Skip to content

Commit 1d06a1f

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request #24864 from lsm5/rpm-macro-cleanup
[skip-ci] RPM: cleanup macro defs
2 parents 7185d46 + 1d220b9 commit 1d06a1f

File tree

1 file changed

+13
-13
lines changed

1 file changed

+13
-13
lines changed

rpm/podman.spec

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -7,21 +7,8 @@
77
%global debug_package %{nil}
88
%endif
99

10-
# RHEL's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we
11-
# set it separately here and do not depend on RHEL's go-[s]rpm-macros package
12-
# until that's fixed.
13-
# c9s bz: https://bugzilla.redhat.com/show_bug.cgi?id=2227328
14-
%if %{defined rhel} && 0%{?rhel} < 10
15-
%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
16-
%endif
17-
1810
%global gomodulesmode GO111MODULE=on
1911

20-
%if %{defined rhel}
21-
# _user_tmpfiles.d currently undefined on rhel
22-
%global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d
23-
%endif
24-
2512
%if %{defined fedora}
2613
%define build_with_btrfs 1
2714
# qemu-system* isn't packageed for CentOS Stream / RHEL
@@ -32,6 +19,11 @@
3219
%define copr_build 1
3320
%endif
3421

22+
# Only RHEL and CentOS Stream rpms are built with fips-enabled go compiler
23+
%if %{defined rhel}
24+
%define fips_enabled 1
25+
%endif
26+
3527
%global container_base_path github.com/containers
3628
%global container_base_url https://%{container_base_path}
3729

@@ -251,6 +243,14 @@ LDFLAGS="-X %{ld_libpod}/define.buildInfo=${SOURCE_DATE_EPOCH:-$(date +%s)} \
251243

252244
export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"
253245

246+
# libtrust_openssl buildtag switches to using the FIPS-compatible func
247+
# `ecdsa.HashSign`.
248+
# Ref 1: https://github.com/golang-fips/go/blob/main/patches/015-add-hash-sign-verify.patch#L22
249+
# Ref 2: https://github.com/containers/libtrust/blob/main/ec_key_openssl.go#L23
250+
%if %{defined fips_enabled}
251+
export BASEBUILDTAGS="$BASEBUILDTAGS libtrust_openssl"
252+
%endif
253+
254254
# build %%{name}
255255
export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh)"
256256
%gobuild -o bin/%{name} ./cmd/%{name}

0 commit comments

Comments
 (0)