From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 18 Feb 2025 14:53:44 +0000 (+0100)
Subject: dnsdist: Fix package building on EL-9 and EL-8
X-Git-Tag: dnsdist-2.0.0-alpha1~30^2~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15c976c3da1f9055fa98432d2a239d6c5ae34672;p=thirdparty%2Fpdns.git

dnsdist: Fix package building on EL-9 and EL-8
---

diff --git a/builder-support/dockerfiles/Dockerfile.dnsdist b/builder-support/dockerfiles/Dockerfile.dnsdist
index c157637075..1bf87e8f3f 100644
--- a/builder-support/dockerfiles/Dockerfile.dnsdist
+++ b/builder-support/dockerfiles/Dockerfile.dnsdist
@@ -8,13 +8,19 @@ ADD builder/helpers/set-configure-ac-version.sh /dnsdist/builder/helpers/
 ADD COPYING /dnsdist/
 @EXEC sdist_dirs=(build-aux m4 pdns ext)
 @EXEC for d in ${sdist_dirs[@]} ; do echo "COPY $d/ /dnsdist/$d/" ; done
+COPY .git/ /dnsdist/.git/
+COPY builder-support/ /dnsdist/builder-support/
+COPY docs/ /dnsdist/docs/
 ADD builder-support/gen-version /dnsdist/pdns/dnsdistdist/builder-support/gen-version
-WORKDIR /dnsdist/pdns/dnsdistdist
+WORKDIR /dnsdist/
 
 RUN mkdir /sdist
 
 ARG BUILDER_VERSION
-RUN /dnsdist/builder/helpers/set-configure-ac-version.sh && \
+
+RUN cd /dnsdist/pdns/dnsdistdist && \
+   /dnsdist/builder/helpers/set-configure-ac-version.sh && \
     meson setup build && \
     meson dist -C build
+WORKDIR /dnsdist/pdns/dnsdistdist
 RUN cp build/meson-dist/dnsdist-${BUILDER_VERSION}.tar.xz /sdist/
diff --git a/builder-support/dockerfiles/Dockerfile.rpmbuild b/builder-support/dockerfiles/Dockerfile.rpmbuild
index 2a996f1a3f..e62cdc3879 100644
--- a/builder-support/dockerfiles/Dockerfile.rpmbuild
+++ b/builder-support/dockerfiles/Dockerfile.rpmbuild
@@ -1,6 +1,11 @@
 FROM dist-base as package-builder
-RUN yum upgrade -y && \
-    yum install --allowerasing -y rpm-build rpmdevtools python3 curl jq "@Development Tools"
+RUN if $(grep -q 'release 8' /etc/redhat-release); then \
+      yum upgrade -y && \
+      yum install --allowerasing -y rpm-build rpmdevtools python3.11 curl jq "@Development Tools" ninja-build hostname python3.11-pip python3.11-yaml ; \
+    else \
+      yum upgrade -y && \
+      yum install --allowerasing -y rpm-build rpmdevtools python3 curl jq "@Development Tools" ninja-build hostname python3-pip python3-yaml ; \
+    fi
 
 RUN mkdir /dist /pdns
 WORKDIR /pdns
@@ -59,6 +64,7 @@ RUN touch /var/lib/rpm/* && if grep -q 'release 8' /etc/redhat-release; then \
 @ENDIF
 
 # Generate provenance
+RUN yum install --allowerasing -y python3
 @EVAL RUN python builder/helpers/generate-dnf-provenance.py /dist/packages-${BUILDER_TARGET}.json || python3 builder/helpers/generate-dnf-provenance.py /dist/packages-${BUILDER_TARGET}.json
 
 # mv across layers with overlay2 is buggy in some kernel versions (results in empty dirs)
diff --git a/builder-support/helpers/install_meson.sh b/builder-support/helpers/install_meson.sh
index 7421480d91..b29b7cc7f0 100755
--- a/builder-support/helpers/install_meson.sh
+++ b/builder-support/helpers/install_meson.sh
@@ -16,8 +16,12 @@ echo "${MESON_TARBALL_HASH}"  "${MESON_TARBALL}" | sha256sum -c -
 tar xf "${MESON_TARBALL}"
 cd "meson-${MESON_VERSION}"
 
-python3 setup.py build
-python3 setup.py install
+install -Dpm0644 -t /usr/lib/rpm/macros.d/ data/macros.meson
+
+python3 -m pip install .
+ln -s /usr/local/bin/meson /usr/bin/meson
+PYVERS=$(python3 --version | sed 's/Python //' | cut -d. -f1,2)
+ln -s "/usr/local/lib/python${PYVERS}/site-packages/mesonbuild" /usr/lib/python${PYVERS}/site-packages/mesonbuild
 
 cd ..
 rm -rf "${MESON_TARBALL}" "meson-${MESON_VERSION}"
diff --git a/builder-support/post-build b/builder-support/post-build
index b97d254ab1..bd416455df 100755
--- a/builder-support/post-build
+++ b/builder-support/post-build
@@ -22,9 +22,13 @@ fi
 # with a find condition for pdns to exclude accidentally matching pdns-recursor*.
 for prog in pdns-recursor dnsdist; do
   if [ $(find ${SRCDIR}/dist -name "${prog}*" 2>/dev/null | wc -l) -ne 0 ]; then
+    extension="tar.bz2"
+    if [ "$prog" = "dnsdist" ]; then
+      extension="tar.xz"
+    fi
     dst=${DESTDIR}/${prog}/${BUILDER_VERSION}
     mkdir -p ${dst}
-    cp ${BUILDER_TMP}/${BUILDER_VERSION}/sdist/${prog}*.tar.bz2 ${dst}
+    cp ${BUILDER_TMP}/${BUILDER_VERSION}/sdist/${prog}*.${extension} ${dst}
     tardirname=${prog}-${BUILDER_VERSION}-${BUILDER_TARGET}
     "$tar" -cjf ${dst}/${tardirname}.tar.bz2 --transform="s,.*/,${tardirname}/,g"  $(find ${SRCDIR} -type f)
   fi
diff --git a/builder-support/specs/dnsdist.spec b/builder-support/specs/dnsdist.spec
index 572ba00921..12284be1ba 100644
--- a/builder-support/specs/dnsdist.spec
+++ b/builder-support/specs/dnsdist.spec
@@ -5,7 +5,9 @@ Summary: Powerful and scriptable DNS loadbalancer
 License: GPLv2
 Vendor: PowerDNS.COM BV
 Group: System/DNS
-Source: %{name}-%{getenv:BUILDER_VERSION}.tar.bz2
+Source: %{name}-%{getenv:BUILDER_VERSION}.tar.xz
+BuildRequires: ninja-build
+BuildRequires: hostname
 BuildRequires: readline-devel
 BuildRequires: libedit-devel
 BuildRequires: openssl-devel
@@ -59,6 +61,13 @@ dnsdist is a high-performance DNS loadbalancer that is scriptable in Lua.
 %prep
 %autosetup -p1 -n %{name}-%{getenv:BUILDER_VERSION}
 
+%if 0%{?rhel} >= 9
+%global toolchain clang
+%else
+# we need to disable the hardened flags because they are GCC-only
+%undefine _hardened_build
+%endif
+
 %build
 # We need to build with LLVM/clang to be able to use LTO, since we are linking against a static Rust library built with LLVM
 export CC=clang
@@ -66,22 +75,28 @@ export CXX=clang++
 # build-id SHA1 prevents an issue with the debug symbols ("export: `-Wl,--build-id=sha1': not a valid identifier")
 # and the --no-as-needed -ldl an issue with the dlsym not being found ("ld.lld: error: undefined symbol: dlsym eferenced by weak.rs:142 (library/std/src/sys/pal/unix/weak.rs:142) [...] in archive ./dnsdist-rust-lib/rust/libdnsdist_rust.a)
 export LDFLAGS="-fuse-ld=lld -Wl,--build-id=sha1 -Wl,--no-as-needed -ldl"
+%if 0%{?rhel} < 9
+export CFLAGS="-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -gdwarf-4"
+export CXXFLAGS="-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -gdwarf-4"
+%endif
 
-export AR=gcc-ar
-export RANLIB=gcc-ranlib
+#export AR=gcc-ar
+#export RANLIB=gcc-ranlib
+export PKG_CONFIG_PATH=/usr/lib/pkgconfig:/opt/lib64/pkgconfig
 
 %meson \
-  -Dsysconfdir=/etc/dnsdist
+  --sysconfdir=/etc/dnsdist \
   -Dunit-tests=true \
   -Db_lto=true \
   -Db_lto_mode=thin \
   -Db_pie=true \
-  -Ddebug=true \
-  -Doptimization=3 \
   -Ddns-over-tls=true \
 %if 0%{?suse_version}
   -Ddnscrypt=disabled \
-  -Dsnmp=false
+  -Dsnmp=false \
+%else
+  -Ddnscrypt=enabled \
+  -Dsnmp=true \
 %endif
   -Ddnstap=enabled \
   -Ddns-over-https=true \
@@ -89,12 +104,9 @@ export RANLIB=gcc-ranlib
   -Dlibcap=enabled \
   -Dlua=luajit \
   -Dre2=enabled \
-  -Ddnscrypt=enabled \
-  -Dsnmp=true \
   -Ddns-over-quic=true \
   -Ddns-over-http3=true \
-  -Dyaml=enabled \
-  PKG_CONFIG_PATH=/usr/lib/pkgconfig:/opt/lib64/pkgconfig
+  -Dyaml=enabled
 %meson_build
 
 %check