chore(module): make swtpm compatible with x86-64-v2 CPUs

diafour · diafour · commit 672edf26bc51 · 2026-01-13T15:52:35.000+03:00
- Make swtpm, libgmp and gnutls compatible with x86-64-v2 CPUs.
- libgmp contains lot of optimizations for x86 microarchitectures, use the most portable but not the most performant.
- Prevent internet access in gnutls builder.

Signed-off-by: Ivan Mikheykin &lt;ivan.mikheykin@flant.com&gt;
diff --git a/images/packages/gnutls/werf.inc.yaml b/images/packages/gnutls/werf.inc.yaml
@@ -51,6 +51,7 @@ altPackages:
 - liboqs-devel
 - iproute2-devel
 - wget
+- tree
 packages:
 - libbrotli libidn2 libgcrypt libgmp
 - nettle zlib zstd p11-kit
@@ -94,10 +95,14 @@ shell:
 
     cd /src
 
-    # Fake distcheck-hook that checks bootstrap is called without --skip-po
-    mkdir -p po/.reference
+    # GCC flags to produce more portable binaries.
+    export CFLAGS="-march=x86-64-v2"
+    export CXXFLAGS="-march=x86-64-v2"
 
-    ./bootstrap --skip-po
+    # Skip po downloads: bootstrap checks .reference directory to decide if it should download po files.
+    mkdir -p po/.reference
+    # Skip git clone: gnulib is already downloaded in the src-artifact image.
+    ./bootstrap --skip-po --no-git --gnulib-srcdir=/src/gnulib
 
     ./configure \
       --prefix=/usr \
@@ -123,3 +128,5 @@ shell:
     make -j$(nproc)
 
     make DESTDIR=$OUTDIR install-strip
+
+    tree -hp $OUTDIR
diff --git a/images/packages/libgmp/werf.inc.yaml b/images/packages/libgmp/werf.inc.yaml
@@ -57,9 +57,18 @@ shell:
 
     cd /src
 
+    export CFLAGS="-march=x86-64-v2"
+    export CPPFLAGS="-march=x86-64-v2"
+    export CXXFLAGS="-march=x86-64-v2"
+
+    # Notes:
+    # - Use x86_64 cpu to produce the most portable binary but not the most performant one.
+    # - Disable fat binary.
     ./configure \
       --prefix=/usr \
       --libdir=/usr/lib64 \
+      --disable-fat \
+      --build x86_64-linux-gnu \
       --enable-cxx
 
     make -j$(nproc)
diff --git a/images/packages/libvirt/werf.inc.yaml b/images/packages/libvirt/werf.inc.yaml
@@ -266,4 +266,4 @@ shell:
       echo "Stripped: $execfile"
     fi
     done
-    tree -hp $OUTDIR
+    tree -hp $OUTDIR
diff --git a/images/packages/swtpm/werf.inc.yaml b/images/packages/swtpm/werf.inc.yaml
@@ -36,6 +36,7 @@ altPackages:
 - libgnutls-openssl-devel
 - libfuse-devel
 - perl-podlators
+- tree
 packages:
 - libgmp libtpms openssl libjson-glib
 - libtasn1
@@ -78,6 +79,8 @@ shell:
 
     cd /src
 
+    export CFLAGS="-march=x86-64-v2"
+
     ./autogen.sh \
       --disable-tests \
       --with-openssl \
@@ -98,3 +101,5 @@ shell:
     rm -rf $OUTDIR/usr/include
     rm -rf $OUTDIR/usr/share
     rm -rf $OUTDIR/usr/libexec/installed-tests
+
+    tree -hp $OUTDIR
diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
@@ -77,7 +77,7 @@ altLibs:
   - msulogin
   - strace
 binaries:
-  # Gnu utils (requared for swtpm)
+  # GNU utils (required to run swtpm).
   - /usr/bin/certtool
   - /usr/bin/gnutls-cli
   - /usr/bin/ocsptool
@@ -210,7 +210,7 @@ import:
 
 {{- include "importPackageImages" (list . $builderDependencies.packages "install") -}}
 
-# Statically builded
+# Statically built.
 - image: {{ .ModuleNamePrefix }}packages/openssl
   add: /openssl
   to: /relocate
