redhat-rpm-config/macros
Stephen Gallagher 9e10bb665e
Disable frame pointers on ELN and RHEL
RHEL does not intend to enable frame pointers at this time, and any
change will be done so based on a variety of inputs including the data
from Fedora.  Disable them for ELN to set proper expectations.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-01-12 10:36:47 -05:00

424 lines
18 KiB
Plaintext

# Per-platform rpm configuration file.
#==============================================================================
# ---- per-platform macros.
#
%_vendor redhat
%_os linux
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
#==============================================================================
# ---- configure macros. note that most of these are inherited
# from the defaults.
#
%_localstatedir /var
%_runstatedir /run
%_pkgdocdir %{_docdir}/%{name}
%_docdir_fmt %%{NAME}
%_fmoddir %{_libdir}/gfortran/modules
%source_date_epoch_from_changelog 1
%clamp_mtime_to_source_date_epoch %source_date_epoch_from_changelog
%_enable_debug_packages 1
%_include_minidebuginfo 1
%_include_gdb_index 1
%_debugsource_packages 1
%_debuginfo_subpackages 1
# GCC toolchain
%__cc_gcc gcc
%__cxx_gcc g++
%__cpp_gcc gcc -E
# Clang toolchain
%__cc_clang clang
%__cxx_clang clang++
%__cpp_clang clang-cpp
# Default to the GCC toolchain
%toolchain gcc
%__cc %{expand:%%{__cc_%{toolchain}}}
%__cxx %{expand:%%{__cxx_%{toolchain}}}
%__cpp %{expand:%%{__cpp_%{toolchain}}}
# Compiler macros to use for invoking compilers in spec files for packages that
# want to use the default compiler and don't care which compiler that is.
%build_cc %{__cc}
%build_cxx %{__cxx}
%build_cpp %{__cpp}
#==============================================================================
# ---- compiler flags.
# C compiler flags. This is traditionally called CFLAGS in makefiles.
# Historically also available as %%{optflags}, and %%build sets the
# environment variable RPM_OPT_FLAGS to this value.
%build_cflags %{optflags}
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
%build_cxxflags %{optflags}
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
# the corresponding variable names.
%build_fflags %{optflags} -I%{_fmoddir}
# Vala compiler flags. This is used to set VALAFLAGS.
%build_valaflags -g
# When clang is used as a linker driver, it does not auto-detect the LTO
# bytecode and neither does bfd, so we need to explicitly pass the -flto
# flag when linking.
%_clang_extra_ldflags %{?_lto_cflags} -fno-openmp-implicit-rpath
# Link editor flags. This is usually called LDFLAGS in makefiles.
# (Some makefiles use LFLAGS instead.) The default value assumes that
# the flags, while intended for ld, are still passed through the gcc
# compiler driver. At the beginning of %%build, the environment
# variable RPM_LD_FLAGS to this value.
%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} %{_annotation_ldflags} %[ "%{toolchain}" == "clang" ? "%{?_clang_extra_ldflags}" : "" ] %{_build_id_flags} %{?_package_note_flags}
# Expands to shell code to set the compiler/linker environment
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, VALAFLAGS, LDFLAGS if they
# have not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
# been set implicitly at the start of the %%build section.
# LT_SYS_LIBRARY_PATH is used by libtool script.
%set_build_flags \
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
VALAFLAGS="${VALAFLAGS:-%{build_valaflags}}" ; export VALAFLAGS ; \
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH ; \
CC="${CC:-%{__cc}}" ; export CC ; \
CXX="${CXX:-%{__cxx}}" ; export CXX
# Automatically use set_build_flags macro for build, check, and
# install phases.
# Use "%undefine _auto_set_build_flags" to disable"
%_auto_set_build_flags 1
%__spec_build_pre %{___build_pre} \
%{?_auto_set_build_flags:%{set_build_flags}} \
%{?_generate_package_note_file}
%__spec_check_pre %{___build_pre} \
%{?_auto_set_build_flags:%{set_build_flags}} \
%{?_generate_package_note_file}
# Internal-only. Do not use. Expand a variable and strip the flags
# not suitable to extension builders.
%__extension_strip_flags() %{lua:
local name = rpm.expand("%{1}")
local value = " " .. rpm.expand("%{build_" .. name .. "}")
local specs_pattern = "%s+-specs=[^%s]+"
local lto_flags_pattern = rpm.expand("%{?_lto_cflags}"):gsub("[%-%.]", "%%%1")
local package_note_flags_pattern = "%-Wl,%S*package_note%S*"
local result = value:gsub(specs_pattern, " "):gsub(lto_flags_pattern, ""):gsub(package_note_flags_pattern, "")
print(result)
}
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
# extension builders.
%extension_cflags %{__extension_strip_flags cflags}
%extension_cxxflags %{__extension_strip_flags cxxflags}
%extension_fflags %{__extension_strip_flags fflags}
%extension_ldflags %{__extension_strip_flags ldflags}
# Deprecated names. For backwards compatibility only.
%__global_cflags %{build_cflags}
%__global_cxxflags %{build_cxxflags}
%__global_fflags %{build_fflags}
%__global_fcflags %{build_fflags}
%__global_ldflags %{build_ldflags}
# Architecture-specific support. Internal. Do not use directly.
%__cflags_arch_x86_64 %[0%{?rhel} >= 9 ? "-march=x86-64-v2" : ""]
# Also used for s390.
%__cflags_arch_s390x %[0%{?rhel} >= 9 ? "-march=z14 -mtune=z15" : "-march=z13 -mtune=z14"]
%__cflags_arch_ppc64le %[0%{?rhel} >= 9 ? "-mcpu=power9 -mtune=power9" : "-mcpu=power8 -mtune=power8"]
#==============================================================================
# ---- configure and makeinstall.
#
%_configure_gnuconfig_hack 1
%_configure_libtool_hardening_hack 1
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
# to be added to the list of options passed to the configure script.
# Eventually we'll want to turn this on by default, but this gives packagers a
# way to turn it back off.
# %_configure_disable_silent_rules 1
# Pass --runstatedir to configure.
%_configure_use_runstatedir 1
# This fixes various easy resolved configure tests that are compromised by LTO.
#
# We use this within the standard %configure macro, but also make it available
# for packages which don't use %configure
#
# The first three are common ways to test for the existence of a function, so
# we ensure the reference to the function is preserved
#
# The fourth are constants used to then try to generate NaNs and other key
# floating point numbers. We then use those special FP numbers to try and
# raise a SIGFPE. By declaring x & y volatile we prevent the optimizers
# from removing the computation
#
# The fifth (and worst) addresses problems with autoconf/libtool's approach
# to extracting symbols from .o files and generating C code. In an LTO world
# types matter much more closely and you can't have an object in one context
# that is a function definition and a simple scalar variable in another.
# Thankfully HP-UX has always had that restriction and is supported by
# autoconf/libtool. The insane sed script replaces the "generic" code with
# the HP-UX version.
#
# If we do not make changes, we put the original file back. This avoids
# unnecessary rebuilds of things that may have dependencies on the configure
# files.
#
%_fix_broken_configure_for_lto \
for file in $(find . -type f -name configure -print); do \
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\) = /__attribute__ ((used)) char (*f) () = /g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\);/__attribute__ ((used)) char (*f) ();/g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} -r --in-place=.backup 's/^char \\$2 \\(\\);/__attribute__ ((used)) char \\$2 ();/g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} --in-place=.backup '1{$!N;$!N};$!N;s/int x = 1;\\nint y = 0;\\nint z;\\nint nan;/volatile int x = 1; volatile int y = 0; volatile int z, nan;/;P;D' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} --in-place=.backup 's#^lt_cv_sys_global_symbol_to_cdecl=.*#lt_cv_sys_global_symbol_to_cdecl="sed -n -e '"'"'s/^T .* \\\\(.*\\\\)$/extern int \\\\1();/p'"'"' -e '"'"'s/^$symcode* .* \\\\(.*\\\\)$/extern char \\\\1;/p'"'"'"#' $file; \
diff -u $file.backup $file && mv $file.backup $file \
done
%configure \
%{set_build_flags}; \
[ "%{_lto_cflags}"x != x ] && %{_fix_broken_configure_for_lto}; \
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
done ; \
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
for i in $(find . -name ltmain.sh) ; do \
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
done ; \
%{_configure} --build=%{_build} --host=%{_host} \\\
--program-prefix=%{?_program_prefix} \\\
--disable-dependency-tracking \\\
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
--prefix=%{_prefix} \\\
--exec-prefix=%{_exec_prefix} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--sysconfdir=%{_sysconfdir} \\\
--datadir=%{_datadir} \\\
--includedir=%{_includedir} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--localstatedir=%{_localstatedir} \\\
%{?_configure_use_runstatedir:$(grep -q "runstatedir=DIR" %{_configure} && echo '--runstatedir=%{_runstatedir}')} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir}
#==============================================================================
# ---- Build policy macros.
#
#
#---------------------------------------------------------------------
# Expanded at beginning of %install scriptlet.
#
%__spec_install_pre %{___build_pre}\
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
mkdir -p "`dirname "$RPM_BUILD_ROOT"`"\
mkdir "$RPM_BUILD_ROOT"\
%{?_auto_set_build_flags:%{set_build_flags}}\
%{nil}
#---------------------------------------------------------------------
# Expanded at end of %install scriptlet.
#
%__arch_install_post /usr/lib/rpm/check-buildroot
# Build root policy macros. Standard naming:
# convert all '-' in basename to '_', add two leading underscores.
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
%__brp_compress /usr/lib/rpm/brp-compress
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
%__brp_check_rpaths /usr/lib/rpm/check-rpaths
# __brp_mangle_shebangs_exclude - shebangs to exclude
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
# __brp_mangle_shebangs_exclude_from - files to ignore
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
%__brp_mangle_shebangs /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
%__brp_llvm_compile_lto_elf /usr/lib/rpm/redhat/brp-llvm-compile-lto-elf %{build_cflags} %{build_ldflags}
# note: %%__os_install_post_python is defined in python-srpm-macros and contains several policies
# redhat-rpm-config maintainers, don't remove it from %%__os_install_post unless coordinating the change with Python maintainers
# packagers, don't undefine the entire macro, see the individual macros in /usr/lib/rpm/macros.d/macros.python-srpm
%__os_install_post \
%{?__brp_ldconfig} \
%{?__brp_compress} \
%{!?__debug_package:\
%{?__brp_strip} \
%{?__brp_strip_comment_note} \
} \
%{?__brp_strip_lto} \
%{?__brp_strip_static_archive} \
%{?__brp_check_rpaths} \
%{?__brp_mangle_shebangs} \
%{?__brp_remove_la_files} \
%{__os_install_post_python} \
%{nil}
%__spec_install_post\
%[ "%{toolchain}" == "clang" ? "%{?__brp_llvm_compile_lto_elf}" : "%{nil}" ] \
%{?__debug_package:%{__debug_install_post}}\
%{__arch_install_post}\
%{__os_install_post}\
%{nil}
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
%%install\
%{nil}
#
# Should missing buildids terminate a build?
%_missing_build_ids_terminate_build 1
# Use SHA-256 for FILEDIGESTS instead of default MD5
%_source_filedigest_algorithm 8
%_binary_filedigest_algorithm 8
# Use Zstandard compression for binary payloads
%_binary_payload w19.zstdio
%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
%_hardening_clang_cflags --config /usr/lib/rpm/redhat/redhat-hardened-clang.cfg
%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} -fstack-protector-strong
# we don't escape symbols '~', '"', etc. so be careful when changing this
%_hardening_ldflags -Wl,-z,now %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld" : "" ]
# Harden packages by default for Fedora 23+:
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
# Use "%undefine _hardened_build" to disable.
%_hardened_build 1
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
# Add extra information to binary objects created by the compiler:
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
# ...except on armv7hl, which has an issue whose root-cause isn't
# clear yet: https://bugzilla.redhat.com/show_bug.cgi?id=1951492
# Use "%undefine _annotated_build" to disable.
%_annotated_build 1
%_annobin_gcc_plugin -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
# The annobin plugin is not built for clang yet
%_annobin_clang_plugin %dnl-fplugin=/usr/lib64/clang/`clang -dumpversion`/lib/annobin.so
%_annotation_plugin %{?_annotated_build:%{expand:%%{_annobin_%{toolchain}_plugin}}}
%_annotation_cflags %[ "%{_target_cpu}" == "armv7hl" ? "" : "%{_annotation_plugin}" ]
%_annotation_ldflags %{?_lto_cflags:%{_annotation_cflags}}
# Use the remove-section option to force the find-debuginfo script
# to move the annobin notes into the separate debuginfo file.
%_find_debuginfo_extra_opts %{?_annotated_build:--remove-section .gnu.build.attributes}
# Include frame pointer information by default, except on RHEL
# https://fedoraproject.org/wiki/Changes/fno-omit-frame-pointer
# Use "%undefine _include_frame_pointers" to disable.
%_include_frame_pointers %{undefined rhel}
%_frame_pointers_cflags %[ 0%{?_include_frame_pointers} ? "-fno-omit-frame-pointer" : "" ]
%_frame_pointers_cflags_x86_64 %[ 0%{?_include_frame_pointers} ? "-mno-omit-leaf-frame-pointer" : "" ]
%_frame_pointers_cflags_aarch64 %[ 0%{?_include_frame_pointers} ? "-mno-omit-leaf-frame-pointer" : "" ]
%_frame_pointers_cflags_s390x %[ 0%{?_include_frame_pointers} ? "-mbackchain" : "" ]
# Fail linking if there are undefined symbols. Required for proper
# ELF symbol versioning support. Disabled by default.
# Use "%define _ld_strict_symbol_defs 1" to enable.
#%_ld_strict_symbol_defs 1
%_ld_symbols_flags %{?_ld_strict_symbol_defs:-Wl,-z,defs}
# https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
# use "%undefine _ld_as_needed" to disable.
%_ld_as_needed 1
%_ld_as_needed_flags %{?_ld_as_needed:-Wl,--as-needed}
# LTO is the default in Fedora.
# "%define _lto_cflags %{nil}" to opt out
#
# We currently have -ffat-lto-objects turned on out of an abundance of
# caution. To remove it we need to do a check of the installed .o/.a files
# to verify they have real sections/symbols after LTO stripping. That
# way we can detect installing an unusable .o/.a file. This is on the TODO
# list for F34.
%_gcc_lto_cflags -flto=auto -ffat-lto-objects
%_clang_lto_cflags -flto
%_lto_cflags %{expand:%%{_%{toolchain}_lto_cflags}}
# Default fortification level.
# "%define _fortify_level 2" to downgrade and
# "%define _fortify_level 0" or "%undefine _fortify_level" to disable
%_fortify_level 3
%_fortify_level_flags %[ 0%{?_fortify_level} > 0 ? "-U_FORTIFY_SOURCE -Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=%{_fortify_level}" : "" ]
# Some linkers default to a build-id algoritim that is not supported by rpmbuild,
# so we need to specify the right algorithm to use.
%_build_id_flags -Wl,--build-id=sha1
%_general_options -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
%_warning_options -Wall -Werror=format-security
%_preprocessor_defines %{_fortify_level_flags} -Wp,-D_GLIBCXX_ASSERTIONS
# Common variables are no longer generated by default by gcc and clang
# If they are needed then add "%define _legacy_common_support 1" to the spec file.
%_legacy_options %{?_legacy_common_support: -fcommon}
%__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} %{_annotation_cflags} %{_legacy_options}
# Automatically trim changelog entries after 2 years
%_changelog_trimage %{expr:2*365*24*60*60}
#==============================================================================
# ---- Generic auto req/prov filtering macros
#
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
# prevent anything matching from being scanned for provides
%filter_provides_in(P) %{expand: \
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
}
# prevent anything matching from being scanned for requires
%filter_requires_in(P) %{expand: \
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
}
# filter anything matching out of the provides stream
%filter_from_provides() %{expand: \
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
}
# filter anything matching out of the requires stream
%filter_from_requires() %{expand: \
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
}
# actually set up the filtering bits
%filter_setup %{expand: \
%global _use_internal_dependency_generator 0 \
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
}