commit
29edb329c7
@ -0,0 +1,20 @@
|
||||
#! /bin/bash -f
|
||||
|
||||
## A counterpart of brp-kmod-set-exec-bits that restores original kmod
|
||||
## file permissions
|
||||
|
||||
# If using normal root, avoid changing anything.
|
||||
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/" ] || exit 0
|
||||
|
||||
# Checking for required programs
|
||||
which chmod >/dev/null || exit 0
|
||||
|
||||
[ -r "$RPM_BUILD_ROOT/kmod-permissions.list" ] || exit 0
|
||||
|
||||
while read perm path; do
|
||||
[ -n "$perm" ] || continue
|
||||
|
||||
chmod "$perm" "$RPM_BUILD_ROOT/$path"
|
||||
done < "$RPM_BUILD_ROOT/kmod-permissions.list"
|
||||
|
||||
rm -f "$RPM_BUILD_ROOT/kmod-permissions.list"
|
@ -0,0 +1,14 @@
|
||||
#! /bin/bash -fx
|
||||
|
||||
## A hack for making brp-strip taking into account kmod files
|
||||
|
||||
# If using normal root, avoid changing anything.
|
||||
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/" ] || exit 0
|
||||
|
||||
# Checking for required programs
|
||||
which find chmod >/dev/null || exit 0
|
||||
|
||||
find "$RPM_BUILD_ROOT" \
|
||||
-name '*.ko' \
|
||||
-printf '%#m %P\n' \
|
||||
-exec chmod u+x '{}' \; > "$RPM_BUILD_ROOT/kmod-permissions.list"
|
@ -0,0 +1,10 @@
|
||||
#!/bin/sh -f
|
||||
# Force creating of DSO symlinks.
|
||||
|
||||
# If using normal root, avoid changing anything.
|
||||
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
/sbin/ldconfig -N -r "$RPM_BUILD_ROOT"
|
||||
# TODO: warn if it created new symlinks and guide people.
|
@ -0,0 +1,167 @@
|
||||
#!/bin/bash
|
||||
|
||||
# If using normal root, avoid changing anything.
|
||||
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
exclude_files=""
|
||||
exclude_files_from=""
|
||||
exclude_shebangs=""
|
||||
exclude_shebangs_from=""
|
||||
|
||||
usage() {
|
||||
local verbose=$1 && shift
|
||||
local outfile=$1 && shift
|
||||
local status=$1 && shift
|
||||
|
||||
(
|
||||
echo 'usage: brp-mangle-shebangs [--files <regexp>] [--files-from <file>] [--shebangs <regexp>] [--shebangs-from <file>]'
|
||||
if [ "${verbose}" == "yes" ]; then
|
||||
echo ' --files: extended regexp of files to ignore'
|
||||
echo ' --files-from: file containing a list of extended regexps of files to ignore'
|
||||
echo ' --shebangs: extended regexp of shebangs to ignore'
|
||||
echo ' --shebangs-from: file containing a list of extended regexps of shebangs to ignore'
|
||||
fi
|
||||
) >>${outfile}
|
||||
exit ${status}
|
||||
}
|
||||
|
||||
while [ $# -gt 0 ] ; do
|
||||
case "$1" in
|
||||
--files)
|
||||
exclude_files="${2}"
|
||||
shift
|
||||
;;
|
||||
--files=*)
|
||||
exclude_files="${1##--files=}"
|
||||
;;
|
||||
--files-from)
|
||||
exclude_files_from="${2}"
|
||||
shift
|
||||
;;
|
||||
--files-from=*)
|
||||
exclude_files_from="${1##--files-from=}"
|
||||
;;
|
||||
--shebangs)
|
||||
exclude_shebangs="${2}"
|
||||
shift
|
||||
;;
|
||||
--shebangs=*)
|
||||
exclude_shebangs="${1##--shebangs=}"
|
||||
;;
|
||||
--shebangs-from)
|
||||
exclude_shebangs_from="${2}"
|
||||
shift
|
||||
;;
|
||||
--shebangs-from=*)
|
||||
exclude_shebangs_from="${1##--shebangs-from=}"
|
||||
;;
|
||||
--help|--usage|"-?"|-h)
|
||||
usage yes /dev/stdout 0
|
||||
;;
|
||||
*)
|
||||
echo "Unknown option \"${1}\"" 1>&2
|
||||
usage no /dev/stderr 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
cd "$RPM_BUILD_ROOT"
|
||||
|
||||
# Large packages such as kernel can have thousands of executable files.
|
||||
# We take care to not fork/exec thousands of "file"s and "grep"s,
|
||||
# but run just two of them.
|
||||
# (Take care to exclude filenames which would mangle "file" output).
|
||||
find -executable -type f ! -path '*:*' ! -path $'*\n*' \
|
||||
| file -N --mime-type -f - \
|
||||
| grep -P ".+(?=: text/)" \
|
||||
| {
|
||||
fail=0
|
||||
while IFS= read -r line; do
|
||||
f=${line%%:*}
|
||||
|
||||
# Remove the dot
|
||||
path="${f#.}"
|
||||
|
||||
if [ -n "$exclude_files" ]; then
|
||||
echo "$path" | grep -q -E "$exclude_files" && continue
|
||||
fi
|
||||
if [ -n "$exclude_files_from" ]; then
|
||||
echo "$path" | grep -q -E -f "$exclude_files_from" && continue
|
||||
fi
|
||||
|
||||
|
||||
if ! read shebang_line < "$f"; then
|
||||
echo >&2 "*** WARNING: Cannot read the first line from $f, removing executable bit"
|
||||
ts=$(stat -c %y "$f")
|
||||
chmod -x "$f"
|
||||
touch -d "$ts" "$f"
|
||||
continue
|
||||
fi
|
||||
|
||||
orig_shebang="${shebang_line#\#!}"
|
||||
if [ "$orig_shebang" = "$shebang_line" ]; then
|
||||
echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit"
|
||||
ts=$(stat -c %y "$f")
|
||||
chmod -x "$f"
|
||||
touch -d "$ts" "$f"
|
||||
continue
|
||||
fi
|
||||
|
||||
# Trim spaces
|
||||
while shebang="${orig_shebang// / }"; [ "$shebang" != "$orig_shebang" ]; do
|
||||
orig_shebang="$shebang"
|
||||
done
|
||||
# Treat "#! /path/to " as "#!/path/to"
|
||||
orig_shebang="${orig_shebang# }"
|
||||
|
||||
shebang="$orig_shebang"
|
||||
|
||||
if [ -z "$shebang" ]; then
|
||||
echo >&2 "*** WARNING: $f is executable but has empty shebang, removing executable bit"
|
||||
ts=$(stat -c %y "$f")
|
||||
chmod -x "$f"
|
||||
touch -d "$ts" "$f"
|
||||
continue
|
||||
fi
|
||||
if [ -n "${shebang##/*}" ]; then
|
||||
echo >&2 "*** ERROR: $f has shebang which doesn't start with '/' ($shebang)"
|
||||
fail=1
|
||||
continue
|
||||
fi
|
||||
|
||||
if ! { echo "$shebang" | grep -q -P "^/(?:usr/)?(?:bin|sbin)/"; }; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# Replace "special" env shebang:
|
||||
# /whatsoever/env /whatever/foo → /whatever/foo
|
||||
shebang=$(echo "$shebang" | sed -r -e 's@^(.+)/env /(.+)$@/\2@')
|
||||
# /whatsoever/env foo → /whatsoever/foo
|
||||
shebang=$(echo "$shebang" | sed -r -e 's@^(.+/)env (.+)$@\1\2@')
|
||||
|
||||
# Replace python3 with the desired Python 3 shebang,
|
||||
# if passed as an non-empty environment variable PYTHON3
|
||||
if [ -n "${PYTHON3:+x}" ]; then
|
||||
shebang=$(echo "$shebang" | sed -r -e "s@/usr/bin/python3(\s|$)@${PYTHON3}\1@")
|
||||
fi
|
||||
|
||||
# Replace ambiguous python with python2
|
||||
py_shebang=$(echo "$shebang" | sed -r -e 's@/usr/bin/python(\s|$)@/usr/bin/python2\1@')
|
||||
|
||||
if [ "$shebang" != "$py_shebang" ]; then
|
||||
echo >&2 "*** ERROR: ambiguous python shebang in $path: #!$orig_shebang. Change it to python3 (or python2) explicitly."
|
||||
fail=1
|
||||
elif [ "#!$shebang" != "#!$orig_shebang" ]; then
|
||||
echo "mangling shebang in $path from $orig_shebang to #!$shebang"
|
||||
ts=$(stat -c %y "$f")
|
||||
sed -i -e "1c #!$shebang" "$f"
|
||||
touch -d "$ts" "$f"
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
exit $fail
|
||||
}
|
@ -0,0 +1,442 @@
|
||||
This document contains documentation of the individual compiler flags
|
||||
and how to use them.
|
||||
|
||||
[TOC]
|
||||
|
||||
# Using RPM build flags
|
||||
|
||||
For packages which use autoconf to set up the build environment, use
|
||||
the `%configure` macro to obtain the full complement of flags, like
|
||||
this:
|
||||
|
||||
%configure
|
||||
|
||||
This will invoke the `./configure` with arguments (such as
|
||||
`--prefix=/usr`) to adjust the paths to the packaging defaults.
|
||||
Prior to that, some common problems in autotools scripts are
|
||||
automatically patched across the source tree.
|
||||
|
||||
As a side effect, this will set the environment variables `CFLAGS`,
|
||||
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by
|
||||
makefiles and other build tools. (However, existing values for this
|
||||
variables are not overwritten.)
|
||||
|
||||
If your package does not use autoconf, you can still set the same
|
||||
environment variables using
|
||||
|
||||
%set_build_flags
|
||||
|
||||
early in the `%build` section. (Again, existing environment variables
|
||||
are not overwritten.) `%set_build_flags` does not perform autotools
|
||||
script rewriting, unlike `%configure`.
|
||||
|
||||
Individual build flags are also available through RPM macros:
|
||||
|
||||
* `%{build_cflags}` for the C compiler flags (also known as the
|
||||
`CFLAGS` variable). Also historically available as `%{optflags}`.
|
||||
Furthermore, at the start of the `%build` section, the environment
|
||||
variable `RPM_OPT_FLAGS` is set to this value.
|
||||
* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
|
||||
the `CXXFLAGS` shell variable).
|
||||
* `%{build_fflags} for `FFLAGS` (the Fortran compiler flags, also
|
||||
known as the `FCFLAGS` variable).
|
||||
* `%{build_ldflags}` for the link editor (ld) flags, usually known as
|
||||
`LDFLAGS`. Note that the contents quotes linker arguments using
|
||||
`-Wl`, so this variable is intended for use with the `gcc` compiler
|
||||
driver. At the start of the `%build` section, the environment
|
||||
variable `RPM_LD_FLAGS` is set to this value.
|
||||
|
||||
These RPM macros do not alter shell environment variables.
|
||||
|
||||
For some other build tools separate mechanisms exist:
|
||||
|
||||
* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
|
||||
package.
|
||||
|
||||
Care must be taking not to compile the current selection of compiler
|
||||
flags into any RPM package besides `redhat-rpm-config`, so that flag
|
||||
changes are picked up automatically once `redhat-rpm-config` is
|
||||
updated.
|
||||
|
||||
# Flag selection for the build type
|
||||
|
||||
The default flags are suitable for building applications.
|
||||
|
||||
For building shared objects, you must compile with `-fPIC` in
|
||||
(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
|
||||
|
||||
For other considerations involving shared objects, see:
|
||||
|
||||
* [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)
|
||||
|
||||
# Customizing compiler and other build flags
|
||||
|
||||
It is possible to set RPM macros to change some aspects of the
|
||||
compiler flags. Changing these flags should be used as a last
|
||||
recourse if other workarounds are not available.
|
||||
|
||||
### Disable autotools compatibility patching
|
||||
|
||||
By default, the invocation of the `%configure` macro replaces
|
||||
`config.guess` files in the source tree with the system version. To
|
||||
disable that, define this macro:
|
||||
|
||||
%global _configure_gnuconfig_hack 0
|
||||
|
||||
`%configure` also patches `ltmain.sh` scripts, so that linker flags
|
||||
are set as well during libtool-. This can be switched off using:
|
||||
|
||||
%global _configure_libtool_hardening_hack 0
|
||||
|
||||
### Lazy binding
|
||||
|
||||
If your package depends on the semantics of lazy binding (e.g., it has
|
||||
plugins which load additional plugins to complete their dependencies,
|
||||
before which some referenced functions are undefined), you should put
|
||||
`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
|
||||
which have such requirements. Under these circumstances, it is
|
||||
unnecessary to disable hardened builds (and thus lose full ASLR for
|
||||
executables), or link everything without `-Wl,z,now` (non-lazy
|
||||
binding).
|
||||
|
||||
### Hardened builds
|
||||
|
||||
By default, the build flags enable fully hardened builds. To change
|
||||
this, include this in the RPM spec file:
|
||||
|
||||
%undefine _hardened_build
|
||||
|
||||
This turns off certain hardening features, as described in detail
|
||||
below. The main difference is that executables will be
|
||||
position-dependent (no full ASLR) and use lazy binding.
|
||||
|
||||
### Annotated builds/watermarking
|
||||
|
||||
By default, the build flags cause a special output section to be
|
||||
included in ELF files which describes certain aspects of the build.
|
||||
To change this for all compiler invocations, include this in the RPM
|
||||
spec file:
|
||||
|
||||
%undefine _annotated_build
|
||||
|
||||
Be warned that this turns off watermarking, making it impossible to do
|
||||
full hardening coverage analysis for any binaries produced.
|
||||
|
||||
It is possible to disable annotations for individual compiler
|
||||
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
|
||||
the annobin plugin must still be loaded for this flag to be
|
||||
recognized, so it has to come after the hardening flags on the command
|
||||
line (it has to be added at the end of `CFLAGS`, or specified after
|
||||
the `CFLAGS` variable contents).
|
||||
|
||||
### Strict symbol checks in the link editor (ld)
|
||||
|
||||
Optionally, the link editor will refuse to link shared objects which
|
||||
contain undefined symbols. Such symbols lack symbol versioning
|
||||
information and can be bound to the wrong (compatibility) symbol
|
||||
version at run time, and not the actual (default) symbol version which
|
||||
would have been used if the symbol definition had been available at
|
||||
static link time. Furthermore, at run time, the dynamic linker will
|
||||
not have complete dependency information (in the form of DT_NEEDED
|
||||
entries), which can lead to errors (crashes) if IFUNC resolvers are
|
||||
executed before the shared object containing them is fully relocated.
|
||||
|
||||
To switch on these checks, define this macro in the RPM spec file:
|
||||
|
||||
%define _strict_symbol_defs_build 1
|
||||
|
||||
If this RPM spec option is active, link failures will occur if the
|
||||
linker command line does not list all shared objects which are needed.
|
||||
In this case, you need to add the missing DSOs (with linker arguments
|
||||
such as `-lm`). As a result, the link editor will also generated the
|
||||
necessary DT_NEEDED entries.
|
||||
|
||||
In some cases (such as when a DSO is loaded as a plugin and is
|
||||
expected to bind to symbols in the main executable), undefined symbols
|
||||
are expected. In this case, you can add
|
||||
|
||||
%undefine _strict_symbol_defs_build
|
||||
|
||||
to the RPM spec file to disable these strict checks. Alternatively,
|
||||
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
|
||||
command line). The latter needs binutils 2.29.1-12.fc28 or later.
|
||||
|
||||
### Post-build ELF object processing
|
||||
|
||||
By default, DWARF debugging information is separated from installed
|
||||
ELF objects and put into `-debuginfo` subpackages. To disable most
|
||||
debuginfo processing (and thus the generation of these subpackages),
|
||||
define `_enable_debug_packages` as `0`.
|
||||
|
||||
Processing of debugging information is controlled using the
|
||||
`find-debuginfo` tool from the `debugedit` package. Several aspects
|
||||
of its operation can be controlled at the RPM level.
|
||||
|
||||
* Creation of `-debuginfo` subpackages is enabled by default.
|
||||
To disable, undefine `_debuginfo_subpackages`.
|
||||
* Likewise, `-debugsource` subpackages are automatically created.
|
||||
To disable, undefine `_debugsource_subpackages`.
|
||||
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
|
||||
for background information.
|
||||
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
|
||||
`_unique_debug_srcs` control how debugging information and
|
||||
corresponding source files are represented on disk.
|
||||
See `/usr/lib/rpm/macros` for details. The defaults
|
||||
enable parallel installation of `-debuginfo` packages for
|
||||
different package versions, as described in
|
||||
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
|
||||
* By default, a compressed symbol table is preserved in the
|
||||
`.gnu_debugdata` section. To disable that, undefine
|
||||
`_include_minidebuginfo`.
|
||||
* To speed up debuggers, a `.gdb_index` section is created. It can be
|
||||
disabled by undefining `_include_gdb_index`.
|
||||
* Missing build IDs result in a build failure. To ignore such
|
||||
problems, undefine `_missing_build_ids_terminate_build`.
|
||||
* During processing, build IDs are recomputed to match the binary
|
||||
content. To skip this step, define `_no_recompute_build_ids` as `1`.
|
||||
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
|
||||
(DWARF compression) processing. Undefine this macro to disable this
|
||||
step.
|
||||
* Additional options can be passed by defining the
|
||||
`_find_debuginfo_opts` macro.
|
||||
|
||||
After separation of debugging information, additional transformations
|
||||
are applied, most of them also related to debugging information.
|
||||
These steps can be skipped by undefining the corresponding macros:
|
||||
|
||||
* `__brp_strip`: Removal of leftover debugging information. The tool
|
||||
specified by the `__strip` macro is invoked with the `-g` option on
|
||||
ELF object (`.o`) files.
|
||||
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
|
||||
processes static `.a` archives instead.
|
||||
* `__brp_strip_comment_note`: This step removes unallocated `.note`
|
||||
sections, and `.comment` sections from ELF files.
|
||||
* `__brp_ldconfig`: For each shared object on the library search path
|
||||
whose soname does not match its file name, a symbolic link from the
|
||||
soname to the file name is created. This way, these shared objects
|
||||
are loadable immediately after installation, even if they are not yet
|
||||
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
|
||||
invoked yet).
|
||||
|
||||
# Individual compiler flags
|
||||
|
||||
Compiler flags end up in the environment variables `CFLAGS`,
|
||||
`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
|
||||
|
||||
The general (architecture-independent) build flags are:
|
||||
|
||||
* `-O2`: Turn on various GCC optimizations. See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
|
||||
Optimization improves performance, the accuracy of warnings, and the
|
||||
reach of toolchain-based hardening, but it makes debugging harder.
|
||||
* `-g`: Generate debugging information (DWARF). In Fedora, this data
|
||||
is separated into `-debuginfo` RPM packages whose installation is
|
||||
optional, so debuging information does not increase the size of
|
||||
installed binaries by default.
|
||||
* `-pipe`: Run compiler and assembler in parallel and do not use a
|
||||
temporary file for the assembler input. This can improve
|
||||
compilation performance. (This does not affect code generation.)
|
||||
* `-Wall`: Turn on various GCC warnings.
|
||||
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
|
||||
* `-Werror=format-security`: Turn on format string warnings and treat
|
||||
them as errors.
|
||||
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
|
||||
This can occasionally result in compilation errors. In this case,
|
||||
the best option is to rewrite the source code so that only constant
|
||||
format strings (string literals) are used.
|
||||
* `-Wp,-D_FORTIFY_SOURCE=2`: Source fortification activates various
|
||||
hardening features in glibc:
|
||||
* String functions such as `memcpy` attempt to detect buffer lengths
|
||||
and terminate the process if a buffer overflow is detected.
|
||||
* `printf` format strings may only contain the `%n` format specifier
|
||||
if the format string resides in read-only memory.
|
||||
* `open` and `openat` flags are checked for consistency with the
|
||||
presence of a *mode* argument.
|
||||
* Plus other minor hardening changes.
|
||||
(These changes can occasionally break valid programs.)
|
||||
* `-fexceptions`: Provide exception unwinding support for C programs.
|
||||
See the [`-fexceptions` option in the GCC
|
||||
manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
|
||||
and the [`cleanup` variable
|
||||
attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
|
||||
This also hardens cancellation handling in C programs because
|
||||
it is not required to use an on-stack jump buffer to install
|
||||
a cancellation handler with `pthread_cleanup_push`. It also makes
|
||||
it possible to unwind the stack (using C++ `throw` or Rust panics)
|
||||
from C callback functions if a C library supports non-local exits
|
||||
from them (e.g., via `longjmp`).
|
||||
* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
|
||||
C++ standard library, such as bounds checking for the subscription
|
||||
operator on vectors. (This flag is added to both `CFLAGS` and
|
||||
`CXXFLAGS`; C compilations will simply ignore it.)
|
||||
* `-fstack-protector-strong`: Instrument functions to detect
|
||||
stack-based buffer overflows before jumping to the return address on
|
||||
the stack. The *strong* variant only performs the instrumentation
|
||||
for functions whose stack frame contains addressable local
|
||||
variables. (If the address of a variable is never taken, it is not
|
||||
possible that a buffer overflow is caused by incorrect pointer
|
||||
arithmetic involving a pointer to that variable.)
|
||||
* `-fstack-clash-protection`: Turn on instrumentation to avoid
|
||||
skipping the guard page in large stack frames. (Without this flag,
|
||||
vulnerabilities can result where the stack overlaps with the heap,
|
||||
or thread stacks spill into other regions of memory.) This flag is
|
||||
fully ABI-compatible and has adds very little run-time overhead.
|
||||
* `-grecord-gcc-switches`: Include select GCC command line switches in
|
||||
the DWARF debugging information. This is useful for detecting the
|
||||
presence of certain build flags and general hardening coverage.
|
||||
|
||||
For hardened builds (which are enabled by default, see above for how
|
||||
to disable them), the flag
|
||||
`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
|
||||
command line. It adds the following flag to the command line:
|
||||
|
||||
* `-fPIE`: Compile for a position-independent executable (PIE),
|
||||
enabling full address space layout randomization (ASLR). This is
|
||||
similar to `-fPIC`, but avoids run-time indirections on certain
|
||||
architectures, resulting in improved performance and slightly
|
||||
smaller executables. However, compared to position-dependent code
|
||||
(the default generated by GCC), there is still a measurable
|
||||
performance impact.
|
||||
|
||||
If the command line also contains `-r` (producing a relocatable
|
||||
object file), `-fpic` or `-fPIC`, this flag is automatically
|
||||
dropped. (`-fPIE` can only be used for code which is linked into
|
||||
the main program.) Code which goes into static libraries should be
|
||||
compiled with `-fPIE`, except when this code is expected to be
|
||||
linked into DSOs, when `-fPIC` must be used.
|
||||
|
||||
To be effective, `-fPIE` must be used with the `-pie` linker flag
|
||||
when producing an executable, see below.
|
||||
|
||||
To support [binary watermarks for ELF
|
||||
objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
|
||||
annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
|
||||
added by default. This can be switched off by undefining the
|
||||
`%_annotated_build` RPM macro (see above).
|
||||
|
||||
### Architecture-specific compiler flags
|
||||
|
||||
These compiler flags are enabled for all builds (hardened/annotated or
|
||||
not), but their selection depends on the architecture:
|
||||
|
||||
* `-fcf-protection`: Instrument binaries to guard against
|
||||
ROP/JOP attacks. Used on i686 and x86_64.
|
||||
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
|
||||
the same compilation. For such architectures, the RPM build process
|
||||
explicitly selects the architecture variant by passing this compiler
|
||||
flag.
|
||||
* `-fasynchronous-unwind-tables`: Generate full unwind information
|
||||
covering all program points. This is required for support of
|
||||
asynchronous cancellation and proper unwinding from signal
|
||||
handlers. It also makes performance and debugging tools more
|
||||
useful because unwind information is available without having to
|
||||
install (and load) debugging ienformation.
|
||||
Asynchronous unwind tables are enabled for aarch64, i686, s390x,
|
||||
and x86_64. They are not needed on ppc64le due
|
||||
to architectural differences in stack management. On these
|
||||
architectures, `-fexceptions` (see above) still enables regular
|
||||
unwind tables (or they are enabled by default even without this
|
||||
option).
|
||||
* `-funwind-tables`: A subset of the unwind information restricted
|
||||
to actual call sites. Used on ppc64le. Also implied by
|
||||
`-fexceptions`.
|
||||
|
||||
In addition, `redhat-rpm-config` re-selects the built-in default
|
||||
tuning in the `gcc` package. These settings are:
|
||||
|
||||
* **i686**: `-march=x86-64` is used to select a minimum supported
|
||||
CPU level matching the baseline for the x86_64 architecture.
|
||||
`-mtune=generic` activates tuning for a current blend of CPUs.
|
||||
`-mfpmath=sse` uses the SSE2 unit for floating point math,
|
||||
instead of the legacy i387 FPU, avoiding issues related to excess
|
||||
precision. `-mstackrealign` ensures that the generated code
|
||||
does not assume 16-byte stack alignment (as required by the current
|
||||
i386 ABI), but stays compatible with application code compiled
|
||||
before the introduction of 16-byte stack alignment along with SSE2
|
||||
support.
|
||||
* **ppc64le**: `-mcpu=power8 -mtune=power8` selects a minimum supported
|
||||
CPU level of POWER8 (the first CPU with ppc64le support) and tunes
|
||||
for POWER8.
|
||||
* **s390x**: `-march=z13 -mtune=z14` specifies a minimum supported CPU
|
||||
level of z13, while optimizing for a subsequent CPU generation
|
||||
(z14).
|
||||
* **x86_64**: `-mtune=generic` selects tuning which is expected to
|
||||
beneficial for a broad range of current CPUs.
|
||||
* **aarch64** does not have any architecture-specific tuning.
|
||||
|
||||
# Individual linker flags
|
||||
|
||||
Linker flags end up in the environment variable `LDFLAGS`.
|
||||
|
||||
The linker flags listed below are injected. Note that they are
|
||||
prefixed with `-Wl` because it is expected that these flags are passed
|
||||
to the compiler driver `gcc`, and not directly to the link editor
|
||||
`ld`.
|
||||
|
||||
* `-z relro`: Activate the *read-only after relocation* feature.
|
||||
Constant data and relocations are placed on separate pages, and the
|
||||
dynamic linker is instructed to revoke write permissions after
|
||||
dynamic linking. Full protection of relocation data requires the
|
||||
`-z now` flag (see below).
|
||||
* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
|
||||
(optional, see above).
|
||||
|
||||
For hardened builds, the
|
||||
`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the
|
||||
compiler driver command line. (This can be disabled by undefining the
|
||||
`%_hardened_build` macro; see above) This activates the following
|
||||
linker flags:
|
||||
|
||||
* `-pie`: Produce a PIE binary. This is only activated for the main
|
||||
executable, and only if it is dynamically linked. This requires
|
||||
that all objects which are linked in the main executable have been
|
||||
compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
|
||||
By itself, `-pie` has only a slight performance impact because it
|
||||
disables some link editor optimization, however the `-fPIE` compiler
|
||||
flag has some overhead.
|
||||
* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
|
||||
linker feature. Lazy binding involves an array of function pointers
|
||||
which is writable at run time (which could be overwritten as part of
|
||||
security exploits, redirecting execution). Therefore, it is
|
||||
preferable to turn of lazy binding, although it increases startup
|
||||
time.
|
||||
|
||||
# Support for extension builders
|
||||
|
||||
Some packages include extension builders that allow users to build
|
||||
extension modules (which are usually written in C and C++) under the
|
||||
control of a special-purpose build system. This is a common
|
||||
functionality provided by scripting languages such as Python and Perl.
|
||||
Traditionally, such extension builders captured the Fedora build flags
|
||||
when these extension were built. However, these compiler flags are
|
||||
adjusted for a specific Fedora release and toolchain version and
|
||||
therefore do not work with a custom toolchain (e.g., different C/C++
|
||||
compilers), and users might want to build their own extension modules
|
||||
with such toolchains.
|
||||
|
||||
The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
|
||||
`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
|
||||
flags that have been adjusted for compatibility with alternative
|
||||
toolchains, while still preserving some of the compile-time security
|
||||
hardening that the standard Fedora build flags provide.
|
||||
|
||||
The current set of differences are:
|
||||
|
||||
* No GCC plugins (such as annobin) are activated.
|
||||
* No GCC spec files (`-specs=` arguments) are used.
|
||||
|
||||
Additional flags may be removed in the future if they prove to be
|
||||
incompatible with alternative toolchains.
|
||||
|
||||
Extension builders should detect whether they are performing a regular
|
||||
RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable). In this
|
||||
case, they should use the *current* set of Fedora build flags (that
|
||||
is, the output from `rpm --eval '%{build_cflags}'` and related
|
||||
commands). Otherwise, when not performing an RPM build, they can
|
||||
either use hard-coded extension builder flags (thus avoiding a
|
||||
run-time dependency on `redhat-rpm-config`), or use the current
|
||||
extension builder flags (with a run-time dependency on
|
||||
`redhat-rpm-config`).
|
||||
|
||||
As a result, extension modules built for Fedora will use the official
|
||||
Fedora build flags, while users will still be able to build their own
|
||||
extension modules with custom toolchains.
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,66 @@
|
||||
#!/bin/bash
|
||||
# dist.sh
|
||||
# Author: Tom "spot" Callaway <tcallawa@redhat.com>
|
||||
# License: GPL
|
||||
# This is a script to output the value for the %{dist}
|
||||
# tag. The dist tag takes the following format: .$type$num
|
||||
# Where $type is one of: el, fc, rh
|
||||
# (for RHEL, Fedora Core, and RHL, respectively)
|
||||
# And $num is the version number of the distribution.
|
||||
# NOTE: We can't detect Rawhide or Fedora Test builds properly.
|
||||
# If we successfully detect the version number, we output the
|
||||
# dist tag. Otherwise, we exit with no output.
|
||||
|
||||
RELEASEFILE=/etc/redhat-release
|
||||
|
||||
function check_num {
|
||||
MAINVER=`cut -d "(" -f 1 < $RELEASEFILE | \
|
||||
sed -e "s/[^0-9.]//g" -e "s/$//g" | cut -d "." -f 1`
|
||||
|
||||
echo $MAINVER | grep -q '[0-9]' && echo $MAINVER
|
||||
}
|
||||
|
||||
function check_rhl {
|
||||
grep -q "Red Hat Linux" $RELEASEFILE && ! grep -q "Advanced" $RELEASEFILE && echo $DISTNUM
|
||||
}
|
||||
|
||||
function check_rhel {
|
||||
egrep -q "(Enterprise|Advanced)" $RELEASEFILE && echo $DISTNUM
|
||||
}
|
||||
|
||||
function check_fedora {
|
||||
grep -q Fedora $RELEASEFILE && echo $DISTNUM
|
||||
}
|
||||
|
||||
DISTNUM=`check_num`
|
||||
DISTFC=`check_fedora`
|
||||
DISTRHL=`check_rhl`
|
||||
DISTRHEL=`check_rhel`
|
||||
if [ -n "$DISTNUM" ]; then
|
||||
if [ -n "$DISTFC" ]; then
|
||||
DISTTYPE=fc
|
||||
elif [ -n "$DISTRHEL" ]; then
|
||||
DISTTYPE=el
|
||||
elif [ -n "$DISTRHL" ]; then
|
||||
DISTTYPE=rhl
|
||||
fi
|
||||
fi
|
||||
[ -n "$DISTTYPE" -a -n "$DISTNUM" ] && DISTTAG=".${DISTTYPE}${DISTNUM}"
|
||||
|
||||
case "$1" in
|
||||
--el) echo -n "$DISTRHEL" ;;
|
||||
--fc) echo -n "$DISTFC" ;;
|
||||
--rhl) echo -n "$DISTRHL" ;;
|
||||
--distnum) echo -n "$DISTNUM" ;;
|
||||
--disttype) echo -n "$DISTTYPE" ;;
|
||||
--help)
|
||||
printf "Usage: $0 [OPTIONS]\n"
|
||||
printf " Default mode is --dist. Possible options:\n"
|
||||
printf " --el\t\tfor RHEL version (if RHEL)\n"
|
||||
printf " --fc\t\tfor Fedora version (if Fedora)\n"
|
||||
printf " --rhl\t\tfor RHL version (if RHL)\n"
|
||||
printf " --dist\t\tfor distribution tag\n"
|
||||
printf " --distnum\tfor distribution number (major)\n"
|
||||
printf " --disttype\tfor distribution type\n" ;;
|
||||
*) echo -n "$DISTTAG" ;;
|
||||
esac
|
@ -0,0 +1,50 @@
|
||||
#!/bin/bash
|
||||
|
||||
# This script reads filenames from STDIN and outputs any relevant provides
|
||||
# information that needs to be included in the package.
|
||||
|
||||
if [ "$1" ]
|
||||
then
|
||||
package_name="$1"
|
||||
fi
|
||||
|
||||
filelist=`sed "s/['\"]/\\\&/g"`
|
||||
|
||||
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] &&
|
||||
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --provides
|
||||
|
||||
#
|
||||
# --- any other extra find-provides scripts
|
||||
for i in /usr/lib/rpm/redhat/find-provides.d/*.prov
|
||||
do
|
||||
[ -x $i ] &&
|
||||
(echo $filelist | tr '[:blank:]' \\n | $i | sort -u)
|
||||
done
|
||||
|
||||
#
|
||||
# --- Kernel module imported symbols
|
||||
#
|
||||
# Since we don't (yet) get passed the name of the package being built, we
|
||||
# cheat a little here by looking first for a kernel, then for a kmod.
|
||||
#
|
||||
|
||||
is_kmod=1
|
||||
for f in $filelist; do
|
||||
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
|
||||
then
|
||||
is_kernel=1;
|
||||
fi
|
||||
if [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
|
||||
then
|
||||
unset is_kmod;
|
||||
fi
|
||||
done
|
||||
if [ ! "$is_kernel" ] || [ "$package_name" == "kernel" ]
|
||||
then
|
||||
unset is_kmod
|
||||
fi
|
||||
|
||||
[ -x /usr/lib/rpm/redhat/find-provides.ksyms ] && [ "$is_kmod" ] &&
|
||||
printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-provides.ksyms
|
||||
|
||||
exit 0
|
@ -0,0 +1,48 @@
|
||||
#! /bin/bash
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$'); do
|
||||
tmpfile=""
|
||||
if [ "x${module%.ko}" = "x${module}" ]; then
|
||||
tmpfile=$(mktemp -t ${0##*/}.XXXXXX.ko)
|
||||
proc_bin=
|
||||
case "${module##*.}" in
|
||||
xz)
|
||||
proc_bin=xz
|
||||
;;
|
||||
bz2)
|
||||
proc_bin=bzip2
|
||||
;;
|
||||
gz)
|
||||
proc_bin=gzip
|
||||
;;
|
||||
esac
|
||||
|
||||
[ -n "$proc_bin" ] || continue
|
||||
|
||||
"$proc_bin" -d -c - < "$module" > "$tmpfile" || continue
|
||||
module="$tmpfile"
|
||||
fi
|
||||
|
||||
if [[ -n $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
|
||||
nm $module \
|
||||
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
|
||||
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08x\n", $2, $1)}' \
|
||||
| LC_ALL=C sort -u
|
||||
else
|
||||
ELFRODATA=$(readelf -R .rodata $module | awk '/0x/{printf $2$3$4$5}')
|
||||
if [[ -n $(readelf -h $module | grep "little endian") ]]; then
|
||||
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
|
||||
else
|
||||
RODATA=$ELFRODATA
|
||||
fi
|
||||
for sym in $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
|
||||
echo $sym $RODATA
|
||||
done \
|
||||
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08s\n", $2, substr($3,($1*2)+1,8))}' \
|
||||
| LC_ALL=C sort -u
|
||||
fi
|
||||
|
||||
[ -z "$tmpfile" ] || rm -f -- "$tmpfile"
|
||||
done
|
@ -0,0 +1,38 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# Auto-generate requirements for executables (both ELF and a.out) and library
|
||||
# sonames, script interpreters, and perl modules.
|
||||
#
|
||||
|
||||
ulimit -c 0
|
||||
|
||||
filelist=`sed "s/[]['\"*?{}]/\\\\\&/g"`
|
||||
|
||||
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] && \
|
||||
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --requires
|
||||
|
||||
#
|
||||
# --- Kernel module imported symbols
|
||||
#
|
||||
# Since we don't (yet) get passed the name of the package being built, we
|
||||
# cheat a little here by looking first for a kernel, then for a kmod.
|
||||
#
|
||||
|
||||
unset is_kmod
|
||||
|
||||
for f in $filelist; do
|
||||
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
|
||||
then
|
||||
is_kmod=1;
|
||||
elif [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
|
||||
then
|
||||
unset is_kmod;
|
||||
break;
|
||||
fi
|
||||
done
|
||||
|
||||
[ -x /usr/lib/rpm/redhat/find-requires.ksyms ] && [ "$is_kmod" ] &&
|
||||
printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-requires.ksyms
|
||||
|
||||
exit 0
|
@ -0,0 +1,155 @@
|
||||
#! /bin/bash
|
||||
#
|
||||
# This script is called during external module building to create dependencies
|
||||
# both upon the RHEL kernel, and on additional external modules. Symbols that
|
||||
# cannot be reconciled against those provided by the kernel are assumed to be
|
||||
# provided by an external module and "ksym" replaces th regular "kernel" dep.
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
# Extract all of the symbols provided by this module.
|
||||
all_provides() {
|
||||
for module in "$@"; do
|
||||
tmpfile=""
|
||||
if [ "x${module%.ko}" = "x${module}" ]; then
|
||||
tmpfile=$(mktemp -t ${0##*/}.XXXXXX.ko)
|
||||
proc_bin=
|
||||
case "${module##*.}" in
|
||||
xz)
|
||||
proc_bin=xz
|
||||
;;
|
||||
bz2)
|
||||
proc_bin=bzip2
|
||||
;;
|
||||
gz)
|
||||
proc_bin=gzip
|
||||
;;
|
||||
esac
|
||||
|
||||
[ -n "$proc_bin" ] || continue
|
||||
|
||||
"$proc_bin" -d -c - < "$module" > "$tmpfile" || continue
|
||||
module="$tmpfile"
|
||||
fi
|
||||
|
||||
if [[ -n $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
|
||||
nm "$module" \
|
||||
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
|
||||
| awk --non-decimal-data '{printf("%s:0x%08x\n", $2, $1)}'
|
||||
else
|
||||
ELFRODATA=$(readelf -R .rodata "$module" | awk '/0x/{printf $2$3$4$5}')
|
||||
if [[ -n $(readelf -h "$module" | grep "little endian") ]]; then
|
||||
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
|
||||
else
|
||||
RODATA=$ELFRODATA
|
||||
fi
|
||||
for sym in $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
|
||||
echo $sym $RODATA
|
||||
done \
|
||||
| awk --non-decimal-data '{printf("%s:0x%08s\n", $2, substr($3,($1*2)+1,8))}'
|
||||
fi
|
||||
|
||||
[ -z "$tmpfile" ] || rm -f -- "$tmpfile"
|
||||
done \
|
||||
| LC_ALL=C sort -k1,1 -u
|
||||
}
|
||||
|
||||
# Extract all of the requirements of this module.
|
||||
all_requires() {
|
||||
for module in "$@"; do
|
||||
set -- $(/sbin/modinfo -F vermagic "$module" | sed -e 's: .*::' -e q)
|
||||
/sbin/modprobe --dump-modversions "$module" \
|
||||
| awk --non-decimal-data '
|
||||
BEGIN { FS = "\t" ; OFS = "\t" }
|
||||
{printf("%s:0x%08x\n", $2, $1)}' \
|
||||
| sed -r -e 's:$:\t'"$1"':'
|
||||
done \
|
||||
| LC_ALL=C sort -k1,1 -u
|
||||
}
|
||||
|
||||
# Filter out requirements fulfilled by the module itself.
|
||||
mod_requires() {
|
||||
LC_ALL=C join -t $'\t' -j 1 -v 1 \
|
||||
<(all_requires "$@") \
|
||||
<(all_provides "$@") \
|
||||
| LC_ALL=C sort -k1,1 -u
|
||||
}
|
||||
|
||||
if ! [ -e /sbin/modinfo -a -e /sbin/modprobe ]; then
|
||||
cat > /dev/null
|
||||
exit 0
|
||||
fi
|
||||
|
||||
check_kabi() {
|
||||
arch=$(uname -m)
|
||||
kabi_file="/lib/modules/kabi-current/kabi_whitelist_$arch"
|
||||
|
||||
# If not installed, output a warning and return (continue)
|
||||
if [ ! -f "$kabi_file" ]; then
|
||||
echo "" >&2
|
||||
echo "********************************************************************************" >&2
|
||||
echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2
|
||||
echo "********************************************************************************" >&2
|
||||
echo "The kernel ABI reference files (provided by "kabi-whitelists") were not found." >&2
|
||||
echo "No compatibility check was performed. Please install the kABI reference files" >&2
|
||||
echo "and rebuild if you would like to verify compatibility with kernel ABI." >&2
|
||||
echo "" >&2
|
||||
return
|
||||
fi
|
||||
|
||||
unset non_kabi
|
||||
for symbol in "$@"; do
|
||||
if ! egrep "^[[:space:]]$symbol\$" $kabi_file >/dev/null; then
|
||||
non_kabi=("${non_kabi[@]}" "$symbol")
|
||||
fi
|
||||
done
|
||||
|
||||
if [ ${#non_kabi[@]} -gt 0 ]; then
|
||||
echo "" >&2
|
||||
echo "********************************************************************************" >&2
|
||||
echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2
|
||||
echo "********************************************************************************" >&2
|
||||
echo "The following kernel symbols are not guaranteed to remain compatible with" >&2
|
||||
echo "future kernel updates to this RHEL release:" >&2
|
||||
echo "" >&2
|
||||
for symbol in "${non_kabi[@]}"; do
|
||||
printf "\t$symbol\n" >&2
|
||||
done
|
||||
echo "" >&2
|
||||
echo "Red Hat recommends that you consider using only official kernel ABI symbols" >&2
|
||||
echo "where possible. Requests for additions to the kernel ABI can be filed with" >&2
|
||||
echo "your partner or customer representative (component: driver-update-program)." >&2
|
||||
echo "" >&2
|
||||
fi
|
||||
}
|
||||
|
||||
modules=($(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$'))
|
||||
if [ ${#modules[@]} -gt 0 ]; then
|
||||
kernel=$(/sbin/modinfo -F vermagic "${modules[0]}" | sed -e 's: .*::' -e q)
|
||||
|
||||
# get all that kernel provides
|
||||
symvers=$(mktemp -t ${0##*/}.XXXXX)
|
||||
|
||||
cat /usr/src/kernels/$kernel/Module.symvers | awk '
|
||||
BEGIN { FS = "\t" ; OFS = "\t" }
|
||||
{ print $2 ":" $1 }
|
||||
' \
|
||||
| sed -r -e 's:$:\t'"$kernel"':' \
|
||||
| LC_ALL=C sort -k1,1 -u > $symvers
|
||||
|
||||
# Symbols matching with the kernel get a "kernel" dependency
|
||||
mod_req=$(mktemp -t mod_req.XXXXX)
|
||||
mod_requires "${modules[@]}" > "$mod_req"
|
||||
LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \
|
||||
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "kernel(" $1 ") = " $2 }'
|
||||
|
||||
# Symbols from elsewhere get a "ksym" dependency
|
||||
LC_ALL=C join -t $'\t' -j 1 -v 2 $symvers "$mod_req" | LC_ALL=C sort -u \
|
||||
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "ksym(" $1 ") = " $2 }'
|
||||
|
||||
# Check kABI if the kabi-whitelists package is installed
|
||||
# Do this last so we can try to output this error at the end
|
||||
kabi_check_symbols=($(LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \
|
||||
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print $1 }'))
|
||||
check_kabi "${kabi_check_symbols[@]}"
|
||||
fi
|
@ -0,0 +1,14 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# firmware.prov - Automatically extract any and all firmware dependencies from
|
||||
# kernel object (.ko) files and add to RPM deps.
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') $*;
|
||||
do
|
||||
for firmware in `/sbin/modinfo -F firmware $module`;
|
||||
do
|
||||
echo "firmware($firmware)"
|
||||
done
|
||||
done
|
@ -0,0 +1,111 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
|
||||
#
|
||||
# This material is provided as is, with absolutely no warranty expressed
|
||||
# or implied. Any use is at your own risk.
|
||||
#
|
||||
# Permission is hereby granted to use or copy this shellscript
|
||||
# for any purpose, provided the above notices are retained on all copies.
|
||||
# Permission to modify the code and to distribute modified code is granted,
|
||||
# provided the above notices are retained, and a notice that the code was
|
||||
# modified is included with the above copyright notice.
|
||||
|
||||
|
||||
function print_help {
|
||||
cat <<'EOF'
|
||||
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
|
||||
|
||||
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
|
||||
verifies a file against a detached OpenPGP signature and a keyring. The keyring
|
||||
shall contain all the keys that are trusted to certify the authenticity of the
|
||||
file, and must not contain any untrusted keys.
|
||||
|
||||
The differences, compared to invoking gpgv directly, are that gpgverify accepts
|
||||
the keyring in either ASCII-armored or unarmored form, and that it will not
|
||||
accidentally use a default keyring in addition to the specified one.
|
||||
|
||||
Parameters:
|
||||
--keyring=<pathname> keyring with all the trusted keys and no others
|
||||
--signature=<pathname> detached signature to verify
|
||||
--data=<pathname> file to verify against the signature
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
fatal_error() {
|
||||
message="$1" # an error message
|
||||
status=$2 # a number to use as the exit code
|
||||
echo "gpgverify: $message" >&2
|
||||
exit $status
|
||||
}
|
||||
|
||||
|
||||
require_parameter() {
|
||||
term="$1" # a term for a required parameter
|
||||
value="$2" # Complain and terminate if this value is empty.
|
||||
if test -z "${value}" ; then
|
||||
fatal_error "No ${term} was provided." 2
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
check_status() {
|
||||
action="$1" # a string that describes the action that was attempted
|
||||
status=$2 # the exit code of the command
|
||||
if test $status -ne 0 ; then
|
||||
fatal_error "$action failed." $status
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# Parse the command line.
|
||||
keyring=
|
||||
signature=
|
||||
data=
|
||||
for parameter in "$@" ; do
|
||||
case "${parameter}" in
|
||||
(--help)
|
||||
print_help
|
||||
exit
|
||||
;;
|
||||
(--keyring=*)
|
||||
keyring="${parameter#*=}"
|
||||
;;
|
||||
(--signature=*)
|
||||
signature="${parameter#*=}"
|
||||
;;
|
||||
(--data=*)
|
||||
data="${parameter#*=}"
|
||||
;;
|
||||
(*)
|
||||
fatal_error "Unknown parameter: \"${parameter}\"" 2
|
||||
;;
|
||||
esac
|
||||
done
|
||||
require_parameter 'keyring' "${keyring}"
|
||||
require_parameter 'signature' "${signature}"
|
||||
require_parameter 'data file' "${data}"
|
||||
|
||||
# Make a temporary working directory.
|
||||
workdir="$(mktemp --directory)"
|
||||
check_status 'Making a temporary directory' $?
|
||||
workring="${workdir}/keyring.gpg"
|
||||
|
||||
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
|
||||
# ASCII-armored.
|
||||
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
|
||||
check_status 'Decoding the keyring' $?
|
||||
|
||||
# Verify the signature using the decoded keyring.
|
||||
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
|
||||
check_status 'Signature verification' $?
|
||||
|
||||
# (--homedir isn't actually necessary. --dearmor processes only the input file,
|
||||
# and if --keyring is used and contains a slash, then gpgv2 uses only that
|
||||
# keyring. Thus neither command will look for a default keyring, but --homedir
|
||||
# makes extra double sure that no default keyring will be touched in case
|
||||
# another version of GPG works differently.)
|
||||
|
||||
# Clean up. (This is not done in case of an error that may need inspection.)
|
||||
rm --recursive --force ${workdir}
|
@ -0,0 +1,2 @@
|
||||
%__kabi_provides %{_rpmconfigdir}/kabi.sh
|
||||
%__kabi_path ^(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.gz$
|
@ -0,0 +1,13 @@
|
||||
#!/bin/bash +x
|
||||
#
|
||||
# kabi.sh - Automatically extract any kernel symbol checksum from the
|
||||
# symvers file and add to RPM deps. This is used to move the
|
||||
# checksum checking from modprobe to rpm install for 3rd party
|
||||
# modules (so they can fail during install and not at load).
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
for symvers in $(grep -E '(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.gz') "$@";
|
||||
do
|
||||
zcat $symvers | awk ' {print "kernel(" $2 ") = " $1 }'
|
||||
done
|
@ -0,0 +1,2 @@
|
||||
%__kmod_provides %{_rpmconfigdir}/kmod.prov
|
||||
%__kmod_path ^/lib/modules/.*$
|
@ -0,0 +1,28 @@
|
||||
#!/bin/sh +x
|
||||
# Kernel build can have many thousands of modules.
|
||||
# kmod.prov is run for every one of them.
|
||||
# Try to make this script run as fast as we can.
|
||||
# For example, use shell string ops instead of external programs
|
||||
# where possible.
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
read -r fname || exit
|
||||
|
||||
# Only process files from .../lib/modules/... subtree
|
||||
[ "${fname#*/lib/modules/*}" != "$fname" ] || exit 0
|
||||
|
||||
kmod=${fname##*/} # like basename, but faster
|
||||
|
||||
if [ "$kmod" = "modules.builtin" ]; then
|
||||
for j in $(cat -- "$fname"); do
|
||||
echo "kmod(${j##*/})"
|
||||
done
|
||||
exit 0
|
||||
fi
|
||||
|
||||
kmod=${kmod%.gz}
|
||||
kmod=${kmod%.xz}
|
||||
if [ "${kmod%.ko}" != "$kmod" ]; then
|
||||
echo "kmod($kmod)"
|
||||
fi
|
@ -0,0 +1,349 @@
|
||||
#!/bin/bash
|
||||
|
||||
# kmodtool - Helper script for building kernel module RPMs
|
||||
# An original version appeared in Fedora. This version is
|
||||
# generally called only by the %kernel_module_package RPM macro
|
||||
# during the process of building Driver Update Packages (which
|
||||
# are also known as "kmods" in the Fedora community).
|
||||
#
|
||||
# Copyright (c) 2003-2010 Ville Skyttä <ville.skytta@iki.fi>,
|
||||
# Thorsten Leemhuis <fedora@leemhuis.info>
|
||||
# Jon Masters <jcm@redhat.com>
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining
|
||||
# a copy of this software and associated documentation files (the
|
||||
# "Software"), to deal in the Software without restriction, including
|
||||
# without limitation the rights to use, copy, modify, merge, publish,
|
||||
# distribute, sublicense, and/or sell copies of the Software, and to
|
||||
# permit persons to whom the Software is furnished to do so, subject to
|
||||
# the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be
|
||||
# included in all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
# Changelog:
|
||||
#
|
||||
# 2010/07/28 - Add fixes for filelists in line with LF standard
|
||||
# - Remove now defunct "framepointer" kernel variant
|
||||
# - Change version to "rhel6-rh2" as a consequence.
|
||||
#
|
||||
# 2010/01/10 - Simplified for RHEL6. We are working on upstream
|
||||
# moving to a newer format and in any case do not
|
||||
# need to retain support for really old systems.
|
||||
|
||||
shopt -s extglob
|
||||
|
||||
myprog="kmodtool"
|
||||
myver="0.10.10_rhel8"
|
||||
knownvariants=@(debug|kdump|zfcpdump)
|
||||
kmod_name=
|
||||
kver=
|
||||
verrel=
|
||||
variant=
|
||||
|
||||
get_verrel ()
|
||||
{
|
||||
verrel=${1:-$(uname -r)}
|
||||
verrel=${verrel/%[.+]$knownvariants/}
|
||||
}
|
||||
|
||||
print_verrel ()
|
||||
{
|
||||
get_verrel "$@"
|
||||
echo "${verrel}"
|
||||
}
|
||||
|
||||
get_variant ()
|
||||
{
|
||||
get_verrel "$@"
|
||||
variant=${1:-$(uname -r)}
|
||||
variant=${variant/#$verrel?(.+)/}
|
||||
variant=${variant:-'""'}
|
||||
}
|
||||
|
||||
print_variant ()
|
||||
{
|
||||
get_variant $@
|
||||
echo "${variant}"
|
||||
}
|
||||
|
||||
# Detect flavor separator character. We have to do that due to
|
||||
# a systemd-tailored patch for kernel spec[1][2] introduced in Fedora and then
|
||||
# imported in RHEL 8 that broke all OOT kmod infrastructure for the flavored
|
||||
# kernels.
|
||||
#
|
||||
# [1] https://lists.fedoraproject.org/pipermail/kernel/2013-June/004262.html
|
||||
# [2] https://src.fedoraproject.org/rpms/kernel/c/faf25207dc86666a611c45ae3ffaf385c170bd2a
|
||||
#
|
||||
# $1 - kver
|
||||
# $2 - variant
|
||||
get_variant_char ()
|
||||
{
|
||||
variant="$2"
|
||||
[ "$variant" != "default" ] || variant=""
|
||||
|
||||
get_verrel "$1"
|
||||
|
||||
variant_char=""
|
||||
[ -n "$variant" ] || return 0
|
||||
|
||||
# We expect that the flavored kernel is already installed in the buildroot
|
||||
variant_char="+"
|
||||
[ -e "/usr/src/kernels/${verrel}+${variant}" ] && return 0
|
||||
|
||||
variant_char="."
|
||||
}
|
||||
|
||||
print_variant_char ()
|
||||
{
|
||||
get_variant_char "$@"
|
||||
echo "${variant_char}"
|
||||
}
|
||||
|
||||
print_kernel_source ()
|
||||
{
|
||||
get_variant_char "$@"
|
||||
echo "/usr/src/kernels/${verrel}${variant_char}${variant}"
|
||||
}
|
||||
|
||||
get_filelist() {
|
||||
local IFS=$'\n'
|
||||
filelist=($(cat))
|
||||
|
||||
if [ ${#filelist[@]} -gt 0 ];
|
||||
then
|
||||
for ((n = 0; n < ${#filelist[@]}; n++));
|
||||
do
|
||||
line="${filelist[n]}"
|
||||
line=$(echo "$line" \
|
||||
| sed -e "s/%verrel/$verrel/g" \
|
||||
| sed -e "s/%variant/$variant/g" \
|
||||
| sed -e "s/%dashvariant/$dashvariant/g" \
|
||||
| sed -e "s/%dotvariant/$dotvariant/g" \
|
||||
| sed -e "s/\+%1/$dotvariant/g" \
|
||||
| sed -e "s/\.%1/$dotvariant/g" \
|
||||
| sed -e "s/\-%1/$dotvariant/g" \
|
||||
| sed -e "s/%2/$verrel/g")
|
||||
echo "$line"
|
||||
done
|
||||
else
|
||||
echo "%defattr(644,root,root,755)"
|
||||
echo "/lib/modules/${verrel}${dotvariant}"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
get_rpmtemplate ()
|
||||
{
|
||||
local variant="${1}"
|
||||
|
||||
get_variant_char "${verrel}" "${variant}"
|
||||
|
||||
local dashvariant="${variant:+-${variant}}"
|
||||
local dotvariant="${variant:+${variant_char}${variant}}"
|
||||
|
||||
echo "%package -n kmod-${kmod_name}${dashvariant}"
|
||||
|
||||
if [ -z "$kmod_provides_summary" ]; then
|
||||
echo "Summary: ${kmod_name} kernel module(s)"
|
||||
fi
|
||||
|
||||
if [ -z "$kmod_provides_group" ]; then
|
||||
echo "Group: System Environment/Kernel"
|
||||
fi
|
||||
|
||||
if [ ! -z "$kmod_version" ]; then
|
||||
echo "Version: %{kmod_version}"
|
||||
fi
|
||||
|
||||
if [ ! -z "$kmod_release" ]; then
|
||||
echo "Release: %{kmod_release}"
|
||||
fi
|
||||
|
||||
# Turn of the internal dep generator so we will use the kmod scripts.
|
||||
echo "%global _use_internal_dependency_generator 0"
|
||||
|
||||
cat <<EOF
|
||||
Provides: kernel-modules >= ${verrel}${dotvariant}
|
||||
Provides: kernel${dashvariant}-modules >= ${verrel}
|
||||
Provides: ${kmod_name}-kmod = %{?epoch:%{epoch}:}%{version}-%{release}
|
||||
Requires(post): /usr/sbin/depmod
|
||||
Requires(postun): /usr/sbin/depmod
|
||||
Requires(post): /usr/sbin/weak-modules
|
||||
Requires(postun): /usr/sbin/weak-modules
|
||||
EOF
|
||||
|
||||
if [ "yes" != "$nobuildreqs" ]
|
||||
then
|
||||
cat <<EOF
|
||||
BuildRequires: kernel${dashvariant}-devel
|
||||
BuildRequires: kernel-abi-whitelists
|
||||
BuildRequires: redhat-rpm-config kernel-rpm-macros
|
||||
BuildRequires: elfutils-libelf-devel kmod
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ "" != "$override_preamble" ]
|
||||
then
|
||||
cat "$override_preamble"
|
||||
fi
|
||||
|
||||
cat <<EOF
|
||||
%description -n kmod-${kmod_name}${dashvariant}
|
||||
This package provides the ${kmod_name} kernel modules built for
|
||||
the Linux kernel ${verrel}${dotvariant} for the %{_target_cpu}
|
||||
family of processors.
|
||||
EOF
|
||||
|
||||
##############################################################################
|
||||
## The following are not part of this script directly, they are scripts ##
|
||||
## that will be executed by RPM during various stages of package processing ##
|
||||
##############################################################################
|
||||
|
||||
cat <<EOF
|
||||
%post -n kmod-${kmod_name}${dashvariant}
|
||||
if [ -e "/boot/System.map-${verrel}${dotvariant}" ]; then
|
||||
/usr/sbin/depmod -aeF "/boot/System.map-${verrel}${dotvariant}" "${verrel}${dotvariant}" > /dev/null || :
|
||||
fi
|
||||
|
||||
modules=( \$(find /lib/modules/${verrel}${dotvariant}/extra/${kmod_name} | grep '\.ko$') )
|
||||
if [ -x "/usr/sbin/weak-modules" ]; then
|
||||
printf '%s\n' "\${modules[@]}" \
|
||||
| /usr/sbin/weak-modules --add-modules
|
||||
fi
|
||||
EOF
|
||||
|
||||
cat <<EOF
|
||||
%preun -n kmod-${kmod_name}${dashvariant}
|
||||
rpm -ql kmod-${kmod_name}${dashvariant}-%{kmod_version}-%{kmod_release}.$(arch) | grep '\.ko$' > /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
|
||||
EOF
|
||||
|
||||
cat <<EOF
|
||||
%postun -n kmod-${kmod_name}${dashvariant}
|
||||
if [ -e "/boot/System.map-${verrel}${dotvariant}" ]; then
|
||||
/usr/sbin/depmod -aeF "/boot/System.map-${verrel}${dotvariant}" "${verrel}${dotvariant}" > /dev/null || :
|
||||
fi
|
||||
|
||||
modules=( \$(cat /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules) )
|
||||
rm /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
|
||||
if [ -x "/usr/sbin/weak-modules" ]; then
|
||||
printf '%s\n' "\${modules[@]}" \
|
||||
| /usr/sbin/weak-modules --remove-modules
|
||||
fi
|
||||
EOF
|
||||
|
||||
echo "%files -n kmod-${kmod_name}${dashvariant}"
|
||||
|
||||
if [ "" == "$override_filelist" ];
|
||||
then
|
||||
echo "%defattr(644,root,root,755)"
|
||||
echo "/lib/modules/${verrel}${dotvariant}"
|
||||
else
|
||||
cat "$override_filelist" | get_filelist
|
||||
fi
|
||||
}
|
||||
|
||||
print_rpmtemplate ()
|
||||
{
|
||||
kmod_name="${1}"
|
||||
shift
|
||||
kver="${1}"
|
||||
get_verrel "${1}"
|
||||
shift
|
||||
if [ -z "${kmod_name}" ] ; then
|
||||
echo "Please provide the kmodule-name as first parameter." >&2
|
||||
exit 2
|
||||
elif [ -z "${kver}" ] ; then
|
||||
echo "Please provide the kver as second parameter." >&2
|
||||
exit 2
|
||||
elif [ -z "${verrel}" ] ; then
|
||||
echo "Couldn't find out the verrel." >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
for variant in "$@" ; do
|
||||
if [ "default" == "$variant" ];
|
||||
then
|
||||
get_rpmtemplate ""
|
||||
else
|
||||
get_rpmtemplate "${variant}"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
usage ()
|
||||
{
|
||||
cat <<EOF
|
||||
You called: ${invocation}
|
||||
|
||||
Usage: ${myprog} <command> <option>+
|
||||
Commands:
|
||||
verrel <uname>
|
||||
- Get "base" version-release.
|
||||
variant <uname>
|
||||
- Get variant from uname.
|
||||
variant_char <uname> <variant>
|
||||
- Get kernel variant separator character.
|
||||
kernel_source <uname> <variant>
|
||||
- Get path to kernel source directory.
|
||||
rpmtemplate <mainpgkname> <uname> <variants>
|
||||
- Return a template for use in a source RPM
|
||||
version
|
||||
- Output version number and exit.
|
||||
EOF
|
||||
}
|
||||
|
||||
invocation="$(basename ${0}) $@"
|
||||
while [ "${1}" ] ; do
|
||||
case "${1}" in
|
||||
verrel)
|
||||
shift
|
||||
print_verrel "$@"
|
||||
exit $?
|
||||
;;
|
||||
variant)
|
||||
shift
|
||||
print_variant "$@"
|
||||
exit $?
|
||||
;;
|
||||
variant_char)
|
||||
shift
|
||||
print_variant_char "$@"
|
||||
exit $?
|
||||
;;
|
||||
kernel_source)
|
||||
shift
|
||||
print_kernel_source "$@"
|
||||
exit $?
|
||||
;;
|
||||
rpmtemplate)
|
||||
shift
|
||||
print_rpmtemplate "$@"
|
||||
exit $?
|
||||
;;
|
||||
version)
|
||||
echo "${myprog} ${myver}"
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
echo "Error: Unknown option '${1}'." >&2
|
||||
usage >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Local variables:
|
||||
# mode: sh
|
||||
# sh-indentation: 2
|
||||
# indent-tabs-mode: nil
|
||||
# End:
|
||||
# ex: ts=2 sw=2 et
|
@ -0,0 +1,5 @@
|
||||
# Make libfoo.so symlinks require the soname-provide of the target library
|
||||
%__libsymlink_requires %{_rpmconfigdir}/elfdeps --provides --soname-only
|
||||
%__libsymlink_magic ^symbolic link to .*lib.*\.so\..*$
|
||||
%__libsymlink_path ^.*\.so$
|
||||
%__libsymlink_flags magic_and_path
|
@ -0,0 +1,268 @@
|
||||
# Per-platform rpm configuration file.
|
||||
|
||||
#==============================================================================
|
||||
# ---- per-platform macros.
|
||||
#
|
||||
%_vendor redhat
|
||||
%_os linux
|
||||
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
|
||||
|
||||
#==============================================================================
|
||||
# ---- configure macros. note that most of these are inherited
|
||||
# from the defaults.
|
||||
#
|
||||
%_localstatedir /var
|
||||
|
||||
%_pkgdocdir %{_docdir}/%{name}
|
||||
%_docdir_fmt %%{NAME}
|
||||
|
||||
%_fmoddir %{_libdir}/gfortran/modules
|
||||
|
||||
%_enable_debug_packages 1
|
||||
%_include_minidebuginfo 1
|
||||
%_include_gdb_index 1
|
||||
%_debugsource_packages 1
|
||||
%_debuginfo_subpackages 1
|
||||
|
||||
#==============================================================================
|
||||
# ---- compiler flags.
|
||||
|
||||
# C compiler flags. This is traditionally called CFLAGS in makefiles.
|
||||
# Historically also available as %%{optflags}, and %%build sets the
|
||||
# environment variable RPM_OPT_FLAGS to this value.
|
||||
%build_cflags %{optflags}
|
||||
|
||||
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
|
||||
%build_cxxflags %{optflags}
|
||||
|
||||
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
|
||||
# the corresponding variable names.
|
||||
%build_fflags %{optflags} -I%{_fmoddir}
|
||||
|
||||
# Link editor flags. This is usually called LDFLAGS in makefiles.
|
||||
# (Some makefiles use LFLAGS instead.) The default value assumes that
|
||||
# the flags, while intended for ld, are still passed through the gcc
|
||||
# compiler driver. At the beginning of %%build, the environment
|
||||
# variable RPM_LD_FLAGS to this value.
|
||||
%build_ldflags -Wl,-z,relro %{_ld_symbols_flags} %{_hardened_ldflags}
|
||||
|
||||
# Expands to shell code to seot the compiler/linker environment
|
||||
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
|
||||
# not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
|
||||
# been set implicitly at the start of the %%build section.
|
||||
%set_build_flags \
|
||||
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
|
||||
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
|
||||
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
|
||||
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
|
||||
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS
|
||||
|
||||
# Internal-only. Do not use. Expand a variable and strip the flags
|
||||
# not suitable to extension builders.
|
||||
%__extension_strip_flags() %{lua:
|
||||
local name = rpm.expand("%{1}")
|
||||
local value = " " .. rpm.expand("%{build_" .. name .. "}")
|
||||
local result = string.gsub(value, "%s+-specs=[^%s]+", " ")
|
||||
print(result)
|
||||
}
|
||||
|
||||
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
|
||||
# extension builders.
|
||||
%extension_cflags %{__extension_strip_flags cflags}
|
||||
%extension_cxxflags %{__extension_strip_flags cxxflags}
|
||||
%extension_fflags %{__extension_strip_flags fflags}
|
||||
%extension_ldflags %{__extension_strip_flags ldflags}
|
||||
|
||||
# Deprecated names. For backwards compatibility only.
|
||||
%__global_cflags %{build_cflags}
|
||||
%__global_cxxflags %{build_cxxflags}
|
||||
%__global_fflags %{build_fflags}
|
||||
%__global_fcflags %{build_fflags}
|
||||
%__global_ldflags %{build_ldflags}
|
||||
|
||||
#==============================================================================
|
||||
# ---- configure and makeinstall.
|
||||
#
|
||||
%_configure_gnuconfig_hack 1
|
||||
%_configure_libtool_hardening_hack 1
|
||||
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
|
||||
# to be added to the list of options passed to the configure script.
|
||||
# Eventually we'll want to turn this on by default, but this gives packagers a
|
||||
# way to turn it back off.
|
||||
# %_configure_disable_silent_rules 1
|
||||
%configure \
|
||||
%{set_build_flags}; \
|
||||
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
|
||||
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
|
||||
done ; \
|
||||
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
|
||||
for i in $(find . -name ltmain.sh) ; do \
|
||||
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
|
||||
done ; \
|
||||
%{_configure} --build=%{_build} --host=%{_host} \\\
|
||||
--program-prefix=%{?_program_prefix} \\\
|
||||
--disable-dependency-tracking \\\
|
||||
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
|
||||
--prefix=%{_prefix} \\\
|
||||
--exec-prefix=%{_exec_prefix} \\\
|
||||
--bindir=%{_bindir} \\\
|
||||
--sbindir=%{_sbindir} \\\
|
||||
--sysconfdir=%{_sysconfdir} \\\
|
||||
--datadir=%{_datadir} \\\
|
||||
--includedir=%{_includedir} \\\
|
||||
--libdir=%{_libdir} \\\
|
||||
--libexecdir=%{_libexecdir} \\\
|
||||
--localstatedir=%{_localstatedir} \\\
|
||||
--sharedstatedir=%{_sharedstatedir} \\\
|
||||
--mandir=%{_mandir} \\\
|
||||
--infodir=%{_infodir}
|
||||
|
||||
# Maximum number of CPU's to use when building, 0 for unlimited.
|
||||
#
|
||||
# This was for some time capped at 16. Please see
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=669638 and
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1384938 for the situation
|
||||
# surrounding this.
|
||||
#%_smp_ncpus_max 0
|
||||
%_smp_mflags %([ -z "$RPM_BUILD_NCPUS" ] \\\
|
||||
&& RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`"; \\\
|
||||
ncpus_max=%{?_smp_ncpus_max}; \\\
|
||||
if [ -n "$ncpus_max" ] && [ "$ncpus_max" -gt 0 ] && [ "$RPM_BUILD_NCPUS" -gt "$ncpus_max" ]; then RPM_BUILD_NCPUS="$ncpus_max"; fi; \\\
|
||||
if [ "$RPM_BUILD_NCPUS" -gt 1 ]; then echo "-j$RPM_BUILD_NCPUS"; fi)
|
||||
|
||||
#==============================================================================
|
||||
# ---- Build policy macros.
|
||||
#
|
||||
#
|
||||
#---------------------------------------------------------------------
|
||||
# Expanded at beginning of %install scriptlet.
|
||||
#
|
||||
|
||||
%__spec_install_pre %{___build_pre}\
|
||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
|
||||
mkdir -p `dirname "$RPM_BUILD_ROOT"`\
|
||||
mkdir "$RPM_BUILD_ROOT"\
|
||||
%{nil}
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
# Expanded at end of %install scriptlet.
|
||||
#
|
||||
|
||||
%__arch_install_post /usr/lib/rpm/check-buildroot
|
||||
|
||||
# Build root policy macros. Standard naming:
|
||||
# convert all '-' in basename to '_', add two leading underscores.
|
||||
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
|
||||
%__brp_compress /usr/lib/rpm/brp-compress
|
||||
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
|
||||
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
|
||||
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
|
||||
%__brp_python_bytecompile /usr/lib/rpm/brp-python-bytecompile "" %{?_python_bytecompile_errors_terminate_build}
|
||||
%__brp_python_hardlink /usr/lib/rpm/brp-python-hardlink
|
||||
# __brp_mangle_shebangs_exclude - shebangs to exclude
|
||||
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
|
||||
# __brp_mangle_shebangs_exclude_from - files to ignore
|
||||
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
|
||||
%__brp_mangle_shebangs PYTHON3="%{__python3}" /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
|
||||
|
||||
%__os_install_post \
|
||||
%{?__brp_ldconfig} \
|
||||
%{?__brp_compress} \
|
||||
%{!?__debug_package:\
|
||||
%{?__brp_strip} \
|
||||
%{?__brp_strip_comment_note} \
|
||||
} \
|
||||
%{?__brp_strip_static_archive} \
|
||||
%{?py_auto_byte_compile:%{?__brp_python_bytecompile}} \
|
||||
%{?__brp_python_hardlink} \
|
||||
%{?__brp_mangle_shebangs} \
|
||||
%{nil}
|
||||
|
||||
%__spec_install_post\
|
||||
%{?__debug_package:%{__debug_install_post}}\
|
||||
%{__arch_install_post}\
|
||||
%{__os_install_post}\
|
||||
%{nil}
|
||||
|
||||
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
|
||||
%%install\
|
||||
%{nil}
|
||||
|
||||
#
|
||||
# Should missing buildids terminate a build?
|
||||
%_missing_build_ids_terminate_build 1
|
||||
|
||||
#
|
||||
## Automatically compile python files
|
||||
%py_auto_byte_compile 1
|
||||
|
||||
#
|
||||
## Should python bytecompilation errors terminate a build?
|
||||
%_python_bytecompile_errors_terminate_build 1
|
||||
|
||||
# Use SHA-256 for FILEDIGESTS instead of default MD5
|
||||
%_source_filedigest_algorithm 8
|
||||
%_binary_filedigest_algorithm 8
|
||||
|
||||
# Use XZ compression for binary payloads
|
||||
%_binary_payload w2.xzdio
|
||||
|
||||
%_hardening_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
|
||||
# we don't escape symbols '~', '"', etc. so be careful when changing this
|
||||
%_hardening_ldflags -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
|
||||
|
||||
# Harden packages by default for Fedora 23:
|
||||
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
|
||||
# Use "%undefine _hardened_build" to disable.
|
||||
%_hardened_build 1
|
||||
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
|
||||
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
|
||||
|
||||
%_annobin_cflags -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
|
||||
|
||||
# Add extra information to binary objects created by gcc for Fedora 28:
|
||||
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
|
||||
# Use "%undefine _annotated_build" to disable.
|
||||
%_annotated_build 1
|
||||
%_annotated_cflags %{?_annotated_build:%{_annobin_cflags}}
|
||||
|
||||
# Fail linking if there are undefined symbols. Required for proper
|
||||
# ELF symbol versioning support. Disabled by default.
|
||||
# Use "%define _strict_symbol_defs_build 1" to enable.
|
||||
#%_strict_symbol_defs_build 1
|
||||
%_ld_symbols_flags %{?_strict_symbol_defs_build:-Wl,-z,defs}
|
||||
|
||||
%__global_compiler_flags -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags}
|
||||
|
||||
#==============================================================================
|
||||
# ---- Generic auto req/prov filtering macros
|
||||
#
|
||||
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
|
||||
|
||||
# prevent anything matching from being scanned for provides
|
||||
%filter_provides_in(P) %{expand: \
|
||||
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
|
||||
}
|
||||
|
||||
# prevent anything matching from being scanned for requires
|
||||
%filter_requires_in(P) %{expand: \
|
||||
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
|
||||
}
|
||||
|
||||
# filter anything matching out of the provides stream
|
||||
%filter_from_provides() %{expand: \
|
||||
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
|
||||
}
|
||||
|
||||
# filter anything matching out of the requires stream
|
||||
%filter_from_requires() %{expand: \
|
||||
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
|
||||
}
|
||||
|
||||
# actually set up the filtering bits
|
||||
%filter_setup %{expand: \
|
||||
%global _use_internal_dependency_generator 0 \
|
||||
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
|
||||
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
|
||||
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
|
||||
}
|
@ -0,0 +1,39 @@
|
||||
# Macros for reducing debug info size using dwz(1) utility.
|
||||
|
||||
# The two default values below should result in dwz taking at most
|
||||
# 3GB of RAM or so on 64-bit hosts and 2.5GB on 32-bit hosts
|
||||
# on the largest *.debug files (in mid 2012 those are
|
||||
# libreoffice-debuginfo, debuginfos containing
|
||||
# libxul.so.debug and libwebkitgtk-*.so.*.debug).
|
||||
# This needs to be tuned based on the amount of available RAM
|
||||
# on build boxes for each architecture as well as virtual address
|
||||
# space limitations if dwz is 32-bit program. While it needs less
|
||||
# memory than 64-bit program because pointers are smaller, it can
|
||||
# never have more than 4GB-epsilon of RAM and on some architecture
|
||||
# even less than that (e.g. 2GB).
|
||||
|
||||
# Number of debugging information entries (DIEs) above which
|
||||
# dwz will stop considering file for multifile optimizations
|
||||
# and enter a low memory mode, in which it will optimize
|
||||
# in about half the memory needed otherwise.
|
||||
%_dwz_low_mem_die_limit 10000000
|
||||
# Number of DIEs above which dwz will stop processing
|
||||
# a file altogether.
|
||||
%_dwz_max_die_limit 50000000
|
||||
|
||||
# On x86_64 increase the higher limit to make libwebkit* optimizable.
|
||||
# libwebkit* in mid 2012 contains roughly 87mil DIEs, and 64-bit
|
||||
# dwz is able to optimize it from ~1.1GB to ~410MB using 5.2GB of RAM.
|
||||
%_dwz_max_die_limit_x86_64 110000000
|
||||
|
||||
# On ARM, build boxes often have only 512MB of RAM and are very slow.
|
||||
# Lower both the limits.
|
||||
%_dwz_low_mem_die_limit_armv5tel 4000000
|
||||
%_dwz_low_mem_die_limit_armv7hl 4000000
|
||||
%_dwz_max_die_limit_armv5tel 10000000
|
||||
%_dwz_max_die_limit_armv7hl 10000000
|
||||
|
||||
%_dwz_limit() %{expand:%%{?%{1}_%{_arch}}%%{!?%{1}_%{_arch}:%%%{1}}}
|
||||
%_find_debuginfo_dwz_opts --run-dwz\\\
|
||||
--dwz-low-mem-die-limit %{_dwz_limit _dwz_low_mem_die_limit}\\\
|
||||
--dwz-max-die-limit %{_dwz_limit _dwz_max_die_limit}
|
@ -0,0 +1,8 @@
|
||||
# Some miscellaneous Fedora-related macros
|
||||
|
||||
# A directory for rpm macros
|
||||
%rpmmacrodir /usr/lib/rpm/macros.d
|
||||
|
||||
# A directory for appdata metainfo. This has changed between releases so a
|
||||
# macro is useful.
|
||||
%_metainfodir %{_datadir}/metainfo
|
@ -0,0 +1,3 @@
|
||||
# kernel_arches lists what arches the full kernel is built for.
|
||||
|
||||
%kernel_arches x86_64 s390x ppc64le aarch64 %{arm}
|
@ -0,0 +1,97 @@
|
||||
# Use these macros to differentiate between RH and other KMP implementation(s).
|
||||
%global redhat_kernel_module_package 1
|
||||
%global kernel_module_package_release 1
|
||||
|
||||
%global redhat_kmp_has_post_hooks 1
|
||||
|
||||
%__brp_kmod_set_exec_bit /usr/lib/rpm/redhat/brp-kmod-set-exec-bit
|
||||
%__brp_kmod_restore_perms /usr/lib/rpm/redhat/brp-kmod-restore-perms
|
||||
|
||||
%__kmod_brps_added 0
|
||||
|
||||
%__find_provides /usr/lib/rpm/redhat/find-provides
|
||||
%__find_requires /usr/lib/rpm/redhat/find-requires
|
||||
|
||||
#kernel_module_package [ -n name ] [ -v version ] [ -r release ] [ -s script ]
|
||||
# [ -f filelist] [ -x ] [ -p preamble ] flavor flavor ...
|
||||
|
||||
%kernel_module_package_buildreqs %global kmodtool_generate_buildreqs 1 \
|
||||
kernel-devel kernel-abi-whitelists redhat-rpm-config kernel-rpm-macros elfutils-libelf-devel kmod
|
||||
|
||||
%kernel_module_package(n:v:r:s:f:xp:) %{expand:%( \
|
||||
## An ugly hack: we want kmods to be processed by find-debuginfo,
|
||||
## but it processes only files with executable permission set.
|
||||
## It is important now since, as of now, if debuginfo package
|
||||
## is enabled (and it is enabled), there's an RPM build error
|
||||
## as a result of lack of ether absence or emptiness of
|
||||
## debugsourcefiles.list (which is likely a bug in RPM, but it looks
|
||||
## like that there's no obvious fix and apparently no one have
|
||||
## any issues with this).
|
||||
## In order to minimise intrusiveness, usually (in Red Hat-built kmod
|
||||
## RPMs) *.ko files just have executable permission being set as a part
|
||||
## of %build section. There are two caveats with kmp, however:
|
||||
## * We have no control over %build section itself (and it wasn't
|
||||
## required previously)
|
||||
## * Changing the criteria used in find-debuginfo.sh/brp-strip
|
||||
## for selecting files that have to undergo debug section separation
|
||||
## may introduce regression.
|
||||
## As a result, we insert additional hooks in __spec_install_post
|
||||
## (__brp_kmod_set_exec_bit in the beginning and
|
||||
## __brp_kmod_restore_perms in the end) that (temporarily) set
|
||||
## executable permission for *.ko files so find-debuginfo.sh will pick
|
||||
## them up.
|
||||
## Unfortunately, __spec_install_post's body is copied here since
|
||||
## we want that __debug_package macro expansion has been performed
|
||||
## lazily and it looks like RPM has no ability to provide a body
|
||||
## of a macro verbatim.
|
||||
if [ 0 = "%{__kmod_brps_added}" ]; then \
|
||||
echo "%%global __spec_install_post \\\\" \
|
||||
echo " %%{?__brp_kmod_set_exec_bit} \\\\" \
|
||||
echo " %%%%{?__debug_package:%%%%{__debug_install_post}} \\\\" \
|
||||
echo " %%{__arch_install_post} \\\\" \
|
||||
echo " %%{__os_install_post} \\\\" \
|
||||
echo " %%{?__brp_kmod_pre_sign_process} \\\\" \
|
||||
echo " %%{?__brp_kmod_sign} \\\\" \
|
||||
echo " %%{?__brp_kmod_post_sign_process} \\\\" \
|
||||
echo " %%{?__brp_kmod_compress} \\\\" \
|
||||
echo " %%{?__brp_kmod_post_compress_process} \\\\" \
|
||||
echo " %%{?__brp_kmod_restore_perms} \\\\" \
|
||||
echo "%%{nil}" \
|
||||
fi \
|
||||
%global __kmod_brps_added 1 \
|
||||
%global kmodtool %{-s*}%{!-s:/usr/lib/rpm/redhat/kmodtool} \
|
||||
%global kmod_version %{-v*}%{!-v:%{version}} \
|
||||
%global kmod_release %{-r*}%{!-r:%{release}} \
|
||||
%global latest_kernel %({ rpm -q --qf '%%{VERSION}-%%{RELEASE}.%%{ARCH}\\\\n' `rpm -qa | egrep "^kernel(-rt|-aarch64)?-devel" | /usr/lib/rpm/redhat/rpmsort -r | head -n 1`; echo '%%%%{nil}'; } | head -n 1) \
|
||||
%{!?kernel_version:%{expand:%%global kernel_version %{latest_kernel}}} \
|
||||
%global kverrel %(%{kmodtool} verrel %{?kernel_version} 2>/dev/null) \
|
||||
flavors="default" \
|
||||
if [ -z "%*" ]; then \
|
||||
flavors_to_build=$flavors \
|
||||
elif [ -z "%{-x}" ]; then \
|
||||
flavors_to_build="%*" \
|
||||
else \
|
||||
flavors_to_build=" $flavors "\
|
||||
for i in %* \
|
||||
do \
|
||||
flavors_to_build=${flavors_to_build//$i /}
|
||||
done \
|
||||
fi \
|
||||
echo "%%global flavors_to_build ${flavors_to_build:-%%nil}" \
|
||||
echo "%%global kernel_source() \\\$([ default = \"%%%%{1}\" ] && echo \"/usr/src/kernels//%%%%kverrel\" || %{kmodtool} kernel_source \"%%%%{kverrel}\" \"%%%%{1}\" 2>/dev/null || { ls -Ud \"/usr/src/kernels///%%%%{kverrel}\"[.+]\"%%%%{1}\" | sort -V | tail -n 1; } || echo \"/usr/src/kernels////%%%%kverrel.%%%%1\")" \
|
||||
echo "%%global kernel_module_package_moddir() extra" \
|
||||
if [ ! -z "%{-f*}" ] \
|
||||
then \
|
||||
filelist="%{-f*}" \
|
||||
fi \
|
||||
if [ ! -z "%{-p*}" ] \
|
||||
then \
|
||||
preamble="%{-p*}" \
|
||||
fi \
|
||||
nobuildreqs="yes" \
|
||||
if [ "x%{kmodtool_generate_buildreqs}" != "x1" ] \
|
||||
then \
|
||||
nobuildreqs="no" \
|
||||
fi \
|
||||
override_filelist="$filelist" override_preamble="$preamble" nobuildreqs="$nobuildreqs" kmod_version=%kmod_version kmod_release=%kmod_release %{kmodtool} rpmtemplate %{-n*}%{!-n:%name} %{kverrel} $flavors_to_build 2>/dev/null \
|
||||
)}
|
@ -0,0 +1,2 @@
|
||||
# arches that ldc builds on
|
||||
%ldc_arches %{ix86} x86_64 %{arm} %{power64}
|
@ -0,0 +1,9 @@
|
||||
#%ldconfig /sbin/ldconfig
|
||||
%ldconfig_post(n:) %{?ldconfig:%post -p %ldconfig %{?*} %{-n:-n %{-n*}}\
|
||||
%end}
|
||||
%ldconfig_postun(n:) %{?ldconfig:%postun -p %ldconfig %{?*} %{-n:-n %{-n*}}\
|
||||
%end}
|
||||
%ldconfig_scriptlets(n:) %{?ldconfig:\
|
||||
%ldconfig_post %{?*} %{-n:-n %{-n*}}\
|
||||
%ldconfig_postun %{?*} %{-n:-n %{-n*}}\
|
||||
}
|
@ -0,0 +1,5 @@
|
||||
# arches that mono builds on
|
||||
%mono_arches %{ix86} x86_64 sparc sparcv9 ia64 %{arm} aarch64 alpha s390x ppc ppc64 ppc64le
|
||||
|
||||
%_monodir %{_prefix}/lib/mono
|
||||
%_monogacdir %{_monodir}/gac
|
@ -0,0 +1,7 @@
|
||||
# nodejs_arches lists what arches Node.js and dependent packages run on.
|
||||
#
|
||||
# Enabling Node.js on other arches requires porting the V8 JavaScript JIT to
|
||||
# those arches. Support for POWER and aarch64 arrived in nodejs v4. Support
|
||||
# for s390x arrived in nodejs v6
|
||||
|
||||
%nodejs_arches %{ix86} x86_64 %{arm} aarch64 %{power64} s390x
|
@ -0,0 +1,3 @@
|
||||
# valgrind_arches lists what arches Valgrind works on
|
||||
|
||||
%valgrind_arches %{ix86} x86_64 ppc ppc64 ppc64le armv7hl aarch64 s390x
|
@ -0,0 +1,7 @@
|
||||
# ---- VPATH default settings
|
||||
|
||||
# directory where CMakeLists.txt/meson.build/etc. are placed
|
||||
%_vpath_srcdir .
|
||||
|
||||
# directory (doesn't need to exist) where all generated build files will be placed
|
||||
%_vpath_builddir %_target_platform
|
@ -0,0 +1,78 @@
|
||||
#! /bin/bash -efu
|
||||
|
||||
# heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>.
|
||||
# with modifications by Michael Brown <Michael_E_Brown@dell.com>
|
||||
#
|
||||
# -- added module versioning info to modalias() symbols
|
||||
# -- removed code which inspects spec files.
|
||||
|
||||
IFS=$'\n'
|
||||
|
||||
#
|
||||
# Initially, dont generate modalias() lines for kernel package. This needs
|
||||
# additional discussion. Would like to eventually add them for
|
||||
# completeness, so that we can determine when drivers are folded into
|
||||
# mainline kernel.
|
||||
#
|
||||
is_kernel_package=""
|
||||
case "${1:-}" in
|
||||
kernel-module-*) ;; # Fedora kernel module package names start with
|
||||
# kernel-module.
|
||||
kernel*) is_kernel_package=1 ;;
|
||||
esac
|
||||
|
||||
if ! [ -z "$is_kernel_package" ]; then
|
||||
cat > /dev/null
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Check for presence of the commands used
|
||||
which /sbin/modinfo >/dev/null || exit 0
|
||||
which sed >/dev/null || exit 0
|
||||
which sort >/dev/null || exit 0
|
||||
|
||||
print_modaliases() {
|
||||
declare class=$1 variants=$2 pos=$3
|
||||
if [ -n "$variants" ]; then
|
||||
echo "${class:0:pos}[$variants]${class:pos+1}"
|
||||
else
|
||||
[ -z "$class" ] || echo "$class"
|
||||
fi
|
||||
}
|
||||
|
||||
combine_modaliases() {
|
||||
declare tag class variants="" pos="" n
|
||||
read class
|
||||
while read tag; do
|
||||
for ((n=0; n<${#class}; n++)); do
|
||||
if [ "*" != "${class:n:1}" -a \
|
||||
"${class:0:n}" = "${tag:0:n}" -a \
|
||||
"${class:n+1}" = "${tag:n+1}" ] &&
|
||||
( [ -z "$pos" ] || [ $n = $pos ] ); then
|
||||
variants="${variants:-${class:n:1}}${tag:n:1}"
|
||||
pos=$n
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ $n -eq ${#class} ]; then
|
||||
print_modaliases "$class" "$variants" "$pos"
|
||||
variants=
|
||||
pos=
|
||||
class=$tag
|
||||
fi
|
||||
done
|
||||
print_modaliases "$class" "$variants" "$pos"
|
||||
}
|
||||
|
||||
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') "$@"; do
|
||||
# | head -n1 because some modules have *two* version tags. *cough*b44*cough*
|
||||
modver=$(/sbin/modinfo -F version "$module"| head -n1)
|
||||
modver=${modver//[^0-9a-zA-Z._]/_}
|
||||
# only add version tag if it has a version
|
||||
[ -z "$modver" ] || modver=" = $modver"
|
||||
|
||||
/sbin/modinfo -F alias "$module" \
|
||||
| sed -nre "s,[^][0-9a-zA-Z._:*?/-],_,g; s,(.+),modalias(\\1)$modver,p"
|
||||
done \
|
||||
| sort -u \
|
||||
| combine_modaliases
|
@ -0,0 +1,2 @@
|
||||
*cc1_options:
|
||||
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}
|
@ -0,0 +1,199 @@
|
||||
#!/usr/bin/sh
|
||||
# This is a script to select which GCC spec file fragment
|
||||
# should be the destination of the redhat-annobin-cc1 symlink.
|
||||
|
||||
# Author: Nick Clifton <nickc@redhat.com>
|
||||
# Copyright (c) 2021 Red Hat.
|
||||
#
|
||||
# This is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published
|
||||
# by the Free Software Foundation; either version 2, or (at your
|
||||
# option) any later version.
|
||||
|
||||
# It is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# Usage:
|
||||
# redhat-annobin-plugin-select [script-dir]
|
||||
#
|
||||
# If script-dir is not provided then /usr/lib/rpm/redhat is used
|
||||
# as the location where all of the annobin plugin selection files
|
||||
# can be found.
|
||||
|
||||
if test "x$1" = "x" ;
|
||||
then
|
||||
rrcdir=/usr/lib/rpm/redhat
|
||||
else
|
||||
rrcdir=$1
|
||||
fi
|
||||
|
||||
# Set this variable to non-zero to enable the generation of debugging
|
||||
# messages.
|
||||
debug=0
|
||||
|
||||
# Decide which version of the annobin plugin for gcc should be used.
|
||||
# There are two possible versions, one created by the annobin package and one
|
||||
# created by the gcc package. The logic selects the gcc version unless both
|
||||
# have been built by the same version of the compiler. In that case the
|
||||
# annobin version is selected instead.
|
||||
#
|
||||
# The point of all this is that the annobin plugin is very sensitive to
|
||||
# mismatches with the version of gcc that built it. If the plugin is built
|
||||
# by version A of gcc, but then run on version B of gcc, it is possible for
|
||||
# the plugin to misbehave, which then causes problems if gating tests examine
|
||||
# the plugin's output. (This has happened more than once in RHEL...).
|
||||
#
|
||||
# So the plugin is built both by gcc and by the annobin package. This means
|
||||
# that whenever gcc is updated a fresh plugin is built, and the logic below
|
||||
# will select that version. But in order to allow annobin development to
|
||||
# proceed independtently of gcc, the annobin package can also update its
|
||||
# version of the plugin, and the logic will select this new version.
|
||||
|
||||
# This is where the annobin package stores the information on the version
|
||||
# of gcc that built the annobin plugin.
|
||||
aver=`gcc --print-file-name=plugin`/annobin-plugin-version-info
|
||||
|
||||
# This is where the gcc package stores its version information.
|
||||
gver=`gcc --print-file-name=rpmver`
|
||||
|
||||
aplugin=`gcc --print-file-name=plugin`/annobin.so.0.0.0
|
||||
gplugin=`gcc --print-file-name=plugin`/gcc-annobin.so.0.0.0
|
||||
|
||||
# This is the file that needs to be updated when either of those version
|
||||
# files changes.
|
||||
rac1=redhat-annobin-cc1
|
||||
|
||||
# This is the GCC spec file fragment that selects the gcc-built version of
|
||||
# the annobin plugin
|
||||
select_gcc=redhat-annobin-select-gcc-built-plugin
|
||||
|
||||
# This is the GCC spec file fragment that selects the annobin-built version
|
||||
# of the annobin plugin
|
||||
select_annobin=redhat-annobin-select-annobin-built-plugin
|
||||
|
||||
install_annobin_version=0
|
||||
install_gcc_version=0
|
||||
|
||||
if [ -f $aplugin ]
|
||||
then
|
||||
if [ -f $gplugin ]
|
||||
then
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Both plugins exist, checking version information"
|
||||
fi
|
||||
|
||||
if [ -f $gver ]
|
||||
then
|
||||
if [ -f $aver ]
|
||||
then
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Both plugin version files exist - comparing..."
|
||||
fi
|
||||
|
||||
# Get the first line from the version info files. This is just in
|
||||
# vase there are extra lines in the files.
|
||||
avers=`head --lines=1 $aver`
|
||||
gvers=`head --lines=1 $gver`
|
||||
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Annobin plugin built by gcc $avers"
|
||||
echo " redhat-rpm-config: GCC plugin built by gcc $gvers"
|
||||
fi
|
||||
|
||||
# If both plugins were built by the same version of gcc then select
|
||||
# the one from the annobin package (in case it is built from newer
|
||||
# sources). If the plugin builder versions differ, select the gcc
|
||||
# built version instead. This assumes that the gcc built version
|
||||
# always matches the installed gcc, which should be true.
|
||||
if [ $avers = $gvers ]
|
||||
then
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Both plugins built by the same compiler - using annobin-built plugin"
|
||||
fi
|
||||
install_annobin_version=1
|
||||
else
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Versions differ - using gcc-built plugin"
|
||||
fi
|
||||
install_gcc_version=1
|
||||
fi
|
||||
else
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Annobin version file does not exist, using gcc-built plugin"
|
||||
fi
|
||||
install_gcc_version=1
|
||||
fi
|
||||
else
|
||||
if [ -f $aver ]
|
||||
then
|
||||
# FIXME: This is suspicious. If the installed GCC does not supports plugins
|
||||
# then enabling the annobin plugin will not work.
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: GCC plugin version file does not exist, using annobin-built plugin"
|
||||
fi
|
||||
install_annobin_version=1
|
||||
else
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Neither version file exists - playing safe and using gcc-built plugin"
|
||||
echo " redhat-rpm-config: Note: expected to find $aver and/or $gver"
|
||||
fi
|
||||
install_gcc_version=1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Only the annobin plugin exists - using that"
|
||||
fi
|
||||
install_annobin_version=1
|
||||
fi
|
||||
else
|
||||
if [ -f $gplugin ]
|
||||
then
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Only the gcc plugin exists - using that"
|
||||
fi
|
||||
else
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Neither plugin exists - playing safe and using gcc-built plugin"
|
||||
echo " redhat-rpm-config: Note: expected to find $aplugin and/or $gplugin"
|
||||
fi
|
||||
fi
|
||||
install_gcc_version=1
|
||||
fi
|
||||
|
||||
if [ $install_annobin_version -eq 1 ]
|
||||
then
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Installing annobin version of $rac1"
|
||||
fi
|
||||
pushd $rrcdir > /dev/null
|
||||
rm -f $rac1
|
||||
ln -s $select_annobin "$rac1"
|
||||
popd > /dev/null
|
||||
|
||||
else if [ $install_gcc_version -eq 1 ]
|
||||
then
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo " redhat-rpm-config: Installing gcc version of $rac1"
|
||||
fi
|
||||
pushd $rrcdir > /dev/null
|
||||
rm -f $rac1
|
||||
ln -s $select_gcc $rac1
|
||||
popd > /dev/null
|
||||
fi
|
||||
fi
|
@ -0,0 +1,2 @@
|
||||
*cc1_options:
|
||||
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}
|
@ -0,0 +1,2 @@
|
||||
*cc1_options:
|
||||
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=gcc-annobin}
|
@ -0,0 +1,2 @@
|
||||
*cc1_options:
|
||||
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}
|
@ -0,0 +1,2 @@
|
||||
*self_spec:
|
||||
+ %{!static:%{!shared:%{!r:-pie}}}
|
@ -0,0 +1,97 @@
|
||||
include: /usr/lib/rpm/rpmrc
|
||||
|
||||
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: i686 %{__global_compiler_flags} -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
|
||||
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
optflags: ia64 %{__global_compiler_flags}
|
||||
optflags: x86_64 %{__global_compiler_flags} -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
|
||||
|
||||
optflags: alpha %{__global_compiler_flags} -mieee
|
||||
optflags: alphaev5 %{__global_compiler_flags} -mieee -mcpu=ev5
|
||||
optflags: alphaev56 %{__global_compiler_flags} -mieee -mcpu=ev56
|
||||
optflags: alphapca56 %{__global_compiler_flags} -mieee -mcpu=pca56
|
||||
optflags: alphaev6 %{__global_compiler_flags} -mieee -mcpu=ev6
|
||||
optflags: alphaev67 %{__global_compiler_flags} -mieee -mcpu=ev67
|
||||
|
||||
optflags: sparc %{__global_compiler_flags} -m32 -mcpu=v7 -mtune=ultrasparc
|
||||
optflags: sparcv8 %{__global_compiler_flags} -m32 -mcpu=v8
|
||||
optflags: sparcv9 %{__global_compiler_flags} -m32 -mcpu=ultrasparc
|
||||
optflags: sparcv9v %{__global_compiler_flags} -m32 -mcpu=niagara
|
||||
optflags: sparc64 %{__global_compiler_flags} -m64 -mcpu=ultrasparc
|
||||
optflags: sparc64v %{__global_compiler_flags} -m64 -mcpu=niagara
|
||||
|
||||
optflags: m68k %{__global_compiler_flags}
|
||||
|
||||
optflags: ppc %{__global_compiler_flags} -m32 -funwind-tables
|
||||
optflags: ppciseries %{__global_compiler_flags} -m32
|
||||
optflags: ppcpseries %{__global_compiler_flags} -m32
|
||||
optflags: ppc64 %{__global_compiler_flags} -m64 -funwind-tables -fstack-clash-protection
|
||||
optflags: ppc64p7 %{__global_compiler_flags} -m64 -O3 -mcpu=power7 -mtune=power7 -funwind-tables -fstack-clash-protection
|
||||
optflags: ppc64le %{__global_compiler_flags} -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protection
|
||||
optflags: ppc64iseries %{__global_compiler_flags} -m64
|
||||
optflags: ppc64pseries %{__global_compiler_flags} -m64
|
||||
optflags: ppc8260 %{__global_compiler_flags} -m32
|
||||
optflags: ppc8560 %{__global_compiler_flags} -m32
|
||||
|
||||
optflags: parisc %{__global_compiler_flags} -mpa-risc-1-0
|
||||
optflags: hppa1.0 %{__global_compiler_flags} -mpa-risc-1-0
|
||||
optflags: hppa1.1 %{__global_compiler_flags} -mpa-risc-1-0
|
||||
optflags: hppa1.2 %{__global_compiler_flags} -mpa-risc-1-0
|
||||
optflags: hppa2.0 %{__global_compiler_flags} -mpa-risc-1-0
|
||||
|
||||
optflags: mips %{__global_compiler_flags} -march=mips32r2 -mfpxx
|
||||
optflags: mipsel %{__global_compiler_flags} -march=mips32r2 -mfpxx
|
||||
optflags: mips64 %{__global_compiler_flags} -march=mips64r2 -mabi=64
|
||||
optflags: mips64el %{__global_compiler_flags} -march=mips64r2 -mabi=64
|
||||
optflags: mipsr6 %{__global_compiler_flags} -march=mips32r6
|
||||
optflags: mipsr6el %{__global_compiler_flags} -march=mips32r6
|
||||
optflags: mips64r6 %{__global_compiler_flags} -march=mips64r6
|
||||
optflags: mips64r6el %{__global_compiler_flags} -march=mips64r6
|
||||
|
||||
optflags: armv3l %{__global_compiler_flags} -fsigned-char -march=armv3
|
||||
optflags: armv4b %{__global_compiler_flags} -fsigned-char -march=armv4
|
||||
optflags: armv4l %{__global_compiler_flags} -fsigned-char -march=armv4
|
||||
optflags: armv4tl %{__global_compiler_flags} -march=armv4t
|
||||
optflags: armv5tel %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
|
||||
optflags: armv5tejl %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
|
||||
optflags: armv6l %{__global_compiler_flags} -march=armv6 -mfloat-abi=soft
|
||||
optflags: armv6hl %{__global_compiler_flags} -march=armv6 -mfpu=vfp -mfloat-abi=hard
|
||||
optflags: armv6hnl %{__global_compiler_flags} -march=armv6 -mfpu=neon -mfloat-abi=hard
|
||||
optflags: armv7l %{__global_compiler_flags} -march=armv7-a -mfloat-abi=soft
|
||||
optflags: armv7hl %{__global_compiler_flags} -march=armv7-a -mfpu=vfpv3-d16 -mtune=generic-armv7-a -mabi=aapcs-linux -mfloat-abi=hard
|
||||
optflags: armv7hnl %{__global_compiler_flags} -march=armv7-a -mfpu=neon -mfloat-abi=hard
|
||||
|
||||
optflags: atarist %{__global_compiler_flags}
|
||||
optflags: atariste %{__global_compiler_flags}
|
||||
optflags: ataritt %{__global_compiler_flags}
|
||||
optflags: falcon %{__global_compiler_flags}
|
||||
optflags: atariclone %{__global_compiler_flags}
|
||||
optflags: milan %{__global_compiler_flags}
|
||||
optflags: hades %{__global_compiler_flags}
|
||||
|
||||
optflags: s390 %{__global_compiler_flags} -m31 -march=z13 -mtune=z14 -fasynchronous-unwind-tables
|
||||
optflags: s390x %{__global_compiler_flags} -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
|
||||
optflags: aarch64 %{__global_compiler_flags} -fasynchronous-unwind-tables -fstack-clash-protection
|
||||
|
||||
optflags: riscv64 %{__global_compiler_flags}
|
||||
|
||||
# set build arch to fedora buildarches on hardware capable of running it
|
||||
# saves having to do rpmbuild --target=
|
||||
buildarchtranslate: athlon: i686
|
||||
buildarchtranslate: geode: i686
|
||||
buildarchtranslate: pentium4: i686
|
||||
buildarchtranslate: pentium3: i686
|
||||
buildarchtranslate: i686: i686
|
||||
buildarchtranslate: i586: i586
|
||||
|
||||
buildarchtranslate: sparcv9: sparcv9
|
||||
buildarchtranslate: sparcv9v: sparcv9
|
||||
|
||||
buildarchtranslate: armv5tejl: armv5tel
|
||||
buildarchtranslate: armv6l: armv5tel
|
||||
buildarchtranslate: armv7l: armv5tel
|
||||
buildarchtranslate: armv7hl: armv7hl
|
||||
buildarchtranslate: armv7hnl: armv7hl
|
@ -0,0 +1,76 @@
|
||||
#! /usr/bin/perl -w
|
||||
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||
# USA.
|
||||
|
||||
use Getopt::Long qw(:config gnu_getopt);
|
||||
|
||||
sub rpm_cmp_versions {
|
||||
my ($evr1, $evr2) = @_;
|
||||
|
||||
sub _rpm_cmp {
|
||||
my ($s1, $s2) = @_;
|
||||
|
||||
return defined $s1 <=> defined $s2
|
||||
unless defined $s1 && defined $s2;
|
||||
|
||||
my ($r, $x1, $x2);
|
||||
do {
|
||||
$s1 =~ s/^[^a-zA-Z0-9]+//;
|
||||
$s2 =~ s/^[^a-zA-Z0-9]+//;
|
||||
if ($s1 =~ /^\d/ || $s2 =~ /^\d/) {
|
||||
$s1 =~ s/^0*(\d*)//; $x1 = $1;
|
||||
$s2 =~ s/^0*(\d*)//; $x2 = $1;
|
||||
$r = length $x1 <=> length $x2 || $x1 cmp $x2;
|
||||
} else {
|
||||
$s1 =~ s/^([a-zA-Z]*)//; $x1 = $1;
|
||||
$s2 =~ s/^([a-zA-Z]*)//; $x2 = $1;
|
||||
return 0
|
||||
if $x1 eq '' && $x2 eq '';
|
||||
$r = $x1 cmp $x2;
|
||||
}
|
||||
} until $r;
|
||||
return $r;
|
||||
}
|
||||
|
||||
my ($e1, $v1, $r1) = $evr1 =~ /^(?:(\d*):)?(.*?)(?:-([^-]*))?$/;
|
||||
my ($e2, $v2, $r2) = $evr2 =~ /^(?:(\d*):)?(.*?)(?:-([^-]*))?$/;
|
||||
my $r = _rpm_cmp($e1 || 0, $e2 || 0);
|
||||
$r = _rpm_cmp($v1, $v2)
|
||||
unless $r;
|
||||
$r = _rpm_cmp($r1, $r2)
|
||||
unless $r;
|
||||
return $r;
|
||||
}
|
||||
|
||||
my $reorder = sub { return @_ };
|
||||
my $key = 0;
|
||||
|
||||
GetOptions ("r|reverse" => sub { $reorder = sub { return reverse @_ } },
|
||||
"k|key=i" => \$key)
|
||||
or do {
|
||||
print STDERR "Usage\n";
|
||||
exit 1;
|
||||
};
|
||||
|
||||
if ($key == 0) {
|
||||
# Sort by entire lines
|
||||
map { print } &$reorder(sort { rpm_cmp_versions($a, $b) } <>);
|
||||
} else {
|
||||
# Sort by field $key
|
||||
my @data = map { [(split)[$key-1], $_] } <>;
|
||||
map { print } &$reorder(map { $_->[1] }
|
||||
sort { rpm_cmp_versions($a->[0], $b->[0]) } @data);
|
||||
}
|
@ -0,0 +1,40 @@
|
||||
#! /bin/sh
|
||||
|
||||
# Create a table of all symbol sets defined in all /boot/symsets*.tar.gz
|
||||
# files.
|
||||
#
|
||||
# Format:
|
||||
# kernelrelease/modver/symbol <tab> symset <tab> symset_hash
|
||||
#
|
||||
# This table is needed for computing the appropriate Requires: tags for
|
||||
# kernel module packages.
|
||||
|
||||
tmpdir=$(mktemp -t -d ${0##*/}.XXXXXX)
|
||||
trap "cd / ; rm -rf $tmpdir" EXIT
|
||||
cd $tmpdir
|
||||
|
||||
shopt -s nullglob
|
||||
for symsets in /boot/symsets-*.tar.gz; do
|
||||
zcat $symsets \
|
||||
| tar xf -
|
||||
done
|
||||
|
||||
for symsets in /usr/src/kernels/*/symsets-*.tar.gz; do
|
||||
zcat $symsets \
|
||||
| tar xf -
|
||||
done
|
||||
|
||||
for symsets in *; do
|
||||
krel=${symsets#symsets-}
|
||||
for symset in $symsets/*; do
|
||||
class=${symset##*/} ; class=${class%.*}
|
||||
hash=${symset##*.}
|
||||
awk '
|
||||
BEGIN { FS = "\t" ; OFS = "\t" }
|
||||
{ sub(/0x0*/, "", $1)
|
||||
print krel "/" $1 "/" $2, class, hash }
|
||||
' krel="$krel" class="$class" hash="$hash" $symset
|
||||
done
|
||||
done
|
||||
|
||||
# vim:shiftwidth=4 softtabstop=4
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue