diff --git a/brp-llvm-compile-lto-elf b/brp-llvm-compile-lto-elf index 7eb53a1..1756651 100755 --- a/brp-llvm-compile-lto-elf +++ b/brp-llvm-compile-lto-elf @@ -48,5 +48,7 @@ check_convert_bitcode () { echo "Checking for LLVM bitcode artifacts" export -f check_convert_bitcode -find "$RPM_BUILD_ROOT" -type f -name "*.[ao]" -print0 | \ - xargs -0 -r -n1 -P$NCPUS sh -c "check_convert_bitcode \$@ $CLANG_FLAGS" ARG0 +# Deduplicate by device:inode to avoid processing hardlinks in parallel. +find "$RPM_BUILD_ROOT" -type f -name "*.[ao]" -printf "%D:%i %p\n" | \ + awk '!seen[$1]++' | cut -d" " -f2- | \ + xargs -d"\n" -r -n1 -P$NCPUS sh -c "check_convert_bitcode \$@ $CLANG_FLAGS" ARG0 diff --git a/buildflags.md b/buildflags.md index db80dcd..6252cb6 100644 --- a/buildflags.md +++ b/buildflags.md @@ -117,15 +117,17 @@ or: ### Controlling Type Safety The macro `%build_type_safety_c` can be set to change the C type -safety level. By default (value 0), all C constructs that GCC accepts -for backwards compatibility with obsolete language standards are -accepted during package builds. Packages can set -`%build_type_safety_c` to higher values to adopt future -distribution-wide type-safety increases early. +safety level. The default level is 1, see below. It can be set to 0 +to get historic levels of type safety. Changing the type safety level +may depend on correct `CFLAGS` propagation during the build. The +`%build_type_safety_c` macro needs to be set before `CFLAGS`-related +macros are expanded by RPM (that is, earlier in the file works +better). -When changing the `%build_type_safety_c` level to increase it, spec -file should use a construct like this to avoid *lowering* a future -default: +Packages can set `%build_type_safety_c` to higher values to adopt +future distribution-wide type-safety increases early. When changing +the `%build_type_safety_c` level to increase it, spec file should use +a construct like this to avoid *lowering* a future default: ``` %if %build_type_safety_c < 2 @@ -133,6 +135,10 @@ default: %endif ``` +At level 0, all C constructs that GCC accepts for backwards +compatibility with obsolete language standards are accepted during +package builds. + At level 1, the following additional error categories are enabled: * `-Werror=implicit-int`: Reject declarations and definitions that @@ -593,7 +599,11 @@ tuning in the `gcc` package. These settings are: CPU level of zEC12, while optimizing for a subsequent CPU generation (z13). * **x86_64**: `-mtune=generic` selects tuning which is expected to - beneficial for a broad range of current CPUs. + beneficial for a broad range of current CPUs. Distribution-specific + defaults for `-march=x86-64-v2` or `-march=x86-64-v3` may be + applied. The default can be overriden (for any distribution) + by specifying `--target x86_64_v2`, `--target x86_64_v3`, + `--target x86_64_v4` in the `rpmbuild` invocation. * **aarch64** does not have any architecture-specific tuning. ### Vala-specific compiler flags @@ -660,16 +670,11 @@ with such toolchains. The macros `%{extension_cflags}`, `%{extension_cxxflags}`, `%{extension_fflags}`, `%{extension_ldflags}` contain a subset of flags that have been adjusted for compatibility with alternative -toolchains, while still preserving some of the compile-time security -hardening that the standard Fedora build flags provide. +toolchains. -The current set of differences are: - -* No GCC plugins (such as annobin) are activated. -* No GCC spec files (`-specs=` arguments) are used. - -Additional flags may be removed in the future if they prove to be -incompatible with alternative toolchains. +Currently the -fexceptions and -fcf-protection flags are preserved +for binary compatibility with the languages the extensions are +built against. Extension builders should detect whether they are performing a regular RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable). In this diff --git a/forge.lua b/forge.lua deleted file mode 100644 index 91e33cf..0000000 --- a/forge.lua +++ /dev/null @@ -1,331 +0,0 @@ --- Lua code used by macros.forge and derivatives - --- Computes the suffix of a version string, removing vprefix if it matches --- For example with vprefix 1.2.3: 1.2.3.rc2 → .rc2 but 1.2.30 → 1.2.30 not 0 -local function getversionsuffix(vstring,vprefix) - if (string.sub(vstring, 1, #vprefix) == vprefix) and - (not string.match(string.sub(vstring, #vprefix + 1), "^%.?%d")) then - return string.sub(vstring, #vprefix + 1) - else - return vstring - end -end - --- Check if an identified url is sane -local function checkforgeurl(url, id, silent) - local checkedurl = nil - local checkedid = nil - local urlpatterns = { - gitlab = { - pattern = 'https://[^/]+/[^/]+/[^/#?]+', - description = 'https://(…[-.])gitlab[-.]…/owner/repo'}, - pagure = { - pattern = 'https://[^/]+/[^/#?]+', - description = 'https://pagure.io/repo'}, - pagure_ns = { - pattern = 'https://[^/]+/[^/]+/[^/#?]+', - description = 'https://pagure.io/namespace/repo'}, - pagure_fork = { - pattern = 'https://[^/]+/fork/[^/]+/[^/#?]+', - description = 'https://pagure.io/fork/owner/repo'}, - pagure_ns_fork = { - pattern = 'https://[^/]+/fork/[^/]+/[^/]+/[^/#?]+', - description = 'https://pagure.io/fork/owner/namespace/repo'}, - ["gitea.com"] = { - pattern = 'https://[^/]+/[^/]+/[^/#?]+', - description = 'https://gitea.com/owner/repo'}, - github = { - pattern = 'https://[^/]+/[^/]+/[^/#?]+', - description = 'https://(…[-.])github[-.]…/owner/repo'}, - ["code.googlesource.com"] = { - pattern = 'https://code.googlesource.com/[^#?]*[^/#?]+', - description = 'https://code.googlesource.com/…/repo'}, - ["bitbucket.org"] = { - pattern = 'https://[^/]+/[^/]+/[^/#?]+', - description = 'https://bitbucket.org/owner/repo'}, - sourcehut = { - pattern = 'https://[^/]+/~[^/]+/[^/#?]+', - description = 'https://git.sr.ht/~owner/repo'}} - if (urlpatterns[id] ~= nil) then - checkedurl = string.match(url,urlpatterns[id]["pattern"]) - if (checkedurl == nil) then - if not silent then - rpm.expand("%{error:" .. id .. " URLs must match " .. urlpatterns[id]["description"] .. " !}") - end - else - checkedid = id - end - end - return checkedurl, checkedid -end - --- Check if an url matches a known forge -local function idforge(url, silent) - local forgeurl = nil - local forge = nil - if (url ~= "") then - forge = string.match(url, "^[^:]+://([^/]+)/") - if (forge == nil) then - if not silent then - rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !}") - end - else - if (forge == "pagure.io") then - if string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+/[^/]+") then - forge = "pagure_ns_fork" - elseif string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+") then - forge = "pagure_fork" - elseif string.match(url, "[^:]+://pagure.io/[^/]+/[^/]+") then - forge = "pagure_ns" - elseif string.match(url, "[^:]+://pagure.io/[^/]+") then - forge = "pagure" - end - elseif (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then - forge = "gitlab" - elseif (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then - forge = "github" - elseif string.match(url, "[^:]+://git.sr.ht/") then - forge = "sourcehut" - end - forgeurl, forge = checkforgeurl(url, forge, silent) - end - end - return forgeurl, forge -end - --- The forgemeta macro main processing function --- See the documentation in the macros.forge file for argument description --- Also called directly by gometa -local function meta(suffix, verbose, informative, silent) - local fedora = require "fedora.common" - local ismain = (suffix == "") or (suffix == "0") - if ismain then - fedora.zalias({"forgeurl", "forgesource", "forgesetupargs", - "archivename", "archiveext", "archiveurl", - "topdir", "extractdir", "repo", "owner", "namespace", - "scm", "tag", "commit", "shortcommit", "branch", "version", - "date", "distprefix"}, verbose) - end - local variables = { - default = { - scm = "git", - archiveext = "tar.bz2", - repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}', - archivename = "%{repo" .. suffix .. "}-%{ref" .. suffix .. "}", - topdir = "%{archivename" .. suffix .. "}" }, - gitlab = { - archiveurl = "%{forgeurl" .. suffix .. "}/-/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" }, - pagure = { - archiveext = "tar.gz", - repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}', - archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" }, - pagure_ns = { - archiveext = "tar.gz", - namespace = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/]+)/[^/?#]+"))}', - repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}', - archivename = "%{namespace" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}", - archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" }, - pagure_fork = { - archiveext = "tar.gz", - owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/?#]+"))}', - repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/?#]+)"))}', - archivename = "%{owner" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}", - archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" }, - pagure_ns_fork = { - owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/]+/[^/?#]+"))}', - namespace = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/]+)/[^/?#]+")}', - repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/[^/]+/([^/?#]+)")}', - archivename = "%{owner" .. suffix .. "}-%{namespace" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}", - archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" }, - ["gitea.com"] = { - archiveext = "tar.gz", - archivename = "%{fileref" .. suffix .. "}", - archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}", - topdir = "%{repo}" }, - github = { - archiveext = "tar.gz", - archivename = "%{repo" .. suffix .. "}-%{fileref" .. suffix .. "}", - archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" }, - ["code.googlesource.com"] = { - archiveext = "tar.gz", - repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://.+/([^/?#]+)"))}', - archiveurl = "%{forgeurl" .. suffix .. "}/+archive/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}", - topdir = "" }, - ["bitbucket.org"] = { - shortcommit = '%{lua:print(string.sub(rpm.expand("%{commit' .. suffix .. '}"), 1, 12))}', - owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}', - archivename = "%{owner" .. suffix .. "}-%{repo" .. suffix .. "}-%{shortcommit" .. suffix .. "}", - archiveurl = "%{forgeurl" .. suffix .. "}/get/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}" }, - sourcehut = { - archiveext = "tar.gz", - archivename = "%{repo" .. suffix .. "}-%{fileref" .. suffix .. "}", - archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}", - topdir = "%{repo" .. suffix .. "}-%{ref" .. suffix .. "}" } } - -- Packaging a moving branch is quite a bad idea, but since at least Gitlab - -- will treat branches and tags the same way better support branches explicitly - -- than have packagers hijack %{tag} to download branch states - local spec = {} - for _, v in ipairs({'forgeurl','tag','commit','branch','version'}) do - spec[v] = rpm.expand("%{?" .. v .. suffix .. "}") - end - -- Compute the reference of the object to fetch - local isrelease = false - if (spec["tag"] ~= "") then ref = "%{?tag" .. suffix .. "}" - elseif (spec["commit"] ~= "") then ref = "%{?commit" .. suffix .. "}" - elseif (spec["branch"] ~= "") then ref = "%{?branch" .. suffix .. "}" - else ref = "%{?version" .. suffix .. "}" - isrelease = true - end - if (rpm.expand(ref) == "") then - if (suffix == "") then - rpm.expand("%{error:You need to define Version:, %{commit} or %{tag} before the macro invocation !}") - else - rpm.expand("%{error:You need to define %{version" .. suffix .. "}, %{commit" .. suffix .. "} or %{tag" .. suffix .. "} before the macro invocation !}") - end - end - local forgeurl = spec["forgeurl"] - -- For backwards compatibility only - local expliciturl = rpm.expand("%{?-u*}") - if (expliciturl ~= "") then - rpm.expand("%{warn:-u use in %%forgemeta is deprecated, use -z instead to select a separate set of rpm variables!}") - forgeurl = expliciturl - end - local forge - forgeurl, forge = idforge(forgeurl, silent) - if (forge ~= nil) then - fedora.explicitset("forgeurl" .. suffix, forgeurl, verbose) - -- Custom processing of quirky forges that can not be handled with simple variables - if (forge == "github") then - -- Workaround the way GitHub injects "v"s before some version strings (but not all!) - -- To package one of the minority of sane GitHub projects that do not munge their version - -- strings set tag to %{version} in your spec - local fileref = ref - if (ref == "%{?version" .. suffix .. "}") then - ref = "v" .. ref - elseif (fileref ~= "%{?commit" .. suffix .. "}") and - string.match(rpm.expand(fileref), "^v[%d]") then - fileref = string.gsub(rpm.expand(fileref), "^v", "") - elseif (string.match(rpm.expand(fileref), "/")) then - fileref = string.gsub(rpm.expand(fileref), "/", "-") - end - fedora.safeset("fileref" .. suffix, fileref, verbose) - elseif (forge == "gitea.com") then - -- Workaround the way gitea mangles /s in ref names - local fileref = ref - fileref = string.gsub(rpm.expand(fileref), "/", "-") - fedora.safeset("fileref" .. suffix, fileref, verbose) - elseif (forge == "code.googlesource.com") then - if (ref == "%{?version" .. suffix .. "}") then - ref = "v" .. ref - end - elseif (forge == "bitbucket.org") then - if (spec["commit"] == "") then - rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!}") - end - elseif (forge == "sourcehut") then - local fileref = ref - if (fileref ~= "%{?commit" .. suffix .. "}") and - string.match(rpm.expand(fileref), "^v[%d]") then - fileref = string.gsub(rpm.expand(fileref), "^v", "") - elseif (string.match(rpm.expand(fileref), "/")) then - fileref = string.gsub(rpm.expand(fileref), "/", "-") - end - fedora.safeset("fileref" .. suffix, fileref, verbose) - end - fedora.safeset("ref" .. suffix, ref, verbose) - -- Mass setting of the remaining variables - for k,v in pairs(variables[forge]) do - fedora.safeset(k .. suffix, variables[forge][k], verbose) - end - for k,v in pairs(variables["default"]) do - if (variables[forge][k] == nil) then - fedora.safeset(k .. suffix, variables["default"][k], verbose) - end - end - end - -- Generic rules - for _, v in ipairs({'archiveurl','archivename','archiveext','topdir'}) do - spec[v] = rpm.expand("%{?" .. v .. suffix .. "}") - end - -- Source URL processing (computing the forgesource spec variable) - local forgesource = "%{archiveurl" .. suffix .. "}" - if (string.match(spec["archiveurl"], "/([^/]+)$") ~= spec["archivename"] .. "." .. spec["archiveext"]) then - forgesource = "%{?archiveurl" .. suffix .. "}#/%{?archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" - end - fedora.safeset("forgesource" .. suffix, forgesource, verbose) - -- Setup processing (computing the forgesetup and extractdir variables) - local forgesetupargs = "-n %{extractdir" .. suffix .. "}" - local extractdir = "%{topdir" .. suffix .. "}" - if (spec["topdir"] == "") then - forgesetupargs = "-c " .. forgesetupargs - extractdir = "%{archivename" .. suffix .. "}" - end - if not ismain then - if (spec["topdir"] ~= "") then - forgesetupargs = "-T -D -b " .. suffix .. " " .. forgesetupargs - else - forgesetupargs = "-T -D -a " .. suffix .. " " .. forgesetupargs - end - end - fedora.safeset("forgesetupargs" .. suffix, forgesetupargs, verbose) - fedora.safeset("extractdir" .. suffix, extractdir, verbose) - -- dist processing (computing the correct prefix for snapshots) - local distprefix = "" - if not isrelease then - distprefix = string.lower(rpm.expand(ref)) - if (ref == "%{?commit" .. suffix .. "}") then - distprefix = string.sub(distprefix, 1, 7) - elseif (ref ~= "%{?branch" .. suffix .. "}") then - distprefix = string.gsub(distprefix, "[%p%s]+", ".") - distprefix = string.gsub(distprefix, "^" .. string.lower(rpm.expand("%{?repo}")) .. "%.?", "") - local v = string.gsub(rpm.expand("%{version}"), "[%p%s]+", ".") - for _, p in ipairs({'','v','v.','version','version.','tags.v', 'tags.v.'}) do - distprefix = getversionsuffix(distprefix, p .. v) - end - distprefix = string.gsub(distprefix, "^%.", "") - end - if (distprefix ~= "") then - distprefix = "%{scm" .. suffix .. "}" .. distprefix - date = rpm.expand("%{?date" .. suffix .. "}") - if (date ~= "") then - distprefix = date .. distprefix - else - distprefix = "%([ -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "})" .. distprefix - end - distprefix = "." .. distprefix - end - end - if (spec["version"] ~= "") and - (spec["version"] ~= "0") and - (spec["version"] ~= rpm.expand("%{?version}")) then - distprefix = ".%{version" .. suffix .. "}" .. distprefix - end - if (rpm.expand(distprefix) ~= "") then - if not ismain then - distprefix = string.gsub(distprefix, "^%.", ".s") - end - fedora.safeset ("distprefix" .. suffix, distprefix, verbose) - end - if ismain then - fedora.zalias({"forgeurl", "forgesource", "forgesetupargs", - "archivename", "archiveext", "archiveurl", - "topdir", "extractdir", "repo", "owner", "namespace", - "scm", "shortcommit", "distprefix"}, verbose) - end - -- Final spec variable summary if the macro was called with -i - if informative then - rpm.expand("%{echo:Packaging variables read or set by %%forgemeta}") - fedora.echovars({"forgeurl", "forgesource", "forgesetupargs", - "archivename", "archiveext", "archiveurl", - "topdir", "extractdir", "repo", "owner", "namespace", - "scm", "tag", "commit", "shortcommit", "branch", "version", - "date", "distprefix"}, suffix) - fedora.echovars({"dist"},"") - rpm.expand("%{echo: (snapshot date is either manually supplied or computed once %%{_sourcedir}/%%{archivename" .. suffix .. "}.%%{archiveext" .. suffix .. "} is available)}") - end -end - -return { - meta = meta, -} - diff --git a/gpgverify b/gpgverify index 524a396..93a60d1 100755 --- a/gpgverify +++ b/gpgverify @@ -5,7 +5,7 @@ # This material is provided as is, with absolutely no warranty expressed # or implied. Any use is at your own risk. # -# Permission is hereby granted to use or copy this shellscript +# Permission is hereby granted to use or copy this program # for any purpose, provided the above notices are retained on all copies. # Permission to modify the code and to distribute modified code is granted, # provided the above notices are retained, and a notice that the code was diff --git a/macros b/macros index c6d5729..6f6a130 100644 --- a/macros +++ b/macros @@ -113,13 +113,19 @@ # Internal-only. Do not use. Expand a variable and strip the flags # not suitable to extension builders. %__extension_strip_flags() %{lua: +--the only argument to this macro is the "name" of the flags we strip (e.g. cflags, ldflags, etc.) local name = rpm.expand("%{1}") -local value = " " .. rpm.expand("%{build_" .. name .. "}") -local specs_pattern = "%s+-specs=[^%s]+" -local lto_flags_pattern = rpm.expand("%{?_lto_cflags}"):gsub("[%-%.]", "%%%1") -local package_note_flags_pattern = "%-Wl,%S*package_note%S*" -local result = value:gsub(specs_pattern, " "):gsub(lto_flags_pattern, ""):gsub(package_note_flags_pattern, "") -print(result) +--store all the individual flags in a variable as a continuous string +local flags = rpm.expand("%{build_" .. name .. "}") +--create an empty table for the minimal set of flags we wanna preserve +local stripped_flags = { } +--iterate over the individual flags and store the ones we want in the table as unique keys +for flag in flags:gmatch("%S+") do + if flag:find("^%-fexceptions") or flag:find("^%-fcf%-protection") then + stripped_flags[flag] = true end + end +--print out the finalized set of flags for use by the extension builders +for k,_ in pairs(stripped_flags) do print(k .. " ") end } # Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within @@ -141,6 +147,7 @@ print(result) %__cflags_arch_x86_64_v2 %[0%{?rhel} == 9 ? "-march=x86-64-v2" : ""] %__cflags_arch_x86_64_v3 %[0%{?rhel} > 9 ? "-march=x86-64-v3" : ""] %__cflags_arch_x86_64 %{__cflags_arch_x86_64_v2} %{__cflags_arch_x86_64_v3} +%__cflags_arch_x86_64_common -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection %{_frame_pointers_cflags} %{_frame_pointers_cflags_x86_64} # Also used for s390. %__cflags_arch_s390x %[0%{?rhel} >= 9 ? "-march=z14 -mtune=z15" : "-march=z13 -mtune=z14"] @@ -387,7 +394,7 @@ print(result) # This can be set to a positive integer to obtain increasing type # safety levels for C. See buildflags.md. -%build_type_safety_c 0 +%build_type_safety_c 1 # Some linkers default to a build-id algorithm that is not supported by rpmbuild, # so we need to specify the right algorithm to use. diff --git a/macros.forge b/macros.forge deleted file mode 100644 index efd7327..0000000 --- a/macros.forge +++ /dev/null @@ -1,70 +0,0 @@ -# Computes forge-related variables for use in the rest of the spec file -# Control variables, flags and arguments: -# %{forgeurl} the project url on the target forge -# %{tag} the packaged tag, OR -# %{commit} the packaged commit, OR -# %{version} the packaged version -# – %{version}/%{version0} are set via: -# Version: -# – because git is lacking a built-in version -# reference, %{version} will be translated -# into %{tag} using unreliable heuristics; -# set %{tag} directly if those fail -# %{date} the packaged timestamp -# … %forgemeta will compute a huge number of variables: -# — the packager can override it by setting some of -# those before the %forgemeta call -# – use the -i flag to list those variables -# -z only process the zth block of definitions -# "" for the no-suffix block -# -i list the resulting variable values -# -s silently ignore problems in %{forgeurl} -# -v be verbose -# -a process all sources in one go, instead of using -# separate -z calls -%forgemeta(z:isva) %{lua: -local fedora = require "fedora.common" -local forge = require "fedora.srpm.forge" -local verbose = rpm.expand("%{-v}") ~= "" -local informative = rpm.expand("%{-i}") ~= "" -local silent = rpm.expand("%{-s}") ~= "" -local processall = (rpm.expand("%{-a}") ~= "") and (rpm.expand("%{-z}") == "") -if processall then - for _,s in pairs(fedora.getsuffixes("forgeurl")) do - forge.meta(s,verbose,informative,silent) - end -else - forge.meta(rpm.expand("%{-z*}"),verbose,informative,silent) -end -} - -# Unpacks sources computed by %forgemeta -# Control variables, flags and arguments: -# %{forgesource} the source archive that will be processed -# %{forgesetupargs} %setup arguments - -# -z only process the zth block of definitions -# "" for the no-suffix block -# -v be verbose -# -a process all sources in one go, instead of using -# separate -z calls -%forgesetup(z:va) %{lua: -local fedora = require "fedora.common" -if (rpm.expand("%{-z}") == "") and (rpm.expand("%{-a}") ~= "") then - for _,s in pairs(fedora.getsuffixes("forgesetupargs")) do - print(rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. s .. "}\\n")) - end -else - print( rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n")) -end -} - -# Calls %autosetup using %forgemeta results -# – this will probably be removed since it is unsafe in presence of multiple -# sources -# Control variables, flags and arguments: -# -z process the zth block of definitions -# -v -N -S -p relayed to %autosetup -%forgeautosetup(z:vNS:p:q) %{lua: -print(rpm.expand("%autosetup %{-v} %{-N} %{?-S} %{?-p} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n")) -} diff --git a/macros.rpmautospec b/macros.rpmautospec new file mode 100644 index 0000000..170e480 --- /dev/null +++ b/macros.rpmautospec @@ -0,0 +1,16 @@ +%autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = tonumber(rpm.expand("%{?_rpmautospec_release_number}%{!?_rpmautospec_release_number:1}")); + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +%autochangelog %{lua: + locale = os.setlocale(nil) + os.setlocale("C.utf8") + date = os.date("%a %b %d %Y") + os.setlocale(locale) + packager = rpm.expand("%{?packager}%{!?packager:John Doe }") + evr = rpm.expand("%{?epoch:%{epoch}:}%{version}-%{release}") + print("* " .. date .. " " .. packager .. " - " .. evr .. "\\n") + print("- local build") +} + diff --git a/redhat-rpm-config.spec b/redhat-rpm-config.spec index 87f30e2..d2f332d 100644 --- a/redhat-rpm-config.spec +++ b/redhat-rpm-config.spec @@ -4,14 +4,14 @@ # 2) When making changes, increment the version (in baserelease) by 1. # rpmdev-bumpspec and other tools update the macro below, which is used # in Version: to get the desired effect. -%global baserelease 261 +%global baserelease 270 Summary: Red Hat specific rpm configuration files Name: redhat-rpm-config Version: %{baserelease} Release: 1.0.riscv64%{?dist} -# No version specified. -License: GPL+ +# config.guess, config.sub are GPL-3.0-or-later WITH Autoconf-exception-generic +License: GPL-1.0-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic AND Boehm-GC URL: https://src.fedoraproject.org/rpms/redhat-rpm-config # Core rpm settings @@ -46,10 +46,10 @@ Source107: macros.gap-srpm Source150: macros.build-constraints Source151: macros.dwz Source152: macros.fedora-misc -Source153: macros.forge Source155: macros.ldconfig Source156: macros.vpath Source157: macros.shell-completions +Source158: macros.rpmautospec # Build policy scripts # this comes from https://github.com/rpm-software-management/rpm/pull/344 @@ -81,7 +81,6 @@ Source701: brp-strip-lto # Convenience lua functions Source800: common.lua -Source801: forge.lua # Documentation Source900: buildflags.md @@ -92,6 +91,8 @@ Requires: coreutils Requires: efi-srpm-macros Requires: fonts-srpm-macros +# ↓ Provides macros.forge and forge.lua originally shipped by us +Requires: forge-srpm-macros Requires: ghc-srpm-macros Requires: go-srpm-macros # ↓ Provides kmod.attr originally shipped by us @@ -106,7 +107,6 @@ Requires: qt5-srpm-macros Requires: qt6-srpm-macros # rust-srpm-macros v24 contains %%build_rustflags defintion Requires: rust-srpm-macros >= 24 -Requires: rpmautospec-rpm-macros Requires: package-notes-srpm-macros Requires: pyproject-srpm-macros @@ -131,10 +131,13 @@ Requires: %{_bindir}/xargs # for brp-llvm-compile-lto-elf Requires: (llvm if clang) +Requires: (gawk if clang) # -fstack-clash-protection and -fcf-protection require GCC 8. Conflicts: gcc < 8.0.1-0.22 +Obsoletes: rpmautospec-rpm-macros < 0.3.6 + Provides: system-rpm-config = %{version}-%{release} %global rrcdir /usr/lib/rpm/redhat @@ -171,7 +174,6 @@ install -p -m 644 -t %{buildroot}%{_fileattrsdir} *.attr mkdir -p %{buildroot}%{_rpmluadir}/fedora/{rpm,srpm} install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua -install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora/srpm forge.lua # This trigger is used to decide which version of the annobin plugin for gcc # should be used. See comments in the script for full details. @@ -236,15 +238,14 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora/srpm forge.lua %{_rpmconfigdir}/macros.d/macros.build-constraints %{_rpmconfigdir}/macros.d/macros.dwz %{_rpmconfigdir}/macros.d/macros.fedora-misc -%{_rpmconfigdir}/macros.d/macros.forge %{_rpmconfigdir}/macros.d/macros.ldconfig +%{_rpmconfigdir}/macros.d/macros.rpmautospec %{_rpmconfigdir}/macros.d/macros.shell-completions %{_rpmconfigdir}/macros.d/macros.vpath %dir %{_rpmluadir}/fedora %dir %{_rpmluadir}/fedora/srpm %dir %{_rpmluadir}/fedora/rpm %{_rpmluadir}/fedora/*.lua -%{_rpmluadir}/fedora/srpm/*lua %attr(0755,-,-) %{rrcdir}/redhat-annobin-plugin-select.sh %verify(owner group mode) %{rrcdir}/redhat-annobin-cc1 @@ -254,11 +255,39 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora/srpm forge.lua %doc buildflags.md %changelog -* Thu Jul 27 2023 David Abdurachmanov - 261-1.0.riscv64 +* Thu Oct 12 2023 David Abdurachmanov - 270-1.0.riscv64 - Add riscv64 to %%gap_arches, %%java_arches, and %%nodejs_arches - Set %%_clang_lto_cflags to %%nil as ld.gold is not implemented for riscv64 and thus LTO with Clang doesn't work. +* Thu Oct 5 2023 Florian Weimer - 270-1 +- Disable -fstack-clash-protection on riscv64 (#2242327) + +* Thu Oct 5 2023 Nikita Popov - 269-1 +- Use correct format specifier in brp-llvm-compile-lto-elf + +* Fri Sep 29 2023 Nikita Popov - 268-1 +- Fix brp-llvm-compile-lto-elf parallelism with hardlinks (#2234024) + +* Tue Sep 26 2023 Florian Weimer - 267-1 +- Switch %%build_type_safety_c to 1 (#2142177) + +* Thu Sep 07 2023 Maxwell G - 266-1 +- Split out forge macros to forge-srpm-macros package + +* Tue Aug 29 2023 Florian Weimer - 265-1 +- Add support for x86_64_v2, x86_64_v3, x86_64_v4 (#2233093) + +* Tue Aug 22 2023 Yaakov Selkowitz - 264-1 +- Add macros.rpmautospec + +* Mon Aug 21 2023 Miroslav Suchy - 263-1 +- Migrate to SPDX + +* Wed Aug 02 2023 Charalampos Stratakis - 262-1 +- Strip all extension builder flags except -fexceptions and -fcf-protection +- https://fedoraproject.org/wiki/Changes/Python_Extension_Flags_Reduction + * Fri Jul 7 2023 Florian Weimer - 261-1 - Fix warnings that appear during the build of the llvm package diff --git a/rpmrc b/rpmrc index a12e122..a407129 100644 --- a/rpmrc +++ b/rpmrc @@ -5,7 +5,10 @@ optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection -optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection %{_frame_pointers_cflags} %{_frame_pointers_cflags_x86_64} +optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} %__cflags_arch_x86_64_common +optflags: x86_64_v2 %{__global_compiler_flags} -m64 -march=x86-64-v2 %__cflags_arch_x86_64_common +optflags: x86_64_v3 %{__global_compiler_flags} -m64 -march=x86-64-v3 %__cflags_arch_x86_64_common +optflags: x86_64_v4 %{__global_compiler_flags} -m64 -march=x86-64-v4 %__cflags_arch_x86_64_common optflags: ppc64le %{__global_compiler_flags} -m64 %{__cflags_arch_ppc64le} -fasynchronous-unwind-tables -fstack-clash-protection @@ -13,7 +16,7 @@ optflags: s390x %{__global_compiler_flags} -m64 %{__cflags_arch_s390x} -fasynchr optflags: aarch64 %{__global_compiler_flags} -mbranch-protection=standard -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ] %{_frame_pointers_cflags} %{_frame_pointers_cflags_aarch64} -optflags: riscv64 %{__global_compiler_flags} -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ] %{_frame_pointers_cflags} +optflags: riscv64 %{__global_compiler_flags} -fasynchronous-unwind-tables %{_frame_pointers_cflags} # set build arch to fedora buildarches on hardware capable of running it # saves having to do rpmbuild --target= diff --git a/tests/brp-llvm-compile-lto-elf/brp-llvm-compile-lto-elf-test-lib/brp-llvm-compile-lto-elf-test-lib.spec b/tests/brp-llvm-compile-lto-elf/brp-llvm-compile-lto-elf-test-lib/brp-llvm-compile-lto-elf-test-lib.spec index d8bfb32..52a6c1f 100644 --- a/tests/brp-llvm-compile-lto-elf/brp-llvm-compile-lto-elf-test-lib/brp-llvm-compile-lto-elf-test-lib.spec +++ b/tests/brp-llvm-compile-lto-elf/brp-llvm-compile-lto-elf-test-lib/brp-llvm-compile-lto-elf-test-lib.spec @@ -18,17 +18,19 @@ Source1: %{name}.h %build -clang ${CFLAGS} -c %{SOURCE0} -o lib.o -ar cr %{name}.a lib.o +clang ${CFLAGS} -c %{SOURCE0} -o %{name}.o +ar cr %{name}.a %{name}.o ranlib %{name}.a %install mkdir -p %{buildroot}%{_libdir} mkdir -p %{buildroot}%{_includedir} +%{__install} -p -m 644 -t %{buildroot}%{_libdir} %{name}.o %{__install} -p -m 644 -t %{buildroot}%{_libdir} %{name}.a %{__install} -p -m 644 -t %{buildroot}%{_includedir} %{SOURCE1} %files +%{_libdir}/%{name}.o %{_libdir}/%{name}.a %{_includedir}/%{name}.h diff --git a/tests/brp-llvm-compile-lto-elf/brp-llvm-compile-lto-elf-test/brp-llvm-compile-lto-elf-test.spec b/tests/brp-llvm-compile-lto-elf/brp-llvm-compile-lto-elf-test/brp-llvm-compile-lto-elf-test.spec index a43e545..595030b 100644 --- a/tests/brp-llvm-compile-lto-elf/brp-llvm-compile-lto-elf-test/brp-llvm-compile-lto-elf-test.spec +++ b/tests/brp-llvm-compile-lto-elf/brp-llvm-compile-lto-elf-test/brp-llvm-compile-lto-elf-test.spec @@ -18,7 +18,9 @@ Source0: %{name}.c %build gcc ${CFLAGS} -c %{SOURCE0} -o %{name}.o -gcc ${LDFLAGS} %{name}.o %{_libdir}/%{name}-lib.a -o %{name} +gcc ${LDFLAGS} %{name}.o %{_libdir}/%{name}-lib.a -o %{name}-ar +gcc ${LDFLAGS} %{name}.o %{_libdir}/%{name}-lib.o -o %{name}-obj %check -./%{name} | grep "Hello, world!" +./%{name}-ar | grep "Hello, world!" +./%{name}-obj | grep "Hello, world!" diff --git a/tests/extension-builder-flags/main.fmf b/tests/extension-builder-flags/main.fmf new file mode 100644 index 0000000..b7b7c54 --- /dev/null +++ b/tests/extension-builder-flags/main.fmf @@ -0,0 +1,5 @@ +summary: Test that the extension builder flags contain the proper flags +require: + - redhat-rpm-config +test: ./runtest.sh + diff --git a/tests/extension-builder-flags/runtest.sh b/tests/extension-builder-flags/runtest.sh new file mode 100755 index 0000000..a54cb09 --- /dev/null +++ b/tests/extension-builder-flags/runtest.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -ex +# Verify that the extension builder flags are stripped of non-required flags. +# The flags may appear in random order due to being accessed through a lua +# associative array. +for f in %{extension_cflags} %{extension_cxxflags} %{extension_fflags}; do + [[ $(rpm --eval "$f") =~ ^[[:space:]]*(-fexceptions -fcf-protection|-fcf-protection -fexceptions)[[:space:]]*$ ]] +done +# The extension ldflag should always be empty +[[ -z $(rpm --eval "%extension_ldflags") ]]