Keep the macro deps in alphabetical order.

The font guidelines overhaul was approved by FPC, so bring the macros
into the buildroot.  https://pagure.io/packaging-committee/issue/935

brp-ldconfig

@@ -6,5 +6,8 @@ if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
   exit 0
 fi
 
-/sbin/ldconfig -N -r "$RPM_BUILD_ROOT"
+# Create an empty config file for ldconfig to shut up a warning
+config=$(mktemp -p "$RPM_BUILD_ROOT")
+/sbin/ldconfig -f $(basename "$config") -N -r "$RPM_BUILD_ROOT"
+rm -f "$config"
 # TODO: warn if it created new symlinks and guide people.

brp-mangle-shebangs

@@ -70,13 +70,17 @@ done
 
 cd "$RPM_BUILD_ROOT"
 
-trim() {
-  printf '%s' "$*"
-}
-
+# Large packages such as kernel can have thousands of executable files.
+# We take care to not fork/exec thousands of "file"s and "grep"s,
+# but run just two of them.
+# (Take care to exclude filenames which would mangle "file" output).
+find -executable -type f ! -path '*:*' ! -path $'*\n*' \
+| file -N --mime-type -f - \
+| grep -P ".+(?=: text/)" \
+| {
 fail=0
-while IFS= read -r -d $'\0' f; do
-  file -N --mime-type "$f" | grep -q -P ".+(?=: text/)" || continue
+while IFS= read -r line; do
+  f=${line%%:*}
 
   # Remove the dot
   path="${f#.}"
@@ -88,24 +92,34 @@ while IFS= read -r -d $'\0' f; do
     echo "$path" | grep -q -E -f "$exclude_files_from" && continue
   fi
 
-  ts=$(stat -c %y "$f")
 
-  read shebang_line < "$f" || :
-  orig_shebang=$(trim $(echo "$shebang_line" | grep -Po "#!\K.*" || echo))
-  shebang="$orig_shebang"
-  if [ -n "$exclude_shebangs" ]; then
-    echo "$shebang" | grep -q -E "$exclude_shebangs" && continue
-  fi
-  if [ -n "$exclude_shebangs_from" ]; then
-    echo "$shebang" | grep -q -E -f "$exclude_shebangs_from" && continue
-  fi
-
-  if [ -z "$shebang" ]; then
-    echo >&2 "*** WARNING: $f is executable but has empty or no shebang, removing executable bit"
+  read shebang_line < "$f"
+  orig_shebang="${shebang_line#\#!}"
+  if [ "$orig_shebang" = "$shebang_line" ]; then
+    echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit"
+    ts=$(stat -c %y "$f")
     chmod -x "$f"
     touch -d "$ts" "$f"
     continue
-  elif [ -n "${shebang##/*}" ]; then
+  fi
+
+  # Trim spaces
+  while shebang="${orig_shebang//  / }"; [ "$shebang" != "$orig_shebang" ]; do
+    orig_shebang="$shebang"
+  done
+  # Treat "#! /path/to " as "#!/path/to"
+  orig_shebang="${orig_shebang# }"
+
+  shebang="$orig_shebang"
+
+  if [ -z "$shebang" ]; then
+    echo >&2 "*** WARNING: $f is executable but has empty shebang, removing executable bit"
+    ts=$(stat -c %y "$f")
+    chmod -x "$f"
+    touch -d "$ts" "$f"
+    continue
+  fi
+  if [ -n "${shebang##/*}" ]; then
     echo >&2 "*** ERROR: $f has shebang which doesn't start with '/' ($shebang)"
     fail=1
     continue
@@ -129,14 +143,16 @@ while IFS= read -r -d $'\0' f; do
   py_shebang=$(echo "$shebang" | sed -r -e 's@/usr/bin/python(\s|$)@/usr/bin/python2\1@')
 
   if [ "$shebang" != "$py_shebang" ]; then
-    sed -i -e "1c #!$py_shebang" "$f"
-    echo >&2 "*** WARNING: mangling shebang in $path from #!$orig_shebang to #!$py_shebang. This will become an ERROR, fix it manually!"
+    echo >&2 "*** ERROR: ambiguous python shebang in $path: #!$orig_shebang. Change it to python3 (or python2) explicitly."
+    fail=1
   elif [ "#!$shebang" != "#!$orig_shebang" ]; then
-    sed -i -e "1c #!$shebang" "$f"
     echo "mangling shebang in $path from $orig_shebang to #!$shebang"
+    ts=$(stat -c %y "$f")
+    sed -i -e "1c #!$shebang" "$f"
+    touch -d "$ts" "$f"
   fi
 
-  touch -d "$ts" "$f"
-done < <(find -executable -type f -print0)
+done
 
 exit $fail
+}

brp-python-bytecompile

@@ -0,0 +1,144 @@
+#!/bin/bash
+errors_terminate=$2
+extra=$3
+
+# If using normal root, avoid changing anything.
+if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
+	exit 0
+fi
+
+# Figure out how deep we need to descend.  We could pick an insanely high
+# number and hope it's enough, but somewhere, somebody's sure to run into it.
+depth=`(find "$RPM_BUILD_ROOT" -type f -name "*.py" -print0 ; echo /) | \
+       xargs -0 -n 1 dirname | sed 's,[^/],,g' | sort -u | tail -n 1 | wc -c`
+if [ -z "$depth" -o "$depth" -le "1" ]; then
+	exit 0
+fi
+
+# This function now implements Python byte-compilation in two different ways:
+# Python >= 3.4 uses a new module compileall2 - https://github.com/fedora-python/compileall2
+# Python < 3.4 (inc. Python 2) uses compileall module from stdlib with some hacks
+# When we drop support for Python 2, we'd be able to use all compileall2 features like:
+# - -s and -p options to manipulate with a path baked into pyc files instead of $real_libdir
+# - -o 0 -o 1 to produce multiple files in one run - each with a different optimization level - instead of $options
+# - removed useless $depth - both compileall and compileall2 are limited by sys.getrecursionlimit()
+# These changes will make this script much simpler
+function python_bytecompile()
+{
+    local options=$1
+    local python_binary=$2
+    local exclude=$3
+    local python_libdir=$4
+    local depth=$5 # Not used for Python >= 3.4
+    local real_libdir=$6 # Not used for Python >= 3.4
+
+	python_version=$($python_binary -c "import sys; sys.stdout.write('{0.major}{0.minor}'.format(sys.version_info))")
+
+	#
+	# Python 3.4 and higher
+	#
+	if [ "$python_version" -ge 34 ]; then
+
+		[ ! -z $exclude ] && exclude="-x '$exclude'"
+		# /usr/lib/rpm/redhat/ contains compileall2 Python module
+		# -q disables verbose output
+		# -f forces the process to overwrite existing compiled files
+		# -x excludes paths defined by regex
+		# -e excludes symbolic links pointing outside the build root
+		# -x and -e together implements the same functionality as the Filter class below
+		# -s strips $RPM_BUILD_ROOT from the path
+		# -p prepends the leading slash to the path to make it absolute
+		PYTHONPATH=/usr/lib/rpm/redhat/ $python_binary -B $options -m compileall2 -q -f $exclude -s $RPM_BUILD_ROOT -p / -e $RPM_BUILD_ROOT $python_libdir
+	else
+#
+# Python 3.3 and lower (incl. Python 2)
+#
+
+cat << EOF | $python_binary $options
+import compileall, sys, os, re
+
+python_libdir = "$python_libdir"
+depth = $depth
+real_libdir = "$real_libdir"
+build_root = "$RPM_BUILD_ROOT"
+exclude = r"$exclude"
+
+class Filter:
+    def search(self, path):
+        ret = not os.path.realpath(path).startswith(build_root)
+        if exclude:
+            ret = ret or re.search(exclude, path)
+        return ret
+
+sys.exit(not compileall.compile_dir(python_libdir, depth, real_libdir, force=1, rx=Filter(), quiet=1))
+EOF
+
+fi
+}
+
+# .pyc/.pyo files embed a "magic" value, identifying the ABI version of Python
+# bytecode that they are for.
+#
+# The files below RPM_BUILD_ROOT could be targeting multiple versions of
+# python (e.g. a single build that emits several subpackages e.g. a
+# python26-foo subpackage, a python31-foo subpackage etc)
+#
+# Support this by assuming that below each /usr/lib/python$VERSION/, all
+# .pyc/.pyo files are to be compiled for /usr/bin/python$VERSION.
+# 
+# For example, below /usr/lib/python2.6/, we're targeting /usr/bin/python2.6
+# and below /usr/lib/python3.1/, we're targeting /usr/bin/python3.1
+
+shopt -s nullglob
+for python_libdir in `find "$RPM_BUILD_ROOT" -type d|grep -E "/usr/lib(64)?/python[0-9]\.[0-9]+$"`;
+do
+	python_binary=/usr/bin/$(basename $python_libdir)
+	real_libdir=${python_libdir/$RPM_BUILD_ROOT/}
+	echo "Bytecompiling .py files below $python_libdir using $python_binary"
+
+	# Generate normal (.pyc) byte-compiled files.
+	python_bytecompile "" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
+	if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
+		# One or more of the files had a syntax error
+		exit 1
+	fi
+
+	# Generate optimized (.pyo) byte-compiled files.
+	python_bytecompile "-O" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
+	if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
+		# One or more of the files had a syntax error
+		exit 1
+	fi
+done
+
+
+# Handle other locations in the filesystem using the default python implementation
+# if extra is set to 0, don't do this
+if [ 0$extra -eq 0 ]; then
+	exit 0
+fi
+
+# If we don't have a default python interpreter, we cannot proceed
+default_python=${1:-/usr/bin/python}
+if [ ! -x "$default_python" ]; then
+	exit 0
+fi
+
+# Figure out if there are files to be bytecompiled with the default_python at all
+# this prevents unnecessary default_python invocation
+find "$RPM_BUILD_ROOT" -type f -name "*.py" | grep -Ev "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" || exit 0
+
+# Generate normal (.pyc) byte-compiled files.
+python_bytecompile "" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"
+if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
+	# One or more of the files had a syntax error
+	exit 1
+fi
+
+# Generate optimized (.pyo) byte-compiled files.
+python_bytecompile "-O" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"
+if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
+	# One or more of the files had a syntax error
+	exit 1
+fi
+exit 0

brp-strip-lto

@@ -0,0 +1,17 @@
+#!/usr/bin/sh
+# If using normal root, avoid changing anything.
+if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then
+	exit 0
+fi
+
+STRIP=${1:-strip}
+NCPUS=${RPM_BUILD_NCPUS:-1}
+
+case `uname -a` in
+Darwin*) exit 0 ;;
+*) ;;
+esac
+
+# Strip ELF binaries
+find "$RPM_BUILD_ROOT" -type f -name '*.[ao]' \! -regex "$RPM_BUILD_ROOT/*usr/lib/debug.*" -print0 | \
+  eu-elfclassify --not-program --not-library --not-linux-kernel-module --stdin0 --print0 | xargs -0 -r -P$NCPUS -n32 sh -c "$STRIP -p -R .gnu.lto_* -R .gnu.debuglto_* -N __gnu_lto_v1 \"\$@\"" ARG0

buildflags.md

@@ -15,9 +15,9 @@ This will invoke the `./configure` with arguments (such as
 `--prefix=/usr`) to adjust the paths to the packaging defaults.
 
 As a side effect, this will set the environment variables `CFLAGS`,
-`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by
-makefiles and other build tools.  (However, existing values for this
-variables are not overwritten.)
+`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, `LDFLAGS` and `LT_SYS_LIBRARY_PATH`,
+so they can be used by makefiles and other build tools.  (However,
+existing values for these variables are not overwritten.)
 
 If your package does not use autoconf, you can still set the same
 environment variables using
@@ -43,6 +43,9 @@ Individual build flags are also available through RPM macros:
   driver.  At the start of the `%build` section, the environment
   variable `RPM_LD_FLAGS` is set to this value.
 
+The variable `LT_SYS_LIBRARY_PATH` is defined here to prevent the `libtool`
+script (v2.4.6+) from hardcoding %_libdir into the binaries' RPATH.
+
 These RPM macros do not alter shell environment variables.
 
 For some other build tools separate mechanisms exist:
@@ -64,7 +67,7 @@ For building shared objects, you must compile with `-fPIC` in
 
 For other considerations involving shared objects, see:
 
-* [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)
+* [Fedora Packaging Guidelines: Shared Libraries](https://docs.fedoraproject.org/en-US/packaging-guidelines/#_shared_libraries)
 
 # Customizing compiler flags
 
@@ -145,6 +148,18 @@ to the RPM spec file to disable these strict checks.  Alternatively,
 you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
 command line).  The latter needs binutils 2.29.1-12.fc28 or later.
 
+### Legacy -fcommon
+
+Since version 10, [gcc defaults to `-fno-common`](https://gcc.gnu.org/gcc-10/porting_to.html#common).
+Builds may fail with `multiple definition of ...` errors.
+
+As a short term workaround for such failure,
+it is possible to add `-fcommon` to the flags by defining `%_legacy_common_support`.
+
+    %define _legacy_common_support 1
+
+Properly fixing the failure is always preferred!
+
 # Individual compiler flags
 
 Compiler flags end up in the environment variables `CFLAGS`,
@@ -332,3 +347,44 @@ linker flags:
   security exploits, redirecting execution).  Therefore, it is
   preferable to turn of lazy binding, although it increases startup
   time.
+
+# Support for extension builders
+
+Some packages include extension builders that allow users to build
+extension modules (which are usually written in C and C++) under the
+control of a special-purpose build system.  This is a common
+functionality provided by scripting languages such as Python and Perl.
+Traditionally, such extension builders captured the Fedora build flags
+when these extension were built.  However, these compiler flags are
+adjusted for a specific Fedora release and toolchain version and
+therefore do not work with a custom toolchain (e.g., different C/C++
+compilers), and users might want to build their own extension modules
+with such toolchains.
+
+The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
+`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
+flags that have been adjusted for compatibility with alternative
+toolchains, while still preserving some of the compile-time security
+hardening that the standard Fedora build flags provide.
+
+The current set of differences are:
+
+* No GCC plugins (such as annobin) are activated.
+* No GCC spec files (`-specs=` arguments) are used.
+
+Additional flags may be removed in the future if they prove to be
+incompatible with alternative toolchains.
+
+Extension builders should detect whether they are performing a regular
+RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable).  In this
+case, they should use the *current* set of Fedora build flags (that
+is, the output from `rpm --eval '%{build_cflags}'` and related
+commands).  Otherwise, when not performing an RPM build, they can
+either use hard-coded extension builder flags (thus avoiding a
+run-time dependency on `redhat-rpm-config`), or use the current
+extension builder flags (with a run-time dependency on
+`redhat-rpm-config`).
+
+As a result, extension modules built for Fedora will use the official
+Fedora build flags, while users will still be able to build their own
+extension modules with custom toolchains.

common.lua

@@ -0,0 +1,197 @@
+-- Convenience Lua functions that can be used within rpm macros
+
+-- Set a spec variable
+-- Echo the result if verbose
+local function explicitset(rpmvar, value, verbose)
+  local value = value
+  if (value == nil) or (value == "") then
+    value = "%{nil}"
+  end
+  rpm.define(rpmvar .. " " .. value)
+  if verbose then
+    rpm.expand("%{echo:Setting %%{" .. rpmvar .. "} = " .. value .. "}")
+  end
+end
+
+-- Unset a spec variable if it is defined
+-- Echo the result if verbose
+local function explicitunset(rpmvar, verbose)
+  if (rpm.expand("%{" .. rpmvar .. "}") ~= "%{" .. rpmvar .. "}") then
+    rpm.define(rpmvar .. " %{nil}")
+    if verbose then
+      rpm.expand("%{echo:Unsetting %%{" .. rpmvar .. "}}")
+    end
+  end
+end
+
+-- Set a spec variable, if not already set
+-- Echo the result if verbose
+local function safeset(rpmvar, value, verbose)
+  if (rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
+    explicitset(rpmvar,value,verbose)
+  end
+end
+
+-- Alias a list of rpm variables to the same variables suffixed with 0 (and vice versa)
+-- Echo the result if verbose
+local function zalias(rpmvars, verbose)
+  for _, sfx in ipairs({{"","0"},{"0",""}}) do
+    for _, rpmvar in ipairs(rpmvars) do
+      local toalias = "%{?" .. rpmvar .. sfx[1] .. "}"
+      if (rpm.expand(toalias) ~= "") then
+        safeset(rpmvar .. sfx[2], toalias, verbose)
+      end
+    end
+  end
+end
+
+-- Takes a list of rpm variable roots and a suffix and alias current<root> to
+-- <root><suffix> if it resolves to something not empty
+local function setcurrent(rpmvars, suffix, verbose)
+  for _, rpmvar in ipairs(rpmvars) do
+    if (rpm.expand("%{?" .. rpmvar .. suffix .. "}") ~= "") then
+      explicitset(  "current" .. rpmvar, "%{" .. rpmvar .. suffix .. "}", verbose)
+    else
+      explicitunset("current" .. rpmvar,                                  verbose)
+    end
+  end
+end
+
+-- Echo the list of rpm variables, with suffix, if set
+local function echovars(rpmvars, suffix)
+  for _, rpmvar in ipairs(rpmvars) do
+    rpmvar = rpmvar .. suffix
+    local header = string.sub("  " .. rpmvar .. ":                                               ",1,21)
+    rpm.expand("%{?" .. rpmvar .. ":%{echo:" .. header .. "%{?" .. rpmvar .. "}}}")
+  end
+end
+
+-- Returns an array, indexed by suffix, containing the non-empy values of
+-- <rpmvar><suffix>, with suffix an integer string or the empty string
+local function getsuffixed(rpmvar)
+  local suffixes = {}
+  zalias({rpmvar})
+  for suffix=0,9999 do
+    local value = rpm.expand("%{?" .. rpmvar .. suffix .. "}")
+    if (value ~= "") then
+      suffixes[tostring(suffix)] = value
+    end
+  end
+  -- rpm convention is to alias no suffix to zero suffix
+  -- only add no suffix if zero suffix is different
+  local value = rpm.expand("%{?" .. rpmvar .. "}")
+  if (value ~= "") and (value ~= suffixes["0"]) then
+     suffixes[""] = value
+  end
+  return suffixes
+end
+
+-- Returns the list of suffixes, including the empty string, for which
+-- <rpmvar><suffix> is set to a non empty value
+local function getsuffixes(rpmvar)
+  suffixes = {}
+  for suffix in pairs(getsuffixed(rpmvar)) do
+    table.insert(suffixes,suffix)
+  end
+  table.sort(suffixes,
+             function(a,b) return (tonumber(a) or 0) < (tonumber(b) or 0) end)
+  return suffixes
+end
+
+-- Returns the suffix for which <rpmvar><suffix> has a non-empty value that
+-- matches best the beginning of the value string
+local function getbestsuffix(rpmvar, value)
+  local best         = nil
+  local currentmatch = ""
+  for suffix, setvalue in pairs(getsuffixed(rpmvar)) do
+  if (string.len(setvalue) > string.len(currentmatch)) and
+     (string.find(value, "^" .. setvalue)) then
+      currentmatch = setvalue
+      best         = suffix
+    end
+  end
+  return best
+end
+
+-- https://github.com/rpm-software-management/rpm/issues/581
+-- Writes the content of a list of rpm variables to a macro spec file.
+-- The target file must contain the corresponding anchors.
+-- For example writevars("myfile", {"foo","bar"}) will replace:
+--   @@FOO@@ with the rpm evaluation of %{foo} and
+--   @@BAR@@ with the rpm evaluation of %{bar}
+-- in myfile
+local function writevars(macrofile, rpmvars)
+  for _, rpmvar in ipairs(rpmvars) do
+    print("sed -i 's\029" .. string.upper("@@" .. rpmvar .. "@@") ..
+                   "\029" .. rpm.expand(  "%{" .. rpmvar .. "}" ) ..
+                   "\029g' " .. macrofile .. "\n")
+  end
+end
+
+-- https://github.com/rpm-software-management/rpm/issues/566
+-- Reformat a text intended to be used used in a package description, removing
+-- rpm macro generation artefacts.
+-- – remove leading and ending empty lines
+-- – trim intermediary empty lines to a single line
+-- – fold on spaces
+-- Should really be a %%{wordwrap:…} verb
+local function wordwrap(text)
+  text = rpm.expand(text .. "\n")
+  text = string.gsub(text, "\t",              "  ")
+  text = string.gsub(text, "\r",              "\n")
+  text = string.gsub(text, " +\n",            "\n")
+  text = string.gsub(text, "\n+\n",           "\n\n")
+  text = string.gsub(text, "^\n",             "")
+  text = string.gsub(text, "\n( *)[-*—][  ]+", "\n%1– ")
+  output = ""
+  for line in string.gmatch(text, "[^\n]*\n") do
+    local pos = 0
+    local advance = ""
+    for word in string.gmatch(line, "%s*[^%s]*\n?") do
+      local wl, bad = utf8.len(word)
+      if not wl then
+        print("%{warn: Invalid UTF-8 sequence detected in:\n" ..
+               word .. "\nIt may produce unexpected results.\n}")
+        wl = bad
+      end
+      if (pos == 0) then
+        advance, n = string.gsub(word, "^(%s*– ).*", "%1")
+        if (n == 0) then
+          advance = string.gsub(word, "^(%s*).*", "%1")
+        end
+        advance = string.gsub(advance, "– ", "  ")
+        pos = pos + wl
+      elseif  (pos + wl  < 81) or
+             ((pos + wl == 81) and string.match(word, "\n$")) then
+        pos = pos + wl
+      else
+        word = advance .. string.gsub(word, "^%s*", "")
+        output = output .. "\n"
+        pos = utf8.len(word)
+      end
+      output = output .. word
+      if pos > 80 then
+        pos = 0
+        if not string.match(word, "\n$") then
+          output = output .. "\n"
+        end
+      end
+    end
+  end
+  output = string.gsub(output, "\n*$", "\n")
+  return output
+end
+
+return {
+  explicitset   = explicitset,
+  explicitunset = explicitunset,
+  safeset       = safeset,
+  zalias        = zalias,
+  setcurrent    = setcurrent,
+  echovars      = echovars,
+  getsuffixed   = getsuffixed,
+  getsuffixes   = getsuffixes,
+  getbestsuffix = getbestsuffix,
+  writevars     = writevars,
+  wordwrap      = wordwrap,
+}

forge.lua

@@ -0,0 +1,299 @@
+-- Lua code used by macros.forge and derivatives
+
+-- Computes the suffix of a version string, removing vprefix if it matches
+-- For example with vprefix 1.2.3: 1.2.3.rc2 → .rc2 but 1.2.30 → 1.2.30 not 0
+local function getversionsuffix(vstring,vprefix)
+  if (string.sub(vstring, 1, #vprefix) == vprefix) and
+     (not string.match(string.sub(vstring, #vprefix + 1), "^%.?%d")) then
+    return string.sub(vstring, #vprefix + 1)
+  else
+    return vstring
+  end
+end
+
+-- Check if an identified url is sane
+local function checkforgeurl(url, id, silent)
+  local checkedurl  = nil
+  local checkedid   = nil
+  local urlpatterns = {
+    gitlab = {
+      pattern     = 'https://[^/]+/[^/]+/[^/#?]+',
+      description = 'https://(…[-.])gitlab[-.]…/owner/repo'},
+    pagure = {
+      pattern     = 'https://[^/]+/[^/#?]+',
+      description = 'https://pagure.io/repo'},
+    pagure_ns = {
+      pattern     = 'https://[^/]+/[^/]+/[^/#?]+',
+      description = 'https://pagure.io/namespace/repo'},
+    pagure_fork = {
+      pattern     = 'https://[^/]+/fork/[^/]+/[^/#?]+',
+      description = 'https://pagure.io/fork/owner/repo'},
+    pagure_ns_fork = {
+      pattern     = 'https://[^/]+/fork/[^/]+/[^/]+/[^/#?]+',
+      description = 'https://pagure.io/fork/owner/namespace/repo'},
+    github = {
+      pattern     = 'https://[^/]+/[^/]+/[^/#?]+',
+      description = 'https://(…[-.])github[-.]…/owner/repo'},
+    ["code.googlesource.com"] = {
+      pattern     = 'https://code.googlesource.com/[^#?]*[^/#?]+',
+      description = 'https://code.googlesource.com/…/repo'},
+    ["bitbucket.org"] = {
+      pattern     = 'https://[^/]+/[^/]+/[^/#?]+',
+      description = 'https://bitbucket.org/owner/repo'}}
+  if (urlpatterns[id] ~= nil) then
+    checkedurl = string.match(url,urlpatterns[id]["pattern"])
+    if (checkedurl == nil) then
+      if not silent then
+        rpm.expand("%{error:" .. id .. " URLs must match " .. urlpatterns[id]["description"] .. " !}")
+      end
+    else
+      checkedid = id
+    end
+  end
+  return checkedurl, checkedid
+end
+
+-- Check if an url matches a known forge
+local function idforge(url, silent)
+  local forgeurl = nil
+  local forge    = nil
+  if (url ~= "") then
+    forge = string.match(url, "^[^:]+://([^/]+)/")
+    if (forge == nil) then
+      if not silent then
+        rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !}")
+      end
+    else
+      if (forge == "pagure.io") then
+        if     string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+/[^/]+") then
+          forge = "pagure_ns_fork"
+        elseif string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+") then
+          forge = "pagure_fork"
+        elseif  string.match(url, "[^:]+://pagure.io/[^/]+/[^/]+") then
+          forge = "pagure_ns"
+        elseif  string.match(url, "[^:]+://pagure.io/[^/]+") then
+          forge = "pagure"
+        end
+      elseif (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
+        forge = "gitlab"
+      elseif (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
+        forge = "github"
+      end
+      forgeurl, forge = checkforgeurl(url, forge, silent)
+    end
+  end
+  return forgeurl, forge
+end
+
+-- The forgemeta macro main processing function
+-- See the documentation in the macros.forge file for argument description
+-- Also called directly by gometa
+local function meta(suffix, verbose, informative, silent)
+  local fedora = require "fedora.common"
+  local ismain = (suffix == "") or (suffix == "0")
+  if ismain then
+    fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
+                      "archivename", "archiveext", "archiveurl",
+                      "topdir", "extractdir", "repo", "owner", "namespace",
+                      "scm", "tag", "commit", "shortcommit", "branch", "version",
+                      "date", "distprefix"}, verbose)
+  end
+  local variables = {
+    default = {
+      scm         = "git",
+      archiveext  = "tar.bz2",
+      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
+      archivename = "%{repo"         .. suffix .. "}-%{ref"           .. suffix .. "}",
+      topdir      = "%{archivename"  .. suffix .. "}" },
+    gitlab = {
+      archiveurl  = "%{forgeurl"     .. suffix .. "}/-/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
+    pagure = {
+      archiveext  = "tar.gz",
+      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
+      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
+    pagure_ns = {
+      archiveext  = "tar.gz",
+      namespace   = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/]+)/[^/?#]+"))}',
+      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
+      archivename = "%{namespace"    .. suffix .. "}-%{repo"          .. suffix .. "}-%{ref"         .. suffix .. "}",
+      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
+    pagure_fork = {
+      archiveext  = "tar.gz",
+      owner       = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/?#]+"))}',
+      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/?#]+)"))}',
+      archivename = "%{owner"        .. suffix .. "}-%{repo"          .. suffix .. "}-%{ref"         .. suffix .. "}",
+      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
+    pagure_ns_fork = {
+      owner       = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/]+/[^/?#]+"))}',
+      namespace   = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/]+)/[^/?#]+")}',
+      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/[^/]+/([^/?#]+)")}',
+      archivename = "%{owner"        .. suffix .. "}-%{namespace"     .. suffix .. "}-%{repo"        .. suffix .. "}-%{ref"        .. suffix .. "}",
+      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
+    github = {
+      archiveext  = "tar.gz",
+      archivename = "%{repo"         .. suffix .. "}-%{fileref"       .. suffix .. "}",
+      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
+    ["code.googlesource.com"] = {
+      archiveext  = "tar.gz",
+      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://.+/([^/?#]+)"))}',
+      archiveurl  = "%{forgeurl"     .. suffix .. "}/+archive/%{ref"  .. suffix .. "}.%{archiveext"  .. suffix .. "}",
+      topdir      = "" },
+    ["bitbucket.org"] = {
+      shortcommit = '%{lua:print(string.sub(rpm.expand("%{commit'     .. suffix .. '}"), 1, 12))}',
+      owner       = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
+      archivename = "%{owner"        .. suffix .. "}-%{repo"          .. suffix .. "}-%{shortcommit" .. suffix .. "}",
+      archiveurl  = "%{forgeurl"     .. suffix .. "}/get/%{ref"       .. suffix .. "}.%{archiveext"  .. suffix .. "}" } }
+  -- Packaging a moving branch is quite a bad idea, but since at least Gitlab
+  -- will treat branches and tags the same way better support branches explicitly
+  -- than have packagers hijack %{tag} to download branch states
+  local spec = {}
+  for _, v in ipairs({'forgeurl','tag','commit','branch','version'}) do
+    spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
+  end
+  -- Compute the reference of the object to fetch
+  local isrelease = false
+  if     (spec["tag"]     ~= "") then       ref = "%{?tag"     .. suffix .. "}"
+  elseif (spec["commit"]  ~= "") then       ref = "%{?commit"  .. suffix .. "}"
+  elseif (spec["branch"]  ~= "") then       ref = "%{?branch"  .. suffix .. "}"
+  else                                      ref = "%{?version" .. suffix .. "}"
+                                      isrelease = true
+  end
+  if (rpm.expand(ref) == "") then
+    if (suffix == "") then
+      rpm.expand("%{error:You need to define Version:, %{commit} or %{tag} before the macro invocation !}")
+    else
+      rpm.expand("%{error:You need to define %{version" .. suffix .. "}, %{commit" .. suffix .. "} or %{tag" .. suffix .. "} before the macro invocation !}")
+    end
+  end
+  local    forgeurl = spec["forgeurl"]
+  -- For backwards compatibility only
+  local expliciturl = rpm.expand("%{?-u*}")
+  if   (expliciturl ~= "") then
+    rpm.expand("%{warn:-u use in %%forgemeta is deprecated, use -z instead to select a separate set of rpm variables!}")
+           forgeurl = expliciturl
+  end
+  local forge
+  forgeurl,   forge = idforge(forgeurl, silent)
+  if (forge ~= nil) then
+    fedora.explicitset("forgeurl" .. suffix, forgeurl, verbose)
+    -- Custom processing of quirky forges that can not be handled with simple variables
+    if (forge == "github") then
+      -- Workaround the way GitHub injects "v"s before some version strings (but not all!)
+      -- To package one of the minority of sane GitHub projects that do not munge their version
+      -- strings set tag to %{version} in your spec
+      local fileref = ref
+      if (ref == "%{?version"  .. suffix .. "}") then
+        ref = "v" .. ref
+      elseif (fileref ~= "%{?commit" .. suffix .. "}") and
+             string.match(rpm.expand(fileref), "^v[%d]") then
+        fileref = string.gsub(rpm.expand(fileref), "^v", "")
+      elseif (string.match(rpm.expand(fileref), "/")) then
+        fileref = string.gsub(rpm.expand(fileref), "/", "-")
+      end
+      fedora.safeset("fileref" .. suffix, fileref, verbose)
+    elseif (forge == "code.googlesource.com") then
+      if (ref == "%{?version"  .. suffix .. "}") then
+        ref = "v" .. ref
+      end
+    elseif (forge == "bitbucket.org") then
+      if (spec["commit"] == "") then
+        rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!}")
+      end
+    end
+    fedora.safeset("ref" .. suffix, ref, verbose)
+    -- Mass setting of the remaining variables
+    for k,v in pairs(variables[forge]) do
+      fedora.safeset(k .. suffix, variables[forge][k], verbose)
+    end
+    for k,v in pairs(variables["default"]) do
+      if (variables[forge][k] == nil) then
+        fedora.safeset(k .. suffix, variables["default"][k], verbose)
+      end
+    end
+  end
+  -- Generic rules
+  for _, v in ipairs({'archiveurl','archivename','archiveext','topdir'}) do
+    spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
+  end
+  -- Source URL processing (computing the forgesource spec variable)
+  local forgesource = "%{archiveurl" .. suffix .. "}"
+  if (string.match(spec["archiveurl"], "/([^/]+)$") ~= spec["archivename"] .. "." .. spec["archiveext"]) then
+    forgesource     = "%{?archiveurl" .. suffix .. "}#/%{?archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}"
+  end
+  fedora.safeset("forgesource" .. suffix, forgesource, verbose)
+  -- Setup processing      (computing the forgesetup and extractdir variables)
+  local forgesetupargs = "-n %{extractdir" .. suffix .. "}"
+  local extractdir     = "%{topdir"        .. suffix .. "}"
+  if (spec["topdir"] == "") then
+    forgesetupargs     = "-c " .. forgesetupargs
+    extractdir         = "%{archivename"   .. suffix .. "}"
+  end
+  if not ismain then
+    if (spec["topdir"] ~= "") then
+      forgesetupargs = "-T -D -b " .. suffix .. " " .. forgesetupargs
+    else
+      forgesetupargs = "-T -D -a " .. suffix .. " " .. forgesetupargs
+    end
+  end
+  fedora.safeset("forgesetupargs" .. suffix, forgesetupargs, verbose)
+  fedora.safeset("extractdir"     .. suffix, extractdir, verbose)
+  -- dist processing       (computing the correct prefix for snapshots)
+  local distprefix = ""
+  if not isrelease then
+    distprefix = string.lower(rpm.expand(ref))
+    if     (ref == "%{?commit" .. suffix .. "}") then
+      distprefix = string.sub(distprefix, 1, 7)
+    elseif (ref ~= "%{?branch" .. suffix .. "}") then
+      distprefix = string.gsub(distprefix,      "[%p%s]+", ".")
+      distprefix = string.gsub(distprefix, "^" .. string.lower(rpm.expand("%{?repo}")) .. "%.?", "")
+      local    v = string.gsub(rpm.expand("%{version}"), "[%p%s]+", ".")
+      for _, p in ipairs({'','v','v.','version','version.','tags.v', 'tags.v.'}) do
+        distprefix = getversionsuffix(distprefix, p .. v)
+      end
+      distprefix = string.gsub(distprefix, "^%.", "")
+    end
+    if (distprefix ~= "") then
+      distprefix = "%{scm"     .. suffix .. "}" .. distprefix
+      date = rpm.expand("%{?date" .. suffix .. "}")
+      if (date ~= "") then
+        distprefix = date .. distprefix
+      else
+        distprefix = "%([ -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "})" .. distprefix
+      end
+      distprefix = "." .. distprefix
+    end
+  end
+  if (spec["version"] ~= "") and
+     (spec["version"] ~= "0") and
+     (spec["version"] ~= rpm.expand("%{?version}")) then
+    distprefix = ".%{version" .. suffix .. "}" .. distprefix
+  end
+  if (rpm.expand(distprefix) ~= "") then
+    if not ismain then
+      distprefix = string.gsub(distprefix, "^%.", ".s")
+    end
+    fedora.safeset ("distprefix"    .. suffix, distprefix, verbose)
+  end
+  if ismain then
+    fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
+                      "archivename", "archiveext", "archiveurl",
+                      "topdir", "extractdir", "repo", "owner", "namespace",
+                      "scm", "shortcommit", "distprefix"}, verbose)
+  end
+  -- Final spec variable summary if the macro was called with -i
+  if informative then
+    rpm.expand("%{echo:Packaging variables read or set by %%forgemeta}")
+    fedora.echovars({"forgeurl", "forgesource", "forgesetupargs",
+                        "archivename", "archiveext", "archiveurl",
+                        "topdir", "extractdir", "repo", "owner", "namespace",
+                        "scm", "tag", "commit", "shortcommit", "branch", "version",
+                        "date", "distprefix"}, suffix)
+    fedora.echovars({"dist"},"")
+    rpm.expand("%{echo:  (snapshot date is either manually supplied or computed once %%{_sourcedir}/%%{archivename" .. suffix .. "}.%%{archiveext" .. suffix .. "} is available)}")
+  end
+end
+
+return {
+  meta = meta,
+}
+

gpgverify

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
+#
+# This material is provided as is, with absolutely no warranty expressed
+# or implied. Any use is at your own risk.
+#
+# Permission is hereby granted to use or copy this shellscript
+# for any purpose, provided the above notices are retained on all copies.
+# Permission to modify the code and to distribute modified code is granted,
+# provided the above notices are retained, and a notice that the code was
+# modified is included with the above copyright notice.
+
+
+function print_help {
+    cat <<'EOF'
+Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
+
+gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
+verifies a file against a detached OpenPGP signature and a keyring. The keyring
+shall contain all the keys that are trusted to certify the authenticity of the
+file, and must not contain any untrusted keys.
+
+The differences, compared to invoking gpgv directly, are that gpgverify accepts
+the keyring in either ASCII-armored or unarmored form, and that it will not
+accidentally use a default keyring in addition to the specified one.
+
+Parameters:
+  --keyring=<pathname>    keyring with all the trusted keys and no others
+  --signature=<pathname>  detached signature to verify
+  --data=<pathname>       file to verify against the signature
+EOF
+}
+
+
+fatal_error() {
+    message="$1"  # an error message
+    status=$2     # a number to use as the exit code
+    echo "gpgverify: $message" >&2
+    exit $status
+}
+
+
+require_parameter() {
+    term="$1"   # a term for a required parameter
+    value="$2"  # Complain and terminate if this value is empty.
+    if test -z "${value}" ; then
+        fatal_error "No ${term} was provided." 2
+    fi
+}
+
+
+check_status() {
+    action="$1"  # a string that describes the action that was attempted
+    status=$2    # the exit code of the command
+    if test $status -ne 0 ; then
+        fatal_error "$action failed." $status
+    fi
+}
+
+
+# Parse the command line.
+keyring=
+signature=
+data=
+for parameter in "$@" ; do
+    case "${parameter}" in
+        (--help)
+            print_help
+            exit
+            ;;
+        (--keyring=*)
+            keyring="${parameter#*=}"
+            ;;
+        (--signature=*)
+            signature="${parameter#*=}"
+            ;;
+        (--data=*)
+            data="${parameter#*=}"
+            ;;
+        (*)
+            fatal_error "Unknown parameter: \"${parameter}\"" 2
+            ;;
+    esac
+done
+require_parameter 'keyring' "${keyring}"
+require_parameter 'signature' "${signature}"
+require_parameter 'data file' "${data}"
+
+# Make a temporary working directory.
+workdir="$(mktemp --directory)"
+check_status 'Making a temporary directory' $?
+workring="${workdir}/keyring.gpg"
+
+# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
+# ASCII-armored.
+gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
+check_status 'Decoding the keyring' $?
+
+# Verify the signature using the decoded keyring.
+gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
+check_status 'Signature verification' $?
+
+# (--homedir isn't actually necessary. --dearmor processes only the input file,
+# and if --keyring is used and contains a slash, then gpgv2 uses only that
+# keyring. Thus neither command will look for a default keyring, but --homedir
+# makes extra double sure that no default keyring will be touched in case
+# another version of GPG works differently.)
+
+# Clean up. (This is not done in case of an error that may need inspection.)
+rm --recursive --force ${workdir}

kmod.prov

@@ -1,17 +1,28 @@
 #!/bin/sh +x
+# Kernel build can have many thousands of modules.
+# kmod.prov is run for every one of them.
+# Try to make this script run as fast as we can.
+# For example, use shell string ops instead of external programs
+# where possible.
 
 IFS=$'\n'
 
-for i in $(grep -E '(/lib/modules/.*\.ko|/lib/modules/.*/modules.builtin)');
-do
-	kmod=$(basename $i | sed -e 's/.[xg]z//');
+read -r fname || exit
 
-	if [ $kmod == "modules.builtin" ]; then
-		for j in $(cat $i); do
-			j=$(basename $j);
-			echo "kmod($j)"
-		done
-	else
-		echo "kmod($kmod)"
-	fi
-done
+# Only process files from .../lib/modules/... subtree
+[ "${fname#*/lib/modules/*}" != "$fname" ] || exit 0
+
+kmod=${fname##*/}  # like basename, but faster
+
+if [ "$kmod" = "modules.builtin" ]; then
+        for j in $(cat -- "$fname"); do
+                echo "kmod(${j##*/})"
+        done
+        exit 0
+fi
+
+kmod=${kmod%.gz}
+kmod=${kmod%.xz}
+if [ "${kmod%.ko}" != "$kmod" ]; then
+        echo "kmod($kmod)"
+fi

macros

@@ -18,6 +18,8 @@
 
 %_fmoddir		%{_libdir}/gfortran/modules
 
+%source_date_epoch_from_changelog 1
+
 %_enable_debug_packages 1
 %_include_minidebuginfo 1
 %_include_gdb_index     1
@@ -50,12 +52,30 @@
 # variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
 # not been set already.  RPM_OPT_FLAGS and RPM_LD_FLAGS have already
 # been set implicitly at the start of the %%build section.
+# LT_SYS_LIBRARY_PATH is used by libtool script.
 %set_build_flags \
   CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
   CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
   FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
   FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
-  LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS
+  LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
+  LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH
+
+# Internal-only.  Do not use.  Expand a variable and strip the flags
+# not suitable to extension builders.
+%__extension_strip_flags() %{lua:
+local name = rpm.expand("%{1}")
+local value = " " .. rpm.expand("%{build_" .. name .. "}")
+local result = string.gsub(value, "%s+-specs=[^%s]+", " ")
+print(result)
+}
+
+# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
+# extension builders.
+%extension_cflags %{__extension_strip_flags cflags}
+%extension_cxxflags %{__extension_strip_flags cxxflags}
+%extension_fflags %{__extension_strip_flags fflags}
+%extension_ldflags %{__extension_strip_flags ldflags}
 
 # Deprecated names.  For backwards compatibility only.
 %__global_cflags %{build_cflags}
@@ -101,19 +121,6 @@
 	--mandir=%{_mandir} \\\
 	--infodir=%{_infodir}
 
-# Maximum number of CPU's to use when building, 0 for unlimited.
-#
-# This was for some time capped at 16.  Please see
-# https://bugzilla.redhat.com/show_bug.cgi?id=669638 and
-# https://bugzilla.redhat.com/show_bug.cgi?id=1384938 for the situation
-# surrounding this.
-#%_smp_ncpus_max 0
-%_smp_mflags %([ -z "$RPM_BUILD_NCPUS" ] \\\
-	&& RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`"; \\\
-        ncpus_max=%{?_smp_ncpus_max}; \\\
-        if [ -n "$ncpus_max" ] && [ "$ncpus_max" -gt 0 ] && [ "$RPM_BUILD_NCPUS" -gt "$ncpus_max" ]; then RPM_BUILD_NCPUS="$ncpus_max"; fi; \\\
-        if [ "$RPM_BUILD_NCPUS" -gt 1 ]; then echo "-j$RPM_BUILD_NCPUS"; fi)
-
 #==============================================================================
 # ---- Build policy macros.
 #
@@ -139,9 +146,10 @@
 %__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
 %__brp_compress /usr/lib/rpm/brp-compress
 %__brp_strip /usr/lib/rpm/brp-strip %{__strip}
+%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
 %__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
 %__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
-%__brp_python_bytecompile /usr/lib/rpm/brp-python-bytecompile "%{__python}" "%{?_python_bytecompile_errors_terminate_build}" "%{?_python_bytecompile_extra}"
+%__brp_python_bytecompile /usr/lib/rpm/redhat/brp-python-bytecompile "%{__python}" "%{?_python_bytecompile_errors_terminate_build}" "%{?_python_bytecompile_extra}"
 %__brp_python_hardlink /usr/lib/rpm/brp-python-hardlink
 # __brp_mangle_shebangs_exclude - shebangs to exclude
 # __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
@@ -156,6 +164,7 @@
     %{?__brp_strip} \
     %{?__brp_strip_comment_note} \
     } \
+    %{?__brp_strip_lto} \
     %{?__brp_strip_static_archive} \
     %{?py_auto_byte_compile:%{?__brp_python_bytecompile}} \
     %{?__brp_python_hardlink} \
@@ -184,14 +193,14 @@
 ## Should python bytecompilation errors terminate a build?
 %_python_bytecompile_errors_terminate_build 1
 ## Should python bytecompilation compile outisde python specific directories?
-%_python_bytecompile_extra 1
+%_python_bytecompile_extra 0
 
 # Use SHA-256 for FILEDIGESTS instead of default MD5
 %_source_filedigest_algorithm 8
 %_binary_filedigest_algorithm 8
 
-# Use XZ compression for binary payloads
-%_binary_payload w2.xzdio
+# Use Zstandard compression for binary payloads
+%_binary_payload w19.zstdio
 
 %_hardening_cflags	-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
 # we don't escape symbols '~', '"', etc. so be careful when changing this
@@ -219,11 +228,11 @@
 %_ld_symbols_flags		%{?_ld_strict_symbol_defs:-Wl,-z,defs}
 
 # https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
-# use "%define _ld_as_needed 1" to enable.
-#%_ld_as_needed		1
+# use "%undefine _ld_as_needed" to disable.
+%_ld_as_needed		1
 %_ld_as_needed_flags	%{?_ld_as_needed:-Wl,--as-needed}
 
-%__global_compiler_flags	-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags}
+%__global_compiler_flags	-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags}%{?_legacy_common_support: -fcommon}
 
 # Automatically trim changelog entries after 2 years
 %_changelog_trimtime	%{lua:print(os.time() - 2 * 365 * 86400)}
@@ -260,3 +269,6 @@
 %global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
 %global __find_requires /bin/sh -c "%{?__filter_req_cmd}  %{__deploop R} %{?__filter_from_req}" \
 }
+
+# Temporary shelter for rpm 4.15 refugees
+%requires_eq()  %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")

macros.fedora-misc

@@ -0,0 +1,61 @@
+# Some miscellaneous Fedora-related macros
+
+# List files matching inclusion globs, excluding files matching exclusion blogs
+# Optional parameters:
+#  – -i "<globs>" inclusion globs
+#  – -x "<globs>" exclusion globs
+# Globs are space-separated lists of shell globs. Such lists require %{quote:}
+# use for safe rpm argument passing.
+# Alternatively, set the following rpm variables before calling the macro:
+#  – “listfiles_include” inclusion globs
+#  — “listfiles_exclude” exclusion globs
+# Arguments passed to the macro without flags will be interpreted as inclusion
+# globs.
+%listfiles(i:x:) %{expand:
+%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
+  listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
+  %if  %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
+    while IFS= read -r finc ; do
+      realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
+        | sort -u | grep -q "${finc}" || echo "${finc}"
+    done <<< "${listfiles_include}"
+  %else
+    echo "${listfiles_include}"
+  %endif
+%endif
+}
+
+# https://github.com/rpm-software-management/rpm/issues/581
+# Write the contents of a list of rpm variables to a macro file.
+# The target file must contain the corresponding anchors.
+# For example %writevars -f myfile foo bar will replace:
+#  @@FOO@@ with the rpm evaluation of %{foo} and
+#  @@BAR@@ with the rpm evaluation of %{bar}
+# in myfile
+%writevars(f:) %{lua:
+local    fedora = require "fedora.common"
+local macrofile = rpm.expand("%{-f*}")
+local   rpmvars = {}
+for i = 1, rpm.expand("%#") do
+  table.insert(rpmvars, rpm.expand("%" .. i))
+end
+fedora.writevars(macrofile,rpmvars)
+}
+
+# gpgverify verifies signed sources. There is documentation in the script.
+%gpgverify(k:s:d:) %{lua:
+local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
+local keyring = rpm.expand("%{-k*}")
+local signature = rpm.expand("%{-s*}")
+local data = rpm.expand("%{-d*}")
+print(script)
+if keyring ~= "" then
+  print(rpm.expand("--keyring='%{SOURCE" .. keyring ..  "}' "))
+end
+if signature ~= "" then
+  print(rpm.expand("--signature='%{SOURCE" .. signature ..  "}' "))
+end
+if data ~= "" then
+  print(rpm.expand("--data='%{SOURCE" .. data ..  "}' "))
+end
+}

macros.fedora-misc-srpm

@@ -6,3 +6,17 @@
 # A directory for appdata metainfo.  This has changed between releases so a
 # macro is useful.
 %_metainfodir %{_datadir}/metainfo
+
+# A directory for SWID tag files describing the installation
+%_swidtagdir %{_prefix}/lib/swidtag/fedoraproject.org
+
+# A helper to apply the fedora.wordwrap filter to the content of an rpm
+# variable, and print the result. Optional parameter:
+#  – -v <variable_name> (default value: _description)
+# Putting multiple lines of UTF-8 text inside a variable is usually
+# accomplished with a %%{expand: some_text}.
+%wordwrap(v:) %{lua:
+local   fedora = require "fedora.common"
+local variable = "%{" .. rpm.expand("%{-v*}%{!-v:_description}") .. "}"
+print(fedora.wordwrap(variable))
+}

macros.forge

@@ -4,10 +4,12 @@
 # The following spec variables SHOULD be set before calling the macro:
 #
 #   forgeurl  the project url on the forge, strongly recommended;
-#             alternatively, use -u <url>
 #   Version   if applicable, set it with Version: <version>
 #   tag       if applicable
 #   commit    if applicable
+#   date      if applicable (to override the mtime of the Source archive)
+#
+#  Use -z for multiple calls to the macro
 #
 # The macro will attempt to compute and set the following variables if they are
 # not already set by the packager:
@@ -19,264 +21,65 @@
 #   archiveext     the source archive filename extensions, without leading dot
 #   archiveurl     the url that can be used to download the source archive,
 #                  without renaming
+#   topdir         the source archive top directory (can be empty)
+#   extractdir     the source directory created inside %{_builddir} after using
+#                  %%forgesetup, %forgeautosetup or %{forgesetupargs}
+#   repo           the repository name
+#   owner          the repository owner (if used by another computed variable)
+#   shortcommit    the commit hash clamping used by the forge, if any
 #   scm            the scm type, when packaging code snapshots: commits or tags
+#   distprefix     the prefix that needs adding to dist to trace non-release packaging
 #
-# If the macro is unable to parse your forgeurl value set at least archivename
-# and archiveurl before calling it.
-#
-# Most of the computed variables are both overridable and optional. However,
-# the macro WILL REDEFINE %{dist} when packaging a snapshot (commit or tag).
-# The previous %{dist} value will be lost. Don’t call the macro if you don’t
-# wish %{dist} to be changed.
+# Most of the computed variables are both overridable and optional.
 #
 # Optional parameters:
-#   -u <url>  Ignore forgeurl even if it exists and use <url> instead. Note
-#             that the macro will still end up setting <url> as the forgeurl
-#             spec variable if it manages to parse it.
+#   -a          process all sources in one go, instead of using separate -z calls
+#   -z <number> suffix all the read and written variable names with <number>
+#               for example read     forgeurl<number>, version<number>…
+#                       and generate forgesetupargs<number>, archiveurl<number>…
+#               The macro assumes that null or nil suffix is used for the primary
+#               package source.
 #   -s  Silently ignore problems in forgeurl, use it if it can be parsed,
 #       ignore it otherwise.
-#   -p  Restore problem handling, override -s.
 #   -v  Be verbose and print every spec variable the macro sets.
 #   -i  Print some info about the state of spec variables the macro may use or
 #       set at the end of the processing.
-%forgemeta(u:spvi) %{lua:
-local forgeurl    = rpm.expand("%{?-u*}")
-if (forgeurl == "") then
-  forgeurl        = rpm.expand("%{?forgeurl}")
-end
-local silent      = false
-local verbose     = false
-local informative = false
-if (rpm.expand("%{?-s}") ~= "") then
-  silent          = true
-end
-if (rpm.expand("%{?-p}") ~= "") then
-  silent          = false
-end
-if (rpm.expand("%{?-v}") ~= "") then
-  verbose         = true
-end
-if (rpm.expand("%{?-i}") ~= "") then
-  informative     = true
-end
-local tag         = rpm.expand("%{?tag}")
-local commit      = rpm.expand("%{?commit}")
--- Be explicit about the spec variables we’re setting
-local function explicitset(rpmvariable,value)
-  rpm.define(rpmvariable .. " " .. value)
-  if verbose then
-    rpm.expand("%{echo:Setting %%{" .. rpmvariable .. "} = " .. value .. "\\n}")
+%forgemeta(az:sviu:) %{lua:
+local      fedora = require "fedora.common"
+local       forge = require "fedora.srpm.forge"
+local     verbose =  rpm.expand("%{-v}") ~= ""
+local informative =  rpm.expand("%{-i}") ~= ""
+local      silent =  rpm.expand("%{-s}") ~= ""
+local  processall = (rpm.expand("%{-a}") ~= "") and (rpm.expand("%{-z}") == "")
+if processall then
+  for _,s in pairs(fedora.getsuffixes("forgeurl")) do
+    forge.meta(s,verbose,informative,silent)
   end
-end
--- Never ever stomp on a spec variable the packager already set
-local function safeset(rpmvariable,value)
-  if (rpm.expand("%{?" .. rpmvariable .. "}") == "") then
-    explicitset(rpmvariable,value)
-  end
-end
--- Set spec variable values for each known software publishing service
-if (forgeurl ~= "") then
-  local forge          = string.match(forgeurl, "^[^:]+://([^/]+)/")
-  if (forge == nil) then
-    if not silent then
-      rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !\\n}")
-    end
-  else
-    if (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
-      forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
-      if (forgeurl == nil) then
-        if not silent then
-          rpm.expand("%{error:Gitlab URLs must match https://(…[-.])gitlab[-.]…/owner/repo !\\n}")
-        end
-      else
-        explicitset("forgeurl",   forgeurl)
-        if (commit == "") then
-          rpm.expand("%{error:All Gitlab URLs require commit value knowledge: you need to define %{commit}!\\nPlease vote on https://gitlab.com/gitlab-org/gitlab-ce/issues/38830\\n}")
-        end
-        safeset("archiveext",     "tar.bz2")
-        safeset("forgesetupargs", "-n %{archivename}")
-        if (commit ~= "") or (tag ~= "") then
-          safeset("scm", "git")
-        end
-        local owner   = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
-        local repo    = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
-        local version = rpm.expand("%{?version}")
-        if (version ~= "") and (version ~= "0") and (tag == "") then
-          -- GitLab does not have strong versionning semantics
-          -- Some projects use "version" as release tag, others "v" + "version"
-          -- Tag value needs to be explicitly declared before calling the macro
-          -- in the second case
-          tag = version
-          safeset("tag", tag)
-        end
-        if (tag ~= "") then
-          safeset("archivename", repo .. "-%{tag}-%{commit}")
-          safeset("archiveurl",  "%{forgeurl}/repository/%{tag}/archive.%{archiveext}")
-        else
-          safeset("archivename", repo .. "-%{commit}")
-          safeset("archiveurl",  "%{forgeurl}/repository/%{commit}/archive.%{archiveext}")
-        end
-      end
-    end
-    if (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
-      forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
-      if (forgeurl == nil) then
-        if not silent then
-          rpm.expand("%{error:GitHub URLs must match https://(…[-.])github[-.]…/owner/repo !\\n}")
-        end
-      else
-        explicitset("forgeurl",   forgeurl)
-        safeset("archiveext",     "tar.gz")
-        local forgesetupargs = "-n %{archivename}"
-        if (commit ~= "") or (tag ~= "") then
-          safeset("scm", "git")
-        end
-        local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
-        local repo  = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
-        if (tag ~= "") then
-          -- if upstream used a version suffix such as -rc1 or -beta it will not
-          -- be a valid version string for rpm but github will accept it fine and
-          -- use the same naming as for other versions: v prefix in the tag and
-          -- archivename, no v prefix in the topdir naming inside the archive
-          local version = rpm.expand("%{?version}")
-          if version ~= "" and
-             (string.match(tag, "^v" .. version .. "[^%d]") or
-              string.match(tag, "^v" .. version .. "$"))    then
-            forgesetupargs = "-n " .. repo .. "-" .. string.gsub(tag, "^v", "")
-          end
-          safeset("archivename",   repo .. "-%{tag}")
-          safeset("archiveurl",    "%{forgeurl}/archive/%{tag}.%{archiveext}")
-        else
-          if (commit ~= "") then
-            safeset("archivename", repo .. "-%{commit}")
-            safeset("archiveurl",  "%{forgeurl}/archive/%{commit}/" .. repo .. "-%{commit}.%{archiveext}")
-          else
-            safeset("archivename", repo .. "-%{version}")
-            safeset("archiveurl",   "%{forgeurl}/archive/v%{version}.%{archiveext}")
-          end
-        end
-        safeset("forgesetupargs", forgesetupargs)
-      end
-    end
-    if (forge == "code.googlesource.com") then
-      forgeurl = string.match(forgeurl, "https://code.googlesource.com/[^#?]*[^/#?]+")
-      if (forgeurl == nil) then
-        if not silent then
-          rpm.expand("%{error:Googlesource URLs must match https://code.googlesource.com/…/repo !\\n}")
-        end
-      else
-        explicitset("forgeurl",   forgeurl)
-        safeset("archiveext",     "tar.gz")
-        safeset("forgesetupargs", "-c")
-        if (commit ~= "") or (tag ~= "") then
-          safeset("scm", "git")
-        end
-        local repo = string.match(forgeurl, "^[^:]+://.+/([^/?#]+)")
-        if (tag ~= "") then
-          safeset("archivename",   repo .. "-%{tag}")
-          safeset("archiveurl",    "%{forgeurl}/+archive/%{tag}.%{archiveext}")
-        else
-          if (commit ~= "") then
-            safeset("archivename", repo .. "-%{commit}")
-            safeset("archiveurl",  "%{forgeurl}/+archive/%{commit}.%{archiveext}")
-          else
-            safeset("archivename", repo .. "-v%{version}")
-            safeset("archiveurl",  "%{forgeurl}/+archive/v%{version}.%{archiveext}")
-          end
-        end
-      end
-    end
-    if (forge == "bitbucket.org") then
-      forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
-      if (forgeurl == nil) then
-        if not silent then
-          rpm.expand("%{error:BitBucket URLs must match https://bitbucket.org/owner/repo !\\n}")
-        end
-      else
-        explicitset("forgeurl",   forgeurl)
-        if (commit == "") then
-          rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!\\n}")
-        end
-        local shortcommit = string.sub(commit, 1, 12)
-        safeset("archiveext", "tar.bz2")
-        -- Default to git even though BitBucket allows choosing between several SCMs
-        -- Set scm to hg for example before calling the macro if your project does not use git
-        safeset("scm", "git")
-        local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
-        local repo  = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
-        safeset("archivename",    owner .. "-" .. repo .. "-" .. shortcommit)
-        safeset("forgesetupargs", "-n %{archivename}")
-        if (tag ~= "") then
-          safeset("archiveurl",  "%{forgeurl}/get/%{tag}.%{archiveext}")
-        else
-          safeset("archiveurl",  "%{forgeurl}/get/%{commit}.%{archiveext}")
-        end
-      end
-    end
-    if (forge == "pagure.io") then
-      if not silent then
-        rpm.expand("%{error:https://pagure.io/pagure/issue/861 needs to be resolved before the “pagure.io”\\nsoftware publishing service can be supported.\\n}")
-      end
-    end
-    -- Final tests to check forgeurl was successfuly parsed
-    if not silent then
-      if (rpm.expand("%{?archivename}") == "") or (rpm.expand("%{?archiveurl}") == "") then
-        rpm.expand("%{error:Automation for the “" .. forge .. "”\\nsoftware publishing service is not implemented yet.\\nPlease extend the %%forgemeta macro!\\n}")
-      end
-    end
-  end
-end
--- Set defaults if forgeurl is missing or does not parse
-local archivename = rpm.expand("%{?archivename}")
-safeset("archiveext",       "tar.gz")
-if (archivename ~= "") then
-  safeset("forgesetupargs", "-n %{archivename}")
-end
-if (commit ~= "") or (tag ~= "") then
-  safeset("scm",            "git")
-end
--- Source URL processing (computing the forgesource spec variable)
-local archiveurl  = rpm.expand("%{?archiveurl}")
-local archiveext  = rpm.expand("%{?archiveext}")
-if (archivename ~= "") and (archiveurl ~= "") then
-  if (string.match(archiveurl, "/([^/]+)$") == archivename .. "." .. archiveext) then
-    safeset("forgesource", "%{archiveurl}")
-  else
-    safeset("forgesource", "%{?archiveurl}#/%{?archivename}.%{archiveext}")
-  end
-end
--- dist processing (computing the correct pefix for snapshots)
-local distprefix = rpm.expand("%{?tag}")
-local version    = rpm.expand("%{?version}")
-if (distprefix == version) or (distprefix == "v" .. version) then
-  distprefix = ""
-end
-if (distprefix == "") then
-  distprefix = string.sub(rpm.expand("%{?commit}"), 1, 7)
-end
-if (distprefix ~= "") then
-  local dist = ".%([ -r %{_sourcedir}/%{archivename}.%{archiveext} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename}.%{archiveext})%{scm}" .. string.gsub(distprefix, "-",".") .. rpm.expand("%{?dist}")
-  explicitset("dist", dist)
-end
--- Final spec variable summary if the macro was called with -i
-if informative then
-  rpm.expand("%{echo:Forge-specific packaging variables\\n}")
-  rpm.expand("%{echo:  forgeurl:        %{?forgeurl}\\n}")
-  rpm.expand("%{echo:  forgesource:     %{?forgesource}\\n}")
-  rpm.expand("%{echo:  forgesetupargs:  %{?forgesetupargs}\\n}")
-  rpm.expand("%{echo:Generic variables\\n}")
-  rpm.expand("%{echo:  archivename:     %{?archivename}\\n}")
-  rpm.expand("%{echo:  archiveext:      %{?archiveext}\\n}")
-  rpm.expand("%{echo:  archiveurl:      %{?archiveurl}\\n}")
-  rpm.expand("%{echo:  scm:             %{?scm}\\n}")
-  rpm.expand("%{echo:  tag:             %{?tag}\\n}")
-  rpm.expand("%{echo:  commit:          %{?commit}\\n}")
-  rpm.expand("%{echo:  dist:            %{?dist} (snapshot date is computed once %%{_sourcedir}/%%{archivename}.%%{archiveext} is available)\\n}")
+else
+  forge.meta(rpm.expand("%{-z*}"),verbose,informative,silent)
 end
 }
 
 # Convenience macro to relay computed arguments to %setup
-%forgesetup(a:b:cDn:Tq) %setup %{?forgesetupargs} %{-a} %{-b} %{-c} %{-D} %{-n} %{-T} %{-q}
+# Optional parameters:
+#   -a          process all sources in one go, instead of using separate -z calls
+#   -z <number> read %{?forgesetupargs<number>}
+#   -v          be verbose
+%forgesetup(az:v) %{lua:
+local fedora = require "fedora.common"
+if (rpm.expand("%{-z}") == "") and (rpm.expand("%{-a}") ~= "") then
+  for _,s in pairs(fedora.getsuffixes("forgesetupargs")) do
+    print(rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. s                     .. "}\\n"))
+  end
+else
+  print(  rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n"))
+end
+}
 
 # Convenience macro to relay computed arguments to %autosetup
-%forgeautosetup(a:b:cDn:TvNS:p:) %autosetup %{?forgesetupargs} %{-a} %{-b} %{-c} %{-D} %{-n} %{-T} %{-v} %{-N} %{-S} %{-p}
+# Parameters relayed to %autosetup: -v -N -S -p
+# Optional parameters:
+#   -z <number> read %{?forgesetupargs<number>}
+%forgeautosetup(z:vNS:p:q) %{lua:
+print(rpm.expand("%autosetup %{-v} %{-N} %{?-S} %{?-p} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n"))
+}

macros.ldc-srpm

@@ -1,2 +1,2 @@
 # arches that ldc builds on
-%ldc_arches %{ix86} x86_64 %{arm}
+%ldc_arches %{ix86} x86_64 %{arm} aarch64

redhat-rpm-config.spec

@@ -6,7 +6,7 @@
 
 Summary: Red Hat specific rpm configuration files
 Name: redhat-rpm-config
-Version: 117
+Version: 153
 Release: 1%{?dist}
 # No version specified.
 License: GPL+
@@ -40,6 +40,7 @@ Source151: macros.kmp
 Source152: macros.vpath
 Source153: macros.forge
 Source154: macros.ldconfig
+Source155: macros.fedora-misc
 
 # Build policy scripts
 # this comes from https://github.com/rpm-software-management/rpm/pull/344
@@ -47,6 +48,10 @@ Source154: macros.ldconfig
 # and an echo when the mangling happens
 Source201: brp-mangle-shebangs
 
+# this comes from rpm itself
+# however, now we can do Fedora changes within
+Source202: brp-python-bytecompile
+
 # Dependency generator scripts (deprecated)
 Source300: find-provides
 Source301: find-provides.ksyms
@@ -60,6 +65,7 @@ Source400: dist.sh
 Source401: rpmsort
 Source402: symset-table
 Source403: kmodtool
+Source404: gpgverify
 
 # 2016-10-02 snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
 Source500: config.guess
@@ -72,6 +78,11 @@ Source602: libsymlink.attr
 
 # BRPs
 Source700: brp-ldconfig
+Source701: brp-strip-lto
+
+# Convenience lua functions
+Source800: common.lua
+Source801: forge.lua
 
 # Documentation
 Source900: buildflags.md
@@ -81,6 +92,7 @@ BuildRequires: perl-generators
 Requires: coreutils
 
 Requires: efi-srpm-macros
+Requires: fonts-srpm-macros
 Requires: fpc-srpm-macros
 Requires: ghc-srpm-macros
 Requires: gnat-srpm-macros
@@ -89,7 +101,8 @@ Requires: nim-srpm-macros
 Requires: ocaml-srpm-macros
 Requires: openblas-srpm-macros
 Requires: perl-srpm-macros
-Requires: python-srpm-macros
+# ↓ Provides compileall2 Python module
+Requires: python-srpm-macros >= 3-46
 Requires: rust-srpm-macros
 Requires: qt5-srpm-macros
 
@@ -135,6 +148,7 @@ install -p -m 444 -t %{buildroot}%{rrcdir} redhat-hardened-*
 install -p -m 444 -t %{buildroot}%{rrcdir} redhat-annobin-*
 install -p -m 755 -t %{buildroot}%{rrcdir} config.*
 install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh rpmsort symset-table kmodtool
+install -p -m 755 -t %{buildroot}%{rrcdir} gpgverify
 install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
 
 install -p -m 755 -t %{buildroot}%{rrcdir} find-*
@@ -150,12 +164,17 @@ mkdir -p %{buildroot}%{_fileattrsdir}
 install -p -m 644 -t %{buildroot}%{_fileattrsdir} *.attr
 install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov
 
+mkdir -p %{buildroot}%{_rpmluadir}/fedora/{rpm,srpm}
+install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
+install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora/srpm forge.lua
+
 %files
 %dir %{rrcdir}
 %{rrcdir}/macros
 %{rrcdir}/rpmrc
 %{rrcdir}/brp-*
 %{rrcdir}/dist.sh
+%{rrcdir}/gpgverify
 %{rrcdir}/redhat-hardened-*
 %{rrcdir}/redhat-annobin-*
 %{rrcdir}/config.*
@@ -169,6 +188,13 @@ install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov
 %{_rpmconfigdir}/macros.d/macros.forge
 %{_rpmconfigdir}/macros.d/macros.ldconfig
 %{_rpmconfigdir}/macros.d/macros.vpath
+%{_rpmconfigdir}/macros.d/macros.fedora-misc
+%dir %{_rpmluadir}/fedora
+%dir %{_rpmluadir}/fedora/srpm
+%dir %{_rpmluadir}/fedora/rpm
+%{_rpmluadir}/fedora/*.lua
+%{_rpmluadir}/fedora/srpm/*lua
+
 %doc buildflags.md
 
 %files -n kernel-rpm-macros
@@ -183,6 +209,128 @@ install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov
 %{_rpmconfigdir}/macros.d/macros.kmp
 
 %changelog
+* Thu Feb 20 2020 Jason L Tibbitts III <tibbs@math.uh.edu> - 153-1
+- Add dependency on fonts-srpm-macros, as those have now been approved by FPC.
+
+* Thu Feb 20 2020 Jeff Law <law@redhat.com> - 152-1
+- Use eu-elfclassify to only run strip on ELF relocatables
+  and archive libraries.
+
+* Fri Feb 14 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 151-1
+- Fixup parallel algorithm for brp-strip-lto
+
+* Fri Feb 14 2020 Jeff Law <law@redhat.com> - 150-1
+- Strip LTO sections/symbols from installed .o/.a files
+
+* Thu Jan 23 2020 Jeff Law <law@redhat.com> - 149-1
+- Allow conditionally adding -fcommon to CFLAGS by defining %%_legacy_common_support
+
+* Mon Jan 20 2020 Florian Weimer <fweimer@redhat.com> - 148-1
+- Reenable annobin after GCC 10 integration (#1792892)
+
+* Mon Jan 20 2020 Florian Weimer <fweimer@redhat.com> - 147-1
+- Temporarily disable annobin for GCC 10 (#1792892)
+
+* Thu Dec 05 2019 Denys Vlasenko <dvlasenk@redhat.com> - 146-1
+- kmod.prov: fix and speed it up
+
+* Tue Dec 03 15:48:18 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 145-1
+- %%set_build_flags: define LT_SYS_LIBRARY_PATH
+
+* Thu Nov 21 2019 Denys Vlasenko <dvlasenk@redhat.com> - 144-1
+- Speed up brp-mangle-shebangs.
+
+* Tue Nov 05 2019 Lumír Balhar <lbalhar@redhat.com> - 143-1
+- Fix brp-python-bytecompile with the new features from compileall2
+- Resolves: rhbz#1595265
+
+* Fri Nov 01 2019 Miro Hrončok <mhroncok@redhat.com> - 142-1
+- Fix the simple API of %%gpgverify.
+
+* Thu Aug 22 2019 Jason L Tibbitts III <tibbs@math.uh.edu> - 141-2
+- Simplify the API of %%gpgverify.
+
+* Thu Jul 25 2019 Richard W.M. Jones <rjones@redhat.com> - 140-2
+- Bump version and rebuild.
+
+* Sat Jul 20 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 140-1
+- Fixup python-srpm-macros version
+
+* Wed Jul 17 2019 Lumír Balhar <lbalhar@redhat.com> - 139-1
+- Use compileall2 Python module for byte-compilation in brp-python-bytecompile
+
+* Tue Jul 09 2019 Miro Hrončok <mhroncok@redhat.com> - 138-1
+- Move brp-python-bytecompile from rpm, so we can easily adapt it
+
+* Mon Jul 08 2019 Nicolas Mailhot <nim@fedoraproject.org> - 137-1
+- listfiles: make it robust against all kinds of “interesting” inputs
+- wordwrap: make list indenting smarter, to produce something with enough
+  structure that it can be converted into AppStream metadata
+
+* Mon Jul 08 2019 Robert-André Mauchin <zebob.m@gmail.com> - 136-1
+- Revert "Fix expansion in listfiles_exclude/listfiles_include"
+
+* Mon Jul 08 2019 Nicolas Mailhot <nim@fedoraproject.org> - 135-1
+- Fix expansion in listfiles_exclude/listfiles_include
+
+* Mon Jul 01 2019 Florian Festi <ffesti@redhat.com> - 134-1
+- Switch binary payload compression to Zstandard level 19
+
+* Thu Jun 27 2019 Vít Ondruch <vondruch@redhat.com> - 133-2
+- Enable RPM to set SOURCE_DATE_EPOCH environment variable.
+
+* Tue Jun 25 08:13:50 CEST 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 133-1
+- Expand listfiles_exclude/listfiles_include
+
+* Tue Jun 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 132-1
+- Remove perl macro refugees
+
+* Mon Jun 10 2019 Panu Matilainen <pmatilai@redhat.com> - 131-1
+- Provide temporary shelter for rpm 4.15 perl macro refugees
+
+* Tue Jun 04 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 130-1
+- New macro for wrapping text — %%wordwrap
+- Smal fix for %%listfiles with no arguments
+
+* Thu May 30 2019 Björn Persson <Bjorn@Rombobjörn.se> - 129-1
+- Added gpgverify.
+
+* Tue Jan 15 2019 Panu Matilainen <pmatilai@redhat.com> - 128-1
+- Drop redundant _smp_mflag re-definition, use the one from rpm instead
+
+* Thu Dec 20 2018 Florian Weimer <fweimer@redhat.com> - 127-1
+- Build flags: Add support for extension builders (#1543394)
+
+* Mon Dec 17 2018 Panu Matilainen <pmatilai@redhat.com> - 126-1
+- Silence the annoying warning from ldconfig brp-script (#1540971)
+
+* Thu Nov 15 2018 Miro Hrončok <mhroncok@redhat.com> - 125-1
+- Make automagic Python bytecompilation optional
+  https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2
+
+* Thu Nov 08 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 124-1
+- forge: add more distprefix cleaning (bz1646724)
+
+* Mon Oct 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 123-1
+- Add -q option to %%forgesetup
+
+* Sat Oct 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 122-1
+- Allow multiple calls to forge macros
+
+* Thu Oct 11 2018 Jan Pazdziora <jpazdziora@redhat.com> - 121-1
+- Add %_swidtagdir for directory for SWID tag files describing the
+  installation.
+
+* Mon Sep 10 2018 Miro Hrončok <mhroncok@redhat.com> - 120-1
+- Make ambiguous python shebangs error
+  https://fedoraproject.org/wiki/Changes/Make_ambiguous_python_shebangs_error
+
+* Mon Aug 20 2018 Kalev Lember <klember@redhat.com> - 119-1
+- Add aarch64 to ldc arches
+
+* Wed Aug 15 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 118-1
+- Enable --as-needed by default
+
 * Mon Jul 16 2018 Miro Hrončok <mhroncok@redhat.com> - 117-1
 - Mangle /bin shebnags to /usr/bin ones (#1581757)
 

rpmrc

@@ -76,7 +76,7 @@ optflags: s390x %{__global_compiler_flags} -m64 -march=zEC12 -mtune=z13 -fasynch
 
 optflags: aarch64 %{__global_compiler_flags} -fasynchronous-unwind-tables -fstack-clash-protection
 
-optflags: riscv64 %{__global_compiler_flags}
+optflags: riscv64 %{__global_compiler_flags} -fasynchronous-unwind-tables -fstack-clash-protection
 
 # set build arch to fedora buildarches on hardware capable of running it
 # saves having to do rpmbuild --target=