Compare commits

...

1 Commits
c8 ... c10-beta

Author SHA1 Message Date
bd36fec32a import RHEL 10 Beta redhat-rpm-config-285-1.el10 2024-11-20 13:31:02 +00:00
66 changed files with 6211 additions and 5592 deletions

View File

@ -1,20 +0,0 @@
#! /bin/bash -f
## A counterpart of brp-kmod-set-exec-bits that restores original kmod
## file permissions
# If using normal root, avoid changing anything.
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/" ] || exit 0
# Checking for required programs
which chmod >/dev/null || exit 0
[ -r "$RPM_BUILD_ROOT/kmod-permissions.list" ] || exit 0
while read perm path; do
[ -n "$perm" ] || continue
chmod "$perm" "$RPM_BUILD_ROOT/$path"
done < "$RPM_BUILD_ROOT/kmod-permissions.list"
rm -f "$RPM_BUILD_ROOT/kmod-permissions.list"

View File

@ -1,14 +0,0 @@
#! /bin/bash -fx
## A hack for making brp-strip taking into account kmod files
# If using normal root, avoid changing anything.
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/" ] || exit 0
# Checking for required programs
which find chmod >/dev/null || exit 0
find "$RPM_BUILD_ROOT" \
-name '*.ko' \
-printf '%#m %P\n' \
-exec chmod u+x '{}' \; > "$RPM_BUILD_ROOT/kmod-permissions.list"

View File

@ -1,442 +0,0 @@
This document contains documentation of the individual compiler flags
and how to use them.
[TOC]
# Using RPM build flags
For packages which use autoconf to set up the build environment, use
the `%configure` macro to obtain the full complement of flags, like
this:
%configure
This will invoke the `./configure` with arguments (such as
`--prefix=/usr`) to adjust the paths to the packaging defaults.
Prior to that, some common problems in autotools scripts are
automatically patched across the source tree.
As a side effect, this will set the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by
makefiles and other build tools. (However, existing values for this
variables are not overwritten.)
If your package does not use autoconf, you can still set the same
environment variables using
%set_build_flags
early in the `%build` section. (Again, existing environment variables
are not overwritten.) `%set_build_flags` does not perform autotools
script rewriting, unlike `%configure`.
Individual build flags are also available through RPM macros:
* `%{build_cflags}` for the C compiler flags (also known as the
`CFLAGS` variable). Also historically available as `%{optflags}`.
Furthermore, at the start of the `%build` section, the environment
variable `RPM_OPT_FLAGS` is set to this value.
* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
the `CXXFLAGS` shell variable).
* `%{build_fflags} for `FFLAGS` (the Fortran compiler flags, also
known as the `FCFLAGS` variable).
* `%{build_ldflags}` for the link editor (ld) flags, usually known as
`LDFLAGS`. Note that the contents quotes linker arguments using
`-Wl`, so this variable is intended for use with the `gcc` compiler
driver. At the start of the `%build` section, the environment
variable `RPM_LD_FLAGS` is set to this value.
These RPM macros do not alter shell environment variables.
For some other build tools separate mechanisms exist:
* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
package.
Care must be taking not to compile the current selection of compiler
flags into any RPM package besides `redhat-rpm-config`, so that flag
changes are picked up automatically once `redhat-rpm-config` is
updated.
# Flag selection for the build type
The default flags are suitable for building applications.
For building shared objects, you must compile with `-fPIC` in
(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
For other considerations involving shared objects, see:
* [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)
# Customizing compiler and other build flags
It is possible to set RPM macros to change some aspects of the
compiler flags. Changing these flags should be used as a last
recourse if other workarounds are not available.
### Disable autotools compatibility patching
By default, the invocation of the `%configure` macro replaces
`config.guess` files in the source tree with the system version. To
disable that, define this macro:
%global _configure_gnuconfig_hack 0
`%configure` also patches `ltmain.sh` scripts, so that linker flags
are set as well during libtool-. This can be switched off using:
%global _configure_libtool_hardening_hack 0
### Lazy binding
If your package depends on the semantics of lazy binding (e.g., it has
plugins which load additional plugins to complete their dependencies,
before which some referenced functions are undefined), you should put
`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
which have such requirements. Under these circumstances, it is
unnecessary to disable hardened builds (and thus lose full ASLR for
executables), or link everything without `-Wl,z,now` (non-lazy
binding).
### Hardened builds
By default, the build flags enable fully hardened builds. To change
this, include this in the RPM spec file:
%undefine _hardened_build
This turns off certain hardening features, as described in detail
below. The main difference is that executables will be
position-dependent (no full ASLR) and use lazy binding.
### Annotated builds/watermarking
By default, the build flags cause a special output section to be
included in ELF files which describes certain aspects of the build.
To change this for all compiler invocations, include this in the RPM
spec file:
%undefine _annotated_build
Be warned that this turns off watermarking, making it impossible to do
full hardening coverage analysis for any binaries produced.
It is possible to disable annotations for individual compiler
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
the annobin plugin must still be loaded for this flag to be
recognized, so it has to come after the hardening flags on the command
line (it has to be added at the end of `CFLAGS`, or specified after
the `CFLAGS` variable contents).
### Strict symbol checks in the link editor (ld)
Optionally, the link editor will refuse to link shared objects which
contain undefined symbols. Such symbols lack symbol versioning
information and can be bound to the wrong (compatibility) symbol
version at run time, and not the actual (default) symbol version which
would have been used if the symbol definition had been available at
static link time. Furthermore, at run time, the dynamic linker will
not have complete dependency information (in the form of DT_NEEDED
entries), which can lead to errors (crashes) if IFUNC resolvers are
executed before the shared object containing them is fully relocated.
To switch on these checks, define this macro in the RPM spec file:
%define _strict_symbol_defs_build 1
If this RPM spec option is active, link failures will occur if the
linker command line does not list all shared objects which are needed.
In this case, you need to add the missing DSOs (with linker arguments
such as `-lm`). As a result, the link editor will also generated the
necessary DT_NEEDED entries.
In some cases (such as when a DSO is loaded as a plugin and is
expected to bind to symbols in the main executable), undefined symbols
are expected. In this case, you can add
%undefine _strict_symbol_defs_build
to the RPM spec file to disable these strict checks. Alternatively,
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
command line). The latter needs binutils 2.29.1-12.fc28 or later.
### Post-build ELF object processing
By default, DWARF debugging information is separated from installed
ELF objects and put into `-debuginfo` subpackages. To disable most
debuginfo processing (and thus the generation of these subpackages),
define `_enable_debug_packages` as `0`.
Processing of debugging information is controlled using the
`find-debuginfo` tool from the `debugedit` package. Several aspects
of its operation can be controlled at the RPM level.
* Creation of `-debuginfo` subpackages is enabled by default.
To disable, undefine `_debuginfo_subpackages`.
* Likewise, `-debugsource` subpackages are automatically created.
To disable, undefine `_debugsource_subpackages`.
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
for background information.
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
`_unique_debug_srcs` control how debugging information and
corresponding source files are represented on disk.
See `/usr/lib/rpm/macros` for details. The defaults
enable parallel installation of `-debuginfo` packages for
different package versions, as described in
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
* By default, a compressed symbol table is preserved in the
`.gnu_debugdata` section. To disable that, undefine
`_include_minidebuginfo`.
* To speed up debuggers, a `.gdb_index` section is created. It can be
disabled by undefining `_include_gdb_index`.
* Missing build IDs result in a build failure. To ignore such
problems, undefine `_missing_build_ids_terminate_build`.
* During processing, build IDs are recomputed to match the binary
content. To skip this step, define `_no_recompute_build_ids` as `1`.
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
(DWARF compression) processing. Undefine this macro to disable this
step.
* Additional options can be passed by defining the
`_find_debuginfo_opts` macro.
After separation of debugging information, additional transformations
are applied, most of them also related to debugging information.
These steps can be skipped by undefining the corresponding macros:
* `__brp_strip`: Removal of leftover debugging information. The tool
specified by the `__strip` macro is invoked with the `-g` option on
ELF object (`.o`) files.
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
processes static `.a` archives instead.
* `__brp_strip_comment_note`: This step removes unallocated `.note`
sections, and `.comment` sections from ELF files.
* `__brp_ldconfig`: For each shared object on the library search path
whose soname does not match its file name, a symbolic link from the
soname to the file name is created. This way, these shared objects
are loadable immediately after installation, even if they are not yet
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
invoked yet).
# Individual compiler flags
Compiler flags end up in the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
The general (architecture-independent) build flags are:
* `-O2`: Turn on various GCC optimizations. See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
Optimization improves performance, the accuracy of warnings, and the
reach of toolchain-based hardening, but it makes debugging harder.
* `-g`: Generate debugging information (DWARF). In Fedora, this data
is separated into `-debuginfo` RPM packages whose installation is
optional, so debuging information does not increase the size of
installed binaries by default.
* `-pipe`: Run compiler and assembler in parallel and do not use a
temporary file for the assembler input. This can improve
compilation performance. (This does not affect code generation.)
* `-Wall`: Turn on various GCC warnings.
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
* `-Werror=format-security`: Turn on format string warnings and treat
them as errors.
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
This can occasionally result in compilation errors. In this case,
the best option is to rewrite the source code so that only constant
format strings (string literals) are used.
* `-Wp,-D_FORTIFY_SOURCE=2`: Source fortification activates various
hardening features in glibc:
* String functions such as `memcpy` attempt to detect buffer lengths
and terminate the process if a buffer overflow is detected.
* `printf` format strings may only contain the `%n` format specifier
if the format string resides in read-only memory.
* `open` and `openat` flags are checked for consistency with the
presence of a *mode* argument.
* Plus other minor hardening changes.
(These changes can occasionally break valid programs.)
* `-fexceptions`: Provide exception unwinding support for C programs.
See the [`-fexceptions` option in the GCC
manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
and the [`cleanup` variable
attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
This also hardens cancellation handling in C programs because
it is not required to use an on-stack jump buffer to install
a cancellation handler with `pthread_cleanup_push`. It also makes
it possible to unwind the stack (using C++ `throw` or Rust panics)
from C callback functions if a C library supports non-local exits
from them (e.g., via `longjmp`).
* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
C++ standard library, such as bounds checking for the subscription
operator on vectors. (This flag is added to both `CFLAGS` and
`CXXFLAGS`; C compilations will simply ignore it.)
* `-fstack-protector-strong`: Instrument functions to detect
stack-based buffer overflows before jumping to the return address on
the stack. The *strong* variant only performs the instrumentation
for functions whose stack frame contains addressable local
variables. (If the address of a variable is never taken, it is not
possible that a buffer overflow is caused by incorrect pointer
arithmetic involving a pointer to that variable.)
* `-fstack-clash-protection`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead.
* `-grecord-gcc-switches`: Include select GCC command line switches in
the DWARF debugging information. This is useful for detecting the
presence of certain build flags and general hardening coverage.
For hardened builds (which are enabled by default, see above for how
to disable them), the flag
`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
command line. It adds the following flag to the command line:
* `-fPIE`: Compile for a position-independent executable (PIE),
enabling full address space layout randomization (ASLR). This is
similar to `-fPIC`, but avoids run-time indirections on certain
architectures, resulting in improved performance and slightly
smaller executables. However, compared to position-dependent code
(the default generated by GCC), there is still a measurable
performance impact.
If the command line also contains `-r` (producing a relocatable
object file), `-fpic` or `-fPIC`, this flag is automatically
dropped. (`-fPIE` can only be used for code which is linked into
the main program.) Code which goes into static libraries should be
compiled with `-fPIE`, except when this code is expected to be
linked into DSOs, when `-fPIC` must be used.
To be effective, `-fPIE` must be used with the `-pie` linker flag
when producing an executable, see below.
To support [binary watermarks for ELF
objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
added by default. This can be switched off by undefining the
`%_annotated_build` RPM macro (see above).
### Architecture-specific compiler flags
These compiler flags are enabled for all builds (hardened/annotated or
not), but their selection depends on the architecture:
* `-fcf-protection`: Instrument binaries to guard against
ROP/JOP attacks. Used on i686 and x86_64.
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
the same compilation. For such architectures, the RPM build process
explicitly selects the architecture variant by passing this compiler
flag.
* `-fasynchronous-unwind-tables`: Generate full unwind information
covering all program points. This is required for support of
asynchronous cancellation and proper unwinding from signal
handlers. It also makes performance and debugging tools more
useful because unwind information is available without having to
install (and load) debugging ienformation.
Asynchronous unwind tables are enabled for aarch64, i686, s390x,
and x86_64. They are not needed on ppc64le due
to architectural differences in stack management. On these
architectures, `-fexceptions` (see above) still enables regular
unwind tables (or they are enabled by default even without this
option).
* `-funwind-tables`: A subset of the unwind information restricted
to actual call sites. Used on ppc64le. Also implied by
`-fexceptions`.
In addition, `redhat-rpm-config` re-selects the built-in default
tuning in the `gcc` package. These settings are:
* **i686**: `-march=x86-64` is used to select a minimum supported
CPU level matching the baseline for the x86_64 architecture.
`-mtune=generic` activates tuning for a current blend of CPUs.
`-mfpmath=sse` uses the SSE2 unit for floating point math,
instead of the legacy i387 FPU, avoiding issues related to excess
precision. `-mstackrealign` ensures that the generated code
does not assume 16-byte stack alignment (as required by the current
i386 ABI), but stays compatible with application code compiled
before the introduction of 16-byte stack alignment along with SSE2
support.
* **ppc64le**: `-mcpu=power8 -mtune=power8` selects a minimum supported
CPU level of POWER8 (the first CPU with ppc64le support) and tunes
for POWER8.
* **s390x**: `-march=z13 -mtune=z14` specifies a minimum supported CPU
level of z13, while optimizing for a subsequent CPU generation
(z14).
* **x86_64**: `-mtune=generic` selects tuning which is expected to
beneficial for a broad range of current CPUs.
* **aarch64** does not have any architecture-specific tuning.
# Individual linker flags
Linker flags end up in the environment variable `LDFLAGS`.
The linker flags listed below are injected. Note that they are
prefixed with `-Wl` because it is expected that these flags are passed
to the compiler driver `gcc`, and not directly to the link editor
`ld`.
* `-z relro`: Activate the *read-only after relocation* feature.
Constant data and relocations are placed on separate pages, and the
dynamic linker is instructed to revoke write permissions after
dynamic linking. Full protection of relocation data requires the
`-z now` flag (see below).
* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
(optional, see above).
For hardened builds, the
`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the
compiler driver command line. (This can be disabled by undefining the
`%_hardened_build` macro; see above) This activates the following
linker flags:
* `-pie`: Produce a PIE binary. This is only activated for the main
executable, and only if it is dynamically linked. This requires
that all objects which are linked in the main executable have been
compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
By itself, `-pie` has only a slight performance impact because it
disables some link editor optimization, however the `-fPIE` compiler
flag has some overhead.
* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
linker feature. Lazy binding involves an array of function pointers
which is writable at run time (which could be overwritten as part of
security exploits, redirecting execution). Therefore, it is
preferable to turn of lazy binding, although it increases startup
time.
# Support for extension builders
Some packages include extension builders that allow users to build
extension modules (which are usually written in C and C++) under the
control of a special-purpose build system. This is a common
functionality provided by scripting languages such as Python and Perl.
Traditionally, such extension builders captured the Fedora build flags
when these extension were built. However, these compiler flags are
adjusted for a specific Fedora release and toolchain version and
therefore do not work with a custom toolchain (e.g., different C/C++
compilers), and users might want to build their own extension modules
with such toolchains.
The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
flags that have been adjusted for compatibility with alternative
toolchains, while still preserving some of the compile-time security
hardening that the standard Fedora build flags provide.
The current set of differences are:
* No GCC plugins (such as annobin) are activated.
* No GCC spec files (`-specs=` arguments) are used.
Additional flags may be removed in the future if they prove to be
incompatible with alternative toolchains.
Extension builders should detect whether they are performing a regular
RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable). In this
case, they should use the *current* set of Fedora build flags (that
is, the output from `rpm --eval '%{build_cflags}'` and related
commands). Otherwise, when not performing an RPM build, they can
either use hard-coded extension builder flags (thus avoiding a
run-time dependency on `redhat-rpm-config`), or use the current
extension builder flags (with a run-time dependency on
`redhat-rpm-config`).
As a result, extension modules built for Fedora will use the official
Fedora build flags, while users will still be able to build their own
extension modules with custom toolchains.

1462
SOURCES/config.guess vendored

File diff suppressed because it is too large Load Diff

1823
SOURCES/config.sub vendored

File diff suppressed because it is too large Load Diff

View File

@ -1,48 +0,0 @@
#! /bin/bash
IFS=$'\n'
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$'); do
tmpfile=""
if [ "x${module%.ko}" = "x${module}" ]; then
tmpfile=$(mktemp -t ${0##*/}.XXXXXX.ko)
proc_bin=
case "${module##*.}" in
xz)
proc_bin=xz
;;
bz2)
proc_bin=bzip2
;;
gz)
proc_bin=gzip
;;
esac
[ -n "$proc_bin" ] || continue
"$proc_bin" -d -c - < "$module" > "$tmpfile" || continue
module="$tmpfile"
fi
if [[ -n $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
nm $module \
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08x\n", $2, $1)}' \
| LC_ALL=C sort -u
else
ELFRODATA=$(readelf -R .rodata $module | awk '/0x/{printf $2$3$4$5}')
if [[ -n $(readelf -h $module | grep "little endian") ]]; then
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
else
RODATA=$ELFRODATA
fi
for sym in $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
echo $sym $RODATA
done \
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08s\n", $2, substr($3,($1*2)+1,8))}' \
| LC_ALL=C sort -u
fi
[ -z "$tmpfile" ] || rm -f -- "$tmpfile"
done

View File

@ -1,155 +0,0 @@
#! /bin/bash
#
# This script is called during external module building to create dependencies
# both upon the RHEL kernel, and on additional external modules. Symbols that
# cannot be reconciled against those provided by the kernel are assumed to be
# provided by an external module and "ksym" replaces th regular "kernel" dep.
IFS=$'\n'
# Extract all of the symbols provided by this module.
all_provides() {
for module in "$@"; do
tmpfile=""
if [ "x${module%.ko}" = "x${module}" ]; then
tmpfile=$(mktemp -t ${0##*/}.XXXXXX.ko)
proc_bin=
case "${module##*.}" in
xz)
proc_bin=xz
;;
bz2)
proc_bin=bzip2
;;
gz)
proc_bin=gzip
;;
esac
[ -n "$proc_bin" ] || continue
"$proc_bin" -d -c - < "$module" > "$tmpfile" || continue
module="$tmpfile"
fi
if [[ -n $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
nm "$module" \
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
| awk --non-decimal-data '{printf("%s:0x%08x\n", $2, $1)}'
else
ELFRODATA=$(readelf -R .rodata "$module" | awk '/0x/{printf $2$3$4$5}')
if [[ -n $(readelf -h "$module" | grep "little endian") ]]; then
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
else
RODATA=$ELFRODATA
fi
for sym in $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
echo $sym $RODATA
done \
| awk --non-decimal-data '{printf("%s:0x%08s\n", $2, substr($3,($1*2)+1,8))}'
fi
[ -z "$tmpfile" ] || rm -f -- "$tmpfile"
done \
| LC_ALL=C sort -k1,1 -u
}
# Extract all of the requirements of this module.
all_requires() {
for module in "$@"; do
set -- $(/sbin/modinfo -F vermagic "$module" | sed -e 's: .*::' -e q)
/sbin/modprobe --dump-modversions "$module" \
| awk --non-decimal-data '
BEGIN { FS = "\t" ; OFS = "\t" }
{printf("%s:0x%08x\n", $2, $1)}' \
| sed -r -e 's:$:\t'"$1"':'
done \
| LC_ALL=C sort -k1,1 -u
}
# Filter out requirements fulfilled by the module itself.
mod_requires() {
LC_ALL=C join -t $'\t' -j 1 -v 1 \
<(all_requires "$@") \
<(all_provides "$@") \
| LC_ALL=C sort -k1,1 -u
}
if ! [ -e /sbin/modinfo -a -e /sbin/modprobe ]; then
cat > /dev/null
exit 0
fi
check_kabi() {
arch=$(uname -m)
kabi_file="/lib/modules/kabi-current/kabi_whitelist_$arch"
# If not installed, output a warning and return (continue)
if [ ! -f "$kabi_file" ]; then
echo "" >&2
echo "********************************************************************************" >&2
echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2
echo "********************************************************************************" >&2
echo "The kernel ABI reference files (provided by "kabi-whitelists") were not found." >&2
echo "No compatibility check was performed. Please install the kABI reference files" >&2
echo "and rebuild if you would like to verify compatibility with kernel ABI." >&2
echo "" >&2
return
fi
unset non_kabi
for symbol in "$@"; do
if ! egrep "^[[:space:]]$symbol\$" $kabi_file >/dev/null; then
non_kabi=("${non_kabi[@]}" "$symbol")
fi
done
if [ ${#non_kabi[@]} -gt 0 ]; then
echo "" >&2
echo "********************************************************************************" >&2
echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2
echo "********************************************************************************" >&2
echo "The following kernel symbols are not guaranteed to remain compatible with" >&2
echo "future kernel updates to this RHEL release:" >&2
echo "" >&2
for symbol in "${non_kabi[@]}"; do
printf "\t$symbol\n" >&2
done
echo "" >&2
echo "Red Hat recommends that you consider using only official kernel ABI symbols" >&2
echo "where possible. Requests for additions to the kernel ABI can be filed with" >&2
echo "your partner or customer representative (component: driver-update-program)." >&2
echo "" >&2
fi
}
modules=($(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$'))
if [ ${#modules[@]} -gt 0 ]; then
kernel=$(/sbin/modinfo -F vermagic "${modules[0]}" | sed -e 's: .*::' -e q)
# get all that kernel provides
symvers=$(mktemp -t ${0##*/}.XXXXX)
cat /usr/src/kernels/$kernel/Module.symvers | awk '
BEGIN { FS = "\t" ; OFS = "\t" }
{ print $2 ":" $1 }
' \
| sed -r -e 's:$:\t'"$kernel"':' \
| LC_ALL=C sort -k1,1 -u > $symvers
# Symbols matching with the kernel get a "kernel" dependency
mod_req=$(mktemp -t mod_req.XXXXX)
mod_requires "${modules[@]}" > "$mod_req"
LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "kernel(" $1 ") = " $2 }'
# Symbols from elsewhere get a "ksym" dependency
LC_ALL=C join -t $'\t' -j 1 -v 2 $symvers "$mod_req" | LC_ALL=C sort -u \
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "ksym(" $1 ") = " $2 }'
# Check kABI if the kabi-whitelists package is installed
# Do this last so we can try to output this error at the end
kabi_check_symbols=($(LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print $1 }'))
check_kabi "${kabi_check_symbols[@]}"
fi

View File

@ -1,14 +0,0 @@
#!/bin/sh
#
# firmware.prov - Automatically extract any and all firmware dependencies from
# kernel object (.ko) files and add to RPM deps.
IFS=$'\n'
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') $*;
do
for firmware in `/sbin/modinfo -F firmware $module`;
do
echo "firmware($firmware)"
done
done

View File

@ -1,2 +0,0 @@
%__kabi_provides %{_rpmconfigdir}/kabi.sh
%__kabi_path ^(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.gz$

View File

@ -1,13 +0,0 @@
#!/bin/bash +x
#
# kabi.sh - Automatically extract any kernel symbol checksum from the
# symvers file and add to RPM deps. This is used to move the
# checksum checking from modprobe to rpm install for 3rd party
# modules (so they can fail during install and not at load).
IFS=$'\n'
for symvers in $(grep -E '(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.gz') "$@";
do
zcat $symvers | awk ' {print "kernel(" $2 ") = " $1 }'
done

View File

@ -1,2 +0,0 @@
%__kmod_provides %{_rpmconfigdir}/kmod.prov
%__kmod_path ^/lib/modules/.*$

View File

@ -1,28 +0,0 @@
#!/bin/sh +x
# Kernel build can have many thousands of modules.
# kmod.prov is run for every one of them.
# Try to make this script run as fast as we can.
# For example, use shell string ops instead of external programs
# where possible.
IFS=$'\n'
read -r fname || exit
# Only process files from .../lib/modules/... subtree
[ "${fname#*/lib/modules/*}" != "$fname" ] || exit 0
kmod=${fname##*/} # like basename, but faster
if [ "$kmod" = "modules.builtin" ]; then
for j in $(cat -- "$fname"); do
echo "kmod(${j##*/})"
done
exit 0
fi
kmod=${kmod%.gz}
kmod=${kmod%.xz}
if [ "${kmod%.ko}" != "$kmod" ]; then
echo "kmod($kmod)"
fi

View File

@ -1,349 +0,0 @@
#!/bin/bash
# kmodtool - Helper script for building kernel module RPMs
# An original version appeared in Fedora. This version is
# generally called only by the %kernel_module_package RPM macro
# during the process of building Driver Update Packages (which
# are also known as "kmods" in the Fedora community).
#
# Copyright (c) 2003-2010 Ville Skyttä <ville.skytta@iki.fi>,
# Thorsten Leemhuis <fedora@leemhuis.info>
# Jon Masters <jcm@redhat.com>
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# Changelog:
#
# 2010/07/28 - Add fixes for filelists in line with LF standard
# - Remove now defunct "framepointer" kernel variant
# - Change version to "rhel6-rh2" as a consequence.
#
# 2010/01/10 - Simplified for RHEL6. We are working on upstream
# moving to a newer format and in any case do not
# need to retain support for really old systems.
shopt -s extglob
myprog="kmodtool"
myver="0.10.10_rhel8"
knownvariants=@(debug|kdump|zfcpdump)
kmod_name=
kver=
verrel=
variant=
get_verrel ()
{
verrel=${1:-$(uname -r)}
verrel=${verrel/%[.+]$knownvariants/}
}
print_verrel ()
{
get_verrel "$@"
echo "${verrel}"
}
get_variant ()
{
get_verrel "$@"
variant=${1:-$(uname -r)}
variant=${variant/#$verrel?(.+)/}
variant=${variant:-'""'}
}
print_variant ()
{
get_variant $@
echo "${variant}"
}
# Detect flavor separator character. We have to do that due to
# a systemd-tailored patch for kernel spec[1][2] introduced in Fedora and then
# imported in RHEL 8 that broke all OOT kmod infrastructure for the flavored
# kernels.
#
# [1] https://lists.fedoraproject.org/pipermail/kernel/2013-June/004262.html
# [2] https://src.fedoraproject.org/rpms/kernel/c/faf25207dc86666a611c45ae3ffaf385c170bd2a
#
# $1 - kver
# $2 - variant
get_variant_char ()
{
variant="$2"
[ "$variant" != "default" ] || variant=""
get_verrel "$1"
variant_char=""
[ -n "$variant" ] || return 0
# We expect that the flavored kernel is already installed in the buildroot
variant_char="+"
[ -e "/usr/src/kernels/${verrel}+${variant}" ] && return 0
variant_char="."
}
print_variant_char ()
{
get_variant_char "$@"
echo "${variant_char}"
}
print_kernel_source ()
{
get_variant_char "$@"
echo "/usr/src/kernels/${verrel}${variant_char}${variant}"
}
get_filelist() {
local IFS=$'\n'
filelist=($(cat))
if [ ${#filelist[@]} -gt 0 ];
then
for ((n = 0; n < ${#filelist[@]}; n++));
do
line="${filelist[n]}"
line=$(echo "$line" \
| sed -e "s/%verrel/$verrel/g" \
| sed -e "s/%variant/$variant/g" \
| sed -e "s/%dashvariant/$dashvariant/g" \
| sed -e "s/%dotvariant/$dotvariant/g" \
| sed -e "s/\+%1/$dotvariant/g" \
| sed -e "s/\.%1/$dotvariant/g" \
| sed -e "s/\-%1/$dotvariant/g" \
| sed -e "s/%2/$verrel/g")
echo "$line"
done
else
echo "%defattr(644,root,root,755)"
echo "/lib/modules/${verrel}${dotvariant}"
fi
}
get_rpmtemplate ()
{
local variant="${1}"
get_variant_char "${verrel}" "${variant}"
local dashvariant="${variant:+-${variant}}"
local dotvariant="${variant:+${variant_char}${variant}}"
echo "%package -n kmod-${kmod_name}${dashvariant}"
if [ -z "$kmod_provides_summary" ]; then
echo "Summary: ${kmod_name} kernel module(s)"
fi
if [ -z "$kmod_provides_group" ]; then
echo "Group: System Environment/Kernel"
fi
if [ ! -z "$kmod_version" ]; then
echo "Version: %{kmod_version}"
fi
if [ ! -z "$kmod_release" ]; then
echo "Release: %{kmod_release}"
fi
# Turn of the internal dep generator so we will use the kmod scripts.
echo "%global _use_internal_dependency_generator 0"
cat <<EOF
Provides: kernel-modules >= ${verrel}${dotvariant}
Provides: kernel${dashvariant}-modules >= ${verrel}
Provides: ${kmod_name}-kmod = %{?epoch:%{epoch}:}%{version}-%{release}
Requires(post): /usr/sbin/depmod
Requires(postun): /usr/sbin/depmod
Requires(post): /usr/sbin/weak-modules
Requires(postun): /usr/sbin/weak-modules
EOF
if [ "yes" != "$nobuildreqs" ]
then
cat <<EOF
BuildRequires: kernel${dashvariant}-devel
BuildRequires: kernel-abi-whitelists
BuildRequires: redhat-rpm-config kernel-rpm-macros
BuildRequires: elfutils-libelf-devel kmod
EOF
fi
if [ "" != "$override_preamble" ]
then
cat "$override_preamble"
fi
cat <<EOF
%description -n kmod-${kmod_name}${dashvariant}
This package provides the ${kmod_name} kernel modules built for
the Linux kernel ${verrel}${dotvariant} for the %{_target_cpu}
family of processors.
EOF
##############################################################################
## The following are not part of this script directly, they are scripts ##
## that will be executed by RPM during various stages of package processing ##
##############################################################################
cat <<EOF
%post -n kmod-${kmod_name}${dashvariant}
if [ -e "/boot/System.map-${verrel}${dotvariant}" ]; then
/usr/sbin/depmod -aeF "/boot/System.map-${verrel}${dotvariant}" "${verrel}${dotvariant}" > /dev/null || :
fi
modules=( \$(find /lib/modules/${verrel}${dotvariant}/extra/${kmod_name} | grep '\.ko$') )
if [ -x "/usr/sbin/weak-modules" ]; then
printf '%s\n' "\${modules[@]}" \
| /usr/sbin/weak-modules --add-modules
fi
EOF
cat <<EOF
%preun -n kmod-${kmod_name}${dashvariant}
rpm -ql kmod-${kmod_name}${dashvariant}-%{kmod_version}-%{kmod_release}.$(arch) | grep '\.ko$' > /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
EOF
cat <<EOF
%postun -n kmod-${kmod_name}${dashvariant}
if [ -e "/boot/System.map-${verrel}${dotvariant}" ]; then
/usr/sbin/depmod -aeF "/boot/System.map-${verrel}${dotvariant}" "${verrel}${dotvariant}" > /dev/null || :
fi
modules=( \$(cat /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules) )
rm /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
if [ -x "/usr/sbin/weak-modules" ]; then
printf '%s\n' "\${modules[@]}" \
| /usr/sbin/weak-modules --remove-modules
fi
EOF
echo "%files -n kmod-${kmod_name}${dashvariant}"
if [ "" == "$override_filelist" ];
then
echo "%defattr(644,root,root,755)"
echo "/lib/modules/${verrel}${dotvariant}"
else
cat "$override_filelist" | get_filelist
fi
}
print_rpmtemplate ()
{
kmod_name="${1}"
shift
kver="${1}"
get_verrel "${1}"
shift
if [ -z "${kmod_name}" ] ; then
echo "Please provide the kmodule-name as first parameter." >&2
exit 2
elif [ -z "${kver}" ] ; then
echo "Please provide the kver as second parameter." >&2
exit 2
elif [ -z "${verrel}" ] ; then
echo "Couldn't find out the verrel." >&2
exit 2
fi
for variant in "$@" ; do
if [ "default" == "$variant" ];
then
get_rpmtemplate ""
else
get_rpmtemplate "${variant}"
fi
done
}
usage ()
{
cat <<EOF
You called: ${invocation}
Usage: ${myprog} <command> <option>+
Commands:
verrel <uname>
- Get "base" version-release.
variant <uname>
- Get variant from uname.
variant_char <uname> <variant>
- Get kernel variant separator character.
kernel_source <uname> <variant>
- Get path to kernel source directory.
rpmtemplate <mainpgkname> <uname> <variants>
- Return a template for use in a source RPM
version
- Output version number and exit.
EOF
}
invocation="$(basename ${0}) $@"
while [ "${1}" ] ; do
case "${1}" in
verrel)
shift
print_verrel "$@"
exit $?
;;
variant)
shift
print_variant "$@"
exit $?
;;
variant_char)
shift
print_variant_char "$@"
exit $?
;;
kernel_source)
shift
print_kernel_source "$@"
exit $?
;;
rpmtemplate)
shift
print_rpmtemplate "$@"
exit $?
;;
version)
echo "${myprog} ${myver}"
exit 0
;;
*)
echo "Error: Unknown option '${1}'." >&2
usage >&2
exit 2
;;
esac
done
# Local variables:
# mode: sh
# sh-indentation: 2
# indent-tabs-mode: nil
# End:
# ex: ts=2 sw=2 et

View File

@ -1,268 +0,0 @@
# Per-platform rpm configuration file.
#==============================================================================
# ---- per-platform macros.
#
%_vendor redhat
%_os linux
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
#==============================================================================
# ---- configure macros. note that most of these are inherited
# from the defaults.
#
%_localstatedir /var
%_pkgdocdir %{_docdir}/%{name}
%_docdir_fmt %%{NAME}
%_fmoddir %{_libdir}/gfortran/modules
%_enable_debug_packages 1
%_include_minidebuginfo 1
%_include_gdb_index 1
%_debugsource_packages 1
%_debuginfo_subpackages 1
#==============================================================================
# ---- compiler flags.
# C compiler flags. This is traditionally called CFLAGS in makefiles.
# Historically also available as %%{optflags}, and %%build sets the
# environment variable RPM_OPT_FLAGS to this value.
%build_cflags %{optflags}
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
%build_cxxflags %{optflags}
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
# the corresponding variable names.
%build_fflags %{optflags} -I%{_fmoddir}
# Link editor flags. This is usually called LDFLAGS in makefiles.
# (Some makefiles use LFLAGS instead.) The default value assumes that
# the flags, while intended for ld, are still passed through the gcc
# compiler driver. At the beginning of %%build, the environment
# variable RPM_LD_FLAGS to this value.
%build_ldflags -Wl,-z,relro %{_ld_symbols_flags} %{_hardened_ldflags}
# Expands to shell code to seot the compiler/linker environment
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
# not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
# been set implicitly at the start of the %%build section.
%set_build_flags \
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS
# Internal-only. Do not use. Expand a variable and strip the flags
# not suitable to extension builders.
%__extension_strip_flags() %{lua:
local name = rpm.expand("%{1}")
local value = " " .. rpm.expand("%{build_" .. name .. "}")
local result = string.gsub(value, "%s+-specs=[^%s]+", " ")
print(result)
}
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
# extension builders.
%extension_cflags %{__extension_strip_flags cflags}
%extension_cxxflags %{__extension_strip_flags cxxflags}
%extension_fflags %{__extension_strip_flags fflags}
%extension_ldflags %{__extension_strip_flags ldflags}
# Deprecated names. For backwards compatibility only.
%__global_cflags %{build_cflags}
%__global_cxxflags %{build_cxxflags}
%__global_fflags %{build_fflags}
%__global_fcflags %{build_fflags}
%__global_ldflags %{build_ldflags}
#==============================================================================
# ---- configure and makeinstall.
#
%_configure_gnuconfig_hack 1
%_configure_libtool_hardening_hack 1
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
# to be added to the list of options passed to the configure script.
# Eventually we'll want to turn this on by default, but this gives packagers a
# way to turn it back off.
# %_configure_disable_silent_rules 1
%configure \
%{set_build_flags}; \
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
done ; \
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
for i in $(find . -name ltmain.sh) ; do \
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
done ; \
%{_configure} --build=%{_build} --host=%{_host} \\\
--program-prefix=%{?_program_prefix} \\\
--disable-dependency-tracking \\\
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
--prefix=%{_prefix} \\\
--exec-prefix=%{_exec_prefix} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--sysconfdir=%{_sysconfdir} \\\
--datadir=%{_datadir} \\\
--includedir=%{_includedir} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--localstatedir=%{_localstatedir} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir}
# Maximum number of CPU's to use when building, 0 for unlimited.
#
# This was for some time capped at 16. Please see
# https://bugzilla.redhat.com/show_bug.cgi?id=669638 and
# https://bugzilla.redhat.com/show_bug.cgi?id=1384938 for the situation
# surrounding this.
#%_smp_ncpus_max 0
%_smp_mflags %([ -z "$RPM_BUILD_NCPUS" ] \\\
&& RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`"; \\\
ncpus_max=%{?_smp_ncpus_max}; \\\
if [ -n "$ncpus_max" ] && [ "$ncpus_max" -gt 0 ] && [ "$RPM_BUILD_NCPUS" -gt "$ncpus_max" ]; then RPM_BUILD_NCPUS="$ncpus_max"; fi; \\\
if [ "$RPM_BUILD_NCPUS" -gt 1 ]; then echo "-j$RPM_BUILD_NCPUS"; fi)
#==============================================================================
# ---- Build policy macros.
#
#
#---------------------------------------------------------------------
# Expanded at beginning of %install scriptlet.
#
%__spec_install_pre %{___build_pre}\
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
mkdir -p `dirname "$RPM_BUILD_ROOT"`\
mkdir "$RPM_BUILD_ROOT"\
%{nil}
#---------------------------------------------------------------------
# Expanded at end of %install scriptlet.
#
%__arch_install_post /usr/lib/rpm/check-buildroot
# Build root policy macros. Standard naming:
# convert all '-' in basename to '_', add two leading underscores.
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
%__brp_compress /usr/lib/rpm/brp-compress
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
%__brp_python_bytecompile /usr/lib/rpm/brp-python-bytecompile "" %{?_python_bytecompile_errors_terminate_build}
%__brp_python_hardlink /usr/lib/rpm/brp-python-hardlink
# __brp_mangle_shebangs_exclude - shebangs to exclude
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
# __brp_mangle_shebangs_exclude_from - files to ignore
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
%__brp_mangle_shebangs PYTHON3="%{__python3}" /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
%__os_install_post \
%{?__brp_ldconfig} \
%{?__brp_compress} \
%{!?__debug_package:\
%{?__brp_strip} \
%{?__brp_strip_comment_note} \
} \
%{?__brp_strip_static_archive} \
%{?py_auto_byte_compile:%{?__brp_python_bytecompile}} \
%{?__brp_python_hardlink} \
%{?__brp_mangle_shebangs} \
%{nil}
%__spec_install_post\
%{?__debug_package:%{__debug_install_post}}\
%{__arch_install_post}\
%{__os_install_post}\
%{nil}
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
%%install\
%{nil}
#
# Should missing buildids terminate a build?
%_missing_build_ids_terminate_build 1
#
## Automatically compile python files
%py_auto_byte_compile 1
#
## Should python bytecompilation errors terminate a build?
%_python_bytecompile_errors_terminate_build 1
# Use SHA-256 for FILEDIGESTS instead of default MD5
%_source_filedigest_algorithm 8
%_binary_filedigest_algorithm 8
# Use XZ compression for binary payloads
%_binary_payload w2.xzdio
%_hardening_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
# we don't escape symbols '~', '"', etc. so be careful when changing this
%_hardening_ldflags -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
# Harden packages by default for Fedora 23:
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
# Use "%undefine _hardened_build" to disable.
%_hardened_build 1
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
%_annobin_cflags -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
# Add extra information to binary objects created by gcc for Fedora 28:
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
# Use "%undefine _annotated_build" to disable.
%_annotated_build 1
%_annotated_cflags %{?_annotated_build:%{_annobin_cflags}}
# Fail linking if there are undefined symbols. Required for proper
# ELF symbol versioning support. Disabled by default.
# Use "%define _strict_symbol_defs_build 1" to enable.
#%_strict_symbol_defs_build 1
%_ld_symbols_flags %{?_strict_symbol_defs_build:-Wl,-z,defs}
%__global_compiler_flags -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags}
#==============================================================================
# ---- Generic auto req/prov filtering macros
#
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
# prevent anything matching from being scanned for provides
%filter_provides_in(P) %{expand: \
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
}
# prevent anything matching from being scanned for requires
%filter_requires_in(P) %{expand: \
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
}
# filter anything matching out of the provides stream
%filter_from_provides() %{expand: \
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
}
# filter anything matching out of the requires stream
%filter_from_requires() %{expand: \
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
}
# actually set up the filtering bits
%filter_setup %{expand: \
%global _use_internal_dependency_generator 0 \
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
}

View File

@ -1,79 +0,0 @@
# Some miscellaneous Fedora-related macros
# List files matching inclusion globs, excluding files matching exclusion blogs
# Optional parameters:
# -i "<globs>" inclusion globs
# -x "<globs>" exclusion globs
# Globs are space-separated lists of shell globs. Such lists require %{quote:}
# use for safe rpm argument passing.
# Alternatively, set the following rpm variables before calling the macro:
# “listfiles_include” inclusion globs
# — “listfiles_exclude” exclusion globs
# Arguments passed to the macro without flags will be interpreted as inclusion
# globs.
%listfiles(i:x:) %{expand:
%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
%if %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
while IFS= read -r finc ; do
realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
| sort -u | grep -q "${finc}" || echo "${finc}"
done <<< "${listfiles_include}"
%else
echo "${listfiles_include}"
%endif
%endif
}
# https://github.com/rpm-software-management/rpm/issues/581
# Write the contents of a list of rpm variables to a macro file.
# The target file must contain the corresponding anchors.
# For example %writevars -f myfile foo bar will replace:
# @@FOO@@ with the rpm evaluation of %{foo} and
# @@BAR@@ with the rpm evaluation of %{bar}
# in myfile
%writevars(f:) %{lua:
local fedora = require "fedora.common"
local macrofile = rpm.expand("%{-f*}")
local rpmvars = {}
for i = 1, rpm.expand("%#") do
table.insert(rpmvars, rpm.expand("%" .. i))
end
fedora.writevars(macrofile,rpmvars)
}
# gpgverify verifies signed sources. There is documentation in the script.
%gpgverify(k:s:d:) %{lua:
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
local keyring = rpm.expand("%{-k*}")
local signature = rpm.expand("%{-s*}")
local data = rpm.expand("%{-d*}")
print(script)
if keyring ~= "" then
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
end
if signature ~= "" then
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
end
if data ~= "" then
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
end
}
# gpgverify verifies signed sources. There is documentation in the script.
%gpgverify(k:s:d:) %{lua:
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
local keyring = rpm.expand("%{-k*}")
local signature = rpm.expand("%{-s*}")
local data = rpm.expand("%{-d*}")
print(script)
if keyring ~= "" then
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
end
if signature ~= "" then
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
end
if data ~= "" then
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
end
}

View File

@ -1,8 +0,0 @@
# Some miscellaneous Fedora-related macros
# A directory for rpm macros
%rpmmacrodir /usr/lib/rpm/macros.d
# A directory for appdata metainfo. This has changed between releases so a
# macro is useful.
%_metainfodir %{_datadir}/metainfo

View File

@ -1,282 +0,0 @@
# Map forge information to rpm metadata. This macro will compute default spec
# variable values.
#
# The following spec variables SHOULD be set before calling the macro:
#
# forgeurl the project url on the forge, strongly recommended;
# alternatively, use -u <url>
# Version if applicable, set it with Version: <version>
# tag if applicable
# commit if applicable
#
# The macro will attempt to compute and set the following variables if they are
# not already set by the packager:
#
# forgesource an URL that can be used as SourceX: value
# forgesetupargs the correct arguments to pass to %setup for this source
# used by %forgesetup and %forgeautosetup
# archivename the source archive filename, without extentions
# archiveext the source archive filename extensions, without leading dot
# archiveurl the url that can be used to download the source archive,
# without renaming
# scm the scm type, when packaging code snapshots: commits or tags
#
# If the macro is unable to parse your forgeurl value set at least archivename
# and archiveurl before calling it.
#
# Most of the computed variables are both overridable and optional. However,
# the macro WILL REDEFINE %{dist} when packaging a snapshot (commit or tag).
# The previous %{dist} value will be lost. Dont call the macro if you dont
# wish %{dist} to be changed.
#
# Optional parameters:
# -u <url> Ignore forgeurl even if it exists and use <url> instead. Note
# that the macro will still end up setting <url> as the forgeurl
# spec variable if it manages to parse it.
# -s Silently ignore problems in forgeurl, use it if it can be parsed,
# ignore it otherwise.
# -p Restore problem handling, override -s.
# -v Be verbose and print every spec variable the macro sets.
# -i Print some info about the state of spec variables the macro may use or
# set at the end of the processing.
%forgemeta(u:spvi) %{lua:
local forgeurl = rpm.expand("%{?-u*}")
if (forgeurl == "") then
forgeurl = rpm.expand("%{?forgeurl}")
end
local silent = false
local verbose = false
local informative = false
if (rpm.expand("%{?-s}") ~= "") then
silent = true
end
if (rpm.expand("%{?-p}") ~= "") then
silent = false
end
if (rpm.expand("%{?-v}") ~= "") then
verbose = true
end
if (rpm.expand("%{?-i}") ~= "") then
informative = true
end
local tag = rpm.expand("%{?tag}")
local commit = rpm.expand("%{?commit}")
-- Be explicit about the spec variables were setting
local function explicitset(rpmvariable,value)
rpm.define(rpmvariable .. " " .. value)
if verbose then
rpm.expand("%{echo:Setting %%{" .. rpmvariable .. "} = " .. value .. "\\n}")
end
end
-- Never ever stomp on a spec variable the packager already set
local function safeset(rpmvariable,value)
if (rpm.expand("%{?" .. rpmvariable .. "}") == "") then
explicitset(rpmvariable,value)
end
end
-- Set spec variable values for each known software publishing service
if (forgeurl ~= "") then
local forge = string.match(forgeurl, "^[^:]+://([^/]+)/")
if (forge == nil) then
if not silent then
rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !\\n}")
end
else
if (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
if (forgeurl == nil) then
if not silent then
rpm.expand("%{error:Gitlab URLs must match https://(…[-.])gitlab[-.]…/owner/repo !\\n}")
end
else
explicitset("forgeurl", forgeurl)
if (commit == "") then
rpm.expand("%{error:All Gitlab URLs require commit value knowledge: you need to define %{commit}!\\nPlease vote on https://gitlab.com/gitlab-org/gitlab-ce/issues/38830\\n}")
end
safeset("archiveext", "tar.bz2")
safeset("forgesetupargs", "-n %{archivename}")
if (commit ~= "") or (tag ~= "") then
safeset("scm", "git")
end
local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
local repo = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
local version = rpm.expand("%{?version}")
if (version ~= "") and (version ~= "0") and (tag == "") then
-- GitLab does not have strong versionning semantics
-- Some projects use "version" as release tag, others "v" + "version"
-- Tag value needs to be explicitly declared before calling the macro
-- in the second case
tag = version
safeset("tag", tag)
end
if (tag ~= "") then
safeset("archivename", repo .. "-%{tag}-%{commit}")
safeset("archiveurl", "%{forgeurl}/repository/%{tag}/archive.%{archiveext}")
else
safeset("archivename", repo .. "-%{commit}")
safeset("archiveurl", "%{forgeurl}/repository/%{commit}/archive.%{archiveext}")
end
end
end
if (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
if (forgeurl == nil) then
if not silent then
rpm.expand("%{error:GitHub URLs must match https://(…[-.])github[-.]…/owner/repo !\\n}")
end
else
explicitset("forgeurl", forgeurl)
safeset("archiveext", "tar.gz")
local forgesetupargs = "-n %{archivename}"
if (commit ~= "") or (tag ~= "") then
safeset("scm", "git")
end
local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
local repo = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
if (tag ~= "") then
-- if upstream used a version suffix such as -rc1 or -beta it will not
-- be a valid version string for rpm but github will accept it fine and
-- use the same naming as for other versions: v prefix in the tag and
-- archivename, no v prefix in the topdir naming inside the archive
local version = rpm.expand("%{?version}")
if version ~= "" and
(string.match(tag, "^v" .. version .. "[^%d]") or
string.match(tag, "^v" .. version .. "$")) then
forgesetupargs = "-n " .. repo .. "-" .. string.gsub(tag, "^v", "")
end
safeset("archivename", repo .. "-%{tag}")
safeset("archiveurl", "%{forgeurl}/archive/%{tag}.%{archiveext}")
else
if (commit ~= "") then
safeset("archivename", repo .. "-%{commit}")
safeset("archiveurl", "%{forgeurl}/archive/%{commit}/" .. repo .. "-%{commit}.%{archiveext}")
else
safeset("archivename", repo .. "-%{version}")
safeset("archiveurl", "%{forgeurl}/archive/v%{version}.%{archiveext}")
end
end
safeset("forgesetupargs", forgesetupargs)
end
end
if (forge == "code.googlesource.com") then
forgeurl = string.match(forgeurl, "https://code.googlesource.com/[^#?]*[^/#?]+")
if (forgeurl == nil) then
if not silent then
rpm.expand("%{error:Googlesource URLs must match https://code.googlesource.com/…/repo !\\n}")
end
else
explicitset("forgeurl", forgeurl)
safeset("archiveext", "tar.gz")
safeset("forgesetupargs", "-c")
if (commit ~= "") or (tag ~= "") then
safeset("scm", "git")
end
local repo = string.match(forgeurl, "^[^:]+://.+/([^/?#]+)")
if (tag ~= "") then
safeset("archivename", repo .. "-%{tag}")
safeset("archiveurl", "%{forgeurl}/+archive/%{tag}.%{archiveext}")
else
if (commit ~= "") then
safeset("archivename", repo .. "-%{commit}")
safeset("archiveurl", "%{forgeurl}/+archive/%{commit}.%{archiveext}")
else
safeset("archivename", repo .. "-v%{version}")
safeset("archiveurl", "%{forgeurl}/+archive/v%{version}.%{archiveext}")
end
end
end
end
if (forge == "bitbucket.org") then
forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
if (forgeurl == nil) then
if not silent then
rpm.expand("%{error:BitBucket URLs must match https://bitbucket.org/owner/repo !\\n}")
end
else
explicitset("forgeurl", forgeurl)
if (commit == "") then
rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!\\n}")
end
local shortcommit = string.sub(commit, 1, 12)
safeset("archiveext", "tar.bz2")
-- Default to git even though BitBucket allows choosing between several SCMs
-- Set scm to hg for example before calling the macro if your project does not use git
safeset("scm", "git")
local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
local repo = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
safeset("archivename", owner .. "-" .. repo .. "-" .. shortcommit)
safeset("forgesetupargs", "-n %{archivename}")
if (tag ~= "") then
safeset("archiveurl", "%{forgeurl}/get/%{tag}.%{archiveext}")
else
safeset("archiveurl", "%{forgeurl}/get/%{commit}.%{archiveext}")
end
end
end
if (forge == "pagure.io") then
if not silent then
rpm.expand("%{error:https://pagure.io/pagure/issue/861 needs to be resolved before the “pagure.io”\\nsoftware publishing service can be supported.\\n}")
end
end
-- Final tests to check forgeurl was successfuly parsed
if not silent then
if (rpm.expand("%{?archivename}") == "") or (rpm.expand("%{?archiveurl}") == "") then
rpm.expand("%{error:Automation for the “" .. forge .. "”\\nsoftware publishing service is not implemented yet.\\nPlease extend the %%forgemeta macro!\\n}")
end
end
end
end
-- Set defaults if forgeurl is missing or does not parse
local archivename = rpm.expand("%{?archivename}")
safeset("archiveext", "tar.gz")
if (archivename ~= "") then
safeset("forgesetupargs", "-n %{archivename}")
end
if (commit ~= "") or (tag ~= "") then
safeset("scm", "git")
end
-- Source URL processing (computing the forgesource spec variable)
local archiveurl = rpm.expand("%{?archiveurl}")
local archiveext = rpm.expand("%{?archiveext}")
if (archivename ~= "") and (archiveurl ~= "") then
if (string.match(archiveurl, "/([^/]+)$") == archivename .. "." .. archiveext) then
safeset("forgesource", "%{archiveurl}")
else
safeset("forgesource", "%{?archiveurl}#/%{?archivename}.%{archiveext}")
end
end
-- dist processing (computing the correct pefix for snapshots)
local distprefix = rpm.expand("%{?tag}")
local version = rpm.expand("%{?version}")
if (distprefix == version) or (distprefix == "v" .. version) then
distprefix = ""
end
if (distprefix == "") then
distprefix = string.sub(rpm.expand("%{?commit}"), 1, 7)
end
if (distprefix ~= "") then
local dist = ".%([ -r %{_sourcedir}/%{archivename}.%{archiveext} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename}.%{archiveext})%{scm}" .. string.gsub(distprefix, "-",".") .. rpm.expand("%{?dist}")
explicitset("dist", dist)
end
-- Final spec variable summary if the macro was called with -i
if informative then
rpm.expand("%{echo:Forge-specific packaging variables\\n}")
rpm.expand("%{echo: forgeurl: %{?forgeurl}\\n}")
rpm.expand("%{echo: forgesource: %{?forgesource}\\n}")
rpm.expand("%{echo: forgesetupargs: %{?forgesetupargs}\\n}")
rpm.expand("%{echo:Generic variables\\n}")
rpm.expand("%{echo: archivename: %{?archivename}\\n}")
rpm.expand("%{echo: archiveext: %{?archiveext}\\n}")
rpm.expand("%{echo: archiveurl: %{?archiveurl}\\n}")
rpm.expand("%{echo: scm: %{?scm}\\n}")
rpm.expand("%{echo: tag: %{?tag}\\n}")
rpm.expand("%{echo: commit: %{?commit}\\n}")
rpm.expand("%{echo: dist: %{?dist} (snapshot date is computed once %%{_sourcedir}/%%{archivename}.%%{archiveext} is available)\\n}")
end
}
# Convenience macro to relay computed arguments to %setup
%forgesetup(a:b:cDn:Tq) %setup %{?forgesetupargs} %{-a} %{-b} %{-c} %{-D} %{-n} %{-T} %{-q}
# Convenience macro to relay computed arguments to %autosetup
%forgeautosetup(a:b:cDn:TvNS:p:) %autosetup %{?forgesetupargs} %{-a} %{-b} %{-c} %{-D} %{-n} %{-T} %{-v} %{-N} %{-S} %{-p}

View File

@ -1,3 +0,0 @@
# kernel_arches lists what arches the full kernel is built for.
%kernel_arches x86_64 s390x ppc64le aarch64 %{arm}

View File

@ -1,97 +0,0 @@
# Use these macros to differentiate between RH and other KMP implementation(s).
%global redhat_kernel_module_package 1
%global kernel_module_package_release 1
%global redhat_kmp_has_post_hooks 1
%__brp_kmod_set_exec_bit /usr/lib/rpm/redhat/brp-kmod-set-exec-bit
%__brp_kmod_restore_perms /usr/lib/rpm/redhat/brp-kmod-restore-perms
%__kmod_brps_added 0
%__find_provides /usr/lib/rpm/redhat/find-provides
%__find_requires /usr/lib/rpm/redhat/find-requires
#kernel_module_package [ -n name ] [ -v version ] [ -r release ] [ -s script ]
# [ -f filelist] [ -x ] [ -p preamble ] flavor flavor ...
%kernel_module_package_buildreqs %global kmodtool_generate_buildreqs 1 \
kernel-devel kernel-abi-whitelists redhat-rpm-config kernel-rpm-macros elfutils-libelf-devel kmod
%kernel_module_package(n:v:r:s:f:xp:) %{expand:%( \
## An ugly hack: we want kmods to be processed by find-debuginfo,
## but it processes only files with executable permission set.
## It is important now since, as of now, if debuginfo package
## is enabled (and it is enabled), there's an RPM build error
## as a result of lack of ether absence or emptiness of
## debugsourcefiles.list (which is likely a bug in RPM, but it looks
## like that there's no obvious fix and apparently no one have
## any issues with this).
## In order to minimise intrusiveness, usually (in Red Hat-built kmod
## RPMs) *.ko files just have executable permission being set as a part
## of %build section. There are two caveats with kmp, however:
## * We have no control over %build section itself (and it wasn't
## required previously)
## * Changing the criteria used in find-debuginfo.sh/brp-strip
## for selecting files that have to undergo debug section separation
## may introduce regression.
## As a result, we insert additional hooks in __spec_install_post
## (__brp_kmod_set_exec_bit in the beginning and
## __brp_kmod_restore_perms in the end) that (temporarily) set
## executable permission for *.ko files so find-debuginfo.sh will pick
## them up.
## Unfortunately, __spec_install_post's body is copied here since
## we want that __debug_package macro expansion has been performed
## lazily and it looks like RPM has no ability to provide a body
## of a macro verbatim.
if [ 0 = "%{__kmod_brps_added}" ]; then \
echo "%%global __spec_install_post \\\\" \
echo " %%{?__brp_kmod_set_exec_bit} \\\\" \
echo " %%%%{?__debug_package:%%%%{__debug_install_post}} \\\\" \
echo " %%{__arch_install_post} \\\\" \
echo " %%{__os_install_post} \\\\" \
echo " %%{?__brp_kmod_pre_sign_process} \\\\" \
echo " %%{?__brp_kmod_sign} \\\\" \
echo " %%{?__brp_kmod_post_sign_process} \\\\" \
echo " %%{?__brp_kmod_compress} \\\\" \
echo " %%{?__brp_kmod_post_compress_process} \\\\" \
echo " %%{?__brp_kmod_restore_perms} \\\\" \
echo "%%{nil}" \
fi \
%global __kmod_brps_added 1 \
%global kmodtool %{-s*}%{!-s:/usr/lib/rpm/redhat/kmodtool} \
%global kmod_version %{-v*}%{!-v:%{version}} \
%global kmod_release %{-r*}%{!-r:%{release}} \
%global latest_kernel %({ rpm -q --qf '%%{VERSION}-%%{RELEASE}.%%{ARCH}\\\\n' `rpm -qa | egrep "^kernel(-rt|-aarch64)?-devel" | /usr/lib/rpm/redhat/rpmsort -r | head -n 1`; echo '%%%%{nil}'; } | head -n 1) \
%{!?kernel_version:%{expand:%%global kernel_version %{latest_kernel}}} \
%global kverrel %(%{kmodtool} verrel %{?kernel_version} 2>/dev/null) \
flavors="default" \
if [ -z "%*" ]; then \
flavors_to_build=$flavors \
elif [ -z "%{-x}" ]; then \
flavors_to_build="%*" \
else \
flavors_to_build=" $flavors "\
for i in %* \
do \
flavors_to_build=${flavors_to_build//$i /}
done \
fi \
echo "%%global flavors_to_build ${flavors_to_build:-%%nil}" \
echo "%%global kernel_source() \\\$([ default = \"%%%%{1}\" ] && echo \"/usr/src/kernels//%%%%kverrel\" || %{kmodtool} kernel_source \"%%%%{kverrel}\" \"%%%%{1}\" 2>/dev/null || { ls -Ud \"/usr/src/kernels///%%%%{kverrel}\"[.+]\"%%%%{1}\" | sort -V | tail -n 1; } || echo \"/usr/src/kernels////%%%%kverrel.%%%%1\")" \
echo "%%global kernel_module_package_moddir() extra" \
if [ ! -z "%{-f*}" ] \
then \
filelist="%{-f*}" \
fi \
if [ ! -z "%{-p*}" ] \
then \
preamble="%{-p*}" \
fi \
nobuildreqs="yes" \
if [ "x%{kmodtool_generate_buildreqs}" != "x1" ] \
then \
nobuildreqs="no" \
fi \
override_filelist="$filelist" override_preamble="$preamble" nobuildreqs="$nobuildreqs" kmod_version=%kmod_version kmod_release=%kmod_release %{kmodtool} rpmtemplate %{-n*}%{!-n:%name} %{kverrel} $flavors_to_build 2>/dev/null \
)}

View File

@ -1,2 +0,0 @@
# arches that ldc builds on
%ldc_arches %{ix86} x86_64 %{arm} %{power64}

View File

@ -1,3 +0,0 @@
# valgrind_arches lists what arches Valgrind works on
%valgrind_arches %{ix86} x86_64 ppc ppc64 ppc64le armv7hl aarch64 s390x

View File

@ -1,78 +0,0 @@
#! /bin/bash -efu
# heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>.
# with modifications by Michael Brown <Michael_E_Brown@dell.com>
#
# -- added module versioning info to modalias() symbols
# -- removed code which inspects spec files.
IFS=$'\n'
#
# Initially, dont generate modalias() lines for kernel package. This needs
# additional discussion. Would like to eventually add them for
# completeness, so that we can determine when drivers are folded into
# mainline kernel.
#
is_kernel_package=""
case "${1:-}" in
kernel-module-*) ;; # Fedora kernel module package names start with
# kernel-module.
kernel*) is_kernel_package=1 ;;
esac
if ! [ -z "$is_kernel_package" ]; then
cat > /dev/null
exit 0
fi
# Check for presence of the commands used
which /sbin/modinfo >/dev/null || exit 0
which sed >/dev/null || exit 0
which sort >/dev/null || exit 0
print_modaliases() {
declare class=$1 variants=$2 pos=$3
if [ -n "$variants" ]; then
echo "${class:0:pos}[$variants]${class:pos+1}"
else
[ -z "$class" ] || echo "$class"
fi
}
combine_modaliases() {
declare tag class variants="" pos="" n
read class
while read tag; do
for ((n=0; n<${#class}; n++)); do
if [ "*" != "${class:n:1}" -a \
"${class:0:n}" = "${tag:0:n}" -a \
"${class:n+1}" = "${tag:n+1}" ] &&
( [ -z "$pos" ] || [ $n = $pos ] ); then
variants="${variants:-${class:n:1}}${tag:n:1}"
pos=$n
break
fi
done
if [ $n -eq ${#class} ]; then
print_modaliases "$class" "$variants" "$pos"
variants=
pos=
class=$tag
fi
done
print_modaliases "$class" "$variants" "$pos"
}
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') "$@"; do
# | head -n1 because some modules have *two* version tags. *cough*b44*cough*
modver=$(/sbin/modinfo -F version "$module"| head -n1)
modver=${modver//[^0-9a-zA-Z._]/_}
# only add version tag if it has a version
[ -z "$modver" ] || modver=" = $modver"
/sbin/modinfo -F alias "$module" \
| sed -nre "s,[^][0-9a-zA-Z._:*?/-],_,g; s,(.+),modalias(\\1)$modver,p"
done \
| sort -u \
| combine_modaliases

View File

@ -1,2 +0,0 @@
*cc1_options:
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}

View File

@ -1,97 +0,0 @@
include: /usr/lib/rpm/rpmrc
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i686 %{__global_compiler_flags} -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
optflags: ia64 %{__global_compiler_flags}
optflags: x86_64 %{__global_compiler_flags} -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
optflags: alpha %{__global_compiler_flags} -mieee
optflags: alphaev5 %{__global_compiler_flags} -mieee -mcpu=ev5
optflags: alphaev56 %{__global_compiler_flags} -mieee -mcpu=ev56
optflags: alphapca56 %{__global_compiler_flags} -mieee -mcpu=pca56
optflags: alphaev6 %{__global_compiler_flags} -mieee -mcpu=ev6
optflags: alphaev67 %{__global_compiler_flags} -mieee -mcpu=ev67
optflags: sparc %{__global_compiler_flags} -m32 -mcpu=v7 -mtune=ultrasparc
optflags: sparcv8 %{__global_compiler_flags} -m32 -mcpu=v8
optflags: sparcv9 %{__global_compiler_flags} -m32 -mcpu=ultrasparc
optflags: sparcv9v %{__global_compiler_flags} -m32 -mcpu=niagara
optflags: sparc64 %{__global_compiler_flags} -m64 -mcpu=ultrasparc
optflags: sparc64v %{__global_compiler_flags} -m64 -mcpu=niagara
optflags: m68k %{__global_compiler_flags}
optflags: ppc %{__global_compiler_flags} -m32 -funwind-tables
optflags: ppciseries %{__global_compiler_flags} -m32
optflags: ppcpseries %{__global_compiler_flags} -m32
optflags: ppc64 %{__global_compiler_flags} -m64 -funwind-tables -fstack-clash-protection
optflags: ppc64p7 %{__global_compiler_flags} -m64 -O3 -mcpu=power7 -mtune=power7 -funwind-tables -fstack-clash-protection
optflags: ppc64le %{__global_compiler_flags} -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protection
optflags: ppc64iseries %{__global_compiler_flags} -m64
optflags: ppc64pseries %{__global_compiler_flags} -m64
optflags: ppc8260 %{__global_compiler_flags} -m32
optflags: ppc8560 %{__global_compiler_flags} -m32
optflags: parisc %{__global_compiler_flags} -mpa-risc-1-0
optflags: hppa1.0 %{__global_compiler_flags} -mpa-risc-1-0
optflags: hppa1.1 %{__global_compiler_flags} -mpa-risc-1-0
optflags: hppa1.2 %{__global_compiler_flags} -mpa-risc-1-0
optflags: hppa2.0 %{__global_compiler_flags} -mpa-risc-1-0
optflags: mips %{__global_compiler_flags} -march=mips32r2 -mfpxx
optflags: mipsel %{__global_compiler_flags} -march=mips32r2 -mfpxx
optflags: mips64 %{__global_compiler_flags} -march=mips64r2 -mabi=64
optflags: mips64el %{__global_compiler_flags} -march=mips64r2 -mabi=64
optflags: mipsr6 %{__global_compiler_flags} -march=mips32r6
optflags: mipsr6el %{__global_compiler_flags} -march=mips32r6
optflags: mips64r6 %{__global_compiler_flags} -march=mips64r6
optflags: mips64r6el %{__global_compiler_flags} -march=mips64r6
optflags: armv3l %{__global_compiler_flags} -fsigned-char -march=armv3
optflags: armv4b %{__global_compiler_flags} -fsigned-char -march=armv4
optflags: armv4l %{__global_compiler_flags} -fsigned-char -march=armv4
optflags: armv4tl %{__global_compiler_flags} -march=armv4t
optflags: armv5tel %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
optflags: armv5tejl %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
optflags: armv6l %{__global_compiler_flags} -march=armv6 -mfloat-abi=soft
optflags: armv6hl %{__global_compiler_flags} -march=armv6 -mfpu=vfp -mfloat-abi=hard
optflags: armv6hnl %{__global_compiler_flags} -march=armv6 -mfpu=neon -mfloat-abi=hard
optflags: armv7l %{__global_compiler_flags} -march=armv7-a -mfloat-abi=soft
optflags: armv7hl %{__global_compiler_flags} -march=armv7-a -mfpu=vfpv3-d16 -mtune=generic-armv7-a -mabi=aapcs-linux -mfloat-abi=hard
optflags: armv7hnl %{__global_compiler_flags} -march=armv7-a -mfpu=neon -mfloat-abi=hard
optflags: atarist %{__global_compiler_flags}
optflags: atariste %{__global_compiler_flags}
optflags: ataritt %{__global_compiler_flags}
optflags: falcon %{__global_compiler_flags}
optflags: atariclone %{__global_compiler_flags}
optflags: milan %{__global_compiler_flags}
optflags: hades %{__global_compiler_flags}
optflags: s390 %{__global_compiler_flags} -m31 -march=z13 -mtune=z14 -fasynchronous-unwind-tables
optflags: s390x %{__global_compiler_flags} -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection
optflags: aarch64 %{__global_compiler_flags} -fasynchronous-unwind-tables -fstack-clash-protection
optflags: riscv64 %{__global_compiler_flags}
# set build arch to fedora buildarches on hardware capable of running it
# saves having to do rpmbuild --target=
buildarchtranslate: athlon: i686
buildarchtranslate: geode: i686
buildarchtranslate: pentium4: i686
buildarchtranslate: pentium3: i686
buildarchtranslate: i686: i686
buildarchtranslate: i586: i586
buildarchtranslate: sparcv9: sparcv9
buildarchtranslate: sparcv9v: sparcv9
buildarchtranslate: armv5tejl: armv5tel
buildarchtranslate: armv6l: armv5tel
buildarchtranslate: armv7l: armv5tel
buildarchtranslate: armv7hl: armv7hl
buildarchtranslate: armv7hnl: armv7hl

View File

@ -1,76 +0,0 @@
#! /usr/bin/perl -w
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
use Getopt::Long qw(:config gnu_getopt);
sub rpm_cmp_versions {
my ($evr1, $evr2) = @_;
sub _rpm_cmp {
my ($s1, $s2) = @_;
return defined $s1 <=> defined $s2
unless defined $s1 && defined $s2;
my ($r, $x1, $x2);
do {
$s1 =~ s/^[^a-zA-Z0-9]+//;
$s2 =~ s/^[^a-zA-Z0-9]+//;
if ($s1 =~ /^\d/ || $s2 =~ /^\d/) {
$s1 =~ s/^0*(\d*)//; $x1 = $1;
$s2 =~ s/^0*(\d*)//; $x2 = $1;
$r = length $x1 <=> length $x2 || $x1 cmp $x2;
} else {
$s1 =~ s/^([a-zA-Z]*)//; $x1 = $1;
$s2 =~ s/^([a-zA-Z]*)//; $x2 = $1;
return 0
if $x1 eq '' && $x2 eq '';
$r = $x1 cmp $x2;
}
} until $r;
return $r;
}
my ($e1, $v1, $r1) = $evr1 =~ /^(?:(\d*):)?(.*?)(?:-([^-]*))?$/;
my ($e2, $v2, $r2) = $evr2 =~ /^(?:(\d*):)?(.*?)(?:-([^-]*))?$/;
my $r = _rpm_cmp($e1 || 0, $e2 || 0);
$r = _rpm_cmp($v1, $v2)
unless $r;
$r = _rpm_cmp($r1, $r2)
unless $r;
return $r;
}
my $reorder = sub { return @_ };
my $key = 0;
GetOptions ("r|reverse" => sub { $reorder = sub { return reverse @_ } },
"k|key=i" => \$key)
or do {
print STDERR "Usage\n";
exit 1;
};
if ($key == 0) {
# Sort by entire lines
map { print } &$reorder(sort { rpm_cmp_versions($a, $b) } <>);
} else {
# Sort by field $key
my @data = map { [(split)[$key-1], $_] } <>;
map { print } &$reorder(map { $_->[1] }
sort { rpm_cmp_versions($a->[0], $b->[0]) } @data);
}

View File

@ -1,40 +0,0 @@
#! /bin/sh
# Create a table of all symbol sets defined in all /boot/symsets*.tar.gz
# files.
#
# Format:
# kernelrelease/modver/symbol <tab> symset <tab> symset_hash
#
# This table is needed for computing the appropriate Requires: tags for
# kernel module packages.
tmpdir=$(mktemp -t -d ${0##*/}.XXXXXX)
trap "cd / ; rm -rf $tmpdir" EXIT
cd $tmpdir
shopt -s nullglob
for symsets in /boot/symsets-*.tar.gz; do
zcat $symsets \
| tar xf -
done
for symsets in /usr/src/kernels/*/symsets-*.tar.gz; do
zcat $symsets \
| tar xf -
done
for symsets in *; do
krel=${symsets#symsets-}
for symset in $symsets/*; do
class=${symset##*/} ; class=${class%.*}
hash=${symset##*.}
awk '
BEGIN { FS = "\t" ; OFS = "\t" }
{ sub(/0x0*/, "", $1)
print krel "/" $1 "/" $2, class, hash }
' krel="$krel" class="$class" hash="$hash" $symset
done
done
# vim:shiftwidth=4 softtabstop=4

View File

@ -1,4 +1,4 @@
#!/bin/sh -f
#!/bin/sh -efu
# Force creating of DSO symlinks.
# If using normal root, avoid changing anything.
@ -6,5 +6,8 @@ if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
/sbin/ldconfig -N -r "$RPM_BUILD_ROOT"
# Create an empty config file for ldconfig to shut up a warning
config=$(mktemp -p "$RPM_BUILD_ROOT")
/sbin/ldconfig -f $(basename "$config") -N -r "$RPM_BUILD_ROOT"
rm -f "$config"
# TODO: warn if it created new symlinks and guide people.

54
brp-llvm-compile-lto-elf Executable file
View File

@ -0,0 +1,54 @@
#!/usr/bin/bash -eu
if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
CLANG_FLAGS=$@
NCPUS=${RPM_BUILD_NCPUS:-1}
check_convert_bitcode () {
local file_name=$(realpath ${1})
local file_type=$(file ${file_name})
shift
CLANG_FLAGS="$@"
if [[ "${file_type}" == *"LLVM IR bitcode"* ]]; then
# Check the output of llvm-strings for the command line, which is in the LLVM bitcode because
# we pass -frecord-gcc-switches.
# Check for a line that has "-flto" after (or without) "-fno-lto".
llvm-strings ${file_name} | while read line ; do
flto=$(echo $line | grep -o -b -e -flto | tail -n 1 | cut -d : -f 1)
fnolto=$(echo $line | grep -o -b -e -fno-lto | tail -n 1 | cut -d : -f 1)
if test -n "$flto" && { test -z "$fnolto" || test "$flto" -gt "$fnolto"; } ; then
echo "Compiling LLVM bitcode file ${file_name}."
clang ${CLANG_FLAGS} -fno-lto -Wno-unused-command-line-argument \
-x ir ${file_name} -c -o ${file_name}
break
fi
done
elif [[ "${file_type}" == *"current ar archive"* ]]; then
echo "Unpacking ar archive ${file_name} to check for LLVM bitcode components."
# create archive stage for objects
local archive_stage=$(mktemp -d)
local archive=${file_name}
pushd ${archive_stage}
ar x ${archive}
for archived_file in $(find -not -type d); do
check_convert_bitcode ${archived_file} ${CLANG_FLAGS}
echo "Repacking ${archived_file} into ${archive}."
ar r ${archive} ${archived_file}
done
popd
fi
}
echo "Checking for LLVM bitcode artifacts"
export -f check_convert_bitcode
# Deduplicate by device:inode to avoid processing hardlinks in parallel.
find "$RPM_BUILD_ROOT" -type f -name "*.[ao]" -printf "%D:%i %p\n" | \
awk '!seen[$1]++' | cut -d" " -f2- | \
xargs -d"\n" -r -n1 -P$NCPUS sh -c "check_convert_bitcode \$@ $CLANG_FLAGS" ARG0

View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/bash -eu
# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
@ -76,7 +76,7 @@ cd "$RPM_BUILD_ROOT"
# (Take care to exclude filenames which would mangle "file" output).
find -executable -type f ! -path '*:*' ! -path $'*\n*' \
| file -N --mime-type -f - \
| grep -P ".+(?=: text/)" \
| grep -P ".+(?=: (text/|application/javascript))" \
| {
fail=0
while IFS= read -r line; do
@ -142,11 +142,9 @@ while IFS= read -r line; do
# /whatsoever/env foo → /whatsoever/foo
shebang=$(echo "$shebang" | sed -r -e 's@^(.+/)env (.+)$@\1\2@')
# Replace python3 with the desired Python 3 shebang,
# if passed as an non-empty environment variable PYTHON3
if [ -n "${PYTHON3:+x}" ]; then
shebang=$(echo "$shebang" | sed -r -e "s@/usr/bin/python3(\s|$)@${PYTHON3}\1@")
fi
# If the shebang now starts with /bin, change it to /usr/bin
# https://bugzilla.redhat.com/show_bug.cgi?id=1581757
shebang=$(echo "$shebang" | sed -r -e 's@^/bin/@/usr/bin/@')
# Replace ambiguous python with python2
py_shebang=$(echo "$shebang" | sed -r -e 's@/usr/bin/python(\s|$)@/usr/bin/python2\1@')

17
brp-strip-lto Executable file
View File

@ -0,0 +1,17 @@
#!/usr/bin/sh
# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
STRIP=${1:-strip}
NCPUS=${RPM_BUILD_NCPUS:-1}
case `uname -a` in
Darwin*) exit 0 ;;
*) ;;
esac
# Strip ELF binaries
find "$RPM_BUILD_ROOT" -type f -name '*.[ao]' \! -regex "$RPM_BUILD_ROOT/*usr/lib/debug.*" -print0 | \
eu-elfclassify --not-program --not-library --not-linux-kernel-module --stdin0 --print0 | xargs -0 -r -P$NCPUS -n32 sh -c "$STRIP -p -R .gnu.lto_* -R .gnu.debuglto_* -N __gnu_lto_v1 \"\$@\"" ARG0

743
buildflags.md Normal file
View File

@ -0,0 +1,743 @@
This document contains documentation of the individual compiler flags
and how to use them.
[TOC]
# Using RPM build flags
The %set_build_flags macro sets the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, `VALAFLAGS`, `LDFLAGS` and `LT_SYS_LIBRARY_PATH` to
the value of their corresponding rpm macros. `%set_build_flags` is automatically
called prior to the `%build`, `%check`, and `%install` phases so these flags can be
used by makefiles and other build tools.
You can opt out of this behavior by doing:
%undefine _auto_set_build_flags
If you do opt out of this behavior, you can still manually use `%set_build_flags`
by adding it to the `%build` section of your spec file or by using one of the
build system helper macros like `%configure`, `%cmake`, and `%meson`.
For packages which use autoconf to set up the build environment, use
the `%configure` macro to obtain the full complement of flags, like
this:
%configure
This will invoke `./configure` with arguments (such as
`--prefix=/usr`) to adjust the paths to the packaging defaults. Prior
to that, some common problems in autotools scripts are automatically
patched across the source tree.
Individual build flags are also available through RPM macros:
* `%{build_cc}` for the command name of the C compiler.
* `%{build_cxx}` for the command name of the C++ compiler.
* `%{build_cpp}` for the command name of the C-compatible preprocessor.
* `%{build_cflags}` for the C compiler flags (also known as the
`CFLAGS` variable).
* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
the `CXXFLAGS` shell variable).
* `%{build_fflags}` for `FFLAGS` (the Fortran compiler flags, also
known as the `FCFLAGS` variable).
* `%{build_valaflags}` for `VALAFLAGS` (the Vala compiler flags)
* `%{build_ldflags}` for the linker (`ld`) flags, usually known as
`LDFLAGS`. Note that the contents quote linker arguments using
`-Wl`, so this variable is intended for use with the `gcc` compiler
driver. At the start of the `%build` section, the environment
variable `RPM_LD_FLAGS` is set to this value.
The C and C++ compiler flags are historically available as the
`%{optflags}` macro. These flags may not contain flags that work with
certain languagues or compiler front ends, so the language-specific
`%build_*` are more precise. At the start of the `%build` section,
the environment variable `RPM_OPT_FLAGS` is set to the `%{optflags}`
value; similar limitations apply.
The variable `LT_SYS_LIBRARY_PATH` is defined here to prevent the `libtool`
script (v2.4.6+) from hardcoding `%_libdir` into the binaries' `RPATH`.
These RPM macros do not alter shell environment variables.
For some other build tools separate mechanisms exist:
* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
package.
Care must be taking not to compile the current selection of compiler
flags into any RPM package besides `redhat-rpm-config`, so that flag
changes are picked up automatically once `redhat-rpm-config` is
updated.
# Flag selection for the build type
The default flags are suitable for building applications.
For building shared objects, you must compile with `-fPIC` in
(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
For other considerations involving shared objects, see:
* [Fedora Packaging Guidelines: Shared Libraries](https://docs.fedoraproject.org/en-US/packaging-guidelines/#_shared_libraries)
# Customizing compiler and other build flags
It is possible to set RPM macros to change some aspects of the
compiler flags. Changing these flags should be used as a last
recourse if other workarounds are not available.
### Toolchain selection
The default toolchain uses GCC, and the `%toolchain` macro is defined
as `gcc`.
It is enough to override `toolchain` macro and all relevant macro for C/C++
compilers will be switched. Either in the spec or in the command-line.
%global toolchain clang
or:
rpmbuild -D "toolchain clang" …
Inside a spec file it is also possible to determine which toolchain is in use
by testing the same macro. For example:
%if "%{toolchain}" == "gcc"
BuildRequires: gcc
%endif
or:
%if "%{toolchain}" == "clang"
BuildRequires: clang compiler-rt
%endif
### Controlling Type Safety
The macro `%build_type_safety_c` can be set to change the C type
safety level. The default level is 3, see below. It can be set to 0
to get historic levels of type safety. Changing the type safety level
may depend on correct `CFLAGS` propagation during the build. The
`%build_type_safety_c` macro needs to be set before `CFLAGS`-related
macros are expanded by RPM (that is, earlier in the file works
better).
Packages can set `%build_type_safety_c` to higher values to adopt
future distribution-wide type-safety increases early. When changing
the `%build_type_safety_c` level to increase it, spec file should use
a construct like this to avoid *lowering* a future default:
```
%if %build_type_safety_c < 4
%global build_type_safety_c 4
%endif
```
At level 0, all C constructs that GCC accepts for backwards
compatibility with obsolete language standards are accepted during
package builds. This is achieved by passing `-fpermissive` to GCC.
At level 1, the following additional error categories are enabled:
* `-Werror=implicit-int`: Reject declarations and definitions that
omit a type name where one is required. Examples are:
`extern int_variable;`, `extern int_returning_function (void);`,
and missing separate parameter type declarations in old-style
function definitions.
* `-Werror=implicit-function-declaration`: Reject calls to functions
to undeclared functions such as `function_not_defined_anywhere ()`.
Previously, such expressions where we compiled as if a declaration
`extern int function_not_defined_anywhere ();` (a prototype-less
function declaration) were in scope.
* `-Werror=return-mismatch`: Reject `return` statements with missing
or extra expressions, based on the declared return type of the
function.
* `-Wdeclaration-missing-parameter-type`: Reject function declarations
that contain unknown type names (which used to be treated as ignored
identifier names).
At level 2, the following error category is enabled in addition:
* `-Werror=int-conversion`: Reject the use of integer expressions
where a pointer type expected, and pointer expressions where an
integer type is expected. Without this option, GCC may produce an
executable, but often, there are failures at run time because not
the full 64 bits of pointers are preserved.
The additional level 3 error category is:
* `-Werror=incompatible-pointer-types`: An expression of one pointer
type is used where different pointer type is expected. (This does
not cover signed/unsigned mismatches in the pointer target type.)
Clang errors out on more obsolete and invalid C constructs than C, so
the type safety is higher by default than with the GCC toolchain.
### Disable autotools compatibility patching
By default, the invocation of the `%configure` macro replaces
`config.guess` files in the source tree with the system version. To
disable that, define this macro:
%global _configure_gnuconfig_hack 0
`%configure` also patches `ltmain.sh` scripts, so that linker flags
are set as well during libtool-. This can be switched off using:
%global _configure_libtool_hardening_hack 0
Further patching happens in LTO mode, see below.
### Other autotools compatibility settings
During `%configure`, `--runstatedir` is automatically passed to the
`configure` script if support for this option is detected. This
detection can fail if the package has multiple `configure` scripts
that invoke each other, and only some of them support `--runstatedir`.
To disable passing `--runstatedir`, use:
%undefine _configure_use_runstatedir
### Disabling Link-Time Optimization
By default, builds use link-time optimization. In this build mode,
object code is generated at the time of the final link, by combining
information from all available translation units, and taking into
account which symbols are exported.
To disable this optimization, include this in the spec file:
%global _lto_cflags %{nil}
If LTO is enabled, `%configure` applies some common required fixes to
`configure` scripts. To disable that, define the RPM macro
`_fix_broken_configure_for_lto` as `true` (sic; it has to be a shell
command).
### Lazy binding
If your package depends on the semantics of lazy binding (e.g., it has
plugins which load additional plugins to complete their dependencies,
before which some referenced functions are undefined), you should put
`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
which have such requirements. Under these circumstances, it is
unnecessary to disable hardened builds (and thus lose full ASLR for
executables), or link everything without `-Wl,z,now` (non-lazy
binding).
### Hardened builds
By default, the build flags enable fully hardened builds. To change
this, include this in the RPM spec file:
%undefine _hardened_build
This turns off certain hardening features, as described in detail
below. The main difference is that executables will be
position-dependent (no full ASLR) and use lazy binding.
### Source Fortification
By default, the build flags include `-Wp,-D_FORTIFY_SOURCE=3`: Source
fortification activates various hardening features in glibc:
* String functions such as `memcpy` attempt to detect buffer lengths
and terminate the process if a buffer overflow is detected.
* `printf` format strings may only contain the `%n` format specifier
if the format string resides in read-only memory.
* `open` and `openat` flags are checked for consistency with the
presence of a *mode* argument.
* Plus other minor hardening changes.
These changes can, on rare occasions, break valid programs. The source
fortification level can be overridden by adding this in the RPM spec file:
%define _fortify_level 2
to reduce source fortification level to 2 or:
%undefine _fortify_level
to disable fortification altogether.
### Annotated builds/watermarking
By default, the build flags cause a special output section to be
included in ELF files which describes certain aspects of the build.
To change this for all compiler invocations, include this in the RPM
spec file:
%undefine _annotated_build
Be warned that this turns off watermarking, making it impossible to do
full hardening coverage analysis for any binaries produced.
It is possible to disable annotations for individual compiler
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
the annobin plugin must still be loaded for this flag to be
recognized, so it has to come after the hardening flags on the command
line (it has to be added at the end of `CFLAGS`, or specified after
the `CFLAGS` variable contents).
### Keeping dependencies on unused shared objects
By default, ELF shared objects which are listed on the linker command
line, but which have no referencing symbols in the preceding objects,
are not added to the output file during the final link.
In order to keep dependencies on shared objects even if none of
their symbols are used, include this in the RPM spec file:
%undefine _ld_as_needed
For example, this can be required if shared objects are used for their
side effects in ELF constructors, or for making them available to
dynamically loaded plugins.
### Switching to legacy relative relocations
By default, ELF objects use the architecture-independent `DT_RELR`
mechanism for relative relocations. To switch to the older,
architecture-specific relocation scheme, add this to the RPM spec file:
%undefine _ld_pack_relocs
This adds `-Wl,-z,pack-relative-relocs` to the linker flags (`LDFLAGS`).
### Specifying the build-id algorithm
If you want to specify a different build-id algorithm for your builds, you
can use the `%_build_id_flags` macro:
%_build_id_flags -Wl,--build-id=sha1
### Strict symbol checks in the link editor (ld)
Optionally, the link editor will refuse to link shared objects which
contain undefined symbols. Such symbols lack symbol versioning
information and can be bound to the wrong (compatibility) symbol
version at run time, and not the actual (default) symbol version which
would have been used if the symbol definition had been available at
static link time. Furthermore, at run time, the dynamic linker will
not have complete dependency information (in the form of DT_NEEDED
entries), which can lead to errors (crashes) if IFUNC resolvers are
executed before the shared object containing them is fully relocated.
To switch on these checks, define this macro in the RPM spec file:
%global _strict_symbol_defs_build 1
If this RPM spec option is active, link failures will occur if the
linker command line does not list all shared objects which are needed.
In this case, you need to add the missing DSOs (with linker arguments
such as `-lm`). As a result, the link editor will also generated the
necessary DT_NEEDED entries.
In some cases (such as when a DSO is loaded as a plugin and is
expected to bind to symbols in the main executable), undefined symbols
are expected. In this case, you can add
%undefine _strict_symbol_defs_build
to the RPM spec file to disable these strict checks. Alternatively,
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
command line). The latter needs binutils 2.29.1-12.fc28 or later.
### Legacy -fcommon
Since version 10, [gcc defaults to `-fno-common`](https://gcc.gnu.org/gcc-10/porting_to.html#common).
Builds may fail with `multiple definition of ...` errors.
As a short term workaround for such failure,
it is possible to add `-fcommon` to the flags by defining `%_legacy_common_support`.
%global _legacy_common_support 1
Properly fixing the failure is always preferred!
### Package note on ELF objects
A note that describes the package name, version, and architecture is
inserted via a linker script (`%_package_note_file`). The script is
generated when `%set_build_flags` is called. The linker option that
injects the linker script is added to `%{build_ldflags}` via the
`%{_package_note_flags}` macro.
To opt out of the use of this feature completely, the best way is to
undefine the first macro. Include this in the spec file:
%undefine _package_note_file
The other macros can be undefined too to replace parts of the functionality.
If `%_generate_package_note_file` is undefined, the linker script will not
be generated, but the link flags may still refer to it. This may be useful
if the default generation method is insufficient and a different mechanism
will be used to generate `%_package_note_file`. If `%_package_note_flags`
is undefined, the linker argument that injects the script will not be added
to `%build_ldfags`, but the linker script would still be generated.
### Frame pointers
Frame pointers will be included by default via the `%_include_frame_pointers`
macro. To opt out, the best way is to undefine the macro. Include this in the
spec file:
%undefine _include_frame_pointers
Note that opting out might still result in frame pointers being included on
architectures where they are part of the ABI (e.g. aarch64) depending on
compiler defaults.
### Post-build ELF object processing
By default, DWARF debugging information is separated from installed
ELF objects and put into `-debuginfo` subpackages. To disable most
debuginfo processing (and thus the generation of these subpackages),
define `_enable_debug_packages` as `0`.
Processing of debugging information is controlled using the
`find-debuginfo` tool from the `debugedit` package. Several aspects
of its operation can be controlled at the RPM level.
* Creation of `-debuginfo` subpackages is enabled by default.
To disable, undefine `_debuginfo_subpackages`.
* Likewise, `-debugsource` subpackages are automatically created.
To disable, undefine `_debugsource_subpackages`.
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
for background information.
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
`_unique_debug_srcs` control how debugging information and
corresponding source files are represented on disk.
See `/usr/lib/rpm/macros` for details. The defaults
enable parallel installation of `-debuginfo` packages for
different package versions, as described in
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
* By default, a compressed symbol table is preserved in the
`.gnu_debugdata` section. To disable that, undefine
`_include_minidebuginfo`.
* To speed up debuggers, a `.gdb_index` section is created. It can be
disabled by undefining `_include_gdb_index`.
* Missing build IDs result in a build failure. To ignore such
problems, undefine `_missing_build_ids_terminate_build`.
* During processing, build IDs are recomputed to match the binary
content. To skip this step, define `_no_recompute_build_ids` as `1`.
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
(DWARF compression) processing. Undefine this macro to disable this
step.
* Additional options can be passed by defining the
`_find_debuginfo_opts` macro.
After separation of debugging information, additional transformations
are applied, most of them also related to debugging information.
These steps can be skipped by undefining the corresponding macros:
* `__brp_strip`: Removal of leftover debugging information. The tool
specified by the `__strip` macro is invoked with the `-g` option on
ELF object (`.o`) files.
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
processes static `.a` archives instead.
* `__brp_strip_comment_note`: This step removes unallocated `.note`
sections, and `.comment` sections from ELF files.
* `__brp_strip_lto`: This step removes GCC LTO intermediate representation
in ELF sections starting with `.gnu.lto_` and `.gnu.debuglto_`. Skipping
this step is strongly discouraged because the tight coupling of LTO
data with the GCC version. The underlying tool is again determined by the
`__strip` macro.
* `__brp_llvm_compile_lto_elf`: This step replaces LLVM bitcode files
with object files, thereby removing LLVM bitcode from the installed
files. This transformation is applied to object files in static `.a`
archives, too.
* `__brp_ldconfig`: For each shared object on the library search path
whose soname does not match its file name, a symbolic link from the
soname to the file name is created. This way, these shared objects
are loadable immediately after installation, even if they are not yet
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
invoked yet).
* `__brp_remove_la_files`: This step removes libtool-generated `.la`
files from the installed files.
# Individual compiler flags
Compiler flags end up in the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
The general (architecture-independent) build flags are:
* `-O2`: Turn on various GCC optimizations. See the
[GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
Optimization improves performance, the accuracy of warnings, and the
reach of toolchain-based hardening, but it makes debugging harder.
* `-g`: Generate debugging information (DWARF). In Fedora, this data
is separated into `-debuginfo` RPM packages whose installation is
optional, so debuging information does not increase the size of
installed binaries by default.
* `-pipe`: Run compiler and assembler in parallel and do not use a
temporary file for the assembler input. This can improve
compilation performance. (This does not affect code generation.)
* `-Wall`: Turn on various GCC warnings.
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
* `-Wno-complain-wrong-lang`: Do not warn about front end mismatches
(e.g, using `-Werror=format-security` with Fortran). Only included
in `%optflags`, and not the front-end-specific `%build_*` macros.
* `-Werror=format-security`: Turn on format string warnings and treat
them as errors.
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
This can occasionally result in compilation errors. In that case,
the best option is to rewrite the source code so that only constant
format strings (string literals) are used.
* Other `-Werror=` options. See **Controlling C Type Safety**.
* `-U_FORTIFY_SOURCE, -Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=3`:
See the Source Fortification section above and the `%_fortify_level`
override.
* `-fexceptions`: Provide exception unwinding support for C programs.
See the [`-fexceptions` option in the GCC
manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
and the [`cleanup` variable
attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
This also hardens cancellation handling in C programs because
it is not required to use an on-stack jump buffer to install
a cancellation handler with `pthread_cleanup_push`. It also makes
it possible to unwind the stack (using C++ `throw` or Rust panics)
from C callback functions if a C library supports non-local exits
from them (e.g., via `longjmp`).
* `-fasynchronous-unwind-tables`: Generate full unwind information
covering all program points. This is required for support of
asynchronous cancellation and proper unwinding from signal
handlers. It also makes performance and debugging tools more
useful because unwind information is available without having to
install (and load) debugging information. (Not enabled on armhfp
due to architectural differences in stack management.)
* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
C++ standard library, such as bounds checking for the subscription
operator on vectors. (This flag is added to both `CFLAGS` and
`CXXFLAGS`; C compilations will simply ignore it.)
* `-fstack-protector-strong`: Instrument functions to detect
stack-based buffer overflows before jumping to the return address on
the stack. The *strong* variant only performs the instrumentation
for functions whose stack frame contains addressable local
variables. (If the address of a variable is never taken, it is not
possible that a buffer overflow is caused by incorrect pointer
arithmetic involving a pointer to that variable.)
* `-fstack-clash-protection`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead.
This flag is currently not available on armhfp (both `gcc` and `clang`
toolchains) and on aarch64 with the `clang` toolchain.
* `-flto=auto`: Enable link-time optimization (LTO), using `make` job server
integration for parallel processing. (`gcc` toolchain only)
* `-ffat-lto-objects`: Generate EFL object files which contain both
object code and LTO intermediate representation. (`gcc` toolchain only)
* `-flto`: Enable link-time optimization. (`clang` toolchain only)
* `-grecord-gcc-switches`: Include select GCC command line switches in
the DWARF debugging information. This is useful for detecting the
presence of certain build flags and general hardening coverage.
* `-fcommon`: This optional flag is used to build legacy software
which relies on C tentative definitions. It is disabled by default.
For hardened builds (which are enabled by default, see above for how
to disable them), the flag
`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
command line. It adds the following flag to the command line:
* `-fPIE`: Compile for a position-independent executable (PIE),
enabling full address space layout randomization (ASLR). This is
similar to `-fPIC`, but avoids run-time indirections on certain
architectures, resulting in improved performance and slightly
smaller executables. However, compared to position-dependent code
(the default generated by GCC), there is still a measurable
performance impact.
If the command line also contains `-r` (producing a relocatable
object file), `-fpic` or `-fPIC`, this flag is automatically
dropped. (`-fPIE` can only be used for code which is linked into
the main program.) Code which goes into static libraries should be
compiled with `-fPIE`, except when this code is expected to be
linked into DSOs, when `-fPIC` must be used.
To be effective, `-fPIE` must be used with the `-pie` linker flag
when producing an executable, see below.
To support [binary watermarks for ELF
objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
added by default (with the `gcc` toolchain). This can be switched off
by undefining the `%_annotated_build` RPM macro (see above). Binary
watermarks are currently disabled on armhpf, and with the `clang`
toolchain.
If frame pointers are enabled by default (via `%_include_frame_pointers`),
the `-fno-omit-frame-pointer` will be added on all architectures except i686
and s390x. Additional flags will be added on specific architectures:
* `-mno-omit-leaf-frame-pointer` on x86_64 and aarch64
### Architecture-specific compiler flags
These compiler flags are enabled for all builds (hardened/annotated or
not), but their selection depends on the architecture:
* `-fcf-protection`: Instrument binaries to guard against
ROP/JOP exploitation techniques. Used on x86_64.
* `-mbranch-protection=standard`: Instrument binaries to guard against
ROP/JOP exploitation techniques. Used on aarch64.
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
the same compilation. For such architectures, the RPM build process
explicitly selects the architecture variant by passing this compiler
flag.
In addition, `redhat-rpm-config` re-selects the built-in default
tuning in the `gcc` package. These settings are:
* **armhfp**: `-march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard`
selects an Arm subarchitecture based on the ARMv7-A architecture
with 16 64-bit floating point registers. `-mtune=cortex-8a` selects
tuning for the Cortex-A8 implementation (while preserving
compatibility with other ARMv7-A implementations).
`-mabi=aapcs-linux` switches to the AAPCS ABI for GNU/Linux.
* **i686**: `-march=i686` is used to select a minmum support CPU level
of i686 (corresponding to the Pentium Pro). SSE2 support is enabled
with `-msse2` (so only CPUs with SSE2 support can run the compiled
code; SSE2 was introduced first with the Pentium 4).
`-mtune=generic` activates tuning for a current blend of CPUs (under
the assumption that most users of i686 packages obtain them through
an x86_64 installation on current hardware). `-mfpmath=sse`
instructs GCC to use the SSE2 unit for floating point math to avoid
excess precision issues. `-mstackrealign` avoids relying on the
stack alignment guaranteed by the current version of the i386 ABI.
* **ppc64le**: `-mcpu=power8 -mtune=power8` selects a minimum
supported CPU level of POWER8 (the first CPU with ppc64le support)
and tunes for POWER8.
* **s390x**: `-march=zEC12 -mtune=z13` specifies a minimum supported
CPU level of zEC12, while optimizing for a subsequent CPU generation
(z13).
* **x86_64**: `-mtune=generic` selects tuning which is expected to
beneficial for a broad range of current CPUs. Distribution-specific
defaults for `-march=x86-64-v2` or `-march=x86-64-v3` may be
applied. The default can be overriden (for any distribution)
by specifying `--target x86_64_v2`, `--target x86_64_v3`,
`--target x86_64_v4` in the `rpmbuild` invocation.
With the GCC toolchain, TLS descriptors are enabled using
`-mtls-dialect=gnu2`.
* **aarch64** does not have any architecture-specific tuning.
### Vala-specific compiler flags
* `-g`: causes valac to emit `#line` directives in the generated C
source code. This improves backtrace generation by causing gdb to
point to Vala source file and line number instead of the generated C
source when possible.
# Individual linker flags
Linker flags end up in the environment variable `LDFLAGS`.
The linker flags listed below are injected. Note that they are
prefixed with `-Wl` because it is expected that these flags are passed
to the compiler driver `gcc`, and not directly to the link editor
`ld`.
* `-z relro`: Activate the *read-only after relocation* feature.
Constant data and relocations are placed on separate pages, and the
dynamic linker is instructed to revoke write permissions after
dynamic linking. Full protection of relocation data requires the
`-z now` flag (see below).
* `--as-needed`: In the final link, only generate ELF dependencies
for shared objects that actually provide symbols required by the link.
Shared objects which are not needed to fulfill symbol dependencies
are essentially ignored due to this flag.
* `-z pack-relative-relocs`: Use the portable `DT_RELR` scheme for
relative relocations, resulting in reduced startup time compared to
legacy architecture-specific relocations. (`-z pack-relative-relocs`
is currently disabled on aarch64 and s390x due to toolchain limitations.)
* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
(optional, see above).
For hardened builds, some more linker options are added to the
compiler driver command line. These can be disabled by undefining the
`%_hardened_build` macro - see above.
* `-pie`: Produce a PIE binary. This is only activated for the main
executable, and only if it is dynamically linked. This requires
that all objects which are linked in the main executable have been
compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
By itself, `-pie` has only a slight performance impact because it
disables some link editor optimization, however the `-fPIE` compiler
flag has some overhead.
Note: this option is added via adding a spec file to the compiler
driver command line (`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld`)
rather than using the `-Wl` mechanism mentioned above. As a result
this option is only enabled if the compiler driver is gcc.
* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
linker feature. Lazy binding involves an array of function pointers
which is writable at run time (which could be overwritten as part of
security exploits, redirecting execution). Therefore, it is
preferable to turn of lazy binding, although it increases startup
time.
In addition hardened builds default to converting a couple of linker
warning messages into errors, because they represent potential
missed hardening opportunities, and warnings in the linker's output are
often ignored. This behaviour can be turned off by undefining the
`%_hardened_build` macro as mentioned above, or by undefining the
`%_hardened_linker_errors` macro. The linker options enabled by this
feature are:
* `--error-rwx-segments`: Generates an error if an output binary would
contain a loadable memory segment with read, write and execute
permissions. It will also generate an error if a thread local
storage (TLS) segment is created with execute permission. The
error can be disabled on an individual basis by adding the
`--no-warn-rwx-segments` option to the linker command line.
* `--error-execstack`: Generates an error if an output binary would
contain a stack that is held in memory with execute permission.
If a binary is being intentionally created with an executable stack
then the linker command line option `-z execstack` can be used to
indicate this.
Note: these options are added via a spec file on the compiler driver
command line (`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors`)
rather than using the `-Wl` mechanism mentioned above. As a result
these options are only enabled if the compiler driver is gcc. In
addition the spec file only adds the options if the `-fuse-ld=...`
option has not been enabled. This prevents the options from being
used when the gold or lld linkers are enabled.
# Support for extension builders
Some packages include extension builders that allow users to build
extension modules (which are usually written in C and C++) under the
control of a special-purpose build system. This is a common
functionality provided by scripting languages such as Python and Perl.
Traditionally, such extension builders captured the Fedora build flags
when these extension were built. However, these compiler flags are
adjusted for a specific Fedora release and toolchain version and
therefore do not work with a custom toolchain (e.g., different C/C++
compilers), and users might want to build their own extension modules
with such toolchains.
The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
flags that have been adjusted for compatibility with alternative
toolchains.
Currently the -fexceptions and -fcf-protection flags are preserved
for binary compatibility with the languages the extensions are
built against.
Extension builders should detect whether they are performing a regular
RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable). In this
case, they should use the *current* set of Fedora build flags (that
is, the output from `rpm --eval '%{build_cflags}'` and related
commands). Otherwise, when not performing an RPM build, they can
either use hard-coded extension builder flags (thus avoiding a
run-time dependency on `redhat-rpm-config`), or use the current
extension builder flags (with a run-time dependency on
`redhat-rpm-config`).
As a result, extension modules built for Fedora will use the official
Fedora build flags, while users will still be able to build their own
extension modules with custom toolchains.

294
common.lua Normal file
View File

@ -0,0 +1,294 @@
-- Convenience Lua functions that can be used within rpm macros
-- Reads an rpm variable. Unlike a basic rpm.expand("{?foo}"), returns nil if
-- the variable is unset, which is convenient in lua tests and enables
-- differentiating unset variables from variables set to ""
local function read(rpmvar)
if not rpmvar or
(rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
return nil
else
return rpm.expand("%{?" .. rpmvar .. "}")
end
end
-- Returns true if the macro that called this function had flag set
--  for example, hasflag("z") would give the following results:
-- %foo -z bar → true
-- %foo -z → true
-- %foo → false
local function hasflag(flag)
return (rpm.expand("%{-" .. flag .. "}") ~= "")
end
-- Returns the argument passed to flag in the macro that called this function
--  for example, readflag("z") would give the following results:
-- %foo -z bar → bar
-- %foo → nil
-- %foo -z "" → empty string
-- %foo -z '' → empty string
local function readflag(flag)
if not hasflag(flag) then
return nil
else
local a = rpm.expand("%{-" .. flag .. "*}")
-- Handle "" and '' as empty strings
if (a == '""') or (a == "''") then
a = ''
end
return a
end
end
-- Sets a spec variable; echoes the result if verbose
local function explicitset(rpmvar, value, verbose)
local value = value
if (value == nil) or (value == "") then
value = "%{nil}"
end
rpm.define(rpmvar .. " " .. value)
if verbose then
rpm.expand("%{warn:Setting %%{" .. rpmvar .. "} = " .. value .. "}")
end
end
-- Unsets a spec variable if it is defined; echoes the result if verbose
local function explicitunset(rpmvar, verbose)
if (rpm.expand("%{" .. rpmvar .. "}") ~= "%{" .. rpmvar .. "}") then
rpm.define(rpmvar .. " %{nil}")
if verbose then
rpm.expand("%{warn:Unsetting %%{" .. rpmvar .. "}}")
end
end
end
-- Sets a spec variable, if not already set; echoes the result if verbose
local function safeset(rpmvar, value, verbose)
if (rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
explicitset(rpmvar,value,verbose)
end
end
-- Aliases a list of rpm variables to the same variables suffixed with 0 (and
-- vice versa); echoes the result if verbose
local function zalias(rpmvars, verbose)
for _, sfx in ipairs({{"","0"},{"0",""}}) do
for _, rpmvar in ipairs(rpmvars) do
local toalias = "%{?" .. rpmvar .. sfx[1] .. "}"
if (rpm.expand(toalias) ~= "") then
safeset(rpmvar .. sfx[2], toalias, verbose)
end
end
end
end
-- Takes a list of rpm variable roots and a suffix and alias current<root> to
-- <root><suffix> if it resolves to something not empty
local function setcurrent(rpmvars, suffix, verbose)
for _, rpmvar in ipairs(rpmvars) do
if (rpm.expand("%{?" .. rpmvar .. suffix .. "}") ~= "") then
explicitset( "current" .. rpmvar, "%{" .. rpmvar .. suffix .. "}", verbose)
else
explicitunset("current" .. rpmvar, verbose)
end
end
end
-- Echo the list of rpm variables, with suffix, if set
local function echovars(rpmvars, suffix)
for _, rpmvar in ipairs(rpmvars) do
rpmvar = rpmvar .. suffix
local header = string.sub(" " .. rpmvar .. ": ",1,21)
rpm.expand("%{?" .. rpmvar .. ":%{echo:" .. header .. "%{?" .. rpmvar .. "}}}")
end
end
-- Returns an array, indexed by suffix, containing the non-empy values of
-- <rpmvar><suffix>, with suffix an integer string or the empty string
local function getsuffixed(rpmvar)
local suffixes = {}
zalias({rpmvar})
for suffix=0,9999 do
local value = rpm.expand("%{?" .. rpmvar .. suffix .. "}")
if (value ~= "") then
suffixes[tostring(suffix)] = value
end
end
-- rpm convention is to alias no suffix to zero suffix
-- only add no suffix if zero suffix is different
local value = rpm.expand("%{?" .. rpmvar .. "}")
if (value ~= "") and (value ~= suffixes["0"]) then
suffixes[""] = value
end
return suffixes
end
-- Returns the list of suffixes, including the empty string, for which
-- <rpmvar><suffix> is set to a non empty value
local function getsuffixes(rpmvar)
suffixes = {}
for suffix in pairs(getsuffixed(rpmvar)) do
table.insert(suffixes,suffix)
end
table.sort(suffixes,
function(a,b) return (tonumber(a) or 0) < (tonumber(b) or 0) end)
return suffixes
end
-- Returns the suffix for which <rpmvar><suffix> has a non-empty value that
-- matches best the beginning of the value string
local function getbestsuffix(rpmvar, value)
local best = nil
local currentmatch = ""
for suffix, setvalue in pairs(getsuffixed(rpmvar)) do
if (string.len(setvalue) > string.len(currentmatch)) and
(string.find(value, "^" .. setvalue)) then
currentmatch = setvalue
best = suffix
end
end
return best
end
-- %writevars core
local function writevars(macrofile, rpmvars)
for _, rpmvar in ipairs(rpmvars) do
print("sed -i 's\029" .. string.upper("@@" .. rpmvar .. "@@") ..
"\029" .. rpm.expand( "%{" .. rpmvar .. "}" ) ..
"\029g' " .. macrofile .. "\n")
end
end
-- https://github.com/rpm-software-management/rpm/issues/566
-- Reformat a text intended to be used used in a package description, removing
-- rpm macro generation artefacts.
-- remove leading and ending empty lines
-- trim intermediary empty lines to a single line
-- fold on spaces
-- Should really be a %%{wordwrap:…} verb
local function wordwrap(text)
text = rpm.expand(text .. "\n")
text = string.gsub(text, "\t", " ")
text = string.gsub(text, "\r", "\n")
text = string.gsub(text, " +\n", "\n")
text = string.gsub(text, "\n+\n", "\n\n")
text = string.gsub(text, "^\n", "")
text = string.gsub(text, "\n( *)[-*—][  ]+", "\n%1 ")
output = ""
for line in string.gmatch(text, "[^\n]*\n") do
local pos = 0
local advance = ""
for word in string.gmatch(line, "%s*[^%s]*\n?") do
local wl, bad = utf8.len(word)
if not wl then
print("%{warn:Invalid UTF-8 sequence detected in:}" ..
"%{warn:" .. word .. "}" ..
"%{warn:It may produce unexpected results.}")
wl = bad
end
if (pos == 0) then
advance, n = string.gsub(word, "^(%s* ).*", "%1")
if (n == 0) then
advance = string.gsub(word, "^(%s*).*", "%1")
end
advance = string.gsub(advance, " ", " ")
pos = pos + wl
elseif (pos + wl < 81) or
((pos + wl == 81) and string.match(word, "\n$")) then
pos = pos + wl
else
word = advance .. string.gsub(word, "^%s*", "")
output = output .. "\n"
pos = utf8.len(word)
end
output = output .. word
if pos > 80 then
pos = 0
if not string.match(word, "\n$") then
output = output .. "\n"
end
end
end
end
output = string.gsub(output, "\n*$", "\n")
return output
end
-- Because rpmbuild will fail if a subpackage is declared before the source
-- package itself, provide a source package declaration shell as fallback.
local function srcpkg(verbose)
if verbose then
rpm.expand([[
%{echo:Creating a header for the SRPM from %%{source_name}, %%{source_summary} and}
%{echo:%%{source_description}. If that is not the intended result, please declare the}
%{echo:SRPM header and set %%{source_name} in your spec file before calling a macro}
%{echo:that creates other package headers.}
]])
end
print(rpm.expand([[
Name: %{source_name}
Summary: %{source_summary}
%description
%wordwrap -v source_description
]]))
explicitset("currentname", "%{source_name}", verbose)
end
-- %new_package core
local function new_package(source_name, pkg_name, name_suffix, first, verbose)
-- Safety net when the wrapper is used in conjunction with traditional syntax
if (not first) and (not source_name) then
rpm.expand([[
%{warn:Something already set a package name. However, %%{source_name} is not set.}
%{warn:Please set %%{source_name} to the SRPM name to ensure reliable processing.}
]])
if name_suffix then
print(rpm.expand("%package " .. name_suffix))
else
print(rpm.expand("%package -n " .. pkg_name))
end
return
end
-- New processing
if not (pkg_name or name_suffix or source_name) then
rpm.expand([[
%{error:You need to set %%{source_name} or provide explicit package naming!}
]])
end
if name_suffix then
print(rpm.expand("%package " .. name_suffix))
explicitset("currentname", "%{source_name}-" .. name_suffix, verbose)
else
if not source_name then
source_name = pkg_name
end
if (pkg_name == source_name) then
safeset("source_name", source_name, verbose)
print(rpm.expand("Name: %{source_name}"))
else
if source_name and first then
srcpkg(verbose)
end
print(rpm.expand("%package -n " .. pkg_name))
end
explicitset("currentname", pkg_name, verbose)
end
end
return {
read = read,
hasflag = hasflag,
readflag = readflag,
explicitset = explicitset,
explicitunset = explicitunset,
safeset = safeset,
zalias = zalias,
setcurrent = setcurrent,
echovars = echovars,
getsuffixed = getsuffixed,
getsuffixes = getsuffixes,
getbestsuffix = getbestsuffix,
writevars = writevars,
wordwrap = wordwrap,
new_package = new_package,
}

1774
config.guess vendored Normal file

File diff suppressed because it is too large Load Diff

1907
config.sub vendored Normal file

File diff suppressed because it is too large Load Diff

View File

@ -25,7 +25,7 @@ function check_rhl {
}
function check_rhel {
egrep -q "(Enterprise|Advanced)" $RELEASEFILE && echo $DISTNUM
grep -Eq "(Enterprise|Advanced|CentOS)" $RELEASEFILE && echo $DISTNUM
}
function check_fedora {

View File

@ -30,7 +30,7 @@ done
is_kmod=1
for f in $filelist; do
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*).ko$:\2:p') ]
then
is_kernel=1;
fi

View File

@ -22,7 +22,7 @@ filelist=`sed "s/[]['\"*?{}]/\\\\\&/g"`
unset is_kmod
for f in $filelist; do
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*).ko$:\2:p') ]
then
is_kmod=1;
elif [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
@ -32,7 +32,8 @@ for f in $filelist; do
fi
done
[ -x /usr/lib/rpm/redhat/find-requires.ksyms ] && [ "$is_kmod" ] &&
printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-requires.ksyms
# Disabling for now while the Fedora kernel doesn't produce kABI deps.
#[ -x /usr/lib/rpm/redhat/find-requires.ksyms ] && [ "$is_kmod" ] &&
# printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-requires.ksyms
exit 0

View File

@ -5,7 +5,7 @@
# This material is provided as is, with absolutely no warranty expressed
# or implied. Any use is at your own risk.
#
# Permission is hereby granted to use or copy this shellscript
# Permission is hereby granted to use or copy this program
# for any purpose, provided the above notices are retained on all copies.
# Permission to modify the code and to distribute modified code is granted,
# provided the above notices are retained, and a notice that the code was

479
macros Normal file
View File

@ -0,0 +1,479 @@
# Per-platform rpm configuration file.
#==============================================================================
# ---- per-platform macros.
#
%_vendor redhat
%_os linux
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
#==============================================================================
# ---- configure macros. note that most of these are inherited
# from the defaults.
#
%_localstatedir /var
%_runstatedir /run
%_pkgdocdir %{_docdir}/%{name}
%_docdir_fmt %%{NAME}
%_fmoddir %{_libdir}/gfortran/modules
%source_date_epoch_from_changelog 1
%clamp_mtime_to_source_date_epoch %source_date_epoch_from_changelog
%_enable_debug_packages 1
%_include_minidebuginfo 1
%_include_gdb_index 1
%_debugsource_packages 1
%_debuginfo_subpackages 1
# GCC toolchain
%__cc_gcc gcc
%__cxx_gcc g++
%__cpp_gcc gcc -E
# Clang toolchain
%__cc_clang clang
%__cxx_clang clang++
%__cpp_clang clang-cpp
# Default to the GCC toolchain
%toolchain gcc
%__cc %{expand:%%{__cc_%{toolchain}}}
%__cxx %{expand:%%{__cxx_%{toolchain}}}
%__cpp %{expand:%%{__cpp_%{toolchain}}}
# Compiler macros to use for invoking compilers in spec files for packages that
# want to use the default compiler and don't care which compiler that is.
%build_cc %{__cc}
%build_cxx %{__cxx}
%build_cpp %{__cpp}
#==============================================================================
# ---- compiler flags.
# C compiler flags. This is traditionally called CFLAGS in makefiles.
# Historically also available as %%{optflags}, and %%build sets the
# environment variable RPM_OPT_FLAGS to this value.
%build_cflags %{__build_flags_lang_c} %{?_distro_extra_cflags}
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
%build_cxxflags %{__build_flags_lang_cxx} %{?_distro_extra_cxxflags}
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
# the corresponding variable names.
%build_fflags %{__build_flags_common} -I%{_fmoddir} %{?_distro_extra_fflags}
# Vala compiler flags. This is used to set VALAFLAGS.
%build_valaflags -g
# When clang is used as a linker driver, it does not auto-detect the LTO
# bytecode and neither does bfd, so we need to explicitly pass the -flto
# flag when linking.
%_clang_extra_ldflags %{?_lto_cflags}
# Link editor flags. This is usually called LDFLAGS in makefiles.
# (Some makefiles use LFLAGS instead.) The default value assumes that
# the flags, while intended for ld, are still passed through the gcc
# compiler driver. At the beginning of %%build, the environment
# variable RPM_LD_FLAGS to this value.
%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_ld_pack_relocs_flags} %{_hardened_ldflags} %{_annotation_ldflags} %[ "%{toolchain}" == "clang" ? "%{?_clang_extra_ldflags}" : "" ] %{_build_id_flags} %{?_package_note_flags} %{?_distro_extra_ldflags}
# Expands to shell code to set the compiler/linker environment
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, VALAFLAGS, LDFLAGS if they
# have not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
# been set implicitly at the start of the %%build section.
# LT_SYS_LIBRARY_PATH is used by libtool script.
# RUSTFLAGS is only set when %%{build_rustflags} is available.
%set_build_flags \
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
VALAFLAGS="${VALAFLAGS:-%{build_valaflags}}" ; export VALAFLAGS ;%{?build_rustflags:
RUSTFLAGS="${RUSTFLAGS:-%{build_rustflags}}" ; export RUSTFLAGS ;} \
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH ; \
CC="${CC:-%{__cc}}" ; export CC ; \
CXX="${CXX:-%{__cxx}}" ; export CXX
# Automatically use set_build_flags macro for build, check, and
# install phases.
# Use "%undefine _auto_set_build_flags" to disable"
%_auto_set_build_flags 1
%__spec_build_pre %{___build_pre} \
%{?_auto_set_build_flags:%{set_build_flags}} \
%{?_generate_package_note_file}
%__spec_check_pre %{___build_pre} \
%{?_auto_set_build_flags:%{set_build_flags}} \
%{?_generate_package_note_file}
# Internal-only. Do not use. Expand a variable and strip the flags
# not suitable to extension builders.
%__extension_strip_flags() %{lua:
--the only argument to this macro is the "name" of the flags we strip (e.g. cflags, ldflags, etc.)
local name = rpm.expand("%{1}")
--store all the individual flags in a variable as a continuous string
local flags = rpm.expand("%{build_" .. name .. "}")
--create an empty table for the minimal set of flags we wanna preserve
local stripped_flags = { }
--iterate over the individual flags and store the ones we want in the table as unique keys
for flag in flags:gmatch("%S+") do
if flag:find("^%-fexceptions") or flag:find("^%-fcf%-protection") then
stripped_flags[flag] = true end
end
--print out the finalized set of flags for use by the extension builders
for k,_ in pairs(stripped_flags) do print(k .. " ") end
}
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
# extension builders.
%extension_cflags %{__extension_strip_flags cflags}
%extension_cxxflags %{__extension_strip_flags cxxflags}
%extension_fflags %{__extension_strip_flags fflags}
%extension_ldflags %{__extension_strip_flags ldflags}
# Deprecated names. For backwards compatibility only.
%__global_cflags %{build_cflags}
%__global_cxxflags %{build_cxxflags}
%__global_fflags %{build_fflags}
%__global_fcflags %{build_fflags}
%__global_ldflags %{build_ldflags}
# Architecture-specific support. Internal. Do not use directly.
%__cflags_arch_x86_64_level %[0%{?rhel} == 9 ? "-v2" : ""]%[0%{?rhel} > 9 ? "-v3" : ""]
%__cflags_arch_x86_64 -march=x86-64%{?__cflags_arch_x86_64_level:%{__cflags_arch_x86_64_level}}
# -mtls-dialect=gnu2 is currently specific to GCC (#2263181).
%__cflags_arch_x86_64_common -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection %[ "%{toolchain}" == "gcc" ? "-mtls-dialect=gnu2 " : "" ]%{_frame_pointers_cflags} %{_frame_pointers_cflags_x86_64}
# Also used for s390.
%__cflags_arch_s390x %[0%{?rhel} >= 9 ? "-march=z14 -mtune=z15" : "-march=z13 -mtune=z14"]
%__cflags_arch_ppc64le %[0%{?rhel} >= 9 ? "-mcpu=power9 -mtune=power9" : "-mcpu=power8 -mtune=power8"]
#==============================================================================
# ---- configure and makeinstall.
#
%_configure_gnuconfig_hack 1
%_configure_libtool_hardening_hack 1
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
# to be added to the list of options passed to the configure script.
# Eventually we'll want to turn this on by default, but this gives packagers a
# way to turn it back off.
# %_configure_disable_silent_rules 1
# Pass --runstatedir to configure.
%_configure_use_runstatedir 1
# This fixes various easy resolved configure tests that are compromised by LTO.
#
# We use this within the standard %configure macro, but also make it available
# for packages which don't use %configure
#
# The first three are common ways to test for the existence of a function, so
# we ensure the reference to the function is preserved
#
# The fourth are constants used to then try to generate NaNs and other key
# floating point numbers. We then use those special FP numbers to try and
# raise a SIGFPE. By declaring x & y volatile we prevent the optimizers
# from removing the computation
#
# The fifth (and worst) addresses problems with autoconf/libtool's approach
# to extracting symbols from .o files and generating C code. In an LTO world
# types matter much more closely and you can't have an object in one context
# that is a function definition and a simple scalar variable in another.
# Thankfully HP-UX has always had that restriction and is supported by
# autoconf/libtool. The insane sed script replaces the "generic" code with
# the HP-UX version.
#
# If we do not make changes, we put the original file back. This avoids
# unnecessary rebuilds of things that may have dependencies on the configure
# files.
#
%_fix_broken_configure_for_lto \
for file in $(find . -type f -name configure -print); do \
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\) = /__attribute__ ((used)) char (*f) () = /g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\);/__attribute__ ((used)) char (*f) ();/g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} -r --in-place=.backup 's/^char \\$2 \\(\\);/__attribute__ ((used)) char \\$2 ();/g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} --in-place=.backup '1{$!N;$!N};$!N;s/int x = 1;\\nint y = 0;\\nint z;\\nint nan;/volatile int x = 1; volatile int y = 0; volatile int z, nan;/;P;D' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} --in-place=.backup 's#^lt_cv_sys_global_symbol_to_cdecl=.*#lt_cv_sys_global_symbol_to_cdecl="sed -n -e '"'"'s/^T .* \\\\(.*\\\\)$/extern int \\\\1();/p'"'"' -e '"'"'s/^$symcode* .* \\\\(.*\\\\)$/extern char \\\\1;/p'"'"'"#' $file; \
diff -u $file.backup $file && mv $file.backup $file \
done
%configure \
%{set_build_flags}; \
[ "%{_lto_cflags}"x != x ] && %{_fix_broken_configure_for_lto}; \
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
done ; \
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
for i in $(find . -name ltmain.sh) ; do \
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
done ; \
%{_configure} --build=%{_build} --host=%{_host} \\\
--program-prefix=%{?_program_prefix} \\\
--disable-dependency-tracking \\\
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
--prefix=%{_prefix} \\\
--exec-prefix=%{_exec_prefix} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--sysconfdir=%{_sysconfdir} \\\
--datadir=%{_datadir} \\\
--includedir=%{_includedir} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--localstatedir=%{_localstatedir} \\\
%{?_configure_use_runstatedir:$(grep -q "runstatedir=DIR" %{_configure} && echo '--runstatedir=%{_runstatedir}')} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir}
#==============================================================================
# ---- Build policy macros.
#
#
#---------------------------------------------------------------------
# Expanded at beginning of %install scriptlet.
#
%__spec_install_pre %{___build_pre}\
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
mkdir -p "`dirname "$RPM_BUILD_ROOT"`"\
mkdir "$RPM_BUILD_ROOT"\
%{?_auto_set_build_flags:%{set_build_flags}}\
%{nil}
#---------------------------------------------------------------------
# Expanded at end of %install scriptlet.
#
%__arch_install_post /usr/lib/rpm/check-buildroot
# Build root policy macros. Standard naming:
# convert all '-' in basename to '_', add two leading underscores.
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
%__brp_compress /usr/lib/rpm/brp-compress
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
%__brp_check_rpaths /usr/lib/rpm/check-rpaths
# __brp_mangle_shebangs_exclude - shebangs to exclude
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
# __brp_mangle_shebangs_exclude_from - files to ignore
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
%__brp_mangle_shebangs /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
%__brp_llvm_compile_lto_elf /usr/lib/rpm/redhat/brp-llvm-compile-lto-elf %{build_cflags} %{build_ldflags}
# note: %%__os_install_post_python is defined in python-srpm-macros and contains several policies
# redhat-rpm-config maintainers, don't remove it from %%__os_install_post unless coordinating the change with Python maintainers
# packagers, don't undefine the entire macro, see the individual macros in /usr/lib/rpm/macros.d/macros.python-srpm
%__os_install_post \
%{?__brp_ldconfig} \
%{?__brp_compress} \
%{!?__debug_package:\
%{?__brp_strip} \
%{?__brp_strip_comment_note} \
} \
%{?__brp_strip_lto} \
%{?__brp_strip_static_archive} \
%{?__brp_check_rpaths} \
%{?__brp_mangle_shebangs} \
%{?__brp_remove_la_files} \
%{__os_install_post_python} \
%{nil}
%__spec_install_post\
%[ "%{toolchain}" == "clang" ? "%{?__brp_llvm_compile_lto_elf}" : "%{nil}" ] \
%{?__debug_package:%{__debug_install_post}}\
%{__arch_install_post}\
%{__os_install_post}\
%{nil}
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
%%install\
%{nil}
#
# Should missing buildids terminate a build?
%_missing_build_ids_terminate_build 1
# Use SHA-256 for FILEDIGESTS instead of default MD5
%_source_filedigest_algorithm 8
%_binary_filedigest_algorithm 8
# Use Zstandard compression for binary payloads
%_binary_payload w19.zstdio
#==============================================================================
# --- Compiler flags control.
#
# Please consult buildflags.md for parts that can be configured
# from RPM spec files.
%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
%_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg
%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} -fstack-protector-strong
# Have the linker generate errors instead of warnings for binaries that
# contain memory regions with both write and execute permissions.
# https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues
%_hardening_linker_errors %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors" : "" ]
%_hardened_linker_errors 1
# we don't escape symbols '~', '"', etc. so be careful when changing this
%_hardening_gcc_ldflags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
%_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg
%_hardening_ldflags -Wl,-z,now %{expand:%%{_hardening_%{toolchain}_ldflags}}
# Harden packages by default for Fedora 23+:
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
# Use "%undefine _hardened_build" to disable.
%_hardened_build 1
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
# Add extra information to binary objects created by the compiler:
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
# ...except on armv7hl, which has an issue whose root-cause isn't
# clear yet: https://bugzilla.redhat.com/show_bug.cgi?id=1951492
# Use "%undefine _annotated_build" to disable.
%_annotated_build 1
%_annobin_gcc_plugin -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
# The annobin plugin is not built for clang yet
%_annobin_clang_plugin %dnl-fplugin=/usr/lib64/clang/`clang -dumpversion`/lib/annobin.so
%_annotation_plugin %{?_annotated_build:%{expand:%%{_annobin_%{toolchain}_plugin}}}
%_annotation_cflags %[ "%{_target_cpu}" == "armv7hl" ? "" : "%{_annotation_plugin}" ]
%_annotation_ldflags %{?_lto_cflags:%{_annotation_cflags}}
# Use the remove-section option to force the find-debuginfo script
# to move the annobin notes into the separate debuginfo file.
%_find_debuginfo_extra_opts %{?_annotated_build:--remove-section .gnu.build.attributes}
# Include frame pointer information by default, except on RHEL 10 and earlier
# On RHEL 11, we are enabling it for now, with the possibility of revoking it
# at a later date.
# https://fedoraproject.org/wiki/Changes/fno-omit-frame-pointer
# Use "%undefine _include_frame_pointers" to disable.
%_include_frame_pointers %{undefined rhel} || 0%{?rhel} >= 11
%_frame_pointers_cflags %{expr:0%{?_include_frame_pointers} ? "-fno-omit-frame-pointer" : ""}
%_frame_pointers_cflags_x86_64 %{expr:0%{?_include_frame_pointers} ? "-mno-omit-leaf-frame-pointer" : ""}
%_frame_pointers_cflags_aarch64 %{expr:0%{?_include_frame_pointers} ? "-mno-omit-leaf-frame-pointer" : ""}
%_frame_pointers_cflags_s390x %{expr:0%{?_include_frame_pointers} ? "-mbackchain" : ""}
# Fail linking if there are undefined symbols. Required for proper
# ELF symbol versioning support. Disabled by default.
# Use "%define _ld_strict_symbol_defs 1" to enable.
#%_ld_strict_symbol_defs 1
%_ld_symbols_flags %{?_ld_strict_symbol_defs:-Wl,-z,defs}
# https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
# use "%undefine _ld_as_needed" to disable.
%_ld_as_needed 1
%_ld_as_needed_flags %{?_ld_as_needed:-Wl,--as-needed}
# aarch64 and s390x currently do not support packed relocations.
%_ld_pack_relocs %[ "%{_arch}" == "x86_64" || "%{_arch}" == "i386" || "%{_arch}" == "ppc64le" || "%{_arch}" == "aarch64" ]
%_ld_pack_relocs_flags %[0%{?_ld_pack_relocs} ? "-Wl,-z,pack-relative-relocs" : ""]
# LTO is the default in Fedora.
# "%define _lto_cflags %{nil}" to opt out
#
# We currently have -ffat-lto-objects turned on out of an abundance of
# caution. To remove it we need to do a check of the installed .o/.a files
# to verify they have real sections/symbols after LTO stripping. That
# way we can detect installing an unusable .o/.a file. This is on the TODO
# list for F34.
%_gcc_lto_cflags -flto=auto -ffat-lto-objects
%_clang_lto_cflags -flto=thin
%_lto_cflags %{expand:%%{_%{toolchain}_lto_cflags}}
# Default fortification level.
# "%define _fortify_level 2" to downgrade and
# "%define _fortify_level 0" or "%undefine _fortify_level" to disable
#
# We use a single -Wp here to enforce order so that ccache does not ever
# reorder them.
%_fortify_level 3
%_fortify_level_flags %[ 0%{?_fortify_level} > 0 ? "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=%{_fortify_level}" : "" ]
# This can be set to a positive integer to obtain increasing type
# safety levels for C. See buildflags.md.
%build_type_safety_c 3
# Some linkers default to a build-id algorithm that is not supported by rpmbuild,
# so we need to specify the right algorithm to use.
%_build_id_flags -Wl,--build-id=sha1
%_general_options -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
%_warning_options -Wall%[%__build_for_lang_any && "%toolchain" == "gcc" ? " -Wno-complain-wrong-lang" : ""]%[%__build_for_lang_c + %__build_for_lang_cxx ? " -Werror=format-security" : ""]%[%__build_for_lang_c && (%build_type_safety_c == 0) ? " -fpermissive" : ""]%[%__build_for_lang_c && (%build_type_safety_c == 1) ? " -Wno-error=int-conversion" : ""]%[%__build_for_lang_c && (%build_type_safety_c > 0 && %build_type_safety_c < 3) ? " -Wno-error=incompatible-pointer-types" : ""]
%_preprocessor_defines %{_fortify_level_flags} -Wp,-D_GLIBCXX_ASSERTIONS
# Common variables are no longer generated by default by gcc and clang
# If they are needed then add "%define _legacy_common_support 1" to the spec file.
%_legacy_options %{?_legacy_common_support: -fcommon}
%__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} %{_annotation_cflags} %{_legacy_options}
# Internal macros. Do not use directly. These variables can be rebound
# to suppress certain frontend-specific compiler flags (or in the case
# of __build_for_lang_any, frontend-agnostic flags). Dynamic scoping
# and shadowing redefinitions are used for the __build_for_* variables
# to remain largely compatible with existing spec files that have
# hard-coded assumptions which macros assume which other macros.
# The __build_flags_no_macro_warning construct suppresses a warning
# about unused RPM macros.
%__build_for_lang_c 1
%__build_for_lang_cxx 1
%__build_for_lang_any 1
%__build_flags_no_macro_warning %[%__build_for_lang_c + %__build_for_lang_cxx + %__build_for_lang_any ? "" : ""]
%__build_flags_common() %{expand:%define __build_for_lang_c 0}%{expand:%define __build_for_lang_cxx 0}%{expand:%define __build_for_lang_any 0}%{__build_flags_no_macro_warning}%{optflags}
%__build_flags_lang_c() %{expand:%define __build_for_lang_cxx 0}%{expand:%define __build_for_lang_any 0}%{__build_flags_no_macro_warning}%{optflags}
%__build_flags_lang_cxx() %{expand:%define __build_for_lang_c 0}%{expand:%define __build_for_lang_any 0}%{__build_flags_no_macro_warning}%{optflags}
# Automatically trim changelog entries after 2 years
%_changelog_trimage %{expr:2*365*24*60*60}
#==============================================================================
# ---- Generic auto req/prov filtering macros
#
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
# prevent anything matching from being scanned for provides
%filter_provides_in(P) %{expand: \
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
}
# prevent anything matching from being scanned for requires
%filter_requires_in(P) %{expand: \
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
}
# filter anything matching out of the provides stream
%filter_from_provides() %{expand: \
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
}
# filter anything matching out of the requires stream
%filter_from_requires() %{expand: \
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
}
# actually set up the filtering bits
%filter_setup %{expand: \
%global _use_internal_dependency_generator 0 \
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
}

103
macros.build-constraints Normal file
View File

@ -0,0 +1,103 @@
# Macros to constrain resource use during the build process
# Changes _smp_build_ncpus depending on various factors
#
# -c cpus constrains the CPU count to "cpus"
# -m mem constrains the CPU count to the total amount of memory in the system
# (in megabytes) divided by "mem", rounded down
#
# If no options are passed, sets _smp_build_ncpus to 1.
# _smp_build_ncpus will never be raised, only lowered.
%constrain_build(c:m:) %{lua:
-- Check a value and clamp it to at least 1
local function check_and_clamp(v, string)
if v == nil then return nil end
i = math.tointeger(v)
if i == nil then
macros.error({"%%%0: invalid "..string.." value "..v})
return nil
end
local clamp = math.max(1, math.floor(i))
if i ~= clamp then
macros.error({"%%%0: invalid "..string.." value "..v})
return nil
end
return clamp
end
-- Parse meminfo to find the total amount of memory in the system
local function getmem()
local mem = 0
for l in io.lines('/proc/meminfo') do
if l:sub(1, 9) == "MemTotal:" then
mem = math.tointeger(string.match(l, "MemTotal:%s+(%d+)"))
break
end
end
return mem
end
local mem_limit = check_and_clamp(opt.m, "mem limit")
local cpu_limit = check_and_clamp(opt.c, "cpu limit")
local current_cpus = math.tointeger(macros._smp_build_ncpus)
local constrained_cpus = current_cpus
if (not cpu_limit and not mem_limit) then
cpu_limit = 1
end
if cpu_limit ~= nil then
constrained_cpus = math.min(cpu_limit, constrained_cpus)
end
if mem_limit ~= nil then
local mem_total = getmem(verbose)
local limit = math.max(1, mem_total // (mem_limit * 1024))
constrained_cpus = math.min(constrained_cpus, limit)
end
macros._smp_build_ncpus = constrained_cpus
}
# outputs build flag overrides to be used in conjunction with
# %%make_build, %%cmake_build etc.
#
# if no override is needed, this macro outputs nothing
#
# - m memory limit in MBs per core; default is 1024
#
# Usage:
# e.g. %make_build %{limit_build -m 2048}
# => /usr/bin/make -O -j16 V=1 VERBOSE=1
# %make_build %{limit_build -m 40960}
# => /usr/bin/make -O -j16 V=1 VERBOSE=1 -j1
#
%limit_build(m:) %{lua:
local mem_per_process=rpm.expand("%{-m*}")
if mem_per_process == "" then
mem_per_process = 1024
else
mem_per_process = tonumber(mem_per_process)
end
local mem_total = 0
for line in io.lines('/proc/meminfo') do
if line:sub(1, 9) == "MemTotal:" then
local tokens = {}
for token in line:gmatch("%w+") do
tokens[#tokens + 1] = token
end
mem_total = tonumber(tokens[2])
break
end
end
local max_jobs = mem_total // (mem_per_process * 1024)
if max_jobs < 1 then
max_jobs = 1
end
cur_max_jobs=tonumber(rpm.expand("%{_smp_build_ncpus}"))
if cur_max_jobs > max_jobs then
print("-j" .. max_jobs)
end
}

63
macros.fedora-misc Normal file
View File

@ -0,0 +1,63 @@
# Fedora macros, safe to use after the SRPM build stage
# Lists files matching inclusion globs, excluding files matching exclusion
# globs
#  globs are space-separated lists of shell globs. Such lists require
# %{quote:} use when passed as rpm arguments or flags.
# Control variables, flags and arguments:
# %{listfiles_include} inclusion globs
# %{listfiles_exclude} exclusion globs
# -i <globs> inclusion globs
# -x <globs> exclusion globs
# … arguments passed to the macro without flags will be
# interpreted as inclusion globs
%listfiles(i:x:) %{expand:
%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
%if %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
while IFS= read -r finc ; do
realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
| sort -u | grep -q "${finc}" || echo "${finc}"
done <<< "${listfiles_include}"
%else
echo "${listfiles_include}"
%endif
%endif
}
# https://github.com/rpm-software-management/rpm/issues/581
# Writes the contents of a list of rpm variables to a macro file
# Control variables, flags and arguments:
# -f <filename> the macro file to process:
#  it must contain corresponding anchors
# for example %writevars -f myfile foo bar will replace:
# @@FOO@@ with the rpm evaluation of %{foo} and
# @@BAR@@ with the rpm evaluation of %{bar}
# in myfile
%writevars(f:) %{lua:
local fedora = require "fedora.common"
local macrofile = rpm.expand("%{-f*}")
local rpmvars = {}
for i = 1, rpm.expand("%#") do
table.insert(rpmvars, rpm.expand("%" .. i))
end
fedora.writevars(macrofile,rpmvars)
}
# gpgverify verifies signed sources. There is documentation in the script.
%gpgverify(k:s:d:) %{lua:
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
local keyring = rpm.expand("%{-k*}")
local signature = rpm.expand("%{-s*}")
local data = rpm.expand("%{-d*}")
print(script)
if keyring ~= "" then
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
end
if signature ~= "" then
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
end
if data ~= "" then
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
end
}

43
macros.fedora-misc-srpm Normal file
View File

@ -0,0 +1,43 @@
# Fedora macros, safe to use at SRPM build stage
# A directory for rpm macros
%rpmmacrodir /usr/lib/rpm/macros.d
# A directory for appdata metainfo. This has changed between releases so a
# macro is useful.
%_metainfodir %{_datadir}/metainfo
# A directory for SWID tag files describing the installation
%_swidtagdir %{_prefix}/lib/swidtag/fedoraproject.org
# Applies the fedora.wordwrap filter to the content of an rpm variable, and
# prints the result.
#  putting multiple lines of UTF-8 text inside a variable is usually
# accomplished with %{expand:some_text}
# Control variables, flags and arguments:
# -v <variable_name> (default value: _description)
%wordwrap(v:) %{lua:
local fedora = require "fedora.common"
local variable = "%{?" .. rpm.expand("%{-v*}%{!-v:_description}") .. "}"
print(fedora.wordwrap(variable))
}
# A single Name: and %package substitute
# Control variables, flags and arguments:
# %{source_name} the SRPM name
# %{source_summary} the SRPM summary
# %{source_description} the SRPM description
# -n <name> declare a package named <name>
# (%package-like behavior)
# -v be verbose
# %1 declare a package named %{source_name}-%{%1}
# (%package-like behavior)
%new_package(n:v) %{lua:
local fedora = require "fedora.common"
local pkg_name = fedora.readflag("n")
local verbose = fedora.hasflag("v")
local name_suffix = fedora.read("1")
local source_name = fedora.read("source_name")
local first = not ( fedora.read("name") or fedora.read("currentname") )
fedora.new_package(source_name, pkg_name, name_suffix, first, verbose)
}

2
macros.gap-srpm Normal file
View File

@ -0,0 +1,2 @@
# Arches that GAP runs on
%gap_arches aarch64 ppc64le s390x x86_64

2
macros.java-srpm Normal file
View File

@ -0,0 +1,2 @@
# Arches that OpenJDK and dependent packages run on
%java_arches aarch64 ppc64le s390x x86_64

2
macros.ldc-srpm Normal file
View File

@ -0,0 +1,2 @@
# arches that ldc builds on
%ldc_arches %{ix86} x86_64 %{arm} aarch64

16
macros.rpmautospec Normal file
View File

@ -0,0 +1,16 @@
%autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = tonumber(rpm.expand("%{?_rpmautospec_release_number}%{!?_rpmautospec_release_number:1}"));
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
%autochangelog %{lua:
locale = os.setlocale(nil)
os.setlocale("C.utf8")
date = os.date("%a %b %d %Y")
os.setlocale(locale)
packager = rpm.expand("%{?packager}%{!?packager:John Doe <packager@example.com>}")
evr = rpm.expand("%{?epoch:%{epoch}:}%{version}-%{release}")
print("* " .. date .. " " .. packager .. " - " .. evr .. "\\n")
print("- local build")
}

3
macros.shell-completions Normal file
View File

@ -0,0 +1,3 @@
%bash_completions_dir %{_datadir}/bash-completion/completions
%zsh_completions_dir %{_datadir}/zsh/site-functions
%fish_completions_dir %{_datadir}/fish/vendor_completions.d

3
macros.valgrind-srpm Normal file
View File

@ -0,0 +1,3 @@
# valgrind_arches lists what arches Valgrind works on
%valgrind_arches %{ix86} x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64

View File

@ -4,4 +4,4 @@
%_vpath_srcdir .
# directory (doesn't need to exist) where all generated build files will be placed
%_vpath_builddir %_target_platform
%_vpath_builddir %{_vendor}-%{_target_os}-build

View File

@ -1,2 +1,3 @@
*cc1_options:
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}

View File

@ -1,2 +1,3 @@
*cc1_options:
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}

View File

@ -1,2 +1,3 @@
*cc1_options:
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=gcc-annobin}

5
redhat-hardened-cc1 Normal file
View File

@ -0,0 +1,5 @@
*cc1_options:
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}
*cpp_options:
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}

View File

@ -0,0 +1 @@
-pie

View File

@ -0,0 +1 @@
-fPIE

View File

@ -0,0 +1,2 @@
*self_spec:
+ %{!fuse-ld*:%{!r:-Wl,--error-rwx-segments -Wl,--error-execstack}}

View File

@ -1,35 +1,36 @@
# TO WHOM IT MAY CONCERN
#
# 1) Don't add patches, dist-git is the upstream repository for this package.
# 2) When making changes, update version by +1, leave release alone.
#
# 2) When making changes, increment the version (in baserelease) by 1.
# rpmdev-bumpspec and other tools update the macro below, which is used
# in Version: to get the desired effect.
%global baserelease 285
Summary: Red Hat specific rpm configuration files
Name: redhat-rpm-config
Version: 131
Version: %{baserelease}
Release: 1%{?dist}
# No version specified.
License: GPL+
Group: Development/System
# config.guess, config.sub are GPL-3.0-or-later WITH Autoconf-exception-generic
License: GPL-1.0-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic AND Boehm-GC
URL: https://src.fedoraproject.org/rpms/redhat-rpm-config
# Core rpm settings
Source0: macros
Source1: rpmrc
# kabi provides generator
Source20: kabi.attr
Source21: kabi.sh
# gcc specs files for hardened builds
Source50: redhat-hardened-cc1
Source51: redhat-hardened-ld
Source52: redhat-hardened-ld-errors
# clang config spec files
Source53: redhat-hardened-clang.cfg
Source54: redhat-hardened-clang-ld.cfg
# gcc specs files for annobin builds
Source52: redhat-annobin-cc1
Source53: redhat-annobin-select-gcc-built-plugin
Source54: redhat-annobin-select-annobin-built-plugin
Source55: redhat-annobin-plugin-select.sh
Source60: redhat-annobin-cc1
Source61: redhat-annobin-select-gcc-built-plugin
Source62: redhat-annobin-select-annobin-built-plugin
Source63: redhat-annobin-plugin-select.sh
# The macros defined by these files are for things that need to be defined
# at srpm creation time when it is not feasible to require the base packages
@ -41,15 +42,17 @@ Source102: macros.mono-srpm
Source103: macros.nodejs-srpm
Source104: macros.ldc-srpm
Source105: macros.valgrind-srpm
Source106: macros.java-srpm
Source107: macros.gap-srpm
# Other misc macros
Source150: macros.dwz
Source151: macros.kmp
Source152: macros.vpath
Source153: macros.forge
Source154: macros.ldconfig
Source155: macros.kernel-srpm
Source156: macros.fedora-misc
Source150: macros.build-constraints
Source151: macros.dwz
Source152: macros.fedora-misc
Source155: macros.ldconfig
Source156: macros.vpath
Source157: macros.shell-completions
Source158: macros.rpmautospec
# Build policy scripts
# this comes from https://github.com/rpm-software-management/rpm/pull/344
@ -57,34 +60,30 @@ Source156: macros.fedora-misc
# and an echo when the mangling happens
Source201: brp-mangle-shebangs
# for converting llvm LTO bitcode objects into ELF
Source204: brp-llvm-compile-lto-elf
# Dependency generator scripts (deprecated)
Source300: find-provides
Source301: find-provides.ksyms
Source304: find-requires
Source305: find-requires.ksyms
Source308: firmware.prov
Source309: modalias.prov
# Misc helper scripts
Source400: dist.sh
Source401: rpmsort
Source402: symset-table
Source403: kmodtool
Source404: gpgverify
# 2016-10-02 snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
Source500: config.guess
Source501: config.sub
# Snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
Source500: https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
Source501: https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
# Dependency generators & their rules
Source600: kmod.attr
Source601: kmod.prov
Source602: libsymlink.attr
# BRPs
Source700: brp-ldconfig
Source701: brp-kmod-set-exec-bit
Source702: brp-kmod-restore-perms
Source701: brp-strip-lto
# Convenience lua functions
Source800: common.lua
# Documentation
Source900: buildflags.md
@ -94,20 +93,36 @@ BuildRequires: perl-generators
Requires: coreutils
Requires: efi-srpm-macros
Requires: ghc-srpm-macros
Requires: fonts-srpm-macros
# ↓ Provides macros.forge and forge.lua originally shipped by us
Requires: forge-srpm-macros
Requires: go-srpm-macros
# ↓ Provides kmod.attr originally shipped by us
Requires: kernel-srpm-macros >= 1.0-12
Requires: lua-srpm-macros
Requires: ocaml-srpm-macros
Requires: openblas-srpm-macros
Requires: perl-srpm-macros
Requires: python-srpm-macros
Requires: python3-rpm-macros
# ↓ Has Python BRPs originaly present in redhat-rpm-config
Requires: python-srpm-macros >= 3.11-7
Requires: qt6-srpm-macros
Requires: rust-srpm-macros
Requires: package-notes-srpm-macros
Requires: pyproject-srpm-macros
%if ! 0%{?rhel}
Requires: ansible-srpm-macros
Requires: fpc-srpm-macros
Requires: ghc-srpm-macros
Requires: gnat-srpm-macros
Requires: qt5-srpm-macros
Requires: zig-srpm-macros
%endif
Requires: rpm >= 4.11.0
Requires: dwz >= 0.4
Requires: zip
Requires: (annobin if gcc)
Requires: (annobin-plugin-gcc if gcc)
Requires: (gcc-plugin-annobin if gcc)
# for brp-mangle-shebangs
@ -117,13 +132,15 @@ Requires: %{_bindir}/grep
Requires: %{_bindir}/sed
Requires: %{_bindir}/xargs
# iconv modules have been split out of glibc into a separate package (#1971664)
# so let's ensure packages that require them at build time but haven't yet
# added an explicit BuildRequires will continue to work (#2013328)
Requires: glibc-gconv-extra
# for brp-llvm-compile-lto-elf
Requires: (llvm if clang)
Requires: (gawk if clang)
# -fstack-clash-protection and -fcf-protection require GCC 8.
Conflicts: gcc < 8
Conflicts: gcc < 8.0.1-0.22
# Replaced by macros.rpmautospec shipped by us
Obsoletes: rpmautospec-rpm-macros < 0.6.3-2
Provides: system-rpm-config = %{version}-%{release}
@ -132,16 +149,6 @@ Provides: system-rpm-config = %{version}-%{release}
%description
Red Hat specific rpm configuration files.
%package -n kernel-rpm-macros
Summary: Macros and scripts for building kernel module packages.
Requires: redhat-rpm-config >= 13
# for brp-kmod-set-exec-bit
Requires: %{_bindir}/find
%description -n kernel-rpm-macros
Macros and scripts for building kernel module packages.
%prep
# Not strictly necessary but allows working on file names instead
# of source numbers in install section
@ -154,13 +161,12 @@ install -p -m 644 -t %{buildroot}%{rrcdir} macros rpmrc
install -p -m 444 -t %{buildroot}%{rrcdir} redhat-hardened-*
install -p -m 444 -t %{buildroot}%{rrcdir} redhat-annobin-*
install -p -m 755 -t %{buildroot}%{rrcdir} config.*
install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh rpmsort symset-table kmodtool
install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh
install -p -m 755 -t %{buildroot}%{rrcdir} gpgverify
install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
install -p -m 755 -t %{buildroot}%{rrcdir} find-*
mkdir -p %{buildroot}%{rrcdir}/find-provides.d
install -p -m 755 -t %{buildroot}%{rrcdir}/find-provides.d firmware.prov modalias.prov
install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
@ -169,18 +175,13 @@ install -p -m 644 -t %{buildroot}%{_rpmconfigdir}/macros.d macros.*
mkdir -p %{buildroot}%{_fileattrsdir}
install -p -m 644 -t %{buildroot}%{_fileattrsdir} *.attr
install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov
install -p -m 644 %{SOURCE20} %{buildroot}%{_fileattrsdir}/kabi.attr
install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
mkdir -p %{buildroot}%{_rpmluadir}/fedora/{rpm,srpm}
install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
# This trigger is used to decide which version of the annobin plugin for gcc
# should be used. See comments in the script for full details.
#
# Note: for RHEL the rpm containing the annobin built plugin is called
# "annobin", whereas in Fedora it is called "annobin-plugin-gcc". This is
# for historical reasons and will change with the introduction of RHEL-10.
#
# Note - whilst "gcc-plugin-annobin" requires "gcc" and hence in theory we
# do not need to trigger on "gcc", the redhat-annobin-plugin-select.sh
# script invokes gcc to determine the version of the gcc plugin, and this
@ -210,15 +211,16 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
#
# Hence it is necessary to trigger on both gcc and gcc-plugin-annobin.
%triggerin -- annobin gcc-plugin-annobin gcc
%triggerin -- annobin-plugin-gcc gcc-plugin-annobin gcc
%{rrcdir}/redhat-annobin-plugin-select.sh
%end
# We also trigger when an annobin plugin is uninstalled. This allows us to switch
# over to the other version of the plugin. It does not matter if
# gcc is uninstalled, since if that happens the plugin cannot be used.
# We also trigger when an annobin plugin is uninstalled. This allows us to
# switch over to the other version of the plugin. Note - we do not bother
# triggering on the uninstallation of "gcc", since if that is removed, the
# plugins are rendered useless.
%triggerpostun -- annobin gcc-plugin-annobin
%triggerpostun -- annobin-plugin-gcc gcc-plugin-annobin
%{rrcdir}/redhat-annobin-plugin-select.sh
%end
@ -226,8 +228,7 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
%dir %{rrcdir}
%{rrcdir}/macros
%{rrcdir}/rpmrc
%{rrcdir}/brp-mangle-shebangs
%{rrcdir}/brp-ldconfig
%{rrcdir}/brp-*
%{rrcdir}/dist.sh
%{rrcdir}/gpgverify
%{rrcdir}/redhat-hardened-*
@ -237,15 +238,18 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
%{rrcdir}/find-requires
%{rrcdir}/brp-ldconfig
%{_fileattrsdir}/*.attr
%{_rpmconfigdir}/kmod.prov
%{_rpmconfigdir}/macros.d/macros.*-srpm
%{_rpmconfigdir}/macros.d/macros.build-constraints
%{_rpmconfigdir}/macros.d/macros.dwz
%{_rpmconfigdir}/macros.d/macros.forge
%{_rpmconfigdir}/macros.d/macros.ldconfig
%{_rpmconfigdir}/macros.d/macros.vpath
%{_rpmconfigdir}/macros.d/macros.kernel-srpm
%{_rpmconfigdir}/macros.d/macros.fedora-misc
%{_rpmconfigdir}/kabi.sh
%{_rpmconfigdir}/macros.d/macros.ldconfig
%{_rpmconfigdir}/macros.d/macros.rpmautospec
%{_rpmconfigdir}/macros.d/macros.shell-completions
%{_rpmconfigdir}/macros.d/macros.vpath
%dir %{_rpmluadir}/fedora
%dir %{_rpmluadir}/fedora/srpm
%dir %{_rpmluadir}/fedora/rpm
%{_rpmluadir}/fedora/*.lua
%attr(0755,-,-) %{rrcdir}/redhat-annobin-plugin-select.sh
%verify(owner group mode) %{rrcdir}/redhat-annobin-cc1
@ -254,129 +258,601 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
%doc buildflags.md
%files -n kernel-rpm-macros
%dir %{rrcdir}/find-provides.d
%{rrcdir}/brp-kmod-set-exec-bit
%{rrcdir}/brp-kmod-restore-perms
%{rrcdir}/kmodtool
%{rrcdir}/rpmsort
%{rrcdir}/symset-table
%{rrcdir}/find-provides.ksyms
%{rrcdir}/find-requires.ksyms
%{rrcdir}/find-provides.d/firmware.prov
%{rrcdir}/find-provides.d/modalias.prov
%{_rpmconfigdir}/macros.d/macros.kmp
%changelog
* Wed Feb 08 2023 Nick Clifton <nickc@redhat.com> - 131-1
- Fix triggers for the installation and removal of gcc-plugin-annobin. (#2168233)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 285-1
- Bump release for June 2024 mass rebuild
* Tue Apr 05 2022 Nick Clifton <nickc@redhat.com> = 130-1
- Select between gcc-built and annobin-built versions of the annobin plugin.
(#2067153)
* Tue Jun 18 2024 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 284-1
- Use --config=xxx for clang configs instead of two separate arguments to work
around a bug in meson
- Add clang link config file
* Wed Mar 23 2022 Michal Domonkos <mdomonko@redhat.com> - 129-1
- Fix handling of files without newlines in brp-mangle-shebang (#2063036)
* Mon Jun 17 2024 Florian Weimer <fweimer@redhat.com> - 283-1
- Switch back to traditional Version: management (RHEL-42436)
* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 128-1
- modalias.prov: handle compressed kmods, sanitise alias/version strings
(#1976000)
* Fri Jun 7 2024 Florian Weimer <fweimer@redhat.com> - 282-4
- Enable DT_RELR on aarch64 (RHEL-40379)
* Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 127-1
- Add Requires: glibc-gconv-extras to cover for the split (#2013328)
* Wed May 22 2024 Florian Weimer <fweimer@redhat.com> - 282-3
- Drop ghc-srpm-macros dependency
* Mon Nov 29 2021 Florian Weimer <fweimer@redhat.com> - 126-1
- buildflags.md: Documentation updates (#2005079)
* Fri May 10 2024 Florian Weimer <fweimer@redhat.com> - 282-2
- Enable GNU2 TLS descriptors on x86-64 (GCC only) (RHEL-25031)
* Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
- Add missing macros.fedora-misc file (#1874576)
* Tue Feb 06 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 282-1
- Loosen rust-srpm-macros requirement
* Mon Nov 09 2020 Florian Festi <ffesti@redhat.com> - 124-1
- Add macros.kernel-srpm (#1874578)
- Added gpgverify (#1874576)
* Mon Feb 05 2024 Jonathan Wright <jonathan@almalinux.org> - 281-1
- simplify microarch macros for x86_64
* Tue Jun 16 2020 Florian Festi <ffesti@redhat.com> - 123-1
- Update kmod.prov for better performance (#1794491)
- Backport performance improvements for brp-mangle-shebangs (#1794779)
* Tue Jan 16 2024 Florian Weimer <fweimer@redhat.com> - 280-1
- Drop -fcf-protection for i686 because there won't be kernel support
* Mon Feb 24 2020 Michal Domonkos <mdomonko@redhat.com> - 122-1
- Fix argument shift in %%__brp_python_bytecompile (#1724567)
* Tue Jan 16 2024 Nils Philippsen <nils@redhat.com> - 279-1
- Obsolete rpmautospec-rpm-macros without version
* Tue Nov 26 2019 Eugene Syromiatnikov <esyr@redhat.com> - 121-1
- macros.kmp: add post-install hooks for kmod processing (#1664478, #1673200)
* Mon Jan 15 2024 Nick Clifton <nickc@redhat.com> - 278-1
- Add hardening feature to convert linker warning messages into errors.
- https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues
* Thu Jul 04 2019 Florian Festi <ffesti@redhat.com> - 120-1
- Fix permission for various build scripts (#1719363)
* Mon Jan 15 2024 Florian Weimer <fweimer@redhat.com> - 277-1
- Switch C type safety level to 3 (GCC 14 default), and adjust for GCC 14
* Tue Jun 04 2019 Florian Festi <ffesti@redhat.com> - 119-1
- Remove -eu param from shell scripts (#1686413)
* Thu Jan 11 2024 Jan Grulich <jgrulich@redhat.com> - 276-1
- Drop qt5-srpm-macros from RHEL 10
* Mon May 20 2019 Florian Weimer <fweimer@redhat.com> - 118-1
- Build flags: Add support for extension builders (#1661186)
* Fri Jan 05 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 275-1
- Define RUSTFLAGS only when rust macros are installed
* Wed Apr 17 2019 Panu Matilainen <pmatilai@redhat.com> - 117-1
- Add s390x to valgrind supported architectures (#1659106)
* Wed Jan 3 2024 Florian Weimer <fweimer@redhat.com> - 274-1
- Missing packed relative relocation support on aarch64, s390x (#2256645)
* Wed Feb 06 2019 Eugene Syromiatnikov <esyr@redhat.com> - 116-1
- Forward-port RHEL-specific kmodtool/macros.kmp changes from RHEL 7,
update kmodtool script for RHEL 8 (#1658414, #1666162)
* Tue Jan 2 2024 Florian Weimer <fweimer@redhat.com> - 273-1
- Pack relative ELF relocations by default
* Sat Sep 15 2018 Eugene Syromiatnikov <esyr@redhat.com> - 115-1
- Revert back to usage of join in find-requires.ksym:mod_requires()
as generated "Requires:" and "Provides:" lists have different format
and unsuitable for processing with comm (#1622016)
* Tue Dec 26 2023 Jan Drögehoff <sentrycraft123@gmail.com> - 272-1
- Add zig-srpm-macros
* Fri Aug 24 2018 Eugene Syromiatnikov <esyr@redhat.com> - 114-1
- Add support for compressed kernel modules to find-provides,
find-provides.ksyms, find-requires, find-requires.ksyms, firmware.prov
(#1622019)
* Fri Nov 03 2023 Stephen Gallagher <sgallagh@redhat.com> - 271-1
- ELN: Enable frame pointers for RHEL 11+ (for now)
* Mon Aug 20 2018 Eugene Syromiatnikov <esyr@redhat.com> - 113-1
- Fix generation for kernel module symbol version dependencies for the case
when module depends on the symbol with the same name as one present in kernel
but a different version (#1622016)
* Thu Oct 5 2023 Florian Weimer <fweimer@redhat.com> - 270-1
- Disable -fstack-clash-protection on riscv64 (#2242327)
* Mon Aug 13 2018 Eugene Syromiatnikov <esyr@redhat.com> - 112-1
- Re-instantiate support for old symvers path (#1571186)
* Thu Oct 5 2023 Nikita Popov <npopov@redhat.com> - 269-1
- Use correct format specifier in brp-llvm-compile-lto-elf
* Mon Aug 13 2018 Eugene Syromiatnikov <esyr@redhat.com> - 111-1
- Add dependency generator for kABI provides (#1571186)
* Fri Sep 29 2023 Nikita Popov <npopov@redhat.com> - 268-1
- Fix brp-llvm-compile-lto-elf parallelism with hardlinks (#2234024)
* Thu Aug 9 2018 Marek Polacek <polacek@redhat.com> - 110-1
- Use -march=z13 -mtune=z14 for s390{,x} (#1573944)
- Drop s390x from %%{valgrind_arches}
* Tue Sep 26 2023 Florian Weimer <fweimer@redhat.com> - 267-1
- Switch %%build_type_safety_c to 1 (#2142177)
* Mon Jul 23 2018 Peter Jones <pjones@redhat.com> - 109-1
- Add Requires: efi-srpm-macros for %%{efi}
* Thu Sep 07 2023 Maxwell G <maxwell@gtmx.me> - 266-1
- Split out forge macros to forge-srpm-macros package
* Tue Aug 29 2023 Florian Weimer <fweimer@redhat.com> - 265-1
- Add support for x86_64_v2, x86_64_v3, x86_64_v4 (#2233093)
* Tue Aug 22 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 264-1
- Add macros.rpmautospec
* Mon Aug 21 2023 Miroslav Suchy <msuchy@redhat.com> - 263-1
- Migrate to SPDX
* Wed Aug 02 2023 Charalampos Stratakis <cstratak@redhat.com> - 262-1
- Strip all extension builder flags except -fexceptions and -fcf-protection
- https://fedoraproject.org/wiki/Changes/Python_Extension_Flags_Reduction
* Fri Jul 7 2023 Florian Weimer <fweimer@redhat.com> - 261-1
- Fix warnings that appear during the build of the llvm package
* Wed Jul 5 2023 Florian Weimer <fweimer@redhat.com> - 260-1
- Implement the %%build_type_safety_c macro (#2218019)
* Wed Jul 5 2023 Florian Weimer <fweimer@redhat.com> - 259-1
- Filter out C, C++ build flags from Fortran build flags (#2177253)
* Wed Jul 5 2023 Florian Weimer <fweimer@redhat.com> - 258-1
- Enable PIC mode for assembler files (#2167430)
* Wed Jul 05 2023 Frederic Berat <fberat@redhat.com> - 257-1
- update config.{guess,sub} to gnuconfig git HEAD
* Sat Jun 17 2023 Tom Stellard <tstellar@redhat.com> - 256-1
- Remove -fno-openmp-implicit-rpath from clang ldflags
* Fri Jun 16 2023 Lumír Balhar <lbalhar@redhat.com> - 255-1
- Add qt6-srpm-macros
* Thu Mar 9 2023 Florian Weimer <fweimer@redhat.com> - 254-1
- Switch ELN to x86-64-v3
* Tue Feb 28 2023 Maxwell G <gotmax@e.email> - 253-1
- Include RUSTFLAGS in %%set_build_flags
- Fixes: rhbz#2167183
* Tue Feb 28 2023 Tom Stellard <tstellar@redhat.com> - 252-1
- Rename _pkg_extra_* macros to _distro_extra_*
* Thu Feb 23 2023 Miro Hrončok <mhroncok@redhat.com> - 251-1
- Drop the requirement of orphaned nim-srpm-macros
- No Fedora package uses the %%nim_arches macro
* Tue Feb 14 2023 Frederic Berat <fberat@redhat.com> - 250-1
- update config.{guess,sub} to gnuconfig git HEAD
* Thu Feb 09 2023 Jerry James <loganjerry@gmail.com> - 249-1
- Add macros.gap-srpm
* Tue Feb 07 2023 Tom Stellard <tstellar@redhat.com> - 248-1
- Add %%pkg_extra_* macros
* Mon Feb 06 2023 Nick Clifton <nickc@redhat.com> - 247-1
- Fix triggers for the installation and removal of gcc-plugin-annobin.
Fixes: rhbz#2124562
* Tue Jan 17 2023 Miro Hrončok <mhroncok@redhat.com> - 246-1
- Add pyproject-srpm-macros to the default buildroot
* Tue Jan 17 2023 Davide Cavalca <dcavalca@fedoraproject.org> - 245-1
- Do not include frame pointers on ppc64le for now
Fixes: rhbz#2161595
* Mon Jan 16 2023 Tom Stellard <tstellar@redhat.com> - 244-1
- Make -flto=thin the default lto flag for clang
* Mon Jan 16 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 243-1
- Consolidate the _FORTIFY_SOURCE switches.
* Fri Jan 13 2023 Miro Hrončok <mhroncok@redhat.com> - 242-1
- Don't use %%[ ] expressions with %%{undefined}
- Fixes: rhbz#2160716
* Thu Jan 12 2023 Stephen Gallagher <sgallagh@redhat.com> - 241-1
- Do not include frame pointers on RHEL
* Tue Jan 10 2023 Davide Cavalca <dcavalca@fedoraproject.org> - 240-1
- Do not include frame pointers on i686 and s390x for now
* Wed Jan 4 2023 Davide Cavalca <dcavalca@fedoraproject.org> - 239-1
- Enable frame pointers by default
- Set arch specific flags for frame pointers support
* Tue Jan 3 2023 Miro Hrončok <mhroncok@redhat.com> - 238-1
- Set %%source_date_epoch_from_changelog to 1
- https://fedoraproject.org/wiki/Changes/ReproducibleBuildsClampMtimes
* Tue Jan 3 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 237-1
- Make _FORTIFY_SOURCE configurable and bump default to 3.
* Wed Dec 28 2022 Davide Cavalca <dcavalca@fedoraproject.org> - 236-1
- Add conditional support for always including frame pointers
* Sat Dec 10 2022 Florian Weimer <fweimer@redhat.com> - 235-1
- Add %%_configure_use_runstatedir to disable --runstatedir configure option
* Fri Nov 4 2022 Tom Stellard <tstellar@redhat.com> - 234-1
- Remove unsupported arches from rpmrc
* Fri Nov 4 2022 Florian Weimer <fweimer@redhat.com> - 233-1
- Set -g when building Vala applications
* Fri Sep 23 2022 Timm Bäder <tbaeder@redhat.com> - 232-1
- Fix brp-compile-lto-elf to not rely on a backtracking regex
* Thu Sep 08 2022 Maxwell G <gotmax@e.email> - 231-1
- forge macros: Support Sourcehut. Fixes rhbz#2035935.
* Tue Aug 30 2022 Frederic Berat <fberat@redhat.com> - 230-1
- Add support for runstatedir in %%configure
* Fri Aug 26 2022 Dan Horák <dan[at]danny.cz> - 229-1
- Move the baseline s390x arch to z13 for F-38+
* Mon Aug 8 2022 Maxwell G <gotmax@e.email> - 228-1
- Add macros.shell-completions
* Fri Aug 05 2022 Nikita Popov <npopov@redhat.com> - 227-1
- brp-llvm-compile-lto-elf: Pass -r to xargs
* Wed Jun 22 2022 Timm Bäder <tbaeder@redhat.com> - 226-1
- Move llvm_compile_lto_to_elf before __debug_install_post
* Fri Jun 17 2022 Nick Clifton <nickc@redhat.com> - 225-1
- Add definition of _find_debuginfo_extra_opts which will
- move annobin data into a separate debuginfo file.
* Tue Jun 14 2022 Tom Stellard <tstellar@redhat.com> - 224-1
- Fix passing of CFLAGS to brp-llvm-compile-lto-elf
* Fri May 27 2022 Tom Stellard <tstellar@redhat.com> - 223-1
- Move -fno-openmp-implicit-rpath option from CFLAGS to LDFLAGS
* Fri May 27 2022 Florian Weimer <fweimer@redhat.com> - 222-1
- Use %%baserelease to store the version number
* Fri May 27 2022 Frederic Berat <fberat@redhat.com> - 221-1
- update config.{guess,sub} to gnuconfig git HEAD
* Tue May 17 2022 Maxwell G <gotmax@e.email> - 220-1
- Add `Requires: ansible-srpm-macros`
* Tue May 17 2022 Miro Hrončok <mhroncok@redhat.com> - 219-2
- Remove a tab character from the definition of %%__global_compiler_flags
- Fixes: rhbz#2083296
* Tue May 10 2022 Mikolaj Izdebski <mizdebsk@redhat.com> - 219-1
- Add java_arches macro
* Wed Apr 20 2022 Timm Bäder <tbaeder@redhat.com> - 218-1
- Parallelize bpr-llvm-compile-lto-elf
* Tue Apr 19 2022 Tom Stellard <tstellar@redhat.com> - 217-1
- Add -fno-openmp-implicit-rpath when building with clang
* Wed Apr 13 2022 Nick Clifton <nickc@redhat.com> - 216-1
- Add support for comparing gcc-built and annobin-built plugins.
* Mon Feb 21 2022 Timm Bäder <tbaeder@redhat.com> - 215-1
- Add %%__brp_remove_la_files to %%__os_install_post
* Thu Feb 10 2022 Florian Weimer <fweimer@redhat.com> - 214-1
- ppc64le: Switch baseline to POWER9 on ELN (ELN issue 78)
* Thu Feb 10 2022 Florian Weimer <fweimer@redhat.com> - 213-1
- s390x: Switch baseline to z14 on ELN (ELN issue 79)
* Sun Jan 23 2022 Robert-André Mauchin <zebob.m@gmail.com> - 212-1
- Add package note generation to %%check preamble
- Fix: rhbz#2043977
* Fri Jan 21 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 211-1
- Move package note generation to build preamble
- Do ELF package notes also on ELN
* Thu Jan 20 2022 Miro Hrončok <mhroncok@redhat.com> - 210-1
- Remove package ELF note from the extension LDFLAGS
- Related: rhbz#2043092
- Fix %%set_build_flags when %%_generate_package_note_file is not defined
- Fixes: rhbz#2043166
* Thu Jan 13 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 209-1
- Add package ELF note to the default LDFLAGS
* Tue Jan 04 2022 Tom Stellard <tstellar@redhat.com> - 208-1
- Call %%set_build_flags before %%build, %%check, and %%install stages
* Tue Dec 14 2021 Tom Stellard <tstellar@redhat.com> - 207-1
- Add -Wl,--build-id=sha1 to the default LDFLAGS
* Tue Dec 07 2021 Miro Hrončok <mhroncok@redhat.com> - 206-1
- brp-mangle-shebangs: also mangle shebangs of JavaScript executables
- Fixes: rhbz#1998924
* Thu Nov 18 2021 Michal Domonkos <mdomonko@redhat.com> - 205-1
- Drop kernel-rpm-macros subpackage & kmod.attr (new home: kernel-srpm-macros)
* Tue Nov 16 2021 Miro Hrončok <mhroncok@redhat.com> - 204-1
- Don't pull in Python to all buildroots
- Remove llvm-lto-elf-check script
* Tue Nov 09 2021 Michal Domonkos <mdomonko@redhat.com> - 203-1
- Drop {fpc,gnat,nim}-srpm-macros dependencies on RHEL
* Wed Nov 03 2021 David Benoit <dbenoit@redhat.com> - 202-1
- Add llvm-lto-elf-check script
- Resolves: rhbz#2017193
* Mon Nov 01 2021 Jason L Tibbitts III <j@tib.bs> - 201-1
- Better error handling for %%constrain_build.
* Mon Oct 18 2021 Jason L Tibbitts III <j@tib.bs> - 200-1
- Add %%constrain_build macro.
* Tue Sep 21 2021 Tom Stellard <tstellar@redhat.com> - 199-1
- Drop annobin-plugin-clang dependency
* Mon Aug 30 2021 Florian Weimer <fweimer@redhat.com> - 198-1
- ELN: Enable -march=x86-64-v2 for Clang as well
* Tue Aug 17 2021 Tom Stellard <tstellar@redhat.com> - 197-1
- Add build_ preifix to cc, cxx, and cpp macros
* Mon Aug 16 2021 Tom Stellard <tstellar@redhat.com> - 196-1
- Add cc, cxx, and cpp macros
* Sun Aug 15 2021 Michel Alexandre Salim <salimma@fedoraproject.org> - 195-1
- Fix macros.build-constraints' %%limit_build
- number of CPUs will never be set to less than 1
- this now outputs build flag overrides to be used with %%make_build etc.
- add documentation
* Mon Aug 2 2021 Florian Weimer <fweimer@redhat.com> - 194-1
- Active GCC plugin during LTO linking
* Sat Jul 24 2021 Michel Alexandre Salim <salimma@fedoraproject.org> - 193-1
- Add macros.build-constraints
- Keep the misc macros in alphabetical order
* Sat Jul 10 2021 Neal Gompa <ngompa13@gmail.com> - 192-1
- Make vpath builddir not include arch-specific info
* Thu Jul 01 2021 Miro Hrončok <mhroncok@redhat.com> - 191-1
- Require python-srpm-macros with Python related BuildRoot Policy scripts
* Wed Jun 30 2021 Miro Hrončok <mhroncok@redhat.com> - 190-1
- Move Python related BuildRoot Policy scripts from redhat-rpm-config to python-srpm-macros
* Mon Jun 28 2021 Ben Burton <bab@debian.org> - 189-1
- Adapt macros and BRP scripts for %%topdir with spaces
- Fixes rhbz#1947416
* Tue Jun 22 2021 Panu Matilainen <pmatilai@redhat.com> - 188-1
- Drop reference to now extinct brp-python-hardlink script
* Tue Jun 8 2021 Stephen Coady <scoady@redhat.com> - 187-1
- Add Requires: rpmautospec-rpm-macros
* Mon May 31 2021 Charalampos Stratakis <cstratak@redhat.com> - 186-1
- Enable RPATH check after %%install
- Part of https://fedoraproject.org/wiki/Changes/Broken_RPATH_will_fail_rpmbuild
- Resolves: rhbz#1964548
* Wed May 26 2021 Arjun Shankar <arjun@redhat.com> - 185-1
- Disable annobin on armv7hl
* Mon Apr 12 2021 David Benoit <dbenoit@redhat.com> - 184-1
- Change 'Requires: annobin' to 'Requires: annobin-plugin-gcc'.
* Tue Apr 6 2021 David Benoit <dbenoit@redhat.com> - 183-1
- BRP: LLVM Compile LTO Bitcode to ELF
- Add Requires: (llvm if clang)
* Mon Mar 22 2021 Lumír Balhar <lbalhar@redhat.com> - 182-1
- Fix handling of files without newlines in brp-mangle-shebang
* Wed Mar 10 2021 Kalev Lember <klember@redhat.com> - 181-1
- BRP Python Bytecompile: Avoid hardcoding /usr/bin prefix for python
* Tue Jan 19 2021 Florian Weimer <fweimer@redhat.com> - 180-1
- Use -march=x86-64-v2 only for the gcc toolchain
* Tue Jan 19 2021 Florian Weimer <fweimer@redhat.com> - 179-1
- x86_64: Enable -march=x86-64-v2 for ELN, following GCC.
* Sun Nov 29 2020 Miro Hrončok <mhroncok@redhat.com> - 178-1
- BRP Python Bytecompile: Also detect Python files in /app/lib/pythonX.Y
* Tue Oct 27 2020 Tom Stellard <tstellar@redhat.com> - 177-1
- Add back -fcf-protection flag for x86_64
* Tue Oct 20 2020 Florian Weimer <fweimer@redhat.com> - 176-1
- s390x: Tune for z14 (as in Red Hat Enterprise Linux 8)
* Mon Oct 5 2020 Florian Weimer <fweimer@redhat.com> - 175-1
- s390x: Switch Fedora ELN to z13 baseline
* Fri Sep 11 2020 Miro Hrončok <mhroncok@redhat.com> - 172-1
- Filter out LTO flags from %%extension flags macros
- Fixes: rhbz#1877652
* Wed Sep 2 2020 Michel Alexandre Salim <salimma@fedoraproject.org> - 171-1
- Add Requires: lua-srpm-macros
* Fri Aug 21 2020 Tom Stellard <tstellar@redhat.com> - 170-1
- Enable -fstack-clash-protection for clang on x86, s390x, and ppc64le
* Thu Aug 20 2020 Tom Stellard <tstellar@redhat.com> - 169-1
- Add -flto to ldflags for clang toolchain
* Thu Aug 20 2020 Neal Gompa <ngompa13@gmail.com> - 168-1
- Fix CC/CXX exports so arguments are included in exported variable
- Allow overrides of CC/CXX like CFLAGS and CXXFLAGS from shell variables
* Mon Aug 03 2020 Troy Dawson <tdawson@redhat.com> - 167-1
- Add Requires: kernel-srpm-macros
* Thu Jul 30 2020 Jeff Law <law@redhat.com> - 166-1
- Use -flto=auto for GCC to speed up builds
* Tue Jul 28 2020 Tom Stellard <tstellar@redhat.com> - 165-1
- Only use supported lto flags for clang toolchain
* Thu Jul 23 2020 Lumír Balhar <lbalhar@redhat.com> - 164-1
- Disable Python hash seed randomization in brp-python-bytecompile
* Tue Jul 21 2020 Jeff Law <law@redhat.com> - 163-1
- Enable LTO by default
* Thu Jul 16 2020 Lumír Balhar <lbalhar@redhat.com> - 162-1
- New script brp-fix-pyc-reproducibility
* Tue Jun 16 2020 Lumír Balhar <lbalhar@redhat.com> - 161-2
- Use stdlib compileall for Python >= 3.9
* Mon Jun 15 2020 Lumír Balhar <lbalhar@redhat.com> - 161-1
- No more automagic Python bytecompilation (phase 3)
https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_3
* Thu Jun 04 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 160-1
- Fix broken %%configure
* Wed Jun 03 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 159-1
- Fixes for new_package macro
* Wed Jun 03 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 158-1
- Add option to choose C/C++ toolchain
* Sat May 30 2020 Jeff Law <law@redhat.com> - 157-1
- When LTO is enabled, fix broken configure files.
* Sat May 30 2020 Nicolas Mailhot <nim@fedoraproject.org> - 156-1
- Add new_package macro and associated lua framework.
* Sat May 23 2020 Nicolas Mailhot <nim@fedoraproject.org> - 155-1
- forge: add gitea support
* Thu Apr 09 2020 Panu Matilainen <pmatilai@redhat.com> - 154-1
- Optimize kernel module provides by using a parametric generator
* Thu Feb 20 2020 Jason L Tibbitts III <tibbs@math.uh.edu> - 153-1
- Add dependency on fonts-srpm-macros, as those have now been approved by FPC.
* Thu Feb 20 2020 Jeff Law <law@redhat.com> - 152-1
- Use eu-elfclassify to only run strip on ELF relocatables
and archive libraries.
* Fri Feb 14 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 151-1
- Fixup parallel algorithm for brp-strip-lto
* Fri Feb 14 2020 Jeff Law <law@redhat.com> - 150-1
- Strip LTO sections/symbols from installed .o/.a files
* Thu Jan 23 2020 Jeff Law <law@redhat.com> - 149-1
- Allow conditionally adding -fcommon to CFLAGS by defining %%_legacy_common_support
* Mon Jan 20 2020 Florian Weimer <fweimer@redhat.com> - 148-1
- Reenable annobin after GCC 10 integration (#1792892)
* Mon Jan 20 2020 Florian Weimer <fweimer@redhat.com> - 147-1
- Temporarily disable annobin for GCC 10 (#1792892)
* Thu Dec 05 2019 Denys Vlasenko <dvlasenk@redhat.com> - 146-1
- kmod.prov: fix and speed it up
* Tue Dec 03 15:48:18 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 145-1
- %%set_build_flags: define LT_SYS_LIBRARY_PATH
* Thu Nov 21 2019 Denys Vlasenko <dvlasenk@redhat.com> - 144-1
- Speed up brp-mangle-shebangs.
* Tue Nov 05 2019 Lumír Balhar <lbalhar@redhat.com> - 143-1
- Fix brp-python-bytecompile with the new features from compileall2
- Resolves: rhbz#1595265
* Fri Nov 01 2019 Miro Hrončok <mhroncok@redhat.com> - 142-1
- Fix the simple API of %%gpgverify.
* Thu Aug 22 2019 Jason L Tibbitts III <tibbs@math.uh.edu> - 141-2
- Simplify the API of %%gpgverify.
* Thu Jul 25 2019 Richard W.M. Jones <rjones@redhat.com> - 140-2
- Bump version and rebuild.
* Sat Jul 20 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 140-1
- Fixup python-srpm-macros version
* Wed Jul 17 2019 Lumír Balhar <lbalhar@redhat.com> - 139-1
- Use compileall2 Python module for byte-compilation in brp-python-bytecompile
* Tue Jul 09 2019 Miro Hrončok <mhroncok@redhat.com> - 138-1
- Move brp-python-bytecompile from rpm, so we can easily adapt it
* Mon Jul 08 2019 Nicolas Mailhot <nim@fedoraproject.org> - 137-1
- listfiles: make it robust against all kinds of “interesting” inputs
- wordwrap: make list indenting smarter, to produce something with enough
structure that it can be converted into AppStream metadata
* Mon Jul 08 2019 Robert-André Mauchin <zebob.m@gmail.com> - 136-1
- Revert "Fix expansion in listfiles_exclude/listfiles_include"
* Mon Jul 08 2019 Nicolas Mailhot <nim@fedoraproject.org> - 135-1
- Fix expansion in listfiles_exclude/listfiles_include
* Mon Jul 01 2019 Florian Festi <ffesti@redhat.com> - 134-1
- Switch binary payload compression to Zstandard level 19
* Thu Jun 27 2019 Vít Ondruch <vondruch@redhat.com> - 133-2
- Enable RPM to set SOURCE_DATE_EPOCH environment variable.
* Tue Jun 25 08:13:50 CEST 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 133-1
- Expand listfiles_exclude/listfiles_include
* Tue Jun 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 132-1
- Remove perl macro refugees
* Mon Jun 10 2019 Panu Matilainen <pmatilai@redhat.com> - 131-1
- Provide temporary shelter for rpm 4.15 perl macro refugees
* Tue Jun 04 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 130-1
- New macro for wrapping text %%wordwrap
- Smal fix for %%listfiles with no arguments
* Thu May 30 2019 Björn Persson <Bjorn@Rombobjörn.se> - 129-1
- Added gpgverify.
* Tue Jan 15 2019 Panu Matilainen <pmatilai@redhat.com> - 128-1
- Drop redundant _smp_mflag re-definition, use the one from rpm instead
* Thu Dec 20 2018 Florian Weimer <fweimer@redhat.com> - 127-1
- Build flags: Add support for extension builders (#1543394)
* Mon Dec 17 2018 Panu Matilainen <pmatilai@redhat.com> - 126-1
- Silence the annoying warning from ldconfig brp-script (#1540971)
* Thu Nov 15 2018 Miro Hrončok <mhroncok@redhat.com> - 125-1
- Make automagic Python bytecompilation optional
https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2
* Thu Nov 08 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 124-1
- forge: add more distprefix cleaning (bz1646724)
* Mon Oct 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 123-1
- Add -q option to %%forgesetup
* Sat Oct 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 122-1
- Allow multiple calls to forge macros
* Thu Oct 11 2018 Jan Pazdziora <jpazdziora@redhat.com> - 121-1
- Add %_swidtagdir for directory for SWID tag files describing the
installation.
* Mon Sep 10 2018 Miro Hrončok <mhroncok@redhat.com> - 120-1
- Make ambiguous python shebangs error
https://fedoraproject.org/wiki/Changes/Make_ambiguous_python_shebangs_error
* Mon Aug 20 2018 Kalev Lember <klember@redhat.com> - 119-1
- Add aarch64 to ldc arches
* Wed Aug 15 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 118-1
- Enable --as-needed by default
* Mon Jul 16 2018 Miro Hrončok <mhroncok@redhat.com> - 117-1
- Mangle /bin shebnags to /usr/bin ones (#1581757)
* Tue Jul 10 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 116-1
- Add option to add -Wl,--as-needed into LDFLAGS
* Mon Jul 09 2018 Kalev Lember <klember@redhat.com> - 115-1
- Disable non-functional ppc64 support for ldc packages
* Tue Jun 26 2018 Panu Matilainen <pmatilai@redhat.com> - 114-1
- Fix kernel ABI related strings (Peter Oros, #26)
- Automatically trim changelog to two years (Zbigniew Jędrzejewski-Szmek, #22)
- Cosmetics cleanups (Zbigniew Jędrzejewski-Szmek, #22)
* Mon Jun 18 2018 Florian Weimer <fweimer@redhat.com> - 113-1
- Build flags: Require SSE2 on i686 (#1592212)
* Mon May 28 2018 Miro Hrončok <mhroncok@redhat.com> - 112-1
- Add a possibility to opt-out form automagic Python bytecompilation
https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation
* Wed May 02 2018 Peter Jones <pjones@redhat.com> - 111-1
- brp-mangle-shebangs: add %%{__brp_mangle_shebangs_exclude_file} and
%%{__brp_mangle_shebangs_exclude_from_file} to allow you to specify files
containing the shebangs to be ignore and files to be ignored regexps,
respectively, so that they can be generated during the package build.
* Mon Jul 09 2018 Tomas Orsava <torsava@redhat.com> - 108-1
- Impement changing python3 shebangs in brp-mangle-shebangs
- Added a dependency on python3-rpm-macros
* Wed May 2 2018 Florian Weimer <fweimer@redhat.com> - 110-1
- Reflect -fasynchronous-unwind-tables GCC default on POWER (#1550914)
* Tue Jul 03 2018 Tomas Orsava <torsava@redhat.com> - 107.3-3.1
- Bump release
* Wed May 2 2018 Florian Weimer <fweimer@redhat.com> - 109-1
- Use plain -fcf-protection compiler flag, without -mcet (#1570823)
* Thu Jun 28 2018 Tomas Orsava <torsava@redhat.com> - 107.3-3
- The brp-python-bytecompile script no longer accepts two arguments, as the
first argument has been obsoleted
- Modified the definition of %%__brp_python_bytecompile to match the new scheme
* Thu Jun 28 2018 Florian Festi <ffesti@redhat.com> - 107.3-2
- Replace find-provides.ksyms and find-requires.ksyms by RHEL 7.6 versions (#1571186)
* Thu Jun 07 2018 Florian Festi <ffesti@redhat.com> - 107.3-1
- Remove dependencies to fpc-srpm-macros, gnat-srpm-macros and nim-srpm-macros
* Fri Jun 1 2018 Florian Weimer <fweimer@redhat.com> - 107.2-1
- i686: Build with -mstackrealign (#1478332)
- Update documentation for i686 build flags (#1554855)
* Fri May 4 2018 Florian Weimer <fweimer@redhat.com> - 107.1-1
- Use plain -fcf-protection compiler flag, without -mcet (#1574937)
* Tue May 01 2018 Peter Jones <pjones@redhat.com> - 108-1
- Add Requires: efi-srpm-macros for %%{efi}
* Fri Apr 20 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 107-1
- Add %%_metainfodir macro.

31
rpmrc Normal file
View File

@ -0,0 +1,31 @@
include: /usr/lib/rpm/rpmrc
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} %__cflags_arch_x86_64_common
optflags: x86_64_v2 %{__global_compiler_flags} -m64 -march=x86-64-v2 %__cflags_arch_x86_64_common
optflags: x86_64_v3 %{__global_compiler_flags} -m64 -march=x86-64-v3 %__cflags_arch_x86_64_common
optflags: x86_64_v4 %{__global_compiler_flags} -m64 -march=x86-64-v4 %__cflags_arch_x86_64_common
optflags: ppc64le %{__global_compiler_flags} -m64 %{__cflags_arch_ppc64le} -fasynchronous-unwind-tables -fstack-clash-protection
optflags: s390x %{__global_compiler_flags} -m64 %{__cflags_arch_s390x} -fasynchronous-unwind-tables -fstack-clash-protection
optflags: aarch64 %{__global_compiler_flags} -mbranch-protection=standard -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ] %{_frame_pointers_cflags} %{_frame_pointers_cflags_aarch64}
optflags: riscv64 %{__global_compiler_flags} -fasynchronous-unwind-tables %{_frame_pointers_cflags}
# set build arch to fedora buildarches on hardware capable of running it
# saves having to do rpmbuild --target=
buildarchtranslate: athlon: i686
buildarchtranslate: geode: i686
buildarchtranslate: pentium4: i686
buildarchtranslate: pentium3: i686
buildarchtranslate: i686: i686
buildarchtranslate: i586: i586
buildarchtranslate: armv7hl: armv7hl
buildarchtranslate: armv7hnl: armv7hl