redhat-rpm-config/macros
Florian Weimer 246107d5f6 Implement the %build_type_safety_c macro (#2218019)
The default remains at 0 (no change) until the corresponding Fedora
change proposal is accepted:

  <https://fedoraproject.org/wiki/Changes/GNUToolchainF39>
2023-07-05 14:28:21 +02:00

455 lines
20 KiB
Plaintext

# Per-platform rpm configuration file.
#==============================================================================
# ---- per-platform macros.
#
%_vendor redhat
%_os linux
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
#==============================================================================
# ---- configure macros. note that most of these are inherited
# from the defaults.
#
%_localstatedir /var
%_runstatedir /run
%_pkgdocdir %{_docdir}/%{name}
%_docdir_fmt %%{NAME}
%_fmoddir %{_libdir}/gfortran/modules
%source_date_epoch_from_changelog 1
%clamp_mtime_to_source_date_epoch %source_date_epoch_from_changelog
%_enable_debug_packages 1
%_include_minidebuginfo 1
%_include_gdb_index 1
%_debugsource_packages 1
%_debuginfo_subpackages 1
# GCC toolchain
%__cc_gcc gcc
%__cxx_gcc g++
%__cpp_gcc gcc -E
# Clang toolchain
%__cc_clang clang
%__cxx_clang clang++
%__cpp_clang clang-cpp
# Default to the GCC toolchain
%toolchain gcc
%__cc %{expand:%%{__cc_%{toolchain}}}
%__cxx %{expand:%%{__cxx_%{toolchain}}}
%__cpp %{expand:%%{__cpp_%{toolchain}}}
# Compiler macros to use for invoking compilers in spec files for packages that
# want to use the default compiler and don't care which compiler that is.
%build_cc %{__cc}
%build_cxx %{__cxx}
%build_cpp %{__cpp}
#==============================================================================
# ---- compiler flags.
# C compiler flags. This is traditionally called CFLAGS in makefiles.
# Historically also available as %%{optflags}, and %%build sets the
# environment variable RPM_OPT_FLAGS to this value.
%build_cflags %{__build_flags_lang_c} %{?_distro_extra_cflags}
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
%build_cxxflags %{__build_flags_lang_cxx} %{?_distro_extra_cxxflags}
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
# the corresponding variable names.
%build_fflags %{__build_flags_common} -I%{_fmoddir} %{?_distro_extra_fflags}
# Vala compiler flags. This is used to set VALAFLAGS.
%build_valaflags -g
# When clang is used as a linker driver, it does not auto-detect the LTO
# bytecode and neither does bfd, so we need to explicitly pass the -flto
# flag when linking.
%_clang_extra_ldflags %{?_lto_cflags}
# Link editor flags. This is usually called LDFLAGS in makefiles.
# (Some makefiles use LFLAGS instead.) The default value assumes that
# the flags, while intended for ld, are still passed through the gcc
# compiler driver. At the beginning of %%build, the environment
# variable RPM_LD_FLAGS to this value.
%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} %{_annotation_ldflags} %[ "%{toolchain}" == "clang" ? "%{?_clang_extra_ldflags}" : "" ] %{_build_id_flags} %{?_package_note_flags} %{?_distro_extra_ldflags}
# Expands to shell code to set the compiler/linker environment
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, VALAFLAGS, LDFLAGS if they
# have not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
# been set implicitly at the start of the %%build section.
# LT_SYS_LIBRARY_PATH is used by libtool script.
%set_build_flags \
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
VALAFLAGS="${VALAFLAGS:-%{build_valaflags}}" ; export VALAFLAGS ; \
RUSTFLAGS="${RUSTFLAGS:-%{build_rustflags}}" ; export RUSTFLAGS ; \
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH ; \
CC="${CC:-%{__cc}}" ; export CC ; \
CXX="${CXX:-%{__cxx}}" ; export CXX
# Automatically use set_build_flags macro for build, check, and
# install phases.
# Use "%undefine _auto_set_build_flags" to disable"
%_auto_set_build_flags 1
%__spec_build_pre %{___build_pre} \
%{?_auto_set_build_flags:%{set_build_flags}} \
%{?_generate_package_note_file}
%__spec_check_pre %{___build_pre} \
%{?_auto_set_build_flags:%{set_build_flags}} \
%{?_generate_package_note_file}
# Internal-only. Do not use. Expand a variable and strip the flags
# not suitable to extension builders.
%__extension_strip_flags() %{lua:
local name = rpm.expand("%{1}")
local value = " " .. rpm.expand("%{build_" .. name .. "}")
local specs_pattern = "%s+-specs=[^%s]+"
local lto_flags_pattern = rpm.expand("%{?_lto_cflags}"):gsub("[%-%.]", "%%%1")
local package_note_flags_pattern = "%-Wl,%S*package_note%S*"
local result = value:gsub(specs_pattern, " "):gsub(lto_flags_pattern, ""):gsub(package_note_flags_pattern, "")
print(result)
}
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
# extension builders.
%extension_cflags %{__extension_strip_flags cflags}
%extension_cxxflags %{__extension_strip_flags cxxflags}
%extension_fflags %{__extension_strip_flags fflags}
%extension_ldflags %{__extension_strip_flags ldflags}
# Deprecated names. For backwards compatibility only.
%__global_cflags %{build_cflags}
%__global_cxxflags %{build_cxxflags}
%__global_fflags %{build_fflags}
%__global_fcflags %{build_fflags}
%__global_ldflags %{build_ldflags}
# Architecture-specific support. Internal. Do not use directly.
%__cflags_arch_x86_64_v2 %[0%{?rhel} == 9 ? "-march=x86-64-v2" : ""]
%__cflags_arch_x86_64_v3 %[0%{?rhel} > 9 ? "-march=x86-64-v3" : ""]
%__cflags_arch_x86_64 %{__cflags_arch_x86_64_v2} %{__cflags_arch_x86_64_v3}
# Also used for s390.
%__cflags_arch_s390x %[0%{?rhel} >= 9 ? "-march=z14 -mtune=z15" : "-march=z13 -mtune=z14"]
%__cflags_arch_ppc64le %[0%{?rhel} >= 9 ? "-mcpu=power9 -mtune=power9" : "-mcpu=power8 -mtune=power8"]
#==============================================================================
# ---- configure and makeinstall.
#
%_configure_gnuconfig_hack 1
%_configure_libtool_hardening_hack 1
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
# to be added to the list of options passed to the configure script.
# Eventually we'll want to turn this on by default, but this gives packagers a
# way to turn it back off.
# %_configure_disable_silent_rules 1
# Pass --runstatedir to configure.
%_configure_use_runstatedir 1
# This fixes various easy resolved configure tests that are compromised by LTO.
#
# We use this within the standard %configure macro, but also make it available
# for packages which don't use %configure
#
# The first three are common ways to test for the existence of a function, so
# we ensure the reference to the function is preserved
#
# The fourth are constants used to then try to generate NaNs and other key
# floating point numbers. We then use those special FP numbers to try and
# raise a SIGFPE. By declaring x & y volatile we prevent the optimizers
# from removing the computation
#
# The fifth (and worst) addresses problems with autoconf/libtool's approach
# to extracting symbols from .o files and generating C code. In an LTO world
# types matter much more closely and you can't have an object in one context
# that is a function definition and a simple scalar variable in another.
# Thankfully HP-UX has always had that restriction and is supported by
# autoconf/libtool. The insane sed script replaces the "generic" code with
# the HP-UX version.
#
# If we do not make changes, we put the original file back. This avoids
# unnecessary rebuilds of things that may have dependencies on the configure
# files.
#
%_fix_broken_configure_for_lto \
for file in $(find . -type f -name configure -print); do \
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\) = /__attribute__ ((used)) char (*f) () = /g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\);/__attribute__ ((used)) char (*f) ();/g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} -r --in-place=.backup 's/^char \\$2 \\(\\);/__attribute__ ((used)) char \\$2 ();/g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} --in-place=.backup '1{$!N;$!N};$!N;s/int x = 1;\\nint y = 0;\\nint z;\\nint nan;/volatile int x = 1; volatile int y = 0; volatile int z, nan;/;P;D' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} --in-place=.backup 's#^lt_cv_sys_global_symbol_to_cdecl=.*#lt_cv_sys_global_symbol_to_cdecl="sed -n -e '"'"'s/^T .* \\\\(.*\\\\)$/extern int \\\\1();/p'"'"' -e '"'"'s/^$symcode* .* \\\\(.*\\\\)$/extern char \\\\1;/p'"'"'"#' $file; \
diff -u $file.backup $file && mv $file.backup $file \
done
%configure \
%{set_build_flags}; \
[ "%{_lto_cflags}"x != x ] && %{_fix_broken_configure_for_lto}; \
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
done ; \
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
for i in $(find . -name ltmain.sh) ; do \
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
done ; \
%{_configure} --build=%{_build} --host=%{_host} \\\
--program-prefix=%{?_program_prefix} \\\
--disable-dependency-tracking \\\
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
--prefix=%{_prefix} \\\
--exec-prefix=%{_exec_prefix} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--sysconfdir=%{_sysconfdir} \\\
--datadir=%{_datadir} \\\
--includedir=%{_includedir} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--localstatedir=%{_localstatedir} \\\
%{?_configure_use_runstatedir:$(grep -q "runstatedir=DIR" %{_configure} && echo '--runstatedir=%{_runstatedir}')} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir}
#==============================================================================
# ---- Build policy macros.
#
#
#---------------------------------------------------------------------
# Expanded at beginning of %install scriptlet.
#
%__spec_install_pre %{___build_pre}\
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
mkdir -p "`dirname "$RPM_BUILD_ROOT"`"\
mkdir "$RPM_BUILD_ROOT"\
%{?_auto_set_build_flags:%{set_build_flags}}\
%{nil}
#---------------------------------------------------------------------
# Expanded at end of %install scriptlet.
#
%__arch_install_post /usr/lib/rpm/check-buildroot
# Build root policy macros. Standard naming:
# convert all '-' in basename to '_', add two leading underscores.
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
%__brp_compress /usr/lib/rpm/brp-compress
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
%__brp_check_rpaths /usr/lib/rpm/check-rpaths
# __brp_mangle_shebangs_exclude - shebangs to exclude
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
# __brp_mangle_shebangs_exclude_from - files to ignore
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
%__brp_mangle_shebangs /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
%__brp_llvm_compile_lto_elf /usr/lib/rpm/redhat/brp-llvm-compile-lto-elf %{build_cflags} %{build_ldflags}
# note: %%__os_install_post_python is defined in python-srpm-macros and contains several policies
# redhat-rpm-config maintainers, don't remove it from %%__os_install_post unless coordinating the change with Python maintainers
# packagers, don't undefine the entire macro, see the individual macros in /usr/lib/rpm/macros.d/macros.python-srpm
%__os_install_post \
%{?__brp_ldconfig} \
%{?__brp_compress} \
%{!?__debug_package:\
%{?__brp_strip} \
%{?__brp_strip_comment_note} \
} \
%{?__brp_strip_lto} \
%{?__brp_strip_static_archive} \
%{?__brp_check_rpaths} \
%{?__brp_mangle_shebangs} \
%{?__brp_remove_la_files} \
%{__os_install_post_python} \
%{nil}
%__spec_install_post\
%[ "%{toolchain}" == "clang" ? "%{?__brp_llvm_compile_lto_elf}" : "%{nil}" ] \
%{?__debug_package:%{__debug_install_post}}\
%{__arch_install_post}\
%{__os_install_post}\
%{nil}
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
%%install\
%{nil}
#
# Should missing buildids terminate a build?
%_missing_build_ids_terminate_build 1
# Use SHA-256 for FILEDIGESTS instead of default MD5
%_source_filedigest_algorithm 8
%_binary_filedigest_algorithm 8
# Use Zstandard compression for binary payloads
%_binary_payload w19.zstdio
#==============================================================================
# --- Compiler flags control.
#
# Please consult buildflags.md for parts that can be configured
# from RPM spec files.
%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
%_hardening_clang_cflags --config /usr/lib/rpm/redhat/redhat-hardened-clang.cfg
%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} -fstack-protector-strong
# we don't escape symbols '~', '"', etc. so be careful when changing this
%_hardening_ldflags -Wl,-z,now %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld" : "" ]
# Harden packages by default for Fedora 23+:
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
# Use "%undefine _hardened_build" to disable.
%_hardened_build 1
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
# Add extra information to binary objects created by the compiler:
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
# ...except on armv7hl, which has an issue whose root-cause isn't
# clear yet: https://bugzilla.redhat.com/show_bug.cgi?id=1951492
# Use "%undefine _annotated_build" to disable.
%_annotated_build 1
%_annobin_gcc_plugin -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
# The annobin plugin is not built for clang yet
%_annobin_clang_plugin %dnl-fplugin=/usr/lib64/clang/`clang -dumpversion`/lib/annobin.so
%_annotation_plugin %{?_annotated_build:%{expand:%%{_annobin_%{toolchain}_plugin}}}
%_annotation_cflags %[ "%{_target_cpu}" == "armv7hl" ? "" : "%{_annotation_plugin}" ]
%_annotation_ldflags %{?_lto_cflags:%{_annotation_cflags}}
# Use the remove-section option to force the find-debuginfo script
# to move the annobin notes into the separate debuginfo file.
%_find_debuginfo_extra_opts %{?_annotated_build:--remove-section .gnu.build.attributes}
# Include frame pointer information by default, except on RHEL
# https://fedoraproject.org/wiki/Changes/fno-omit-frame-pointer
# Use "%undefine _include_frame_pointers" to disable.
%_include_frame_pointers %{undefined rhel}
%_frame_pointers_cflags %{expr:0%{?_include_frame_pointers} ? "-fno-omit-frame-pointer" : ""}
%_frame_pointers_cflags_x86_64 %{expr:0%{?_include_frame_pointers} ? "-mno-omit-leaf-frame-pointer" : ""}
%_frame_pointers_cflags_aarch64 %{expr:0%{?_include_frame_pointers} ? "-mno-omit-leaf-frame-pointer" : ""}
%_frame_pointers_cflags_s390x %{expr:0%{?_include_frame_pointers} ? "-mbackchain" : ""}
# Fail linking if there are undefined symbols. Required for proper
# ELF symbol versioning support. Disabled by default.
# Use "%define _ld_strict_symbol_defs 1" to enable.
#%_ld_strict_symbol_defs 1
%_ld_symbols_flags %{?_ld_strict_symbol_defs:-Wl,-z,defs}
# https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
# use "%undefine _ld_as_needed" to disable.
%_ld_as_needed 1
%_ld_as_needed_flags %{?_ld_as_needed:-Wl,--as-needed}
# LTO is the default in Fedora.
# "%define _lto_cflags %{nil}" to opt out
#
# We currently have -ffat-lto-objects turned on out of an abundance of
# caution. To remove it we need to do a check of the installed .o/.a files
# to verify they have real sections/symbols after LTO stripping. That
# way we can detect installing an unusable .o/.a file. This is on the TODO
# list for F34.
%_gcc_lto_cflags -flto=auto -ffat-lto-objects
%_clang_lto_cflags -flto=thin
%_lto_cflags %{expand:%%{_%{toolchain}_lto_cflags}}
# Default fortification level.
# "%define _fortify_level 2" to downgrade and
# "%define _fortify_level 0" or "%undefine _fortify_level" to disable
#
# We use a single -Wp here to enforce order so that ccache does not ever
# reorder them.
%_fortify_level 3
%_fortify_level_flags %[ 0%{?_fortify_level} > 0 ? "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=%{_fortify_level}" : "" ]
# This can be set to a positive integer to obtain increasing type
# safety levels for C. See buildflags.md.
%build_type_safety_c 0
# Some linkers default to a build-id algorithm that is not supported by rpmbuild,
# so we need to specify the right algorithm to use.
%_build_id_flags -Wl,--build-id=sha1
%_general_options -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
%_warning_options -Wall%[%__build_for_lang_any ? " -Wno-complain-wrong-lang" : ""]%[%__build_for_lang_c + %__build_for_lang_cxx ? " -Werror=format-security" : ""]%[%__build_for_lang_c && (%build_type_safety_c >= 1) ? " -Werror=implicit-function-declaration -Werror=implicit-int" : ""]%[%__build_for_lang_c && (%build_type_safety_c >= 2) ? " -Werror=int-conversion" : ""]%[%__build_for_lang_c && (%build_type_safety_c >= 3) ? " -Werror=incompatible-pointer-types" : ""]
%_preprocessor_defines %{_fortify_level_flags} -Wp,-D_GLIBCXX_ASSERTIONS
# Common variables are no longer generated by default by gcc and clang
# If they are needed then add "%define _legacy_common_support 1" to the spec file.
%_legacy_options %{?_legacy_common_support: -fcommon}
%__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} %{_annotation_cflags} %{_legacy_options}
# Internal macros. Do not use directly. These variables can be rebound
# to suppress certain frontend-specific compiler flags (or in the case
# of __build_for_lang_any, frontend-agnostic flags). Dynamic scoping
# and shadowing redefinitions are used for the __build_for_* variables
# to remain largely compatible with existing spec files that have
# hard-coded assumptions which macros assume which other macros.
# Note: Using short-circuit evaluation with || in __build_for_* conditionals
# may result in unused-macro warnings from RPM.
%__build_for_lang_c 1
%__build_for_lang_cxx 1
%__build_for_lang_any 1
%__build_flags_common() %{expand:%define __build_for_lang_c 0}%{expand:%define __build_for_lang_cxx 0}%{expand:%define __build_for_lang_any 0}%{optflags}
%__build_flags_lang_c() %{expand:%define __build_for_lang_cxx 0}%{expand:%define __build_for_lang_any 0}%{optflags}
%__build_flags_lang_cxx() %{expand:%define __build_for_lang_c 0}%{expand:%define __build_for_lang_any 0}%{optflags}
# Automatically trim changelog entries after 2 years
%_changelog_trimage %{expr:2*365*24*60*60}
#==============================================================================
# ---- Generic auto req/prov filtering macros
#
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
# prevent anything matching from being scanned for provides
%filter_provides_in(P) %{expand: \
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
}
# prevent anything matching from being scanned for requires
%filter_requires_in(P) %{expand: \
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
}
# filter anything matching out of the provides stream
%filter_from_provides() %{expand: \
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
}
# filter anything matching out of the requires stream
%filter_from_requires() %{expand: \
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
}
# actually set up the filtering bits
%filter_setup %{expand: \
%global _use_internal_dependency_generator 0 \
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
}