Skip to content
GitLab
Explore
Projects
Groups
Topics
Snippets
Projects
Groups
Topics
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Register
Sign in
Toggle navigation
Menu
upstream
rpms
redhat-rpm-config
Commits
0c6e2c57
Commit
0c6e2c57
authored
2 years ago
by
CentOS Sources
Browse files
Options
Download
Patches
Plain Diff
import redhat-rpm-config-128-1.el8
parent
147ea0ac
c8-beta
imports/c8-beta/redhat-rpm-config-131-1.el8
imports/c8-beta/redhat-rpm-config-130-1.el8
imports/c8-beta/redhat-rpm-config-128-1.el8
No related merge requests found
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
README.debrand
+0
-2
README.debrand
SOURCES/buildflags.md
+84
-19
SOURCES/buildflags.md
SOURCES/modalias.prov
+15
-13
SOURCES/modalias.prov
SPECS/redhat-rpm-config.spec
+16
-1
SPECS/redhat-rpm-config.spec
with
115 additions
and
35 deletions
+115
-35
README.debrand
deleted
100644 → 0
+
0
−
2
View file @
147ea0ac
Warning: This package was configured for automatic debranding, but the changes
failed to apply.
This diff is collapsed.
Click to expand it.
SOURCES/buildflags.md
+
84
−
19
View file @
0c6e2c57
...
...
@@ -13,6 +13,8 @@ this:
This will invoke the
`./configure`
with arguments (such as
`--prefix=/usr`
) to adjust the paths to the packaging defaults.
Prior to that, some common problems in autotools scripts are
automatically patched across the source tree.
As a side effect, this will set the environment variables
`CFLAGS`
,
`CXXFLAGS`
,
`FFLAGS`
,
`FCFLAGS`
, and
`LDFLAGS`
, so they can be used by
...
...
@@ -25,7 +27,8 @@ environment variables using
%set_build_flags
early in the
`%build`
section. (Again, existing environment variables
are not overwritten.)
are not overwritten.)
`%set_build_flags`
does not perform autotools
script rewriting, unlike
`%configure`
.
Individual build flags are also available through RPM macros:
...
...
@@ -66,11 +69,24 @@ For other considerations involving shared objects, see:
* [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)
# Customizing compiler flags
# Customizing compiler
and other build
flags
It is possible to set RPM macros to change some aspects of the
compiler flags. Changing these flags should be used as a last
recourse if other workarunds are not available.
recourse if other workarounds are not available.
### Disable autotools compatibility patching
By default, the invocation of the `
%configure
` macro replaces
`
config.guess
` files in the source tree with the system version. To
disable that, define this macro:
%global _configure_gnuconfig_hack 0
`
%configure
` also patches `
ltmain.sh
` scripts, so that linker flags
are set as well during libtool-. This can be switched off using:
%global _configure_libtool_hardening_hack 0
### Lazy binding
...
...
@@ -145,6 +161,63 @@ to the RPM spec file to disable these strict checks. Alternatively,
you can pass `
-z undefs
` to ld (written as `
-Wl,-z,undefs
` on the gcc
command line). The latter needs binutils 2.29.1-12.fc28 or later.
### Post-build ELF object processing
By default, DWARF debugging information is separated from installed
ELF objects and put into `
-debuginfo
` subpackages. To disable most
debuginfo processing (and thus the generation of these subpackages),
define `
_enable_
debug_packages
` as `
0
`.
Processing of debugging information is controlled using the
`
find-debuginfo
` tool from the `
debugedit
` package. Several aspects
of its operation can be controlled at the RPM level.
* Creation of `
-debuginfo
` subpackages is enabled by default.
To disable, undefine `
_debuginfo_
subpackages
`.
* Likewise, `
-debugsource
` subpackages are automatically created.
To disable, undefine `
_debugsource_
subpackages
`.
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
for background information.
* `
_build_
id_links
`, `
_unique_
build_ids
`, `
_unique_
debug_names
`,
`
_unique_
debug_srcs
` control how debugging information and
corresponding source files are represented on disk.
See `
/usr/lib/rpm/macros
` for details. The defaults
enable parallel installation of `
-debuginfo
` packages for
different package versions, as described in
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
* By default, a compressed symbol table is preserved in the
`
.gnu_debugdata
` section. To disable that, undefine
`
_include_
minidebuginfo
`.
* To speed up debuggers, a `
.gdb_index
` section is created. It can be
disabled by undefining `
_include_
gdb_index
`.
* Missing build IDs result in a build failure. To ignore such
problems, undefine `
_missing_
build_ids_terminate_build
`.
* During processing, build IDs are recomputed to match the binary
content. To skip this step, define `
_no_
recompute_build_ids
` as `
1
`.
* By default, the options in `
_find_
debuginfo_dwz_opts
` turn on `
dwz
`
(DWARF compression) processing. Undefine this macro to disable this
step.
* Additional options can be passed by defining the
`
_find_
debuginfo_opts
` macro.
After separation of debugging information, additional transformations
are applied, most of them also related to debugging information.
These steps can be skipped by undefining the corresponding macros:
* `
__
brp_strip
`: Removal of leftover debugging information. The tool
specified by the `
__
strip
` macro is invoked with the `
-g
` option on
ELF object (`
.o
`) files.
* `
__brp_strip_static_archive`: This is similar to `__
brp_strip
`, but
processes static `
.a
` archives instead.
* `
__
brp_strip_comment_note
`: This step removes unallocated `
.note
`
sections, and `
.comment
` sections from ELF files.
* `
__
brp_ldconfig
`: For each shared object on the library search path
whose soname does not match its file name, a symbolic link from the
soname to the file name is created. This way, these shared objects
are loadable immediately after installation, even if they are not yet
listed in the `
/etc/ld.so.cache
` file (because `
ldconfig
` has not been
invoked yet).
# Individual compiler flags
Compiler flags end up in the environment variables `
CFLAGS
`,
...
...
@@ -202,6 +275,11 @@ The general (architecture-independent) build flags are:
variables. (If the address of a variable is never taken, it is not
possible that a buffer overflow is caused by incorrect pointer
arithmetic involving a pointer to that variable.)
* `
-fstack-clash-protection
`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead.
* `
-grecord-gcc-switches
`: Include select GCC command line switches in
the DWARF debugging information. This is useful for detecting the
presence of certain build flags and general hardening coverage.
...
...
@@ -240,13 +318,6 @@ added by default. This can be switched off by undefining the
These compiler flags are enabled for all builds (hardened/annotated or
not), but their selection depends on the architecture:
* `
-fstack-clash-protection
`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead, but
is only available on certain architectures (currently aarch64, i386,
ppc64, ppc64le, s390x, x86_64).
* `
-fcf-protection
`: Instrument binaries to guard against
ROP/JOP attacks. Used on i686 and x86_64.
* `
-m64
` and `
-m32
`: Some GCC builds support both 32-bit and 64-bit in
...
...
@@ -260,24 +331,18 @@ not), but their selection depends on the architecture:
useful because unwind information is available without having to
install (and load) debugging ienformation.
Asynchronous unwind tables are enabled for aarch64, i686, s390x,
and x86_64. They are not needed on
armhfp, ppc64 and
ppc64le due
and x86_64. They are not needed on ppc64le due
to architectural differences in stack management. On these
architectures, `
-fexceptions
` (see above) still enables regular
unwind tables (or they are enabled by default even without this
option).
* `
-funwind-tables
`: A subset of the unwind information restricted
to actual call sites. Used on
ppc64,
ppc64le. Also implied by
to actual call sites. Used on ppc64le. Also implied by
`
-fexceptions
`.
In addition, `
redhat-rpm-config
` re-selects the built-in default
tuning in the `
gcc
` package. These settings are:
* **armhfp**: `
-march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard
`
selects an Arm subarchitecture based on the ARMv7-A architecture
with 16 64-bit floating point registers. `
-mtune=cortex-8a
` selects
tuning for the Cortex-A8 implementation (while preserving compatibility
with other ARMv7-A implementations). `
-mabi=aapcs-linux
` switches to
the AAPCS ABI for GNU/Linux.
* **i686**: `
-march=x86-64
` is used to select a minimum supported
CPU level matching the baseline for the x86_64 architecture.
`
-mtune=generic
` activates tuning for a current blend of CPUs.
...
...
@@ -296,7 +361,7 @@ tuning in the `gcc` package. These settings are:
(z14).
* **x86_64**: `
-mtune=generic
` selects tuning which is expected to
beneficial for a broad range of current CPUs.
*
**ppc64** and
**aarch64** do not have any architecture-specific tuning.
* **aarch64** do
es
not have any architecture-specific tuning.
# Individual linker flags
...
...
This diff is collapsed.
Click to expand it.
SOURCES/modalias.prov
+
15
−
13
View file @
0c6e2c57
#! /bin/
sh
#! /bin/
bash -efu
# heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>.
# with modifications by Michael Brown <Michael_E_Brown@dell.com>
...
...
@@ -14,7 +14,8 @@ IFS=$'\n'
# completeness, so that we can determine when drivers are folded into
# mainline kernel.
#
case
"
$1
"
in
is_kernel_package
=
""
case
"
${
1
:-}
"
in
kernel-module-
*
)
;;
# Fedora kernel module package names start with
# kernel-module.
kernel
*
)
is_kernel_package
=
1
;;
...
...
@@ -25,6 +26,11 @@ if ! [ -z "$is_kernel_package" ]; then
exit
0
fi
# Check for presence of the commands used
which /sbin/modinfo
>
/dev/null
||
exit
0
which
sed
>
/dev/null
||
exit
0
which
sort
>
/dev/null
||
exit
0
print_modaliases
()
{
declare
class
=
$1
variants
=
$2
pos
=
$3
if
[
-n
"
$variants
"
]
;
then
...
...
@@ -35,7 +41,7 @@ print_modaliases() {
}
combine_modaliases
()
{
declare
tag class variants pos n
declare
tag class
variants
=
""
pos
=
""
n
read
class
while
read
tag
;
do
for
((
n
=
0
;
n<
${#
class
}
;
n++
))
;
do
...
...
@@ -58,19 +64,15 @@ combine_modaliases() {
print_modaliases
"
$class
"
"
$variants
"
"
$pos
"
}
for
module
in
$(
grep
-E
'/lib/modules/.+\.ko
$'
)
$*
;
do
for
module
in
$(
grep
-E
'/lib/modules/.+\.ko
(\.gz|\.bz2|\.xz)?$'
)
"
$@
"
;
do
# | head -n1 because some modules have *two* version tags. *cough*b44*cough*
modver
=
$(
/sbin/modinfo
-F
version
"
$module
"
|
head
-n1
)
modver
=
${
modver
// /_
}
modver
=
${
modver
//[^0-9a-zA-Z._]/_
}
# only add version tag if it has a version
if
[
-n
"
$modver
"
]
;
then
/sbin/modinfo
-F
alias
"
$module
"
\
|
sed
-nre
"s,(.+),modalias(
\\
1) =
$modver
,p"
else
/sbin/modinfo
-F
alias
"
$module
"
\
|
sed
-nre
"s,(.+),modalias(
\\
1),p"
fi
[
-z
"
$modver
"
]
||
modver
=
" =
$modver
"
/sbin/modinfo
-F
alias
"
$module
"
\
|
sed
-nre
"s,[^][0-9a-zA-Z._:*?/-],_,g; s,(.+),modalias(
\\
1)
$modver
,p"
done
\
|
sort
-u
\
| combine_modaliases
This diff is collapsed.
Click to expand it.
SPECS/redhat-rpm-config.spec
+
16
−
1
View file @
0c6e2c57
...
...
@@ -6,7 +6,7 @@
Summary: Red Hat specific rpm configuration files
Name: redhat-rpm-config
Version: 12
5
Version: 12
8
Release: 1%{?dist}
# No version specified.
License: GPL+
...
...
@@ -113,6 +113,11 @@ Requires: %{_bindir}/grep
Requires: %{_bindir}/sed
Requires: %{_bindir}/xargs
# iconv modules have been split out of glibc into a separate package (#1971664)
# so let's ensure packages that require them at build time but haven't yet
# added an explicit BuildRequires will continue to work (#2013328)
Requires: glibc-gconv-extra
# -fstack-clash-protection and -fcf-protection require GCC 8.
Conflicts: gcc < 8
...
...
@@ -205,6 +210,16 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
%{_rpmconfigdir}/macros.d/macros.kmp
%changelog
* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 128-1
- modalias.prov: handle compressed kmods, sanitise alias/version strings
(#1976000)
* Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 127-1
- Add Requires: glibc-gconv-extras to cover for the split (#2013328)
* Mon Nov 29 2021 Florian Weimer <fweimer@redhat.com> - 126-1
- buildflags.md: Documentation updates (#2005079)
* Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
- Add missing macros.fedora-misc file (#1874576)
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
Menu
Explore
Projects
Groups
Topics
Snippets