commit
a51a0dbfe3
@ -0,0 +1,18 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Defined as %py_reproducible_pyc_path macro and passed here as
|
||||||
|
# the first command-line argument
|
||||||
|
path_to_fix=$1
|
||||||
|
|
||||||
|
# First, check that the parser is available:
|
||||||
|
if [ ! -x /usr/bin/marshalparser ]; then
|
||||||
|
echo "ERROR: If %py_reproducible_pyc_path is defined, you have to also BuildRequire: /usr/bin/marshalparser !"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
find "$path_to_fix" -type f -name "*.pyc" | xargs /usr/bin/marshalparser --fix --overwrite
|
@ -0,0 +1,13 @@
|
|||||||
|
#!/bin/sh -efu
|
||||||
|
# Force creating of DSO symlinks.
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create an empty config file for ldconfig to shut up a warning
|
||||||
|
config=$(mktemp -p "$RPM_BUILD_ROOT")
|
||||||
|
/sbin/ldconfig -f $(basename "$config") -N -r "$RPM_BUILD_ROOT"
|
||||||
|
rm -f "$config"
|
||||||
|
# TODO: warn if it created new symlinks and guide people.
|
@ -0,0 +1,165 @@
|
|||||||
|
#!/bin/bash -eu
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
exclude_files=""
|
||||||
|
exclude_files_from=""
|
||||||
|
exclude_shebangs=""
|
||||||
|
exclude_shebangs_from=""
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
local verbose=$1 && shift
|
||||||
|
local outfile=$1 && shift
|
||||||
|
local status=$1 && shift
|
||||||
|
|
||||||
|
(
|
||||||
|
echo 'usage: brp-mangle-shebangs [--files <regexp>] [--files-from <file>] [--shebangs <regexp>] [--shebangs-from <file>]'
|
||||||
|
if [ "${verbose}" == "yes" ]; then
|
||||||
|
echo ' --files: extended regexp of files to ignore'
|
||||||
|
echo ' --files-from: file containing a list of extended regexps of files to ignore'
|
||||||
|
echo ' --shebangs: extended regexp of shebangs to ignore'
|
||||||
|
echo ' --shebangs-from: file containing a list of extended regexps of shebangs to ignore'
|
||||||
|
fi
|
||||||
|
) >>${outfile}
|
||||||
|
exit ${status}
|
||||||
|
}
|
||||||
|
|
||||||
|
while [ $# -gt 0 ] ; do
|
||||||
|
case "$1" in
|
||||||
|
--files)
|
||||||
|
exclude_files="${2}"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--files=*)
|
||||||
|
exclude_files="${1##--files=}"
|
||||||
|
;;
|
||||||
|
--files-from)
|
||||||
|
exclude_files_from="${2}"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--files-from=*)
|
||||||
|
exclude_files_from="${1##--files-from=}"
|
||||||
|
;;
|
||||||
|
--shebangs)
|
||||||
|
exclude_shebangs="${2}"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--shebangs=*)
|
||||||
|
exclude_shebangs="${1##--shebangs=}"
|
||||||
|
;;
|
||||||
|
--shebangs-from)
|
||||||
|
exclude_shebangs_from="${2}"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--shebangs-from=*)
|
||||||
|
exclude_shebangs_from="${1##--shebangs-from=}"
|
||||||
|
;;
|
||||||
|
--help|--usage|"-?"|-h)
|
||||||
|
usage yes /dev/stdout 0
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unknown option \"${1}\"" 1>&2
|
||||||
|
usage no /dev/stderr 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
cd "$RPM_BUILD_ROOT"
|
||||||
|
|
||||||
|
# Large packages such as kernel can have thousands of executable files.
|
||||||
|
# We take care to not fork/exec thousands of "file"s and "grep"s,
|
||||||
|
# but run just two of them.
|
||||||
|
# (Take care to exclude filenames which would mangle "file" output).
|
||||||
|
find -executable -type f ! -path '*:*' ! -path $'*\n*' \
|
||||||
|
| file -N --mime-type -f - \
|
||||||
|
| grep -P ".+(?=: (text/|application/javascript))" \
|
||||||
|
| {
|
||||||
|
fail=0
|
||||||
|
while IFS= read -r line; do
|
||||||
|
f=${line%%:*}
|
||||||
|
|
||||||
|
# Remove the dot
|
||||||
|
path="${f#.}"
|
||||||
|
|
||||||
|
if [ -n "$exclude_files" ]; then
|
||||||
|
echo "$path" | grep -q -E "$exclude_files" && continue
|
||||||
|
fi
|
||||||
|
if [ -n "$exclude_files_from" ]; then
|
||||||
|
echo "$path" | grep -q -E -f "$exclude_files_from" && continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if ! read shebang_line < "$f"; then
|
||||||
|
echo >&2 "*** WARNING: Cannot read the first line from $f, removing executable bit"
|
||||||
|
ts=$(stat -c %y "$f")
|
||||||
|
chmod -x "$f"
|
||||||
|
touch -d "$ts" "$f"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
orig_shebang="${shebang_line#\#!}"
|
||||||
|
if [ "$orig_shebang" = "$shebang_line" ]; then
|
||||||
|
echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit"
|
||||||
|
ts=$(stat -c %y "$f")
|
||||||
|
chmod -x "$f"
|
||||||
|
touch -d "$ts" "$f"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Trim spaces
|
||||||
|
while shebang="${orig_shebang// / }"; [ "$shebang" != "$orig_shebang" ]; do
|
||||||
|
orig_shebang="$shebang"
|
||||||
|
done
|
||||||
|
# Treat "#! /path/to " as "#!/path/to"
|
||||||
|
orig_shebang="${orig_shebang# }"
|
||||||
|
|
||||||
|
shebang="$orig_shebang"
|
||||||
|
|
||||||
|
if [ -z "$shebang" ]; then
|
||||||
|
echo >&2 "*** WARNING: $f is executable but has empty shebang, removing executable bit"
|
||||||
|
ts=$(stat -c %y "$f")
|
||||||
|
chmod -x "$f"
|
||||||
|
touch -d "$ts" "$f"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
if [ -n "${shebang##/*}" ]; then
|
||||||
|
echo >&2 "*** ERROR: $f has shebang which doesn't start with '/' ($shebang)"
|
||||||
|
fail=1
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! { echo "$shebang" | grep -q -P "^/(?:usr/)?(?:bin|sbin)/"; }; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Replace "special" env shebang:
|
||||||
|
# /whatsoever/env /whatever/foo → /whatever/foo
|
||||||
|
shebang=$(echo "$shebang" | sed -r -e 's@^(.+)/env /(.+)$@/\2@')
|
||||||
|
# /whatsoever/env foo → /whatsoever/foo
|
||||||
|
shebang=$(echo "$shebang" | sed -r -e 's@^(.+/)env (.+)$@\1\2@')
|
||||||
|
|
||||||
|
# If the shebang now starts with /bin, change it to /usr/bin
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1581757
|
||||||
|
shebang=$(echo "$shebang" | sed -r -e 's@^/bin/@/usr/bin/@')
|
||||||
|
|
||||||
|
# Replace ambiguous python with python2
|
||||||
|
py_shebang=$(echo "$shebang" | sed -r -e 's@/usr/bin/python(\s|$)@/usr/bin/python2\1@')
|
||||||
|
|
||||||
|
if [ "$shebang" != "$py_shebang" ]; then
|
||||||
|
echo >&2 "*** ERROR: ambiguous python shebang in $path: #!$orig_shebang. Change it to python3 (or python2) explicitly."
|
||||||
|
fail=1
|
||||||
|
elif [ "#!$shebang" != "#!$orig_shebang" ]; then
|
||||||
|
echo "mangling shebang in $path from $orig_shebang to #!$shebang"
|
||||||
|
ts=$(stat -c %y "$f")
|
||||||
|
sed -i -e "1c #!$shebang" "$f"
|
||||||
|
touch -d "$ts" "$f"
|
||||||
|
fi
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
exit $fail
|
||||||
|
}
|
@ -0,0 +1,141 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
errors_terminate=$2
|
||||||
|
|
||||||
|
# Usage of %_python_bytecompile_extra is not allowed anymore
|
||||||
|
# See: https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_3
|
||||||
|
# Therefore $1 ($default_python) is not needed and is invoked with "" by default.
|
||||||
|
# $default_python stays in the arguments for backward compatibility and $extra for the following check:
|
||||||
|
extra=$3
|
||||||
|
if [ 0$extra -eq 1 ]; then
|
||||||
|
echo -e "%_python_bytecompile_extra is discontinued, use %py_byte_compile instead.\nSee: https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_3" >/dev/stderr
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Figure out how deep we need to descend. We could pick an insanely high
|
||||||
|
# number and hope it's enough, but somewhere, somebody's sure to run into it.
|
||||||
|
depth=`(find "$RPM_BUILD_ROOT" -type f -name "*.py" -print0 ; echo /) | \
|
||||||
|
xargs -0 -n 1 dirname | sed 's,[^/],,g' | sort -u | tail -n 1 | wc -c`
|
||||||
|
if [ -z "$depth" -o "$depth" -le "1" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# This function now implements Python byte-compilation in three different ways:
|
||||||
|
# Python >= 3.4 and < 3.9 uses a new module compileall2 - https://github.com/fedora-python/compileall2
|
||||||
|
# Python < 3.4 (inc. Python 2) uses compileall module from stdlib with some hacks
|
||||||
|
# When we drop support for Python 2, we'd be able to use all compileall2 features like:
|
||||||
|
# - -s and -p options to manipulate with a path baked into pyc files instead of $real_libdir
|
||||||
|
# - -o 0 -o 1 to produce multiple files in one run - each with a different optimization level - instead of $options
|
||||||
|
# - removed useless $depth - both compileall and compileall2 are limited by sys.getrecursionlimit()
|
||||||
|
# These changes will make this script much simpler
|
||||||
|
# In Python >= 3.9, compileall2 was merged back to standard library (compileall) so we can use it directly again.
|
||||||
|
function python_bytecompile()
|
||||||
|
{
|
||||||
|
local options=$1
|
||||||
|
local python_binary=$2
|
||||||
|
local exclude=$3
|
||||||
|
local python_libdir=$4
|
||||||
|
local depth=$5 # Not used for Python >= 3.4
|
||||||
|
local real_libdir=$6 # Not used for Python >= 3.4
|
||||||
|
|
||||||
|
python_version=$($python_binary -c "import sys; sys.stdout.write('{0.major}{0.minor}'.format(sys.version_info))")
|
||||||
|
|
||||||
|
#
|
||||||
|
# Python 3.9 and higher
|
||||||
|
#
|
||||||
|
if [ "$python_version" -ge 39 ]; then
|
||||||
|
|
||||||
|
[ ! -z $exclude ] && exclude="-x '$exclude'"
|
||||||
|
# -q disables verbose output
|
||||||
|
# -f forces the process to overwrite existing compiled files
|
||||||
|
# -x excludes paths defined by regex
|
||||||
|
# -e excludes symbolic links pointing outside the build root
|
||||||
|
# -x and -e together implements the same functionality as the Filter class below
|
||||||
|
# -s strips $RPM_BUILD_ROOT from the path
|
||||||
|
# -p prepends the leading slash to the path to make it absolute
|
||||||
|
$python_binary -B $options -m compileall -q -f $exclude -s $RPM_BUILD_ROOT -p / -e $RPM_BUILD_ROOT $python_libdir
|
||||||
|
|
||||||
|
#
|
||||||
|
# Python 3.4 and higher
|
||||||
|
#
|
||||||
|
elif [ "$python_version" -ge 34 ]; then
|
||||||
|
|
||||||
|
[ ! -z $exclude ] && exclude="-x '$exclude'"
|
||||||
|
# /usr/lib/rpm/redhat/ contains compileall2 Python module
|
||||||
|
# -q disables verbose output
|
||||||
|
# -f forces the process to overwrite existing compiled files
|
||||||
|
# -x excludes paths defined by regex
|
||||||
|
# -e excludes symbolic links pointing outside the build root
|
||||||
|
# -x and -e together implements the same functionality as the Filter class below
|
||||||
|
# -s strips $RPM_BUILD_ROOT from the path
|
||||||
|
# -p prepends the leading slash to the path to make it absolute
|
||||||
|
PYTHONPATH=/usr/lib/rpm/redhat/ $python_binary -B $options -m compileall2 -q -f $exclude -s $RPM_BUILD_ROOT -p / -e $RPM_BUILD_ROOT $python_libdir
|
||||||
|
else
|
||||||
|
#
|
||||||
|
# Python 3.3 and lower (incl. Python 2)
|
||||||
|
#
|
||||||
|
|
||||||
|
cat << EOF | $python_binary $options
|
||||||
|
import compileall, sys, os, re
|
||||||
|
|
||||||
|
python_libdir = "$python_libdir"
|
||||||
|
depth = $depth
|
||||||
|
real_libdir = "$real_libdir"
|
||||||
|
build_root = "$RPM_BUILD_ROOT"
|
||||||
|
exclude = r"$exclude"
|
||||||
|
|
||||||
|
class Filter:
|
||||||
|
def search(self, path):
|
||||||
|
ret = not os.path.realpath(path).startswith(build_root)
|
||||||
|
if exclude:
|
||||||
|
ret = ret or re.search(exclude, path)
|
||||||
|
return ret
|
||||||
|
|
||||||
|
sys.exit(not compileall.compile_dir(python_libdir, depth, real_libdir, force=1, rx=Filter(), quiet=1))
|
||||||
|
EOF
|
||||||
|
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# .pyc/.pyo files embed a "magic" value, identifying the ABI version of Python
|
||||||
|
# bytecode that they are for.
|
||||||
|
#
|
||||||
|
# The files below RPM_BUILD_ROOT could be targeting multiple versions of
|
||||||
|
# python (e.g. a single build that emits several subpackages e.g. a
|
||||||
|
# python26-foo subpackage, a python31-foo subpackage etc)
|
||||||
|
#
|
||||||
|
# Support this by assuming that below each /usr/lib/python$VERSION/, all
|
||||||
|
# .pyc/.pyo files are to be compiled for /usr/bin/python$VERSION.
|
||||||
|
#
|
||||||
|
# For example, below /usr/lib/python2.6/, we're targeting /usr/bin/python2.6
|
||||||
|
# and below /usr/lib/python3.1/, we're targeting /usr/bin/python3.1
|
||||||
|
|
||||||
|
# Disable Python hash seed randomization
|
||||||
|
# This should help with byte-compilation reproducibility: https://bugzilla.redhat.com/show_bug.cgi?id=1686078
|
||||||
|
export PYTHONHASHSEED=0
|
||||||
|
|
||||||
|
shopt -s nullglob
|
||||||
|
for python_libdir in `find "$RPM_BUILD_ROOT" -type d|grep -E "/(usr|app)/lib(64)?/python[0-9]\.[0-9]+$"`;
|
||||||
|
do
|
||||||
|
python_binary=$(basename $python_libdir)
|
||||||
|
real_libdir=${python_libdir/$RPM_BUILD_ROOT/}
|
||||||
|
echo "Bytecompiling .py files below $python_libdir using $python_binary"
|
||||||
|
|
||||||
|
# Generate normal (.pyc) byte-compiled files.
|
||||||
|
python_bytecompile "" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
|
||||||
|
if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
|
||||||
|
# One or more of the files had a syntax error
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Generate optimized (.pyo) byte-compiled files.
|
||||||
|
python_bytecompile "-O" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
|
||||||
|
if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
|
||||||
|
# One or more of the files had a syntax error
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
@ -0,0 +1,17 @@
|
|||||||
|
#!/usr/bin/sh
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
STRIP=${1:-strip}
|
||||||
|
NCPUS=${RPM_BUILD_NCPUS:-1}
|
||||||
|
|
||||||
|
case `uname -a` in
|
||||||
|
Darwin*) exit 0 ;;
|
||||||
|
*) ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Strip ELF binaries
|
||||||
|
find "$RPM_BUILD_ROOT" -type f -name '*.[ao]' \! -regex "$RPM_BUILD_ROOT/*usr/lib/debug.*" -print0 | \
|
||||||
|
eu-elfclassify --not-program --not-library --not-linux-kernel-module --stdin0 --print0 | xargs -0 -r -P$NCPUS -n32 sh -c "$STRIP -p -R .gnu.lto_* -R .gnu.debuglto_* -N __gnu_lto_v1 \"\$@\"" ARG0
|
@ -0,0 +1,532 @@
|
|||||||
|
This document contains documentation of the individual compiler flags
|
||||||
|
and how to use them.
|
||||||
|
|
||||||
|
[TOC]
|
||||||
|
|
||||||
|
# Using RPM build flags
|
||||||
|
|
||||||
|
For packages which use autoconf to set up the build environment, use
|
||||||
|
the `%configure` macro to obtain the full complement of flags, like
|
||||||
|
this:
|
||||||
|
|
||||||
|
%configure
|
||||||
|
|
||||||
|
This will invoke the `./configure` with arguments (such as
|
||||||
|
`--prefix=/usr`) to adjust the paths to the packaging defaults.
|
||||||
|
Prior to that, some common problems in autotools scripts are
|
||||||
|
automatically patched across the source tree.
|
||||||
|
|
||||||
|
As a side effect, this will set the environment variables `CFLAGS`,
|
||||||
|
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, `LDFLAGS` and `LT_SYS_LIBRARY_PATH`,
|
||||||
|
so they can be used by makefiles and other build tools. (However,
|
||||||
|
existing values for these variables are not overwritten.)
|
||||||
|
|
||||||
|
If your package does not use autoconf, you can still set the same
|
||||||
|
environment variables using
|
||||||
|
|
||||||
|
%set_build_flags
|
||||||
|
|
||||||
|
early in the `%build` section. (Again, existing environment variables
|
||||||
|
are not overwritten.) `%set_build_flags` does not perform autotools
|
||||||
|
script rewriting, unlike `%configure`.
|
||||||
|
|
||||||
|
Individual build flags are also available through RPM macros:
|
||||||
|
|
||||||
|
* `%{build_cflags}` for the C compiler flags (also known as the
|
||||||
|
`CFLAGS` variable). Also historically available as `%{optflags}`.
|
||||||
|
Furthermore, at the start of the `%build` section, the environment
|
||||||
|
variable `RPM_OPT_FLAGS` is set to this value.
|
||||||
|
* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
|
||||||
|
the `CXXFLAGS` shell variable).
|
||||||
|
* `%{build_fflags} for `FFLAGS` (the Fortran compiler flags, also
|
||||||
|
known as the `FCFLAGS` variable).
|
||||||
|
* `%{build_ldflags}` for the link editor (ld) flags, usually known as
|
||||||
|
`LDFLAGS`. Note that the contents quotes linker arguments using
|
||||||
|
`-Wl`, so this variable is intended for use with the `gcc` compiler
|
||||||
|
driver. At the start of the `%build` section, the environment
|
||||||
|
variable `RPM_LD_FLAGS` is set to this value.
|
||||||
|
|
||||||
|
The variable `LT_SYS_LIBRARY_PATH` is defined here to prevent the `libtool`
|
||||||
|
script (v2.4.6+) from hardcoding %_libdir into the binaries' RPATH.
|
||||||
|
|
||||||
|
These RPM macros do not alter shell environment variables.
|
||||||
|
|
||||||
|
For some other build tools separate mechanisms exist:
|
||||||
|
|
||||||
|
* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
|
||||||
|
package.
|
||||||
|
|
||||||
|
Care must be taking not to compile the current selection of compiler
|
||||||
|
flags into any RPM package besides `redhat-rpm-config`, so that flag
|
||||||
|
changes are picked up automatically once `redhat-rpm-config` is
|
||||||
|
updated.
|
||||||
|
|
||||||
|
# Flag selection for the build type
|
||||||
|
|
||||||
|
The default flags are suitable for building applications.
|
||||||
|
|
||||||
|
For building shared objects, you must compile with `-fPIC` in
|
||||||
|
(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
|
||||||
|
|
||||||
|
For other considerations involving shared objects, see:
|
||||||
|
|
||||||
|
* [Fedora Packaging Guidelines: Shared Libraries](https://docs.fedoraproject.org/en-US/packaging-guidelines/#_shared_libraries)
|
||||||
|
|
||||||
|
# Customizing compiler and other build flags
|
||||||
|
|
||||||
|
It is possible to set RPM macros to change some aspects of the
|
||||||
|
compiler flags. Changing these flags should be used as a last
|
||||||
|
recourse if other workarounds are not available.
|
||||||
|
|
||||||
|
### Toolchain selection
|
||||||
|
|
||||||
|
The default toolchain uses GCC, and the `%toolchain` macro is defined
|
||||||
|
as `gcc`.
|
||||||
|
|
||||||
|
It is enough to override `toolchain` macro and all relevant macro for C/C++
|
||||||
|
compilers will be switched. Either in the spec or in the command-line.
|
||||||
|
|
||||||
|
%global toolchain clang
|
||||||
|
|
||||||
|
or:
|
||||||
|
|
||||||
|
rpmbuild -D "toolchain clang" …
|
||||||
|
|
||||||
|
Inside a spec file it is also possible to determine which toolchain is in use
|
||||||
|
by testing the same macro. For example:
|
||||||
|
|
||||||
|
%if "%{toolchain}" == "gcc"
|
||||||
|
BuildRequires: gcc
|
||||||
|
%endif
|
||||||
|
|
||||||
|
or:
|
||||||
|
|
||||||
|
%if "%{toolchain}" == "clang"
|
||||||
|
BuildRequires: clang compiler-rt
|
||||||
|
%endif
|
||||||
|
|
||||||
|
### Disable autotools compatibility patching
|
||||||
|
|
||||||
|
By default, the invocation of the `%configure` macro replaces
|
||||||
|
`config.guess` files in the source tree with the system version. To
|
||||||
|
disable that, define this macro:
|
||||||
|
|
||||||
|
%global _configure_gnuconfig_hack 0
|
||||||
|
|
||||||
|
`%configure` also patches `ltmain.sh` scripts, so that linker flags
|
||||||
|
are set as well during libtool-. This can be switched off using:
|
||||||
|
|
||||||
|
%global _configure_libtool_hardening_hack 0
|
||||||
|
|
||||||
|
Further patching happens in LTO mode, see below.
|
||||||
|
|
||||||
|
### Disabling Link-Time Optimization
|
||||||
|
|
||||||
|
By default, builds use link-time optimization. In this build mode,
|
||||||
|
object code is generated at the time of the final link, by combining
|
||||||
|
information from all available translation units, and taking into
|
||||||
|
account which symbols are exported.
|
||||||
|
|
||||||
|
To disable this optimization, include this in the spec file:
|
||||||
|
|
||||||
|
%define _lto_cflags %{nil}
|
||||||
|
|
||||||
|
If LTO is enabled, `%configure` applies some common required fixes to
|
||||||
|
`configure` scripts. To disable that, define the RPM macro
|
||||||
|
`_fix_broken_configure_for_lto` as `true` (sic; it has to be a shell
|
||||||
|
command).
|
||||||
|
|
||||||
|
### Lazy binding
|
||||||
|
|
||||||
|
If your package depends on the semantics of lazy binding (e.g., it has
|
||||||
|
plugins which load additional plugins to complete their dependencies,
|
||||||
|
before which some referenced functions are undefined), you should put
|
||||||
|
`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
|
||||||
|
which have such requirements. Under these circumstances, it is
|
||||||
|
unnecessary to disable hardened builds (and thus lose full ASLR for
|
||||||
|
executables), or link everything without `-Wl,z,now` (non-lazy
|
||||||
|
binding).
|
||||||
|
|
||||||
|
### Hardened builds
|
||||||
|
|
||||||
|
By default, the build flags enable fully hardened builds. To change
|
||||||
|
this, include this in the RPM spec file:
|
||||||
|
|
||||||
|
%undefine _hardened_build
|
||||||
|
|
||||||
|
This turns off certain hardening features, as described in detail
|
||||||
|
below. The main difference is that executables will be
|
||||||
|
position-dependent (no full ASLR) and use lazy binding.
|
||||||
|
|
||||||
|
### Annotated builds/watermarking
|
||||||
|
|
||||||
|
By default, the build flags cause a special output section to be
|
||||||
|
included in ELF files which describes certain aspects of the build.
|
||||||
|
To change this for all compiler invocations, include this in the RPM
|
||||||
|
spec file:
|
||||||
|
|
||||||
|
%undefine _annotated_build
|
||||||
|
|
||||||
|
Be warned that this turns off watermarking, making it impossible to do
|
||||||
|
full hardening coverage analysis for any binaries produced.
|
||||||
|
|
||||||
|
It is possible to disable annotations for individual compiler
|
||||||
|
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
|
||||||
|
the annobin plugin must still be loaded for this flag to be
|
||||||
|
recognized, so it has to come after the hardening flags on the command
|
||||||
|
line (it has to be added at the end of `CFLAGS`, or specified after
|
||||||
|
the `CFLAGS` variable contents).
|
||||||
|
|
||||||
|
### Keeping dependencies on unused shared objects
|
||||||
|
|
||||||
|
By default, ELF shared objects which are listed on the linker command
|
||||||
|
line, but which have no referencing symbols in the preceding objects,
|
||||||
|
are not added to the output file during the final link.
|
||||||
|
|
||||||
|
In order to keep dependencies on shared objects even if none of
|
||||||
|
their symbols are used, include this in the RPM spec file:
|
||||||
|
|
||||||
|
%undefine _ld_as_needed
|
||||||
|
|
||||||
|
For example, this can be required if shared objects are used for their
|
||||||
|
side effects in ELF constructors, or for making them available to
|
||||||
|
dynamically loaded plugins.
|
||||||
|
|
||||||
|
### Strict symbol checks in the link editor (ld)
|
||||||
|
|
||||||
|
Optionally, the link editor will refuse to link shared objects which
|
||||||
|
contain undefined symbols. Such symbols lack symbol versioning
|
||||||
|
information and can be bound to the wrong (compatibility) symbol
|
||||||
|
version at run time, and not the actual (default) symbol version which
|
||||||
|
would have been used if the symbol definition had been available at
|
||||||
|
static link time. Furthermore, at run time, the dynamic linker will
|
||||||
|
not have complete dependency information (in the form of DT_NEEDED
|
||||||
|
entries), which can lead to errors (crashes) if IFUNC resolvers are
|
||||||
|
executed before the shared object containing them is fully relocated.
|
||||||
|
|
||||||
|
To switch on these checks, define this macro in the RPM spec file:
|
||||||
|
|
||||||
|
%define _strict_symbol_defs_build 1
|
||||||
|
|
||||||
|
If this RPM spec option is active, link failures will occur if the
|
||||||
|
linker command line does not list all shared objects which are needed.
|
||||||
|
In this case, you need to add the missing DSOs (with linker arguments
|
||||||
|
such as `-lm`). As a result, the link editor will also generated the
|
||||||
|
necessary DT_NEEDED entries.
|
||||||
|
|
||||||
|
In some cases (such as when a DSO is loaded as a plugin and is
|
||||||
|
expected to bind to symbols in the main executable), undefined symbols
|
||||||
|
are expected. In this case, you can add
|
||||||
|
|
||||||
|
%undefine _strict_symbol_defs_build
|
||||||
|
|
||||||
|
to the RPM spec file to disable these strict checks. Alternatively,
|
||||||
|
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
|
||||||
|
command line). The latter needs binutils 2.29.1-12.fc28 or later.
|
||||||
|
|
||||||
|
### Legacy -fcommon
|
||||||
|
|
||||||
|
Since version 10, [gcc defaults to `-fno-common`](https://gcc.gnu.org/gcc-10/porting_to.html#common).
|
||||||
|
Builds may fail with `multiple definition of ...` errors.
|
||||||
|
|
||||||
|
As a short term workaround for such failure,
|
||||||
|
it is possible to add `-fcommon` to the flags by defining `%_legacy_common_support`.
|
||||||
|
|
||||||
|
%define _legacy_common_support 1
|
||||||
|
|
||||||
|
Properly fixing the failure is always preferred!
|
||||||
|
|
||||||
|
### Post-build ELF object processing
|
||||||
|
|
||||||
|
By default, DWARF debugging information is separated from installed
|
||||||
|
ELF objects and put into `-debuginfo` subpackages. To disable most
|
||||||
|
debuginfo processing (and thus the generation of these subpackages),
|
||||||
|
define `_enable_debug_packages` as `0`.
|
||||||
|
|
||||||
|
Processing of debugging information is controlled using the
|
||||||
|
`find-debuginfo` tool from the `debugedit` package. Several aspects
|
||||||
|
of its operation can be controlled at the RPM level.
|
||||||
|
|
||||||
|
* Creation of `-debuginfo` subpackages is enabled by default.
|
||||||
|
To disable, undefine `_debuginfo_subpackages`.
|
||||||
|
* Likewise, `-debugsource` subpackages are automatically created.
|
||||||
|
To disable, undefine `_debugsource_subpackages`.
|
||||||
|
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
|
||||||
|
for background information.
|
||||||
|
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
|
||||||
|
`_unique_debug_srcs` control how debugging information and
|
||||||
|
corresponding source files are represented on disk.
|
||||||
|
See `/usr/lib/rpm/macros` for details. The defaults
|
||||||
|
enable parallel installation of `-debuginfo` packages for
|
||||||
|
different package versions, as described in
|
||||||
|
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
|
||||||
|
* By default, a compressed symbol table is preserved in the
|
||||||
|
`.gnu_debugdata` section. To disable that, undefine
|
||||||
|
`_include_minidebuginfo`.
|
||||||
|
* To speed up debuggers, a `.gdb_index` section is created. It can be
|
||||||
|
disabled by undefining `_include_gdb_index`.
|
||||||
|
* Missing build IDs result in a build failure. To ignore such
|
||||||
|
problems, undefine `_missing_build_ids_terminate_build`.
|
||||||
|
* During processing, build IDs are recomputed to match the binary
|
||||||
|
content. To skip this step, define `_no_recompute_build_ids` as `1`.
|
||||||
|
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
|
||||||
|
(DWARF compression) processing. Undefine this macro to disable this
|
||||||
|
step.
|
||||||
|
* Additional options can be passed by defining the
|
||||||
|
`_find_debuginfo_opts` macro.
|
||||||
|
|
||||||
|
After separation of debugging information, additional transformations
|
||||||
|
are applied, most of them also related to debugging information.
|
||||||
|
These steps can be skipped by undefining the corresponding macros:
|
||||||
|
|
||||||
|
* `__brp_strip`: Removal of leftover debugging information. The tool
|
||||||
|
specified by the `__strip` macro is invoked with the `-g` option on
|
||||||
|
ELF object (`.o`) files.
|
||||||
|
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
|
||||||
|
processes static `.a` archives instead.
|
||||||
|
* `__brp_strip_comment_note`: This step removes unallocated `.note`
|
||||||
|
sections, and `.comment` sections from ELF files.
|
||||||
|
* `__brp_strip_lto`: This step removes GCC LTO intermediate representation
|
||||||
|
in ELF sections starting with `.gnu.lto_` and `.gnu.debuglto_`. Skipping
|
||||||
|
this step is strongly discouraged because the tight coupling of LTO
|
||||||
|
data with the GCC version. The underlying tool is again determined by the
|
||||||
|
`__strip` macro.
|
||||||
|
* `__brp_llvm_compile_lto_elf`: This step replaces LLVM bitcode files
|
||||||
|
with object files, thereby removing LLVM bitcode from the installed
|
||||||
|
files. This transformation is applied to object files in static `.a`
|
||||||
|
archives, too.
|
||||||
|
* `__brp_ldconfig`: For each shared object on the library search path
|
||||||
|
whose soname does not match its file name, a symbolic link from the
|
||||||
|
soname to the file name is created. This way, these shared objects
|
||||||
|
are loadable immediately after installation, even if they are not yet
|
||||||
|
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
|
||||||
|
invoked yet).
|
||||||
|
|
||||||
|
# Individual compiler flags
|
||||||
|
|
||||||
|
Compiler flags end up in the environment variables `CFLAGS`,
|
||||||
|
`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
|
||||||
|
|
||||||
|
The general (architecture-independent) build flags are:
|
||||||
|
|
||||||
|
* `-O2`: Turn on various GCC optimizations. See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
|
||||||
|
Optimization improves performance, the accuracy of warnings, and the
|
||||||
|
reach of toolchain-based hardening, but it makes debugging harder.
|
||||||
|
* `-g`: Generate debugging information (DWARF). In Fedora, this data
|
||||||
|
is separated into `-debuginfo` RPM packages whose installation is
|
||||||
|
optional, so debuging information does not increase the size of
|
||||||
|
installed binaries by default.
|
||||||
|
* `-pipe`: Run compiler and assembler in parallel and do not use a
|
||||||
|
temporary file for the assembler input. This can improve
|
||||||
|
compilation performance. (This does not affect code generation.)
|
||||||
|
* `-Wall`: Turn on various GCC warnings.
|
||||||
|
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
|
||||||
|
* `-Werror=format-security`: Turn on format string warnings and treat
|
||||||
|
them as errors.
|
||||||
|
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
|
||||||
|
This can occasionally result in compilation errors. In this case,
|
||||||
|
the best option is to rewrite the source code so that only constant
|
||||||
|
format strings (string literals) are used.
|
||||||
|
* `-Wp,-D_FORTIFY_SOURCE=2`: Source fortification activates various
|
||||||
|
hardening features in glibc:
|
||||||
|
* String functions such as `memcpy` attempt to detect buffer lengths
|
||||||
|
and terminate the process if a buffer overflow is detected.
|
||||||
|
* `printf` format strings may only contain the `%n` format specifier
|
||||||
|
if the format string resides in read-only memory.
|
||||||
|
* `open` and `openat` flags are checked for consistency with the
|
||||||
|
presence of a *mode* argument.
|
||||||
|
* Plus other minor hardening changes.
|
||||||
|
(These changes can occasionally break valid programs.)
|
||||||
|
* `-fexceptions`: Provide exception unwinding support for C programs.
|
||||||
|
See the [`-fexceptions` option in the GCC
|
||||||
|
manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
|
||||||
|
and the [`cleanup` variable
|
||||||
|
attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
|
||||||
|
This also hardens cancellation handling in C programs because
|
||||||
|
it is not required to use an on-stack jump buffer to install
|
||||||
|
a cancellation handler with `pthread_cleanup_push`. It also makes
|
||||||
|
it possible to unwind the stack (using C++ `throw` or Rust panics)
|
||||||
|
from C callback functions if a C library supports non-local exits
|
||||||
|
from them (e.g., via `longjmp`).
|
||||||
|
* `-fasynchronous-unwind-tables`: Generate full unwind information
|
||||||
|
covering all program points. This is required for support of
|
||||||
|
asynchronous cancellation and proper unwinding from signal
|
||||||
|
handlers. It also makes performance and debugging tools more
|
||||||
|
useful because unwind information is available without having to
|
||||||
|
install (and load) debugging information.
|
||||||
|
* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
|
||||||
|
C++ standard library, such as bounds checking for the subscription
|
||||||
|
operator on vectors. (This flag is added to both `CFLAGS` and
|
||||||
|
`CXXFLAGS`; C compilations will simply ignore it.)
|
||||||
|
* `-fstack-protector-strong`: Instrument functions to detect
|
||||||
|
stack-based buffer overflows before jumping to the return address on
|
||||||
|
the stack. The *strong* variant only performs the instrumentation
|
||||||
|
for functions whose stack frame contains addressable local
|
||||||
|
variables. (If the address of a variable is never taken, it is not
|
||||||
|
possible that a buffer overflow is caused by incorrect pointer
|
||||||
|
arithmetic involving a pointer to that variable.)
|
||||||
|
* `-fstack-clash-protection`: Turn on instrumentation to avoid
|
||||||
|
skipping the guard page in large stack frames. (Without this flag,
|
||||||
|
vulnerabilities can result where the stack overlaps with the heap,
|
||||||
|
or thread stacks spill into other regions of memory.) This flag is
|
||||||
|
fully ABI-compatible and has adds very little run-time overhead.
|
||||||
|
This flag is currently not available on aarch64 with the `clang` toolchain.
|
||||||
|
* `-flto=auto`: Enable link-time optimization (LTO), using `make` job server
|
||||||
|
integration for parallel processing. (`gcc` toolchain only)
|
||||||
|
* `-ffat-lto-objects`: Generate EFL object files which contain both
|
||||||
|
object code and LTO intermediate representation. (`gcc` toolchain only)
|
||||||
|
* `-flto`: Enable link-time optimization. (`clang` toolchain only)
|
||||||
|
* `-grecord-gcc-switches`: Include select GCC command line switches in
|
||||||
|
the DWARF debugging information. This is useful for detecting the
|
||||||
|
presence of certain build flags and general hardening coverage.
|
||||||
|
* `-fcommon`: This optional flag is used to build legacy software
|
||||||
|
which relies on C tentative definitions. It is disabled by default.
|
||||||
|
|
||||||
|
For hardened builds (which are enabled by default, see above for how
|
||||||
|
to disable them), the flag
|
||||||
|
`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
|
||||||
|
command line. It adds the following flag to the command line:
|
||||||
|
|
||||||
|
* `-fPIE`: Compile for a position-independent executable (PIE),
|
||||||
|
enabling full address space layout randomization (ASLR). This is
|
||||||
|
similar to `-fPIC`, but avoids run-time indirections on certain
|
||||||
|
architectures, resulting in improved performance and slightly
|
||||||
|
smaller executables. However, compared to position-dependent code
|
||||||
|
(the default generated by GCC), there is still a measurable
|
||||||
|
performance impact.
|
||||||
|
|
||||||
|
If the command line also contains `-r` (producing a relocatable
|
||||||
|
object file), `-fpic` or `-fPIC`, this flag is automatically
|
||||||
|
dropped. (`-fPIE` can only be used for code which is linked into
|
||||||
|
the main program.) Code which goes into static libraries should be
|
||||||
|
compiled with `-fPIE`, except when this code is expected to be
|
||||||
|
linked into DSOs, when `-fPIC` must be used.
|
||||||
|
|
||||||
|
To be effective, `-fPIE` must be used with the `-pie` linker flag
|
||||||
|
when producing an executable, see below.
|
||||||
|
|
||||||
|
To support [binary watermarks for ELF
|
||||||
|
objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
|
||||||
|
annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
|
||||||
|
added by default (with the `gcc` toolchain). This can be switched off
|
||||||
|
by undefining the `%_annotated_build` RPM macro (see above). Binary
|
||||||
|
watermarks are currently disabled with the `clang` toolchain.
|
||||||
|
|
||||||
|
### Architecture-specific compiler flags
|
||||||
|
|
||||||
|
These compiler flags are enabled for all builds (hardened/annotated or
|
||||||
|
not), but their selection depends on the architecture:
|
||||||
|
|
||||||
|
* `-fcf-protection`: Instrument binaries to guard against
|
||||||
|
ROP/JOP attacks. Used on i686 and x86_64.
|
||||||
|
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
|
||||||
|
the same compilation. For such architectures, the RPM build process
|
||||||
|
explicitly selects the architecture variant by passing this compiler
|
||||||
|
flag.
|
||||||
|
|
||||||
|
In addition, `redhat-rpm-config` re-selects the built-in default
|
||||||
|
tuning in the `gcc` package. These settings are:
|
||||||
|
|
||||||
|
* **i686**: `-march=i686` is used to select a minmum support CPU level
|
||||||
|
of i686 (corresponding to the Pentium Pro). SSE2 support is
|
||||||
|
enabled with `-msse2` (so only CPUs with SSE2 support can run the
|
||||||
|
compiled code; SSE2 was introduced first with the Pentium 4).
|
||||||
|
`-mtune=generic` activates tuning for a current blend of CPUs
|
||||||
|
(under the assumption that most users of i686 packages obtain them
|
||||||
|
through an x86_64 installation on current hardware).
|
||||||
|
`-mfpmath=sse` instructs GCC to use the SSE2 unit for floating
|
||||||
|
point math to avoid excess precision issues. `-mstackrealign`
|
||||||
|
avoids relying on the stack alignment guaranteed by the current
|
||||||
|
version of the i386 ABI.
|
||||||
|
* **ppc64le**: `-mcpu=power9 -mtune=power9` selects a minimum supported
|
||||||
|
CPU level of POWER9.
|
||||||
|
* **s390x**: `-march=z14 -mtune=z15` specifies a minimum supported CPU
|
||||||
|
level of z14, while optimizing for a subsequent CPU generation
|
||||||
|
(z15).
|
||||||
|
* **x86_64**: `-march=x86-64-v2 -mtune=generic` builds for the
|
||||||
|
[x86-64-v2 micro-architecture level](https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/low-level-sys-info.tex)
|
||||||
|
and selects tuning which is expected to beneficial for a broad range
|
||||||
|
of current CPUs.
|
||||||
|
* **aarch64** does not have any architecture-specific tuning.
|
||||||
|
|
||||||
|
# Individual linker flags
|
||||||
|
|
||||||
|
Linker flags end up in the environment variable `LDFLAGS`.
|
||||||
|
|
||||||
|
The linker flags listed below are injected. Note that they are
|
||||||
|
prefixed with `-Wl` because it is expected that these flags are passed
|
||||||
|
to the compiler driver `gcc`, and not directly to the link editor
|
||||||
|
`ld`.
|
||||||
|
|
||||||
|
* `-z relro`: Activate the *read-only after relocation* feature.
|
||||||
|
Constant data and relocations are placed on separate pages, and the
|
||||||
|
dynamic linker is instructed to revoke write permissions after
|
||||||
|
dynamic linking. Full protection of relocation data requires the
|
||||||
|
`-z now` flag (see below).
|
||||||
|
* `--as-needed`: In the final link, only generate ELF dependencies
|
||||||
|
for shared objects that actually provide symbols required by the link.
|
||||||
|
Shared objects which are not needed to fulfill symbol dependencies
|
||||||
|
are essentially ignored due to this flag.
|
||||||
|
* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
|
||||||
|
(optional, see above).
|
||||||
|
|
||||||
|
For hardened builds, the
|
||||||
|
`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the
|
||||||
|
compiler driver command line. (This can be disabled by undefining the
|
||||||
|
`%_hardened_build` macro; see above) This activates the following
|
||||||
|
linker flags:
|
||||||
|
|
||||||
|
* `-pie`: Produce a PIE binary. This is only activated for the main
|
||||||
|
executable, and only if it is dynamically linked. This requires
|
||||||
|
that all objects which are linked in the main executable have been
|
||||||
|
compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
|
||||||
|
By itself, `-pie` has only a slight performance impact because it
|
||||||
|
disables some link editor optimization, however the `-fPIE` compiler
|
||||||
|
flag has some overhead.
|
||||||
|
* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
|
||||||
|
linker feature. Lazy binding involves an array of function pointers
|
||||||
|
which is writable at run time (which could be overwritten as part of
|
||||||
|
security exploits, redirecting execution). Therefore, it is
|
||||||
|
preferable to turn of lazy binding, although it increases startup
|
||||||
|
time.
|
||||||
|
|
||||||
|
# Support for extension builders
|
||||||
|
|
||||||
|
Some packages include extension builders that allow users to build
|
||||||
|
extension modules (which are usually written in C and C++) under the
|
||||||
|
control of a special-purpose build system. This is a common
|
||||||
|
functionality provided by scripting languages such as Python and Perl.
|
||||||
|
Traditionally, such extension builders captured the Fedora build flags
|
||||||
|
when these extension were built. However, these compiler flags are
|
||||||
|
adjusted for a specific Fedora release and toolchain version and
|
||||||
|
therefore do not work with a custom toolchain (e.g., different C/C++
|
||||||
|
compilers), and users might want to build their own extension modules
|
||||||
|
with such toolchains.
|
||||||
|
|
||||||
|
The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
|
||||||
|
`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
|
||||||
|
flags that have been adjusted for compatibility with alternative
|
||||||
|
toolchains, while still preserving some of the compile-time security
|
||||||
|
hardening that the standard Fedora build flags provide.
|
||||||
|
|
||||||
|
The current set of differences are:
|
||||||
|
|
||||||
|
* No GCC plugins (such as annobin) are activated.
|
||||||
|
* No GCC spec files (`-specs=` arguments) are used.
|
||||||
|
|
||||||
|
Additional flags may be removed in the future if they prove to be
|
||||||
|
incompatible with alternative toolchains.
|
||||||
|
|
||||||
|
Extension builders should detect whether they are performing a regular
|
||||||
|
RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable). In this
|
||||||
|
case, they should use the *current* set of Fedora build flags (that
|
||||||
|
is, the output from `rpm --eval '%{build_cflags}'` and related
|
||||||
|
commands). Otherwise, when not performing an RPM build, they can
|
||||||
|
either use hard-coded extension builder flags (thus avoiding a
|
||||||
|
run-time dependency on `redhat-rpm-config`), or use the current
|
||||||
|
extension builder flags (with a run-time dependency on
|
||||||
|
`redhat-rpm-config`).
|
||||||
|
|
||||||
|
As a result, extension modules built for Fedora will use the official
|
||||||
|
Fedora build flags, while users will still be able to build their own
|
||||||
|
extension modules with custom toolchains.
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,66 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# dist.sh
|
||||||
|
# Author: Tom "spot" Callaway <tcallawa@redhat.com>
|
||||||
|
# License: GPL
|
||||||
|
# This is a script to output the value for the %{dist}
|
||||||
|
# tag. The dist tag takes the following format: .$type$num
|
||||||
|
# Where $type is one of: el, fc, rh
|
||||||
|
# (for RHEL, Fedora Core, and RHL, respectively)
|
||||||
|
# And $num is the version number of the distribution.
|
||||||
|
# NOTE: We can't detect Rawhide or Fedora Test builds properly.
|
||||||
|
# If we successfully detect the version number, we output the
|
||||||
|
# dist tag. Otherwise, we exit with no output.
|
||||||
|
|
||||||
|
RELEASEFILE=/etc/redhat-release
|
||||||
|
|
||||||
|
function check_num {
|
||||||
|
MAINVER=`cut -d "(" -f 1 < $RELEASEFILE | \
|
||||||
|
sed -e "s/[^0-9.]//g" -e "s/$//g" | cut -d "." -f 1`
|
||||||
|
|
||||||
|
echo $MAINVER | grep -q '[0-9]' && echo $MAINVER
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_rhl {
|
||||||
|
grep -q "Red Hat Linux" $RELEASEFILE && ! grep -q "Advanced" $RELEASEFILE && echo $DISTNUM
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_rhel {
|
||||||
|
egrep -q "(Enterprise|Advanced|CentOS)" $RELEASEFILE && echo $DISTNUM
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_fedora {
|
||||||
|
grep -q Fedora $RELEASEFILE && echo $DISTNUM
|
||||||
|
}
|
||||||
|
|
||||||
|
DISTNUM=`check_num`
|
||||||
|
DISTFC=`check_fedora`
|
||||||
|
DISTRHL=`check_rhl`
|
||||||
|
DISTRHEL=`check_rhel`
|
||||||
|
if [ -n "$DISTNUM" ]; then
|
||||||
|
if [ -n "$DISTFC" ]; then
|
||||||
|
DISTTYPE=fc
|
||||||
|
elif [ -n "$DISTRHEL" ]; then
|
||||||
|
DISTTYPE=el
|
||||||
|
elif [ -n "$DISTRHL" ]; then
|
||||||
|
DISTTYPE=rhl
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
[ -n "$DISTTYPE" -a -n "$DISTNUM" ] && DISTTAG=".${DISTTYPE}${DISTNUM}"
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
--el) echo -n "$DISTRHEL" ;;
|
||||||
|
--fc) echo -n "$DISTFC" ;;
|
||||||
|
--rhl) echo -n "$DISTRHL" ;;
|
||||||
|
--distnum) echo -n "$DISTNUM" ;;
|
||||||
|
--disttype) echo -n "$DISTTYPE" ;;
|
||||||
|
--help)
|
||||||
|
printf "Usage: $0 [OPTIONS]\n"
|
||||||
|
printf " Default mode is --dist. Possible options:\n"
|
||||||
|
printf " --el\t\tfor RHEL version (if RHEL)\n"
|
||||||
|
printf " --fc\t\tfor Fedora version (if Fedora)\n"
|
||||||
|
printf " --rhl\t\tfor RHL version (if RHL)\n"
|
||||||
|
printf " --dist\t\tfor distribution tag\n"
|
||||||
|
printf " --distnum\tfor distribution number (major)\n"
|
||||||
|
printf " --disttype\tfor distribution type\n" ;;
|
||||||
|
*) echo -n "$DISTTAG" ;;
|
||||||
|
esac
|
@ -0,0 +1,50 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script reads filenames from STDIN and outputs any relevant provides
|
||||||
|
# information that needs to be included in the package.
|
||||||
|
|
||||||
|
if [ "$1" ]
|
||||||
|
then
|
||||||
|
package_name="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
filelist=`sed "s/['\"]/\\\&/g"`
|
||||||
|
|
||||||
|
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] &&
|
||||||
|
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --provides
|
||||||
|
|
||||||
|
#
|
||||||
|
# --- any other extra find-provides scripts
|
||||||
|
for i in /usr/lib/rpm/redhat/find-provides.d/*.prov
|
||||||
|
do
|
||||||
|
[ -x $i ] &&
|
||||||
|
(echo $filelist | tr '[:blank:]' \\n | $i | sort -u)
|
||||||
|
done
|
||||||
|
|
||||||
|
#
|
||||||
|
# --- Kernel module imported symbols
|
||||||
|
#
|
||||||
|
# Since we don't (yet) get passed the name of the package being built, we
|
||||||
|
# cheat a little here by looking first for a kernel, then for a kmod.
|
||||||
|
#
|
||||||
|
|
||||||
|
is_kmod=1
|
||||||
|
for f in $filelist; do
|
||||||
|
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
|
||||||
|
then
|
||||||
|
is_kernel=1;
|
||||||
|
fi
|
||||||
|
if [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
|
||||||
|
then
|
||||||
|
unset is_kmod;
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if [ ! "$is_kernel" ] || [ "$package_name" == "kernel" ]
|
||||||
|
then
|
||||||
|
unset is_kmod
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -x /usr/lib/rpm/redhat/find-provides.ksyms ] && [ "$is_kmod" ] &&
|
||||||
|
printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-provides.ksyms
|
||||||
|
|
||||||
|
exit 0
|
@ -0,0 +1,39 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#
|
||||||
|
# Auto-generate requirements for executables (both ELF and a.out) and library
|
||||||
|
# sonames, script interpreters, and perl modules.
|
||||||
|
#
|
||||||
|
|
||||||
|
ulimit -c 0
|
||||||
|
|
||||||
|
filelist=`sed "s/[]['\"*?{}]/\\\\\&/g"`
|
||||||
|
|
||||||
|
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] && \
|
||||||
|
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --requires
|
||||||
|
|
||||||
|
#
|
||||||
|
# --- Kernel module imported symbols
|
||||||
|
#
|
||||||
|
# Since we don't (yet) get passed the name of the package being built, we
|
||||||
|
# cheat a little here by looking first for a kernel, then for a kmod.
|
||||||
|
#
|
||||||
|
|
||||||
|
unset is_kmod
|
||||||
|
|
||||||
|
for f in $filelist; do
|
||||||
|
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
|
||||||
|
then
|
||||||
|
is_kmod=1;
|
||||||
|
elif [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
|
||||||
|
then
|
||||||
|
unset is_kmod;
|
||||||
|
break;
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Disabling for now while the Fedora kernel doesn't produce kABI deps.
|
||||||
|
#[ -x /usr/lib/rpm/redhat/find-requires.ksyms ] && [ "$is_kmod" ] &&
|
||||||
|
# printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-requires.ksyms
|
||||||
|
|
||||||
|
exit 0
|
@ -0,0 +1,312 @@
|
|||||||
|
-- Lua code used by macros.forge and derivatives
|
||||||
|
|
||||||
|
-- Computes the suffix of a version string, removing vprefix if it matches
|
||||||
|
-- For example with vprefix 1.2.3: 1.2.3.rc2 → .rc2 but 1.2.30 → 1.2.30 not 0
|
||||||
|
local function getversionsuffix(vstring,vprefix)
|
||||||
|
if (string.sub(vstring, 1, #vprefix) == vprefix) and
|
||||||
|
(not string.match(string.sub(vstring, #vprefix + 1), "^%.?%d")) then
|
||||||
|
return string.sub(vstring, #vprefix + 1)
|
||||||
|
else
|
||||||
|
return vstring
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Check if an identified url is sane
|
||||||
|
local function checkforgeurl(url, id, silent)
|
||||||
|
local checkedurl = nil
|
||||||
|
local checkedid = nil
|
||||||
|
local urlpatterns = {
|
||||||
|
gitlab = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://(…[-.])gitlab[-.]…/owner/repo'},
|
||||||
|
pagure = {
|
||||||
|
pattern = 'https://[^/]+/[^/#?]+',
|
||||||
|
description = 'https://pagure.io/repo'},
|
||||||
|
pagure_ns = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://pagure.io/namespace/repo'},
|
||||||
|
pagure_fork = {
|
||||||
|
pattern = 'https://[^/]+/fork/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://pagure.io/fork/owner/repo'},
|
||||||
|
pagure_ns_fork = {
|
||||||
|
pattern = 'https://[^/]+/fork/[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://pagure.io/fork/owner/namespace/repo'},
|
||||||
|
["gitea.com"] = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://gitea.com/owner/repo'},
|
||||||
|
github = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://(…[-.])github[-.]…/owner/repo'},
|
||||||
|
["code.googlesource.com"] = {
|
||||||
|
pattern = 'https://code.googlesource.com/[^#?]*[^/#?]+',
|
||||||
|
description = 'https://code.googlesource.com/…/repo'},
|
||||||
|
["bitbucket.org"] = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://bitbucket.org/owner/repo'}}
|
||||||
|
if (urlpatterns[id] ~= nil) then
|
||||||
|
checkedurl = string.match(url,urlpatterns[id]["pattern"])
|
||||||
|
if (checkedurl == nil) then
|
||||||
|
if not silent then
|
||||||
|
rpm.expand("%{error:" .. id .. " URLs must match " .. urlpatterns[id]["description"] .. " !}")
|
||||||
|
end
|
||||||
|
else
|
||||||
|
checkedid = id
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return checkedurl, checkedid
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Check if an url matches a known forge
|
||||||
|
local function idforge(url, silent)
|
||||||
|
local forgeurl = nil
|
||||||
|
local forge = nil
|
||||||
|
if (url ~= "") then
|
||||||
|
forge = string.match(url, "^[^:]+://([^/]+)/")
|
||||||
|
if (forge == nil) then
|
||||||
|
if not silent then
|
||||||
|
rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !}")
|
||||||
|
end
|
||||||
|
else
|
||||||
|
if (forge == "pagure.io") then
|
||||||
|
if string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+/[^/]+") then
|
||||||
|
forge = "pagure_ns_fork"
|
||||||
|
elseif string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+") then
|
||||||
|
forge = "pagure_fork"
|
||||||
|
elseif string.match(url, "[^:]+://pagure.io/[^/]+/[^/]+") then
|
||||||
|
forge = "pagure_ns"
|
||||||
|
elseif string.match(url, "[^:]+://pagure.io/[^/]+") then
|
||||||
|
forge = "pagure"
|
||||||
|
end
|
||||||
|
elseif (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
|
||||||
|
forge = "gitlab"
|
||||||
|
elseif (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
|
||||||
|
forge = "github"
|
||||||
|
end
|
||||||
|
forgeurl, forge = checkforgeurl(url, forge, silent)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return forgeurl, forge
|
||||||
|
end
|
||||||
|
|
||||||
|
-- The forgemeta macro main processing function
|
||||||
|
-- See the documentation in the macros.forge file for argument description
|
||||||
|
-- Also called directly by gometa
|
||||||
|
local function meta(suffix, verbose, informative, silent)
|
||||||
|
local fedora = require "fedora.common"
|
||||||
|
local ismain = (suffix == "") or (suffix == "0")
|
||||||
|
if ismain then
|
||||||
|
fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
|
||||||
|
"archivename", "archiveext", "archiveurl",
|
||||||
|
"topdir", "extractdir", "repo", "owner", "namespace",
|
||||||
|
"scm", "tag", "commit", "shortcommit", "branch", "version",
|
||||||
|
"date", "distprefix"}, verbose)
|
||||||
|
end
|
||||||
|
local variables = {
|
||||||
|
default = {
|
||||||
|
scm = "git",
|
||||||
|
archiveext = "tar.bz2",
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
|
||||||
|
archivename = "%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
|
||||||
|
topdir = "%{archivename" .. suffix .. "}" },
|
||||||
|
gitlab = {
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/-/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
pagure = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
pagure_ns = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
namespace = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/]+)/[^/?#]+"))}',
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
|
||||||
|
archivename = "%{namespace" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
pagure_fork = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/?#]+"))}',
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/?#]+)"))}',
|
||||||
|
archivename = "%{owner" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
pagure_ns_fork = {
|
||||||
|
owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/]+/[^/?#]+"))}',
|
||||||
|
namespace = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/]+)/[^/?#]+")}',
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/[^/]+/([^/?#]+)")}',
|
||||||
|
archivename = "%{owner" .. suffix .. "}-%{namespace" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
["gitea.com"] = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
archivename = "%{fileref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}",
|
||||||
|
topdir = "%{repo}" },
|
||||||
|
github = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
archivename = "%{repo" .. suffix .. "}-%{fileref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
["code.googlesource.com"] = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://.+/([^/?#]+)"))}',
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/+archive/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}",
|
||||||
|
topdir = "" },
|
||||||
|
["bitbucket.org"] = {
|
||||||
|
shortcommit = '%{lua:print(string.sub(rpm.expand("%{commit' .. suffix .. '}"), 1, 12))}',
|
||||||
|
owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
|
||||||
|
archivename = "%{owner" .. suffix .. "}-%{repo" .. suffix .. "}-%{shortcommit" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/get/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}" } }
|
||||||
|
-- Packaging a moving branch is quite a bad idea, but since at least Gitlab
|
||||||
|
-- will treat branches and tags the same way better support branches explicitly
|
||||||
|
-- than have packagers hijack %{tag} to download branch states
|
||||||
|
local spec = {}
|
||||||
|
for _, v in ipairs({'forgeurl','tag','commit','branch','version'}) do
|
||||||
|
spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
|
||||||
|
end
|
||||||
|
-- Compute the reference of the object to fetch
|
||||||
|
local isrelease = false
|
||||||
|
if (spec["tag"] ~= "") then ref = "%{?tag" .. suffix .. "}"
|
||||||
|
elseif (spec["commit"] ~= "") then ref = "%{?commit" .. suffix .. "}"
|
||||||
|
elseif (spec["branch"] ~= "") then ref = "%{?branch" .. suffix .. "}"
|
||||||
|
else ref = "%{?version" .. suffix .. "}"
|
||||||
|
isrelease = true
|
||||||
|
end
|
||||||
|
if (rpm.expand(ref) == "") then
|
||||||
|
if (suffix == "") then
|
||||||
|
rpm.expand("%{error:You need to define Version:, %{commit} or %{tag} before the macro invocation !}")
|
||||||
|
else
|
||||||
|
rpm.expand("%{error:You need to define %{version" .. suffix .. "}, %{commit" .. suffix .. "} or %{tag" .. suffix .. "} before the macro invocation !}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
local forgeurl = spec["forgeurl"]
|
||||||
|
-- For backwards compatibility only
|
||||||
|
local expliciturl = rpm.expand("%{?-u*}")
|
||||||
|
if (expliciturl ~= "") then
|
||||||
|
rpm.expand("%{warn:-u use in %%forgemeta is deprecated, use -z instead to select a separate set of rpm variables!}")
|
||||||
|
forgeurl = expliciturl
|
||||||
|
end
|
||||||
|
local forge
|
||||||
|
forgeurl, forge = idforge(forgeurl, silent)
|
||||||
|
if (forge ~= nil) then
|
||||||
|
fedora.explicitset("forgeurl" .. suffix, forgeurl, verbose)
|
||||||
|
-- Custom processing of quirky forges that can not be handled with simple variables
|
||||||
|
if (forge == "github") then
|
||||||
|
-- Workaround the way GitHub injects "v"s before some version strings (but not all!)
|
||||||
|
-- To package one of the minority of sane GitHub projects that do not munge their version
|
||||||
|
-- strings set tag to %{version} in your spec
|
||||||
|
local fileref = ref
|
||||||
|
if (ref == "%{?version" .. suffix .. "}") then
|
||||||
|
ref = "v" .. ref
|
||||||
|
elseif (fileref ~= "%{?commit" .. suffix .. "}") and
|
||||||
|
string.match(rpm.expand(fileref), "^v[%d]") then
|
||||||
|
fileref = string.gsub(rpm.expand(fileref), "^v", "")
|
||||||
|
elseif (string.match(rpm.expand(fileref), "/")) then
|
||||||
|
fileref = string.gsub(rpm.expand(fileref), "/", "-")
|
||||||
|
end
|
||||||
|
fedora.safeset("fileref" .. suffix, fileref, verbose)
|
||||||
|
elseif (forge == "gitea.com") then
|
||||||
|
-- Workaround the way gitea mangles /s in ref names
|
||||||
|
local fileref = ref
|
||||||
|
fileref = string.gsub(rpm.expand(fileref), "/", "-")
|
||||||
|
fedora.safeset("fileref" .. suffix, fileref, verbose)
|
||||||
|
elseif (forge == "code.googlesource.com") then
|
||||||
|
if (ref == "%{?version" .. suffix .. "}") then
|
||||||
|
ref = "v" .. ref
|
||||||
|
end
|
||||||
|
elseif (forge == "bitbucket.org") then
|
||||||
|
if (spec["commit"] == "") then
|
||||||
|
rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
fedora.safeset("ref" .. suffix, ref, verbose)
|
||||||
|
-- Mass setting of the remaining variables
|
||||||
|
for k,v in pairs(variables[forge]) do
|
||||||
|
fedora.safeset(k .. suffix, variables[forge][k], verbose)
|
||||||
|
end
|
||||||
|
for k,v in pairs(variables["default"]) do
|
||||||
|
if (variables[forge][k] == nil) then
|
||||||
|
fedora.safeset(k .. suffix, variables["default"][k], verbose)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
-- Generic rules
|
||||||
|
for _, v in ipairs({'archiveurl','archivename','archiveext','topdir'}) do
|
||||||
|
spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
|
||||||
|
end
|
||||||
|
-- Source URL processing (computing the forgesource spec variable)
|
||||||
|
local forgesource = "%{archiveurl" .. suffix .. "}"
|
||||||
|
if (string.match(spec["archiveurl"], "/([^/]+)$") ~= spec["archivename"] .. "." .. spec["archiveext"]) then
|
||||||
|
forgesource = "%{?archiveurl" .. suffix .. "}#/%{?archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}"
|
||||||
|
end
|
||||||
|
fedora.safeset("forgesource" .. suffix, forgesource, verbose)
|
||||||
|
-- Setup processing (computing the forgesetup and extractdir variables)
|
||||||
|
local forgesetupargs = "-n %{extractdir" .. suffix .. "}"
|
||||||
|
local extractdir = "%{topdir" .. suffix .. "}"
|
||||||
|
if (spec["topdir"] == "") then
|
||||||
|
forgesetupargs = "-c " .. forgesetupargs
|
||||||
|
extractdir = "%{archivename" .. suffix .. "}"
|
||||||
|
end
|
||||||
|
if not ismain then
|
||||||
|
if (spec["topdir"] ~= "") then
|
||||||
|
forgesetupargs = "-T -D -b " .. suffix .. " " .. forgesetupargs
|
||||||
|
else
|
||||||
|
forgesetupargs = "-T -D -a " .. suffix .. " " .. forgesetupargs
|
||||||
|
end
|
||||||
|
end
|
||||||
|
fedora.safeset("forgesetupargs" .. suffix, forgesetupargs, verbose)
|
||||||
|
fedora.safeset("extractdir" .. suffix, extractdir, verbose)
|
||||||
|
-- dist processing (computing the correct prefix for snapshots)
|
||||||
|
local distprefix = ""
|
||||||
|
if not isrelease then
|
||||||
|
distprefix = string.lower(rpm.expand(ref))
|
||||||
|
if (ref == "%{?commit" .. suffix .. "}") then
|
||||||
|
distprefix = string.sub(distprefix, 1, 7)
|
||||||
|
elseif (ref ~= "%{?branch" .. suffix .. "}") then
|
||||||
|
distprefix = string.gsub(distprefix, "[%p%s]+", ".")
|
||||||
|
distprefix = string.gsub(distprefix, "^" .. string.lower(rpm.expand("%{?repo}")) .. "%.?", "")
|
||||||
|
local v = string.gsub(rpm.expand("%{version}"), "[%p%s]+", ".")
|
||||||
|
for _, p in ipairs({'','v','v.','version','version.','tags.v', 'tags.v.'}) do
|
||||||
|
distprefix = getversionsuffix(distprefix, p .. v)
|
||||||
|
end
|
||||||
|
distprefix = string.gsub(distprefix, "^%.", "")
|
||||||
|
end
|
||||||
|
if (distprefix ~= "") then
|
||||||
|
distprefix = "%{scm" .. suffix .. "}" .. distprefix
|
||||||
|
date = rpm.expand("%{?date" .. suffix .. "}")
|
||||||
|
if (date ~= "") then
|
||||||
|
distprefix = date .. distprefix
|
||||||
|
else
|
||||||
|
distprefix = "%([ -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "})" .. distprefix
|
||||||
|
end
|
||||||
|
distprefix = "." .. distprefix
|
||||||
|
end
|
||||||
|
end
|
||||||
|
if (spec["version"] ~= "") and
|
||||||
|
(spec["version"] ~= "0") and
|
||||||
|
(spec["version"] ~= rpm.expand("%{?version}")) then
|
||||||
|
distprefix = ".%{version" .. suffix .. "}" .. distprefix
|
||||||
|
end
|
||||||
|
if (rpm.expand(distprefix) ~= "") then
|
||||||
|
if not ismain then
|
||||||
|
distprefix = string.gsub(distprefix, "^%.", ".s")
|
||||||
|
end
|
||||||
|
fedora.safeset ("distprefix" .. suffix, distprefix, verbose)
|
||||||
|
end
|
||||||
|
if ismain then
|
||||||
|
fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
|
||||||
|
"archivename", "archiveext", "archiveurl",
|
||||||
|
"topdir", "extractdir", "repo", "owner", "namespace",
|
||||||
|
"scm", "shortcommit", "distprefix"}, verbose)
|
||||||
|
end
|
||||||
|
-- Final spec variable summary if the macro was called with -i
|
||||||
|
if informative then
|
||||||
|
rpm.expand("%{echo:Packaging variables read or set by %%forgemeta}")
|
||||||
|
fedora.echovars({"forgeurl", "forgesource", "forgesetupargs",
|
||||||
|
"archivename", "archiveext", "archiveurl",
|
||||||
|
"topdir", "extractdir", "repo", "owner", "namespace",
|
||||||
|
"scm", "tag", "commit", "shortcommit", "branch", "version",
|
||||||
|
"date", "distprefix"}, suffix)
|
||||||
|
fedora.echovars({"dist"},"")
|
||||||
|
rpm.expand("%{echo: (snapshot date is either manually supplied or computed once %%{_sourcedir}/%%{archivename" .. suffix .. "}.%%{archiveext" .. suffix .. "} is available)}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
return {
|
||||||
|
meta = meta,
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,111 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
|
||||||
|
#
|
||||||
|
# This material is provided as is, with absolutely no warranty expressed
|
||||||
|
# or implied. Any use is at your own risk.
|
||||||
|
#
|
||||||
|
# Permission is hereby granted to use or copy this shellscript
|
||||||
|
# for any purpose, provided the above notices are retained on all copies.
|
||||||
|
# Permission to modify the code and to distribute modified code is granted,
|
||||||
|
# provided the above notices are retained, and a notice that the code was
|
||||||
|
# modified is included with the above copyright notice.
|
||||||
|
|
||||||
|
|
||||||
|
function print_help {
|
||||||
|
cat <<'EOF'
|
||||||
|
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
|
||||||
|
|
||||||
|
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
|
||||||
|
verifies a file against a detached OpenPGP signature and a keyring. The keyring
|
||||||
|
shall contain all the keys that are trusted to certify the authenticity of the
|
||||||
|
file, and must not contain any untrusted keys.
|
||||||
|
|
||||||
|
The differences, compared to invoking gpgv directly, are that gpgverify accepts
|
||||||
|
the keyring in either ASCII-armored or unarmored form, and that it will not
|
||||||
|
accidentally use a default keyring in addition to the specified one.
|
||||||
|
|
||||||
|
Parameters:
|
||||||
|
--keyring=<pathname> keyring with all the trusted keys and no others
|
||||||
|
--signature=<pathname> detached signature to verify
|
||||||
|
--data=<pathname> file to verify against the signature
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fatal_error() {
|
||||||
|
message="$1" # an error message
|
||||||
|
status=$2 # a number to use as the exit code
|
||||||
|
echo "gpgverify: $message" >&2
|
||||||
|
exit $status
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
require_parameter() {
|
||||||
|
term="$1" # a term for a required parameter
|
||||||
|
value="$2" # Complain and terminate if this value is empty.
|
||||||
|
if test -z "${value}" ; then
|
||||||
|
fatal_error "No ${term} was provided." 2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
check_status() {
|
||||||
|
action="$1" # a string that describes the action that was attempted
|
||||||
|
status=$2 # the exit code of the command
|
||||||
|
if test $status -ne 0 ; then
|
||||||
|
fatal_error "$action failed." $status
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Parse the command line.
|
||||||
|
keyring=
|
||||||
|
signature=
|
||||||
|
data=
|
||||||
|
for parameter in "$@" ; do
|
||||||
|
case "${parameter}" in
|
||||||
|
(--help)
|
||||||
|
print_help
|
||||||
|
exit
|
||||||
|
;;
|
||||||
|
(--keyring=*)
|
||||||
|
keyring="${parameter#*=}"
|
||||||
|
;;
|
||||||
|
(--signature=*)
|
||||||
|
signature="${parameter#*=}"
|
||||||
|
;;
|
||||||
|
(--data=*)
|
||||||
|
data="${parameter#*=}"
|
||||||
|
;;
|
||||||
|
(*)
|
||||||
|
fatal_error "Unknown parameter: \"${parameter}\"" 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
require_parameter 'keyring' "${keyring}"
|
||||||
|
require_parameter 'signature' "${signature}"
|
||||||
|
require_parameter 'data file' "${data}"
|
||||||
|
|
||||||
|
# Make a temporary working directory.
|
||||||
|
workdir="$(mktemp --directory)"
|
||||||
|
check_status 'Making a temporary directory' $?
|
||||||
|
workring="${workdir}/keyring.gpg"
|
||||||
|
|
||||||
|
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
|
||||||
|
# ASCII-armored.
|
||||||
|
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
|
||||||
|
check_status 'Decoding the keyring' $?
|
||||||
|
|
||||||
|
# Verify the signature using the decoded keyring.
|
||||||
|
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
|
||||||
|
check_status 'Signature verification' $?
|
||||||
|
|
||||||
|
# (--homedir isn't actually necessary. --dearmor processes only the input file,
|
||||||
|
# and if --keyring is used and contains a slash, then gpgv2 uses only that
|
||||||
|
# keyring. Thus neither command will look for a default keyring, but --homedir
|
||||||
|
# makes extra double sure that no default keyring will be touched in case
|
||||||
|
# another version of GPG works differently.)
|
||||||
|
|
||||||
|
# Clean up. (This is not done in case of an error that may need inspection.)
|
||||||
|
rm --recursive --force ${workdir}
|
@ -0,0 +1,5 @@
|
|||||||
|
# Make libfoo.so symlinks require the soname-provide of the target library
|
||||||
|
%__libsymlink_requires %{_rpmconfigdir}/elfdeps --provides --soname-only
|
||||||
|
%__libsymlink_magic ^symbolic link to .*lib.*\.so\..*$
|
||||||
|
%__libsymlink_path ^.*\.so$
|
||||||
|
%__libsymlink_flags magic_and_path
|
@ -0,0 +1,375 @@
|
|||||||
|
# Per-platform rpm configuration file.
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- per-platform macros.
|
||||||
|
#
|
||||||
|
%_vendor redhat
|
||||||
|
%_os linux
|
||||||
|
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- configure macros. note that most of these are inherited
|
||||||
|
# from the defaults.
|
||||||
|
#
|
||||||
|
%_localstatedir /var
|
||||||
|
|
||||||
|
%_pkgdocdir %{_docdir}/%{name}
|
||||||
|
%_docdir_fmt %%{NAME}
|
||||||
|
|
||||||
|
%_fmoddir %{_libdir}/gfortran/modules
|
||||||
|
|
||||||
|
%source_date_epoch_from_changelog 1
|
||||||
|
|
||||||
|
%_enable_debug_packages 1
|
||||||
|
%_include_minidebuginfo 1
|
||||||
|
%_include_gdb_index 1
|
||||||
|
%_debugsource_packages 1
|
||||||
|
%_debuginfo_subpackages 1
|
||||||
|
|
||||||
|
# GCC toolchain
|
||||||
|
%__cc_gcc gcc
|
||||||
|
%__cxx_gcc g++
|
||||||
|
%__cpp_gcc gcc -E
|
||||||
|
|
||||||
|
# Clang toolchain
|
||||||
|
%__cc_clang clang
|
||||||
|
%__cxx_clang clang++
|
||||||
|
%__cpp_clang clang-cpp
|
||||||
|
|
||||||
|
# Default to the GCC toolchain
|
||||||
|
%toolchain gcc
|
||||||
|
|
||||||
|
%__cc %{expand:%%{__cc_%{toolchain}}}
|
||||||
|
%__cxx %{expand:%%{__cxx_%{toolchain}}}
|
||||||
|
%__cpp %{expand:%%{__cpp_%{toolchain}}}
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- compiler flags.
|
||||||
|
|
||||||
|
# C compiler flags. This is traditionally called CFLAGS in makefiles.
|
||||||
|
# Historically also available as %%{optflags}, and %%build sets the
|
||||||
|
# environment variable RPM_OPT_FLAGS to this value.
|
||||||
|
%build_cflags %{optflags}
|
||||||
|
|
||||||
|
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
|
||||||
|
%build_cxxflags %{optflags}
|
||||||
|
|
||||||
|
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
|
||||||
|
# the corresponding variable names.
|
||||||
|
%build_fflags %{optflags} -I%{_fmoddir}
|
||||||
|
|
||||||
|
# Link editor flags. This is usually called LDFLAGS in makefiles.
|
||||||
|
# (Some makefiles use LFLAGS instead.) The default value assumes that
|
||||||
|
# the flags, while intended for ld, are still passed through the gcc
|
||||||
|
# compiler driver. At the beginning of %%build, the environment
|
||||||
|
# variable RPM_LD_FLAGS to this value.
|
||||||
|
# When clang is used as a linker driver, it does not auto-detect the LTO
|
||||||
|
# bytecode and neither does bfd, so we need to explicitly pass the -flto
|
||||||
|
# flag when linking.
|
||||||
|
%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} %{_annotation_ldflags} %[ "%{toolchain}" == "clang" ? "%{?_lto_cflags}" : "" ]
|
||||||
|
|
||||||
|
# Expands to shell code to set the compiler/linker environment
|
||||||
|
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
|
||||||
|
# not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
|
||||||
|
# been set implicitly at the start of the %%build section.
|
||||||
|
# LT_SYS_LIBRARY_PATH is used by libtool script.
|
||||||
|
%set_build_flags \
|
||||||
|
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
|
||||||
|
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
|
||||||
|
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
|
||||||
|
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
|
||||||
|
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
|
||||||
|
LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH ; \
|
||||||
|
CC="${CC:-%{__cc}}" ; export CC ; \
|
||||||
|
CXX="${CXX:-%{__cxx}}" ; export CXX
|
||||||
|
|
||||||
|
# Internal-only. Do not use. Expand a variable and strip the flags
|
||||||
|
# not suitable to extension builders.
|
||||||
|
%__extension_strip_flags() %{lua:
|
||||||
|
local name = rpm.expand("%{1}")
|
||||||
|
local value = " " .. rpm.expand("%{build_" .. name .. "}")
|
||||||
|
local specs_pattern = "%s+-specs=[^%s]+"
|
||||||
|
local lto_flags_pattern = rpm.expand("%{?_lto_cflags}"):gsub("[%-%.]", "%%%1")
|
||||||
|
local result = value:gsub(specs_pattern, " "):gsub(lto_flags_pattern, "")
|
||||||
|
print(result)
|
||||||
|
}
|
||||||
|
|
||||||
|
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
|
||||||
|
# extension builders.
|
||||||
|
%extension_cflags %{__extension_strip_flags cflags}
|
||||||
|
%extension_cxxflags %{__extension_strip_flags cxxflags}
|
||||||
|
%extension_fflags %{__extension_strip_flags fflags}
|
||||||
|
%extension_ldflags %{__extension_strip_flags ldflags}
|
||||||
|
|
||||||
|
# Deprecated names. For backwards compatibility only.
|
||||||
|
%__global_cflags %{build_cflags}
|
||||||
|
%__global_cxxflags %{build_cxxflags}
|
||||||
|
%__global_fflags %{build_fflags}
|
||||||
|
%__global_fcflags %{build_fflags}
|
||||||
|
%__global_ldflags %{build_ldflags}
|
||||||
|
|
||||||
|
# Architecture-specific support. Internal. Do not use directly.
|
||||||
|
|
||||||
|
%__cflags_arch_x86_64 %[0%{?rhel} >= 9 ? "-march=x86-64-v2" : ""]
|
||||||
|
|
||||||
|
# Also used for s390.
|
||||||
|
%__cflags_arch_s390x %[0%{?rhel} >= 9 ? "-march=z14 -mtune=z15" : "-march=zEC12 -mtune=z13"]
|
||||||
|
|
||||||
|
# Also used for ppc64le.
|
||||||
|
%__cflags_arch_ppc64le %[0%{?rhel} >= 9 ? "-mcpu=power9 -mtune=power9" : "-mcpu=power8 -mtune=power8"]
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- configure and makeinstall.
|
||||||
|
#
|
||||||
|
%_configure_gnuconfig_hack 1
|
||||||
|
%_configure_libtool_hardening_hack 1
|
||||||
|
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
|
||||||
|
# to be added to the list of options passed to the configure script.
|
||||||
|
# Eventually we'll want to turn this on by default, but this gives packagers a
|
||||||
|
# way to turn it back off.
|
||||||
|
# %_configure_disable_silent_rules 1
|
||||||
|
|
||||||
|
# This fixes various easy resolved configure tests that are compromised by LTO.
|
||||||
|
#
|
||||||
|
# We use this within the standard %configure macro, but also make it available
|
||||||
|
# for packages which don't use %configure
|
||||||
|
#
|
||||||
|
# The first three are common ways to test for the existence of a function, so
|
||||||
|
# we ensure the reference to the function is preserved
|
||||||
|
#
|
||||||
|
# The fourth are constants used to then try to generate NaNs and other key
|
||||||
|
# floating point numbers. We then use those special FP numbers to try and
|
||||||
|
# raise a SIGFPE. By declaring x & y volatile we prevent the optimizers
|
||||||
|
# from removing the computation
|
||||||
|
#
|
||||||
|
# The fifth (and worst) addresses problems with autoconf/libtool's approach
|
||||||
|
# to extracting symbols from .o files and generating C code. In an LTO world
|
||||||
|
# types matter much more closely and you can't have an object in one context
|
||||||
|
# that is a function definition and a simple scalar variable in another.
|
||||||
|
# Thankfully HP-UX has always had that restriction and is supported by
|
||||||
|
# autoconf/libtool. The insane sed script replaces the "generic" code with
|
||||||
|
# the HP-UX version.
|
||||||
|
#
|
||||||
|
# If we do not make changes, we put the original file back. This avoids
|
||||||
|
# unnecessary rebuilds of things that may have dependencies on the configure
|
||||||
|
# files.
|
||||||
|
#
|
||||||
|
%_fix_broken_configure_for_lto \
|
||||||
|
for file in $(find . -type f -name configure -print); do \
|
||||||
|
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\) = /__attribute__ ((used)) char (*f) () = /g' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\);/__attribute__ ((used)) char (*f) ();/g' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
%{__sed} -r --in-place=.backup 's/^char \\$2 \\(\\);/__attribute__ ((used)) char \\$2 ();/g' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
%{__sed} --in-place=.backup '1{$!N;$!N};$!N;s/int x = 1;\\nint y = 0;\\nint z;\\nint nan;/volatile int x = 1; volatile int y = 0; volatile int z, nan;/;P;D' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
%{__sed} --in-place=.backup 's#^lt_cv_sys_global_symbol_to_cdecl=.*#lt_cv_sys_global_symbol_to_cdecl="sed -n -e '"'"'s/^T .* \\\\(.*\\\\)$/extern int \\\\1();/p'"'"' -e '"'"'s/^$symcode* .* \\\\(.*\\\\)$/extern char \\\\1;/p'"'"'"#' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
done
|
||||||
|
|
||||||
|
%configure \
|
||||||
|
%{set_build_flags}; \
|
||||||
|
[ "%{_lto_cflags}"x != x ] && %{_fix_broken_configure_for_lto}; \
|
||||||
|
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
|
||||||
|
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
|
||||||
|
done ; \
|
||||||
|
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
|
||||||
|
for i in $(find . -name ltmain.sh) ; do \
|
||||||
|
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
|
||||||
|
done ; \
|
||||||
|
%{_configure} --build=%{_build} --host=%{_host} \\\
|
||||||
|
--program-prefix=%{?_program_prefix} \\\
|
||||||
|
--disable-dependency-tracking \\\
|
||||||
|
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
|
||||||
|
--prefix=%{_prefix} \\\
|
||||||
|
--exec-prefix=%{_exec_prefix} \\\
|
||||||
|
--bindir=%{_bindir} \\\
|
||||||
|
--sbindir=%{_sbindir} \\\
|
||||||
|
--sysconfdir=%{_sysconfdir} \\\
|
||||||
|
--datadir=%{_datadir} \\\
|
||||||
|
--includedir=%{_includedir} \\\
|
||||||
|
--libdir=%{_libdir} \\\
|
||||||
|
--libexecdir=%{_libexecdir} \\\
|
||||||
|
--localstatedir=%{_localstatedir} \\\
|
||||||
|
--sharedstatedir=%{_sharedstatedir} \\\
|
||||||
|
--mandir=%{_mandir} \\\
|
||||||
|
--infodir=%{_infodir}
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- Build policy macros.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#---------------------------------------------------------------------
|
||||||
|
# Expanded at beginning of %install scriptlet.
|
||||||
|
#
|
||||||
|
|
||||||
|
%__spec_install_pre %{___build_pre}\
|
||||||
|
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
|
||||||
|
mkdir -p `dirname "$RPM_BUILD_ROOT"`\
|
||||||
|
mkdir "$RPM_BUILD_ROOT"\
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------
|
||||||
|
# Expanded at end of %install scriptlet.
|
||||||
|
#
|
||||||
|
|
||||||
|
%__arch_install_post /usr/lib/rpm/check-buildroot
|
||||||
|
|
||||||
|
# Build root policy macros. Standard naming:
|
||||||
|
# convert all '-' in basename to '_', add two leading underscores.
|
||||||
|
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
|
||||||
|
%__brp_compress /usr/lib/rpm/brp-compress
|
||||||
|
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
|
||||||
|
%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
|
||||||
|
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
|
||||||
|
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
|
||||||
|
%__brp_python_bytecompile /usr/lib/rpm/redhat/brp-python-bytecompile "" "%{?_python_bytecompile_errors_terminate_build}" "%{?_python_bytecompile_extra}"
|
||||||
|
%__brp_fix_pyc_reproducibility /usr/lib/rpm/redhat/brp-fix-pyc-reproducibility
|
||||||
|
%__brp_python_hardlink /usr/lib/rpm/brp-python-hardlink
|
||||||
|
# __brp_mangle_shebangs_exclude - shebangs to exclude
|
||||||
|
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
|
||||||
|
# __brp_mangle_shebangs_exclude_from - files to ignore
|
||||||
|
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
|
||||||
|
%__brp_mangle_shebangs /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
|
||||||
|
|
||||||
|
%__os_install_post \
|
||||||
|
%{?__brp_ldconfig} \
|
||||||
|
%{?__brp_compress} \
|
||||||
|
%{!?__debug_package:\
|
||||||
|
%{?__brp_strip} \
|
||||||
|
%{?__brp_strip_comment_note} \
|
||||||
|
} \
|
||||||
|
%{?__brp_strip_lto} \
|
||||||
|
%{?__brp_strip_static_archive} \
|
||||||
|
%{?py_auto_byte_compile:%{?__brp_python_bytecompile}} \
|
||||||
|
%{?py_reproducible_pyc_path:%{?__brp_fix_pyc_reproducibility} "%{py_reproducible_pyc_path}"} \
|
||||||
|
%{?__brp_python_hardlink} \
|
||||||
|
%{?__brp_mangle_shebangs} \
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
%__spec_install_post\
|
||||||
|
%{?__debug_package:%{__debug_install_post}}\
|
||||||
|
%{__arch_install_post}\
|
||||||
|
%{__os_install_post}\
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
|
||||||
|
%%install\
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Should missing buildids terminate a build?
|
||||||
|
%_missing_build_ids_terminate_build 1
|
||||||
|
|
||||||
|
#
|
||||||
|
## Automatically compile python files
|
||||||
|
%py_auto_byte_compile 1
|
||||||
|
|
||||||
|
#
|
||||||
|
## Should python bytecompilation errors terminate a build?
|
||||||
|
%_python_bytecompile_errors_terminate_build 1
|
||||||
|
## Should python bytecompilation compile outisde python specific directories?
|
||||||
|
%_python_bytecompile_extra 0
|
||||||
|
|
||||||
|
# Use SHA-256 for FILEDIGESTS instead of default MD5
|
||||||
|
%_source_filedigest_algorithm 8
|
||||||
|
%_binary_filedigest_algorithm 8
|
||||||
|
|
||||||
|
# Use Zstandard compression for binary payloads
|
||||||
|
%_binary_payload w19.zstdio
|
||||||
|
|
||||||
|
%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
|
||||||
|
%_hardening_clang_cflags --config /usr/lib/rpm/redhat/redhat-hardened-clang.cfg
|
||||||
|
%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} -fstack-protector-strong
|
||||||
|
# we don't escape symbols '~', '"', etc. so be careful when changing this
|
||||||
|
%_hardening_ldflags -Wl,-z,now %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld" : "" ]
|
||||||
|
|
||||||
|
# Harden packages by default for Fedora 23+:
|
||||||
|
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
|
||||||
|
# Use "%undefine _hardened_build" to disable.
|
||||||
|
%_hardened_build 1
|
||||||
|
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
|
||||||
|
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
|
||||||
|
|
||||||
|
# Add extra information to binary objects created by the compiler:
|
||||||
|
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
|
||||||
|
# Use "%undefine _annotated_build" to disable.
|
||||||
|
%_annotated_build 1
|
||||||
|
%_annobin_gcc_plugin -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
|
||||||
|
# The annobin plugin is not built for clang yet
|
||||||
|
%_annobin_clang_plugin %dnl-fplugin=/usr/lib64/clang/`clang -dumpversion`/lib/annobin.so
|
||||||
|
%_annotation_cflags %{?_annotated_build:%{expand:%%{_annobin_%{toolchain}_plugin}}}
|
||||||
|
%_annotation_ldflags %{?_lto_cflags:%{_annotation_cflags}}
|
||||||
|
# Use the remove-section option to force the find-debuginfo script
|
||||||
|
# to move the annobin notes into the separate debuginfo file.
|
||||||
|
%_find_debuginfo_vendor_opts %{?_annotated_build:--remove-section .gnu.build.attributes}
|
||||||
|
|
||||||
|
# Fail linking if there are undefined symbols. Required for proper
|
||||||
|
# ELF symbol versioning support. Disabled by default.
|
||||||
|
# Use "%define _ld_strict_symbol_defs 1" to enable.
|
||||||
|
#%_ld_strict_symbol_defs 1
|
||||||
|
%_ld_symbols_flags %{?_ld_strict_symbol_defs:-Wl,-z,defs}
|
||||||
|
|
||||||
|
# https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
|
||||||
|
# use "%undefine _ld_as_needed" to disable.
|
||||||
|
%_ld_as_needed 1
|
||||||
|
%_ld_as_needed_flags %{?_ld_as_needed:-Wl,--as-needed}
|
||||||
|
|
||||||
|
# LTO is the default in Fedora.
|
||||||
|
# "%define _lto_cflags %{nil}" to opt out
|
||||||
|
#
|
||||||
|
# We currently have -ffat-lto-objects turned on out of an abundance of
|
||||||
|
# caution. To remove it we need to do a check of the installed .o/.a files
|
||||||
|
# to verify they have real sections/symbols after LTO stripping. That
|
||||||
|
# way we can detect installing an unusable .o/.a file. This is on the TODO
|
||||||
|
# list for F34.
|
||||||
|
%_gcc_lto_cflags -flto=auto -ffat-lto-objects
|
||||||
|
%_clang_lto_cflags -flto
|
||||||
|
%_lto_cflags %{expand:%%{_%{toolchain}_lto_cflags}}
|
||||||
|
|
||||||
|
%_general_options -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
|
||||||
|
%_warning_options -Wall -Werror=format-security
|
||||||
|
%_preprocessor_defines -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
|
||||||
|
|
||||||
|
# Common variables are no longer generated by default by gcc and clang
|
||||||
|
# If they are needed then add "%define _legacy_common_support 1" to the spec file.
|
||||||
|
%_legacy_options %{?_legacy_common_support: -fcommon}
|
||||||
|
|
||||||
|
%__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} %{_annotation_cflags} %{_legacy_options}
|
||||||
|
|
||||||
|
# Automatically trim changelog entries after 2 years
|
||||||
|
%_changelog_trimtime %{lua:print(os.time() - 2 * 365 * 86400)}
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- Generic auto req/prov filtering macros
|
||||||
|
#
|
||||||
|
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
|
||||||
|
|
||||||
|
# prevent anything matching from being scanned for provides
|
||||||
|
%filter_provides_in(P) %{expand: \
|
||||||
|
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
|
||||||
|
}
|
||||||
|
|
||||||
|
# prevent anything matching from being scanned for requires
|
||||||
|
%filter_requires_in(P) %{expand: \
|
||||||
|
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
|
||||||
|
}
|
||||||
|
|
||||||
|
# filter anything matching out of the provides stream
|
||||||
|
%filter_from_provides() %{expand: \
|
||||||
|
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
|
||||||
|
}
|
||||||
|
|
||||||
|
# filter anything matching out of the requires stream
|
||||||
|
%filter_from_requires() %{expand: \
|
||||||
|
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
|
||||||
|
}
|
||||||
|
|
||||||
|
# actually set up the filtering bits
|
||||||
|
%filter_setup %{expand: \
|
||||||
|
%global _use_internal_dependency_generator 0 \
|
||||||
|
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
|
||||||
|
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
|
||||||
|
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
|
||||||
|
}
|
@ -0,0 +1,39 @@
|
|||||||
|
# Macros for reducing debug info size using dwz(1) utility.
|
||||||
|
|
||||||
|
# The two default values below should result in dwz taking at most
|
||||||
|
# 3GB of RAM or so on 64-bit hosts and 2.5GB on 32-bit hosts
|
||||||
|
# on the largest *.debug files (in mid 2012 those are
|
||||||
|
# libreoffice-debuginfo, debuginfos containing
|
||||||
|
# libxul.so.debug and libwebkitgtk-*.so.*.debug).
|
||||||
|
# This needs to be tuned based on the amount of available RAM
|
||||||
|
# on build boxes for each architecture as well as virtual address
|
||||||
|
# space limitations if dwz is 32-bit program. While it needs less
|
||||||
|
# memory than 64-bit program because pointers are smaller, it can
|
||||||
|
# never have more than 4GB-epsilon of RAM and on some architecture
|
||||||
|
# even less than that (e.g. 2GB).
|
||||||
|
|
||||||
|
# Number of debugging information entries (DIEs) above which
|
||||||
|
# dwz will stop considering file for multifile optimizations
|
||||||
|
# and enter a low memory mode, in which it will optimize
|
||||||
|
# in about half the memory needed otherwise.
|
||||||
|
%_dwz_low_mem_die_limit 10000000
|
||||||
|
# Number of DIEs above which dwz will stop processing
|
||||||
|
# a file altogether.
|
||||||
|
%_dwz_max_die_limit 50000000
|
||||||
|
|
||||||
|
# On x86_64 increase the higher limit to make libwebkit* optimizable.
|
||||||
|
# libwebkit* in mid 2012 contains roughly 87mil DIEs, and 64-bit
|
||||||
|
# dwz is able to optimize it from ~1.1GB to ~410MB using 5.2GB of RAM.
|
||||||
|
%_dwz_max_die_limit_x86_64 110000000
|
||||||
|
|
||||||
|
# On ARM, build boxes often have only 512MB of RAM and are very slow.
|
||||||
|
# Lower both the limits.
|
||||||
|
%_dwz_low_mem_die_limit_armv5tel 4000000
|
||||||
|
%_dwz_low_mem_die_limit_armv7hl 4000000
|
||||||
|
%_dwz_max_die_limit_armv5tel 10000000
|
||||||
|
%_dwz_max_die_limit_armv7hl 10000000
|
||||||
|
|
||||||
|
%_dwz_limit() %{expand:%%{?%{1}_%{_arch}}%%{!?%{1}_%{_arch}:%%%{1}}}
|
||||||
|
%_find_debuginfo_dwz_opts --run-dwz\\\
|
||||||
|
--dwz-low-mem-die-limit %{_dwz_limit _dwz_low_mem_die_limit}\\\
|
||||||
|
--dwz-max-die-limit %{_dwz_limit _dwz_max_die_limit}
|
@ -0,0 +1,2 @@
|
|||||||
|
# arches that ldc builds on
|
||||||
|
%ldc_arches %{ix86} x86_64 %{arm} aarch64
|
@ -0,0 +1,9 @@
|
|||||||
|
#%ldconfig /sbin/ldconfig
|
||||||
|
%ldconfig_post(n:) %{?ldconfig:%post -p %ldconfig %{?*} %{-n:-n %{-n*}}\
|
||||||
|
%end}
|
||||||
|
%ldconfig_postun(n:) %{?ldconfig:%postun -p %ldconfig %{?*} %{-n:-n %{-n*}}\
|
||||||
|
%end}
|
||||||
|
%ldconfig_scriptlets(n:) %{?ldconfig:\
|
||||||
|
%ldconfig_post %{?*} %{-n:-n %{-n*}}\
|
||||||
|
%ldconfig_postun %{?*} %{-n:-n %{-n*}}\
|
||||||
|
}
|
@ -0,0 +1,5 @@
|
|||||||
|
# arches that mono builds on
|
||||||
|
%mono_arches %{ix86} x86_64 sparc sparcv9 ia64 %{arm} aarch64 alpha s390x ppc ppc64 ppc64le
|
||||||
|
|
||||||
|
%_monodir %{_prefix}/lib/mono
|
||||||
|
%_monogacdir %{_monodir}/gac
|
@ -0,0 +1,7 @@
|
|||||||
|
# nodejs_arches lists what arches Node.js and dependent packages run on.
|
||||||
|
#
|
||||||
|
# Enabling Node.js on other arches requires porting the V8 JavaScript JIT to
|
||||||
|
# those arches. Support for POWER and aarch64 arrived in nodejs v4. Support
|
||||||
|
# for s390x arrived in nodejs v6
|
||||||
|
|
||||||
|
%nodejs_arches %{ix86} x86_64 %{arm} aarch64 %{power64} s390x
|
@ -0,0 +1,3 @@
|
|||||||
|
# valgrind_arches lists what arches Valgrind works on
|
||||||
|
|
||||||
|
%valgrind_arches %{ix86} x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
|
@ -0,0 +1,7 @@
|
|||||||
|
# ---- VPATH default settings
|
||||||
|
|
||||||
|
# directory where CMakeLists.txt/meson.build/etc. are placed
|
||||||
|
%_vpath_srcdir .
|
||||||
|
|
||||||
|
# directory (doesn't need to exist) where all generated build files will be placed
|
||||||
|
%_vpath_builddir %{_vendor}-%{_target_os}-build
|
@ -0,0 +1,2 @@
|
|||||||
|
*cc1_options:
|
||||||
|
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}
|
@ -0,0 +1,199 @@
|
|||||||
|
#!/usr/bin/sh
|
||||||
|
# This is a script to select which GCC spec file fragment
|
||||||
|
# should be the destination of the redhat-annobin-cc1 symlink.
|
||||||
|
|
||||||
|
# Author: Nick Clifton <nickc@redhat.com>
|
||||||
|
# Copyright (c) 2021-2022 Red Hat.
|
||||||
|
#
|
||||||
|
# This is free software; you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License as published
|
||||||
|
# by the Free Software Foundation; either version 2, or (at your
|
||||||
|
# option) any later version.
|
||||||
|
|
||||||
|
# It is distributed in the hope that it will be useful, but
|
||||||
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# Usage:
|
||||||
|
# redhat-annobin-plugin-select [script-dir]
|
||||||
|
#
|
||||||
|
# If script-dir is not provided then /usr/lib/rpm/redhat is used
|
||||||
|
# as the location where all of the annobin plugin selection files
|
||||||
|
# can be found.
|
||||||
|
|
||||||
|
if test "x$1" = "x" ;
|
||||||
|
then
|
||||||
|
rrcdir=/usr/lib/rpm/redhat
|
||||||
|
else
|
||||||
|
rrcdir=$1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Set this variable to non-zero to enable the generation of debugging
|
||||||
|
# messages.
|
||||||
|
debug=0
|
||||||
|
|
||||||
|
# Decide which version of the annobin plugin for gcc should be used.
|
||||||
|
# There are two possible versions, one created by the annobin package and one
|
||||||
|
# created by the gcc package. The logic selects the gcc version unless both
|
||||||
|
# have been built by the same version of the compiler. In that case the
|
||||||
|
# annobin version is selected instead.
|
||||||
|
#
|
||||||
|
# The point of all this is that the annobin plugin is very sensitive to
|
||||||
|
# mismatches with the version of gcc that built it. If the plugin is built
|
||||||
|
# by version A of gcc, but then run on version B of gcc, it is possible for
|
||||||
|
# the plugin to misbehave, which then causes problems if gating tests examine
|
||||||
|
# the plugin's output. (This has happened more than once in RHEL...).
|
||||||
|
#
|
||||||
|
# So the plugin is built both by gcc and by the annobin package. This means
|
||||||
|
# that whenever gcc is updated a fresh plugin is built, and the logic below
|
||||||
|
# will select that version. But in order to allow annobin development to
|
||||||
|
# proceed independtently of gcc, the annobin package can also update its
|
||||||
|
# version of the plugin, and the logic will select this new version.
|
||||||
|
|
||||||
|
# This is where the annobin package stores the information on the version
|
||||||
|
# of gcc that built the annobin plugin.
|
||||||
|
aver=`gcc --print-file-name=plugin`/annobin-plugin-version-info
|
||||||
|
|
||||||
|
# This is where the gcc package stores its version information.
|
||||||
|
gver=`gcc --print-file-name=rpmver`
|
||||||
|
|
||||||
|
aplugin=`gcc --print-file-name=plugin`/annobin.so.0.0.0
|
||||||
|
gplugin=`gcc --print-file-name=plugin`/gcc-annobin.so.0.0.0
|
||||||
|
|
||||||
|
# This is the file that needs to be updated when either of those version
|
||||||
|
# files changes.
|
||||||
|
rac1=redhat-annobin-cc1
|
||||||
|
|
||||||
|
# This is the GCC spec file fragment that selects the gcc-built version of
|
||||||
|
# the annobin plugin
|
||||||
|
select_gcc=redhat-annobin-select-gcc-built-plugin
|
||||||
|
|
||||||
|
# This is the GCC spec file fragment that selects the annobin-built version
|
||||||
|
# of the annobin plugin
|
||||||
|
select_annobin=redhat-annobin-select-annobin-built-plugin
|
||||||
|
|
||||||
|
install_annobin_version=0
|
||||||
|
install_gcc_version=0
|
||||||
|
|
||||||
|
if [ -f $aplugin ]
|
||||||
|
then
|
||||||
|
if [ -f $gplugin ]
|
||||||
|
then
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Both plugins exist, checking version information"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f $gver ]
|
||||||
|
then
|
||||||
|
if [ -f $aver ]
|
||||||
|
then
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Both plugin version files exist - comparing..."
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Get the first line from the version info files. This is just in
|
||||||
|
# vase there are extra lines in the files.
|
||||||
|
avers=`head --lines=1 $aver`
|
||||||
|
gvers=`head --lines=1 $gver`
|
||||||
|
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Annobin plugin built by gcc $avers"
|
||||||
|
echo " redhat-rpm-config: GCC plugin built by gcc $gvers"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If both plugins were built by the same version of gcc then select
|
||||||
|
# the one from the annobin package (in case it is built from newer
|
||||||
|
# sources). If the plugin builder versions differ, select the gcc
|
||||||
|
# built version instead. This assumes that the gcc built version
|
||||||
|
# always matches the installed gcc, which should be true.
|
||||||
|
if [ $avers = $gvers ]
|
||||||
|
then
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Both plugins built by the same compiler - using annobin-built plugin"
|
||||||
|
fi
|
||||||
|
install_annobin_version=1
|
||||||
|
else
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Versions differ - using gcc-built plugin"
|
||||||
|
fi
|
||||||
|
install_gcc_version=1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Annobin version file does not exist, using gcc-built plugin"
|
||||||
|
fi
|
||||||
|
install_gcc_version=1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ -f $aver ]
|
||||||
|
then
|
||||||
|
# FIXME: This is suspicious. If the installed GCC does not supports plugins
|
||||||
|
# then enabling the annobin plugin will not work.
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: GCC plugin version file does not exist, using annobin-built plugin"
|
||||||
|
fi
|
||||||
|
install_annobin_version=1
|
||||||
|
else
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Neither version file exists - playing safe and using gcc-built plugin"
|
||||||
|
echo " redhat-rpm-config: Note: expected to find $aver and/or $gver"
|
||||||
|
fi
|
||||||
|
install_gcc_version=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Only the annobin plugin exists - using that"
|
||||||
|
fi
|
||||||
|
install_annobin_version=1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ -f $gplugin ]
|
||||||
|
then
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Only the gcc plugin exists - using that"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Neither plugin exists - playing safe and using gcc-built plugin"
|
||||||
|
echo " redhat-rpm-config: Note: expected to find $aplugin and/or $gplugin"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
install_gcc_version=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $install_annobin_version -eq 1 ]
|
||||||
|
then
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Installing annobin version of $rac1"
|
||||||
|
fi
|
||||||
|
pushd $rrcdir > /dev/null
|
||||||
|
rm -f $rac1
|
||||||
|
ln -s $select_annobin "$rac1"
|
||||||
|
popd > /dev/null
|
||||||
|
|
||||||
|
else if [ $install_gcc_version -eq 1 ]
|
||||||
|
then
|
||||||
|
if [ $debug -eq 1 ]
|
||||||
|
then
|
||||||
|
echo " redhat-rpm-config: Installing gcc version of $rac1"
|
||||||
|
fi
|
||||||
|
pushd $rrcdir > /dev/null
|
||||||
|
rm -f $rac1
|
||||||
|
ln -s $select_gcc $rac1
|
||||||
|
popd > /dev/null
|
||||||
|
fi
|
||||||
|
fi
|
@ -0,0 +1,2 @@
|
|||||||
|
*cc1_options:
|
||||||
|
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}
|
@ -0,0 +1,2 @@
|
|||||||
|
*cc1_options:
|
||||||
|
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=gcc-annobin}
|
@ -0,0 +1,2 @@
|
|||||||
|
*cc1_options:
|
||||||
|
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}
|
@ -0,0 +1 @@
|
|||||||
|
-fPIE
|
@ -0,0 +1,2 @@
|
|||||||
|
*self_spec:
|
||||||
|
+ %{!static:%{!shared:%{!r:-pie}}}
|
@ -0,0 +1,97 @@
|
|||||||
|
include: /usr/lib/rpm/rpmrc
|
||||||
|
|
||||||
|
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
|
||||||
|
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: ia64 %{__global_compiler_flags}
|
||||||
|
optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
|
||||||
|
|
||||||
|
optflags: alpha %{__global_compiler_flags} -mieee
|
||||||
|
optflags: alphaev5 %{__global_compiler_flags} -mieee -mcpu=ev5
|
||||||
|
optflags: alphaev56 %{__global_compiler_flags} -mieee -mcpu=ev56
|
||||||
|
optflags: alphapca56 %{__global_compiler_flags} -mieee -mcpu=pca56
|
||||||
|
optflags: alphaev6 %{__global_compiler_flags} -mieee -mcpu=ev6
|
||||||
|
optflags: alphaev67 %{__global_compiler_flags} -mieee -mcpu=ev67
|
||||||
|
|
||||||
|
optflags: sparc %{__global_compiler_flags} -m32 -mcpu=v7 -mtune=ultrasparc
|
||||||
|
optflags: sparcv8 %{__global_compiler_flags} -m32 -mcpu=v8
|
||||||
|
optflags: sparcv9 %{__global_compiler_flags} -m32 -mcpu=ultrasparc
|
||||||
|
optflags: sparcv9v %{__global_compiler_flags} -m32 -mcpu=niagara
|
||||||
|
optflags: sparc64 %{__global_compiler_flags} -m64 -mcpu=ultrasparc
|
||||||
|
optflags: sparc64v %{__global_compiler_flags} -m64 -mcpu=niagara
|
||||||
|
|
||||||
|
optflags: m68k %{__global_compiler_flags}
|
||||||
|
|
||||||
|
optflags: ppc %{__global_compiler_flags} -m32 -fasynchronous-unwind-tables
|
||||||
|
optflags: ppciseries %{__global_compiler_flags} -m32
|
||||||
|
optflags: ppcpseries %{__global_compiler_flags} -m32
|
||||||
|
optflags: ppc64 %{__global_compiler_flags} -m64 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: ppc64p7 %{__global_compiler_flags} -m64 -O3 -mcpu=power7 -mtune=power7 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: ppc64le %{__global_compiler_flags} -m64 %{__cflags_arch_ppc64le} -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: ppc64iseries %{__global_compiler_flags} -m64
|
||||||
|
optflags: ppc64pseries %{__global_compiler_flags} -m64
|
||||||
|
optflags: ppc8260 %{__global_compiler_flags} -m32
|
||||||
|
optflags: ppc8560 %{__global_compiler_flags} -m32
|
||||||
|
|
||||||
|
optflags: parisc %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
optflags: hppa1.0 %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
optflags: hppa1.1 %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
optflags: hppa1.2 %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
optflags: hppa2.0 %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
|
||||||
|
optflags: mips %{__global_compiler_flags} -march=mips32r2 -mfpxx
|
||||||
|
optflags: mipsel %{__global_compiler_flags} -march=mips32r2 -mfpxx
|
||||||
|
optflags: mips64 %{__global_compiler_flags} -march=mips64r2 -mabi=64
|
||||||
|
optflags: mips64el %{__global_compiler_flags} -march=mips64r2 -mabi=64
|
||||||
|
optflags: mipsr6 %{__global_compiler_flags} -march=mips32r6
|
||||||
|
optflags: mipsr6el %{__global_compiler_flags} -march=mips32r6
|
||||||
|
optflags: mips64r6 %{__global_compiler_flags} -march=mips64r6
|
||||||
|
optflags: mips64r6el %{__global_compiler_flags} -march=mips64r6
|
||||||
|
|
||||||
|
optflags: armv3l %{__global_compiler_flags} -fsigned-char -march=armv3
|
||||||
|
optflags: armv4b %{__global_compiler_flags} -fsigned-char -march=armv4
|
||||||
|
optflags: armv4l %{__global_compiler_flags} -fsigned-char -march=armv4
|
||||||
|
optflags: armv4tl %{__global_compiler_flags} -march=armv4t
|
||||||
|
optflags: armv5tel %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
|
||||||
|
optflags: armv5tejl %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
|
||||||
|
optflags: armv6l %{__global_compiler_flags} -march=armv6 -mfloat-abi=soft
|
||||||
|
optflags: armv6hl %{__global_compiler_flags} -march=armv6 -mfpu=vfp -mfloat-abi=hard
|
||||||
|
optflags: armv6hnl %{__global_compiler_flags} -march=armv6 -mfpu=neon -mfloat-abi=hard
|
||||||
|
optflags: armv7l %{__global_compiler_flags} -march=armv7-a -mfloat-abi=soft
|
||||||
|
optflags: armv7hl %{__global_compiler_flags} -march=armv7-a -mfpu=vfpv3-d16 -mtune=generic-armv7-a -mabi=aapcs-linux -mfloat-abi=hard
|
||||||
|
optflags: armv7hnl %{__global_compiler_flags} -march=armv7-a -mfpu=neon -mfloat-abi=hard
|
||||||
|
|
||||||
|
optflags: atarist %{__global_compiler_flags}
|
||||||
|
optflags: atariste %{__global_compiler_flags}
|
||||||
|
optflags: ataritt %{__global_compiler_flags}
|
||||||
|
optflags: falcon %{__global_compiler_flags}
|
||||||
|
optflags: atariclone %{__global_compiler_flags}
|
||||||
|
optflags: milan %{__global_compiler_flags}
|
||||||
|
optflags: hades %{__global_compiler_flags}
|
||||||
|
|
||||||
|
optflags: s390 %{__global_compiler_flags} -m31 %{__cflags_arch_s390x} -fasynchronous-unwind-tables
|
||||||
|
optflags: s390x %{__global_compiler_flags} -m64 %{__cflags_arch_s390x} -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
|
||||||
|
optflags: aarch64 %{__global_compiler_flags} -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ]
|
||||||
|
|
||||||
|
optflags: riscv64 %{__global_compiler_flags} -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ]
|
||||||
|
|
||||||
|
# set build arch to fedora buildarches on hardware capable of running it
|
||||||
|
# saves having to do rpmbuild --target=
|
||||||
|
buildarchtranslate: athlon: i686
|
||||||
|
buildarchtranslate: geode: i686
|
||||||
|
buildarchtranslate: pentium4: i686
|
||||||
|
buildarchtranslate: pentium3: i686
|
||||||
|
buildarchtranslate: i686: i686
|
||||||
|
buildarchtranslate: i586: i586
|
||||||
|
|
||||||
|
buildarchtranslate: sparcv9: sparcv9
|
||||||
|
buildarchtranslate: sparcv9v: sparcv9
|
||||||
|
|
||||||
|
buildarchtranslate: armv5tejl: armv5tel
|
||||||
|
buildarchtranslate: armv6l: armv5tel
|
||||||
|
buildarchtranslate: armv7l: armv5tel
|
||||||
|
buildarchtranslate: armv7hl: armv7hl
|
||||||
|
buildarchtranslate: armv7hnl: armv7hl
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue