
|
||||
-- GitLab does not have strong versionning semantics
|
||||
-- Some projects use "version" as release tag, others "v" + "version"
|
||||
-- Tag value needs to be explicitly declared before calling the macro
|
||||
-- in the second case
|
||||
tag = version
|
||||
safeset("tag", tag)
|
||||
end
|
||||
if (tag ~= "") then
|
||||
safeset("archivename", repo .. "-%{tag}-%{commit}")
|
||||
safeset("archiveurl", "%{forgeurl}/repository/%{tag}/archive.%{archiveext}")
|
||||
else
|
||||
safeset("archivename", repo .. "-%{commit}")
|
||||
safeset("archiveurl", "%{forgeurl}/repository/%{commit}/archive.%{archiveext}")
|
||||
end
|
||||
end
|
||||
end
|
||||
if (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
|
||||
forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
|
||||
if (forgeurl == nil) then
|
||||
if not silent then
|
||||
rpm.expand("%{error:GitHub URLs must match https://(…[-.])github[-.]…/owner/repo !\\n}")
|
||||
end
|
||||
else
|
||||
explicitset("forgeurl", forgeurl)
|
||||
safeset("archiveext", "tar.gz")
|
||||
local forgesetupargs = "-n %{archivename}"
|
||||
if (commit ~= "") or (tag ~= "") then
|
||||
safeset("scm", "git")
|
||||
end
|
||||
local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
|
||||
local repo = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
|
||||
if (tag ~= "") then
|
||||
-- if upstream used a version suffix such as -rc1 or -beta it will not
|
||||
-- be a valid version string for rpm but github will accept it fine and
|
||||
-- use the same naming as for other versions: v prefix in the tag and
|
||||
-- archivename, no v prefix in the topdir naming inside the archive
|
||||
local version = rpm.expand("%{?version}")
|
||||
if version ~= "" and
|
||||
(string.match(tag, "^v" .. version .. "[^%d]") or
|
||||
string.match(tag, "^v" .. version .. "$")) then
|
||||
forgesetupargs = "-n " .. repo .. "-" .. string.gsub(tag, "^v", "")
|
||||
end
|
||||
safeset("archivename", repo .. "-%{tag}")
|
||||
safeset("archiveurl", "%{forgeurl}/archive/%{tag}.%{archiveext}")
|
||||
else
|
||||
if (commit ~= "") then
|
||||
safeset("archivename", repo .. "-%{commit}")
|
||||
safeset("archiveurl", "%{forgeurl}/archive/%{commit}/" .. repo .. "-%{commit}.%{archiveext}")
|
||||
else
|
||||
safeset("archivename", repo .. "-%{version}")
|
||||
safeset("archiveurl", "%{forgeurl}/archive/v%{version}.%{archiveext}")
|
||||
end
|
||||
end
|
||||
safeset("forgesetupargs", forgesetupargs)
|
||||
end
|
||||
end
|
||||
if (forge == "code.googlesource.com") then
|
||||
forgeurl = string.match(forgeurl, "https://code.googlesource.com/[^#?]*[^/#?]+")
|
||||
if (forgeurl == nil) then
|
||||
if not silent then
|
||||
rpm.expand("%{error:Googlesource URLs must match https://code.googlesource.com/…/repo !\\n}")
|
||||
end
|
||||
else
|
||||
explicitset("forgeurl", forgeurl)
|
||||
safeset("archiveext", "tar.gz")
|
||||
safeset("forgesetupargs", "-c")
|
||||
if (commit ~= "") or (tag ~= "") then
|
||||
safeset("scm", "git")
|
||||
end
|
||||
local repo = string.match(forgeurl, "^[^:]+://.+/([^/?#]+)")
|
||||
if (tag ~= "") then
|
||||
safeset("archivename", repo .. "-%{tag}")
|
||||
safeset("archiveurl", "%{forgeurl}/+archive/%{tag}.%{archiveext}")
|
||||
else
|
||||
if (commit ~= "") then
|
||||
safeset("archivename", repo .. "-%{commit}")
|
||||
safeset("archiveurl", "%{forgeurl}/+archive/%{commit}.%{archiveext}")
|
||||
else
|
||||
safeset("archivename", repo .. "-v%{version}")
|
||||
safeset("archiveurl", "%{forgeurl}/+archive/v%{version}.%{archiveext}")
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
if (forge == "bitbucket.org") then
|
||||
forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
|
||||
if (forgeurl == nil) then
|
||||
if not silent then
|
||||
rpm.expand("%{error:BitBucket URLs must match https://bitbucket.org/owner/repo !\\n}")
|
||||
end
|
||||
else
|
||||
explicitset("forgeurl", forgeurl)
|
||||
if (commit == "") then
|
||||
rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!\\n}")
|
||||
end
|
||||
local shortcommit = string.sub(commit, 1, 12)
|
||||
safeset("archiveext", "tar.bz2")
|
||||
-- Default to git even though BitBucket allows choosing between several SCMs
|
||||
-- Set scm to hg for example before calling the macro if your project does not use git
|
||||
safeset("scm", "git")
|
||||
local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
|
||||
local repo = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
|
||||
safeset("archivename", owner .. "-" .. repo .. "-" .. shortcommit)
|
||||
safeset("forgesetupargs", "-n %{archivename}")
|
||||
if (tag ~= "") then
|
||||
safeset("archiveurl", "%{forgeurl}/get/%{tag}.%{archiveext}")
|
||||
else
|
||||
safeset("archiveurl", "%{forgeurl}/get/%{commit}.%{archiveext}")
|
||||
end
|
||||
end
|
||||
end
|
||||
if (forge == "pagure.io") then
|
||||
if not silent then
|
||||
rpm.expand("%{error:https://pagure.io/pagure/issue/861 needs to be resolved before the “pagure.io”\\nsoftware publishing service can be supported.\\n}")
|
||||
end
|
||||
end
|
||||
-- Final tests to check forgeurl was successfuly parsed
|
||||
if not silent then
|
||||
if (rpm.expand("%{?archivename}") == "") or (rpm.expand("%{?archiveurl}") == "") then
|
||||
rpm.expand("%{error:Automation for the “" .. forge .. "”\\nsoftware publishing service is not implemented yet.\\nPlease extend the %%forgemeta macro!\\n}")
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
-- Set defaults if forgeurl is missing or does not parse
|
||||
local archivename = rpm.expand("%{?archivename}")
|
||||
safeset("archiveext", "tar.gz")
|
||||
if (archivename ~= "") then
|
||||
safeset("forgesetupargs", "-n %{archivename}")
|
||||
end
|
||||
if (commit ~= "") or (tag ~= "") then
|
||||
safeset("scm", "git")
|
||||
end
|
||||
-- Source URL processing (computing the forgesource spec variable)
|
||||
local archiveurl = rpm.expand("%{?archiveurl}")
|
||||
local archiveext = rpm.expand("%{?archiveext}")
|
||||
if (archivename ~= "") and (archiveurl ~= "") then
|
||||
if (string.match(archiveurl, "/([^/]+)$") == archivename .. "." .. archiveext) then
|
||||
safeset("forgesource", "%{archiveurl}")
|
||||
else
|
||||
safeset("forgesource", "%{?archiveurl}#/%{?archivename}.%{archiveext}")
|
||||
end
|
||||
end
|
||||
-- dist processing (computing the correct pefix for snapshots)
|
||||
local distprefix = rpm.expand("%{?tag}")
|
||||
local version = rpm.expand("%{?version}")
|
||||
if (distprefix == version) or (distprefix == "v" .. version) then
|
||||
distprefix = ""
|
||||
end
|
||||
if (distprefix == "") then
|
||||
distprefix = string.sub(rpm.expand("%{?commit}"), 1, 7)
|
||||
end
|
||||
if (distprefix ~= "") then
|
||||
local dist = ".%([ -r %{_sourcedir}/%{archivename}.%{archiveext} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename}.%{archiveext})%{scm}" .. string.gsub(distprefix, "-",".") .. rpm.expand("%{?dist}")
|
||||
explicitset("dist", dist)
|
||||
end
|
||||
-- Final spec variable summary if the macro was called with -i
|
||||
if informative then
|
||||
rpm.expand("%{echo:Forge-specific packaging variables\\n}")
|
||||
rpm.expand("%{echo: forgeurl: %{?forgeurl}\\n}")
|
||||
rpm.expand("%{echo: forgesource: %{?forgesource}\\n}")
|
||||
rpm.expand("%{echo: forgesetupargs: %{?forgesetupargs}\\n}")
|
||||
rpm.expand("%{echo:Generic variables\\n}")
|
||||
rpm.expand("%{echo: archivename: %{?archivename}\\n}")
|
||||
rpm.expand("%{echo: archiveext: %{?archiveext}\\n}")
|
||||
rpm.expand("%{echo: archiveurl: %{?archiveurl}\\n}")
|
||||
rpm.expand("%{echo: scm: %{?scm}\\n}")
|
||||
rpm.expand("%{echo: tag: %{?tag}\\n}")
|
||||
rpm.expand("%{echo: commit: %{?commit}\\n}")
|
||||
rpm.expand("%{echo: dist: %{?dist} (snapshot date is computed once %%{_sourcedir}/%%{archivename}.%%{archiveext} is available)\\n}")
|
||||
end
|
||||
}
|
||||
|
||||
# Convenience macro to relay computed arguments to %setup
|
||||
%forgesetup(a:b:cDn:Tq) %setup %{?forgesetupargs} %{-a} %{-b} %{-c} %{-D} %{-n} %{-T} %{-q}
|
||||
|
||||
# Convenience macro to relay computed arguments to %autosetup
|
||||
%forgeautosetup(a:b:cDn:TvNS:p:) %autosetup %{?forgesetupargs} %{-a} %{-b} %{-c} %{-D} %{-n} %{-T} %{-v} %{-N} %{-S} %{-p}
|
3
SOURCES/macros.kernel-srpm
Normal file
3
SOURCES/macros.kernel-srpm
Normal file
@ -0,0 +1,3 @@
|
||||
# kernel_arches lists what arches the full kernel is built for.
|
||||
|
||||
%kernel_arches x86_64 s390x ppc64le aarch64 %{arm}
|
97
SOURCES/macros.kmp
Normal file
97
SOURCES/macros.kmp
Normal file
@ -0,0 +1,97 @@
|
||||
# Use these macros to differentiate between RH and other KMP implementation(s).
|
||||
%global redhat_kernel_module_package 1
|
||||
%global kernel_module_package_release 1
|
||||
|
||||
%global redhat_kmp_has_post_hooks 1
|
||||
|
||||
%__brp_kmod_set_exec_bit /usr/lib/rpm/redhat/brp-kmod-set-exec-bit
|
||||
%__brp_kmod_restore_perms /usr/lib/rpm/redhat/brp-kmod-restore-perms
|
||||
|
||||
%__kmod_brps_added 0
|
||||
|
||||
%__find_provides /usr/lib/rpm/redhat/find-provides
|
||||
%__find_requires /usr/lib/rpm/redhat/find-requires
|
||||
|
||||
#kernel_module_package [ -n name ] [ -v version ] [ -r release ] [ -s script ]
|
||||
# [ -f filelist] [ -x ] [ -p preamble ] flavor flavor ...
|
||||
|
||||
%kernel_module_package_buildreqs %global kmodtool_generate_buildreqs 1 \
|
||||
kernel-devel kernel-abi-whitelists redhat-rpm-config kernel-rpm-macros elfutils-libelf-devel kmod
|
||||
|
||||
%kernel_module_package(n:v:r:s:f:xp:) %{expand:%( \
|
||||
## An ugly hack: we want kmods to be processed by find-debuginfo,
|
||||
## but it processes only files with executable permission set.
|
||||
## It is important now since, as of now, if debuginfo package
|
||||
## is enabled (and it is enabled), there's an RPM build error
|
||||
## as a result of lack of ether absence or emptiness of
|
||||
## debugsourcefiles.list (which is likely a bug in RPM, but it looks
|
||||
## like that there's no obvious fix and apparently no one have
|
||||
## any issues with this).
|
||||
## In order to minimise intrusiveness, usually (in Red Hat-built kmod
|
||||
## RPMs) *.ko files just have executable permission being set as a part
|
||||
## of %build section. There are two caveats with kmp, however:
|
||||
## * We have no control over %build section itself (and it wasn't
|
||||
## required previously)
|
||||
## * Changing the criteria used in find-debuginfo.sh/brp-strip
|
||||
## for selecting files that have to undergo debug section separation
|
||||
## may introduce regression.
|
||||
## As a result, we insert additional hooks in __spec_install_post
|
||||
## (__brp_kmod_set_exec_bit in the beginning and
|
||||
## __brp_kmod_restore_perms in the end) that (temporarily) set
|
||||
## executable permission for *.ko files so find-debuginfo.sh will pick
|
||||
## them up.
|
||||
## Unfortunately, __spec_install_post's body is copied here since
|
||||
## we want that __debug_package macro expansion has been performed
|
||||
## lazily and it looks like RPM has no ability to provide a body
|
||||
## of a macro verbatim.
|
||||
if [ 0 = "%{__kmod_brps_added}" ]; then \
|
||||
echo "%%global __spec_install_post \\\\" \
|
||||
echo " %%{?__brp_kmod_set_exec_bit} \\\\" \
|
||||
echo " %%%%{?__debug_package:%%%%{__debug_install_post}} \\\\" \
|
||||
echo " %%{__arch_install_post} \\\\" \
|
||||
echo " %%{__os_install_post} \\\\" \
|
||||
echo " %%{?__brp_kmod_pre_sign_process} \\\\" \
|
||||
echo " %%{?__brp_kmod_sign} \\\\" \
|
||||
echo " %%{?__brp_kmod_post_sign_process} \\\\" \
|
||||
echo " %%{?__brp_kmod_compress} \\\\" \
|
||||
echo " %%{?__brp_kmod_post_compress_process} \\\\" \
|
||||
echo " %%{?__brp_kmod_restore_perms} \\\\" \
|
||||
echo "%%{nil}" \
|
||||
fi \
|
||||
%global __kmod_brps_added 1 \
|
||||
%global kmodtool %{-s*}%{!-s:/usr/lib/rpm/redhat/kmodtool} \
|
||||
%global kmod_version %{-v*}%{!-v:%{version}} \
|
||||
%global kmod_release %{-r*}%{!-r:%{release}} \
|
||||
%global latest_kernel %({ rpm -q --qf '%%{VERSION}-%%{RELEASE}.%%{ARCH}\\\\n' `rpm -qa | egrep "^kernel(-rt|-aarch64)?-devel" | /usr/lib/rpm/redhat/rpmsort -r | head -n 1`; echo '%%%%{nil}'; } | head -n 1) \
|
||||
%{!?kernel_version:%{expand:%%global kernel_version %{latest_kernel}}} \
|
||||
%global kverrel %(%{kmodtool} verrel %{?kernel_version} 2>/dev/null) \
|
||||
flavors="default" \
|
||||
if [ -z "%*" ]; then \
|
||||
flavors_to_build=$flavors \
|
||||
elif [ -z "%{-x}" ]; then \
|
||||
flavors_to_build="%*" \
|
||||
else \
|
||||
flavors_to_build=" $flavors "\
|
||||
for i in %* \
|
||||
do \
|
||||
flavors_to_build=${flavors_to_build//$i /}
|
||||
done \
|
||||
fi \
|
||||
echo "%%global flavors_to_build ${flavors_to_build:-%%nil}" \
|
||||
echo "%%global kernel_source() \\\$([ default = \"%%%%{1}\" ] && echo \"/usr/src/kernels//%%%%kverrel\" || %{kmodtool} kernel_source \"%%%%{kverrel}\" \"%%%%{1}\" 2>/dev/null || { ls -Ud \"/usr/src/kernels///%%%%{kverrel}\"[.+]\"%%%%{1}\" | sort -V | tail -n 1; } || echo \"/usr/src/kernels////%%%%kverrel.%%%%1\")" \
|
||||
echo "%%global kernel_module_package_moddir() extra" \
|
||||
if [ ! -z "%{-f*}" ] \
|
||||
then \
|
||||
filelist="%{-f*}" \
|
||||
fi \
|
||||
if [ ! -z "%{-p*}" ] \
|
||||
then \
|
||||
preamble="%{-p*}" \
|
||||
fi \
|
||||
nobuildreqs="yes" \
|
||||
if [ "x%{kmodtool_generate_buildreqs}" != "x1" ] \
|
||||
then \
|
||||
nobuildreqs="no" \
|
||||
fi \
|
||||
override_filelist="$filelist" override_preamble="$preamble" nobuildreqs="$nobuildreqs" kmod_version=%kmod_version kmod_release=%kmod_release %{kmodtool} rpmtemplate %{-n*}%{!-n:%name} %{kverrel} $flavors_to_build 2>/dev/null \
|
||||
)}
|
2
SOURCES/macros.ldc-srpm
Normal file
2
SOURCES/macros.ldc-srpm
Normal file
@ -0,0 +1,2 @@
|
||||
# arches that ldc builds on
|
||||
%ldc_arches %{ix86} x86_64 %{arm} %{power64}
|
3
SOURCES/macros.valgrind-srpm
Normal file
3
SOURCES/macros.valgrind-srpm
Normal file
@ -0,0 +1,3 @@
|
||||
# valgrind_arches lists what arches Valgrind works on
|
||||
|
||||
%valgrind_arches %{ix86} x86_64 ppc ppc64 ppc64le armv7hl aarch64 s390x
|
@ -4,4 +4,4 @@
|
||||
%_vpath_srcdir .
|
||||
|
||||
# directory (doesn't need to exist) where all generated build files will be placed
|
||||
%_vpath_builddir %{_vendor}-%{_target_os}-build
|
||||
%_vpath_builddir %_target_platform
|
78
SOURCES/modalias.prov
Normal file
78
SOURCES/modalias.prov
Normal file
@ -0,0 +1,78 @@
|
||||
#! /bin/bash -efu
|
||||
|
||||
# heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>.
|
||||
# with modifications by Michael Brown <Michael_E_Brown@dell.com>
|
||||
#
|
||||
# -- added module versioning info to modalias() symbols
|
||||
# -- removed code which inspects spec files.
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
#
|
||||
# Initially, dont generate modalias() lines for kernel package. This needs
|
||||
# additional discussion. Would like to eventually add them for
|
||||
# completeness, so that we can determine when drivers are folded into
|
||||
# mainline kernel.
|
||||
#
|
||||
is_kernel_package=""
|
||||
case "${1:-}" in
|
||||
kernel-module-*) ;; # Fedora kernel module package names start with
|
||||
# kernel-module.
|
||||
kernel*) is_kernel_package=1 ;;
|
||||
esac
|
||||
|
||||
if ! [ -z "$is_kernel_package" ]; then
|
||||
cat > /dev/null
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Check for presence of the commands used
|
||||
which /sbin/modinfo >/dev/null || exit 0
|
||||
which sed >/dev/null || exit 0
|
||||
which sort >/dev/null || exit 0
|
||||
|
||||
print_modaliases() {
|
||||
declare class=$1 variants=$2 pos=$3
|
||||
if [ -n "$variants" ]; then
|
||||
echo "${class:0:pos}[$variants]${class:pos+1}"
|
||||
else
|
||||
[ -z "$class" ] || echo "$class"
|
||||
fi
|
||||
}
|
||||
|
||||
combine_modaliases() {
|
||||
declare tag class variants="" pos="" n
|
||||
read class
|
||||
while read tag; do
|
||||
for ((n=0; n<${#class}; n++)); do
|
||||
if [ "*" != "${class:n:1}" -a \
|
||||
"${class:0:n}" = "${tag:0:n}" -a \
|
||||
"${class:n+1}" = "${tag:n+1}" ] &&
|
||||
( [ -z "$pos" ] || [ $n = $pos ] ); then
|
||||
variants="${variants:-${class:n:1}}${tag:n:1}"
|
||||
pos=$n
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ $n -eq ${#class} ]; then
|
||||
print_modaliases "$class" "$variants" "$pos"
|
||||
variants=
|
||||
pos=
|
||||
class=$tag
|
||||
fi
|
||||
done
|
||||
print_modaliases "$class" "$variants" "$pos"
|
||||
}
|
||||
|
||||
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') "$@"; do
|
||||
# | head -n1 because some modules have *two* version tags. *cough*b44*cough*
|
||||
modver=$(/sbin/modinfo -F version "$module"| head -n1)
|
||||
modver=${modver//[^0-9a-zA-Z._]/_}
|
||||
# only add version tag if it has a version
|
||||
[ -z "$modver" ] || modver=" = $modver"
|
||||
|
||||
/sbin/modinfo -F alias "$module" \
|
||||
| sed -nre "s,[^][0-9a-zA-Z._:*?/-],_,g; s,(.+),modalias(\\1)$modver,p"
|
||||
done \
|
||||
| sort -u \
|
||||
| combine_modaliases
|
@ -1,3 +1,2 @@
|
||||
*cc1_options:
|
||||
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}
|
||||
|
@ -1,3 +1,2 @@
|
||||
*cc1_options:
|
||||
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}
|
||||
|
@ -1,3 +1,2 @@
|
||||
*cc1_options:
|
||||
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=gcc-annobin}
|
||||
|
2
SOURCES/redhat-hardened-cc1
Normal file
2
SOURCES/redhat-hardened-cc1
Normal file
@ -0,0 +1,2 @@
|
||||
*cc1_options:
|
||||
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}
|
97
SOURCES/rpmrc
Normal file
97
SOURCES/rpmrc
Normal file
@ -0,0 +1,97 @@
|
||||
include: /usr/lib/rpm/rpmrc
|
||||
|
||||
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: i686 %{__global_compiler_flags} -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
|
||||
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: ia64 %{__global_compiler_flags}
|
||||
optflags: x86_64 %{__global_compiler_flags} -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
|
||||
|
||||
optflags: alpha %{__global_compiler_flags} -mieee
|
||||
optflags: alphaev5 %{__global_compiler_flags} -mieee -mcpu=ev5
|
||||
optflags: alphaev56 %{__global_compiler_flags} -mieee -mcpu=ev56
|
||||
optflags: alphapca56 %{__global_compiler_flags} -mieee -mcpu=pca56
|
||||
optflags: alphaev6 %{__global_compiler_flags} -mieee -mcpu=ev6
|
||||
optflags: alphaev67 %{__global_compiler_flags} -mieee -mcpu=ev67
|
||||
|
||||
optflags: sparc %{__global_compiler_flags} -m32 -mcpu=v7 -mtune=ultrasparc
|
||||
optflags: sparcv8 %{__global_compiler_flags} -m32 -mcpu=v8
|
||||
optflags: sparcv9 %{__global_compiler_flags} -m32 -mcpu=ultrasparc
|
||||
optflags: sparcv9v %{__global_compiler_flags} -m32 -mcpu=niagara
|
||||
optflags: sparc64 %{__global_compiler_flags} -m64 -mcpu=ultrasparc
|
||||
optflags: sparc64v %{__global_compiler_flags} -m64 -mcpu=niagara
|
||||
|
||||
optflags: m68k %{__global_compiler_flags}
|
||||
|
||||
optflags: ppc %{__global_compiler_flags} -m32 -funwind-tables
|
||||
optflags: ppciseries %{__global_compiler_flags} -m32
|
||||
optflags: ppcpseries %{__global_compiler_flags} -m32
|
||||
optflags: ppc64 %{__global_compiler_flags} -m64 -funwind-tables -fstack-clash-protection
|
||||
optflags: ppc64p7 %{__global_compiler_flags} -m64 -O3 -mcpu=power7 -mtune=power7 -funwind-tables -fstack-clash-protection
|
||||
optflags: ppc64le %{__global_compiler_flags} -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protection
|
||||
optflags: ppc64iseries %{__global_compiler_flags} -m64
|
||||
optflags: ppc64pseries %{__global_compiler_flags} -m64
|
||||
optflags: ppc8260 %{__global_compiler_flags} -m32
|
||||
optflags: ppc8560 %{__global_compiler_flags} -m32
|
||||
|
||||
optflags: parisc %{__global_compiler_flags} -mpa-risc-1-0
|
||||
optflags: hppa1.0 %{__global_compiler_flags} -mpa-risc-1-0
|
||||
optflags: hppa1.1 %{__global_compiler_flags} -mpa-risc-1-0
|
||||
optflags: hppa1.2 %{__global_compiler_flags} -mpa-risc-1-0
|
||||
optflags: hppa2.0 %{__global_compiler_flags} -mpa-risc-1-0
|
||||
|
||||
optflags: mips %{__global_compiler_flags} -march=mips32r2 -mfpxx
|
||||
optflags: mipsel %{__global_compiler_flags} -march=mips32r2 -mfpxx
|
||||
optflags: mips64 %{__global_compiler_flags} -march=mips64r2 -mabi=64
|
||||
optflags: mips64el %{__global_compiler_flags} -march=mips64r2 -mabi=64
|
||||
optflags: mipsr6 %{__global_compiler_flags} -march=mips32r6
|
||||
optflags: mipsr6el %{__global_compiler_flags} -march=mips32r6
|
||||
optflags: mips64r6 %{__global_compiler_flags} -march=mips64r6
|
||||
optflags: mips64r6el %{__global_compiler_flags} -march=mips64r6
|
||||
|
||||
optflags: armv3l %{__global_compiler_flags} -fsigned-char -march=armv3
|
||||
optflags: armv4b %{__global_compiler_flags} -fsigned-char -march=armv4
|
||||
optflags: armv4l %{__global_compiler_flags} -fsigned-char -march=armv4
|
||||
optflags: armv4tl %{__global_compiler_flags} -march=armv4t
|
||||
optflags: armv5tel %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
|
||||
optflags: armv5tejl %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
|
||||
optflags: armv6l %{__global_compiler_flags} -march=armv6 -mfloat-abi=soft
|
||||
optflags: armv6hl %{__global_compiler_flags} -march=armv6 -mfpu=vfp -mfloat-abi=hard
|
||||
optflags: armv6hnl %{__global_compiler_flags} -march=armv6 -mfpu=neon -mfloat-abi=hard
|
||||
optflags: armv7l %{__global_compiler_flags} -march=armv7-a -mfloat-abi=soft
|
||||
optflags: armv7hl %{__global_compiler_flags} -march=armv7-a -mfpu=vfpv3-d16 -mtune=generic-armv7-a -mabi=aapcs-linux -mfloat-abi=hard
|
||||
optflags: armv7hnl %{__global_compiler_flags} -march=armv7-a -mfpu=neon -mfloat-abi=hard
|
||||
|
||||
optflags: atarist %{__global_compiler_flags}
|
||||
optflags: atariste %{__global_compiler_flags}
|
||||
optflags: ataritt %{__global_compiler_flags}
|
||||
optflags: falcon %{__global_compiler_flags}
|
||||
optflags: atariclone %{__global_compiler_flags}
|
||||
optflags: milan %{__global_compiler_flags}
|
||||
optflags: hades %{__global_compiler_flags}
|
||||
|
||||
optflags: s390 %{__global_compiler_flags} -m31 -march=z13 -mtune=z14 -fasynchronous-unwind-tables
|
||||
optflags: s390x %{__global_compiler_flags} -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
|
||||
optflags: aarch64 %{__global_compiler_flags} -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
|
||||
optflags: riscv64 %{__global_compiler_flags}
|
||||
|
||||
# set build arch to fedora buildarches on hardware capable of running it
|
||||
# saves having to do rpmbuild --target=
|
||||
buildarchtranslate: athlon: i686
|
||||
buildarchtranslate: geode: i686
|
||||
buildarchtranslate: pentium4: i686
|
||||
buildarchtranslate: pentium3: i686
|
||||
buildarchtranslate: i686: i686
|
||||
buildarchtranslate: i586: i586
|
||||
|
||||
buildarchtranslate: sparcv9: sparcv9
|
||||
buildarchtranslate: sparcv9v: sparcv9
|
||||
|
||||
buildarchtranslate: armv5tejl: armv5tel
|
||||
buildarchtranslate: armv6l: armv5tel
|
||||
buildarchtranslate: armv7l: armv5tel
|
||||
buildarchtranslate: armv7hl: armv7hl
|
||||
buildarchtranslate: armv7hnl: armv7hl
|
76
SOURCES/rpmsort
Executable file
76
SOURCES/rpmsort
Executable file
@ -0,0 +1,76 @@
|
||||
#! /usr/bin/perl -w
|
||||
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||
# USA.
|
||||
|
||||
use Getopt::Long qw(:config gnu_getopt);
|
||||
|
||||
sub rpm_cmp_versions {
|
||||
my ($evr1, $evr2) = @_;
|
||||
|
||||
sub _rpm_cmp {
|
||||
my ($s1, $s2) = @_;
|
||||
|
||||
return defined $s1 <=> defined $s2
|
||||
unless defined $s1 && defined $s2;
|
||||
|
||||
my ($r, $x1, $x2);
|
||||
do {
|
||||
$s1 =~ s/^[^a-zA-Z0-9]+//;
|
||||
$s2 =~ s/^[^a-zA-Z0-9]+//;
|
||||
if ($s1 =~ /^\d/ || $s2 =~ /^\d/) {
|
||||
$s1 =~ s/^0*(\d*)//; $x1 = $1;
|
||||
$s2 =~ s/^0*(\d*)//; $x2 = $1;
|
||||
$r = length $x1 <=> length $x2 || $x1 cmp $x2;
|
||||
} else {
|
||||
$s1 =~ s/^([a-zA-Z]*)//; $x1 = $1;
|
||||
$s2 =~ s/^([a-zA-Z]*)//; $x2 = $1;
|
||||
return 0
|
||||
if $x1 eq '' && $x2 eq '';
|
||||
$r = $x1 cmp $x2;
|
||||
}
|
||||
} until $r;
|
||||
return $r;
|
||||
}
|
||||
|
||||
my ($e1, $v1, $r1) = $evr1 =~ /^(?:(\d*):)?(.*?)(?:-([^-]*))?$/;
|
||||
my ($e2, $v2, $r2) = $evr2 =~ /^(?:(\d*):)?(.*?)(?:-([^-]*))?$/;
|
||||
my $r = _rpm_cmp($e1 || 0, $e2 || 0);
|
||||
$r = _rpm_cmp($v1, $v2)
|
||||
unless $r;
|
||||
$r = _rpm_cmp($r1, $r2)
|
||||
unless $r;
|
||||
return $r;
|
||||
}
|
||||
|
||||
my $reorder = sub { return @_ };
|
||||
my $key = 0;
|
||||
|
||||
GetOptions ("r|reverse" => sub { $reorder = sub { return reverse @_ } },
|
||||
"k|key=i" => \$key)
|
||||
or do {
|
||||
print STDERR "Usage\n";
|
||||
exit 1;
|
||||
};
|
||||
|
||||
if ($key == 0) {
|
||||
# Sort by entire lines
|
||||
map { print } &$reorder(sort { rpm_cmp_versions($a, $b) } <>);
|
||||
} else {
|
||||
# Sort by field $key
|
||||
my @data = map { [(split)[$key-1], $_] } <>;
|
||||
map { print } &$reorder(map { $_->[1] }
|
||||
sort { rpm_cmp_versions($a->[0], $b->[0]) } @data);
|
||||
}
|
40
SOURCES/symset-table
Executable file
40
SOURCES/symset-table
Executable file
@ -0,0 +1,40 @@
|
||||
#! /bin/sh
|
||||
|
||||
# Create a table of all symbol sets defined in all /boot/symsets*.tar.gz
|
||||
# files.
|
||||
#
|
||||
# Format:
|
||||
# kernelrelease/modver/symbol <tab> symset <tab> symset_hash
|
||||
#
|
||||
# This table is needed for computing the appropriate Requires: tags for
|
||||
# kernel module packages.
|
||||
|
||||
tmpdir=$(mktemp -t -d ${0##*/}.XXXXXX)
|
||||
trap "cd / ; rm -rf $tmpdir" EXIT
|
||||
cd $tmpdir
|
||||
|
||||
shopt -s nullglob
|
||||
for symsets in /boot/symsets-*.tar.gz; do
|
||||
zcat $symsets \
|
||||
| tar xf -
|
||||
done
|
||||
|
||||
for symsets in /usr/src/kernels/*/symsets-*.tar.gz; do
|
||||
zcat $symsets \
|
||||
| tar xf -
|
||||
done
|
||||
|
||||
for symsets in *; do
|
||||
krel=${symsets#symsets-}
|
||||
for symset in $symsets/*; do
|
||||
class=${symset##*/} ; class=${class%.*}
|
||||
hash=${symset##*.}
|
||||
awk '
|
||||
BEGIN { FS = "\t" ; OFS = "\t" }
|
||||
{ sub(/0x0*/, "", $1)
|
||||
print krel "/" $1 "/" $2, class, hash }
|
||||
' krel="$krel" class="$class" hash="$hash" $symset
|
||||
done
|
||||
done
|
||||
|
||||
# vim:shiftwidth=4 softtabstop=4
|
@ -1,36 +1,35 @@
|
||||
# TO WHOM IT MAY CONCERN
|
||||
#
|
||||
# 1) Don't add patches, dist-git is the upstream repository for this package.
|
||||
# 2) When making changes, increment the version (in baserelease) by 1.
|
||||
# rpmdev-bumpspec and other tools update the macro below, which is used
|
||||
# in Version: to get the desired effect.
|
||||
%global baserelease 285
|
||||
# 2) When making changes, update version by +1, leave release alone.
|
||||
#
|
||||
|
||||
Summary: Red Hat specific rpm configuration files
|
||||
Name: redhat-rpm-config
|
||||
Version: %{baserelease}
|
||||
Version: 131
|
||||
Release: 1%{?dist}
|
||||
# config.guess, config.sub are GPL-3.0-or-later WITH Autoconf-exception-generic
|
||||
License: GPL-1.0-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic AND Boehm-GC
|
||||
# No version specified.
|
||||
License: GPL+
|
||||
Group: Development/System
|
||||
URL: https://src.fedoraproject.org/rpms/redhat-rpm-config
|
||||
|
||||
# Core rpm settings
|
||||
Source0: macros
|
||||
Source1: rpmrc
|
||||
|
||||
# kabi provides generator
|
||||
Source20: kabi.attr
|
||||
Source21: kabi.sh
|
||||
|
||||
# gcc specs files for hardened builds
|
||||
Source50: redhat-hardened-cc1
|
||||
Source51: redhat-hardened-ld
|
||||
Source52: redhat-hardened-ld-errors
|
||||
# clang config spec files
|
||||
Source53: redhat-hardened-clang.cfg
|
||||
Source54: redhat-hardened-clang-ld.cfg
|
||||
|
||||
# gcc specs files for annobin builds
|
||||
Source60: redhat-annobin-cc1
|
||||
Source61: redhat-annobin-select-gcc-built-plugin
|
||||
Source62: redhat-annobin-select-annobin-built-plugin
|
||||
Source63: redhat-annobin-plugin-select.sh
|
||||
Source52: redhat-annobin-cc1
|
||||
Source53: redhat-annobin-select-gcc-built-plugin
|
||||
Source54: redhat-annobin-select-annobin-built-plugin
|
||||
Source55: redhat-annobin-plugin-select.sh
|
||||
|
||||
# The macros defined by these files are for things that need to be defined
|
||||
# at srpm creation time when it is not feasible to require the base packages
|
||||
@ -42,17 +41,15 @@ Source102: macros.mono-srpm
|
||||
Source103: macros.nodejs-srpm
|
||||
Source104: macros.ldc-srpm
|
||||
Source105: macros.valgrind-srpm
|
||||
Source106: macros.java-srpm
|
||||
Source107: macros.gap-srpm
|
||||
|
||||
# Other misc macros
|
||||
Source150: macros.build-constraints
|
||||
Source151: macros.dwz
|
||||
Source152: macros.fedora-misc
|
||||
Source155: macros.ldconfig
|
||||
Source156: macros.vpath
|
||||
Source157: macros.shell-completions
|
||||
Source158: macros.rpmautospec
|
||||
Source150: macros.dwz
|
||||
Source151: macros.kmp
|
||||
Source152: macros.vpath
|
||||
Source153: macros.forge
|
||||
Source154: macros.ldconfig
|
||||
Source155: macros.kernel-srpm
|
||||
Source156: macros.fedora-misc
|
||||
|
||||
# Build policy scripts
|
||||
# this comes from https://github.com/rpm-software-management/rpm/pull/344
|
||||
@ -60,30 +57,34 @@ Source158: macros.rpmautospec
|
||||
# and an echo when the mangling happens
|
||||
Source201: brp-mangle-shebangs
|
||||
|
||||
# for converting llvm LTO bitcode objects into ELF
|
||||
Source204: brp-llvm-compile-lto-elf
|
||||
|
||||
# Dependency generator scripts (deprecated)
|
||||
Source300: find-provides
|
||||
Source301: find-provides.ksyms
|
||||
Source304: find-requires
|
||||
Source305: find-requires.ksyms
|
||||
Source308: firmware.prov
|
||||
Source309: modalias.prov
|
||||
|
||||
# Misc helper scripts
|
||||
Source400: dist.sh
|
||||
Source401: rpmsort
|
||||
Source402: symset-table
|
||||
Source403: kmodtool
|
||||
Source404: gpgverify
|
||||
|
||||
# Snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
|
||||
Source500: https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
|
||||
Source501: https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
|
||||
# 2016-10-02 snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
|
||||
Source500: config.guess
|
||||
Source501: config.sub
|
||||
|
||||
# Dependency generators & their rules
|
||||
Source600: kmod.attr
|
||||
Source601: kmod.prov
|
||||
Source602: libsymlink.attr
|
||||
|
||||
# BRPs
|
||||
Source700: brp-ldconfig
|
||||
Source701: brp-strip-lto
|
||||
|
||||
# Convenience lua functions
|
||||
Source800: common.lua
|
||||
Source701: brp-kmod-set-exec-bit
|
||||
Source702: brp-kmod-restore-perms
|
||||
|
||||
# Documentation
|
||||
Source900: buildflags.md
|
||||
@ -93,36 +94,20 @@ BuildRequires: perl-generators
|
||||
Requires: coreutils
|
||||
|
||||
Requires: efi-srpm-macros
|
||||
Requires: fonts-srpm-macros
|
||||
# ↓ Provides macros.forge and forge.lua originally shipped by us
|
||||
Requires: forge-srpm-macros
|
||||
Requires: ghc-srpm-macros
|
||||
Requires: go-srpm-macros
|
||||
# ↓ Provides kmod.attr originally shipped by us
|
||||
Requires: kernel-srpm-macros >= 1.0-12
|
||||
Requires: lua-srpm-macros
|
||||
Requires: ocaml-srpm-macros
|
||||
Requires: openblas-srpm-macros
|
||||
Requires: perl-srpm-macros
|
||||
# ↓ Has Python BRPs originaly present in redhat-rpm-config
|
||||
Requires: python-srpm-macros >= 3.11-7
|
||||
Requires: qt6-srpm-macros
|
||||
Requires: python-srpm-macros
|
||||
Requires: python3-rpm-macros
|
||||
Requires: rust-srpm-macros
|
||||
Requires: package-notes-srpm-macros
|
||||
Requires: pyproject-srpm-macros
|
||||
|
||||
%if ! 0%{?rhel}
|
||||
Requires: ansible-srpm-macros
|
||||
Requires: fpc-srpm-macros
|
||||
Requires: ghc-srpm-macros
|
||||
Requires: gnat-srpm-macros
|
||||
Requires: qt5-srpm-macros
|
||||
Requires: zig-srpm-macros
|
||||
%endif
|
||||
|
||||
Requires: rpm >= 4.11.0
|
||||
Requires: dwz >= 0.4
|
||||
Requires: zip
|
||||
Requires: (annobin-plugin-gcc if gcc)
|
||||
Requires: (annobin if gcc)
|
||||
Requires: (gcc-plugin-annobin if gcc)
|
||||
|
||||
# for brp-mangle-shebangs
|
||||
@ -132,15 +117,13 @@ Requires: %{_bindir}/grep
|
||||
Requires: %{_bindir}/sed
|
||||
Requires: %{_bindir}/xargs
|
||||
|
||||
# for brp-llvm-compile-lto-elf
|
||||
Requires: (llvm if clang)
|
||||
Requires: (gawk if clang)
|
||||
# iconv modules have been split out of glibc into a separate package (#1971664)
|
||||
# so let's ensure packages that require them at build time but haven't yet
|
||||
# added an explicit BuildRequires will continue to work (#2013328)
|
||||
Requires: glibc-gconv-extra
|
||||
|
||||
# -fstack-clash-protection and -fcf-protection require GCC 8.
|
||||
Conflicts: gcc < 8.0.1-0.22
|
||||
|
||||
# Replaced by macros.rpmautospec shipped by us
|
||||
Obsoletes: rpmautospec-rpm-macros < 0.6.3-2
|
||||
Conflicts: gcc < 8
|
||||
|
||||
Provides: system-rpm-config = %{version}-%{release}
|
||||
|
||||
@ -149,6 +132,16 @@ Provides: system-rpm-config = %{version}-%{release}
|
||||
%description
|
||||
Red Hat specific rpm configuration files.
|
||||
|
||||
%package -n kernel-rpm-macros
|
||||
Summary: Macros and scripts for building kernel module packages.
|
||||
Requires: redhat-rpm-config >= 13
|
||||
|
||||
# for brp-kmod-set-exec-bit
|
||||
Requires: %{_bindir}/find
|
||||
|
||||
%description -n kernel-rpm-macros
|
||||
Macros and scripts for building kernel module packages.
|
||||
|
||||
%prep
|
||||
# Not strictly necessary but allows working on file names instead
|
||||
# of source numbers in install section
|
||||
@ -161,12 +154,13 @@ install -p -m 644 -t %{buildroot}%{rrcdir} macros rpmrc
|
||||
install -p -m 444 -t %{buildroot}%{rrcdir} redhat-hardened-*
|
||||
install -p -m 444 -t %{buildroot}%{rrcdir} redhat-annobin-*
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} config.*
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh rpmsort symset-table kmodtool
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} gpgverify
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
|
||||
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} find-*
|
||||
mkdir -p %{buildroot}%{rrcdir}/find-provides.d
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir}/find-provides.d firmware.prov modalias.prov
|
||||
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
|
||||
|
||||
@ -175,13 +169,18 @@ install -p -m 644 -t %{buildroot}%{_rpmconfigdir}/macros.d macros.*
|
||||
|
||||
mkdir -p %{buildroot}%{_fileattrsdir}
|
||||
install -p -m 644 -t %{buildroot}%{_fileattrsdir} *.attr
|
||||
install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov
|
||||
|
||||
mkdir -p %{buildroot}%{_rpmluadir}/fedora/{rpm,srpm}
|
||||
install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
|
||||
install -p -m 644 %{SOURCE20} %{buildroot}%{_fileattrsdir}/kabi.attr
|
||||
install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
|
||||
|
||||
# This trigger is used to decide which version of the annobin plugin for gcc
|
||||
# should be used. See comments in the script for full details.
|
||||
#
|
||||
# Note: for RHEL the rpm containing the annobin built plugin is called
|
||||
# "annobin", whereas in Fedora it is called "annobin-plugin-gcc". This is
|
||||
# for historical reasons and will change with the introduction of RHEL-10.
|
||||
#
|
||||
# Note - whilst "gcc-plugin-annobin" requires "gcc" and hence in theory we
|
||||
# do not need to trigger on "gcc", the redhat-annobin-plugin-select.sh
|
||||
# script invokes gcc to determine the version of the gcc plugin, and this
|
||||
@ -211,16 +210,15 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
|
||||
#
|
||||
# Hence it is necessary to trigger on both gcc and gcc-plugin-annobin.
|
||||
|
||||
%triggerin -- annobin-plugin-gcc gcc-plugin-annobin gcc
|
||||
%triggerin -- annobin gcc-plugin-annobin gcc
|
||||
%{rrcdir}/redhat-annobin-plugin-select.sh
|
||||
%end
|
||||
|
||||
# We also trigger when an annobin plugin is uninstalled. This allows us to
|
||||
# switch over to the other version of the plugin. Note - we do not bother
|
||||
# triggering on the uninstallation of "gcc", since if that is removed, the
|
||||
# plugins are rendered useless.
|
||||
# We also trigger when an annobin plugin is uninstalled. This allows us to switch
|
||||
# over to the other version of the plugin. It does not matter if
|
||||
# gcc is uninstalled, since if that happens the plugin cannot be used.
|
||||
|
||||
%triggerpostun -- annobin-plugin-gcc gcc-plugin-annobin
|
||||
%triggerpostun -- annobin gcc-plugin-annobin
|
||||
%{rrcdir}/redhat-annobin-plugin-select.sh
|
||||
%end
|
||||
|
||||
@ -228,7 +226,8 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
|
||||
%dir %{rrcdir}
|
||||
%{rrcdir}/macros
|
||||
%{rrcdir}/rpmrc
|
||||
%{rrcdir}/brp-*
|
||||
%{rrcdir}/brp-mangle-shebangs
|
||||
%{rrcdir}/brp-ldconfig
|
||||
%{rrcdir}/dist.sh
|
||||
%{rrcdir}/gpgverify
|
||||
%{rrcdir}/redhat-hardened-*
|
||||
@ -238,18 +237,15 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
|
||||
%{rrcdir}/find-requires
|
||||
%{rrcdir}/brp-ldconfig
|
||||
%{_fileattrsdir}/*.attr
|
||||
%{_rpmconfigdir}/kmod.prov
|
||||
%{_rpmconfigdir}/macros.d/macros.*-srpm
|
||||
%{_rpmconfigdir}/macros.d/macros.build-constraints
|
||||
%{_rpmconfigdir}/macros.d/macros.dwz
|
||||
%{_rpmconfigdir}/macros.d/macros.fedora-misc
|
||||
%{_rpmconfigdir}/macros.d/macros.forge
|
||||
%{_rpmconfigdir}/macros.d/macros.ldconfig
|
||||
%{_rpmconfigdir}/macros.d/macros.rpmautospec
|
||||
%{_rpmconfigdir}/macros.d/macros.shell-completions
|
||||
%{_rpmconfigdir}/macros.d/macros.vpath
|
||||
%dir %{_rpmluadir}/fedora
|
||||
%dir %{_rpmluadir}/fedora/srpm
|
||||
%dir %{_rpmluadir}/fedora/rpm
|
||||
%{_rpmluadir}/fedora/*.lua
|
||||
%{_rpmconfigdir}/macros.d/macros.kernel-srpm
|
||||
%{_rpmconfigdir}/macros.d/macros.fedora-misc
|
||||
%{_rpmconfigdir}/kabi.sh
|
||||
|
||||
%attr(0755,-,-) %{rrcdir}/redhat-annobin-plugin-select.sh
|
||||
%verify(owner group mode) %{rrcdir}/redhat-annobin-cc1
|
||||
@ -258,601 +254,129 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
|
||||
|
||||
%doc buildflags.md
|
||||
|
||||
%files -n kernel-rpm-macros
|
||||
%dir %{rrcdir}/find-provides.d
|
||||
%{rrcdir}/brp-kmod-set-exec-bit
|
||||
%{rrcdir}/brp-kmod-restore-perms
|
||||
%{rrcdir}/kmodtool
|
||||
%{rrcdir}/rpmsort
|
||||
%{rrcdir}/symset-table
|
||||
%{rrcdir}/find-provides.ksyms
|
||||
%{rrcdir}/find-requires.ksyms
|
||||
%{rrcdir}/find-provides.d/firmware.prov
|
||||
%{rrcdir}/find-provides.d/modalias.prov
|
||||
%{_rpmconfigdir}/macros.d/macros.kmp
|
||||
|
||||
%changelog
|
||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 285-1
|
||||
- Bump release for June 2024 mass rebuild
|
||||
* Wed Feb 08 2023 Nick Clifton <nickc@redhat.com> - 131-1
|
||||
- Fix triggers for the installation and removal of gcc-plugin-annobin. (#2168233)
|
||||
|
||||
* Tue Jun 18 2024 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 284-1
|
||||
- Use --config=xxx for clang configs instead of two separate arguments to work
|
||||
around a bug in meson
|
||||
- Add clang link config file
|
||||
* Tue Apr 05 2022 Nick Clifton <nickc@redhat.com> = 130-1
|
||||
- Select between gcc-built and annobin-built versions of the annobin plugin.
|
||||
(#2067153)
|
||||
|
||||
* Mon Jun 17 2024 Florian Weimer <fweimer@redhat.com> - 283-1
|
||||
- Switch back to traditional Version: management (RHEL-42436)
|
||||
* Wed Mar 23 2022 Michal Domonkos <mdomonko@redhat.com> - 129-1
|
||||
- Fix handling of files without newlines in brp-mangle-shebang (#2063036)
|
||||
|
||||
* Fri Jun 7 2024 Florian Weimer <fweimer@redhat.com> - 282-4
|
||||
- Enable DT_RELR on aarch64 (RHEL-40379)
|
||||
* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 128-1
|
||||
- modalias.prov: handle compressed kmods, sanitise alias/version strings
|
||||
(#1976000)
|
||||
|
||||
* Wed May 22 2024 Florian Weimer <fweimer@redhat.com> - 282-3
|
||||
- Drop ghc-srpm-macros dependency
|
||||
* Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 127-1
|
||||
- Add Requires: glibc-gconv-extras to cover for the split (#2013328)
|
||||
|
||||
* Fri May 10 2024 Florian Weimer <fweimer@redhat.com> - 282-2
|
||||
- Enable GNU2 TLS descriptors on x86-64 (GCC only) (RHEL-25031)
|
||||
* Mon Nov 29 2021 Florian Weimer <fweimer@redhat.com> - 126-1
|
||||
- buildflags.md: Documentation updates (#2005079)
|
||||
|
||||
* Tue Feb 06 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 282-1
|
||||
- Loosen rust-srpm-macros requirement
|
||||
* Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
|
||||
- Add missing macros.fedora-misc file (#1874576)
|
||||
|
||||
* Mon Feb 05 2024 Jonathan Wright <jonathan@almalinux.org> - 281-1
|
||||
- simplify microarch macros for x86_64
|
||||
* Mon Nov 09 2020 Florian Festi <ffesti@redhat.com> - 124-1
|
||||
- Add macros.kernel-srpm (#1874578)
|
||||
- Added gpgverify (#1874576)
|
||||
|
||||
* Tue Jan 16 2024 Florian Weimer <fweimer@redhat.com> - 280-1
|
||||
- Drop -fcf-protection for i686 because there won't be kernel support
|
||||
* Tue Jun 16 2020 Florian Festi <ffesti@redhat.com> - 123-1
|
||||
- Update kmod.prov for better performance (#1794491)
|
||||
- Backport performance improvements for brp-mangle-shebangs (#1794779)
|
||||
|
||||
* Tue Jan 16 2024 Nils Philippsen <nils@redhat.com> - 279-1
|
||||
- Obsolete rpmautospec-rpm-macros without version
|
||||
* Mon Feb 24 2020 Michal Domonkos <mdomonko@redhat.com> - 122-1
|
||||
- Fix argument shift in %%__brp_python_bytecompile (#1724567)
|
||||
|
||||
* Mon Jan 15 2024 Nick Clifton <nickc@redhat.com> - 278-1
|
||||
- Add hardening feature to convert linker warning messages into errors.
|
||||
- https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues
|
||||
* Tue Nov 26 2019 Eugene Syromiatnikov <esyr@redhat.com> - 121-1
|
||||
- macros.kmp: add post-install hooks for kmod processing (#1664478, #1673200)
|
||||
|
||||
* Mon Jan 15 2024 Florian Weimer <fweimer@redhat.com> - 277-1
|
||||
- Switch C type safety level to 3 (GCC 14 default), and adjust for GCC 14
|
||||
* Thu Jul 04 2019 Florian Festi <ffesti@redhat.com> - 120-1
|
||||
- Fix permission for various build scripts (#1719363)
|
||||
|
||||
* Thu Jan 11 2024 Jan Grulich <jgrulich@redhat.com> - 276-1
|
||||
- Drop qt5-srpm-macros from RHEL 10
|
||||
* Tue Jun 04 2019 Florian Festi <ffesti@redhat.com> - 119-1
|
||||
- Remove -eu param from shell scripts (#1686413)
|
||||
|
||||
* Fri Jan 05 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 275-1
|
||||
- Define RUSTFLAGS only when rust macros are installed
|
||||
* Mon May 20 2019 Florian Weimer <fweimer@redhat.com> - 118-1
|
||||
- Build flags: Add support for extension builders (#1661186)
|
||||
|
||||
* Wed Jan 3 2024 Florian Weimer <fweimer@redhat.com> - 274-1
|
||||
- Missing packed relative relocation support on aarch64, s390x (#2256645)
|
||||
* Wed Apr 17 2019 Panu Matilainen <pmatilai@redhat.com> - 117-1
|
||||
- Add s390x to valgrind supported architectures (#1659106)
|
||||
|
||||
* Tue Jan 2 2024 Florian Weimer <fweimer@redhat.com> - 273-1
|
||||
- Pack relative ELF relocations by default
|
||||
* Wed Feb 06 2019 Eugene Syromiatnikov <esyr@redhat.com> - 116-1
|
||||
- Forward-port RHEL-specific kmodtool/macros.kmp changes from RHEL 7,
|
||||
update kmodtool script for RHEL 8 (#1658414, #1666162)
|
||||
|
||||
* Tue Dec 26 2023 Jan Drögehoff <sentrycraft123@gmail.com> - 272-1
|
||||
- Add zig-srpm-macros
|
||||
* Sat Sep 15 2018 Eugene Syromiatnikov <esyr@redhat.com> - 115-1
|
||||
- Revert back to usage of join in find-requires.ksym:mod_requires()
|
||||
as generated "Requires:" and "Provides:" lists have different format
|
||||
and unsuitable for processing with comm (#1622016)
|
||||
|
||||
* Fri Nov 03 2023 Stephen Gallagher <sgallagh@redhat.com> - 271-1
|
||||
- ELN: Enable frame pointers for RHEL 11+ (for now)
|
||||
* Fri Aug 24 2018 Eugene Syromiatnikov <esyr@redhat.com> - 114-1
|
||||
- Add support for compressed kernel modules to find-provides,
|
||||
find-provides.ksyms, find-requires, find-requires.ksyms, firmware.prov
|
||||
(#1622019)
|
||||
|
||||
* Thu Oct 5 2023 Florian Weimer <fweimer@redhat.com> - 270-1
|
||||
- Disable -fstack-clash-protection on riscv64 (#2242327)
|
||||
* Mon Aug 20 2018 Eugene Syromiatnikov <esyr@redhat.com> - 113-1
|
||||
- Fix generation for kernel module symbol version dependencies for the case
|
||||
when module depends on the symbol with the same name as one present in kernel
|
||||
but a different version (#1622016)
|
||||
|
||||
* Thu Oct 5 2023 Nikita Popov <npopov@redhat.com> - 269-1
|
||||
- Use correct format specifier in brp-llvm-compile-lto-elf
|
||||
* Mon Aug 13 2018 Eugene Syromiatnikov <esyr@redhat.com> - 112-1
|
||||
- Re-instantiate support for old symvers path (#1571186)
|
||||
|
||||
* Fri Sep 29 2023 Nikita Popov <npopov@redhat.com> - 268-1
|
||||
- Fix brp-llvm-compile-lto-elf parallelism with hardlinks (#2234024)
|
||||
* Mon Aug 13 2018 Eugene Syromiatnikov <esyr@redhat.com> - 111-1
|
||||
- Add dependency generator for kABI provides (#1571186)
|
||||
|
||||
* Tue Sep 26 2023 Florian Weimer <fweimer@redhat.com> - 267-1
|
||||
- Switch %%build_type_safety_c to 1 (#2142177)
|
||||
* Thu Aug 9 2018 Marek Polacek <polacek@redhat.com> - 110-1
|
||||
- Use -march=z13 -mtune=z14 for s390{,x} (#1573944)
|
||||
- Drop s390x from %%{valgrind_arches}
|
||||
|
||||
* Thu Sep 07 2023 Maxwell G <maxwell@gtmx.me> - 266-1
|
||||
- Split out forge macros to forge-srpm-macros package
|
||||
|
||||
* Tue Aug 29 2023 Florian Weimer <fweimer@redhat.com> - 265-1
|
||||
- Add support for x86_64_v2, x86_64_v3, x86_64_v4 (#2233093)
|
||||
|
||||
* Tue Aug 22 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 264-1
|
||||
- Add macros.rpmautospec
|
||||
|
||||
* Mon Aug 21 2023 Miroslav Suchy <msuchy@redhat.com> - 263-1
|
||||
- Migrate to SPDX
|
||||
|
||||
* Wed Aug 02 2023 Charalampos Stratakis <cstratak@redhat.com> - 262-1
|
||||
- Strip all extension builder flags except -fexceptions and -fcf-protection
|
||||
- https://fedoraproject.org/wiki/Changes/Python_Extension_Flags_Reduction
|
||||
|
||||
* Fri Jul 7 2023 Florian Weimer <fweimer@redhat.com> - 261-1
|
||||
- Fix warnings that appear during the build of the llvm package
|
||||
|
||||
* Wed Jul 5 2023 Florian Weimer <fweimer@redhat.com> - 260-1
|
||||
- Implement the %%build_type_safety_c macro (#2218019)
|
||||
|
||||
* Wed Jul 5 2023 Florian Weimer <fweimer@redhat.com> - 259-1
|
||||
- Filter out C, C++ build flags from Fortran build flags (#2177253)
|
||||
|
||||
* Wed Jul 5 2023 Florian Weimer <fweimer@redhat.com> - 258-1
|
||||
- Enable PIC mode for assembler files (#2167430)
|
||||
|
||||
* Wed Jul 05 2023 Frederic Berat <fberat@redhat.com> - 257-1
|
||||
- update config.{guess,sub} to gnuconfig git HEAD
|
||||
|
||||
* Sat Jun 17 2023 Tom Stellard <tstellar@redhat.com> - 256-1
|
||||
- Remove -fno-openmp-implicit-rpath from clang ldflags
|
||||
|
||||
* Fri Jun 16 2023 Lumír Balhar <lbalhar@redhat.com> - 255-1
|
||||
- Add qt6-srpm-macros
|
||||
|
||||
* Thu Mar 9 2023 Florian Weimer <fweimer@redhat.com> - 254-1
|
||||
- Switch ELN to x86-64-v3
|
||||
|
||||
* Tue Feb 28 2023 Maxwell G <gotmax@e.email> - 253-1
|
||||
- Include RUSTFLAGS in %%set_build_flags
|
||||
- Fixes: rhbz#2167183
|
||||
|
||||
* Tue Feb 28 2023 Tom Stellard <tstellar@redhat.com> - 252-1
|
||||
- Rename _pkg_extra_* macros to _distro_extra_*
|
||||
|
||||
* Thu Feb 23 2023 Miro Hrončok <mhroncok@redhat.com> - 251-1
|
||||
- Drop the requirement of orphaned nim-srpm-macros
|
||||
- No Fedora package uses the %%nim_arches macro
|
||||
|
||||
* Tue Feb 14 2023 Frederic Berat <fberat@redhat.com> - 250-1
|
||||
- update config.{guess,sub} to gnuconfig git HEAD
|
||||
|
||||
* Thu Feb 09 2023 Jerry James <loganjerry@gmail.com> - 249-1
|
||||
- Add macros.gap-srpm
|
||||
|
||||
* Tue Feb 07 2023 Tom Stellard <tstellar@redhat.com> - 248-1
|
||||
- Add %%pkg_extra_* macros
|
||||
|
||||
* Mon Feb 06 2023 Nick Clifton <nickc@redhat.com> - 247-1
|
||||
- Fix triggers for the installation and removal of gcc-plugin-annobin.
|
||||
Fixes: rhbz#2124562
|
||||
|
||||
* Tue Jan 17 2023 Miro Hrončok <mhroncok@redhat.com> - 246-1
|
||||
- Add pyproject-srpm-macros to the default buildroot
|
||||
|
||||
* Tue Jan 17 2023 Davide Cavalca <dcavalca@fedoraproject.org> - 245-1
|
||||
- Do not include frame pointers on ppc64le for now
|
||||
Fixes: rhbz#2161595
|
||||
|
||||
* Mon Jan 16 2023 Tom Stellard <tstellar@redhat.com> - 244-1
|
||||
- Make -flto=thin the default lto flag for clang
|
||||
|
||||
* Mon Jan 16 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 243-1
|
||||
- Consolidate the _FORTIFY_SOURCE switches.
|
||||
|
||||
* Fri Jan 13 2023 Miro Hrončok <mhroncok@redhat.com> - 242-1
|
||||
- Don't use %%[ ] expressions with %%{undefined}
|
||||
- Fixes: rhbz#2160716
|
||||
|
||||
* Thu Jan 12 2023 Stephen Gallagher <sgallagh@redhat.com> - 241-1
|
||||
- Do not include frame pointers on RHEL
|
||||
|
||||
* Tue Jan 10 2023 Davide Cavalca <dcavalca@fedoraproject.org> - 240-1
|
||||
- Do not include frame pointers on i686 and s390x for now
|
||||
|
||||
* Wed Jan 4 2023 Davide Cavalca <dcavalca@fedoraproject.org> - 239-1
|
||||
- Enable frame pointers by default
|
||||
- Set arch specific flags for frame pointers support
|
||||
|
||||
* Tue Jan 3 2023 Miro Hrončok <mhroncok@redhat.com> - 238-1
|
||||
- Set %%source_date_epoch_from_changelog to 1
|
||||
- https://fedoraproject.org/wiki/Changes/ReproducibleBuildsClampMtimes
|
||||
|
||||
* Tue Jan 3 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 237-1
|
||||
- Make _FORTIFY_SOURCE configurable and bump default to 3.
|
||||
|
||||
* Wed Dec 28 2022 Davide Cavalca <dcavalca@fedoraproject.org> - 236-1
|
||||
- Add conditional support for always including frame pointers
|
||||
|
||||
* Sat Dec 10 2022 Florian Weimer <fweimer@redhat.com> - 235-1
|
||||
- Add %%_configure_use_runstatedir to disable --runstatedir configure option
|
||||
|
||||
* Fri Nov 4 2022 Tom Stellard <tstellar@redhat.com> - 234-1
|
||||
- Remove unsupported arches from rpmrc
|
||||
|
||||
* Fri Nov 4 2022 Florian Weimer <fweimer@redhat.com> - 233-1
|
||||
- Set -g when building Vala applications
|
||||
|
||||
* Fri Sep 23 2022 Timm Bäder <tbaeder@redhat.com> - 232-1
|
||||
- Fix brp-compile-lto-elf to not rely on a backtracking regex
|
||||
|
||||
* Thu Sep 08 2022 Maxwell G <gotmax@e.email> - 231-1
|
||||
- forge macros: Support Sourcehut. Fixes rhbz#2035935.
|
||||
|
||||
* Tue Aug 30 2022 Frederic Berat <fberat@redhat.com> - 230-1
|
||||
- Add support for runstatedir in %%configure
|
||||
|
||||
* Fri Aug 26 2022 Dan Horák <dan[at]danny.cz> - 229-1
|
||||
- Move the baseline s390x arch to z13 for F-38+
|
||||
|
||||
* Mon Aug 8 2022 Maxwell G <gotmax@e.email> - 228-1
|
||||
- Add macros.shell-completions
|
||||
|
||||
* Fri Aug 05 2022 Nikita Popov <npopov@redhat.com> - 227-1
|
||||
- brp-llvm-compile-lto-elf: Pass -r to xargs
|
||||
|
||||
* Wed Jun 22 2022 Timm Bäder <tbaeder@redhat.com> - 226-1
|
||||
- Move llvm_compile_lto_to_elf before __debug_install_post
|
||||
|
||||
* Fri Jun 17 2022 Nick Clifton <nickc@redhat.com> - 225-1
|
||||
- Add definition of _find_debuginfo_extra_opts which will
|
||||
- move annobin data into a separate debuginfo file.
|
||||
|
||||
* Tue Jun 14 2022 Tom Stellard <tstellar@redhat.com> - 224-1
|
||||
- Fix passing of CFLAGS to brp-llvm-compile-lto-elf
|
||||
|
||||
* Fri May 27 2022 Tom Stellard <tstellar@redhat.com> - 223-1
|
||||
- Move -fno-openmp-implicit-rpath option from CFLAGS to LDFLAGS
|
||||
|
||||
* Fri May 27 2022 Florian Weimer <fweimer@redhat.com> - 222-1
|
||||
- Use %%baserelease to store the version number
|
||||
|
||||
* Fri May 27 2022 Frederic Berat <fberat@redhat.com> - 221-1
|
||||
- update config.{guess,sub} to gnuconfig git HEAD
|
||||
|
||||
* Tue May 17 2022 Maxwell G <gotmax@e.email> - 220-1
|
||||
- Add `Requires: ansible-srpm-macros`
|
||||
|
||||
* Tue May 17 2022 Miro Hrončok <mhroncok@redhat.com> - 219-2
|
||||
- Remove a tab character from the definition of %%__global_compiler_flags
|
||||
- Fixes: rhbz#2083296
|
||||
|
||||
* Tue May 10 2022 Mikolaj Izdebski <mizdebsk@redhat.com> - 219-1
|
||||
- Add java_arches macro
|
||||
|
||||
* Wed Apr 20 2022 Timm Bäder <tbaeder@redhat.com> - 218-1
|
||||
- Parallelize bpr-llvm-compile-lto-elf
|
||||
|
||||
* Tue Apr 19 2022 Tom Stellard <tstellar@redhat.com> - 217-1
|
||||
- Add -fno-openmp-implicit-rpath when building with clang
|
||||
|
||||
* Wed Apr 13 2022 Nick Clifton <nickc@redhat.com> - 216-1
|
||||
- Add support for comparing gcc-built and annobin-built plugins.
|
||||
|
||||
* Mon Feb 21 2022 Timm Bäder <tbaeder@redhat.com> - 215-1
|
||||
- Add %%__brp_remove_la_files to %%__os_install_post
|
||||
|
||||
* Thu Feb 10 2022 Florian Weimer <fweimer@redhat.com> - 214-1
|
||||
- ppc64le: Switch baseline to POWER9 on ELN (ELN issue 78)
|
||||
|
||||
* Thu Feb 10 2022 Florian Weimer <fweimer@redhat.com> - 213-1
|
||||
- s390x: Switch baseline to z14 on ELN (ELN issue 79)
|
||||
|
||||
* Sun Jan 23 2022 Robert-André Mauchin <zebob.m@gmail.com> - 212-1
|
||||
- Add package note generation to %%check preamble
|
||||
- Fix: rhbz#2043977
|
||||
|
||||
* Fri Jan 21 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 211-1
|
||||
- Move package note generation to build preamble
|
||||
- Do ELF package notes also on ELN
|
||||
|
||||
* Thu Jan 20 2022 Miro Hrončok <mhroncok@redhat.com> - 210-1
|
||||
- Remove package ELF note from the extension LDFLAGS
|
||||
- Related: rhbz#2043092
|
||||
- Fix %%set_build_flags when %%_generate_package_note_file is not defined
|
||||
- Fixes: rhbz#2043166
|
||||
|
||||
* Thu Jan 13 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 209-1
|
||||
- Add package ELF note to the default LDFLAGS
|
||||
|
||||
* Tue Jan 04 2022 Tom Stellard <tstellar@redhat.com> - 208-1
|
||||
- Call %%set_build_flags before %%build, %%check, and %%install stages
|
||||
|
||||
* Tue Dec 14 2021 Tom Stellard <tstellar@redhat.com> - 207-1
|
||||
- Add -Wl,--build-id=sha1 to the default LDFLAGS
|
||||
|
||||
* Tue Dec 07 2021 Miro Hrončok <mhroncok@redhat.com> - 206-1
|
||||
- brp-mangle-shebangs: also mangle shebangs of JavaScript executables
|
||||
- Fixes: rhbz#1998924
|
||||
|
||||
* Thu Nov 18 2021 Michal Domonkos <mdomonko@redhat.com> - 205-1
|
||||
- Drop kernel-rpm-macros subpackage & kmod.attr (new home: kernel-srpm-macros)
|
||||
|
||||
* Tue Nov 16 2021 Miro Hrončok <mhroncok@redhat.com> - 204-1
|
||||
- Don't pull in Python to all buildroots
|
||||
- Remove llvm-lto-elf-check script
|
||||
|
||||
* Tue Nov 09 2021 Michal Domonkos <mdomonko@redhat.com> - 203-1
|
||||
- Drop {fpc,gnat,nim}-srpm-macros dependencies on RHEL
|
||||
|
||||
* Wed Nov 03 2021 David Benoit <dbenoit@redhat.com> - 202-1
|
||||
- Add llvm-lto-elf-check script
|
||||
- Resolves: rhbz#2017193
|
||||
|
||||
* Mon Nov 01 2021 Jason L Tibbitts III <j@tib.bs> - 201-1
|
||||
- Better error handling for %%constrain_build.
|
||||
|
||||
* Mon Oct 18 2021 Jason L Tibbitts III <j@tib.bs> - 200-1
|
||||
- Add %%constrain_build macro.
|
||||
|
||||
* Tue Sep 21 2021 Tom Stellard <tstellar@redhat.com> - 199-1
|
||||
- Drop annobin-plugin-clang dependency
|
||||
|
||||
* Mon Aug 30 2021 Florian Weimer <fweimer@redhat.com> - 198-1
|
||||
- ELN: Enable -march=x86-64-v2 for Clang as well
|
||||
|
||||
* Tue Aug 17 2021 Tom Stellard <tstellar@redhat.com> - 197-1
|
||||
- Add build_ preifix to cc, cxx, and cpp macros
|
||||
|
||||
* Mon Aug 16 2021 Tom Stellard <tstellar@redhat.com> - 196-1
|
||||
- Add cc, cxx, and cpp macros
|
||||
|
||||
* Sun Aug 15 2021 Michel Alexandre Salim <salimma@fedoraproject.org> - 195-1
|
||||
- Fix macros.build-constraints' %%limit_build
|
||||
- number of CPUs will never be set to less than 1
|
||||
- this now outputs build flag overrides to be used with %%make_build etc.
|
||||
- add documentation
|
||||
|
||||
* Mon Aug 2 2021 Florian Weimer <fweimer@redhat.com> - 194-1
|
||||
- Active GCC plugin during LTO linking
|
||||
|
||||
* Sat Jul 24 2021 Michel Alexandre Salim <salimma@fedoraproject.org> - 193-1
|
||||
- Add macros.build-constraints
|
||||
- Keep the misc macros in alphabetical order
|
||||
|
||||
* Sat Jul 10 2021 Neal Gompa <ngompa13@gmail.com> - 192-1
|
||||
- Make vpath builddir not include arch-specific info
|
||||
|
||||
* Thu Jul 01 2021 Miro Hrončok <mhroncok@redhat.com> - 191-1
|
||||
- Require python-srpm-macros with Python related BuildRoot Policy scripts
|
||||
|
||||
* Wed Jun 30 2021 Miro Hrončok <mhroncok@redhat.com> - 190-1
|
||||
- Move Python related BuildRoot Policy scripts from redhat-rpm-config to python-srpm-macros
|
||||
|
||||
* Mon Jun 28 2021 Ben Burton <bab@debian.org> - 189-1
|
||||
- Adapt macros and BRP scripts for %%topdir with spaces
|
||||
- Fixes rhbz#1947416
|
||||
|
||||
* Tue Jun 22 2021 Panu Matilainen <pmatilai@redhat.com> - 188-1
|
||||
- Drop reference to now extinct brp-python-hardlink script
|
||||
|
||||
* Tue Jun 8 2021 Stephen Coady <scoady@redhat.com> - 187-1
|
||||
- Add Requires: rpmautospec-rpm-macros
|
||||
|
||||
* Mon May 31 2021 Charalampos Stratakis <cstratak@redhat.com> - 186-1
|
||||
- Enable RPATH check after %%install
|
||||
- Part of https://fedoraproject.org/wiki/Changes/Broken_RPATH_will_fail_rpmbuild
|
||||
- Resolves: rhbz#1964548
|
||||
|
||||
* Wed May 26 2021 Arjun Shankar <arjun@redhat.com> - 185-1
|
||||
- Disable annobin on armv7hl
|
||||
|
||||
* Mon Apr 12 2021 David Benoit <dbenoit@redhat.com> - 184-1
|
||||
- Change 'Requires: annobin' to 'Requires: annobin-plugin-gcc'.
|
||||
|
||||
* Tue Apr 6 2021 David Benoit <dbenoit@redhat.com> - 183-1
|
||||
- BRP: LLVM Compile LTO Bitcode to ELF
|
||||
- Add Requires: (llvm if clang)
|
||||
|
||||
* Mon Mar 22 2021 Lumír Balhar <lbalhar@redhat.com> - 182-1
|
||||
- Fix handling of files without newlines in brp-mangle-shebang
|
||||
|
||||
* Wed Mar 10 2021 Kalev Lember <klember@redhat.com> - 181-1
|
||||
- BRP Python Bytecompile: Avoid hardcoding /usr/bin prefix for python
|
||||
|
||||
* Tue Jan 19 2021 Florian Weimer <fweimer@redhat.com> - 180-1
|
||||
- Use -march=x86-64-v2 only for the gcc toolchain
|
||||
|
||||
* Tue Jan 19 2021 Florian Weimer <fweimer@redhat.com> - 179-1
|
||||
- x86_64: Enable -march=x86-64-v2 for ELN, following GCC.
|
||||
|
||||
* Sun Nov 29 2020 Miro Hrončok <mhroncok@redhat.com> - 178-1
|
||||
- BRP Python Bytecompile: Also detect Python files in /app/lib/pythonX.Y
|
||||
|
||||
* Tue Oct 27 2020 Tom Stellard <tstellar@redhat.com> - 177-1
|
||||
- Add back -fcf-protection flag for x86_64
|
||||
|
||||
* Tue Oct 20 2020 Florian Weimer <fweimer@redhat.com> - 176-1
|
||||
- s390x: Tune for z14 (as in Red Hat Enterprise Linux 8)
|
||||
|
||||
* Mon Oct 5 2020 Florian Weimer <fweimer@redhat.com> - 175-1
|
||||
- s390x: Switch Fedora ELN to z13 baseline
|
||||
|
||||
* Fri Sep 11 2020 Miro Hrončok <mhroncok@redhat.com> - 172-1
|
||||
- Filter out LTO flags from %%extension flags macros
|
||||
- Fixes: rhbz#1877652
|
||||
|
||||
* Wed Sep 2 2020 Michel Alexandre Salim <salimma@fedoraproject.org> - 171-1
|
||||
- Add Requires: lua-srpm-macros
|
||||
|
||||
* Fri Aug 21 2020 Tom Stellard <tstellar@redhat.com> - 170-1
|
||||
- Enable -fstack-clash-protection for clang on x86, s390x, and ppc64le
|
||||
|
||||
* Thu Aug 20 2020 Tom Stellard <tstellar@redhat.com> - 169-1
|
||||
- Add -flto to ldflags for clang toolchain
|
||||
|
||||
* Thu Aug 20 2020 Neal Gompa <ngompa13@gmail.com> - 168-1
|
||||
- Fix CC/CXX exports so arguments are included in exported variable
|
||||
- Allow overrides of CC/CXX like CFLAGS and CXXFLAGS from shell variables
|
||||
|
||||
* Mon Aug 03 2020 Troy Dawson <tdawson@redhat.com> - 167-1
|
||||
- Add Requires: kernel-srpm-macros
|
||||
|
||||
* Thu Jul 30 2020 Jeff Law <law@redhat.com> - 166-1
|
||||
- Use -flto=auto for GCC to speed up builds
|
||||
|
||||
* Tue Jul 28 2020 Tom Stellard <tstellar@redhat.com> - 165-1
|
||||
- Only use supported lto flags for clang toolchain
|
||||
|
||||
* Thu Jul 23 2020 Lumír Balhar <lbalhar@redhat.com> - 164-1
|
||||
- Disable Python hash seed randomization in brp-python-bytecompile
|
||||
|
||||
* Tue Jul 21 2020 Jeff Law <law@redhat.com> - 163-1
|
||||
- Enable LTO by default
|
||||
|
||||
* Thu Jul 16 2020 Lumír Balhar <lbalhar@redhat.com> - 162-1
|
||||
- New script brp-fix-pyc-reproducibility
|
||||
|
||||
* Tue Jun 16 2020 Lumír Balhar <lbalhar@redhat.com> - 161-2
|
||||
- Use stdlib compileall for Python >= 3.9
|
||||
|
||||
* Mon Jun 15 2020 Lumír Balhar <lbalhar@redhat.com> - 161-1
|
||||
- No more automagic Python bytecompilation (phase 3)
|
||||
https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_3
|
||||
|
||||
* Thu Jun 04 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 160-1
|
||||
- Fix broken %%configure
|
||||
|
||||
* Wed Jun 03 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 159-1
|
||||
- Fixes for new_package macro
|
||||
|
||||
* Wed Jun 03 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 158-1
|
||||
- Add option to choose C/C++ toolchain
|
||||
|
||||
* Sat May 30 2020 Jeff Law <law@redhat.com> - 157-1
|
||||
- When LTO is enabled, fix broken configure files.
|
||||
|
||||
* Sat May 30 2020 Nicolas Mailhot <nim@fedoraproject.org> - 156-1
|
||||
- Add new_package macro and associated lua framework.
|
||||
|
||||
* Sat May 23 2020 Nicolas Mailhot <nim@fedoraproject.org> - 155-1
|
||||
- forge: add gitea support
|
||||
|
||||
* Thu Apr 09 2020 Panu Matilainen <pmatilai@redhat.com> - 154-1
|
||||
- Optimize kernel module provides by using a parametric generator
|
||||
|
||||
* Thu Feb 20 2020 Jason L Tibbitts III <tibbs@math.uh.edu> - 153-1
|
||||
- Add dependency on fonts-srpm-macros, as those have now been approved by FPC.
|
||||
|
||||
* Thu Feb 20 2020 Jeff Law <law@redhat.com> - 152-1
|
||||
- Use eu-elfclassify to only run strip on ELF relocatables
|
||||
and archive libraries.
|
||||
|
||||
* Fri Feb 14 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 151-1
|
||||
- Fixup parallel algorithm for brp-strip-lto
|
||||
|
||||
* Fri Feb 14 2020 Jeff Law <law@redhat.com> - 150-1
|
||||
- Strip LTO sections/symbols from installed .o/.a files
|
||||
|
||||
* Thu Jan 23 2020 Jeff Law <law@redhat.com> - 149-1
|
||||
- Allow conditionally adding -fcommon to CFLAGS by defining %%_legacy_common_support
|
||||
|
||||
* Mon Jan 20 2020 Florian Weimer <fweimer@redhat.com> - 148-1
|
||||
- Reenable annobin after GCC 10 integration (#1792892)
|
||||
|
||||
* Mon Jan 20 2020 Florian Weimer <fweimer@redhat.com> - 147-1
|
||||
- Temporarily disable annobin for GCC 10 (#1792892)
|
||||
|
||||
* Thu Dec 05 2019 Denys Vlasenko <dvlasenk@redhat.com> - 146-1
|
||||
- kmod.prov: fix and speed it up
|
||||
|
||||
* Tue Dec 03 15:48:18 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 145-1
|
||||
- %%set_build_flags: define LT_SYS_LIBRARY_PATH
|
||||
|
||||
* Thu Nov 21 2019 Denys Vlasenko <dvlasenk@redhat.com> - 144-1
|
||||
- Speed up brp-mangle-shebangs.
|
||||
|
||||
* Tue Nov 05 2019 Lumír Balhar <lbalhar@redhat.com> - 143-1
|
||||
- Fix brp-python-bytecompile with the new features from compileall2
|
||||
- Resolves: rhbz#1595265
|
||||
|
||||
* Fri Nov 01 2019 Miro Hrončok <mhroncok@redhat.com> - 142-1
|
||||
- Fix the simple API of %%gpgverify.
|
||||
|
||||
* Thu Aug 22 2019 Jason L Tibbitts III <tibbs@math.uh.edu> - 141-2
|
||||
- Simplify the API of %%gpgverify.
|
||||
|
||||
* Thu Jul 25 2019 Richard W.M. Jones <rjones@redhat.com> - 140-2
|
||||
- Bump version and rebuild.
|
||||
|
||||
* Sat Jul 20 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 140-1
|
||||
- Fixup python-srpm-macros version
|
||||
|
||||
* Wed Jul 17 2019 Lumír Balhar <lbalhar@redhat.com> - 139-1
|
||||
- Use compileall2 Python module for byte-compilation in brp-python-bytecompile
|
||||
|
||||
* Tue Jul 09 2019 Miro Hrončok <mhroncok@redhat.com> - 138-1
|
||||
- Move brp-python-bytecompile from rpm, so we can easily adapt it
|
||||
|
||||
* Mon Jul 08 2019 Nicolas Mailhot <nim@fedoraproject.org> - 137-1
|
||||
- listfiles: make it robust against all kinds of “interesting” inputs
|
||||
- wordwrap: make list indenting smarter, to produce something with enough
|
||||
structure that it can be converted into AppStream metadata
|
||||
|
||||
* Mon Jul 08 2019 Robert-André Mauchin <zebob.m@gmail.com> - 136-1
|
||||
- Revert "Fix expansion in listfiles_exclude/listfiles_include"
|
||||
|
||||
* Mon Jul 08 2019 Nicolas Mailhot <nim@fedoraproject.org> - 135-1
|
||||
- Fix expansion in listfiles_exclude/listfiles_include
|
||||
|
||||
* Mon Jul 01 2019 Florian Festi <ffesti@redhat.com> - 134-1
|
||||
- Switch binary payload compression to Zstandard level 19
|
||||
|
||||
* Thu Jun 27 2019 Vít Ondruch <vondruch@redhat.com> - 133-2
|
||||
- Enable RPM to set SOURCE_DATE_EPOCH environment variable.
|
||||
|
||||
* Tue Jun 25 08:13:50 CEST 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 133-1
|
||||
- Expand listfiles_exclude/listfiles_include
|
||||
|
||||
* Tue Jun 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 132-1
|
||||
- Remove perl macro refugees
|
||||
|
||||
* Mon Jun 10 2019 Panu Matilainen <pmatilai@redhat.com> - 131-1
|
||||
- Provide temporary shelter for rpm 4.15 perl macro refugees
|
||||
|
||||
* Tue Jun 04 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 130-1
|
||||
- New macro for wrapping text — %%wordwrap
|
||||
- Smal fix for %%listfiles with no arguments
|
||||
|
||||
* Thu May 30 2019 Björn Persson <Bjorn@Rombobjörn.se> - 129-1
|
||||
- Added gpgverify.
|
||||
|
||||
* Tue Jan 15 2019 Panu Matilainen <pmatilai@redhat.com> - 128-1
|
||||
- Drop redundant _smp_mflag re-definition, use the one from rpm instead
|
||||
|
||||
* Thu Dec 20 2018 Florian Weimer <fweimer@redhat.com> - 127-1
|
||||
- Build flags: Add support for extension builders (#1543394)
|
||||
|
||||
* Mon Dec 17 2018 Panu Matilainen <pmatilai@redhat.com> - 126-1
|
||||
- Silence the annoying warning from ldconfig brp-script (#1540971)
|
||||
|
||||
* Thu Nov 15 2018 Miro Hrončok <mhroncok@redhat.com> - 125-1
|
||||
- Make automagic Python bytecompilation optional
|
||||
https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2
|
||||
|
||||
* Thu Nov 08 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 124-1
|
||||
- forge: add more distprefix cleaning (bz1646724)
|
||||
|
||||
* Mon Oct 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 123-1
|
||||
- Add -q option to %%forgesetup
|
||||
|
||||
* Sat Oct 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 122-1
|
||||
- Allow multiple calls to forge macros
|
||||
|
||||
* Thu Oct 11 2018 Jan Pazdziora <jpazdziora@redhat.com> - 121-1
|
||||
- Add %_swidtagdir for directory for SWID tag files describing the
|
||||
installation.
|
||||
|
||||
* Mon Sep 10 2018 Miro Hrončok <mhroncok@redhat.com> - 120-1
|
||||
- Make ambiguous python shebangs error
|
||||
https://fedoraproject.org/wiki/Changes/Make_ambiguous_python_shebangs_error
|
||||
|
||||
* Mon Aug 20 2018 Kalev Lember <klember@redhat.com> - 119-1
|
||||
- Add aarch64 to ldc arches
|
||||
|
||||
* Wed Aug 15 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 118-1
|
||||
- Enable --as-needed by default
|
||||
|
||||
* Mon Jul 16 2018 Miro Hrončok <mhroncok@redhat.com> - 117-1
|
||||
- Mangle /bin shebnags to /usr/bin ones (#1581757)
|
||||
|
||||
* Tue Jul 10 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 116-1
|
||||
- Add option to add -Wl,--as-needed into LDFLAGS
|
||||
|
||||
* Mon Jul 09 2018 Kalev Lember <klember@redhat.com> - 115-1
|
||||
- Disable non-functional ppc64 support for ldc packages
|
||||
|
||||
* Tue Jun 26 2018 Panu Matilainen <pmatilai@redhat.com> - 114-1
|
||||
- Fix kernel ABI related strings (Peter Oros, #26)
|
||||
- Automatically trim changelog to two years (Zbigniew Jędrzejewski-Szmek, #22)
|
||||
- Cosmetics cleanups (Zbigniew Jędrzejewski-Szmek, #22)
|
||||
|
||||
* Mon Jun 18 2018 Florian Weimer <fweimer@redhat.com> - 113-1
|
||||
- Build flags: Require SSE2 on i686 (#1592212)
|
||||
|
||||
* Mon May 28 2018 Miro Hrončok <mhroncok@redhat.com> - 112-1
|
||||
- Add a possibility to opt-out form automagic Python bytecompilation
|
||||
https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation
|
||||
|
||||
* Wed May 02 2018 Peter Jones <pjones@redhat.com> - 111-1
|
||||
* Mon Jul 23 2018 Peter Jones <pjones@redhat.com> - 109-1
|
||||
- Add Requires: efi-srpm-macros for %%{efi}
|
||||
- brp-mangle-shebangs: add %%{__brp_mangle_shebangs_exclude_file} and
|
||||
%%{__brp_mangle_shebangs_exclude_from_file} to allow you to specify files
|
||||
containing the shebangs to be ignore and files to be ignored regexps,
|
||||
respectively, so that they can be generated during the package build.
|
||||
|
||||
* Wed May 2 2018 Florian Weimer <fweimer@redhat.com> - 110-1
|
||||
- Reflect -fasynchronous-unwind-tables GCC default on POWER (#1550914)
|
||||
* Mon Jul 09 2018 Tomas Orsava <torsava@redhat.com> - 108-1
|
||||
- Impement changing python3 shebangs in brp-mangle-shebangs
|
||||
- Added a dependency on python3-rpm-macros
|
||||
|
||||
* Wed May 2 2018 Florian Weimer <fweimer@redhat.com> - 109-1
|
||||
- Use plain -fcf-protection compiler flag, without -mcet (#1570823)
|
||||
* Tue Jul 03 2018 Tomas Orsava <torsava@redhat.com> - 107.3-3.1
|
||||
- Bump release
|
||||
|
||||
* Tue May 01 2018 Peter Jones <pjones@redhat.com> - 108-1
|
||||
- Add Requires: efi-srpm-macros for %%{efi}
|
||||
* Thu Jun 28 2018 Tomas Orsava <torsava@redhat.com> - 107.3-3
|
||||
- The brp-python-bytecompile script no longer accepts two arguments, as the
|
||||
first argument has been obsoleted
|
||||
- Modified the definition of %%__brp_python_bytecompile to match the new scheme
|
||||
|
||||
* Thu Jun 28 2018 Florian Festi <ffesti@redhat.com> - 107.3-2
|
||||
- Replace find-provides.ksyms and find-requires.ksyms by RHEL 7.6 versions (#1571186)
|
||||
|
||||
* Thu Jun 07 2018 Florian Festi <ffesti@redhat.com> - 107.3-1
|
||||
- Remove dependencies to fpc-srpm-macros, gnat-srpm-macros and nim-srpm-macros
|
||||
|
||||
* Fri Jun 1 2018 Florian Weimer <fweimer@redhat.com> - 107.2-1
|
||||
- i686: Build with -mstackrealign (#1478332)
|
||||
- Update documentation for i686 build flags (#1554855)
|
||||
|
||||
* Fri May 4 2018 Florian Weimer <fweimer@redhat.com> - 107.1-1
|
||||
- Use plain -fcf-protection compiler flag, without -mcet (#1574937)
|
||||
|
||||
* Fri Apr 20 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 107-1
|
||||
- Add %%_metainfodir macro.
|
@ -1,54 +0,0 @@
|
||||
#!/usr/bin/bash -eu
|
||||
|
||||
|
||||
if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
CLANG_FLAGS=$@
|
||||
NCPUS=${RPM_BUILD_NCPUS:-1}
|
||||
|
||||
check_convert_bitcode () {
|
||||
local file_name=$(realpath ${1})
|
||||
local file_type=$(file ${file_name})
|
||||
|
||||
shift
|
||||
CLANG_FLAGS="$@"
|
||||
|
||||
if [[ "${file_type}" == *"LLVM IR bitcode"* ]]; then
|
||||
# Check the output of llvm-strings for the command line, which is in the LLVM bitcode because
|
||||
# we pass -frecord-gcc-switches.
|
||||
# Check for a line that has "-flto" after (or without) "-fno-lto".
|
||||
llvm-strings ${file_name} | while read line ; do
|
||||
flto=$(echo $line | grep -o -b -e -flto | tail -n 1 | cut -d : -f 1)
|
||||
fnolto=$(echo $line | grep -o -b -e -fno-lto | tail -n 1 | cut -d : -f 1)
|
||||
|
||||
if test -n "$flto" && { test -z "$fnolto" || test "$flto" -gt "$fnolto"; } ; then
|
||||
echo "Compiling LLVM bitcode file ${file_name}."
|
||||
clang ${CLANG_FLAGS} -fno-lto -Wno-unused-command-line-argument \
|
||||
-x ir ${file_name} -c -o ${file_name}
|
||||
break
|
||||
fi
|
||||
done
|
||||
elif [[ "${file_type}" == *"current ar archive"* ]]; then
|
||||
echo "Unpacking ar archive ${file_name} to check for LLVM bitcode components."
|
||||
# create archive stage for objects
|
||||
local archive_stage=$(mktemp -d)
|
||||
local archive=${file_name}
|
||||
pushd ${archive_stage}
|
||||
ar x ${archive}
|
||||
for archived_file in $(find -not -type d); do
|
||||
check_convert_bitcode ${archived_file} ${CLANG_FLAGS}
|
||||
echo "Repacking ${archived_file} into ${archive}."
|
||||
ar r ${archive} ${archived_file}
|
||||
done
|
||||
popd
|
||||
fi
|
||||
}
|
||||
|
||||
echo "Checking for LLVM bitcode artifacts"
|
||||
export -f check_convert_bitcode
|
||||
# Deduplicate by device:inode to avoid processing hardlinks in parallel.
|
||||
find "$RPM_BUILD_ROOT" -type f -name "*.[ao]" -printf "%D:%i %p\n" | \
|
||||
awk '!seen[$1]++' | cut -d" " -f2- | \
|
||||
xargs -d"\n" -r -n1 -P$NCPUS sh -c "check_convert_bitcode \$@ $CLANG_FLAGS" ARG0
|
@ -1,17 +0,0 @@
|
||||
#!/usr/bin/sh
|
||||
# If using normal root, avoid changing anything.
|
||||
if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
STRIP=${1:-strip}
|
||||
NCPUS=${RPM_BUILD_NCPUS:-1}
|
||||
|
||||
case `uname -a` in
|
||||
Darwin*) exit 0 ;;
|
||||
*) ;;
|
||||
esac
|
||||
|
||||
# Strip ELF binaries
|
||||
find "$RPM_BUILD_ROOT" -type f -name '*.[ao]' \! -regex "$RPM_BUILD_ROOT/*usr/lib/debug.*" -print0 | \
|
||||
eu-elfclassify --not-program --not-library --not-linux-kernel-module --stdin0 --print0 | xargs -0 -r -P$NCPUS -n32 sh -c "$STRIP -p -R .gnu.lto_* -R .gnu.debuglto_* -N __gnu_lto_v1 \"\$@\"" ARG0
|
743
buildflags.md
743
buildflags.md
@ -1,743 +0,0 @@
|
||||
This document contains documentation of the individual compiler flags
|
||||
and how to use them.
|
||||
|
||||
[TOC]
|
||||
|
||||
# Using RPM build flags
|
||||
|
||||
The %set_build_flags macro sets the environment variables `CFLAGS`,
|
||||
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, `VALAFLAGS`, `LDFLAGS` and `LT_SYS_LIBRARY_PATH` to
|
||||
the value of their corresponding rpm macros. `%set_build_flags` is automatically
|
||||
called prior to the `%build`, `%check`, and `%install` phases so these flags can be
|
||||
used by makefiles and other build tools.
|
||||
|
||||
You can opt out of this behavior by doing:
|
||||
|
||||
%undefine _auto_set_build_flags
|
||||
|
||||
If you do opt out of this behavior, you can still manually use `%set_build_flags`
|
||||
by adding it to the `%build` section of your spec file or by using one of the
|
||||
build system helper macros like `%configure`, `%cmake`, and `%meson`.
|
||||
|
||||
For packages which use autoconf to set up the build environment, use
|
||||
the `%configure` macro to obtain the full complement of flags, like
|
||||
this:
|
||||
|
||||
%configure
|
||||
|
||||
This will invoke `./configure` with arguments (such as
|
||||
`--prefix=/usr`) to adjust the paths to the packaging defaults. Prior
|
||||
to that, some common problems in autotools scripts are automatically
|
||||
patched across the source tree.
|
||||
|
||||
Individual build flags are also available through RPM macros:
|
||||
|
||||
* `%{build_cc}` for the command name of the C compiler.
|
||||
* `%{build_cxx}` for the command name of the C++ compiler.
|
||||
* `%{build_cpp}` for the command name of the C-compatible preprocessor.
|
||||
* `%{build_cflags}` for the C compiler flags (also known as the
|
||||
`CFLAGS` variable).
|
||||
* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
|
||||
the `CXXFLAGS` shell variable).
|
||||
* `%{build_fflags}` for `FFLAGS` (the Fortran compiler flags, also
|
||||
known as the `FCFLAGS` variable).
|
||||
* `%{build_valaflags}` for `VALAFLAGS` (the Vala compiler flags)
|
||||
* `%{build_ldflags}` for the linker (`ld`) flags, usually known as
|
||||
`LDFLAGS`. Note that the contents quote linker arguments using
|
||||
`-Wl`, so this variable is intended for use with the `gcc` compiler
|
||||
driver. At the start of the `%build` section, the environment
|
||||
variable `RPM_LD_FLAGS` is set to this value.
|
||||
|
||||
The C and C++ compiler flags are historically available as the
|
||||
`%{optflags}` macro. These flags may not contain flags that work with
|
||||
certain languagues or compiler front ends, so the language-specific
|
||||
`%build_*` are more precise. At the start of the `%build` section,
|
||||
the environment variable `RPM_OPT_FLAGS` is set to the `%{optflags}`
|
||||
value; similar limitations apply.
|
||||
|
||||
The variable `LT_SYS_LIBRARY_PATH` is defined here to prevent the `libtool`
|
||||
script (v2.4.6+) from hardcoding `%_libdir` into the binaries' `RPATH`.
|
||||
|
||||
These RPM macros do not alter shell environment variables.
|
||||
|
||||
For some other build tools separate mechanisms exist:
|
||||
|
||||
* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
|
||||
package.
|
||||
|
||||
Care must be taking not to compile the current selection of compiler
|
||||
flags into any RPM package besides `redhat-rpm-config`, so that flag
|
||||
changes are picked up automatically once `redhat-rpm-config` is
|
||||
updated.
|
||||
|
||||
# Flag selection for the build type
|
||||
|
||||
The default flags are suitable for building applications.
|
||||
|
||||
For building shared objects, you must compile with `-fPIC` in
|
||||
(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
|
||||
|
||||
For other considerations involving shared objects, see:
|
||||
|
||||
* [Fedora Packaging Guidelines: Shared Libraries](https://docs.fedoraproject.org/en-US/packaging-guidelines/#_shared_libraries)
|
||||
|
||||
# Customizing compiler and other build flags
|
||||
|
||||
It is possible to set RPM macros to change some aspects of the
|
||||
compiler flags. Changing these flags should be used as a last
|
||||
recourse if other workarounds are not available.
|
||||
|
||||
### Toolchain selection
|
||||
|
||||
The default toolchain uses GCC, and the `%toolchain` macro is defined
|
||||
as `gcc`.
|
||||
|
||||
It is enough to override `toolchain` macro and all relevant macro for C/C++
|
||||
compilers will be switched. Either in the spec or in the command-line.
|
||||
|
||||
%global toolchain clang
|
||||
|
||||
or:
|
||||
|
||||
rpmbuild -D "toolchain clang" …
|
||||
|
||||
Inside a spec file it is also possible to determine which toolchain is in use
|
||||
by testing the same macro. For example:
|
||||
|
||||
%if "%{toolchain}" == "gcc"
|
||||
BuildRequires: gcc
|
||||
%endif
|
||||
|
||||
or:
|
||||
|
||||
%if "%{toolchain}" == "clang"
|
||||
BuildRequires: clang compiler-rt
|
||||
%endif
|
||||
|
||||
### Controlling Type Safety
|
||||
|
||||
The macro `%build_type_safety_c` can be set to change the C type
|
||||
safety level. The default level is 3, see below. It can be set to 0
|
||||
to get historic levels of type safety. Changing the type safety level
|
||||
may depend on correct `CFLAGS` propagation during the build. The
|
||||
`%build_type_safety_c` macro needs to be set before `CFLAGS`-related
|
||||
macros are expanded by RPM (that is, earlier in the file works
|
||||
better).
|
||||
|
||||
Packages can set `%build_type_safety_c` to higher values to adopt
|
||||
future distribution-wide type-safety increases early. When changing
|
||||
the `%build_type_safety_c` level to increase it, spec file should use
|
||||
a construct like this to avoid *lowering* a future default:
|
||||
|
||||
```
|
||||
%if %build_type_safety_c < 4
|
||||
%global build_type_safety_c 4
|
||||
%endif
|
||||
```
|
||||
|
||||
At level 0, all C constructs that GCC accepts for backwards
|
||||
compatibility with obsolete language standards are accepted during
|
||||
package builds. This is achieved by passing `-fpermissive` to GCC.
|
||||
|
||||
At level 1, the following additional error categories are enabled:
|
||||
|
||||
* `-Werror=implicit-int`: Reject declarations and definitions that
|
||||
omit a type name where one is required. Examples are:
|
||||
`extern int_variable;`, `extern int_returning_function (void);`,
|
||||
and missing separate parameter type declarations in old-style
|
||||
function definitions.
|
||||
* `-Werror=implicit-function-declaration`: Reject calls to functions
|
||||
to undeclared functions such as `function_not_defined_anywhere ()`.
|
||||
Previously, such expressions where we compiled as if a declaration
|
||||
`extern int function_not_defined_anywhere ();` (a prototype-less
|
||||
function declaration) were in scope.
|
||||
* `-Werror=return-mismatch`: Reject `return` statements with missing
|
||||
or extra expressions, based on the declared return type of the
|
||||
function.
|
||||
* `-Wdeclaration-missing-parameter-type`: Reject function declarations
|
||||
that contain unknown type names (which used to be treated as ignored
|
||||
identifier names).
|
||||
|
||||
At level 2, the following error category is enabled in addition:
|
||||
|
||||
* `-Werror=int-conversion`: Reject the use of integer expressions
|
||||
where a pointer type expected, and pointer expressions where an
|
||||
integer type is expected. Without this option, GCC may produce an
|
||||
executable, but often, there are failures at run time because not
|
||||
the full 64 bits of pointers are preserved.
|
||||
|
||||
The additional level 3 error category is:
|
||||
|
||||
* `-Werror=incompatible-pointer-types`: An expression of one pointer
|
||||
type is used where different pointer type is expected. (This does
|
||||
not cover signed/unsigned mismatches in the pointer target type.)
|
||||
|
||||
Clang errors out on more obsolete and invalid C constructs than C, so
|
||||
the type safety is higher by default than with the GCC toolchain.
|
||||
|
||||
### Disable autotools compatibility patching
|
||||
|
||||
By default, the invocation of the `%configure` macro replaces
|
||||
`config.guess` files in the source tree with the system version. To
|
||||
disable that, define this macro:
|
||||
|
||||
%global _configure_gnuconfig_hack 0
|
||||
|
||||
`%configure` also patches `ltmain.sh` scripts, so that linker flags
|
||||
are set as well during libtool-. This can be switched off using:
|
||||
|
||||
%global _configure_libtool_hardening_hack 0
|
||||
|
||||
Further patching happens in LTO mode, see below.
|
||||
|
||||
### Other autotools compatibility settings
|
||||
|
||||
During `%configure`, `--runstatedir` is automatically passed to the
|
||||
`configure` script if support for this option is detected. This
|
||||
detection can fail if the package has multiple `configure` scripts
|
||||
that invoke each other, and only some of them support `--runstatedir`.
|
||||
To disable passing `--runstatedir`, use:
|
||||
|
||||
%undefine _configure_use_runstatedir
|
||||
|
||||
### Disabling Link-Time Optimization
|
||||
|
||||
By default, builds use link-time optimization. In this build mode,
|
||||
object code is generated at the time of the final link, by combining
|
||||
information from all available translation units, and taking into
|
||||
account which symbols are exported.
|
||||
|
||||
To disable this optimization, include this in the spec file:
|
||||
|
||||
%global _lto_cflags %{nil}
|
||||
|
||||
If LTO is enabled, `%configure` applies some common required fixes to
|
||||
`configure` scripts. To disable that, define the RPM macro
|
||||
`_fix_broken_configure_for_lto` as `true` (sic; it has to be a shell
|
||||
command).
|
||||
|
||||
### Lazy binding
|
||||
|
||||
If your package depends on the semantics of lazy binding (e.g., it has
|
||||
plugins which load additional plugins to complete their dependencies,
|
||||
before which some referenced functions are undefined), you should put
|
||||
`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
|
||||
which have such requirements. Under these circumstances, it is
|
||||
unnecessary to disable hardened builds (and thus lose full ASLR for
|
||||
executables), or link everything without `-Wl,z,now` (non-lazy
|
||||
binding).
|
||||
|
||||
### Hardened builds
|
||||
|
||||
By default, the build flags enable fully hardened builds. To change
|
||||
this, include this in the RPM spec file:
|
||||
|
||||
%undefine _hardened_build
|
||||
|
||||
This turns off certain hardening features, as described in detail
|
||||
below. The main difference is that executables will be
|
||||
position-dependent (no full ASLR) and use lazy binding.
|
||||
|
||||
### Source Fortification
|
||||
|
||||
By default, the build flags include `-Wp,-D_FORTIFY_SOURCE=3`: Source
|
||||
fortification activates various hardening features in glibc:
|
||||
|
||||
* String functions such as `memcpy` attempt to detect buffer lengths
|
||||
and terminate the process if a buffer overflow is detected.
|
||||
* `printf` format strings may only contain the `%n` format specifier
|
||||
if the format string resides in read-only memory.
|
||||
* `open` and `openat` flags are checked for consistency with the
|
||||
presence of a *mode* argument.
|
||||
* Plus other minor hardening changes.
|
||||
|
||||
These changes can, on rare occasions, break valid programs. The source
|
||||
fortification level can be overridden by adding this in the RPM spec file:
|
||||
|
||||
%define _fortify_level 2
|
||||
|
||||
to reduce source fortification level to 2 or:
|
||||
|
||||
%undefine _fortify_level
|
||||
|
||||
to disable fortification altogether.
|
||||
|
||||
### Annotated builds/watermarking
|
||||
|
||||
By default, the build flags cause a special output section to be
|
||||
included in ELF files which describes certain aspects of the build.
|
||||
To change this for all compiler invocations, include this in the RPM
|
||||
spec file:
|
||||
|
||||
%undefine _annotated_build
|
||||
|
||||
Be warned that this turns off watermarking, making it impossible to do
|
||||
full hardening coverage analysis for any binaries produced.
|
||||
|
||||
It is possible to disable annotations for individual compiler
|
||||
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
|
||||
the annobin plugin must still be loaded for this flag to be
|
||||
recognized, so it has to come after the hardening flags on the command
|
||||
line (it has to be added at the end of `CFLAGS`, or specified after
|
||||
the `CFLAGS` variable contents).
|
||||
|
||||
### Keeping dependencies on unused shared objects
|
||||
|
||||
By default, ELF shared objects which are listed on the linker command
|
||||
line, but which have no referencing symbols in the preceding objects,
|
||||
are not added to the output file during the final link.
|
||||
|
||||
In order to keep dependencies on shared objects even if none of
|
||||
their symbols are used, include this in the RPM spec file:
|
||||
|
||||
%undefine _ld_as_needed
|
||||
|
||||
For example, this can be required if shared objects are used for their
|
||||
side effects in ELF constructors, or for making them available to
|
||||
dynamically loaded plugins.
|
||||
|
||||
### Switching to legacy relative relocations
|
||||
|
||||
By default, ELF objects use the architecture-independent `DT_RELR`
|
||||
mechanism for relative relocations. To switch to the older,
|
||||
architecture-specific relocation scheme, add this to the RPM spec file:
|
||||
|
||||
%undefine _ld_pack_relocs
|
||||
|
||||
This adds `-Wl,-z,pack-relative-relocs` to the linker flags (`LDFLAGS`).
|
||||
|
||||
### Specifying the build-id algorithm
|
||||
|
||||
If you want to specify a different build-id algorithm for your builds, you
|
||||
can use the `%_build_id_flags` macro:
|
||||
|
||||
%_build_id_flags -Wl,--build-id=sha1
|
||||
|
||||
### Strict symbol checks in the link editor (ld)
|
||||
|
||||
Optionally, the link editor will refuse to link shared objects which
|
||||
contain undefined symbols. Such symbols lack symbol versioning
|
||||
information and can be bound to the wrong (compatibility) symbol
|
||||
version at run time, and not the actual (default) symbol version which
|
||||
would have been used if the symbol definition had been available at
|
||||
static link time. Furthermore, at run time, the dynamic linker will
|
||||
not have complete dependency information (in the form of DT_NEEDED
|
||||
entries), which can lead to errors (crashes) if IFUNC resolvers are
|
||||
executed before the shared object containing them is fully relocated.
|
||||
|
||||
To switch on these checks, define this macro in the RPM spec file:
|
||||
|
||||
%global _strict_symbol_defs_build 1
|
||||
|
||||
If this RPM spec option is active, link failures will occur if the
|
||||
linker command line does not list all shared objects which are needed.
|
||||
In this case, you need to add the missing DSOs (with linker arguments
|
||||
such as `-lm`). As a result, the link editor will also generated the
|
||||
necessary DT_NEEDED entries.
|
||||
|
||||
In some cases (such as when a DSO is loaded as a plugin and is
|
||||
expected to bind to symbols in the main executable), undefined symbols
|
||||
are expected. In this case, you can add
|
||||
|
||||
%undefine _strict_symbol_defs_build
|
||||
|
||||
to the RPM spec file to disable these strict checks. Alternatively,
|
||||
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
|
||||
command line). The latter needs binutils 2.29.1-12.fc28 or later.
|
||||
|
||||
### Legacy -fcommon
|
||||
|
||||
Since version 10, [gcc defaults to `-fno-common`](https://gcc.gnu.org/gcc-10/porting_to.html#common).
|
||||
Builds may fail with `multiple definition of ...` errors.
|
||||
|
||||
As a short term workaround for such failure,
|
||||
it is possible to add `-fcommon` to the flags by defining `%_legacy_common_support`.
|
||||
|
||||
%global _legacy_common_support 1
|
||||
|
||||
Properly fixing the failure is always preferred!
|
||||
|
||||
### Package note on ELF objects
|
||||
|
||||
A note that describes the package name, version, and architecture is
|
||||
inserted via a linker script (`%_package_note_file`). The script is
|
||||
generated when `%set_build_flags` is called. The linker option that
|
||||
injects the linker script is added to `%{build_ldflags}` via the
|
||||
`%{_package_note_flags}` macro.
|
||||
|
||||
To opt out of the use of this feature completely, the best way is to
|
||||
undefine the first macro. Include this in the spec file:
|
||||
|
||||
%undefine _package_note_file
|
||||
|
||||
The other macros can be undefined too to replace parts of the functionality.
|
||||
If `%_generate_package_note_file` is undefined, the linker script will not
|
||||
be generated, but the link flags may still refer to it. This may be useful
|
||||
if the default generation method is insufficient and a different mechanism
|
||||
will be used to generate `%_package_note_file`. If `%_package_note_flags`
|
||||
is undefined, the linker argument that injects the script will not be added
|
||||
to `%build_ldfags`, but the linker script would still be generated.
|
||||
|
||||
### Frame pointers
|
||||
|
||||
Frame pointers will be included by default via the `%_include_frame_pointers`
|
||||
macro. To opt out, the best way is to undefine the macro. Include this in the
|
||||
spec file:
|
||||
|
||||
%undefine _include_frame_pointers
|
||||
|
||||
Note that opting out might still result in frame pointers being included on
|
||||
architectures where they are part of the ABI (e.g. aarch64) depending on
|
||||
compiler defaults.
|
||||
|
||||
### Post-build ELF object processing
|
||||
|
||||
By default, DWARF debugging information is separated from installed
|
||||
ELF objects and put into `-debuginfo` subpackages. To disable most
|
||||
debuginfo processing (and thus the generation of these subpackages),
|
||||
define `_enable_debug_packages` as `0`.
|
||||
|
||||
Processing of debugging information is controlled using the
|
||||
`find-debuginfo` tool from the `debugedit` package. Several aspects
|
||||
of its operation can be controlled at the RPM level.
|
||||
|
||||
* Creation of `-debuginfo` subpackages is enabled by default.
|
||||
To disable, undefine `_debuginfo_subpackages`.
|
||||
* Likewise, `-debugsource` subpackages are automatically created.
|
||||
To disable, undefine `_debugsource_subpackages`.
|
||||
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
|
||||
for background information.
|
||||
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
|
||||
`_unique_debug_srcs` control how debugging information and
|
||||
corresponding source files are represented on disk.
|
||||
See `/usr/lib/rpm/macros` for details. The defaults
|
||||
enable parallel installation of `-debuginfo` packages for
|
||||
different package versions, as described in
|
||||
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
|
||||
* By default, a compressed symbol table is preserved in the
|
||||
`.gnu_debugdata` section. To disable that, undefine
|
||||
`_include_minidebuginfo`.
|
||||
* To speed up debuggers, a `.gdb_index` section is created. It can be
|
||||
disabled by undefining `_include_gdb_index`.
|
||||
* Missing build IDs result in a build failure. To ignore such
|
||||
problems, undefine `_missing_build_ids_terminate_build`.
|
||||
* During processing, build IDs are recomputed to match the binary
|
||||
content. To skip this step, define `_no_recompute_build_ids` as `1`.
|
||||
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
|
||||
(DWARF compression) processing. Undefine this macro to disable this
|
||||
step.
|
||||
* Additional options can be passed by defining the
|
||||
`_find_debuginfo_opts` macro.
|
||||
|
||||
After separation of debugging information, additional transformations
|
||||
are applied, most of them also related to debugging information.
|
||||
These steps can be skipped by undefining the corresponding macros:
|
||||
|
||||
* `__brp_strip`: Removal of leftover debugging information. The tool
|
||||
specified by the `__strip` macro is invoked with the `-g` option on
|
||||
ELF object (`.o`) files.
|
||||
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
|
||||
processes static `.a` archives instead.
|
||||
* `__brp_strip_comment_note`: This step removes unallocated `.note`
|
||||
sections, and `.comment` sections from ELF files.
|
||||
* `__brp_strip_lto`: This step removes GCC LTO intermediate representation
|
||||
in ELF sections starting with `.gnu.lto_` and `.gnu.debuglto_`. Skipping
|
||||
this step is strongly discouraged because the tight coupling of LTO
|
||||
data with the GCC version. The underlying tool is again determined by the
|
||||
`__strip` macro.
|
||||
* `__brp_llvm_compile_lto_elf`: This step replaces LLVM bitcode files
|
||||
with object files, thereby removing LLVM bitcode from the installed
|
||||
files. This transformation is applied to object files in static `.a`
|
||||
archives, too.
|
||||
* `__brp_ldconfig`: For each shared object on the library search path
|
||||
whose soname does not match its file name, a symbolic link from the
|
||||
soname to the file name is created. This way, these shared objects
|
||||
are loadable immediately after installation, even if they are not yet
|
||||
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
|
||||
invoked yet).
|
||||
* `__brp_remove_la_files`: This step removes libtool-generated `.la`
|
||||
files from the installed files.
|
||||
|
||||
# Individual compiler flags
|
||||
|
||||
Compiler flags end up in the environment variables `CFLAGS`,
|
||||
`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
|
||||
|
||||
The general (architecture-independent) build flags are:
|
||||
|
||||
* `-O2`: Turn on various GCC optimizations. See the
|
||||
[GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
|
||||
Optimization improves performance, the accuracy of warnings, and the
|
||||
reach of toolchain-based hardening, but it makes debugging harder.
|
||||
* `-g`: Generate debugging information (DWARF). In Fedora, this data
|
||||
is separated into `-debuginfo` RPM packages whose installation is
|
||||
optional, so debuging information does not increase the size of
|
||||
installed binaries by default.
|
||||
* `-pipe`: Run compiler and assembler in parallel and do not use a
|
||||
temporary file for the assembler input. This can improve
|
||||
compilation performance. (This does not affect code generation.)
|
||||
* `-Wall`: Turn on various GCC warnings.
|
||||
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
|
||||
* `-Wno-complain-wrong-lang`: Do not warn about front end mismatches
|
||||
(e.g, using `-Werror=format-security` with Fortran). Only included
|
||||
in `%optflags`, and not the front-end-specific `%build_*` macros.
|
||||
* `-Werror=format-security`: Turn on format string warnings and treat
|
||||
them as errors.
|
||||
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
|
||||
This can occasionally result in compilation errors. In that case,
|
||||
the best option is to rewrite the source code so that only constant
|
||||
format strings (string literals) are used.
|
||||
* Other `-Werror=` options. See **Controlling C Type Safety**.
|
||||
* `-U_FORTIFY_SOURCE, -Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=3`:
|
||||
See the Source Fortification section above and the `%_fortify_level`
|
||||
override.
|
||||
* `-fexceptions`: Provide exception unwinding support for C programs.
|
||||
See the [`-fexceptions` option in the GCC
|
||||
manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
|
||||
and the [`cleanup` variable
|
||||
attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
|
||||
This also hardens cancellation handling in C programs because
|
||||
it is not required to use an on-stack jump buffer to install
|
||||
a cancellation handler with `pthread_cleanup_push`. It also makes
|
||||
it possible to unwind the stack (using C++ `throw` or Rust panics)
|
||||
from C callback functions if a C library supports non-local exits
|
||||
from them (e.g., via `longjmp`).
|
||||
* `-fasynchronous-unwind-tables`: Generate full unwind information
|
||||
covering all program points. This is required for support of
|
||||
asynchronous cancellation and proper unwinding from signal
|
||||
handlers. It also makes performance and debugging tools more
|
||||
useful because unwind information is available without having to
|
||||
install (and load) debugging information. (Not enabled on armhfp
|
||||
due to architectural differences in stack management.)
|
||||
* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
|
||||
C++ standard library, such as bounds checking for the subscription
|
||||
operator on vectors. (This flag is added to both `CFLAGS` and
|
||||
`CXXFLAGS`; C compilations will simply ignore it.)
|
||||
* `-fstack-protector-strong`: Instrument functions to detect
|
||||
stack-based buffer overflows before jumping to the return address on
|
||||
the stack. The *strong* variant only performs the instrumentation
|
||||
for functions whose stack frame contains addressable local
|
||||
variables. (If the address of a variable is never taken, it is not
|
||||
possible that a buffer overflow is caused by incorrect pointer
|
||||
arithmetic involving a pointer to that variable.)
|
||||
* `-fstack-clash-protection`: Turn on instrumentation to avoid
|
||||
skipping the guard page in large stack frames. (Without this flag,
|
||||
vulnerabilities can result where the stack overlaps with the heap,
|
||||
or thread stacks spill into other regions of memory.) This flag is
|
||||
fully ABI-compatible and has adds very little run-time overhead.
|
||||
This flag is currently not available on armhfp (both `gcc` and `clang`
|
||||
toolchains) and on aarch64 with the `clang` toolchain.
|
||||
* `-flto=auto`: Enable link-time optimization (LTO), using `make` job server
|
||||
integration for parallel processing. (`gcc` toolchain only)
|
||||
* `-ffat-lto-objects`: Generate EFL object files which contain both
|
||||
object code and LTO intermediate representation. (`gcc` toolchain only)
|
||||
* `-flto`: Enable link-time optimization. (`clang` toolchain only)
|
||||
* `-grecord-gcc-switches`: Include select GCC command line switches in
|
||||
the DWARF debugging information. This is useful for detecting the
|
||||
presence of certain build flags and general hardening coverage.
|
||||
* `-fcommon`: This optional flag is used to build legacy software
|
||||
which relies on C tentative definitions. It is disabled by default.
|
||||
|
||||
For hardened builds (which are enabled by default, see above for how
|
||||
to disable them), the flag
|
||||
`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
|
||||
command line. It adds the following flag to the command line:
|
||||
|
||||
* `-fPIE`: Compile for a position-independent executable (PIE),
|
||||
enabling full address space layout randomization (ASLR). This is
|
||||
similar to `-fPIC`, but avoids run-time indirections on certain
|
||||
architectures, resulting in improved performance and slightly
|
||||
smaller executables. However, compared to position-dependent code
|
||||
(the default generated by GCC), there is still a measurable
|
||||
performance impact.
|
||||
|
||||
If the command line also contains `-r` (producing a relocatable
|
||||
object file), `-fpic` or `-fPIC`, this flag is automatically
|
||||
dropped. (`-fPIE` can only be used for code which is linked into
|
||||
the main program.) Code which goes into static libraries should be
|
||||
compiled with `-fPIE`, except when this code is expected to be
|
||||
linked into DSOs, when `-fPIC` must be used.
|
||||
|
||||
To be effective, `-fPIE` must be used with the `-pie` linker flag
|
||||
when producing an executable, see below.
|
||||
|
||||
To support [binary watermarks for ELF
|
||||
objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
|
||||
annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
|
||||
added by default (with the `gcc` toolchain). This can be switched off
|
||||
by undefining the `%_annotated_build` RPM macro (see above). Binary
|
||||
watermarks are currently disabled on armhpf, and with the `clang`
|
||||
toolchain.
|
||||
|
||||
If frame pointers are enabled by default (via `%_include_frame_pointers`),
|
||||
the `-fno-omit-frame-pointer` will be added on all architectures except i686
|
||||
and s390x. Additional flags will be added on specific architectures:
|
||||
|
||||
* `-mno-omit-leaf-frame-pointer` on x86_64 and aarch64
|
||||
|
||||
### Architecture-specific compiler flags
|
||||
|
||||
These compiler flags are enabled for all builds (hardened/annotated or
|
||||
not), but their selection depends on the architecture:
|
||||
|
||||
* `-fcf-protection`: Instrument binaries to guard against
|
||||
ROP/JOP exploitation techniques. Used on x86_64.
|
||||
* `-mbranch-protection=standard`: Instrument binaries to guard against
|
||||
ROP/JOP exploitation techniques. Used on aarch64.
|
||||
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
|
||||
the same compilation. For such architectures, the RPM build process
|
||||
explicitly selects the architecture variant by passing this compiler
|
||||
flag.
|
||||
|
||||
In addition, `redhat-rpm-config` re-selects the built-in default
|
||||
tuning in the `gcc` package. These settings are:
|
||||
|
||||
* **armhfp**: `-march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard`
|
||||
selects an Arm subarchitecture based on the ARMv7-A architecture
|
||||
with 16 64-bit floating point registers. `-mtune=cortex-8a` selects
|
||||
tuning for the Cortex-A8 implementation (while preserving
|
||||
compatibility with other ARMv7-A implementations).
|
||||
`-mabi=aapcs-linux` switches to the AAPCS ABI for GNU/Linux.
|
||||
* **i686**: `-march=i686` is used to select a minmum support CPU level
|
||||
of i686 (corresponding to the Pentium Pro). SSE2 support is enabled
|
||||
with `-msse2` (so only CPUs with SSE2 support can run the compiled
|
||||
code; SSE2 was introduced first with the Pentium 4).
|
||||
`-mtune=generic` activates tuning for a current blend of CPUs (under
|
||||
the assumption that most users of i686 packages obtain them through
|
||||
an x86_64 installation on current hardware). `-mfpmath=sse`
|
||||
instructs GCC to use the SSE2 unit for floating point math to avoid
|
||||
excess precision issues. `-mstackrealign` avoids relying on the
|
||||
stack alignment guaranteed by the current version of the i386 ABI.
|
||||
* **ppc64le**: `-mcpu=power8 -mtune=power8` selects a minimum
|
||||
supported CPU level of POWER8 (the first CPU with ppc64le support)
|
||||
and tunes for POWER8.
|
||||
* **s390x**: `-march=zEC12 -mtune=z13` specifies a minimum supported
|
||||
CPU level of zEC12, while optimizing for a subsequent CPU generation
|
||||
(z13).
|
||||
* **x86_64**: `-mtune=generic` selects tuning which is expected to
|
||||
beneficial for a broad range of current CPUs. Distribution-specific
|
||||
defaults for `-march=x86-64-v2` or `-march=x86-64-v3` may be
|
||||
applied. The default can be overriden (for any distribution)
|
||||
by specifying `--target x86_64_v2`, `--target x86_64_v3`,
|
||||
`--target x86_64_v4` in the `rpmbuild` invocation.
|
||||
With the GCC toolchain, TLS descriptors are enabled using
|
||||
`-mtls-dialect=gnu2`.
|
||||
* **aarch64** does not have any architecture-specific tuning.
|
||||
|
||||
### Vala-specific compiler flags
|
||||
|
||||
* `-g`: causes valac to emit `#line` directives in the generated C
|
||||
source code. This improves backtrace generation by causing gdb to
|
||||
point to Vala source file and line number instead of the generated C
|
||||
source when possible.
|
||||
|
||||
# Individual linker flags
|
||||
|
||||
Linker flags end up in the environment variable `LDFLAGS`.
|
||||
|
||||
The linker flags listed below are injected. Note that they are
|
||||
prefixed with `-Wl` because it is expected that these flags are passed
|
||||
to the compiler driver `gcc`, and not directly to the link editor
|
||||
`ld`.
|
||||
|
||||
* `-z relro`: Activate the *read-only after relocation* feature.
|
||||
Constant data and relocations are placed on separate pages, and the
|
||||
dynamic linker is instructed to revoke write permissions after
|
||||
dynamic linking. Full protection of relocation data requires the
|
||||
`-z now` flag (see below).
|
||||
* `--as-needed`: In the final link, only generate ELF dependencies
|
||||
for shared objects that actually provide symbols required by the link.
|
||||
Shared objects which are not needed to fulfill symbol dependencies
|
||||
are essentially ignored due to this flag.
|
||||
* `-z pack-relative-relocs`: Use the portable `DT_RELR` scheme for
|
||||
relative relocations, resulting in reduced startup time compared to
|
||||
legacy architecture-specific relocations. (`-z pack-relative-relocs`
|
||||
is currently disabled on aarch64 and s390x due to toolchain limitations.)
|
||||
* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
|
||||
(optional, see above).
|
||||
|
||||
For hardened builds, some more linker options are added to the
|
||||
compiler driver command line. These can be disabled by undefining the
|
||||
`%_hardened_build` macro - see above.
|
||||
|
||||
* `-pie`: Produce a PIE binary. This is only activated for the main
|
||||
executable, and only if it is dynamically linked. This requires
|
||||
that all objects which are linked in the main executable have been
|
||||
compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
|
||||
By itself, `-pie` has only a slight performance impact because it
|
||||
disables some link editor optimization, however the `-fPIE` compiler
|
||||
flag has some overhead.
|
||||
Note: this option is added via adding a spec file to the compiler
|
||||
driver command line (`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld`)
|
||||
rather than using the `-Wl` mechanism mentioned above. As a result
|
||||
this option is only enabled if the compiler driver is gcc.
|
||||
* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
|
||||
linker feature. Lazy binding involves an array of function pointers
|
||||
which is writable at run time (which could be overwritten as part of
|
||||
security exploits, redirecting execution). Therefore, it is
|
||||
preferable to turn of lazy binding, although it increases startup
|
||||
time.
|
||||
|
||||
In addition hardened builds default to converting a couple of linker
|
||||
warning messages into errors, because they represent potential
|
||||
missed hardening opportunities, and warnings in the linker's output are
|
||||
often ignored. This behaviour can be turned off by undefining the
|
||||
`%_hardened_build` macro as mentioned above, or by undefining the
|
||||
`%_hardened_linker_errors` macro. The linker options enabled by this
|
||||
feature are:
|
||||
|
||||
* `--error-rwx-segments`: Generates an error if an output binary would
|
||||
contain a loadable memory segment with read, write and execute
|
||||
permissions. It will also generate an error if a thread local
|
||||
storage (TLS) segment is created with execute permission. The
|
||||
error can be disabled on an individual basis by adding the
|
||||
`--no-warn-rwx-segments` option to the linker command line.
|
||||
* `--error-execstack`: Generates an error if an output binary would
|
||||
contain a stack that is held in memory with execute permission.
|
||||
If a binary is being intentionally created with an executable stack
|
||||
then the linker command line option `-z execstack` can be used to
|
||||
indicate this.
|
||||
|
||||
Note: these options are added via a spec file on the compiler driver
|
||||
command line (`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors`)
|
||||
rather than using the `-Wl` mechanism mentioned above. As a result
|
||||
these options are only enabled if the compiler driver is gcc. In
|
||||
addition the spec file only adds the options if the `-fuse-ld=...`
|
||||
option has not been enabled. This prevents the options from being
|
||||
used when the gold or lld linkers are enabled.
|
||||
|
||||
# Support for extension builders
|
||||
|
||||
Some packages include extension builders that allow users to build
|
||||
extension modules (which are usually written in C and C++) under the
|
||||
control of a special-purpose build system. This is a common
|
||||
functionality provided by scripting languages such as Python and Perl.
|
||||
Traditionally, such extension builders captured the Fedora build flags
|
||||
when these extension were built. However, these compiler flags are
|
||||
adjusted for a specific Fedora release and toolchain version and
|
||||
therefore do not work with a custom toolchain (e.g., different C/C++
|
||||
compilers), and users might want to build their own extension modules
|
||||
with such toolchains.
|
||||
|
||||
The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
|
||||
`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
|
||||
flags that have been adjusted for compatibility with alternative
|
||||
toolchains.
|
||||
|
||||
Currently the -fexceptions and -fcf-protection flags are preserved
|
||||
for binary compatibility with the languages the extensions are
|
||||
built against.
|
||||
|
||||
Extension builders should detect whether they are performing a regular
|
||||
RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable). In this
|
||||
case, they should use the *current* set of Fedora build flags (that
|
||||
is, the output from `rpm --eval '%{build_cflags}'` and related
|
||||
commands). Otherwise, when not performing an RPM build, they can
|
||||
either use hard-coded extension builder flags (thus avoiding a
|
||||
run-time dependency on `redhat-rpm-config`), or use the current
|
||||
extension builder flags (with a run-time dependency on
|
||||
`redhat-rpm-config`).
|
||||
|
||||
As a result, extension modules built for Fedora will use the official
|
||||
Fedora build flags, while users will still be able to build their own
|
||||
extension modules with custom toolchains.
|
294
common.lua
294
common.lua
@ -1,294 +0,0 @@
|
||||
-- Convenience Lua functions that can be used within rpm macros
|
||||
|
||||
-- Reads an rpm variable. Unlike a basic rpm.expand("{?foo}"), returns nil if
|
||||
-- the variable is unset, which is convenient in lua tests and enables
|
||||
-- differentiating unset variables from variables set to ""
|
||||
local function read(rpmvar)
|
||||
if not rpmvar or
|
||||
(rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
|
||||
return nil
|
||||
else
|
||||
return rpm.expand("%{?" .. rpmvar .. "}")
|
||||
end
|
||||
end
|
||||
|
||||
-- Returns true if the macro that called this function had flag set
|
||||
-- – for example, hasflag("z") would give the following results:
|
||||
-- %foo -z bar → true
|
||||
-- %foo -z → true
|
||||
-- %foo → false
|
||||
local function hasflag(flag)
|
||||
return (rpm.expand("%{-" .. flag .. "}") ~= "")
|
||||
end
|
||||
|
||||
-- Returns the argument passed to flag in the macro that called this function
|
||||
-- – for example, readflag("z") would give the following results:
|
||||
-- %foo -z bar → bar
|
||||
-- %foo → nil
|
||||
-- %foo -z "" → empty string
|
||||
-- %foo -z '' → empty string
|
||||
local function readflag(flag)
|
||||
if not hasflag(flag) then
|
||||
return nil
|
||||
else
|
||||
local a = rpm.expand("%{-" .. flag .. "*}")
|
||||
-- Handle "" and '' as empty strings
|
||||
if (a == '""') or (a == "''") then
|
||||
a = ''
|
||||
end
|
||||
return a
|
||||
end
|
||||
end
|
||||
|
||||
-- Sets a spec variable; echoes the result if verbose
|
||||
local function explicitset(rpmvar, value, verbose)
|
||||
local value = value
|
||||
if (value == nil) or (value == "") then
|
||||
value = "%{nil}"
|
||||
end
|
||||
rpm.define(rpmvar .. " " .. value)
|
||||
if verbose then
|
||||
rpm.expand("%{warn:Setting %%{" .. rpmvar .. "} = " .. value .. "}")
|
||||
end
|
||||
end
|
||||
|
||||
-- Unsets a spec variable if it is defined; echoes the result if verbose
|
||||
local function explicitunset(rpmvar, verbose)
|
||||
if (rpm.expand("%{" .. rpmvar .. "}") ~= "%{" .. rpmvar .. "}") then
|
||||
rpm.define(rpmvar .. " %{nil}")
|
||||
if verbose then
|
||||
rpm.expand("%{warn:Unsetting %%{" .. rpmvar .. "}}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
-- Sets a spec variable, if not already set; echoes the result if verbose
|
||||
local function safeset(rpmvar, value, verbose)
|
||||
if (rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
|
||||
explicitset(rpmvar,value,verbose)
|
||||
end
|
||||
end
|
||||
|
||||
-- Aliases a list of rpm variables to the same variables suffixed with 0 (and
|
||||
-- vice versa); echoes the result if verbose
|
||||
local function zalias(rpmvars, verbose)
|
||||
for _, sfx in ipairs({{"","0"},{"0",""}}) do
|
||||
for _, rpmvar in ipairs(rpmvars) do
|
||||
local toalias = "%{?" .. rpmvar .. sfx[1] .. "}"
|
||||
if (rpm.expand(toalias) ~= "") then
|
||||
safeset(rpmvar .. sfx[2], toalias, verbose)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
-- Takes a list of rpm variable roots and a suffix and alias current<root> to
|
||||
-- <root><suffix> if it resolves to something not empty
|
||||
local function setcurrent(rpmvars, suffix, verbose)
|
||||
for _, rpmvar in ipairs(rpmvars) do
|
||||
if (rpm.expand("%{?" .. rpmvar .. suffix .. "}") ~= "") then
|
||||
explicitset( "current" .. rpmvar, "%{" .. rpmvar .. suffix .. "}", verbose)
|
||||
else
|
||||
explicitunset("current" .. rpmvar, verbose)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
-- Echo the list of rpm variables, with suffix, if set
|
||||
local function echovars(rpmvars, suffix)
|
||||
for _, rpmvar in ipairs(rpmvars) do
|
||||
rpmvar = rpmvar .. suffix
|
||||
local header = string.sub(" " .. rpmvar .. ": ",1,21)
|
||||
rpm.expand("%{?" .. rpmvar .. ":%{echo:" .. header .. "%{?" .. rpmvar .. "}}}")
|
||||
end
|
||||
end
|
||||
|
||||
-- Returns an array, indexed by suffix, containing the non-empy values of
|
||||
-- <rpmvar><suffix>, with suffix an integer string or the empty string
|
||||
local function getsuffixed(rpmvar)
|
||||
local suffixes = {}
|
||||
zalias({rpmvar})
|
||||
for suffix=0,9999 do
|
||||
local value = rpm.expand("%{?" .. rpmvar .. suffix .. "}")
|
||||
if (value ~= "") then
|
||||
suffixes[tostring(suffix)] = value
|
||||
end
|
||||
end
|
||||
-- rpm convention is to alias no suffix to zero suffix
|
||||
-- only add no suffix if zero suffix is different
|
||||
local value = rpm.expand("%{?" .. rpmvar .. "}")
|
||||
if (value ~= "") and (value ~= suffixes["0"]) then
|
||||
suffixes[""] = value
|
||||
end
|
||||
return suffixes
|
||||
end
|
||||
|
||||
-- Returns the list of suffixes, including the empty string, for which
|
||||
-- <rpmvar><suffix> is set to a non empty value
|
||||
local function getsuffixes(rpmvar)
|
||||
suffixes = {}
|
||||
for suffix in pairs(getsuffixed(rpmvar)) do
|
||||
table.insert(suffixes,suffix)
|
||||
end
|
||||
table.sort(suffixes,
|
||||
function(a,b) return (tonumber(a) or 0) < (tonumber(b) or 0) end)
|
||||
return suffixes
|
||||
end
|
||||
|
||||
-- Returns the suffix for which <rpmvar><suffix> has a non-empty value that
|
||||
-- matches best the beginning of the value string
|
||||
local function getbestsuffix(rpmvar, value)
|
||||
local best = nil
|
||||
local currentmatch = ""
|
||||
for suffix, setvalue in pairs(getsuffixed(rpmvar)) do
|
||||
if (string.len(setvalue) > string.len(currentmatch)) and
|
||||
(string.find(value, "^" .. setvalue)) then
|
||||
currentmatch = setvalue
|
||||
best = suffix
|
||||
end
|
||||
end
|
||||
return best
|
||||
end
|
||||
|
||||
-- %writevars core
|
||||
local function writevars(macrofile, rpmvars)
|
||||
for _, rpmvar in ipairs(rpmvars) do
|
||||
print("sed -i 's\029" .. string.upper("@@" .. rpmvar .. "@@") ..
|
||||
"\029" .. rpm.expand( "%{" .. rpmvar .. "}" ) ..
|
||||
"\029g' " .. macrofile .. "\n")
|
||||
end
|
||||
end
|
||||
|
||||
-- https://github.com/rpm-software-management/rpm/issues/566
|
||||
-- Reformat a text intended to be used used in a package description, removing
|
||||
-- rpm macro generation artefacts.
|
||||
-- – remove leading and ending empty lines
|
||||
-- – trim intermediary empty lines to a single line
|
||||
-- – fold on spaces
|
||||
-- Should really be a %%{wordwrap:…} verb
|
||||
local function wordwrap(text)
|
||||
text = rpm.expand(text .. "\n")
|
||||
text = string.gsub(text, "\t", " ")
|
||||
text = string.gsub(text, "\r", "\n")
|
||||
text = string.gsub(text, " +\n", "\n")
|
||||
text = string.gsub(text, "\n+\n", "\n\n")
|
||||
text = string.gsub(text, "^\n", "")
|
||||
text = string.gsub(text, "\n( *)[-*—][ ]+", "\n%1– ")
|
||||
output = ""
|
||||
for line in string.gmatch(text, "[^\n]*\n") do
|
||||
local pos = 0
|
||||
local advance = ""
|
||||
for word in string.gmatch(line, "%s*[^%s]*\n?") do
|
||||
local wl, bad = utf8.len(word)
|
||||
if not wl then
|
||||
print("%{warn:Invalid UTF-8 sequence detected in:}" ..
|
||||
"%{warn:" .. word .. "}" ..
|
||||
"%{warn:It may produce unexpected results.}")
|
||||
wl = bad
|
||||
end
|
||||
if (pos == 0) then
|
||||
advance, n = string.gsub(word, "^(%s*– ).*", "%1")
|
||||
if (n == 0) then
|
||||
advance = string.gsub(word, "^(%s*).*", "%1")
|
||||
end
|
||||
advance = string.gsub(advance, "– ", " ")
|
||||
pos = pos + wl
|
||||
elseif (pos + wl < 81) or
|
||||
((pos + wl == 81) and string.match(word, "\n$")) then
|
||||
pos = pos + wl
|
||||
else
|
||||
word = advance .. string.gsub(word, "^%s*", "")
|
||||
output = output .. "\n"
|
||||
pos = utf8.len(word)
|
||||
end
|
||||
output = output .. word
|
||||
if pos > 80 then
|
||||
pos = 0
|
||||
if not string.match(word, "\n$") then
|
||||
output = output .. "\n"
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
output = string.gsub(output, "\n*$", "\n")
|
||||
return output
|
||||
end
|
||||
|
||||
-- Because rpmbuild will fail if a subpackage is declared before the source
|
||||
-- package itself, provide a source package declaration shell as fallback.
|
||||
local function srcpkg(verbose)
|
||||
if verbose then
|
||||
rpm.expand([[
|
||||
%{echo:Creating a header for the SRPM from %%{source_name}, %%{source_summary} and}
|
||||
%{echo:%%{source_description}. If that is not the intended result, please declare the}
|
||||
%{echo:SRPM header and set %%{source_name} in your spec file before calling a macro}
|
||||
%{echo:that creates other package headers.}
|
||||
]])
|
||||
end
|
||||
print(rpm.expand([[
|
||||
Name: %{source_name}
|
||||
Summary: %{source_summary}
|
||||
%description
|
||||
%wordwrap -v source_description
|
||||
]]))
|
||||
explicitset("currentname", "%{source_name}", verbose)
|
||||
end
|
||||
|
||||
-- %new_package core
|
||||
local function new_package(source_name, pkg_name, name_suffix, first, verbose)
|
||||
-- Safety net when the wrapper is used in conjunction with traditional syntax
|
||||
if (not first) and (not source_name) then
|
||||
rpm.expand([[
|
||||
%{warn:Something already set a package name. However, %%{source_name} is not set.}
|
||||
%{warn:Please set %%{source_name} to the SRPM name to ensure reliable processing.}
|
||||
]])
|
||||
if name_suffix then
|
||||
print(rpm.expand("%package " .. name_suffix))
|
||||
else
|
||||
print(rpm.expand("%package -n " .. pkg_name))
|
||||
end
|
||||
return
|
||||
end
|
||||
-- New processing
|
||||
if not (pkg_name or name_suffix or source_name) then
|
||||
rpm.expand([[
|
||||
%{error:You need to set %%{source_name} or provide explicit package naming!}
|
||||
]])
|
||||
end
|
||||
if name_suffix then
|
||||
print(rpm.expand("%package " .. name_suffix))
|
||||
explicitset("currentname", "%{source_name}-" .. name_suffix, verbose)
|
||||
else
|
||||
if not source_name then
|
||||
source_name = pkg_name
|
||||
end
|
||||
if (pkg_name == source_name) then
|
||||
safeset("source_name", source_name, verbose)
|
||||
print(rpm.expand("Name: %{source_name}"))
|
||||
else
|
||||
if source_name and first then
|
||||
srcpkg(verbose)
|
||||
end
|
||||
print(rpm.expand("%package -n " .. pkg_name))
|
||||
end
|
||||
explicitset("currentname", pkg_name, verbose)
|
||||
end
|
||||
end
|
||||
|
||||
return {
|
||||
read = read,
|
||||
hasflag = hasflag,
|
||||
readflag = readflag,
|
||||
explicitset = explicitset,
|
||||
explicitunset = explicitunset,
|
||||
safeset = safeset,
|
||||
zalias = zalias,
|
||||
setcurrent = setcurrent,
|
||||
echovars = echovars,
|
||||
getsuffixed = getsuffixed,
|
||||
getsuffixes = getsuffixes,
|
||||
getbestsuffix = getbestsuffix,
|
||||
writevars = writevars,
|
||||
wordwrap = wordwrap,
|
||||
new_package = new_package,
|
||||
}
|
1774
config.guess
vendored
1774
config.guess
vendored
File diff suppressed because it is too large
Load Diff
1907
config.sub
vendored
1907
config.sub
vendored
File diff suppressed because it is too large
Load Diff
479
macros
479
macros
@ -1,479 +0,0 @@
|
||||
# Per-platform rpm configuration file.
|
||||
|
||||
#==============================================================================
|
||||
# ---- per-platform macros.
|
||||
#
|
||||
%_vendor redhat
|
||||
%_os linux
|
||||
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
|
||||
|
||||
#==============================================================================
|
||||
# ---- configure macros. note that most of these are inherited
|
||||
# from the defaults.
|
||||
#
|
||||
%_localstatedir /var
|
||||
%_runstatedir /run
|
||||
|
||||
%_pkgdocdir %{_docdir}/%{name}
|
||||
%_docdir_fmt %%{NAME}
|
||||
|
||||
%_fmoddir %{_libdir}/gfortran/modules
|
||||
|
||||
%source_date_epoch_from_changelog 1
|
||||
%clamp_mtime_to_source_date_epoch %source_date_epoch_from_changelog
|
||||
|
||||
%_enable_debug_packages 1
|
||||
%_include_minidebuginfo 1
|
||||
%_include_gdb_index 1
|
||||
%_debugsource_packages 1
|
||||
%_debuginfo_subpackages 1
|
||||
|
||||
# GCC toolchain
|
||||
%__cc_gcc gcc
|
||||
%__cxx_gcc g++
|
||||
%__cpp_gcc gcc -E
|
||||
|
||||
# Clang toolchain
|
||||
%__cc_clang clang
|
||||
%__cxx_clang clang++
|
||||
%__cpp_clang clang-cpp
|
||||
|
||||
# Default to the GCC toolchain
|
||||
%toolchain gcc
|
||||
|
||||
%__cc %{expand:%%{__cc_%{toolchain}}}
|
||||
%__cxx %{expand:%%{__cxx_%{toolchain}}}
|
||||
%__cpp %{expand:%%{__cpp_%{toolchain}}}
|
||||
|
||||
# Compiler macros to use for invoking compilers in spec files for packages that
|
||||
# want to use the default compiler and don't care which compiler that is.
|
||||
%build_cc %{__cc}
|
||||
%build_cxx %{__cxx}
|
||||
%build_cpp %{__cpp}
|
||||
|
||||
#==============================================================================
|
||||
# ---- compiler flags.
|
||||
|
||||
# C compiler flags. This is traditionally called CFLAGS in makefiles.
|
||||
# Historically also available as %%{optflags}, and %%build sets the
|
||||
# environment variable RPM_OPT_FLAGS to this value.
|
||||
%build_cflags %{__build_flags_lang_c} %{?_distro_extra_cflags}
|
||||
|
||||
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
|
||||
%build_cxxflags %{__build_flags_lang_cxx} %{?_distro_extra_cxxflags}
|
||||
|
||||
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
|
||||
# the corresponding variable names.
|
||||
%build_fflags %{__build_flags_common} -I%{_fmoddir} %{?_distro_extra_fflags}
|
||||
|
||||
# Vala compiler flags. This is used to set VALAFLAGS.
|
||||
%build_valaflags -g
|
||||
|
||||
# When clang is used as a linker driver, it does not auto-detect the LTO
|
||||
# bytecode and neither does bfd, so we need to explicitly pass the -flto
|
||||
# flag when linking.
|
||||
%_clang_extra_ldflags %{?_lto_cflags}
|
||||
|
||||
# Link editor flags. This is usually called LDFLAGS in makefiles.
|
||||
# (Some makefiles use LFLAGS instead.) The default value assumes that
|
||||
# the flags, while intended for ld, are still passed through the gcc
|
||||
# compiler driver. At the beginning of %%build, the environment
|
||||
# variable RPM_LD_FLAGS to this value.
|
||||
%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_ld_pack_relocs_flags} %{_hardened_ldflags} %{_annotation_ldflags} %[ "%{toolchain}" == "clang" ? "%{?_clang_extra_ldflags}" : "" ] %{_build_id_flags} %{?_package_note_flags} %{?_distro_extra_ldflags}
|
||||
|
||||
# Expands to shell code to set the compiler/linker environment
|
||||
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, VALAFLAGS, LDFLAGS if they
|
||||
# have not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
|
||||
# been set implicitly at the start of the %%build section.
|
||||
# LT_SYS_LIBRARY_PATH is used by libtool script.
|
||||
# RUSTFLAGS is only set when %%{build_rustflags} is available.
|
||||
%set_build_flags \
|
||||
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
|
||||
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
|
||||
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
|
||||
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
|
||||
VALAFLAGS="${VALAFLAGS:-%{build_valaflags}}" ; export VALAFLAGS ;%{?build_rustflags:
|
||||
RUSTFLAGS="${RUSTFLAGS:-%{build_rustflags}}" ; export RUSTFLAGS ;} \
|
||||
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
|
||||
LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH ; \
|
||||
CC="${CC:-%{__cc}}" ; export CC ; \
|
||||
CXX="${CXX:-%{__cxx}}" ; export CXX
|
||||
|
||||
# Automatically use set_build_flags macro for build, check, and
|
||||
# install phases.
|
||||
# Use "%undefine _auto_set_build_flags" to disable"
|
||||
%_auto_set_build_flags 1
|
||||
%__spec_build_pre %{___build_pre} \
|
||||
%{?_auto_set_build_flags:%{set_build_flags}} \
|
||||
%{?_generate_package_note_file}
|
||||
|
||||
%__spec_check_pre %{___build_pre} \
|
||||
%{?_auto_set_build_flags:%{set_build_flags}} \
|
||||
%{?_generate_package_note_file}
|
||||
|
||||
# Internal-only. Do not use. Expand a variable and strip the flags
|
||||
# not suitable to extension builders.
|
||||
%__extension_strip_flags() %{lua:
|
||||
--the only argument to this macro is the "name" of the flags we strip (e.g. cflags, ldflags, etc.)
|
||||
local name = rpm.expand("%{1}")
|
||||
--store all the individual flags in a variable as a continuous string
|
||||
local flags = rpm.expand("%{build_" .. name .. "}")
|
||||
--create an empty table for the minimal set of flags we wanna preserve
|
||||
local stripped_flags = { }
|
||||
--iterate over the individual flags and store the ones we want in the table as unique keys
|
||||
for flag in flags:gmatch("%S+") do
|
||||
if flag:find("^%-fexceptions") or flag:find("^%-fcf%-protection") then
|
||||
stripped_flags[flag] = true end
|
||||
end
|
||||
--print out the finalized set of flags for use by the extension builders
|
||||
for k,_ in pairs(stripped_flags) do print(k .. " ") end
|
||||
}
|
||||
|
||||
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
|
||||
# extension builders.
|
||||
%extension_cflags %{__extension_strip_flags cflags}
|
||||
%extension_cxxflags %{__extension_strip_flags cxxflags}
|
||||
%extension_fflags %{__extension_strip_flags fflags}
|
||||
%extension_ldflags %{__extension_strip_flags ldflags}
|
||||
|
||||
# Deprecated names. For backwards compatibility only.
|
||||
%__global_cflags %{build_cflags}
|
||||
%__global_cxxflags %{build_cxxflags}
|
||||
%__global_fflags %{build_fflags}
|
||||
%__global_fcflags %{build_fflags}
|
||||
%__global_ldflags %{build_ldflags}
|
||||
|
||||
# Architecture-specific support. Internal. Do not use directly.
|
||||
|
||||
%__cflags_arch_x86_64_level %[0%{?rhel} == 9 ? "-v2" : ""]%[0%{?rhel} > 9 ? "-v3" : ""]
|
||||
%__cflags_arch_x86_64 -march=x86-64%{?__cflags_arch_x86_64_level:%{__cflags_arch_x86_64_level}}
|
||||
|
||||
# -mtls-dialect=gnu2 is currently specific to GCC (#2263181).
|
||||
%__cflags_arch_x86_64_common -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection %[ "%{toolchain}" == "gcc" ? "-mtls-dialect=gnu2 " : "" ]%{_frame_pointers_cflags} %{_frame_pointers_cflags_x86_64}
|
||||
|
||||
# Also used for s390.
|
||||
%__cflags_arch_s390x %[0%{?rhel} >= 9 ? "-march=z14 -mtune=z15" : "-march=z13 -mtune=z14"]
|
||||
|
||||
%__cflags_arch_ppc64le %[0%{?rhel} >= 9 ? "-mcpu=power9 -mtune=power9" : "-mcpu=power8 -mtune=power8"]
|
||||
|
||||
#==============================================================================
|
||||
# ---- configure and makeinstall.
|
||||
#
|
||||
%_configure_gnuconfig_hack 1
|
||||
%_configure_libtool_hardening_hack 1
|
||||
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
|
||||
# to be added to the list of options passed to the configure script.
|
||||
# Eventually we'll want to turn this on by default, but this gives packagers a
|
||||
# way to turn it back off.
|
||||
# %_configure_disable_silent_rules 1
|
||||
|
||||
# Pass --runstatedir to configure.
|
||||
%_configure_use_runstatedir 1
|
||||
|
||||
# This fixes various easy resolved configure tests that are compromised by LTO.
|
||||
#
|
||||
# We use this within the standard %configure macro, but also make it available
|
||||
# for packages which don't use %configure
|
||||
#
|
||||
# The first three are common ways to test for the existence of a function, so
|
||||
# we ensure the reference to the function is preserved
|
||||
#
|
||||
# The fourth are constants used to then try to generate NaNs and other key
|
||||
# floating point numbers. We then use those special FP numbers to try and
|
||||
# raise a SIGFPE. By declaring x & y volatile we prevent the optimizers
|
||||
# from removing the computation
|
||||
#
|
||||
# The fifth (and worst) addresses problems with autoconf/libtool's approach
|
||||
# to extracting symbols from .o files and generating C code. In an LTO world
|
||||
# types matter much more closely and you can't have an object in one context
|
||||
# that is a function definition and a simple scalar variable in another.
|
||||
# Thankfully HP-UX has always had that restriction and is supported by
|
||||
# autoconf/libtool. The insane sed script replaces the "generic" code with
|
||||
# the HP-UX version.
|
||||
#
|
||||
# If we do not make changes, we put the original file back. This avoids
|
||||
# unnecessary rebuilds of things that may have dependencies on the configure
|
||||
# files.
|
||||
#
|
||||
%_fix_broken_configure_for_lto \
|
||||
for file in $(find . -type f -name configure -print); do \
|
||||
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\) = /__attribute__ ((used)) char (*f) () = /g' $file; \
|
||||
diff -u $file.backup $file && mv $file.backup $file \
|
||||
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\);/__attribute__ ((used)) char (*f) ();/g' $file; \
|
||||
diff -u $file.backup $file && mv $file.backup $file \
|
||||
%{__sed} -r --in-place=.backup 's/^char \\$2 \\(\\);/__attribute__ ((used)) char \\$2 ();/g' $file; \
|
||||
diff -u $file.backup $file && mv $file.backup $file \
|
||||
%{__sed} --in-place=.backup '1{$!N;$!N};$!N;s/int x = 1;\\nint y = 0;\\nint z;\\nint nan;/volatile int x = 1; volatile int y = 0; volatile int z, nan;/;P;D' $file; \
|
||||
diff -u $file.backup $file && mv $file.backup $file \
|
||||
%{__sed} --in-place=.backup 's#^lt_cv_sys_global_symbol_to_cdecl=.*#lt_cv_sys_global_symbol_to_cdecl="sed -n -e '"'"'s/^T .* \\\\(.*\\\\)$/extern int \\\\1();/p'"'"' -e '"'"'s/^$symcode* .* \\\\(.*\\\\)$/extern char \\\\1;/p'"'"'"#' $file; \
|
||||
diff -u $file.backup $file && mv $file.backup $file \
|
||||
done
|
||||
|
||||
%configure \
|
||||
%{set_build_flags}; \
|
||||
[ "%{_lto_cflags}"x != x ] && %{_fix_broken_configure_for_lto}; \
|
||||
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
|
||||
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
|
||||
done ; \
|
||||
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
|
||||
for i in $(find . -name ltmain.sh) ; do \
|
||||
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
|
||||
done ; \
|
||||
%{_configure} --build=%{_build} --host=%{_host} \\\
|
||||
--program-prefix=%{?_program_prefix} \\\
|
||||
--disable-dependency-tracking \\\
|
||||
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
|
||||
--prefix=%{_prefix} \\\
|
||||
--exec-prefix=%{_exec_prefix} \\\
|
||||
--bindir=%{_bindir} \\\
|
||||
--sbindir=%{_sbindir} \\\
|
||||
--sysconfdir=%{_sysconfdir} \\\
|
||||
--datadir=%{_datadir} \\\
|
||||
--includedir=%{_includedir} \\\
|
||||
--libdir=%{_libdir} \\\
|
||||
--libexecdir=%{_libexecdir} \\\
|
||||
--localstatedir=%{_localstatedir} \\\
|
||||
%{?_configure_use_runstatedir:$(grep -q "runstatedir=DIR" %{_configure} && echo '--runstatedir=%{_runstatedir}')} \\\
|
||||
--sharedstatedir=%{_sharedstatedir} \\\
|
||||
--mandir=%{_mandir} \\\
|
||||
--infodir=%{_infodir}
|
||||
|
||||
#==============================================================================
|
||||
# ---- Build policy macros.
|
||||
#
|
||||
#
|
||||
#---------------------------------------------------------------------
|
||||
# Expanded at beginning of %install scriptlet.
|
||||
#
|
||||
|
||||
%__spec_install_pre %{___build_pre}\
|
||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
|
||||
mkdir -p "`dirname "$RPM_BUILD_ROOT"`"\
|
||||
mkdir "$RPM_BUILD_ROOT"\
|
||||
%{?_auto_set_build_flags:%{set_build_flags}}\
|
||||
%{nil}
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
# Expanded at end of %install scriptlet.
|
||||
#
|
||||
|
||||
%__arch_install_post /usr/lib/rpm/check-buildroot
|
||||
|
||||
# Build root policy macros. Standard naming:
|
||||
# convert all '-' in basename to '_', add two leading underscores.
|
||||
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
|
||||
%__brp_compress /usr/lib/rpm/brp-compress
|
||||
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
|
||||
%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
|
||||
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
|
||||
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
|
||||
%__brp_check_rpaths /usr/lib/rpm/check-rpaths
|
||||
# __brp_mangle_shebangs_exclude - shebangs to exclude
|
||||
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
|
||||
# __brp_mangle_shebangs_exclude_from - files to ignore
|
||||
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
|
||||
%__brp_mangle_shebangs /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
|
||||
|
||||
%__brp_llvm_compile_lto_elf /usr/lib/rpm/redhat/brp-llvm-compile-lto-elf %{build_cflags} %{build_ldflags}
|
||||
|
||||
# note: %%__os_install_post_python is defined in python-srpm-macros and contains several policies
|
||||
# redhat-rpm-config maintainers, don't remove it from %%__os_install_post unless coordinating the change with Python maintainers
|
||||
# packagers, don't undefine the entire macro, see the individual macros in /usr/lib/rpm/macros.d/macros.python-srpm
|
||||
|
||||
%__os_install_post \
|
||||
%{?__brp_ldconfig} \
|
||||
%{?__brp_compress} \
|
||||
%{!?__debug_package:\
|
||||
%{?__brp_strip} \
|
||||
%{?__brp_strip_comment_note} \
|
||||
} \
|
||||
%{?__brp_strip_lto} \
|
||||
%{?__brp_strip_static_archive} \
|
||||
%{?__brp_check_rpaths} \
|
||||
%{?__brp_mangle_shebangs} \
|
||||
%{?__brp_remove_la_files} \
|
||||
%{__os_install_post_python} \
|
||||
%{nil}
|
||||
|
||||
%__spec_install_post\
|
||||
%[ "%{toolchain}" == "clang" ? "%{?__brp_llvm_compile_lto_elf}" : "%{nil}" ] \
|
||||
%{?__debug_package:%{__debug_install_post}}\
|
||||
%{__arch_install_post}\
|
||||
%{__os_install_post}\
|
||||
%{nil}
|
||||
|
||||
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
|
||||
%%install\
|
||||
%{nil}
|
||||
|
||||
#
|
||||
# Should missing buildids terminate a build?
|
||||
%_missing_build_ids_terminate_build 1
|
||||
|
||||
# Use SHA-256 for FILEDIGESTS instead of default MD5
|
||||
%_source_filedigest_algorithm 8
|
||||
%_binary_filedigest_algorithm 8
|
||||
|
||||
# Use Zstandard compression for binary payloads
|
||||
%_binary_payload w19.zstdio
|
||||
|
||||
#==============================================================================
|
||||
# --- Compiler flags control.
|
||||
#
|
||||
# Please consult buildflags.md for parts that can be configured
|
||||
# from RPM spec files.
|
||||
|
||||
%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
|
||||
%_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg
|
||||
%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} -fstack-protector-strong
|
||||
|
||||
# Have the linker generate errors instead of warnings for binaries that
|
||||
# contain memory regions with both write and execute permissions.
|
||||
# https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues
|
||||
%_hardening_linker_errors %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors" : "" ]
|
||||
%_hardened_linker_errors 1
|
||||
|
||||
# we don't escape symbols '~', '"', etc. so be careful when changing this
|
||||
%_hardening_gcc_ldflags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
|
||||
%_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg
|
||||
%_hardening_ldflags -Wl,-z,now %{expand:%%{_hardening_%{toolchain}_ldflags}}
|
||||
|
||||
# Harden packages by default for Fedora 23+:
|
||||
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
|
||||
# Use "%undefine _hardened_build" to disable.
|
||||
%_hardened_build 1
|
||||
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
|
||||
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
|
||||
|
||||
# Add extra information to binary objects created by the compiler:
|
||||
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
|
||||
# ...except on armv7hl, which has an issue whose root-cause isn't
|
||||
# clear yet: https://bugzilla.redhat.com/show_bug.cgi?id=1951492
|
||||
# Use "%undefine _annotated_build" to disable.
|
||||
%_annotated_build 1
|
||||
%_annobin_gcc_plugin -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
|
||||
# The annobin plugin is not built for clang yet
|
||||
%_annobin_clang_plugin %dnl-fplugin=/usr/lib64/clang/`clang -dumpversion`/lib/annobin.so
|
||||
%_annotation_plugin %{?_annotated_build:%{expand:%%{_annobin_%{toolchain}_plugin}}}
|
||||
%_annotation_cflags %[ "%{_target_cpu}" == "armv7hl" ? "" : "%{_annotation_plugin}" ]
|
||||
%_annotation_ldflags %{?_lto_cflags:%{_annotation_cflags}}
|
||||
# Use the remove-section option to force the find-debuginfo script
|
||||
# to move the annobin notes into the separate debuginfo file.
|
||||
%_find_debuginfo_extra_opts %{?_annotated_build:--remove-section .gnu.build.attributes}
|
||||
|
||||
# Include frame pointer information by default, except on RHEL 10 and earlier
|
||||
# On RHEL 11, we are enabling it for now, with the possibility of revoking it
|
||||
# at a later date.
|
||||
# https://fedoraproject.org/wiki/Changes/fno-omit-frame-pointer
|
||||
# Use "%undefine _include_frame_pointers" to disable.
|
||||
%_include_frame_pointers %{undefined rhel} || 0%{?rhel} >= 11
|
||||
%_frame_pointers_cflags %{expr:0%{?_include_frame_pointers} ? "-fno-omit-frame-pointer" : ""}
|
||||
%_frame_pointers_cflags_x86_64 %{expr:0%{?_include_frame_pointers} ? "-mno-omit-leaf-frame-pointer" : ""}
|
||||
%_frame_pointers_cflags_aarch64 %{expr:0%{?_include_frame_pointers} ? "-mno-omit-leaf-frame-pointer" : ""}
|
||||
%_frame_pointers_cflags_s390x %{expr:0%{?_include_frame_pointers} ? "-mbackchain" : ""}
|
||||
|
||||
# Fail linking if there are undefined symbols. Required for proper
|
||||
# ELF symbol versioning support. Disabled by default.
|
||||
# Use "%define _ld_strict_symbol_defs 1" to enable.
|
||||
#%_ld_strict_symbol_defs 1
|
||||
%_ld_symbols_flags %{?_ld_strict_symbol_defs:-Wl,-z,defs}
|
||||
|
||||
# https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
|
||||
# use "%undefine _ld_as_needed" to disable.
|
||||
%_ld_as_needed 1
|
||||
%_ld_as_needed_flags %{?_ld_as_needed:-Wl,--as-needed}
|
||||
|
||||
# aarch64 and s390x currently do not support packed relocations.
|
||||
%_ld_pack_relocs %[ "%{_arch}" == "x86_64" || "%{_arch}" == "i386" || "%{_arch}" == "ppc64le" || "%{_arch}" == "aarch64" ]
|
||||
%_ld_pack_relocs_flags %[0%{?_ld_pack_relocs} ? "-Wl,-z,pack-relative-relocs" : ""]
|
||||
|
||||
# LTO is the default in Fedora.
|
||||
# "%define _lto_cflags %{nil}" to opt out
|
||||
#
|
||||
# We currently have -ffat-lto-objects turned on out of an abundance of
|
||||
# caution. To remove it we need to do a check of the installed .o/.a files
|
||||
# to verify they have real sections/symbols after LTO stripping. That
|
||||
# way we can detect installing an unusable .o/.a file. This is on the TODO
|
||||
# list for F34.
|
||||
%_gcc_lto_cflags -flto=auto -ffat-lto-objects
|
||||
%_clang_lto_cflags -flto=thin
|
||||
%_lto_cflags %{expand:%%{_%{toolchain}_lto_cflags}}
|
||||
|
||||
# Default fortification level.
|
||||
# "%define _fortify_level 2" to downgrade and
|
||||
# "%define _fortify_level 0" or "%undefine _fortify_level" to disable
|
||||
#
|
||||
# We use a single -Wp here to enforce order so that ccache does not ever
|
||||
# reorder them.
|
||||
%_fortify_level 3
|
||||
%_fortify_level_flags %[ 0%{?_fortify_level} > 0 ? "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=%{_fortify_level}" : "" ]
|
||||
|
||||
# This can be set to a positive integer to obtain increasing type
|
||||
# safety levels for C. See buildflags.md.
|
||||
%build_type_safety_c 3
|
||||
|
||||
# Some linkers default to a build-id algorithm that is not supported by rpmbuild,
|
||||
# so we need to specify the right algorithm to use.
|
||||
%_build_id_flags -Wl,--build-id=sha1
|
||||
|
||||
%_general_options -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
|
||||
%_warning_options -Wall%[%__build_for_lang_any && "%toolchain" == "gcc" ? " -Wno-complain-wrong-lang" : ""]%[%__build_for_lang_c + %__build_for_lang_cxx ? " -Werror=format-security" : ""]%[%__build_for_lang_c && (%build_type_safety_c == 0) ? " -fpermissive" : ""]%[%__build_for_lang_c && (%build_type_safety_c == 1) ? " -Wno-error=int-conversion" : ""]%[%__build_for_lang_c && (%build_type_safety_c > 0 && %build_type_safety_c < 3) ? " -Wno-error=incompatible-pointer-types" : ""]
|
||||
%_preprocessor_defines %{_fortify_level_flags} -Wp,-D_GLIBCXX_ASSERTIONS
|
||||
|
||||
# Common variables are no longer generated by default by gcc and clang
|
||||
# If they are needed then add "%define _legacy_common_support 1" to the spec file.
|
||||
%_legacy_options %{?_legacy_common_support: -fcommon}
|
||||
|
||||
%__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} %{_annotation_cflags} %{_legacy_options}
|
||||
|
||||
# Internal macros. Do not use directly. These variables can be rebound
|
||||
# to suppress certain frontend-specific compiler flags (or in the case
|
||||
# of __build_for_lang_any, frontend-agnostic flags). Dynamic scoping
|
||||
# and shadowing redefinitions are used for the __build_for_* variables
|
||||
# to remain largely compatible with existing spec files that have
|
||||
# hard-coded assumptions which macros assume which other macros.
|
||||
# The __build_flags_no_macro_warning construct suppresses a warning
|
||||
# about unused RPM macros.
|
||||
%__build_for_lang_c 1
|
||||
%__build_for_lang_cxx 1
|
||||
%__build_for_lang_any 1
|
||||
%__build_flags_no_macro_warning %[%__build_for_lang_c + %__build_for_lang_cxx + %__build_for_lang_any ? "" : ""]
|
||||
%__build_flags_common() %{expand:%define __build_for_lang_c 0}%{expand:%define __build_for_lang_cxx 0}%{expand:%define __build_for_lang_any 0}%{__build_flags_no_macro_warning}%{optflags}
|
||||
%__build_flags_lang_c() %{expand:%define __build_for_lang_cxx 0}%{expand:%define __build_for_lang_any 0}%{__build_flags_no_macro_warning}%{optflags}
|
||||
%__build_flags_lang_cxx() %{expand:%define __build_for_lang_c 0}%{expand:%define __build_for_lang_any 0}%{__build_flags_no_macro_warning}%{optflags}
|
||||
|
||||
# Automatically trim changelog entries after 2 years
|
||||
%_changelog_trimage %{expr:2*365*24*60*60}
|
||||
|
||||
#==============================================================================
|
||||
# ---- Generic auto req/prov filtering macros
|
||||
#
|
||||
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
|
||||
|
||||
# prevent anything matching from being scanned for provides
|
||||
%filter_provides_in(P) %{expand: \
|
||||
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
|
||||
}
|
||||
|
||||
# prevent anything matching from being scanned for requires
|
||||
%filter_requires_in(P) %{expand: \
|
||||
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
|
||||
}
|
||||
|
||||
# filter anything matching out of the provides stream
|
||||
%filter_from_provides() %{expand: \
|
||||
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
|
||||
}
|
||||
|
||||
# filter anything matching out of the requires stream
|
||||
%filter_from_requires() %{expand: \
|
||||
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
|
||||
}
|
||||
|
||||
# actually set up the filtering bits
|
||||
%filter_setup %{expand: \
|
||||
%global _use_internal_dependency_generator 0 \
|
||||
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
|
||||
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
|
||||
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
|
||||
}
|
@ -1,103 +0,0 @@
|
||||
# Macros to constrain resource use during the build process
|
||||
|
||||
# Changes _smp_build_ncpus depending on various factors
|
||||
#
|
||||
# -c cpus constrains the CPU count to "cpus"
|
||||
# -m mem constrains the CPU count to the total amount of memory in the system
|
||||
# (in megabytes) divided by "mem", rounded down
|
||||
#
|
||||
# If no options are passed, sets _smp_build_ncpus to 1.
|
||||
# _smp_build_ncpus will never be raised, only lowered.
|
||||
%constrain_build(c:m:) %{lua:
|
||||
|
||||
-- Check a value and clamp it to at least 1
|
||||
local function check_and_clamp(v, string)
|
||||
if v == nil then return nil end
|
||||
|
||||
i = math.tointeger(v)
|
||||
if i == nil then
|
||||
macros.error({"%%%0: invalid "..string.." value "..v})
|
||||
return nil
|
||||
end
|
||||
|
||||
local clamp = math.max(1, math.floor(i))
|
||||
if i ~= clamp then
|
||||
macros.error({"%%%0: invalid "..string.." value "..v})
|
||||
return nil
|
||||
end
|
||||
return clamp
|
||||
end
|
||||
|
||||
-- Parse meminfo to find the total amount of memory in the system
|
||||
local function getmem()
|
||||
local mem = 0
|
||||
for l in io.lines('/proc/meminfo') do
|
||||
if l:sub(1, 9) == "MemTotal:" then
|
||||
mem = math.tointeger(string.match(l, "MemTotal:%s+(%d+)"))
|
||||
break
|
||||
end
|
||||
end
|
||||
return mem
|
||||
end
|
||||
|
||||
local mem_limit = check_and_clamp(opt.m, "mem limit")
|
||||
local cpu_limit = check_and_clamp(opt.c, "cpu limit")
|
||||
local current_cpus = math.tointeger(macros._smp_build_ncpus)
|
||||
local constrained_cpus = current_cpus
|
||||
|
||||
if (not cpu_limit and not mem_limit) then
|
||||
cpu_limit = 1
|
||||
end
|
||||
|
||||
if cpu_limit ~= nil then
|
||||
constrained_cpus = math.min(cpu_limit, constrained_cpus)
|
||||
end
|
||||
if mem_limit ~= nil then
|
||||
local mem_total = getmem(verbose)
|
||||
local limit = math.max(1, mem_total // (mem_limit * 1024))
|
||||
constrained_cpus = math.min(constrained_cpus, limit)
|
||||
end
|
||||
|
||||
macros._smp_build_ncpus = constrained_cpus
|
||||
}
|
||||
|
||||
# outputs build flag overrides to be used in conjunction with
|
||||
# %%make_build, %%cmake_build etc.
|
||||
#
|
||||
# if no override is needed, this macro outputs nothing
|
||||
#
|
||||
# - m memory limit in MBs per core; default is 1024
|
||||
#
|
||||
# Usage:
|
||||
# e.g. %make_build %{limit_build -m 2048}
|
||||
# => /usr/bin/make -O -j16 V=1 VERBOSE=1
|
||||
# %make_build %{limit_build -m 40960}
|
||||
# => /usr/bin/make -O -j16 V=1 VERBOSE=1 -j1
|
||||
#
|
||||
%limit_build(m:) %{lua:
|
||||
local mem_per_process=rpm.expand("%{-m*}")
|
||||
if mem_per_process == "" then
|
||||
mem_per_process = 1024
|
||||
else
|
||||
mem_per_process = tonumber(mem_per_process)
|
||||
end
|
||||
local mem_total = 0
|
||||
for line in io.lines('/proc/meminfo') do
|
||||
if line:sub(1, 9) == "MemTotal:" then
|
||||
local tokens = {}
|
||||
for token in line:gmatch("%w+") do
|
||||
tokens[#tokens + 1] = token
|
||||
end
|
||||
mem_total = tonumber(tokens[2])
|
||||
break
|
||||
end
|
||||
end
|
||||
local max_jobs = mem_total // (mem_per_process * 1024)
|
||||
if max_jobs < 1 then
|
||||
max_jobs = 1
|
||||
end
|
||||
cur_max_jobs=tonumber(rpm.expand("%{_smp_build_ncpus}"))
|
||||
if cur_max_jobs > max_jobs then
|
||||
print("-j" .. max_jobs)
|
||||
end
|
||||
}
|
@ -1,63 +0,0 @@
|
||||
# Fedora macros, safe to use after the SRPM build stage
|
||||
|
||||
# Lists files matching inclusion globs, excluding files matching exclusion
|
||||
# globs
|
||||
# – globs are space-separated lists of shell globs. Such lists require
|
||||
# %{quote:} use when passed as rpm arguments or flags.
|
||||
# Control variables, flags and arguments:
|
||||
# %{listfiles_include} inclusion globs
|
||||
# %{listfiles_exclude} exclusion globs
|
||||
# -i <globs> inclusion globs
|
||||
# -x <globs> exclusion globs
|
||||
# … arguments passed to the macro without flags will be
|
||||
# interpreted as inclusion globs
|
||||
%listfiles(i:x:) %{expand:
|
||||
%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
|
||||
listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
|
||||
%if %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
|
||||
while IFS= read -r finc ; do
|
||||
realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
|
||||
| sort -u | grep -q "${finc}" || echo "${finc}"
|
||||
done <<< "${listfiles_include}"
|
||||
%else
|
||||
echo "${listfiles_include}"
|
||||
%endif
|
||||
%endif
|
||||
}
|
||||
|
||||
# https://github.com/rpm-software-management/rpm/issues/581
|
||||
# Writes the contents of a list of rpm variables to a macro file
|
||||
# Control variables, flags and arguments:
|
||||
# -f <filename> the macro file to process:
|
||||
# – it must contain corresponding anchors
|
||||
# – for example %writevars -f myfile foo bar will replace:
|
||||
# @@FOO@@ with the rpm evaluation of %{foo} and
|
||||
# @@BAR@@ with the rpm evaluation of %{bar}
|
||||
# in myfile
|
||||
%writevars(f:) %{lua:
|
||||
local fedora = require "fedora.common"
|
||||
local macrofile = rpm.expand("%{-f*}")
|
||||
local rpmvars = {}
|
||||
for i = 1, rpm.expand("%#") do
|
||||
table.insert(rpmvars, rpm.expand("%" .. i))
|
||||
end
|
||||
fedora.writevars(macrofile,rpmvars)
|
||||
}
|
||||
|
||||
# gpgverify verifies signed sources. There is documentation in the script.
|
||||
%gpgverify(k:s:d:) %{lua:
|
||||
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
|
||||
local keyring = rpm.expand("%{-k*}")
|
||||
local signature = rpm.expand("%{-s*}")
|
||||
local data = rpm.expand("%{-d*}")
|
||||
print(script)
|
||||
if keyring ~= "" then
|
||||
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
|
||||
end
|
||||
if signature ~= "" then
|
||||
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
|
||||
end
|
||||
if data ~= "" then
|
||||
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
|
||||
end
|
||||
}
|
@ -1,43 +0,0 @@
|
||||
# Fedora macros, safe to use at SRPM build stage
|
||||
|
||||
# A directory for rpm macros
|
||||
%rpmmacrodir /usr/lib/rpm/macros.d
|
||||
|
||||
# A directory for appdata metainfo. This has changed between releases so a
|
||||
# macro is useful.
|
||||
%_metainfodir %{_datadir}/metainfo
|
||||
|
||||
# A directory for SWID tag files describing the installation
|
||||
%_swidtagdir %{_prefix}/lib/swidtag/fedoraproject.org
|
||||
|
||||
# Applies the fedora.wordwrap filter to the content of an rpm variable, and
|
||||
# prints the result.
|
||||
# – putting multiple lines of UTF-8 text inside a variable is usually
|
||||
# accomplished with %{expand:some_text}
|
||||
# Control variables, flags and arguments:
|
||||
# -v <variable_name> (default value: _description)
|
||||
%wordwrap(v:) %{lua:
|
||||
local fedora = require "fedora.common"
|
||||
local variable = "%{?" .. rpm.expand("%{-v*}%{!-v:_description}") .. "}"
|
||||
print(fedora.wordwrap(variable))
|
||||
}
|
||||
|
||||
# A single Name: and %package substitute
|
||||
# Control variables, flags and arguments:
|
||||
# %{source_name} the SRPM name
|
||||
# %{source_summary} the SRPM summary
|
||||
# %{source_description} the SRPM description
|
||||
# -n <name> declare a package named <name>
|
||||
# (%package-like behavior)
|
||||
# -v be verbose
|
||||
# %1 declare a package named %{source_name}-%{%1}
|
||||
# (%package-like behavior)
|
||||
%new_package(n:v) %{lua:
|
||||
local fedora = require "fedora.common"
|
||||
local pkg_name = fedora.readflag("n")
|
||||
local verbose = fedora.hasflag("v")
|
||||
local name_suffix = fedora.read("1")
|
||||
local source_name = fedora.read("source_name")
|
||||
local first = not ( fedora.read("name") or fedora.read("currentname") )
|
||||
fedora.new_package(source_name, pkg_name, name_suffix, first, verbose)
|
||||
}
|
@ -1,2 +0,0 @@
|
||||
# Arches that GAP runs on
|
||||
%gap_arches aarch64 ppc64le s390x x86_64
|
@ -1,2 +0,0 @@
|
||||
# Arches that OpenJDK and dependent packages run on
|
||||
%java_arches aarch64 ppc64le s390x x86_64
|
@ -1,2 +0,0 @@
|
||||
# arches that ldc builds on
|
||||
%ldc_arches %{ix86} x86_64 %{arm} aarch64
|
@ -1,16 +0,0 @@
|
||||
%autorelease(e:s:pb:n) %{?-p:0.}%{lua:
|
||||
release_number = tonumber(rpm.expand("%{?_rpmautospec_release_number}%{!?_rpmautospec_release_number:1}"));
|
||||
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
|
||||
print(release_number + base_release_number - 1);
|
||||
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
|
||||
%autochangelog %{lua:
|
||||
locale = os.setlocale(nil)
|
||||
os.setlocale("C.utf8")
|
||||
date = os.date("%a %b %d %Y")
|
||||
os.setlocale(locale)
|
||||
packager = rpm.expand("%{?packager}%{!?packager:John Doe <packager@example.com>}")
|
||||
evr = rpm.expand("%{?epoch:%{epoch}:}%{version}-%{release}")
|
||||
print("* " .. date .. " " .. packager .. " - " .. evr .. "\\n")
|
||||
print("- local build")
|
||||
}
|
||||
|
@ -1,3 +0,0 @@
|
||||
%bash_completions_dir %{_datadir}/bash-completion/completions
|
||||
%zsh_completions_dir %{_datadir}/zsh/site-functions
|
||||
%fish_completions_dir %{_datadir}/fish/vendor_completions.d
|
@ -1,3 +0,0 @@
|
||||
# valgrind_arches lists what arches Valgrind works on
|
||||
|
||||
%valgrind_arches %{ix86} x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
|
@ -1,5 +0,0 @@
|
||||
*cc1_options:
|
||||
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}
|
||||
|
||||
*cpp_options:
|
||||
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}
|
@ -1 +0,0 @@
|
||||
-pie
|
@ -1 +0,0 @@
|
||||
-fPIE
|
@ -1,2 +0,0 @@
|
||||
*self_spec:
|
||||
+ %{!fuse-ld*:%{!r:-Wl,--error-rwx-segments -Wl,--error-execstack}}
|
31
rpmrc
31
rpmrc
@ -1,31 +0,0 @@
|
||||
include: /usr/lib/rpm/rpmrc
|
||||
|
||||
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} %__cflags_arch_x86_64_common
|
||||
optflags: x86_64_v2 %{__global_compiler_flags} -m64 -march=x86-64-v2 %__cflags_arch_x86_64_common
|
||||
optflags: x86_64_v3 %{__global_compiler_flags} -m64 -march=x86-64-v3 %__cflags_arch_x86_64_common
|
||||
optflags: x86_64_v4 %{__global_compiler_flags} -m64 -march=x86-64-v4 %__cflags_arch_x86_64_common
|
||||
|
||||
optflags: ppc64le %{__global_compiler_flags} -m64 %{__cflags_arch_ppc64le} -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
|
||||
optflags: s390x %{__global_compiler_flags} -m64 %{__cflags_arch_s390x} -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
|
||||
optflags: aarch64 %{__global_compiler_flags} -mbranch-protection=standard -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ] %{_frame_pointers_cflags} %{_frame_pointers_cflags_aarch64}
|
||||
|
||||
optflags: riscv64 %{__global_compiler_flags} -fasynchronous-unwind-tables %{_frame_pointers_cflags}
|
||||
|
||||
# set build arch to fedora buildarches on hardware capable of running it
|
||||
# saves having to do rpmbuild --target=
|
||||
buildarchtranslate: athlon: i686
|
||||
buildarchtranslate: geode: i686
|
||||
buildarchtranslate: pentium4: i686
|
||||
buildarchtranslate: pentium3: i686
|
||||
buildarchtranslate: i686: i686
|
||||
buildarchtranslate: i586: i586
|
||||
|
||||
buildarchtranslate: armv7hl: armv7hl
|
||||
buildarchtranslate: armv7hnl: armv7hl
|
Loading…
Reference in New Issue
Block a user