74e11b4fa8
This allows us to maintain our own BuildRoot Policy scripts in an easier way. This change needs to be coordinated with the addition of the files to python-srpm-macros. redhat-rpm-config requires python-srpm-macros, so no significant change is expected for the packagers. This also moves the Python BRPs to the end of the list which should be fine.
390 lines
16 KiB
Plaintext
390 lines
16 KiB
Plaintext
# Per-platform rpm configuration file.
|
|
|
|
#==============================================================================
|
|
# ---- per-platform macros.
|
|
#
|
|
%_vendor redhat
|
|
%_os linux
|
|
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
|
|
|
|
#==============================================================================
|
|
# ---- configure macros. note that most of these are inherited
|
|
# from the defaults.
|
|
#
|
|
%_localstatedir /var
|
|
|
|
%_pkgdocdir %{_docdir}/%{name}
|
|
%_docdir_fmt %%{NAME}
|
|
|
|
%_fmoddir %{_libdir}/gfortran/modules
|
|
|
|
%source_date_epoch_from_changelog 1
|
|
|
|
%_enable_debug_packages 1
|
|
%_include_minidebuginfo 1
|
|
%_include_gdb_index 1
|
|
%_debugsource_packages 1
|
|
%_debuginfo_subpackages 1
|
|
|
|
# GCC toolchain
|
|
%__cc_gcc gcc
|
|
%__cxx_gcc g++
|
|
%__cpp_gcc gcc -E
|
|
|
|
# Clang toolchain
|
|
%__cc_clang clang
|
|
%__cxx_clang clang++
|
|
%__cpp_clang clang-cpp
|
|
|
|
# Default to the GCC toolchain
|
|
#
|
|
# It is enough to override `toolchain` macro and all relevant macro for C/C++
|
|
# compilers will be switched. Either in the spec or in the command-line.
|
|
#
|
|
# %global toolchain clang
|
|
#
|
|
# or:
|
|
#
|
|
# rpmbuild -D "toolchain clang" …
|
|
#
|
|
# Inside a spec file it is also possible to determine which toolchain is in use
|
|
# by testing the same macro. For example:
|
|
#
|
|
# %if "%{toolchain}" == "gcc"
|
|
# BuildRequires: gcc
|
|
# %endif
|
|
#
|
|
# or:
|
|
#
|
|
# %if "%{toolchain}" == "clang"
|
|
# BuildRequires: clang compiler-rt
|
|
# %endif
|
|
#
|
|
%toolchain gcc
|
|
|
|
%__cc %{expand:%%{__cc_%{toolchain}}}
|
|
%__cxx %{expand:%%{__cxx_%{toolchain}}}
|
|
%__cpp %{expand:%%{__cpp_%{toolchain}}}
|
|
|
|
#==============================================================================
|
|
# ---- compiler flags.
|
|
|
|
# C compiler flags. This is traditionally called CFLAGS in makefiles.
|
|
# Historically also available as %%{optflags}, and %%build sets the
|
|
# environment variable RPM_OPT_FLAGS to this value.
|
|
%build_cflags %{optflags}
|
|
|
|
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
|
|
%build_cxxflags %{optflags}
|
|
|
|
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
|
|
# the corresponding variable names.
|
|
%build_fflags %{optflags} -I%{_fmoddir}
|
|
|
|
# Link editor flags. This is usually called LDFLAGS in makefiles.
|
|
# (Some makefiles use LFLAGS instead.) The default value assumes that
|
|
# the flags, while intended for ld, are still passed through the gcc
|
|
# compiler driver. At the beginning of %%build, the environment
|
|
# variable RPM_LD_FLAGS to this value.
|
|
# When clang is used as a linker driver, it does not auto-detect the LTO
|
|
# bytecode and neither does bfd, so we need to explicitly pass the -flto
|
|
# flag when linking.
|
|
%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} %[ "%{toolchain}" == "clang" ? "%{?_lto_cflags}" : "" ]
|
|
|
|
# Expands to shell code to set the compiler/linker environment
|
|
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
|
|
# not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
|
|
# been set implicitly at the start of the %%build section.
|
|
# LT_SYS_LIBRARY_PATH is used by libtool script.
|
|
%set_build_flags \
|
|
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
|
|
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
|
|
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
|
|
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
|
|
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
|
|
LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH ; \
|
|
CC="${CC:-%{__cc}}" ; export CC ; \
|
|
CXX="${CXX:-%{__cxx}}" ; export CXX
|
|
|
|
# Internal-only. Do not use. Expand a variable and strip the flags
|
|
# not suitable to extension builders.
|
|
%__extension_strip_flags() %{lua:
|
|
local name = rpm.expand("%{1}")
|
|
local value = " " .. rpm.expand("%{build_" .. name .. "}")
|
|
local specs_pattern = "%s+-specs=[^%s]+"
|
|
local lto_flags_pattern = rpm.expand("%{?_lto_cflags}"):gsub("[%-%.]", "%%%1")
|
|
local result = value:gsub(specs_pattern, " "):gsub(lto_flags_pattern, "")
|
|
print(result)
|
|
}
|
|
|
|
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
|
|
# extension builders.
|
|
%extension_cflags %{__extension_strip_flags cflags}
|
|
%extension_cxxflags %{__extension_strip_flags cxxflags}
|
|
%extension_fflags %{__extension_strip_flags fflags}
|
|
%extension_ldflags %{__extension_strip_flags ldflags}
|
|
|
|
# Deprecated names. For backwards compatibility only.
|
|
%__global_cflags %{build_cflags}
|
|
%__global_cxxflags %{build_cxxflags}
|
|
%__global_fflags %{build_fflags}
|
|
%__global_fcflags %{build_fflags}
|
|
%__global_ldflags %{build_ldflags}
|
|
|
|
# Architecture-specific support. Internal. Do not use directly.
|
|
|
|
%__cflags_arch_x86_64 %[0%{?rhel} >= 9 && "%{toolchain}" == "gcc" ? "-march=x86-64-v2" : ""]
|
|
|
|
# Also used for s390.
|
|
%__cflags_arch_s390x %[0%{?rhel} >= 8 ? "-march=z13 -mtune=z14" : "-march=zEC12 -mtune=z13"]
|
|
|
|
#==============================================================================
|
|
# ---- configure and makeinstall.
|
|
#
|
|
%_configure_gnuconfig_hack 1
|
|
%_configure_libtool_hardening_hack 1
|
|
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
|
|
# to be added to the list of options passed to the configure script.
|
|
# Eventually we'll want to turn this on by default, but this gives packagers a
|
|
# way to turn it back off.
|
|
# %_configure_disable_silent_rules 1
|
|
|
|
# This fixes various easy resolved configure tests that are compromised by LTO.
|
|
#
|
|
# We use this within the standard %configure macro, but also make it available
|
|
# for packages which don't use %configure
|
|
#
|
|
# The first three are common ways to test for the existence of a function, so
|
|
# we ensure the reference to the function is preserved
|
|
#
|
|
# The fourth are constants used to then try to generate NaNs and other key
|
|
# floating point numbers. We then use those special FP numbers to try and
|
|
# raise a SIGFPE. By declaring x & y volatile we prevent the optimizers
|
|
# from removing the computation
|
|
#
|
|
# The fifth (and worst) addresses problems with autoconf/libtool's approach
|
|
# to extracting symbols from .o files and generating C code. In an LTO world
|
|
# types matter much more closely and you can't have an object in one context
|
|
# that is a function definition and a simple scalar variable in another.
|
|
# Thankfully HP-UX has always had that restriction and is supported by
|
|
# autoconf/libtool. The insane sed script replaces the "generic" code with
|
|
# the HP-UX version.
|
|
#
|
|
# If we do not make changes, we put the original file back. This avoids
|
|
# unnecessary rebuilds of things that may have dependencies on the configure
|
|
# files.
|
|
#
|
|
%_fix_broken_configure_for_lto \
|
|
for file in $(find . -type f -name configure -print); do \
|
|
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\) = /__attribute__ ((used)) char (*f) () = /g' $file; \
|
|
diff -u $file.backup $file && mv $file.backup $file \
|
|
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\);/__attribute__ ((used)) char (*f) ();/g' $file; \
|
|
diff -u $file.backup $file && mv $file.backup $file \
|
|
%{__sed} -r --in-place=.backup 's/^char \\$2 \\(\\);/__attribute__ ((used)) char \\$2 ();/g' $file; \
|
|
diff -u $file.backup $file && mv $file.backup $file \
|
|
%{__sed} --in-place=.backup '1{$!N;$!N};$!N;s/int x = 1;\\nint y = 0;\\nint z;\\nint nan;/volatile int x = 1; volatile int y = 0; volatile int z, nan;/;P;D' $file; \
|
|
diff -u $file.backup $file && mv $file.backup $file \
|
|
%{__sed} --in-place=.backup 's#^lt_cv_sys_global_symbol_to_cdecl=.*#lt_cv_sys_global_symbol_to_cdecl="sed -n -e '"'"'s/^T .* \\\\(.*\\\\)$/extern int \\\\1();/p'"'"' -e '"'"'s/^$symcode* .* \\\\(.*\\\\)$/extern char \\\\1;/p'"'"'"#' $file; \
|
|
diff -u $file.backup $file && mv $file.backup $file \
|
|
done
|
|
|
|
%configure \
|
|
%{set_build_flags}; \
|
|
[ "%{_lto_cflags}"x != x ] && %{_fix_broken_configure_for_lto}; \
|
|
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
|
|
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
|
|
done ; \
|
|
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
|
|
for i in $(find . -name ltmain.sh) ; do \
|
|
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
|
|
done ; \
|
|
%{_configure} --build=%{_build} --host=%{_host} \\\
|
|
--program-prefix=%{?_program_prefix} \\\
|
|
--disable-dependency-tracking \\\
|
|
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
|
|
--prefix=%{_prefix} \\\
|
|
--exec-prefix=%{_exec_prefix} \\\
|
|
--bindir=%{_bindir} \\\
|
|
--sbindir=%{_sbindir} \\\
|
|
--sysconfdir=%{_sysconfdir} \\\
|
|
--datadir=%{_datadir} \\\
|
|
--includedir=%{_includedir} \\\
|
|
--libdir=%{_libdir} \\\
|
|
--libexecdir=%{_libexecdir} \\\
|
|
--localstatedir=%{_localstatedir} \\\
|
|
--sharedstatedir=%{_sharedstatedir} \\\
|
|
--mandir=%{_mandir} \\\
|
|
--infodir=%{_infodir}
|
|
|
|
#==============================================================================
|
|
# ---- Build policy macros.
|
|
#
|
|
#
|
|
#---------------------------------------------------------------------
|
|
# Expanded at beginning of %install scriptlet.
|
|
#
|
|
|
|
%__spec_install_pre %{___build_pre}\
|
|
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
|
|
mkdir -p "`dirname "$RPM_BUILD_ROOT"`"\
|
|
mkdir "$RPM_BUILD_ROOT"\
|
|
%{nil}
|
|
|
|
#---------------------------------------------------------------------
|
|
# Expanded at end of %install scriptlet.
|
|
#
|
|
|
|
%__arch_install_post /usr/lib/rpm/check-buildroot
|
|
|
|
# Build root policy macros. Standard naming:
|
|
# convert all '-' in basename to '_', add two leading underscores.
|
|
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
|
|
%__brp_compress /usr/lib/rpm/brp-compress
|
|
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
|
|
%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
|
|
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
|
|
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
|
|
%__brp_check_rpaths /usr/lib/rpm/check-rpaths
|
|
# __brp_mangle_shebangs_exclude - shebangs to exclude
|
|
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
|
|
# __brp_mangle_shebangs_exclude_from - files to ignore
|
|
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
|
|
%__brp_mangle_shebangs /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
|
|
|
|
%__brp_llvm_compile_lto_elf /usr/lib/rpm/redhat/brp-llvm-compile-lto-elf %{build_cflags} %{build_ldflags}
|
|
|
|
# note: %%__os_install_post_python is defined in python-srpm-macros and contains several policies
|
|
# redhat-rpm-config maintainers, don't remove it from %%__os_install_post unless coordinating the change with Python maintainers
|
|
# packagers, don't undefine the entire macro, see the individual macros in /usr/lib/rpm/macros.d/macros.python-srpm
|
|
|
|
%__os_install_post \
|
|
%[ "%{toolchain}" == "clang" ? "%{?__brp_llvm_compile_lto_elf}" : "%{nil}" ] \
|
|
%{?__brp_ldconfig} \
|
|
%{?__brp_compress} \
|
|
%{!?__debug_package:\
|
|
%{?__brp_strip} \
|
|
%{?__brp_strip_comment_note} \
|
|
} \
|
|
%{?__brp_strip_lto} \
|
|
%{?__brp_strip_static_archive} \
|
|
%{?__brp_check_rpaths} \
|
|
%{?__brp_mangle_shebangs} \
|
|
%{?__os_install_post_python} \
|
|
%{nil}
|
|
|
|
%__spec_install_post\
|
|
%{?__debug_package:%{__debug_install_post}}\
|
|
%{__arch_install_post}\
|
|
%{__os_install_post}\
|
|
%{nil}
|
|
|
|
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
|
|
%%install\
|
|
%{nil}
|
|
|
|
#
|
|
# Should missing buildids terminate a build?
|
|
%_missing_build_ids_terminate_build 1
|
|
|
|
# Use SHA-256 for FILEDIGESTS instead of default MD5
|
|
%_source_filedigest_algorithm 8
|
|
%_binary_filedigest_algorithm 8
|
|
|
|
# Use Zstandard compression for binary payloads
|
|
%_binary_payload w19.zstdio
|
|
|
|
%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
|
|
%_hardening_clang_cflags --config /usr/lib/rpm/redhat/redhat-hardened-clang.cfg
|
|
%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} -fstack-protector-strong
|
|
# we don't escape symbols '~', '"', etc. so be careful when changing this
|
|
%_hardening_ldflags -Wl,-z,now %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld" : "" ]
|
|
|
|
# Harden packages by default for Fedora 23+:
|
|
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
|
|
# Use "%undefine _hardened_build" to disable.
|
|
%_hardened_build 1
|
|
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
|
|
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
|
|
|
|
# Add extra information to binary objects created by the compiler:
|
|
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
|
|
# ...except on armv7hl, which has an issue whose root-cause isn't
|
|
# clear yet: https://bugzilla.redhat.com/show_bug.cgi?id=1951492
|
|
# Use "%undefine _annotated_build" to disable.
|
|
%_annotated_build 1
|
|
%_annobin_gcc_plugin -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
|
|
# The annobin plugin is not built for clang yet
|
|
%_annobin_clang_plugin %dnl-fplugin=/usr/lib64/clang/`clang -dumpversion`/lib/annobin.so
|
|
%_annotation_plugin %{?_annotated_build:%{expand:%%{_annobin_%{toolchain}_plugin}}}
|
|
%_annotation_cflags %[ "%{_target_cpu}" == "armv7hl" ? "" : "%{_annotation_plugin}" ]
|
|
|
|
|
|
# Fail linking if there are undefined symbols. Required for proper
|
|
# ELF symbol versioning support. Disabled by default.
|
|
# Use "%define _ld_strict_symbol_defs 1" to enable.
|
|
#%_ld_strict_symbol_defs 1
|
|
%_ld_symbols_flags %{?_ld_strict_symbol_defs:-Wl,-z,defs}
|
|
|
|
# https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
|
|
# use "%undefine _ld_as_needed" to disable.
|
|
%_ld_as_needed 1
|
|
%_ld_as_needed_flags %{?_ld_as_needed:-Wl,--as-needed}
|
|
|
|
# LTO is the default in Fedora.
|
|
# "%define _lto_cflags %{nil}" to opt out
|
|
#
|
|
# We currently have -ffat-lto-objects turned on out of an abundance of
|
|
# caution. To remove it we need to do a check of the installed .o/.a files
|
|
# to verify they have real sections/symbols after LTO stripping. That
|
|
# way we can detect installing an unusable .o/.a file. This is on the TODO
|
|
# list for F34.
|
|
%_gcc_lto_cflags -flto=auto -ffat-lto-objects
|
|
%_clang_lto_cflags -flto
|
|
%_lto_cflags %{expand:%%{_%{toolchain}_lto_cflags}}
|
|
|
|
%_general_options -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
|
|
%_warning_options -Wall -Werror=format-security
|
|
%_preprocessor_defines -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
|
|
|
|
# Common variables are no longer generated by default by gcc and clang
|
|
# If they are needed then add "%define _legacy_common_support 1" to the spec file.
|
|
%_legacy_options %{?_legacy_common_support: -fcommon}
|
|
|
|
%__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} %{_annotation_cflags} %{_legacy_options}
|
|
|
|
# Automatically trim changelog entries after 2 years
|
|
%_changelog_trimage %{expr:2*365*24*60*60}
|
|
|
|
#==============================================================================
|
|
# ---- Generic auto req/prov filtering macros
|
|
#
|
|
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
|
|
|
|
# prevent anything matching from being scanned for provides
|
|
%filter_provides_in(P) %{expand: \
|
|
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
|
|
}
|
|
|
|
# prevent anything matching from being scanned for requires
|
|
%filter_requires_in(P) %{expand: \
|
|
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
|
|
}
|
|
|
|
# filter anything matching out of the provides stream
|
|
%filter_from_provides() %{expand: \
|
|
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
|
|
}
|
|
|
|
# filter anything matching out of the requires stream
|
|
%filter_from_requires() %{expand: \
|
|
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
|
|
}
|
|
|
|
# actually set up the filtering bits
|
|
%filter_setup %{expand: \
|
|
%global _use_internal_dependency_generator 0 \
|
|
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
|
|
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
|
|
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
|
|
}
|