automatic import of openEuler-rpm-config

6 files changed, 110 insertions, 5 deletions

diff --git a/kabi.attr b/kabi.attr
new file mode 100644
index 0000000..5500b17
--- /dev/null
+++ b/kabi.attr
@@ -0,0 +1,2 @@
+%__kabi_provides	%{_rpmconfigdir}/kabi.sh
+%__kabi_path            ^(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.(gz|xz)$
diff --git a/kabi.sh b/kabi.sh
new file mode 100644
index 0000000..dd49b8b
--- /dev/null
+++ b/kabi.sh
@@ -0,0 +1,22 @@
+#!/bin/bash +x
+#
+# kabi.sh - Automatically extract any kernel symbol checksum from the
+#           symvers file and add to RPM deps.  This is used to move the
+#           checksum checking from modprobe to rpm install for 3rd party
+#           modules (so they can fail during install and not at load).
+
+IFS=$'\n'
+
+for symvers in $(grep -E '(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.(gz|xz)') "$@";
+do
+	cat_prog="cat"
+	case "$symvers" in
+	*.gz) cat_prog="zcat" ;;
+	*.xz) cat_prog="xzcat" ;;
+	esac
+
+	# We generate dependencies only for symbols exported by vmlinux itself
+	# and not for kmods here as they are spread across subpackages,
+	# so Provides: generation for kmods is handled by find-provides.ksyms.
+	"$cat_prog" "$symvers" | awk '/[^	]*	[^	]*	vmlinux	.*/ { print "kernel(" $2 ") = " $1 }'
+done
diff --git a/kmod.attr b/kmod.attr
new file mode 100644
index 0000000..8c57d0b
--- /dev/null
+++ b/kmod.attr
@@ -0,0 +1,54 @@
+%__kmod_path           ^/lib/modules/.*/(modules.builtin|.*\.ko|.*\.ko\.gz|.*\.ko\.bz2|.*\.ko\.xz|.*\.ko\.zst)$
+
+# Notes on Lua:
+# The backslash in strings (like "\n" newline) needs to be doubled
+# because we are inside rpm macro. Single backslashes before most chars
+# disappear (removed by rpm's parser), so "\n" turns into just "n".
+# In string.gsub patterns, unlike regexps, backslash has no special meaning.
+# It can't escape . and such. (Use one-character set [.] to represent
+# literal period, or lua's percent escape: %.)
+# Pipe (|) has no special meaning too.
+
+%__kmod_provides() %{lua:
+  function basename(fn)
+      local b = string.gsub(fn, ".*/", "")
+      -- the above adjusts gsub() result to 1 value
+      -- "return f()" construct would return _all_ values, two in case of gsub()
+      return b
+  end
+  function strip_compress_sfx(fn)
+      local cnt
+      fn, cnt = string.gsub(fn, "%.gz$", "")
+      if cnt == 1 then return fn; end
+      fn, cnt = string.gsub(fn, "%.bz2$", "")
+      if cnt == 1 then return fn; end
+      fn, cnt = string.gsub(fn, "%.xz$", "")
+      if cnt == 1 then return fn; end
+      fn, cnt = string.gsub(fn, "%.zst$", "")
+      return fn
+  end
+  function printdep(mod)
+      print("kmod("..mod..") ")
+  end
+  local fn = rpm.expand("%1")
+  local bn = basename(fn)
+  if bn == "modules.builtin" then
+      for l in io.lines(fn) do
+          local builtin_mod = basename(l)
+          printdep(builtin_mod)
+          local nocompr = strip_compress_sfx(builtin_mod)
+          if nocompr ~= builtin_mod then
+              printdep(nocompr)
+          end
+      end
+  else
+      local mod = string.match(bn, "%g+%.ko")
+      if mod then
+          printdep(mod)
+          local nocompr = strip_compress_sfx(mod)
+          if nocompr ~= mod then
+              printdep(nocompr)
+          end
+      end
+  end
+}
diff --git a/macros b/macros
index 47926b5..7e393a4 100644
--- a/macros
+++ b/macros
@@ -362,9 +362,18 @@ for k,_ in pairs(stripped_flags) do print(k .. " ") end
 %_clang_lto_cflags	-flto=thin
 %_lto_cflags		%{expand:%%{_%{toolchain}_lto_cflags}}
 
+# Default fortification level.
+#   "%define _fortify_level 1" to downgrade and
+#   "%define _fortify_level 0" or "%undefine _fortify_level" to disable
+#
+# We use a single -Wp here to enforce order so that ccache does not ever
+# reorder them.
+%_fortify_level		2
+%_fortify_level_flags	%[ 0%{?_fortify_level} > 0 ? "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=%{_fortify_level}" : "" ]
+
 %_general_options         -O2 %{?_lto_cflags} -g -grecord-gcc-switches -pipe -fstack-protector-strong %[ "%{toolchain}" == "clang" ? "-fgcc-compatible" : "" ]
 %_warning_options         -Wall -Werror=format-security
-%_preprocessor_defines    -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
+%_preprocessor_defines    %{_fortify_level_flags} -Wp,-D_GLIBCXX_ASSERTIONS
 
 %__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags}
 
diff --git a/macros.perl b/macros.perl
index 9c1fd0c..1e45bcb 100644
--- a/macros.perl
+++ b/macros.perl
@@ -31,7 +31,7 @@ export PERL_MM_USE_DEFAULT=1
 %perl_default_filter_revision 3
 
 # By default, for perl packages we want to filter all files in _docdir from 
-# req/prov scanning.
+# req/prov scanning, except META.json/yml for scanning requirements.
 # Filtering out any provides caused by private libs in vendorarch/archlib
 # (vendor/core) is done by rpmbuild since Fedora 20
 # <https://fedorahosted.org/fpc/ticket/353>.
@@ -40,8 +40,9 @@ export PERL_MM_USE_DEFAULT=1
 # "%{?perl_default_filter}", before any %description block.
 
 %perl_default_filter %{expand: \
+%global __global_requires_exclude_from %{nil}
 %global __provides_exclude_from %{?__provides_exclude_from:%__provides_exclude_from|}^%{_docdir}
-%global __requires_exclude_from %{?__requires_exclude_from:%__requires_exclude_from|}^%{_docdir}
+%global __requires_exclude_from %{?__requires_exclude_from:%__requires_exclude_from|}^%{_docdir}/.*\\\\(?=META.json|\\\\(MY|\\\\)META.yml\\\\)$
 %global __provides_exclude %{?__provides_exclude:%__provides_exclude|}^perl\\\\(VMS|^perl\\\\(Win32|^perl\\\\(DB\\\\)|^perl\\\\(UNIVERSAL\\\\)
 %global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\\\(VMS|^perl\\\\(Win32
 }
diff --git a/openEuler-rpm-config.spec b/openEuler-rpm-config.spec
index a36338f..c0ad452 100644
--- a/openEuler-rpm-config.spec
+++ b/openEuler-rpm-config.spec
@@ -3,8 +3,8 @@
 
 Name:		%{vendor}-rpm-config
 Version:	31
-Release:	12
-License:	GPL+
+Release:	15
+License:	GPL+ AND MIT
 Summary:	specific rpm configuration files
 URL:		https://gitee.com/src-openeuler/openEuler-rpm-config
 Buildarch:	noarch
@@ -38,6 +38,10 @@ Source201: infopages.attr
 Source202: manpages.attr
 Source203: nbdkit.attr
 Source204: find-provides.nbdkit
+# Source 205-207 from fedora, licenced under MIT
+Source205: kabi.attr
+Source206: kabi.sh
+Source207: kmod.attr
 
 # Misc helper scripts
 Source300: kmodtool
@@ -149,6 +153,7 @@ install -p -m 755 -t %{buildroot}%{rpmvdir} config.*
 install -p -m 755 -t %{buildroot}%{_rpmconfigdir} brp-*
 install -p -m 644 -t %{buildroot}%{_rpmconfigdir} generic-*
 install -p -m 755 -t %{buildroot}%{_rpmconfigdir} fix-libtool-from-moving-options-after-libs
+install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kabi.sh
 install -p -m 755 -t %{buildroot}%{rpmvdir} kmodtool
 install -p -m 755 -t %{buildroot}%{rpmvdir} find-requires*
 install -p -m 755 -t %{buildroot}%{rpmvdir} find-provides*
@@ -184,8 +189,20 @@ sed -i "s/@VENDOR@/%{vendor}/g" `grep "@VENDOR@" -rl %{buildroot}%{_rpmconfigdir
 %{_rpmconfigdir}/macros.d/macros.kmp
 %{rpmvdir}/find-requires
 %{rpmvdir}/find-requires.ksyms
+%{_rpmconfigdir}/kabi.sh
+%{_fileattrsdir}/kabi.attr
+%{_fileattrsdir}/kmod.attr
 
 %changelog
+* Fri Jan 31 2025 Funda Wang <fundawang@yeah.net> - 31-15
+- add kabi, kmod dependency generators from fedora
+
+* Tue Jan 28 2025 Funda Wang <fundawang@yeah.net> - 31-14
+- whitelist META.json/yml for scanning perl dependencies
+
+* Fri Jan 17 2025 Funda Wang <fundawang@yeah.net> - 31-13
+- split out fortify level definition for supporting build with FORTIFY_SOURCE=3 in the future
+
 * Wed Jan 15 2025 luhuaxin <luhuaxin1@huawei.com> - 31-12
 - ima: keep the process of OBS signing same as previous version