Commit Graph

2100 Commits

Author SHA1 Message Date
Gleb Fotengauer-Malinovskiy
62acbd59d6 macro.c: increase maximal macro depth 2018-05-24 16:19:11 +03:00
Ivan Zakharyaschev
ea7ca90347 verify-elf(get_verify_policy): fix whitespace 2018-05-23 17:02:10 +03:00
Ivan Zakharyaschev
5b30923d48 (.spec) install -m0755 is the correct use not to inherit other mode bits
(Also a tiny tweak: install -T is safer because the destination could
be an existing directory.)
2018-05-23 17:02:10 +03:00
Ivan Zakharyaschev
4347c5f9d0 turn on running %%__find_{conflicts,obsoletes} if they are defined 2018-05-23 17:00:54 +03:00
Ivan Zakharyaschev
c8d9060245 shell.req.files: include #!/usr/bin/env sh 2018-05-23 17:00:54 +03:00
Ivan Zakharyaschev
67ec541700 verify_rpath(): distinguish grep's failure and a normal valid case
Previously (according to the exit statuses):

0. if something strange was found in $rpath, an error was reported;
1. if nothing strange was found, no error was reported;
2. if grep failed, it looked like the previous case and no error was
reported (as if $rpath was valid).

Now, the pipe (and the whole script) would abort on grep's failure.
2018-05-23 17:00:54 +03:00
Ivan Zakharyaschev
b491c783f6 verify_stack(): distinguish failures and a normal status of grep
Now, if something fails, the pipe (and the function, and the whole
script) will fail.

If the exit codes are normal, they are handled according to our logic.

Previously, a failure (which is an exceptional rare case) would lead to:

1. skipping the further exe_stack check and error_strict STACK "$f" 'STACK entry not found'
2. silently skipping the exe_stack check (which was impossible anyway because of the failure)
2018-05-23 17:00:54 +03:00
Ivan Zakharyaschev
cdefa4ab34 verify-elf(verify_unresolved): correctly treat grep's status, allow standalone use
The pipe (and the function, and the whole script) would fail when the
resulting constructed rpath was empty. But usually at least
$RPM_VERIFY_ELF_LDD_RPATH is not empty, so the bad behavior has not
been observed.

However, when verify-elf is used standalone, $RPM_VERIFY_ELF_LDD_RPATH
is empty indeed, and this improvement becomes important.

Before this improvement:

$ RPM_BUILD_ROOT=/home /usr/lib/rpm/verify-elf /bin/pwd; echo $?
1

After this improvement:

$ VERIFY_ELF_UNRESOLVED=strict RPM_BUILD_ROOT=/home /usr/lib/rpm/verify-elf /bin/pwd; echo $?
0
$ VERIFY_ELF_UNRESOLVED=strict RPM_BUILD_ROOT=/home /usr/lib/rpm/verify-elf /usr/lib64/python3/site-packages/_cffi_backend.cpython-35m.so; echo $?
verify-elf: ERROR: /usr/lib64/python3/site-packages/_cffi_backend.cpython-35m.so: undefined symbol: PyExc_SystemError
....
1
2018-05-23 17:00:54 +03:00
e687e8df8d 4.0.4-alt111
- ldd: changed to try interpreters listed in /usr/bin/ldd.
- platform: changed %__nprocs to use nproc(1) instead of /proc/stat.
2018-05-22 00:09:29 +00:00
0fa98ef233 platform.in: change %__nprocs definition to use nproc(1) instead of /proc/stat
nproc(1) based approach has two advantages over /proc/stat based
calculations.  Firstly, nproc(1) uses sched_getaffinity(2) and therefore
is not affected by /proc availability.  Secondly, nproc(1) outputs
the number of processors actually available which may be less than
the number of online processors.

nproc(1) was introduced in coreutils-8.1.
2018-05-22 00:09:29 +00:00
30d9979184 ldd.in: try interpreters listed in /usr/bin/ldd
When the given ELF file doesn't specify PT_INTERP, e.g. if it's a shared
library, we have to guess it.  We used to try the program interpreter
of dump_ld_config, but it doesn't work well enough in multilib
environments, so extend the guess by trying interpreters listed
in RTLDLIST from /usr/bin/ldd script.
2018-05-15 17:26:10 +00:00
Ivan Zakharyaschev
e8c7bc4453 find-package.in: group the pruned packages nicer in the list 2018-05-15 17:26:10 +00:00
6d004bec60 4.0.4-alt110
- Added support for RPM_STRICT_INTERDEPS environment variable.
2018-04-26 01:55:36 +03:00
f4d876f935 build/interdep.c: add upgradeInterdep function
If RPM_STRICT_INTERDEPS environment variable is set and not empty, this
function replaces every strict requirement on NEVR with
".${RPM_STRICT_INTERDEPS}-NEVR", and adds to every package which
provides NEVR ".${RPM_STRICT_INTERDEPS}-NEVR" provide if some other
package requires this ".${RPM_STRICT_INTERDEPS}-NEVR".

This is needed to able to build a source package to different repo
branches with the same NEVR, and to rebuild the source package as well
with same NEVR within one branch and avoid interdep collisions.
2018-04-18 22:51:40 +03:00
Andrew Savchenko
6ea70e0bdd
4.0.4-alt109
- Add e2k arch and subarches:
  - Modify installplatform for e2k.
  - Add e2k arch, subarches and all macros for them.
- Tag changes (by vseleznev):
  - Add RPMTAG_IDENTITY, RPMTAG_AUTOINSTALLED.
  - respect device ID when remap inodes.
2018-03-27 20:41:56 +03:00
e3dc95bf3a
Add RPMTAG_IDENTITY
This tag represents binary package build characteristic: if two binary
packages have equal RPMTAG_IDENTITY values, it means that these packages
have no significant differences.

One of the applications of RPMTAG_IDENTITY is reproducible build
verification.

Signed-off-by: Vladimir D. Seleznev <vseleznv@altlinux.org>
2018-03-27 20:37:32 +03:00
037fdfe204
Add RPMTAG_AUTOINSTALLED
This tag is needed to track automatically installed packages with
rpmdb.  Zero value means that a package was installed manually, other
values mean that the package was installed automatically as some else
package dependency.

Signed-off-by: Vladimir D. Seleznev <vseleznv@altlinux.org>
2018-03-27 20:37:32 +03:00
7161802b38
respect device ID when remap inodes
The inode collision probably would never have happened (especially in
chroot environment), but this make the code more correct.
2018-03-27 20:37:22 +03:00
Andrew Savchenko
24867100ca
Modify installplatform for e2k.
Signed-off-by: Andrew Savchenko <bircoph@altlinux.org>
2018-03-26 20:52:52 +03:00
Andrew Savchenko
b711c76819
Add e2k arch, subarches and all macros for them.
Signed-off-by: Andrew Savchenko <bircoph@altlinux.org>
2018-03-26 20:39:57 +03:00
9a33fb0619 4.0.4-alt108
- platform.in:
  + %_smp_mflags: changed to use %__nprocs;
  + added -O option to MAKEFLAGS.
- installplatform, rpmrc.in: made armv8l compatible with armh (by Sergey Bolshakov).
2018-01-17 21:55:12 +00:00
7b57257398 platform.in: add -O option to MAKEFLAGS 2018-01-17 21:53:02 +00:00
Sergey Bolshakov
c18f1b7d19 installplatform, rpmrc.in: made armv8l compatible with armh 2018-01-17 21:48:55 +00:00
d625d26666 platform.in (%_smp_mflags): change to use %__nprocs
glibc-2.26~154 changed behaviour of "getconf _NPROCESSORS_ONLN":
it now returns 2 instead of 1 when /proc is not mounted.

Change %_smp_mflags to use %__nprocs that is set to 1 when /proc
is not available.
2018-01-17 21:48:55 +00:00
87cf7e7cf0 4.0.4-alt107
- compare_deps: fixed a bug in handling epochs.
- platform.in:
  + %optflags_core: added -frecord-gcc-switches (see: #34162);
  + %make_build: implemented as a simple command (closes: #34237).
- genCpioListAndHeader: implemented remapping of device and inode numbers
  (by Vladimir D. Seleznev and me; closes: #34398).
2018-01-07 00:30:31 +00:00
d6fec7f8ea genCpioListAndHeader: remap device and inode numbers (ALT#34398)
Inspired by rpm.org commits rpm-4.10.0-beta1~80 and rpm-4.10.0-beta1~67.

Co-Authored-by: Dmitry V. Levin <ldv@altlinux.org>
2018-01-05 23:20:22 +00:00
a555b44bb5 compare_deps: fix a bug in handling epochs
Fixes: 4.0.4-alt100.63~1
2018-01-05 23:20:22 +00:00
153086afe1 platform.in (%optflags_core): add -frecord-gcc-switches (ALT#34162)
gcc -frecord-gcc-switches adds .GCC.command.line section to each
generated ELF file.  These sections have the same type (PROGBITS) and
flags (MERGE, STRINGS) as .comment sections.  Like .comment sections,
.GCC.command.line sections are moved to .debug files by debugedit.
2017-12-12 00:33:57 +00:00
117c7f9a6a platform.in (%make_build): implement as a simple command (ALT#34237)
New implementation allows to invoke %make_build with a variable
assignments, e.g. LD_LIBRARY_PATH=.libs %make_build check.

A side effect of old %make_build was initialization of NPROCS
environment variable.  New %make_build no longer initializes NPROCS,
but, according to specfile scan made by Igor Vlasenko, packages
in Sisyphus do not rely on NPROCS being initialized by %make_build.
2017-12-12 00:33:57 +00:00
39db987aa6 4.0.4-alt106
- Added support for SOURCE_DATE_EPOCH environment variable
  (by Vladimir D. Seleznev; closes: #34200).
- Dropped bzdio support.
2017-11-20 01:42:20 +00:00
96a5445b98 Drop bzdio support
There is no use in supporting bzip2 compressed payloads in rpmbuild nowadays.
2017-11-20 01:42:20 +00:00
55b07cb0ff Add support for SOURCE_DATE_EPOCH environment variable (ALT#34200)
This allows rpmbuild to override file timestamps.

Based on rpm.org commit 8d84878ee05b2e63858af3a5a49d98e9e2933b1b.
2017-11-15 15:29:28 +00:00
36debebed4 4.0.4-alt105
- brp-check_contents: enabled strict error checking by default.
2017-10-26 14:23:23 +00:00
2c2a5545e5 brp-check_contents: do not suppress normal grep output
The concerns of grep output were baseless, let grep print lines
matching the pattern.
2017-10-26 14:23:23 +00:00
232c7538e1 brp-check_contents: enable strict error checking
As the test rebuild of all packages in Sisyphus repository has shown
no false positives, it's safe to enable strict error checking.
2017-10-26 14:19:58 +00:00
877b43c83e 4.0.4-alt104
- Introduced brp-check_contents.
2017-10-25 03:16:59 +00:00
7a81369647 Introduce brp-check_contents
Add a brp interface for checking contents of files in buildroot.
The initial revision of brp-check_contents scripts checks
for suspicious path names like /var/lib/run, complementing
the change introduced in sisyphus_check-0.8.43-alt1.
2017-10-25 03:16:59 +00:00
baee9cdb9c 4.0.4-alt103
- When scanning files for deps, debuginfo, fixup, and verify_elf,
  ignore ELF files generated by GNU Guile.
2017-04-18 16:50:48 +00:00
696f192aea scripts: ignore ELF shared objects with "no" machine type
When scanning files for deps, debuginfo, fixup, and verify_elf,
ignore files with type that matches "ELF * shared object, no machine, *"
pattern.

These are ELF files generated by GNU Guile, ignore them for now.
2017-04-18 16:42:41 +00:00
8331557f70 4.0.4-alt102
- verify-elf: fixed passing of LD_PRELOAD in verify_unresolved.
2017-01-14 13:42:53 +00:00
a95f23ef1a verify-elf: fix passing of LD_PRELOAD in verify_unresolved
In verify_unresolved(), do not preload requested objects to $elf_ldd
directly because the latter is not an ELF interpreter but a shell
script.  Instead, pass the list of objects that have to be preloaded
to $elf_ldd script which in turn assigns it to LD_PRELOAD variable
in the ELF interpreter invocation.
2017-01-14 13:42:53 +00:00
e8c780c2b0 Disable build and install of unpackaged files
These are no longer packaged anyway, so no need to bother.
2017-01-14 13:42:53 +00:00
e0e8952034 Disable build of static libraries and executables
These are no longer packaged anyway, so no need to bother.
2017-01-14 13:42:53 +00:00
4ab56b3647 rpmio: fix potential buffer overflow in Fdopen
In file included from /usr/include/string.h:648:0,
                 from ../system.h:76,
                 from rpmio.c:6:
In function 'strncat',
    inlined from 'Fdopen' at rpmio.c:3473:5:
/usr/include/bits/string3.h:158:10: warning: call to __builtin___strncat_chk might overflow destination buffer
   return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
2017-01-14 13:42:53 +00:00
Gleb Fotengauer-Malinovskiy
509272d41b 4.0.4-alt101
- verify-elf: made verify_lfs check shared objects too.
- Relaxed check for gcc package name in {cpp,pkgconfiglib}.req generators.
- rpm-build: add R: rpmspec.
2016-12-20 20:29:45 +03:00
Gleb Fotengauer-Malinovskiy
6409cf5038 Relax check for gcc package name in {cpp,pkgconfiglib}.req generators 2016-12-20 17:49:07 +03:00
Gleb Fotengauer-Malinovskiy
cec71f3fbf verify-elf: make verify_lfs check libraries too
Previously, verify_lfs checked if object has valid interpreter, but it
doesn't make sense in case of shared objects.  verify_lfs check is valid
for all ELFs linked with libraries supporting both LFS and non-LFS API
(libc.so and libz.so in our case).
2016-12-20 15:31:10 +03:00
Gleb Fotengauer-Malinovskiy
c90b86d89b 4.0.4-alt100.99
- Fixed non-LFS check in verify-elf.
- Dropped fake provides made for rpm 4.13.0 bootstrap.
2016-12-19 17:07:39 +03:00
Gleb Fotengauer-Malinovskiy
ccc38e9d0a Revert "Add fake provides for librpm{,build}"
Bootstrap of rpm-4.13.0 is now complete, we can drop this fake provides.

This reverts commit 477fe329f3.
2016-12-19 17:03:57 +03:00
Gleb Fotengauer-Malinovskiy
0270311591 Fix generation of verify-elf-non-lfs-funcs.list
If there were both `func' and `func'64, `func' was considered non-LFS.
Unfortunately, that approach missed functions like fts64_* and
readdir64_r.
2016-12-19 16:55:34 +03:00