Add %_metainfodir macro, bump release.

With https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets
we try to remove ldconfig scriptlets, but it would make every package
look horrible with all those conditionals. So let's just wrap ldconfig
scriptlets into macro so it doesn't look that horrible and error-prone.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>

brp-ldconfig

@@ -1,13 +0,0 @@
-#!/bin/sh -efu
-# Force creating of DSO symlinks.
-
-# If using normal root, avoid changing anything.
-if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
-  exit 0
-fi
-
-# Create an empty config file for ldconfig to shut up a warning
-config=$(mktemp -p "$RPM_BUILD_ROOT")
-/sbin/ldconfig -f $(basename "$config") -N -r "$RPM_BUILD_ROOT"
-rm -f "$config"
-# TODO: warn if it created new symlinks and guide people.

brp-mangle-shebangs

@@ -1,158 +0,0 @@
-#!/bin/bash -eu
-
-# If using normal root, avoid changing anything.
-if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
-  exit 0
-fi
-
-exclude_files=""
-exclude_files_from=""
-exclude_shebangs=""
-exclude_shebangs_from=""
-
-usage() {
-  local verbose=$1 && shift
-  local outfile=$1 && shift
-  local status=$1 && shift
-
-  (
-    echo 'usage: brp-mangle-shebangs [--files <regexp>] [--files-from <file>] [--shebangs <regexp>] [--shebangs-from <file>]'
-    if [ "${verbose}" == "yes" ]; then
-      echo '  --files: extended regexp of files to ignore'
-      echo '  --files-from: file containing a list of extended regexps of files to ignore'
-      echo '  --shebangs: extended regexp of shebangs to ignore'
-      echo '  --shebangs-from: file containing a list of extended regexps of shebangs to ignore'
-    fi
-  ) >>${outfile}
-  exit ${status}
-}
-
-while [ $# -gt 0 ] ; do
-  case "$1" in
-    --files)
-      exclude_files="${2}"
-      shift
-      ;;
-    --files=*)
-      exclude_files="${1##--files=}"
-      ;;
-    --files-from)
-      exclude_files_from="${2}"
-      shift
-      ;;
-    --files-from=*)
-      exclude_files_from="${1##--files-from=}"
-      ;;
-    --shebangs)
-      exclude_shebangs="${2}"
-      shift
-      ;;
-    --shebangs=*)
-      exclude_shebangs="${1##--shebangs=}"
-      ;;
-    --shebangs-from)
-      exclude_shebangs_from="${2}"
-      shift
-      ;;
-    --shebangs-from=*)
-      exclude_shebangs_from="${1##--shebangs-from=}"
-      ;;
-    --help|--usage|"-?"|-h)
-      usage yes /dev/stdout 0
-      ;;
-    *)
-      echo "Unknown option \"${1}\"" 1>&2
-      usage no /dev/stderr 1
-      ;;
-  esac
-  shift
-done
-
-cd "$RPM_BUILD_ROOT"
-
-# Large packages such as kernel can have thousands of executable files.
-# We take care to not fork/exec thousands of "file"s and "grep"s,
-# but run just two of them.
-# (Take care to exclude filenames which would mangle "file" output).
-find -executable -type f ! -path '*:*' ! -path $'*\n*' \
-| file -N --mime-type -f - \
-| grep -P ".+(?=: text/)" \
-| {
-fail=0
-while IFS= read -r line; do
-  f=${line%%:*}
-
-  # Remove the dot
-  path="${f#.}"
-
-  if [ -n "$exclude_files" ]; then
-    echo "$path" | grep -q -E "$exclude_files" && continue
-  fi
-  if [ -n "$exclude_files_from" ]; then
-    echo "$path" | grep -q -E -f "$exclude_files_from" && continue
-  fi
-
-
-  read shebang_line < "$f"
-  orig_shebang="${shebang_line#\#!}"
-  if [ "$orig_shebang" = "$shebang_line" ]; then
-    echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit"
-    ts=$(stat -c %y "$f")
-    chmod -x "$f"
-    touch -d "$ts" "$f"
-    continue
-  fi
-
-  # Trim spaces
-  while shebang="${orig_shebang//  / }"; [ "$shebang" != "$orig_shebang" ]; do
-    orig_shebang="$shebang"
-  done
-  # Treat "#! /path/to " as "#!/path/to"
-  orig_shebang="${orig_shebang# }"
-
-  shebang="$orig_shebang"
-
-  if [ -z "$shebang" ]; then
-    echo >&2 "*** WARNING: $f is executable but has empty shebang, removing executable bit"
-    ts=$(stat -c %y "$f")
-    chmod -x "$f"
-    touch -d "$ts" "$f"
-    continue
-  fi
-  if [ -n "${shebang##/*}" ]; then
-    echo >&2 "*** ERROR: $f has shebang which doesn't start with '/' ($shebang)"
-    fail=1
-    continue
-  fi
-
-  if ! { echo "$shebang" | grep -q -P "^/(?:usr/)?(?:bin|sbin)/"; }; then
-    continue
-  fi
-
-  # Replace "special" env shebang:
-  # /whatsoever/env /whatever/foo → /whatever/foo
-  shebang=$(echo "$shebang" | sed -r -e 's@^(.+)/env /(.+)$@/\2@')
-  # /whatsoever/env foo → /whatsoever/foo
-  shebang=$(echo "$shebang" | sed -r -e 's@^(.+/)env (.+)$@\1\2@')
-
-  # If the shebang now starts with /bin, change it to /usr/bin
-  # https://bugzilla.redhat.com/show_bug.cgi?id=1581757
-  shebang=$(echo "$shebang" | sed -r -e 's@^/bin/@/usr/bin/@')
-
-  # Replace ambiguous python with python2
-  py_shebang=$(echo "$shebang" | sed -r -e 's@/usr/bin/python(\s|$)@/usr/bin/python2\1@')
-
-  if [ "$shebang" != "$py_shebang" ]; then
-    echo >&2 "*** ERROR: ambiguous python shebang in $path: #!$orig_shebang. Change it to python3 (or python2) explicitly."
-    fail=1
-  elif [ "#!$shebang" != "#!$orig_shebang" ]; then
-    echo "mangling shebang in $path from $orig_shebang to #!$shebang"
-    ts=$(stat -c %y "$f")
-    sed -i -e "1c #!$shebang" "$f"
-    touch -d "$ts" "$f"
-  fi
-
-done
-
-exit $fail
-}

brp-python-bytecompile

@@ -1,144 +0,0 @@
-#!/bin/bash
-errors_terminate=$2
-extra=$3
-
-# If using normal root, avoid changing anything.
-if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
-	exit 0
-fi
-
-# Figure out how deep we need to descend.  We could pick an insanely high
-# number and hope it's enough, but somewhere, somebody's sure to run into it.
-depth=`(find "$RPM_BUILD_ROOT" -type f -name "*.py" -print0 ; echo /) | \
-       xargs -0 -n 1 dirname | sed 's,[^/],,g' | sort -u | tail -n 1 | wc -c`
-if [ -z "$depth" -o "$depth" -le "1" ]; then
-	exit 0
-fi
-
-# This function now implements Python byte-compilation in two different ways:
-# Python >= 3.4 uses a new module compileall2 - https://github.com/fedora-python/compileall2
-# Python < 3.4 (inc. Python 2) uses compileall module from stdlib with some hacks
-# When we drop support for Python 2, we'd be able to use all compileall2 features like:
-# - -s and -p options to manipulate with a path baked into pyc files instead of $real_libdir
-# - -o 0 -o 1 to produce multiple files in one run - each with a different optimization level - instead of $options
-# - removed useless $depth - both compileall and compileall2 are limited by sys.getrecursionlimit()
-# These changes will make this script much simpler
-function python_bytecompile()
-{
-    local options=$1
-    local python_binary=$2
-    local exclude=$3
-    local python_libdir=$4
-    local depth=$5 # Not used for Python >= 3.4
-    local real_libdir=$6 # Not used for Python >= 3.4
-
-	python_version=$($python_binary -c "import sys; sys.stdout.write('{0.major}{0.minor}'.format(sys.version_info))")
-
-	#
-	# Python 3.4 and higher
-	#
-	if [ "$python_version" -ge 34 ]; then
-
-		[ ! -z $exclude ] && exclude="-x '$exclude'"
-		# /usr/lib/rpm/redhat/ contains compileall2 Python module
-		# -q disables verbose output
-		# -f forces the process to overwrite existing compiled files
-		# -x excludes paths defined by regex
-		# -e excludes symbolic links pointing outside the build root
-		# -x and -e together implements the same functionality as the Filter class below
-		# -s strips $RPM_BUILD_ROOT from the path
-		# -p prepends the leading slash to the path to make it absolute
-		PYTHONPATH=/usr/lib/rpm/redhat/ $python_binary -B $options -m compileall2 -q -f $exclude -s $RPM_BUILD_ROOT -p / -e $RPM_BUILD_ROOT $python_libdir
-	else
-#
-# Python 3.3 and lower (incl. Python 2)
-#
-
-cat << EOF | $python_binary $options
-import compileall, sys, os, re
-
-python_libdir = "$python_libdir"
-depth = $depth
-real_libdir = "$real_libdir"
-build_root = "$RPM_BUILD_ROOT"
-exclude = r"$exclude"
-
-class Filter:
-    def search(self, path):
-        ret = not os.path.realpath(path).startswith(build_root)
-        if exclude:
-            ret = ret or re.search(exclude, path)
-        return ret
-
-sys.exit(not compileall.compile_dir(python_libdir, depth, real_libdir, force=1, rx=Filter(), quiet=1))
-EOF
-
-fi
-}
-
-# .pyc/.pyo files embed a "magic" value, identifying the ABI version of Python
-# bytecode that they are for.
-#
-# The files below RPM_BUILD_ROOT could be targeting multiple versions of
-# python (e.g. a single build that emits several subpackages e.g. a
-# python26-foo subpackage, a python31-foo subpackage etc)
-#
-# Support this by assuming that below each /usr/lib/python$VERSION/, all
-# .pyc/.pyo files are to be compiled for /usr/bin/python$VERSION.
-# 
-# For example, below /usr/lib/python2.6/, we're targeting /usr/bin/python2.6
-# and below /usr/lib/python3.1/, we're targeting /usr/bin/python3.1
-
-shopt -s nullglob
-for python_libdir in `find "$RPM_BUILD_ROOT" -type d|grep -E "/usr/lib(64)?/python[0-9]\.[0-9]+$"`;
-do
-	python_binary=/usr/bin/$(basename $python_libdir)
-	real_libdir=${python_libdir/$RPM_BUILD_ROOT/}
-	echo "Bytecompiling .py files below $python_libdir using $python_binary"
-
-	# Generate normal (.pyc) byte-compiled files.
-	python_bytecompile "" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
-	if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
-		# One or more of the files had a syntax error
-		exit 1
-	fi
-
-	# Generate optimized (.pyo) byte-compiled files.
-	python_bytecompile "-O" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
-	if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
-		# One or more of the files had a syntax error
-		exit 1
-	fi
-done
-
-
-# Handle other locations in the filesystem using the default python implementation
-# if extra is set to 0, don't do this
-if [ 0$extra -eq 0 ]; then
-	exit 0
-fi
-
-# If we don't have a default python interpreter, we cannot proceed
-default_python=${1:-/usr/bin/python}
-if [ ! -x "$default_python" ]; then
-	exit 0
-fi
-
-# Figure out if there are files to be bytecompiled with the default_python at all
-# this prevents unnecessary default_python invocation
-find "$RPM_BUILD_ROOT" -type f -name "*.py" | grep -Ev "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" || exit 0
-
-# Generate normal (.pyc) byte-compiled files.
-python_bytecompile "" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"
-if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
-	# One or more of the files had a syntax error
-	exit 1
-fi
-
-# Generate optimized (.pyo) byte-compiled files.
-python_bytecompile "-O" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"
-if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
-	# One or more of the files had a syntax error
-	exit 1
-fi
-exit 0

brp-strip-lto

@@ -1,17 +0,0 @@
-#!/usr/bin/sh
-# If using normal root, avoid changing anything.
-if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then
-	exit 0
-fi
-
-STRIP=${1:-strip}
-NCPUS=${RPM_BUILD_NCPUS:-1}
-
-case `uname -a` in
-Darwin*) exit 0 ;;
-*) ;;
-esac
-
-# Strip ELF binaries
-find "$RPM_BUILD_ROOT" -type f -name '*.[ao]' \! -regex "$RPM_BUILD_ROOT/*usr/lib/debug.*" -print0 | \
-  eu-elfclassify --not-program --not-library --not-linux-kernel-module --stdin0 --print0 | xargs -0 -r -P$NCPUS -n32 sh -c "$STRIP -p -R .gnu.lto_* -R .gnu.debuglto_* -N __gnu_lto_v1 \"\$@\"" ARG0

buildflags.md

@@ -1,390 +0,0 @@
-This document contains documentation of the individual compiler flags
-and how to use them.
-
-[TOC]
-
-# Using RPM build flags
-
-For packages which use autoconf to set up the build environment, use
-the `%configure` macro to obtain the full complement of flags, like
-this:
-
-    %configure
-
-This will invoke the `./configure` with arguments (such as
-`--prefix=/usr`) to adjust the paths to the packaging defaults.
-
-As a side effect, this will set the environment variables `CFLAGS`,
-`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, `LDFLAGS` and `LT_SYS_LIBRARY_PATH`,
-so they can be used by makefiles and other build tools.  (However,
-existing values for these variables are not overwritten.)
-
-If your package does not use autoconf, you can still set the same
-environment variables using
-
-    %set_build_flags
-
-early in the `%build` section.  (Again, existing environment variables
-are not overwritten.)
-
-Individual build flags are also available through RPM macros:
-
-* `%{build_cflags}` for the C compiler flags (also known as the
-  `CFLAGS` variable).  Also historically available as `%{optflags}`.
-  Furthermore, at the start of the `%build` section, the environment
-  variable `RPM_OPT_FLAGS` is set to this value.
-* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
-  the `CXXFLAGS` shell variable).
-* `%{build_fflags} for `FFLAGS` (the Fortran compiler flags, also
-  known as the `FCFLAGS` variable).
-* `%{build_ldflags}` for the link editor (ld) flags, usually known as
-  `LDFLAGS`.  Note that the contents quotes linker arguments using
-  `-Wl`, so this variable is intended for use with the `gcc` compiler
-  driver.  At the start of the `%build` section, the environment
-  variable `RPM_LD_FLAGS` is set to this value.
-
-The variable `LT_SYS_LIBRARY_PATH` is defined here to prevent the `libtool`
-script (v2.4.6+) from hardcoding %_libdir into the binaries' RPATH.
-
-These RPM macros do not alter shell environment variables.
-
-For some other build tools separate mechanisms exist:
-
-* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
-  package.
-
-Care must be taking not to compile the current selection of compiler
-flags into any RPM package besides `redhat-rpm-config`, so that flag
-changes are picked up automatically once `redhat-rpm-config` is
-updated.
-
-# Flag selection for the build type
-
-The default flags are suitable for building applications.
-
-For building shared objects, you must compile with `-fPIC` in
-(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
-
-For other considerations involving shared objects, see:
-
-* [Fedora Packaging Guidelines: Shared Libraries](https://docs.fedoraproject.org/en-US/packaging-guidelines/#_shared_libraries)
-
-# Customizing compiler flags
-
-It is possible to set RPM macros to change some aspects of the
-compiler flags.  Changing these flags should be used as a last
-recourse if other workarounds are not available.
-
-### Lazy binding
-
-If your package depends on the semantics of lazy binding (e.g., it has
-plugins which load additional plugins to complete their dependencies,
-before which some referenced functions are undefined), you should put
-`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
-which have such requirements.  Under these circumstances, it is
-unnecessary to disable hardened builds (and thus lose full ASLR for
-executables), or link everything without `-Wl,z,now` (non-lazy
-binding).
-
-### Hardened builds
-
-By default, the build flags enable fully hardened builds.  To change
-this, include this in the RPM spec file:
-
-    %undefine _hardened_build
-
-This turns off certain hardening features, as described in detail
-below.  The main difference is that executables will be
-position-dependent (no full ASLR) and use lazy binding.
-
-### Annotated builds/watermarking
-
-By default, the build flags cause a special output section to be
-included in ELF files which describes certain aspects of the build.
-To change this for all compiler invocations, include this in the RPM
-spec file:
-
-    %undefine _annotated_build
-
-Be warned that this turns off watermarking, making it impossible to do
-full hardening coverage analysis for any binaries produced.
-
-It is possible to disable annotations for individual compiler
-invocations, using the `-fplugin-arg-annobin-disable` flag.  However,
-the annobin plugin must still be loaded for this flag to be
-recognized, so it has to come after the hardening flags on the command
-line (it has to be added at the end of `CFLAGS`, or specified after
-the `CFLAGS` variable contents).
-
-### Strict symbol checks in the link editor (ld)
-
-Optionally, the link editor will refuse to link shared objects which
-contain undefined symbols.  Such symbols lack symbol versioning
-information and can be bound to the wrong (compatibility) symbol
-version at run time, and not the actual (default) symbol version which
-would have been used if the symbol definition had been available at
-static link time.  Furthermore, at run time, the dynamic linker will
-not have complete dependency information (in the form of DT_NEEDED
-entries), which can lead to errors (crashes) if IFUNC resolvers are
-executed before the shared object containing them is fully relocated.
-
-To switch on these checks, define this macro in the RPM spec file:
-
-    %define _strict_symbol_defs_build 1
-
-If this RPM spec option is active, link failures will occur if the
-linker command line does not list all shared objects which are needed.
-In this case, you need to add the missing DSOs (with linker arguments
-such as `-lm`).  As a result, the link editor will also generated the
-necessary DT_NEEDED entries.
-
-In some cases (such as when a DSO is loaded as a plugin and is
-expected to bind to symbols in the main executable), undefined symbols
-are expected.  In this case, you can add
-
-    %undefine _strict_symbol_defs_build
-
-to the RPM spec file to disable these strict checks.  Alternatively,
-you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
-command line).  The latter needs binutils 2.29.1-12.fc28 or later.
-
-### Legacy -fcommon
-
-Since version 10, [gcc defaults to `-fno-common`](https://gcc.gnu.org/gcc-10/porting_to.html#common).
-Builds may fail with `multiple definition of ...` errors.
-
-As a short term workaround for such failure,
-it is possible to add `-fcommon` to the flags by defining `%_legacy_common_support`.
-
-    %define _legacy_common_support 1
-
-Properly fixing the failure is always preferred!
-
-# Individual compiler flags
-
-Compiler flags end up in the environment variables `CFLAGS`,
-`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
-
-The general (architecture-independent) build flags are:
-
-* `-O2`: Turn on various GCC optimizations.  See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
-  Optimization improves performance, the accuracy of warnings, and the
-  reach of toolchain-based hardening, but it makes debugging harder.
-* `-g`: Generate debugging information (DWARF).  In Fedora, this data
-  is separated into `-debuginfo` RPM packages whose installation is
-  optional, so debuging information does not increase the size of
-  installed binaries by default.
-* `-pipe`: Run compiler and assembler in parallel and do not use a
-  temporary file for the assembler input.  This can improve
-  compilation performance.  (This does not affect code generation.)
-* `-Wall`: Turn on various GCC warnings.
-  See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
-* `-Werror=format-security`: Turn on format string warnings and treat
-  them as errors.
-  See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
-  This can occasionally result in compilation errors.  In this case,
-  the best option is to rewrite the source code so that only constant
-  format strings (string literals) are used.
-* `-Wp,-D_FORTIFY_SOURCE=2`: Source fortification activates various
-  hardening features in glibc:
-    * String functions such as `memcpy` attempt to detect buffer lengths
-      and terminate the process if a buffer overflow is detected.
-    * `printf` format strings may only contain the `%n` format specifier
-      if the format string resides in read-only memory.
-    * `open` and `openat` flags are checked for consistency with the
-      presence of a *mode* argument.
-    * Plus other minor hardening changes.
-  (These changes can occasionally break valid programs.)
-* `-fexceptions`: Provide exception unwinding support for C programs.
-  See the [`-fexceptions` option in the GCC
-  manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
-  and the [`cleanup` variable
-  attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
-  This also hardens cancellation handling in C programs because
-  it is not required to use an on-stack jump buffer to install
-  a cancellation handler with `pthread_cleanup_push`.  It also makes
-  it possible to unwind the stack (using C++ `throw` or Rust panics)
-  from C callback functions if a C library supports non-local exits
-  from them (e.g., via `longjmp`).
-* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
-  C++ standard library, such as bounds checking for the subscription
-  operator on vectors.  (This flag is added to both `CFLAGS` and
-  `CXXFLAGS`; C compilations will simply ignore it.)
-* `-fstack-protector-strong`: Instrument functions to detect
-  stack-based buffer overflows before jumping to the return address on
-  the stack.  The *strong* variant only performs the instrumentation
-  for functions whose stack frame contains addressable local
-  variables.  (If the address of a variable is never taken, it is not
-  possible that a buffer overflow is caused by incorrect pointer
-  arithmetic involving a pointer to that variable.)
-* `-grecord-gcc-switches`: Include select GCC command line switches in
-  the DWARF debugging information.  This is useful for detecting the
-  presence of certain build flags and general hardening coverage.
-
-For hardened builds (which are enabled by default, see above for how
-to disable them), the flag
-`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
-command line.  It adds the following flag to the command line:
-
-*   `-fPIE`: Compile for a position-independent executable (PIE),
-    enabling full address space layout randomization (ASLR).  This is
-    similar to `-fPIC`, but avoids run-time indirections on certain
-    architectures, resulting in improved performance and slightly
-    smaller executables.  However, compared to position-dependent code
-    (the default generated by GCC), there is still a measurable
-    performance impact.
-
-    If the command line also contains `-r` (producing a relocatable
-    object file), `-fpic` or `-fPIC`, this flag is automatically
-    dropped.  (`-fPIE` can only be used for code which is linked into
-    the main program.) Code which goes into static libraries should be
-    compiled with `-fPIE`, except when this code is expected to be
-    linked into DSOs, when `-fPIC` must be used.
-
-    To be effective, `-fPIE` must be used with the `-pie` linker flag
-    when producing an executable, see below.
-
-To support [binary watermarks for ELF
-objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
-annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
-added by default.  This can be switched off by undefining the
-`%_annotated_build` RPM macro (see above).
-
-### Architecture-specific compiler flags
-
-These compiler flags are enabled for all builds (hardened/annotated or
-not), but their selection depends on the architecture:
-
-*   `-fstack-clash-protection`: Turn on instrumentation to avoid
-    skipping the guard page in large stack frames.  (Without this flag,
-    vulnerabilities can result where the stack overlaps with the heap,
-    or thread stacks spill into other regions of memory.)  This flag is
-    fully ABI-compatible and has adds very little run-time overhead, but
-    is only available on certain architectures (currently aarch64, i386,
-    ppc64, ppc64le, s390x, x86_64).
-*   `-fcf-protection`: Instrument binaries to guard against
-    ROP/JOP attacks.  Used on i686 and x86_64.
-*   `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
-    the same compilation.  For such architectures, the RPM build process
-    explicitly selects the architecture variant by passing this compiler
-    flag.
-*   `-fasynchronous-unwind-tables`: Generate full unwind information
-    covering all program points.  This is required for support of
-    asynchronous cancellation and proper unwinding from signal
-    handlers.  It also makes performance and debugging tools more
-    useful because unwind information is available without having to
-    install (and load) debugging ienformation.
-    Asynchronous unwind tables are enabled for aarch64, i686, ppc64,
-    ppc64le, s390x, and x86_64.  They are not needed on armhfp due to
-    architectural differences in stack management.  On these
-    architectures, `-fexceptions` (see above) still enables regular
-    unwind tables (or they are enabled by default even without this
-    option).
-
-In addition, `redhat-rpm-config` re-selects the built-in default
-tuning in the `gcc` package.  These settings are:
-
-*   **armhfp**: `-march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard`
-    selects an Arm subarchitecture based on the ARMv7-A architecture
-    with 16 64-bit floating point registers.  `-mtune=cortex-8a` selects
-    tuning for the Cortex-A8 implementation (while preserving compatibility
-    with other ARMv7-A implementations).  `-mabi=aapcs-linux` switches to
-    the AAPCS ABI for GNU/Linux.
-*   **i686**: `-march=i686` is used to select a minmum support CPU level
-    of i686 (corresponding to the Pentium Pro).  SSE2 support is
-    enabled with `-msse2` (so only CPUs with SSE2 support can run the
-    compiled code; SSE2 was introduced first with the Pentium 4).
-    `-mtune=generic` activates tuning for a current blend of CPUs
-    (under the assumption that most users of i686 packages obtain them
-    through an x86_64 installation on current hardware).
-    `-mfpmath=sse` instructs GCC to use the SSE2 unit for floating
-    point math to avoid excess precision issues.  `-mstackrealign`
-    avoids relying on the stack alignment guaranteed by the current
-    version of the i386 ABI.
-*   **ppc64le**: `-mcpu=power8 -mtune=power8` selects a minimum supported
-    CPU level of POWER8 (the first CPU with ppc64le support) and tunes
-    for POWER8.
-*   **s390x**: `-march=zEC12 -mtune=z13` specifies a minimum supported CPU
-    level of zEC12, while optimizing for a subsequent CPU generation
-    (z13).
-*   **x86_64**: `-mtune=generic` selects tuning which is expected to
-     beneficial for a broad range of current CPUs.
-*   **ppc64** and **aarch64** do not have any architecture-specific tuning.
-
-# Individual linker flags
-
-Linker flags end up in the environment variable `LDFLAGS`.
-
-The linker flags listed below are injected.  Note that they are
-prefixed with `-Wl` because it is expected that these flags are passed
-to the compiler driver `gcc`, and not directly to the link editor
-`ld`.
-
-* `-z relro`: Activate the *read-only after relocation* feature.
-  Constant data and relocations are placed on separate pages, and the
-  dynamic linker is instructed to revoke write permissions after
-  dynamic linking.  Full protection of relocation data requires the
-  `-z now` flag (see below).
-* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
-  (optional, see above).
-
-For hardened builds, the
-`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the
-compiler driver command line.  (This can be disabled by undefining the
-`%_hardened_build` macro; see above) This activates the following
-linker flags:
-
-* `-pie`: Produce a PIE binary.  This is only activated for the main
-  executable, and only if it is dynamically linked.  This requires
-  that all objects which are linked in the main executable have been
-  compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
-  By itself, `-pie` has only a slight performance impact because it
-  disables some link editor optimization, however the `-fPIE` compiler
-  flag has some overhead.
-* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
-  linker feature.  Lazy binding involves an array of function pointers
-  which is writable at run time (which could be overwritten as part of
-  security exploits, redirecting execution).  Therefore, it is
-  preferable to turn of lazy binding, although it increases startup
-  time.
-
-# Support for extension builders
-
-Some packages include extension builders that allow users to build
-extension modules (which are usually written in C and C++) under the
-control of a special-purpose build system.  This is a common
-functionality provided by scripting languages such as Python and Perl.
-Traditionally, such extension builders captured the Fedora build flags
-when these extension were built.  However, these compiler flags are
-adjusted for a specific Fedora release and toolchain version and
-therefore do not work with a custom toolchain (e.g., different C/C++
-compilers), and users might want to build their own extension modules
-with such toolchains.
-
-The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
-`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
-flags that have been adjusted for compatibility with alternative
-toolchains, while still preserving some of the compile-time security
-hardening that the standard Fedora build flags provide.
-
-The current set of differences are:
-
-* No GCC plugins (such as annobin) are activated.
-* No GCC spec files (`-specs=` arguments) are used.
-
-Additional flags may be removed in the future if they prove to be
-incompatible with alternative toolchains.
-
-Extension builders should detect whether they are performing a regular
-RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable).  In this
-case, they should use the *current* set of Fedora build flags (that
-is, the output from `rpm --eval '%{build_cflags}'` and related
-commands).  Otherwise, when not performing an RPM build, they can
-either use hard-coded extension builder flags (thus avoiding a
-run-time dependency on `redhat-rpm-config`), or use the current
-extension builder flags (with a run-time dependency on
-`redhat-rpm-config`).
-
-As a result, extension modules built for Fedora will use the official
-Fedora build flags, while users will still be able to build their own
-extension modules with custom toolchains.

common.lua

@@ -1,197 +0,0 @@
--- Convenience Lua functions that can be used within rpm macros
-
--- Set a spec variable
--- Echo the result if verbose
-local function explicitset(rpmvar, value, verbose)
-  local value = value
-  if (value == nil) or (value == "") then
-    value = "%{nil}"
-  end
-  rpm.define(rpmvar .. " " .. value)
-  if verbose then
-    rpm.expand("%{echo:Setting %%{" .. rpmvar .. "} = " .. value .. "}")
-  end
-end
-
--- Unset a spec variable if it is defined
--- Echo the result if verbose
-local function explicitunset(rpmvar, verbose)
-  if (rpm.expand("%{" .. rpmvar .. "}") ~= "%{" .. rpmvar .. "}") then
-    rpm.define(rpmvar .. " %{nil}")
-    if verbose then
-      rpm.expand("%{echo:Unsetting %%{" .. rpmvar .. "}}")
-    end
-  end
-end
-
--- Set a spec variable, if not already set
--- Echo the result if verbose
-local function safeset(rpmvar, value, verbose)
-  if (rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
-    explicitset(rpmvar,value,verbose)
-  end
-end
-
--- Alias a list of rpm variables to the same variables suffixed with 0 (and vice versa)
--- Echo the result if verbose
-local function zalias(rpmvars, verbose)
-  for _, sfx in ipairs({{"","0"},{"0",""}}) do
-    for _, rpmvar in ipairs(rpmvars) do
-      local toalias = "%{?" .. rpmvar .. sfx[1] .. "}"
-      if (rpm.expand(toalias) ~= "") then
-        safeset(rpmvar .. sfx[2], toalias, verbose)
-      end
-    end
-  end
-end
-
--- Takes a list of rpm variable roots and a suffix and alias current<root> to
--- <root><suffix> if it resolves to something not empty
-local function setcurrent(rpmvars, suffix, verbose)
-  for _, rpmvar in ipairs(rpmvars) do
-    if (rpm.expand("%{?" .. rpmvar .. suffix .. "}") ~= "") then
-      explicitset(  "current" .. rpmvar, "%{" .. rpmvar .. suffix .. "}", verbose)
-    else
-      explicitunset("current" .. rpmvar,                                  verbose)
-    end
-  end
-end
-
--- Echo the list of rpm variables, with suffix, if set
-local function echovars(rpmvars, suffix)
-  for _, rpmvar in ipairs(rpmvars) do
-    rpmvar = rpmvar .. suffix
-    local header = string.sub("  " .. rpmvar .. ":                                               ",1,21)
-    rpm.expand("%{?" .. rpmvar .. ":%{echo:" .. header .. "%{?" .. rpmvar .. "}}}")
-  end
-end
-
--- Returns an array, indexed by suffix, containing the non-empy values of
--- <rpmvar><suffix>, with suffix an integer string or the empty string
-local function getsuffixed(rpmvar)
-  local suffixes = {}
-  zalias({rpmvar})
-  for suffix=0,9999 do
-    local value = rpm.expand("%{?" .. rpmvar .. suffix .. "}")
-    if (value ~= "") then
-      suffixes[tostring(suffix)] = value
-    end
-  end
-  -- rpm convention is to alias no suffix to zero suffix
-  -- only add no suffix if zero suffix is different
-  local value = rpm.expand("%{?" .. rpmvar .. "}")
-  if (value ~= "") and (value ~= suffixes["0"]) then
-     suffixes[""] = value
-  end
-  return suffixes
-end
-
--- Returns the list of suffixes, including the empty string, for which
--- <rpmvar><suffix> is set to a non empty value
-local function getsuffixes(rpmvar)
-  suffixes = {}
-  for suffix in pairs(getsuffixed(rpmvar)) do
-    table.insert(suffixes,suffix)
-  end
-  table.sort(suffixes,
-             function(a,b) return (tonumber(a) or 0) < (tonumber(b) or 0) end)
-  return suffixes
-end
-
--- Returns the suffix for which <rpmvar><suffix> has a non-empty value that
--- matches best the beginning of the value string
-local function getbestsuffix(rpmvar, value)
-  local best         = nil
-  local currentmatch = ""
-  for suffix, setvalue in pairs(getsuffixed(rpmvar)) do
-  if (string.len(setvalue) > string.len(currentmatch)) and
-     (string.find(value, "^" .. setvalue)) then
-      currentmatch = setvalue
-      best         = suffix
-    end
-  end
-  return best
-end
-
--- https://github.com/rpm-software-management/rpm/issues/581
--- Writes the content of a list of rpm variables to a macro spec file.
--- The target file must contain the corresponding anchors.
--- For example writevars("myfile", {"foo","bar"}) will replace:
---   @@FOO@@ with the rpm evaluation of %{foo} and
---   @@BAR@@ with the rpm evaluation of %{bar}
--- in myfile
-local function writevars(macrofile, rpmvars)
-  for _, rpmvar in ipairs(rpmvars) do
-    print("sed -i 's\029" .. string.upper("@@" .. rpmvar .. "@@") ..
-                   "\029" .. rpm.expand(  "%{" .. rpmvar .. "}" ) ..
-                   "\029g' " .. macrofile .. "\n")
-  end
-end
-
--- https://github.com/rpm-software-management/rpm/issues/566
--- Reformat a text intended to be used used in a package description, removing
--- rpm macro generation artefacts.
--- – remove leading and ending empty lines
--- – trim intermediary empty lines to a single line
--- – fold on spaces
--- Should really be a %%{wordwrap:…} verb
-local function wordwrap(text)
-  text = rpm.expand(text .. "\n")
-  text = string.gsub(text, "\t",              "  ")
-  text = string.gsub(text, "\r",              "\n")
-  text = string.gsub(text, " +\n",            "\n")
-  text = string.gsub(text, "\n+\n",           "\n\n")
-  text = string.gsub(text, "^\n",             "")
-  text = string.gsub(text, "\n( *)[-*—][  ]+", "\n%1– ")
-  output = ""
-  for line in string.gmatch(text, "[^\n]*\n") do
-    local pos = 0
-    local advance = ""
-    for word in string.gmatch(line, "%s*[^%s]*\n?") do
-      local wl, bad = utf8.len(word)
-      if not wl then
-        print("%{warn: Invalid UTF-8 sequence detected in:\n" ..
-               word .. "\nIt may produce unexpected results.\n}")
-        wl = bad
-      end
-      if (pos == 0) then
-        advance, n = string.gsub(word, "^(%s*– ).*", "%1")
-        if (n == 0) then
-          advance = string.gsub(word, "^(%s*).*", "%1")
-        end
-        advance = string.gsub(advance, "– ", "  ")
-        pos = pos + wl
-      elseif  (pos + wl  < 81) or
-             ((pos + wl == 81) and string.match(word, "\n$")) then
-        pos = pos + wl
-      else
-        word = advance .. string.gsub(word, "^%s*", "")
-        output = output .. "\n"
-        pos = utf8.len(word)
-      end
-      output = output .. word
-      if pos > 80 then
-        pos = 0
-        if not string.match(word, "\n$") then
-          output = output .. "\n"
-        end
-      end
-    end
-  end
-  output = string.gsub(output, "\n*$", "\n")
-  return output
-end
-
-return {
-  explicitset   = explicitset,
-  explicitunset = explicitunset,
-  safeset       = safeset,
-  zalias        = zalias,
-  setcurrent    = setcurrent,
-  echovars      = echovars,
-  getsuffixed   = getsuffixed,
-  getsuffixes   = getsuffixes,
-  getbestsuffix = getbestsuffix,
-  writevars     = writevars,
-  wordwrap      = wordwrap,
-}

find-provides.ksyms

@@ -1,24 +1,9 @@
-#! /bin/bash
+#! /bin/sh
 
 IFS=$'\n'
 
 for module in $(grep -E '/lib/modules/.+\.ko$'); do
-    if [[ -n $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
-        nm $module \
-        | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
-        | awk --non-decimal-data '{printf("ksym(%s) = 0x%08x\n", $2, $1)}' \
-        | LC_ALL=C sort -u
-    else
-        ELFRODATA=$(readelf -R .rodata $module | awk '/0x/{printf $2$3$4$5}')
-        if [[ -n $(readelf -h $module | grep "little endian") ]]; then
-            RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
-        else
-            RODATA=$ELFRODATA
-        fi
-        for sym in $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
-            echo $sym $RODATA
-        done \
-        | awk --non-decimal-data '{printf("ksym(%s) = 0x%08s\n", $2, substr($3,($1*2)+1,8))}' \
-        | LC_ALL=C sort -u
-    fi
-done
+    nm $module \
+    | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):ksym(\2) = \1:p'
+done \
+| sort -u

find-requires.ksyms

@@ -2,47 +2,19 @@
 
 IFS=$'\n'
 
-# Extract all of the symbols provided by this module.
 all_provides() {
-    if [[ -n $(nm "$@" | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
-        nm "$@" \
-        | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
-        | awk --non-decimal-data '{printf("0x%08x\t%s\n", $1, $2)}' \
-        | LC_ALL=C sort -k2,2 -u
-    else
-        ELFRODATA=$(readelf -R .rodata "$@" | awk '/0x/{printf $2$3$4$5}')
-        if [[ -n $(readelf -h "$@" | grep "little endian") ]]; then
-            RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
-        else
-            RODATA=$ELFRODATA
-        fi
-        for sym in $(nm "$@" | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
-            echo $sym $RODATA
-        done \
-        | awk --non-decimal-data '{printf("0x%08s\t%s\n", substr($3,($1*2)+1,8), $2)}' \
-        | LC_ALL=C sort -k2,2 -u
-    fi
+    nm "$@" \
+    | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):\1\t\2:p' \
+    | sort -k2 -u
 }
 
-# Extract all of the requirements of this module.
 all_requires() {
     for module in "$@"; do
         set -- $(/sbin/modinfo -F vermagic "$module" | sed -e 's: .*::' -e q)
         /sbin/modprobe --dump-modversions "$module" \
-        | awk --non-decimal-data '
-            BEGIN { FS = "\t" ; OFS = "\t" }
-            {printf("0x%08x\t%s\n", $1, $2)}' \
-        | sed -r -e 's:$:\t'"$1"':'
+        | sed -r -e 's:^0x0*::' -e 's:$:\t'"$1"':'
     done \
-    | LC_ALL=C sort -k2,2 -u
-}
-
-# Filter out requirements fulfilled by the module itself.
-mod_requires() {
-    LC_ALL=C join -t $'\t' -j 2 -v 1 \
-        <(all_requires "$@") \
-        <(all_provides "$@") \
-    | LC_ALL=C sort -k1,1 -u
+    | sort -k2 -u
 }
 
 if ! [ -e /sbin/modinfo -a -e /sbin/modprobe ]; then
@@ -52,23 +24,25 @@ fi
 
 modules=($(grep -E '/lib/modules/.+\.ko$'))
 if [ ${#modules[@]} -gt 0 ]; then
-    kernel=$(/sbin/modinfo -F vermagic "${modules[0]}" | sed -e 's: .*::' -e q)
+    symset_table=$(mktemp -t ${0##*/}.XXXXX)
+    /usr/lib/rpm/redhat/symset-table | sort > $symset_table
 
-    # get all that kernel provides
-    symvers=$(mktemp -t ${0##*/}.XXXXX)
-
-    cat /usr/src/kernels/$kernel/Module.symvers | awk '
+    join -t $'\t' -j 1 -a 2 $symset_table <(
+        # Filter out requirements that we fulfill ourself.
+        join -t $'\t' -j 2 -v 1 \
+            <(all_requires "${modules[@]}") \
+            <(all_provides "${modules[@]}") \
+        | awk '
         BEGIN { FS = "\t" ; OFS = "\t" }
-        { print $2 "\t" $1 }
-    ' \
-    | sed -r -e 's:$:\t'"$kernel"':' \
-    | LC_ALL=C sort -k1,1 -u > $symvers
-
-    # Symbols matching with the kernel get a "kernel" dependency
-    LC_ALL=C join -t $'\t' -j 1 $symvers <(mod_requires "${modules[@]}") | LC_ALL=C sort -u \
-    | awk '{ FS = "\t" ; OFS = "\t" } { print "kernel(" $1 ") = " $2 }'
-
-    # Symbols from elsewhere get a "ksym" dependency
-    LC_ALL=C join -t $'\t' -j 1 -v 2 $symvers <(mod_requires "${modules[@]}") | LC_ALL=C sort -u \
-    | awk '{ FS = "\t" ; OFS = "\t" } { print "ksym(" $1 ") = " $2 }'
+        { print $3 "/" $2 "/" $1 }
+        ' \
+        | sort -u) \
+    | sort -u \
+    | awk '
+    { FS = "\t" ; OFS = "\t" }
+    NF == 3 { print "kernel(" $2 ") = " $3
+              next }
+            { split($1, arr, "/")
+              print "ksym(" arr[3] ") = " arr[2] }
+    '
 fi

forge.lua

@@ -1,299 +0,0 @@
--- Lua code used by macros.forge and derivatives
-
--- Computes the suffix of a version string, removing vprefix if it matches
--- For example with vprefix 1.2.3: 1.2.3.rc2 → .rc2 but 1.2.30 → 1.2.30 not 0
-local function getversionsuffix(vstring,vprefix)
-  if (string.sub(vstring, 1, #vprefix) == vprefix) and
-     (not string.match(string.sub(vstring, #vprefix + 1), "^%.?%d")) then
-    return string.sub(vstring, #vprefix + 1)
-  else
-    return vstring
-  end
-end
-
--- Check if an identified url is sane
-local function checkforgeurl(url, id, silent)
-  local checkedurl  = nil
-  local checkedid   = nil
-  local urlpatterns = {
-    gitlab = {
-      pattern     = 'https://[^/]+/[^/]+/[^/#?]+',
-      description = 'https://(…[-.])gitlab[-.]…/owner/repo'},
-    pagure = {
-      pattern     = 'https://[^/]+/[^/#?]+',
-      description = 'https://pagure.io/repo'},
-    pagure_ns = {
-      pattern     = 'https://[^/]+/[^/]+/[^/#?]+',
-      description = 'https://pagure.io/namespace/repo'},
-    pagure_fork = {
-      pattern     = 'https://[^/]+/fork/[^/]+/[^/#?]+',
-      description = 'https://pagure.io/fork/owner/repo'},
-    pagure_ns_fork = {
-      pattern     = 'https://[^/]+/fork/[^/]+/[^/]+/[^/#?]+',
-      description = 'https://pagure.io/fork/owner/namespace/repo'},
-    github = {
-      pattern     = 'https://[^/]+/[^/]+/[^/#?]+',
-      description = 'https://(…[-.])github[-.]…/owner/repo'},
-    ["code.googlesource.com"] = {
-      pattern     = 'https://code.googlesource.com/[^#?]*[^/#?]+',
-      description = 'https://code.googlesource.com/…/repo'},
-    ["bitbucket.org"] = {
-      pattern     = 'https://[^/]+/[^/]+/[^/#?]+',
-      description = 'https://bitbucket.org/owner/repo'}}
-  if (urlpatterns[id] ~= nil) then
-    checkedurl = string.match(url,urlpatterns[id]["pattern"])
-    if (checkedurl == nil) then
-      if not silent then
-        rpm.expand("%{error:" .. id .. " URLs must match " .. urlpatterns[id]["description"] .. " !}")
-      end
-    else
-      checkedid = id
-    end
-  end
-  return checkedurl, checkedid
-end
-
--- Check if an url matches a known forge
-local function idforge(url, silent)
-  local forgeurl = nil
-  local forge    = nil
-  if (url ~= "") then
-    forge = string.match(url, "^[^:]+://([^/]+)/")
-    if (forge == nil) then
-      if not silent then
-        rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !}")
-      end
-    else
-      if (forge == "pagure.io") then
-        if     string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+/[^/]+") then
-          forge = "pagure_ns_fork"
-        elseif string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+") then
-          forge = "pagure_fork"
-        elseif  string.match(url, "[^:]+://pagure.io/[^/]+/[^/]+") then
-          forge = "pagure_ns"
-        elseif  string.match(url, "[^:]+://pagure.io/[^/]+") then
-          forge = "pagure"
-        end
-      elseif (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
-        forge = "gitlab"
-      elseif (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
-        forge = "github"
-      end
-      forgeurl, forge = checkforgeurl(url, forge, silent)
-    end
-  end
-  return forgeurl, forge
-end
-
--- The forgemeta macro main processing function
--- See the documentation in the macros.forge file for argument description
--- Also called directly by gometa
-local function meta(suffix, verbose, informative, silent)
-  local fedora = require "fedora.common"
-  local ismain = (suffix == "") or (suffix == "0")
-  if ismain then
-    fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
-                      "archivename", "archiveext", "archiveurl",
-                      "topdir", "extractdir", "repo", "owner", "namespace",
-                      "scm", "tag", "commit", "shortcommit", "branch", "version",
-                      "date", "distprefix"}, verbose)
-  end
-  local variables = {
-    default = {
-      scm         = "git",
-      archiveext  = "tar.bz2",
-      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
-      archivename = "%{repo"         .. suffix .. "}-%{ref"           .. suffix .. "}",
-      topdir      = "%{archivename"  .. suffix .. "}" },
-    gitlab = {
-      archiveurl  = "%{forgeurl"     .. suffix .. "}/-/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
-    pagure = {
-      archiveext  = "tar.gz",
-      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
-      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
-    pagure_ns = {
-      archiveext  = "tar.gz",
-      namespace   = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/]+)/[^/?#]+"))}',
-      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
-      archivename = "%{namespace"    .. suffix .. "}-%{repo"          .. suffix .. "}-%{ref"         .. suffix .. "}",
-      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
-    pagure_fork = {
-      archiveext  = "tar.gz",
-      owner       = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/?#]+"))}',
-      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/?#]+)"))}',
-      archivename = "%{owner"        .. suffix .. "}-%{repo"          .. suffix .. "}-%{ref"         .. suffix .. "}",
-      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
-    pagure_ns_fork = {
-      owner       = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/]+/[^/?#]+"))}',
-      namespace   = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/]+)/[^/?#]+")}',
-      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/[^/]+/([^/?#]+)")}',
-      archivename = "%{owner"        .. suffix .. "}-%{namespace"     .. suffix .. "}-%{repo"        .. suffix .. "}-%{ref"        .. suffix .. "}",
-      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
-    github = {
-      archiveext  = "tar.gz",
-      archivename = "%{repo"         .. suffix .. "}-%{fileref"       .. suffix .. "}",
-      archiveurl  = "%{forgeurl"     .. suffix .. "}/archive/%{ref"   .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
-    ["code.googlesource.com"] = {
-      archiveext  = "tar.gz",
-      repo        = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://.+/([^/?#]+)"))}',
-      archiveurl  = "%{forgeurl"     .. suffix .. "}/+archive/%{ref"  .. suffix .. "}.%{archiveext"  .. suffix .. "}",
-      topdir      = "" },
-    ["bitbucket.org"] = {
-      shortcommit = '%{lua:print(string.sub(rpm.expand("%{commit'     .. suffix .. '}"), 1, 12))}',
-      owner       = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
-      archivename = "%{owner"        .. suffix .. "}-%{repo"          .. suffix .. "}-%{shortcommit" .. suffix .. "}",
-      archiveurl  = "%{forgeurl"     .. suffix .. "}/get/%{ref"       .. suffix .. "}.%{archiveext"  .. suffix .. "}" } }
-  -- Packaging a moving branch is quite a bad idea, but since at least Gitlab
-  -- will treat branches and tags the same way better support branches explicitly
-  -- than have packagers hijack %{tag} to download branch states
-  local spec = {}
-  for _, v in ipairs({'forgeurl','tag','commit','branch','version'}) do
-    spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
-  end
-  -- Compute the reference of the object to fetch
-  local isrelease = false
-  if     (spec["tag"]     ~= "") then       ref = "%{?tag"     .. suffix .. "}"
-  elseif (spec["commit"]  ~= "") then       ref = "%{?commit"  .. suffix .. "}"
-  elseif (spec["branch"]  ~= "") then       ref = "%{?branch"  .. suffix .. "}"
-  else                                      ref = "%{?version" .. suffix .. "}"
-                                      isrelease = true
-  end
-  if (rpm.expand(ref) == "") then
-    if (suffix == "") then
-      rpm.expand("%{error:You need to define Version:, %{commit} or %{tag} before the macro invocation !}")
-    else
-      rpm.expand("%{error:You need to define %{version" .. suffix .. "}, %{commit" .. suffix .. "} or %{tag" .. suffix .. "} before the macro invocation !}")
-    end
-  end
-  local    forgeurl = spec["forgeurl"]
-  -- For backwards compatibility only
-  local expliciturl = rpm.expand("%{?-u*}")
-  if   (expliciturl ~= "") then
-    rpm.expand("%{warn:-u use in %%forgemeta is deprecated, use -z instead to select a separate set of rpm variables!}")
-           forgeurl = expliciturl
-  end
-  local forge
-  forgeurl,   forge = idforge(forgeurl, silent)
-  if (forge ~= nil) then
-    fedora.explicitset("forgeurl" .. suffix, forgeurl, verbose)
-    -- Custom processing of quirky forges that can not be handled with simple variables
-    if (forge == "github") then
-      -- Workaround the way GitHub injects "v"s before some version strings (but not all!)
-      -- To package one of the minority of sane GitHub projects that do not munge their version
-      -- strings set tag to %{version} in your spec
-      local fileref = ref
-      if (ref == "%{?version"  .. suffix .. "}") then
-        ref = "v" .. ref
-      elseif (fileref ~= "%{?commit" .. suffix .. "}") and
-             string.match(rpm.expand(fileref), "^v[%d]") then
-        fileref = string.gsub(rpm.expand(fileref), "^v", "")
-      elseif (string.match(rpm.expand(fileref), "/")) then
-        fileref = string.gsub(rpm.expand(fileref), "/", "-")
-      end
-      fedora.safeset("fileref" .. suffix, fileref, verbose)
-    elseif (forge == "code.googlesource.com") then
-      if (ref == "%{?version"  .. suffix .. "}") then
-        ref = "v" .. ref
-      end
-    elseif (forge == "bitbucket.org") then
-      if (spec["commit"] == "") then
-        rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!}")
-      end
-    end
-    fedora.safeset("ref" .. suffix, ref, verbose)
-    -- Mass setting of the remaining variables
-    for k,v in pairs(variables[forge]) do
-      fedora.safeset(k .. suffix, variables[forge][k], verbose)
-    end
-    for k,v in pairs(variables["default"]) do
-      if (variables[forge][k] == nil) then
-        fedora.safeset(k .. suffix, variables["default"][k], verbose)
-      end
-    end
-  end
-  -- Generic rules
-  for _, v in ipairs({'archiveurl','archivename','archiveext','topdir'}) do
-    spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
-  end
-  -- Source URL processing (computing the forgesource spec variable)
-  local forgesource = "%{archiveurl" .. suffix .. "}"
-  if (string.match(spec["archiveurl"], "/([^/]+)$") ~= spec["archivename"] .. "." .. spec["archiveext"]) then
-    forgesource     = "%{?archiveurl" .. suffix .. "}#/%{?archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}"
-  end
-  fedora.safeset("forgesource" .. suffix, forgesource, verbose)
-  -- Setup processing      (computing the forgesetup and extractdir variables)
-  local forgesetupargs = "-n %{extractdir" .. suffix .. "}"
-  local extractdir     = "%{topdir"        .. suffix .. "}"
-  if (spec["topdir"] == "") then
-    forgesetupargs     = "-c " .. forgesetupargs
-    extractdir         = "%{archivename"   .. suffix .. "}"
-  end
-  if not ismain then
-    if (spec["topdir"] ~= "") then
-      forgesetupargs = "-T -D -b " .. suffix .. " " .. forgesetupargs
-    else
-      forgesetupargs = "-T -D -a " .. suffix .. " " .. forgesetupargs
-    end
-  end
-  fedora.safeset("forgesetupargs" .. suffix, forgesetupargs, verbose)
-  fedora.safeset("extractdir"     .. suffix, extractdir, verbose)
-  -- dist processing       (computing the correct prefix for snapshots)
-  local distprefix = ""
-  if not isrelease then
-    distprefix = string.lower(rpm.expand(ref))
-    if     (ref == "%{?commit" .. suffix .. "}") then
-      distprefix = string.sub(distprefix, 1, 7)
-    elseif (ref ~= "%{?branch" .. suffix .. "}") then
-      distprefix = string.gsub(distprefix,      "[%p%s]+", ".")
-      distprefix = string.gsub(distprefix, "^" .. string.lower(rpm.expand("%{?repo}")) .. "%.?", "")
-      local    v = string.gsub(rpm.expand("%{version}"), "[%p%s]+", ".")
-      for _, p in ipairs({'','v','v.','version','version.','tags.v', 'tags.v.'}) do
-        distprefix = getversionsuffix(distprefix, p .. v)
-      end
-      distprefix = string.gsub(distprefix, "^%.", "")
-    end
-    if (distprefix ~= "") then
-      distprefix = "%{scm"     .. suffix .. "}" .. distprefix
-      date = rpm.expand("%{?date" .. suffix .. "}")
-      if (date ~= "") then
-        distprefix = date .. distprefix
-      else
-        distprefix = "%([ -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "})" .. distprefix
-      end
-      distprefix = "." .. distprefix
-    end
-  end
-  if (spec["version"] ~= "") and
-     (spec["version"] ~= "0") and
-     (spec["version"] ~= rpm.expand("%{?version}")) then
-    distprefix = ".%{version" .. suffix .. "}" .. distprefix
-  end
-  if (rpm.expand(distprefix) ~= "") then
-    if not ismain then
-      distprefix = string.gsub(distprefix, "^%.", ".s")
-    end
-    fedora.safeset ("distprefix"    .. suffix, distprefix, verbose)
-  end
-  if ismain then
-    fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
-                      "archivename", "archiveext", "archiveurl",
-                      "topdir", "extractdir", "repo", "owner", "namespace",
-                      "scm", "shortcommit", "distprefix"}, verbose)
-  end
-  -- Final spec variable summary if the macro was called with -i
-  if informative then
-    rpm.expand("%{echo:Packaging variables read or set by %%forgemeta}")
-    fedora.echovars({"forgeurl", "forgesource", "forgesetupargs",
-                        "archivename", "archiveext", "archiveurl",
-                        "topdir", "extractdir", "repo", "owner", "namespace",
-                        "scm", "tag", "commit", "shortcommit", "branch", "version",
-                        "date", "distprefix"}, suffix)
-    fedora.echovars({"dist"},"")
-    rpm.expand("%{echo:  (snapshot date is either manually supplied or computed once %%{_sourcedir}/%%{archivename" .. suffix .. "}.%%{archiveext" .. suffix .. "} is available)}")
-  end
-end
-
-return {
-  meta = meta,
-}
-

gpgverify

@@ -1,111 +0,0 @@
-#!/bin/bash
-
-# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
-#
-# This material is provided as is, with absolutely no warranty expressed
-# or implied. Any use is at your own risk.
-#
-# Permission is hereby granted to use or copy this shellscript
-# for any purpose, provided the above notices are retained on all copies.
-# Permission to modify the code and to distribute modified code is granted,
-# provided the above notices are retained, and a notice that the code was
-# modified is included with the above copyright notice.
-
-
-function print_help {
-    cat <<'EOF'
-Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
-
-gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
-verifies a file against a detached OpenPGP signature and a keyring. The keyring
-shall contain all the keys that are trusted to certify the authenticity of the
-file, and must not contain any untrusted keys.
-
-The differences, compared to invoking gpgv directly, are that gpgverify accepts
-the keyring in either ASCII-armored or unarmored form, and that it will not
-accidentally use a default keyring in addition to the specified one.
-
-Parameters:
-  --keyring=<pathname>    keyring with all the trusted keys and no others
-  --signature=<pathname>  detached signature to verify
-  --data=<pathname>       file to verify against the signature
-EOF
-}
-
-
-fatal_error() {
-    message="$1"  # an error message
-    status=$2     # a number to use as the exit code
-    echo "gpgverify: $message" >&2
-    exit $status
-}
-
-
-require_parameter() {
-    term="$1"   # a term for a required parameter
-    value="$2"  # Complain and terminate if this value is empty.
-    if test -z "${value}" ; then
-        fatal_error "No ${term} was provided." 2
-    fi
-}
-
-
-check_status() {
-    action="$1"  # a string that describes the action that was attempted
-    status=$2    # the exit code of the command
-    if test $status -ne 0 ; then
-        fatal_error "$action failed." $status
-    fi
-}
-
-
-# Parse the command line.
-keyring=
-signature=
-data=
-for parameter in "$@" ; do
-    case "${parameter}" in
-        (--help)
-            print_help
-            exit
-            ;;
-        (--keyring=*)
-            keyring="${parameter#*=}"
-            ;;
-        (--signature=*)
-            signature="${parameter#*=}"
-            ;;
-        (--data=*)
-            data="${parameter#*=}"
-            ;;
-        (*)
-            fatal_error "Unknown parameter: \"${parameter}\"" 2
-            ;;
-    esac
-done
-require_parameter 'keyring' "${keyring}"
-require_parameter 'signature' "${signature}"
-require_parameter 'data file' "${data}"
-
-# Make a temporary working directory.
-workdir="$(mktemp --directory)"
-check_status 'Making a temporary directory' $?
-workring="${workdir}/keyring.gpg"
-
-# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
-# ASCII-armored.
-gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
-check_status 'Decoding the keyring' $?
-
-# Verify the signature using the decoded keyring.
-gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
-check_status 'Signature verification' $?
-
-# (--homedir isn't actually necessary. --dearmor processes only the input file,
-# and if --keyring is used and contains a slash, then gpgv2 uses only that
-# keyring. Thus neither command will look for a default keyring, but --homedir
-# makes extra double sure that no default keyring will be touched in case
-# another version of GPG works differently.)
-
-# Clean up. (This is not done in case of an error that may need inspection.)
-rm --recursive --force ${workdir}

kmod.prov

@@ -1,28 +1,17 @@
 #!/bin/sh +x
-# Kernel build can have many thousands of modules.
-# kmod.prov is run for every one of them.
-# Try to make this script run as fast as we can.
-# For example, use shell string ops instead of external programs
-# where possible.
 
 IFS=$'\n'
 
-read -r fname || exit
+for i in $(grep -E '(/lib/modules/.*\.ko|/lib/modules/.*/modules.builtin)');
+do
+	kmod=$(basename $i | sed -e 's/.[xg]z//');
 
-# Only process files from .../lib/modules/... subtree
-[ "${fname#*/lib/modules/*}" != "$fname" ] || exit 0
-
-kmod=${fname##*/}  # like basename, but faster
-
-if [ "$kmod" = "modules.builtin" ]; then
-        for j in $(cat -- "$fname"); do
-                echo "kmod(${j##*/})"
-        done
-        exit 0
-fi
-
-kmod=${kmod%.gz}
-kmod=${kmod%.xz}
-if [ "${kmod%.ko}" != "$kmod" ]; then
-        echo "kmod($kmod)"
-fi
+	if [ $kmod == "modules.builtin" ]; then
+		for j in $(cat $i); do
+			j=$(basename $j);
+			echo "kmod($j)"
+		done
+	else
+		echo "kmod($kmod)"
+	fi
+done

macros

@@ -18,71 +18,8 @@
 
 %_fmoddir		%{_libdir}/gfortran/modules
 
-%source_date_epoch_from_changelog 1
-
 %_enable_debug_packages 1
 %_include_minidebuginfo 1
-%_include_gdb_index     1
-%_debugsource_packages  1
-%_debuginfo_subpackages 1
-
-#==============================================================================
-# ---- compiler flags.
-
-# C compiler flags.  This is traditionally called CFLAGS in makefiles.
-# Historically also available as %%{optflags}, and %%build sets the
-# environment variable RPM_OPT_FLAGS to this value.
-%build_cflags %{optflags}
-
-# C++ compiler flags.  This is traditionally called CXXFLAGS in makefiles.
-%build_cxxflags %{optflags}
-
-# Fortran compiler flags.  Makefiles use both FFLAGS and FCFLAGS as
-# the corresponding variable names.
-%build_fflags %{optflags} -I%{_fmoddir}
-
-# Link editor flags.  This is usually called LDFLAGS in makefiles.
-# (Some makefiles use LFLAGS instead.)  The default value assumes that
-# the flags, while intended for ld, are still passed through the gcc
-# compiler driver.  At the beginning of %%build, the environment
-# variable RPM_LD_FLAGS to this value.
-%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags}
-
-# Expands to shell code to seot the compiler/linker environment
-# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
-# not been set already.  RPM_OPT_FLAGS and RPM_LD_FLAGS have already
-# been set implicitly at the start of the %%build section.
-# LT_SYS_LIBRARY_PATH is used by libtool script.
-%set_build_flags \
-  CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
-  CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
-  FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
-  FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
-  LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
-  LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH
-
-# Internal-only.  Do not use.  Expand a variable and strip the flags
-# not suitable to extension builders.
-%__extension_strip_flags() %{lua:
-local name = rpm.expand("%{1}")
-local value = " " .. rpm.expand("%{build_" .. name .. "}")
-local result = string.gsub(value, "%s+-specs=[^%s]+", " ")
-print(result)
-}
-
-# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
-# extension builders.
-%extension_cflags %{__extension_strip_flags cflags}
-%extension_cxxflags %{__extension_strip_flags cxxflags}
-%extension_fflags %{__extension_strip_flags fflags}
-%extension_ldflags %{__extension_strip_flags ldflags}
-
-# Deprecated names.  For backwards compatibility only.
-%__global_cflags %{build_cflags}
-%__global_cxxflags %{build_cxxflags}
-%__global_fflags %{build_fflags}
-%__global_fcflags %{build_fflags}
-%__global_ldflags %{build_ldflags}
 
 #==============================================================================
 # ---- configure and makeinstall.
@@ -95,7 +32,11 @@ print(result)
 # way to turn it back off.
 # %_configure_disable_silent_rules 1
 %configure \
-  %{set_build_flags}; \
+  CFLAGS="${CFLAGS:-%__global_cflags}" ; export CFLAGS ; \
+  CXXFLAGS="${CXXFLAGS:-%__global_cxxflags}" ; export CXXFLAGS ; \
+  FFLAGS="${FFLAGS:-%__global_fflags}" ; export FFLAGS ; \
+  FCFLAGS="${FCFLAGS:-%__global_fcflags}" ; export FCFLAGS ; \
+  LDFLAGS="${LDFLAGS:-%__global_ldflags}"; export LDFLAGS; \
   [ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
       [ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
   done ; \
@@ -121,6 +62,19 @@ print(result)
 	--mandir=%{_mandir} \\\
 	--infodir=%{_infodir}
 
+# Maximum number of CPU's to use when building, 0 for unlimited.
+#
+# This was for some time capped at 16.  Please see
+# https://bugzilla.redhat.com/show_bug.cgi?id=669638 and
+# https://bugzilla.redhat.com/show_bug.cgi?id=1384938 for the situation
+# surrounding this.
+#%_smp_ncpus_max 0
+%_smp_mflags %([ -z "$RPM_BUILD_NCPUS" ] \\\
+	&& RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`"; \\\
+        ncpus_max=%{?_smp_ncpus_max}; \\\
+        if [ -n "$ncpus_max" ] && [ "$ncpus_max" -gt 0 ] && [ "$RPM_BUILD_NCPUS" -gt "$ncpus_max" ]; then RPM_BUILD_NCPUS="$ncpus_max"; fi; \\\
+        if [ "$RPM_BUILD_NCPUS" -gt 1 ]; then echo "-j$RPM_BUILD_NCPUS"; fi)
+
 #==============================================================================
 # ---- Build policy macros.
 #
@@ -141,34 +95,15 @@ print(result)
 
 %__arch_install_post   /usr/lib/rpm/check-buildroot
 
-# Build root policy macros. Standard naming:
-# convert all '-' in basename to '_', add two leading underscores.
-%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
-%__brp_compress /usr/lib/rpm/brp-compress
-%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
-%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
-%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
-%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
-%__brp_python_bytecompile /usr/lib/rpm/redhat/brp-python-bytecompile "%{__python}" "%{?_python_bytecompile_errors_terminate_build}" "%{?_python_bytecompile_extra}"
-%__brp_python_hardlink /usr/lib/rpm/brp-python-hardlink
-# __brp_mangle_shebangs_exclude - shebangs to exclude
-# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
-# __brp_mangle_shebangs_exclude_from - files to ignore
-# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
-%__brp_mangle_shebangs /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
-
 %__os_install_post    \
-    %{?__brp_ldconfig} \
-    %{?__brp_compress} \
+    /usr/lib/rpm/brp-compress \
     %{!?__debug_package:\
-    %{?__brp_strip} \
-    %{?__brp_strip_comment_note} \
+    /usr/lib/rpm/brp-strip %{__strip} \
+    /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump} \
     } \
-    %{?__brp_strip_lto} \
-    %{?__brp_strip_static_archive} \
-    %{?py_auto_byte_compile:%{?__brp_python_bytecompile}} \
-    %{?__brp_python_hardlink} \
-    %{?__brp_mangle_shebangs} \
+    /usr/lib/rpm/brp-strip-static-archive %{__strip} \
+    %{?py_auto_byte_compile:/usr/lib/rpm/brp-python-bytecompile %{__python} %{?_python_bytecompile_errors_terminate_build}} \
+    /usr/lib/rpm/brp-python-hardlink \
 %{nil}
 
 %__spec_install_post\
@@ -192,50 +127,31 @@ print(result)
 #
 ## Should python bytecompilation errors terminate a build?
 %_python_bytecompile_errors_terminate_build 1
-## Should python bytecompilation compile outisde python specific directories?
-%_python_bytecompile_extra 0
 
 # Use SHA-256 for FILEDIGESTS instead of default MD5
 %_source_filedigest_algorithm 8
 %_binary_filedigest_algorithm 8
 
-# Use Zstandard compression for binary payloads
-%_binary_payload w19.zstdio
+# Use XZ compression for binary payloads
+%_binary_payload w2.xzdio
 
 %_hardening_cflags	-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
 # we don't escape symbols '~', '"', etc. so be careful when changing this
-%_hardening_ldflags	-Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
+%_hardening_ldflags	-specs=/usr/lib/rpm/redhat/redhat-hardened-ld
 
 # Harden packages by default for Fedora 23:
 # https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
-# Use "%undefine _hardened_build" to disable.
 %_hardened_build	1
 %_hardened_cflags	%{?_hardened_build:%{_hardening_cflags}}
 %_hardened_ldflags	%{?_hardened_build:%{_hardening_ldflags}}
 
-%_annobin_cflags	-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
+%__global_compiler_flags	-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags}
 
-# Add extra information to binary objects created by gcc for Fedora 28:
-# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
-# Use "%undefine _annotated_build" to disable.
-%_annotated_build	1
-%_annotated_cflags	%{?_annotated_build:%{_annobin_cflags}}
-
-# Fail linking if there are undefined symbols.  Required for proper
-# ELF symbol versioning support.  Disabled by default.
-# Use "%define _ld_strict_symbol_defs 1" to enable.
-#%_ld_strict_symbol_defs		1
-%_ld_symbols_flags		%{?_ld_strict_symbol_defs:-Wl,-z,defs}
-
-# https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
-# use "%undefine _ld_as_needed" to disable.
-%_ld_as_needed		1
-%_ld_as_needed_flags	%{?_ld_as_needed:-Wl,--as-needed}
-
-%__global_compiler_flags	-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags}%{?_legacy_common_support: -fcommon}
-
-# Automatically trim changelog entries after 2 years
-%_changelog_trimtime	%{lua:print(os.time() - 2 * 365 * 86400)}
+%__global_cflags	%{optflags}
+%__global_cxxflags	%{optflags}
+%__global_fflags	%{optflags} -I%_fmoddir
+%__global_fcflags	%{optflags} -I%_fmoddir
+%__global_ldflags	-Wl,-z,relro %{_hardened_ldflags}
 
 #==============================================================================
 # ---- Generic auto req/prov filtering macros
@@ -269,6 +185,3 @@ print(result)
 %global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
 %global __find_requires /bin/sh -c "%{?__filter_req_cmd}  %{__deploop R} %{?__filter_from_req}" \
 }
-
-# Temporary shelter for rpm 4.15 refugees
-%requires_eq()  %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")

macros.fedora-misc

@@ -1,61 +0,0 @@
-# Some miscellaneous Fedora-related macros
-
-# List files matching inclusion globs, excluding files matching exclusion blogs
-# Optional parameters:
-#  – -i "<globs>" inclusion globs
-#  – -x "<globs>" exclusion globs
-# Globs are space-separated lists of shell globs. Such lists require %{quote:}
-# use for safe rpm argument passing.
-# Alternatively, set the following rpm variables before calling the macro:
-#  – “listfiles_include” inclusion globs
-#  — “listfiles_exclude” exclusion globs
-# Arguments passed to the macro without flags will be interpreted as inclusion
-# globs.
-%listfiles(i:x:) %{expand:
-%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
-  listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
-  %if  %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
-    while IFS= read -r finc ; do
-      realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
-        | sort -u | grep -q "${finc}" || echo "${finc}"
-    done <<< "${listfiles_include}"
-  %else
-    echo "${listfiles_include}"
-  %endif
-%endif
-}
-
-# https://github.com/rpm-software-management/rpm/issues/581
-# Write the contents of a list of rpm variables to a macro file.
-# The target file must contain the corresponding anchors.
-# For example %writevars -f myfile foo bar will replace:
-#  @@FOO@@ with the rpm evaluation of %{foo} and
-#  @@BAR@@ with the rpm evaluation of %{bar}
-# in myfile
-%writevars(f:) %{lua:
-local    fedora = require "fedora.common"
-local macrofile = rpm.expand("%{-f*}")
-local   rpmvars = {}
-for i = 1, rpm.expand("%#") do
-  table.insert(rpmvars, rpm.expand("%" .. i))
-end
-fedora.writevars(macrofile,rpmvars)
-}
-
-# gpgverify verifies signed sources. There is documentation in the script.
-%gpgverify(k:s:d:) %{lua:
-local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
-local keyring = rpm.expand("%{-k*}")
-local signature = rpm.expand("%{-s*}")
-local data = rpm.expand("%{-d*}")
-print(script)
-if keyring ~= "" then
-  print(rpm.expand("--keyring='%{SOURCE" .. keyring ..  "}' "))
-end
-if signature ~= "" then
-  print(rpm.expand("--signature='%{SOURCE" .. signature ..  "}' "))
-end
-if data ~= "" then
-  print(rpm.expand("--data='%{SOURCE" .. data ..  "}' "))
-end
-}

macros.fedora-misc-srpm

@@ -3,20 +3,6 @@
 # A directory for rpm macros
 %rpmmacrodir /usr/lib/rpm/macros.d
 
-# A directory for appdata metainfo.  This has changed between releases so a
-# macro is useful.
-%_metainfodir %{_datadir}/metainfo
-
-# A directory for SWID tag files describing the installation
-%_swidtagdir %{_prefix}/lib/swidtag/fedoraproject.org
-
-# A helper to apply the fedora.wordwrap filter to the content of an rpm
-# variable, and print the result. Optional parameter:
-#  – -v <variable_name> (default value: _description)
-# Putting multiple lines of UTF-8 text inside a variable is usually
-# accomplished with a %%{expand: some_text}.
-%wordwrap(v:) %{lua:
-local   fedora = require "fedora.common"
-local variable = "%{" .. rpm.expand("%{-v*}%{!-v:_description}") .. "}"
-print(fedora.wordwrap(variable))
-}
+# A directory for appdata metainfo.  The value in <=F27 differs from the F28+
+# value.
+%_metainfodir %{_datadir}/appdata

macros.forge

@@ -4,12 +4,10 @@
 # The following spec variables SHOULD be set before calling the macro:
 #
 #   forgeurl  the project url on the forge, strongly recommended;
+#             alternatively, use -u <url>
 #   Version   if applicable, set it with Version: <version>
 #   tag       if applicable
 #   commit    if applicable
-#   date      if applicable (to override the mtime of the Source archive)
-#
-#  Use -z for multiple calls to the macro
 #
 # The macro will attempt to compute and set the following variables if they are
 # not already set by the packager:
@@ -21,65 +19,264 @@
 #   archiveext     the source archive filename extensions, without leading dot
 #   archiveurl     the url that can be used to download the source archive,
 #                  without renaming
-#   topdir         the source archive top directory (can be empty)
-#   extractdir     the source directory created inside %{_builddir} after using
-#                  %%forgesetup, %forgeautosetup or %{forgesetupargs}
-#   repo           the repository name
-#   owner          the repository owner (if used by another computed variable)
-#   shortcommit    the commit hash clamping used by the forge, if any
 #   scm            the scm type, when packaging code snapshots: commits or tags
-#   distprefix     the prefix that needs adding to dist to trace non-release packaging
 #
-# Most of the computed variables are both overridable and optional.
+# If the macro is unable to parse your forgeurl value set at least archivename
+# and archiveurl before calling it.
+#
+# Most of the computed variables are both overridable and optional. However,
+# the macro WILL REDEFINE %{dist} when packaging a snapshot (commit or tag).
+# The previous %{dist} value will be lost. Don’t call the macro if you don’t
+# wish %{dist} to be changed.
 #
 # Optional parameters:
-#   -a          process all sources in one go, instead of using separate -z calls
-#   -z <number> suffix all the read and written variable names with <number>
-#               for example read     forgeurl<number>, version<number>…
-#                       and generate forgesetupargs<number>, archiveurl<number>…
-#               The macro assumes that null or nil suffix is used for the primary
-#               package source.
+#   -u <url>  Ignore forgeurl even if it exists and use <url> instead. Note
+#             that the macro will still end up setting <url> as the forgeurl
+#             spec variable if it manages to parse it.
 #   -s  Silently ignore problems in forgeurl, use it if it can be parsed,
 #       ignore it otherwise.
+#   -p  Restore problem handling, override -s.
 #   -v  Be verbose and print every spec variable the macro sets.
 #   -i  Print some info about the state of spec variables the macro may use or
 #       set at the end of the processing.
-%forgemeta(az:sviu:) %{lua:
-local      fedora = require "fedora.common"
-local       forge = require "fedora.srpm.forge"
-local     verbose =  rpm.expand("%{-v}") ~= ""
-local informative =  rpm.expand("%{-i}") ~= ""
-local      silent =  rpm.expand("%{-s}") ~= ""
-local  processall = (rpm.expand("%{-a}") ~= "") and (rpm.expand("%{-z}") == "")
-if processall then
-  for _,s in pairs(fedora.getsuffixes("forgeurl")) do
-    forge.meta(s,verbose,informative,silent)
+%forgemeta(u:spvi) %{lua:
+local forgeurl    = rpm.expand("%{?-u*}")
+if (forgeurl == "") then
+  forgeurl        = rpm.expand("%{?forgeurl}")
+end
+local silent      = false
+local verbose     = false
+local informative = false
+if (rpm.expand("%{?-s}") ~= "") then
+  silent          = true
+end
+if (rpm.expand("%{?-p}") ~= "") then
+  silent          = false
+end
+if (rpm.expand("%{?-v}") ~= "") then
+  verbose         = true
+end
+if (rpm.expand("%{?-i}") ~= "") then
+  informative     = true
+end
+local tag         = rpm.expand("%{?tag}")
+local commit      = rpm.expand("%{?commit}")
+-- Be explicit about the spec variables we’re setting
+local function explicitset(rpmvariable,value)
+  rpm.define(rpmvariable .. " " .. value)
+  if verbose then
+    rpm.expand("%{echo:Setting %%{" .. rpmvariable .. "} = " .. value .. "\\n}")
   end
-else
-  forge.meta(rpm.expand("%{-z*}"),verbose,informative,silent)
+end
+-- Never ever stomp on a spec variable the packager already set
+local function safeset(rpmvariable,value)
+  if (rpm.expand("%{?" .. rpmvariable .. "}") == "") then
+    explicitset(rpmvariable,value)
+  end
+end
+-- Set spec variable values for each known software publishing service
+if (forgeurl ~= "") then
+  local forge          = string.match(forgeurl, "^[^:]+://([^/]+)/")
+  if (forge == nil) then
+    if not silent then
+      rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !\\n}")
+    end
+  else
+    if (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
+      forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
+      if (forgeurl == nil) then
+        if not silent then
+          rpm.expand("%{error:Gitlab URLs must match https://(…[-.])gitlab[-.]…/owner/repo !\\n}")
+        end
+      else
+        explicitset("forgeurl",   forgeurl)
+        if (commit == "") then
+          rpm.expand("%{error:All Gitlab URLs require commit value knowledge: you need to define %{commit}!\\nPlease vote on https://gitlab.com/gitlab-org/gitlab-ce/issues/38830\\n}")
+        end
+        safeset("archiveext",     "tar.bz2")
+        safeset("forgesetupargs", "-n %{archivename}")
+        if (commit ~= "") or (tag ~= "") then
+          safeset("scm", "git")
+        end
+        local owner   = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
+        local repo    = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
+        local version = rpm.expand("%{?version}")
+        if (version ~= "") and (version ~= "0") and (tag == "") then
+          -- GitLab does not have strong versionning semantics
+          -- Some projects use "version" as release tag, others "v" + "version"
+          -- Tag value needs to be explicitly declared before calling the macro
+          -- in the second case
+          tag = version
+          safeset("tag", tag)
+        end
+        if (tag ~= "") then
+          safeset("archivename", repo .. "-%{tag}-%{commit}")
+          safeset("archiveurl",  "%{forgeurl}/repository/%{tag}/archive.%{archiveext}")
+        else
+          safeset("archivename", repo .. "-%{commit}")
+          safeset("archiveurl",  "%{forgeurl}/repository/%{commit}/archive.%{archiveext}")
+        end
+      end
+    end
+    if (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
+      forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
+      if (forgeurl == nil) then
+        if not silent then
+          rpm.expand("%{error:GitHub URLs must match https://(…[-.])github[-.]…/owner/repo !\\n}")
+        end
+      else
+        explicitset("forgeurl",   forgeurl)
+        safeset("archiveext",     "tar.gz")
+        local forgesetupargs = "-n %{archivename}"
+        if (commit ~= "") or (tag ~= "") then
+          safeset("scm", "git")
+        end
+        local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
+        local repo  = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
+        if (tag ~= "") then
+          -- if upstream used a version suffix such as -rc1 or -beta it will not
+          -- be a valid version string for rpm but github will accept it fine and
+          -- use the same naming as for other versions: v prefix in the tag and
+          -- archivename, no v prefix in the topdir naming inside the archive
+          local version = rpm.expand("%{?version}")
+          if version ~= "" and
+             (string.match(tag, "^v" .. version .. "[^%d]") or
+              string.match(tag, "^v" .. version .. "$"))    then
+            forgesetupargs = "-n " .. repo .. "-" .. string.gsub(tag, "^v", "")
+          end
+          safeset("archivename",   repo .. "-%{tag}")
+          safeset("archiveurl",    "%{forgeurl}/archive/%{tag}.%{archiveext}")
+        else
+          if (commit ~= "") then
+            safeset("archivename", repo .. "-%{commit}")
+            safeset("archiveurl",  "%{forgeurl}/archive/%{commit}/" .. repo .. "-%{commit}.%{archiveext}")
+          else
+            safeset("archivename", repo .. "-%{version}")
+            safeset("archiveurl",   "%{forgeurl}/archive/v%{version}.%{archiveext}")
+          end
+        end
+        safeset("forgesetupargs", forgesetupargs)
+      end
+    end
+    if (forge == "code.googlesource.com") then
+      forgeurl = string.match(forgeurl, "https://code.googlesource.com/[^#?]*[^/#?]+")
+      if (forgeurl == nil) then
+        if not silent then
+          rpm.expand("%{error:Googlesource URLs must match https://code.googlesource.com/…/repo !\\n}")
+        end
+      else
+        explicitset("forgeurl",   forgeurl)
+        safeset("archiveext",     "tar.gz")
+        safeset("forgesetupargs", "-c")
+        if (commit ~= "") or (tag ~= "") then
+          safeset("scm", "git")
+        end
+        local repo = string.match(forgeurl, "^[^:]+://.+/([^/?#]+)")
+        if (tag ~= "") then
+          safeset("archivename",   repo .. "-%{tag}")
+          safeset("archiveurl",    "%{forgeurl}/+archive/%{tag}.%{archiveext}")
+        else
+          if (commit ~= "") then
+            safeset("archivename", repo .. "-%{commit}")
+            safeset("archiveurl",  "%{forgeurl}/+archive/%{commit}.%{archiveext}")
+          else
+            safeset("archivename", repo .. "-v%{version}")
+            safeset("archiveurl",  "%{forgeurl}/+archive/v%{version}.%{archiveext}")
+          end
+        end
+      end
+    end
+    if (forge == "bitbucket.org") then
+      forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
+      if (forgeurl == nil) then
+        if not silent then
+          rpm.expand("%{error:BitBucket URLs must match https://bitbucket.org/owner/repo !\\n}")
+        end
+      else
+        explicitset("forgeurl",   forgeurl)
+        if (commit == "") then
+          rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!\\n}")
+        end
+        local shortcommit = string.sub(commit, 1, 12)
+        safeset("archiveext", "tar.bz2")
+        -- Default to git even though BitBucket allows choosing between several SCMs
+        -- Set scm to hg for example before calling the macro if your project does not use git
+        safeset("scm", "git")
+        local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
+        local repo  = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
+        safeset("archivename",    owner .. "-" .. repo .. "-" .. shortcommit)
+        safeset("forgesetupargs", "-n %{archivename}")
+        if (tag ~= "") then
+          safeset("archiveurl",  "%{forgeurl}/get/%{tag}.%{archiveext}")
+        else
+          safeset("archiveurl",  "%{forgeurl}/get/%{commit}.%{archiveext}")
+        end
+      end
+    end
+    if (forge == "pagure.io") then
+      if not silent then
+        rpm.expand("%{error:https://pagure.io/pagure/issue/861 needs to be resolved before the “pagure.io”\\nsoftware publishing service can be supported.\\n}")
+      end
+    end
+    -- Final tests to check forgeurl was successfuly parsed
+    if not silent then
+      if (rpm.expand("%{?archivename}") == "") or (rpm.expand("%{?archiveurl}") == "") then
+        rpm.expand("%{error:Automation for the “" .. forge .. "”\\nsoftware publishing service is not implemented yet.\\nPlease extend the %%forgemeta macro!\\n}")
+      end
+    end
+  end
+end
+-- Set defaults if forgeurl is missing or does not parse
+local archivename = rpm.expand("%{?archivename}")
+safeset("archiveext",       "tar.gz")
+if (archivename ~= "") then
+  safeset("forgesetupargs", "-n %{archivename}")
+end
+if (commit ~= "") or (tag ~= "") then
+  safeset("scm",            "git")
+end
+-- Source URL processing (computing the forgesource spec variable)
+local archiveurl  = rpm.expand("%{?archiveurl}")
+local archiveext  = rpm.expand("%{?archiveext}")
+if (archivename ~= "") and (archiveurl ~= "") then
+  if (string.match(archiveurl, "/([^/]+)$") == archivename .. "." .. archiveext) then
+    safeset("forgesource", "%{archiveurl}")
+  else
+    safeset("forgesource", "%{?archiveurl}#/%{?archivename}.%{archiveext}")
+  end
+end
+-- dist processing (computing the correct pefix for snapshots)
+local distprefix = rpm.expand("%{?tag}")
+local version    = rpm.expand("%{?version}")
+if (distprefix == version) or (distprefix == "v" .. version) then
+  distprefix = ""
+end
+if (distprefix == "") then
+  distprefix = string.sub(rpm.expand("%{?commit}"), 1, 7)
+end
+if (distprefix ~= "") then
+  local dist = ".%([ -r %{_sourcedir}/%{archivename}.%{archiveext} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename}.%{archiveext})%{scm}" .. string.gsub(distprefix, "-",".") .. rpm.expand("%{?dist}")
+  explicitset("dist", dist)
+end
+-- Final spec variable summary if the macro was called with -i
+if informative then
+  rpm.expand("%{echo:Forge-specific packaging variables\\n}")
+  rpm.expand("%{echo:  forgeurl:        %{?forgeurl}\\n}")
+  rpm.expand("%{echo:  forgesource:     %{?forgesource}\\n}")
+  rpm.expand("%{echo:  forgesetupargs:  %{?forgesetupargs}\\n}")
+  rpm.expand("%{echo:Generic variables\\n}")
+  rpm.expand("%{echo:  archivename:     %{?archivename}\\n}")
+  rpm.expand("%{echo:  archiveext:      %{?archiveext}\\n}")
+  rpm.expand("%{echo:  archiveurl:      %{?archiveurl}\\n}")
+  rpm.expand("%{echo:  scm:             %{?scm}\\n}")
+  rpm.expand("%{echo:  tag:             %{?tag}\\n}")
+  rpm.expand("%{echo:  commit:          %{?commit}\\n}")
+  rpm.expand("%{echo:  dist:            %{?dist} (snapshot date is computed once %%{_sourcedir}/%%{archivename}.%%{archiveext} is available)\\n}")
 end
 }
 
 # Convenience macro to relay computed arguments to %setup
-# Optional parameters:
-#   -a          process all sources in one go, instead of using separate -z calls
-#   -z <number> read %{?forgesetupargs<number>}
-#   -v          be verbose
-%forgesetup(az:v) %{lua:
-local fedora = require "fedora.common"
-if (rpm.expand("%{-z}") == "") and (rpm.expand("%{-a}") ~= "") then
-  for _,s in pairs(fedora.getsuffixes("forgesetupargs")) do
-    print(rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. s                     .. "}\\n"))
-  end
-else
-  print(  rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n"))
-end
-}
+%forgesetup(a:b:cDn:Tq) %setup %{?forgesetupargs} %{-a} %{-b} %{-c} %{-D} %{-n} %{-T} %{-q}
 
 # Convenience macro to relay computed arguments to %autosetup
-# Parameters relayed to %autosetup: -v -N -S -p
-# Optional parameters:
-#   -z <number> read %{?forgesetupargs<number>}
-%forgeautosetup(z:vNS:p:q) %{lua:
-print(rpm.expand("%autosetup %{-v} %{-N} %{?-S} %{?-p} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n"))
-}
+%forgeautosetup(a:b:cDn:TvNS:p:) %autosetup %{?forgesetupargs} %{-a} %{-b} %{-c} %{-D} %{-n} %{-T} %{-v} %{-N} %{-S} %{-p}

macros.kmp

@@ -54,10 +54,9 @@ kernel_module_package_release	1
 	then \
 		preamble="%{-p*}" \
 	fi \
-	nobuildreqs="yes" \
-	if [ "x%{kmodtool_generate_buildreqs}" != "x1" ] \
+	if [ -z "%{kmodtool_generate_buildreqs}" ] \
 	then \
-		nobuildreqs="no" \
+		nobuildreqs="yes" \
 	fi \
 	kmp_override_filelist="$filelist" kmp_override_preamble="$preamble" kmp_nobuildreqs="$nobuildreqs" %{kmodtool} rpmtemplate_kmp %{-n*}%{!-n:%name} %{kverrel} $flavors_to_build 2>/dev/null \
 )}

macros.ldc-srpm

@@ -1,2 +1,2 @@
 # arches that ldc builds on
-%ldc_arches %{ix86} x86_64 %{arm} aarch64
+%ldc_arches %{ix86} x86_64 %{arm} %{power64}

macros.ldconfig

@@ -1,8 +1,6 @@
-#%ldconfig /sbin/ldconfig
-%ldconfig_post(n:) %{?ldconfig:%post -p %ldconfig %{?*} %{-n:-n %{-n*}}\
-%end}
-%ldconfig_postun(n:) %{?ldconfig:%postun -p %ldconfig %{?*} %{-n:-n %{-n*}}\
-%end}
+%ldconfig /sbin/ldconfig
+%ldconfig_post %{?ldconfig:%post -p %ldconfig}
+%ldconfig_postun %{?ldconfig:%postun -p %ldconfig}
 %ldconfig_scriptlets(n:) %{?ldconfig:\
 %ldconfig_post %{?*} %{-n:-n %{-n*}}\
 %ldconfig_postun %{?*} %{-n:-n %{-n*}}\

redhat-annobin-cc1

@@ -1,2 +0,0 @@
-*cc1_options:
-+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}

redhat-hardened-ld

@@ -1,2 +1,5 @@
 *self_spec:
 + %{!static:%{!shared:%{!r:-pie}}}
+
+*link:
++ -z now

redhat-rpm-config.spec

@@ -6,11 +6,12 @@
 
 Summary: Red Hat specific rpm configuration files
 Name: redhat-rpm-config
-Version: 153
+Version: 66
 Release: 1%{?dist}
 # No version specified.
 License: GPL+
-URL: https://src.fedoraproject.org/rpms/redhat-rpm-config
+Group: Development/System
+URL: http://pkgs.fedoraproject.org/cgit/redhat-rpm-config.git
 
 # Core rpm settings
 Source0: macros
@@ -20,9 +21,6 @@ Source1: rpmrc
 Source50: redhat-hardened-cc1
 Source51: redhat-hardened-ld
 
-# gcc specs files for annobin builds
-Source52: redhat-annobin-cc1
-
 # The macros defined by these files are for things that need to be defined
 # at srpm creation time when it is not feasible to require the base packages
 # that would otherwise be providing the macros. other language/arch specific
@@ -38,19 +36,8 @@ Source105: macros.valgrind-srpm
 Source150: macros.dwz
 Source151: macros.kmp
 Source152: macros.vpath
-Source153: macros.forge
-Source154: macros.ldconfig
-Source155: macros.fedora-misc
-
-# Build policy scripts
-# this comes from https://github.com/rpm-software-management/rpm/pull/344
-# added a python -> python2 conversion for fedora with warning
-# and an echo when the mangling happens
-Source201: brp-mangle-shebangs
-
-# this comes from rpm itself
-# however, now we can do Fedora changes within
-Source202: brp-python-bytecompile
+Source153: macros.ldconfig
+Source154: macros.forge
 
 # Dependency generator scripts (deprecated)
 Source300: find-provides
@@ -65,7 +52,6 @@ Source400: dist.sh
 Source401: rpmsort
 Source402: symset-table
 Source403: kmodtool
-Source404: gpgverify
 
 # 2016-10-02 snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
 Source500: config.guess
@@ -76,51 +62,24 @@ Source600: kmod.attr
 Source601: kmod.prov
 Source602: libsymlink.attr
 
-# BRPs
-Source700: brp-ldconfig
-Source701: brp-strip-lto
-
-# Convenience lua functions
-Source800: common.lua
-Source801: forge.lua
-
-# Documentation
-Source900: buildflags.md
-
 BuildArch: noarch
 BuildRequires: perl-generators
 Requires: coreutils
 
-Requires: efi-srpm-macros
-Requires: fonts-srpm-macros
+Requires: cmake-rpm-macros
+Requires: fedora-rpm-macros
 Requires: fpc-srpm-macros
 Requires: ghc-srpm-macros
 Requires: gnat-srpm-macros
 Requires: go-srpm-macros
-Requires: nim-srpm-macros
 Requires: ocaml-srpm-macros
-Requires: openblas-srpm-macros
 Requires: perl-srpm-macros
-# ↓ Provides compileall2 Python module
-Requires: python-srpm-macros >= 3-46
-Requires: rust-srpm-macros
+Requires: python-srpm-macros
 Requires: qt5-srpm-macros
 
 Requires: rpm >= 4.11.0
 Requires: dwz >= 0.4
 Requires: zip
-Requires: (annobin if gcc)
-
-# for brp-mangle-shebangs
-Requires: %{_bindir}/find
-Requires: %{_bindir}/file
-Requires: %{_bindir}/grep
-Requires: %{_bindir}/sed
-Requires: %{_bindir}/xargs
-
-# -fstack-clash-protection and -fcf-protection require GCC 8.
-Conflicts: gcc < 8.0.1-0.22
-
 Provides: system-rpm-config = %{version}-%{release}
 
 %global rrcdir /usr/lib/rpm/redhat
@@ -129,7 +88,7 @@ Provides: system-rpm-config = %{version}-%{release}
 Red Hat specific rpm configuration files.
 
 %package -n kernel-rpm-macros
-Summary: Macros and scripts for building kernel module packages
+Summary: Macros and scripts for building kernel module packages.
 Requires: redhat-rpm-config >= 13
 
 %description -n kernel-rpm-macros
@@ -145,18 +104,13 @@ cp -p %{sources} .
 mkdir -p %{buildroot}%{rrcdir}
 install -p -m 644 -t %{buildroot}%{rrcdir} macros rpmrc
 install -p -m 444 -t %{buildroot}%{rrcdir} redhat-hardened-*
-install -p -m 444 -t %{buildroot}%{rrcdir} redhat-annobin-*
 install -p -m 755 -t %{buildroot}%{rrcdir} config.*
 install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh rpmsort symset-table kmodtool
-install -p -m 755 -t %{buildroot}%{rrcdir} gpgverify
-install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
 
 install -p -m 755 -t %{buildroot}%{rrcdir} find-*
 mkdir -p %{buildroot}%{rrcdir}/find-provides.d
 install -p -m 644 -t %{buildroot}%{rrcdir}/find-provides.d firmware.prov modalias.prov
 
-install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
-
 mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d
 install -p -m 644 -t %{buildroot}%{_rpmconfigdir}/macros.d macros.*
 
@@ -164,23 +118,15 @@ mkdir -p %{buildroot}%{_fileattrsdir}
 install -p -m 644 -t %{buildroot}%{_fileattrsdir} *.attr
 install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov
 
-mkdir -p %{buildroot}%{_rpmluadir}/fedora/{rpm,srpm}
-install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
-install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora/srpm forge.lua
-
 %files
 %dir %{rrcdir}
 %{rrcdir}/macros
 %{rrcdir}/rpmrc
-%{rrcdir}/brp-*
 %{rrcdir}/dist.sh
-%{rrcdir}/gpgverify
 %{rrcdir}/redhat-hardened-*
-%{rrcdir}/redhat-annobin-*
 %{rrcdir}/config.*
 %{rrcdir}/find-provides
 %{rrcdir}/find-requires
-%{rrcdir}/brp-ldconfig
 %{_fileattrsdir}/*.attr
 %{_rpmconfigdir}/kmod.prov
 %{_rpmconfigdir}/macros.d/macros.*-srpm
@@ -188,14 +134,6 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora/srpm forge.lua
 %{_rpmconfigdir}/macros.d/macros.forge
 %{_rpmconfigdir}/macros.d/macros.ldconfig
 %{_rpmconfigdir}/macros.d/macros.vpath
-%{_rpmconfigdir}/macros.d/macros.fedora-misc
-%dir %{_rpmluadir}/fedora
-%dir %{_rpmluadir}/fedora/srpm
-%dir %{_rpmluadir}/fedora/rpm
-%{_rpmluadir}/fedora/*.lua
-%{_rpmluadir}/fedora/srpm/*lua
-
-%doc buildflags.md
 
 %files -n kernel-rpm-macros
 %dir %{rrcdir}/find-provides.d
@@ -209,303 +147,19 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora/srpm forge.lua
 %{_rpmconfigdir}/macros.d/macros.kmp
 
 %changelog
-* Thu Feb 20 2020 Jason L Tibbitts III <tibbs@math.uh.edu> - 153-1
-- Add dependency on fonts-srpm-macros, as those have now been approved by FPC.
-
-* Thu Feb 20 2020 Jeff Law <law@redhat.com> - 152-1
-- Use eu-elfclassify to only run strip on ELF relocatables
-  and archive libraries.
-
-* Fri Feb 14 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 151-1
-- Fixup parallel algorithm for brp-strip-lto
-
-* Fri Feb 14 2020 Jeff Law <law@redhat.com> - 150-1
-- Strip LTO sections/symbols from installed .o/.a files
-
-* Thu Jan 23 2020 Jeff Law <law@redhat.com> - 149-1
-- Allow conditionally adding -fcommon to CFLAGS by defining %%_legacy_common_support
-
-* Mon Jan 20 2020 Florian Weimer <fweimer@redhat.com> - 148-1
-- Reenable annobin after GCC 10 integration (#1792892)
-
-* Mon Jan 20 2020 Florian Weimer <fweimer@redhat.com> - 147-1
-- Temporarily disable annobin for GCC 10 (#1792892)
-
-* Thu Dec 05 2019 Denys Vlasenko <dvlasenk@redhat.com> - 146-1
-- kmod.prov: fix and speed it up
-
-* Tue Dec 03 15:48:18 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 145-1
-- %%set_build_flags: define LT_SYS_LIBRARY_PATH
-
-* Thu Nov 21 2019 Denys Vlasenko <dvlasenk@redhat.com> - 144-1
-- Speed up brp-mangle-shebangs.
-
-* Tue Nov 05 2019 Lumír Balhar <lbalhar@redhat.com> - 143-1
-- Fix brp-python-bytecompile with the new features from compileall2
-- Resolves: rhbz#1595265
-
-* Fri Nov 01 2019 Miro Hrončok <mhroncok@redhat.com> - 142-1
-- Fix the simple API of %%gpgverify.
-
-* Thu Aug 22 2019 Jason L Tibbitts III <tibbs@math.uh.edu> - 141-2
-- Simplify the API of %%gpgverify.
-
-* Thu Jul 25 2019 Richard W.M. Jones <rjones@redhat.com> - 140-2
-- Bump version and rebuild.
-
-* Sat Jul 20 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 140-1
-- Fixup python-srpm-macros version
-
-* Wed Jul 17 2019 Lumír Balhar <lbalhar@redhat.com> - 139-1
-- Use compileall2 Python module for byte-compilation in brp-python-bytecompile
-
-* Tue Jul 09 2019 Miro Hrončok <mhroncok@redhat.com> - 138-1
-- Move brp-python-bytecompile from rpm, so we can easily adapt it
-
-* Mon Jul 08 2019 Nicolas Mailhot <nim@fedoraproject.org> - 137-1
-- listfiles: make it robust against all kinds of “interesting” inputs
-- wordwrap: make list indenting smarter, to produce something with enough
-  structure that it can be converted into AppStream metadata
-
-* Mon Jul 08 2019 Robert-André Mauchin <zebob.m@gmail.com> - 136-1
-- Revert "Fix expansion in listfiles_exclude/listfiles_include"
-
-* Mon Jul 08 2019 Nicolas Mailhot <nim@fedoraproject.org> - 135-1
-- Fix expansion in listfiles_exclude/listfiles_include
-
-* Mon Jul 01 2019 Florian Festi <ffesti@redhat.com> - 134-1
-- Switch binary payload compression to Zstandard level 19
-
-* Thu Jun 27 2019 Vít Ondruch <vondruch@redhat.com> - 133-2
-- Enable RPM to set SOURCE_DATE_EPOCH environment variable.
-
-* Tue Jun 25 08:13:50 CEST 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 133-1
-- Expand listfiles_exclude/listfiles_include
-
-* Tue Jun 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 132-1
-- Remove perl macro refugees
-
-* Mon Jun 10 2019 Panu Matilainen <pmatilai@redhat.com> - 131-1
-- Provide temporary shelter for rpm 4.15 perl macro refugees
-
-* Tue Jun 04 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 130-1
-- New macro for wrapping text — %%wordwrap
-- Smal fix for %%listfiles with no arguments
-
-* Thu May 30 2019 Björn Persson <Bjorn@Rombobjörn.se> - 129-1
-- Added gpgverify.
-
-* Tue Jan 15 2019 Panu Matilainen <pmatilai@redhat.com> - 128-1
-- Drop redundant _smp_mflag re-definition, use the one from rpm instead
-
-* Thu Dec 20 2018 Florian Weimer <fweimer@redhat.com> - 127-1
-- Build flags: Add support for extension builders (#1543394)
-
-* Mon Dec 17 2018 Panu Matilainen <pmatilai@redhat.com> - 126-1
-- Silence the annoying warning from ldconfig brp-script (#1540971)
-
-* Thu Nov 15 2018 Miro Hrončok <mhroncok@redhat.com> - 125-1
-- Make automagic Python bytecompilation optional
-  https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2
-
-* Thu Nov 08 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 124-1
-- forge: add more distprefix cleaning (bz1646724)
-
-* Mon Oct 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 123-1
-- Add -q option to %%forgesetup
-
-* Sat Oct 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 122-1
-- Allow multiple calls to forge macros
-
-* Thu Oct 11 2018 Jan Pazdziora <jpazdziora@redhat.com> - 121-1
-- Add %_swidtagdir for directory for SWID tag files describing the
-  installation.
-
-* Mon Sep 10 2018 Miro Hrončok <mhroncok@redhat.com> - 120-1
-- Make ambiguous python shebangs error
-  https://fedoraproject.org/wiki/Changes/Make_ambiguous_python_shebangs_error
-
-* Mon Aug 20 2018 Kalev Lember <klember@redhat.com> - 119-1
-- Add aarch64 to ldc arches
-
-* Wed Aug 15 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 118-1
-- Enable --as-needed by default
-
-* Mon Jul 16 2018 Miro Hrončok <mhroncok@redhat.com> - 117-1
-- Mangle /bin shebnags to /usr/bin ones (#1581757)
-
-* Tue Jul 10 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 116-1
-- Add option to add -Wl,--as-needed into LDFLAGS
-
-* Mon Jul 09 2018 Kalev Lember <klember@redhat.com> - 115-1
-- Disable non-functional ppc64 support for ldc packages
-
-* Tue Jun 26 2018 Panu Matilainen <pmatilai@redhat.com> - 114-1
-- Fix kernel ABI related strings (Peter Oros, #26)
-- Automatically trim changelog to two years (Zbigniew Jędrzejewski-Szmek, #22)
-- Cosmetics cleanups (Zbigniew Jędrzejewski-Szmek, #22)
-
-* Mon Jun 18 2018 Florian Weimer <fweimer@redhat.com> - 113-1
-- Build flags: Require SSE2 on i686 (#1592212)
-
-* Mon May 28 2018 Miro Hrončok <mhroncok@redhat.com> - 112-1
-- Add a possibility to opt-out form automagic Python bytecompilation
-  https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation
-
-* Wed May 02 2018 Peter Jones <pjones@redhat.com> - 111-1
-- brp-mangle-shebangs: add %%{__brp_mangle_shebangs_exclude_file} and
-  %%{__brp_mangle_shebangs_exclude_from_file} to allow you to specify files
-  containing the shebangs to be ignore and files to be ignored regexps,
-  respectively, so that they can be generated during the package build.
-
-* Wed May  2 2018 Florian Weimer <fweimer@redhat.com> - 110-1
-- Reflect -fasynchronous-unwind-tables GCC default on POWER (#1550914)
-
-* Wed May  2 2018 Florian Weimer <fweimer@redhat.com> - 109-1
-- Use plain -fcf-protection compiler flag, without -mcet (#1570823)
-
-* Tue May 01 2018 Peter Jones <pjones@redhat.com> - 108-1
-- Add Requires: efi-srpm-macros for %%{efi}
-
-* Fri Apr 20 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 107-1
+* Fri Apr 20 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 66-1
 - Add %%_metainfodir macro.
 - %%forgeautosetup tweak to fix patch application.
 
-* Mon Mar 05 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 106-1
-- Update forge macros.
+* Mon Mar 05 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 65-1
+- Add the forge macros.
 
-* Wed Feb 28 2018 Florian Weimer <fweimer@redhat.com> - 105-1
-- Make -fasynchronous-unwind-tables explicit on aarch64 (#1536431)
-
-* Wed Feb 28 2018 Florian Weimer <fweimer@redhat.com> - 104-1
-- Use -funwind-tables on POWER (#1536431, #1548847)
-
-* Sun Feb 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 103-1
-- Make %%ldconfig_post/%%ldconfig_postun parameterized
-
-* Sat Feb 24 2018 Florian Weimer <fweimer@redhat.com> - 102-1
-- Second step of -z now move: removal from GCC specs file (#1548397)
-
-* Sat Feb 24 2018 Florian Weimer <fweimer@redhat.com> - 101-1
-- First step of moving -z now to the gcc command line (#1548397)
-
-* Thu Feb 22 2018 Miro Hrončok <mhroncok@redhat.com> - 100-1
-- Don't mangle shebangs with whitespace only changes (#1546993)
-
-* Thu Feb 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 99-1
-- Move %%end to %%ldconfig_scriptlets
-
-* Sat Feb 17 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 98-1
-- Explicitly close scriptlets with %%end (ldconfig)
-
-* Wed Feb 14 2018 Miro Hrončok <mhroncok@redhat.com> - 97-1
-- Allow to opt-out from shebang mangling for specific paths/shebangs
-
-* Thu Feb 08 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 96-1
-- Simplify/Fix check for shebang starting with "/"
-
-* Wed Feb 07 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 95-1
-- Fix mangling env shebangs with absolute paths
-
-* Sun Feb  4 2018 Florian Weimer <fweimer@redhat.com> - 94-1
-- Add RPM macros for compiler/linker flags
-
-* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 93-1
-- Use newly available /usr/bin/grep
-
-* Wed Jan 31 2018 Peter Robinson <pbrobinson@fedoraproject.org> 92-1
-- Use generic tuning for ARMv7
-
-* Tue Jan 30 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 91-1
-- The grep package only provides /bin/grep, not /usr/bin/grep.
-
-* Mon Jan 29 2018 Miro Hrončok <mhroncok@redhat.com> - 90-1
-- Add brp-mangle-shebangs
-
-* Mon Jan 29 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 89-1
+* Mon Jan 29 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 64-1
 - Add macros.ldconfig
 
-* Mon Jan 29 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 88-1
-- Create DSO symlinks automatically
-
-* Mon Jan 29 2018 Florian Weimer <fweimer@redhat.com> - 87-1
-- Build flags: Disable -z defs again (#1535422)
-
-* Mon Jan 29 2018 Florian Weimer <fweimer@redhat.com> - 86-1
-- Build flags: Enable CET on i686, x86_64 (#1538725)
-
-* Thu Jan 25 2018 Florian Weimer <fweimer@redhat.com> - 85-1
-- Build flags: Switch to generic tuning on i686 (#1538693)
-
-* Mon Jan 22 2018 Florian Weimer <fweimer@redhat.com> - 84-1
-- Link with -z defs by default (#1535422)
-
-* Mon Jan 22 2018 Florian Weimer <fweimer@redhat.com> - 83-1
-- Make armhfp flags consistent with GCC defaults
-
-* Mon Jan 22 2018 Florian Weimer <fweimer@redhat.com> - 82-1
-- Make use of -fasynchronous-unwind-tables more explicit (#1536431)
-
-* Mon Jan 22 2018 Florian Weimer <fweimer@redhat.com> - 81-1
-- Remove --param=ssp-buffer-size=4
-
-* Mon Jan 22 2018 Florian Weimer <fweimer@redhat.com> - 80-1
-- Document build flags
-
-* Fri Jan 19 2018 Panu Matilainen <pmatilai@redhat.com> - 79-1
-- Document how to disable hardened and annotated build (#1211296)
-
-* Wed Jan 17 2018 Panu Matilainen <pmatilai@redhat.com> - 78-1
-- Fix the inevitable embarrassing typo in 77, doh
-
-* Wed Jan 17 2018 Panu Matilainen <pmatilai@redhat.com> - 77-1
-- Macroize build root policies for consistent disable/override ability
-
-* Wed Jan 17 2018 Florian Weimer <fweimer@redhat.com> - 76-1
-- Add -fstack-clash-protection for supported architectures (#1515865)
-
-* Wed Jan 17 2018 Florian Weimer <fweimer@redhat.com> - 75-1
-- Add _GLIBCXX_ASSERTIONS to CFLAGS/CXXFLAGS (#1515858)
-
-* Mon Jan 15 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 74-1
-- Remove Requires: cmake-rpm-macros
-
-* Thu Jan 11 2018 Jason L Tibbitts III <tibbs@math.uh.edu> - 73-1
-- Add macros.forge for simplifying packaging of forge-hosted packages.  See
-  https://fedoraproject.org/wiki/Forge-hosted_projects_packaging_automation and
-  https://bugzilla.redhat.com/show_bug.cgi?id=1523779
-
-* Wed Jan 03 2018 Sergey Avseyev <sergey.avseyev@gmail.com> - 72-1
-- Add Requires: nim-srpm-macros for %%nim_arches
-
-* Tue Jan 02 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 71-1
-- Require annobin only if gcc is installed
-
-* Thu Dec 21 2017 Björn Esser <besser82@fedoraproject.org> - 70-2
+* Thu Dec 21 2017 Björn Esser <besser82@fedoraproject.org> - 63-2
 - Add Requires: cmake-rpm-macros for CMake auto-{provides,requires} (#1498894)
 
-* Fri Dec 08 2017 Panu Matilainen <pmatilai@redhat.com> - 70-1
-- Update URL to current location at src.fedoraproject.org
-
-* Wed Nov 22 2017 Nick Clifton <nickc@redhat.com> - 69-1
-- Enable binary annotations in compiler flags
-
-* Thu Oct 26 2017 Troy Dawson <tdawson@redhat.com> - 68-1
-- Remove Requires: fedora-rpm-macros
-
-* Mon Jul 31 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 67-1
-- Define _include_gdb_index (RHBZ #1476722)
-- Move _debuginfo_subpackages and _debugsource_packages from rpm (RHBZ #1476735)
-
-* Tue Jul 18 2017 Florian Festi <ffesti@redhat.com> - 66-1
-- Honor %%kmodtool_generate_buildreqs (#1472201)
-
-* Thu Jul 13 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 65-1
-- Add Requires: rust-srpm-macros for %%rust_arches
-
-* Wed Mar 15 2017 Orion Poplawski <orion@cora.nwra.com> - 64-1
-- Add Requires: openblas-srpm-macros for %%openblas_arches
-
 * Thu Feb 02 2017 Dan Horák <dan[at]danny.cz> - 63-1
 - set zEC12 as minimum architecture level for s390(x) (#1404991)
 

rpmrc

@@ -1,12 +1,12 @@
 include: /usr/lib/rpm/rpmrc
 
-optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
-optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
-optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
-optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
-optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
+optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables
+optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables
+optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables
+optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -fasynchronous-unwind-tables
+optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables
 optflags: ia64 %{__global_compiler_flags}
-optflags: x86_64 %{__global_compiler_flags} -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
+optflags: x86_64 %{__global_compiler_flags} -m64 -mtune=generic
 
 optflags: alpha %{__global_compiler_flags} -mieee
 optflags: alphaev5 %{__global_compiler_flags} -mieee -mcpu=ev5
@@ -24,12 +24,12 @@ optflags: sparc64v %{__global_compiler_flags} -m64 -mcpu=niagara
 
 optflags: m68k %{__global_compiler_flags}
 
-optflags: ppc %{__global_compiler_flags} -m32 -fasynchronous-unwind-tables
+optflags: ppc %{__global_compiler_flags} -m32
 optflags: ppciseries %{__global_compiler_flags} -m32
 optflags: ppcpseries %{__global_compiler_flags} -m32
-optflags: ppc64 %{__global_compiler_flags} -m64 -fasynchronous-unwind-tables -fstack-clash-protection
-optflags: ppc64p7 %{__global_compiler_flags} -m64 -O3 -mcpu=power7 -mtune=power7 -fasynchronous-unwind-tables -fstack-clash-protection
-optflags: ppc64le %{__global_compiler_flags} -m64 -mcpu=power8 -mtune=power8 -fasynchronous-unwind-tables -fstack-clash-protection
+optflags: ppc64 %{__global_compiler_flags} -m64
+optflags: ppc64p7 %{__global_compiler_flags} -m64 -O3 -mcpu=power7 -mtune=power7
+optflags: ppc64le %{__global_compiler_flags} -m64 -mcpu=power8 -mtune=power8
 optflags: ppc64iseries %{__global_compiler_flags} -m64
 optflags: ppc64pseries %{__global_compiler_flags} -m64
 optflags: ppc8260 %{__global_compiler_flags} -m32
@@ -60,7 +60,7 @@ optflags: armv6l %{__global_compiler_flags} -march=armv6 -mfloat-abi=soft
 optflags: armv6hl %{__global_compiler_flags} -march=armv6 -mfpu=vfp -mfloat-abi=hard
 optflags: armv6hnl %{__global_compiler_flags} -march=armv6 -mfpu=neon -mfloat-abi=hard
 optflags: armv7l %{__global_compiler_flags} -march=armv7-a -mfloat-abi=soft
-optflags: armv7hl %{__global_compiler_flags} -march=armv7-a -mfpu=vfpv3-d16 -mtune=generic-armv7-a -mabi=aapcs-linux -mfloat-abi=hard
+optflags: armv7hl %{__global_compiler_flags} -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard
 optflags: armv7hnl %{__global_compiler_flags} -march=armv7-a -mfpu=neon  -mfloat-abi=hard
 
 optflags: atarist %{__global_compiler_flags}
@@ -71,12 +71,12 @@ optflags: atariclone %{__global_compiler_flags}
 optflags: milan %{__global_compiler_flags}
 optflags: hades %{__global_compiler_flags}
 
-optflags: s390 %{__global_compiler_flags} -m31 -march=zEC12 -mtune=z13 -fasynchronous-unwind-tables
-optflags: s390x %{__global_compiler_flags} -m64 -march=zEC12 -mtune=z13 -fasynchronous-unwind-tables -fstack-clash-protection
+optflags: s390 %{__global_compiler_flags} -m31 -march=zEC12 -mtune=z13
+optflags: s390x %{__global_compiler_flags} -m64 -march=zEC12 -mtune=z13
 
-optflags: aarch64 %{__global_compiler_flags} -fasynchronous-unwind-tables -fstack-clash-protection
+optflags: aarch64 %{__global_compiler_flags}
 
-optflags: riscv64 %{__global_compiler_flags} -fasynchronous-unwind-tables -fstack-clash-protection
+optflags: riscv64 %{__global_compiler_flags}
 
 # set build arch to fedora buildarches on hardware capable of running it
 # saves having to do rpmbuild --target=