Line 65: | Line 65: | ||
These environment variables are set to the compiler flags defined in the system RPM configuration. This macro is currently implicitly called when packages use some of the build system helper macros, like %configure, %cmake, and %meson. However, not all packages use these macros and so some packages do not use the correct compiler flags as required by the Fedora packaging guidelines[1]. | These environment variables are set to the compiler flags defined in the system RPM configuration. This macro is currently implicitly called when packages use some of the build system helper macros, like %configure, %cmake, and %meson. However, not all packages use these macros and so some packages do not use the correct compiler flags as required by the Fedora packaging guidelines[1]. | ||
This change will be implemented by updating the %__spec_build_pre, %__speck_check_pre, and __spec_install_pre macros in redhat-rpm-config to include %set_build_flags. This will set these environment variables automatically before the %build and % | This change will be implemented by updating the %__spec_build_pre, %__speck_check_pre, and __spec_install_pre macros in redhat-rpm-config to include %set_build_flags. This will set these environment variables automatically before the %build, %check, and %install phases. See the proposed [https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/166 implementation] for more details. | ||
The purpose for making this change in the %check phase is because sometimes test code gets built in the %check | The purpose for making this change in the %check phase is because sometimes test code gets built in the %check phase for unit tests and this will ensure that the application code and its tests are built with the same set of flags. This change is also being made in the %install phase for a similar reason, because sometime code gets built during the install phase. | ||
This change should have no impact on packages that already use %set_build_flags either directly or indirectly through another macro. It also won't impact any package that currently sets these environment variables or modifies any of the %{build*_flags} macros in their %build or %check sections. | This change should have no impact on packages that already use %set_build_flags either directly or indirectly through another macro. It also won't impact any package that currently sets these environment variables or modifies any of the %{build*_flags} macros in their %build or %check sections. |
Revision as of 00:17, 5 January 2022
%set_build_flags for %build, %check, and %install phases
Summary
Call %set_build_flags macro automatically at the beginning of the %build, %check, and %install phases of RPM builds in Fedora Linux. This will ensure that the compiler flag environment variables are set for every RPM build.
Owner
- Name: Tom Stellard
- Email: <tstellar@redhat.com>
Current status
- Targeted release: Fedora Linux 36
- Last updated: 2022-01-05
- devel thread
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
The %set_build_flags macro exports common environment variables used for building packages:
- CFLAGS
- CXXFLAGS
- FFLAGS
- FCFLAGS
- LDFLAGS
- LT_SYS_LIBRARY_PATH
- CC
- CXX
These environment variables are set to the compiler flags defined in the system RPM configuration. This macro is currently implicitly called when packages use some of the build system helper macros, like %configure, %cmake, and %meson. However, not all packages use these macros and so some packages do not use the correct compiler flags as required by the Fedora packaging guidelines[1].
This change will be implemented by updating the %__spec_build_pre, %__speck_check_pre, and __spec_install_pre macros in redhat-rpm-config to include %set_build_flags. This will set these environment variables automatically before the %build, %check, and %install phases. See the proposed implementation for more details.
The purpose for making this change in the %check phase is because sometimes test code gets built in the %check phase for unit tests and this will ensure that the application code and its tests are built with the same set of flags. This change is also being made in the %install phase for a similar reason, because sometime code gets built during the install phase.
This change should have no impact on packages that already use %set_build_flags either directly or indirectly through another macro. It also won't impact any package that currently sets these environment variables or modifies any of the %{build*_flags} macros in their %build or %check sections.
Packagers may opt out of this behavior by doing:
%undefine _auto_set_build_flags
[1] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_compiler_flags
Feedback
Based on feedback on the devel list, the following changes were made:
- Added %set_build_flags to the %install phase.
- Added an opt-out mechanism:
%undefine _auto_set_build_flags
Benefit to Fedora
This change will ensure that more packages are built using the correct compiler flags, and bring them in compliance with the Fedora packaging guidelines. It will also help improve the security of the distribution as many of the compiler flags help defend against common security attacks.
Scope
- Proposal owners:
- Make the necessary changes to redhat-rpm-config.
- Help debug any issues uncovered by this change during the mass rebuild.
- Other developers:
- Report bugs to the proposal owner.
- Release engineering: #10482
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives:
Upgrade/compatibility impact
How To Test
This change will be tested by rebuilding packages as part of the mass rebuild.
User Experience
This change will make some packages less susceptible to security exploits.
Dependencies
Contingency Plan
- Contingency mechanism: The proposal owner will revert the change in redhat-rpm-config
- Contingency deadline: Beta Freeze
- Blocks release? No
Documentation
None needed.