diff --git a/.azldev-version b/.azldev-version index 95552389490..cad168e1ff6 100644 --- a/.azldev-version +++ b/.azldev-version @@ -1 +1 @@ -0256227f5434d9e00d7c8501b16848efa400a72b +35d8fae562980db7bda057d79322cc51ddad8d62 diff --git a/base/comps/ant/ant.comp.toml b/base/comps/ant/ant.comp.toml index 8b8a0552a9d..373c3c0d5d5 100644 --- a/base/comps/ant/ant.comp.toml +++ b/base/comps/ant/ant.comp.toml @@ -1,13 +1 @@ [components.ant] - -# Backport of upstream Fedora rawhide commit 4ca7a3b: remove openjdk21 binding. -# https://src.fedoraproject.org/rpms/ant/c/4ca7a3b -# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the -# ant-openjdk21 subpackage has an unsatisfiable dependency. - -[[components.ant.overlays]] -description = "Remove openjdk21 JDK binding lines — AZL does not ship java-21-openjdk" -type = "spec-search-replace" -section = "%install" -regex = '.*openjdk21.*' -replacement = '' diff --git a/base/comps/ant/overlays/0001-remove-openjdk21-jdk-binding.overlay.toml b/base/comps/ant/overlays/0001-remove-openjdk21-jdk-binding.overlay.toml new file mode 100644 index 00000000000..6f9b8d16ff9 --- /dev/null +++ b/base/comps/ant/overlays/0001-remove-openjdk21-jdk-binding.overlay.toml @@ -0,0 +1,14 @@ +# Backport of upstream Fedora rawhide commit 4ca7a3b: remove openjdk21 binding. +# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the +# ant-openjdk21 subpackage has an unsatisfiable dependency. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/ant/c/4ca7a3b"] + +[[overlays]] +description = "Remove openjdk21 JDK binding lines — AZL does not ship java-21-openjdk" +type = "spec-search-replace" +section = "%install" +regex = '.*openjdk21.*' +replacement = '' diff --git a/base/comps/apache-ivy/apache-ivy.comp.toml b/base/comps/apache-ivy/apache-ivy.comp.toml index 94aa38efbd2..cca6d5725fd 100644 --- a/base/comps/apache-ivy/apache-ivy.comp.toml +++ b/base/comps/apache-ivy/apache-ivy.comp.toml @@ -1,19 +1 @@ [components.apache-ivy] -overlays = [ - { type = "file-add", file = "IMPROVEMENT-use-Apache-Commons-Compress-for-pack200-.patch", source = "IMPROVEMENT-use-Apache-Commons-Compress-for-pack200-.patch" }, - { type = "spec-add-tag", tag = "Source4", value = "IMPROVEMENT-use-Apache-Commons-Compress-for-pack200-.patch" }, - - { type = "file-add", file = "remove-Pack200Packing-java.patch", source = "remove-Pack200Packing-java.patch" }, - { type = "spec-add-tag", tag = "Source5", value = "remove-Pack200Packing-java.patch" }, - - { type = "spec-search-replace", regex = "dos2unix src/java/org/apache/ivy/ant/IvyAntSettings.java", replacement = "dos2unix src/java/org/apache/ivy/ant/IvyAntSettings.java asciidoc/release-notes.adoc ivy.xml optional.patterns src/java/org/apache/ivy/core/pack/PackagingManager.java src/java/org/apache/ivy/core/pack/PackingRegistry.java src/java/org/apache/ivy/core/settings/IvySettings.java src/java/org/apache/ivy/core/pack/ArchivePacking.java src/java/org/apache/ivy/core/pack/OsgiBundlePacking.java src/java/org/apache/ivy/core/pack/Pack200Packing.java src/java/org/apache/ivy/core/pack/StreamPacking.java src/java/org/apache/ivy/core/pack/ZipPacking.java src/java/org/apache/ivy/util/FileUtil.java test/java/org/apache/ivy/core/retrieve/RetrieveTest.java test/java/org/apache/ivy/core/pack/ZipPackingTest.java version.properties" }, - - { type = "spec-search-replace", regex = "patch -p1 -l < %{SOURCE3}", replacement = "patch -p1 -l < %{SOURCE3}\npatch -p1 -l < %{SOURCE4}\npatch -p1 -l < %{SOURCE5}" }, - - # AZL ships only java-25-openjdk; there is no java-21-openjdk, so the - # upstream references to ant-openjdk21 and java-21-openjdk are - # unsatisfiable. Retarget to the openjdk25 variant. - { description = "Remove BuildRequires on ant-openjdk21 — AZL does not ship java-21-openjdk", type = "spec-remove-tag", tag = "BuildRequires", value = "ant-openjdk21" }, - { description = "Add BuildRequires on ant-openjdk25 in place of ant-openjdk21", type = "spec-add-tag", tag = "BuildRequires", value = "ant-openjdk25" }, - { description = "Retarget JAVA_HOME from java-21-openjdk to java-25-openjdk in %build", type = "spec-search-replace", section = "%build", regex = "java-21-openjdk", replacement = "java-25-openjdk" }, -] diff --git a/base/comps/apache-ivy/overlays/0001-pack200-commons-compress.overlay.toml b/base/comps/apache-ivy/overlays/0001-pack200-commons-compress.overlay.toml new file mode 100644 index 00000000000..4583ef6109d --- /dev/null +++ b/base/comps/apache-ivy/overlays/0001-pack200-commons-compress.overlay.toml @@ -0,0 +1,43 @@ +# Use Apache Commons Compress for pack200 support: stage two downstream patches +# (Source4/Source5), wire them into %prep, and dos2unix the touched files. +# Backport of upstream Apache Ivy commit d772841 (IVY-1652). +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://github.com/apache/ant-ivy/commit/d77284167b6695903b80c72afed57469ffab5cc3"] + +[[overlays]] +description = "Stage the Apache Commons Compress pack200 backport patch (downstream Source4)" +type = "file-add" +file = "IMPROVEMENT-use-Apache-Commons-Compress-for-pack200-.patch" +source = "../IMPROVEMENT-use-Apache-Commons-Compress-for-pack200-.patch" + +[[overlays]] +description = "Register the Commons Compress pack200 patch as Source4" +type = "spec-add-tag" +tag = "Source4" +value = "IMPROVEMENT-use-Apache-Commons-Compress-for-pack200-.patch" + +[[overlays]] +description = "Stage the Pack200Packing.java removal patch (downstream Source5)" +type = "file-add" +file = "remove-Pack200Packing-java.patch" +source = "../remove-Pack200Packing-java.patch" + +[[overlays]] +description = "Register the Pack200Packing.java removal patch as Source5" +type = "spec-add-tag" +tag = "Source5" +value = "remove-Pack200Packing-java.patch" + +[[overlays]] +description = "Extend the dos2unix invocation to cover every file touched by the pack200 backport" +type = "spec-search-replace" +regex = "dos2unix src/java/org/apache/ivy/ant/IvyAntSettings.java" +replacement = "dos2unix src/java/org/apache/ivy/ant/IvyAntSettings.java asciidoc/release-notes.adoc ivy.xml optional.patterns src/java/org/apache/ivy/core/pack/PackagingManager.java src/java/org/apache/ivy/core/pack/PackingRegistry.java src/java/org/apache/ivy/core/settings/IvySettings.java src/java/org/apache/ivy/core/pack/ArchivePacking.java src/java/org/apache/ivy/core/pack/OsgiBundlePacking.java src/java/org/apache/ivy/core/pack/Pack200Packing.java src/java/org/apache/ivy/core/pack/StreamPacking.java src/java/org/apache/ivy/core/pack/ZipPacking.java src/java/org/apache/ivy/util/FileUtil.java test/java/org/apache/ivy/core/retrieve/RetrieveTest.java test/java/org/apache/ivy/core/pack/ZipPackingTest.java version.properties" + +[[overlays]] +description = "Apply the staged Source4/Source5 patches in %prep alongside the existing Source3 patch" +type = "spec-search-replace" +regex = "patch -p1 -l < %{SOURCE3}" +replacement = "patch -p1 -l < %{SOURCE3}\npatch -p1 -l < %{SOURCE4}\npatch -p1 -l < %{SOURCE5}" diff --git a/base/comps/apache-ivy/overlays/0002-remove-buildrequires-ant-openjdk21.overlay.toml b/base/comps/apache-ivy/overlays/0002-remove-buildrequires-ant-openjdk21.overlay.toml new file mode 100644 index 00000000000..23e271accad --- /dev/null +++ b/base/comps/apache-ivy/overlays/0002-remove-buildrequires-ant-openjdk21.overlay.toml @@ -0,0 +1,25 @@ +# AZL ships only java-25-openjdk; there is no java-21-openjdk, so the +# upstream references to ant-openjdk21 and java-21-openjdk are +# unsatisfiable. Retarget to the openjdk25 variant. +[metadata] +category = "azl-pruning" +upstreamable = false + +[[overlays]] +description = "Remove BuildRequires on ant-openjdk21 — AZL does not ship java-21-openjdk" +type = "spec-remove-tag" +tag = "BuildRequires" +value = "ant-openjdk21" + +[[overlays]] +description = "Add BuildRequires on ant-openjdk25 in place of ant-openjdk21" +type = "spec-add-tag" +tag = "BuildRequires" +value = "ant-openjdk25" + +[[overlays]] +description = "Retarget JAVA_HOME from java-21-openjdk to java-25-openjdk in %build" +type = "spec-search-replace" +section = "%build" +regex = "java-21-openjdk" +replacement = "java-25-openjdk" diff --git a/base/comps/atlas/atlas.comp.toml b/base/comps/atlas/atlas.comp.toml index 26a5575c0fb..91b7ce23295 100644 --- a/base/comps/atlas/atlas.comp.toml +++ b/base/comps/atlas/atlas.comp.toml @@ -1,13 +1 @@ [components.atlas] - -# Fedora's lapack-static 3.12.0-10 dropped the separate liblapack_pic.a file -# (it was redundant since static libs are now built with -fPIC by default). -# The spec references the old name in %prep when building a pruned LAPACK archive. -# Fixed upstream in atlas-3.10.3-33 (rawhide): -# https://src.fedoraproject.org/rpms/atlas/c/f253f3a2d6c1 (rhbz#2433875) -# This overlay can be removed once we import from a Fedora version that includes the fix. -[[components.atlas.overlays]] -description = "Fix liblapack_pic.a reference — renamed to liblapack.a in lapack-static 3.12.0-10" -type = "spec-search-replace" -regex = 'liblapack_pic\.a' -replacement = "liblapack.a" diff --git a/base/comps/atlas/overlays/0001-fix-liblapack-pic-reference.overlay.toml b/base/comps/atlas/overlays/0001-fix-liblapack-pic-reference.overlay.toml new file mode 100644 index 00000000000..efe23e5e44d --- /dev/null +++ b/base/comps/atlas/overlays/0001-fix-liblapack-pic-reference.overlay.toml @@ -0,0 +1,15 @@ +# Fedora's lapack-static 3.12.0-10 dropped the separate liblapack_pic.a file +# (it was redundant since static libs are now built with -fPIC by default). +# The spec references the old name in %prep when building a pruned LAPACK archive. +# Fixed upstream in atlas-3.10.3-33 (rawhide), rhbz#2433875. +# This overlay can be removed once we import from a Fedora version that includes the fix. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/atlas/c/f253f3a2d6c1"] + +[[overlays]] +description = "Fix liblapack_pic.a reference — renamed to liblapack.a in lapack-static 3.12.0-10" +type = "spec-search-replace" +regex = 'liblapack_pic\.a' +replacement = "liblapack.a" diff --git a/base/comps/cloud-init/cloud-init.comp.toml b/base/comps/cloud-init/cloud-init.comp.toml index 6d72cdabc7f..5c6077c72f6 100644 --- a/base/comps/cloud-init/cloud-init.comp.toml +++ b/base/comps/cloud-init/cloud-init.comp.toml @@ -1,158 +1 @@ [components.cloud-init] - -[[components.cloud-init.overlays]] -description = "Workaround CPE parsing bug in cloud-init 25.2" -type = "spec-add-tag" -tag = "Patch" -value = "fix-avoid-incorrect-CPE-parsing-on-Azure-Linux.patch" - -[[components.cloud-init.overlays]] -description = "Add the CPE parsing bug fix patch file" -type = "file-add" -source = "fix-avoid-incorrect-CPE-parsing-on-Azure-Linux.patch" -file = "fix-avoid-incorrect-CPE-parsing-on-Azure-Linux.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0001-fix-azurelinux-remove-some-config-excluded-only-from.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0001-fix-azurelinux-remove-some-config-excluded-only-from.patch" -file = "0001-fix-azurelinux-remove-some-config-excluded-only-from.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0002-fix-azurelinux-remove-custom-azurelinux-group-config.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0002-fix-azurelinux-remove-custom-azurelinux-group-config.patch" -file = "0002-fix-azurelinux-remove-custom-azurelinux-group-config.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0003-fix-azurelinux-set-azurelinux-default-username-to-az.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0003-fix-azurelinux-set-azurelinux-default-username-to-az.patch" -file = "0003-fix-azurelinux-set-azurelinux-default-username-to-az.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0004-fix-azurelinux-include-azurelinux-in-distro-group-wi.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0004-fix-azurelinux-include-azurelinux-in-distro-group-wi.patch" -file = "0004-fix-azurelinux-include-azurelinux-in-distro-group-wi.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0005-fix-azurelinux-Set-specific-list-of-network-renderer.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0005-fix-azurelinux-Set-specific-list-of-network-renderer.patch" -file = "0005-fix-azurelinux-Set-specific-list-of-network-renderer.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0006-fix-azurelinux-use-libexec-path-for-ds-identify-6874.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0006-fix-azurelinux-use-libexec-path-for-ds-identify-6874.patch" -file = "0006-fix-azurelinux-use-libexec-path-for-ds-identify-6874.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0007-fix-azurelinux-remove-overridden-package_command-met.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0007-fix-azurelinux-remove-overridden-package_command-met.patch" -file = "0007-fix-azurelinux-remove-overridden-package_command-met.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0008-fix-azurelinux-remove-use_lib_exec-property-override.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0008-fix-azurelinux-remove-use_lib_exec-property-override.patch" -file = "0008-fix-azurelinux-remove-use_lib_exec-property-override.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0009-fix-azurelinux-update-systemd-cloud-init-.service-te.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0009-fix-azurelinux-update-systemd-cloud-init-.service-te.patch" -file = "0009-fix-azurelinux-update-systemd-cloud-init-.service-te.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0010-fix-azurelinux-update-hosts.azurelinux.tmpl-6874.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0010-fix-azurelinux-update-hosts.azurelinux.tmpl-6874.patch" -file = "0010-fix-azurelinux-update-hosts.azurelinux.tmpl-6874.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "spec-add-tag" -tag = "Patch" -value = "0011-fix-azurelinux-update-test_util-with-Azure-Linux-4-o.patch" - -[[components.cloud-init.overlays]] -description = "Apply patches from upstream cloud-init azl4 pr" -type = "file-add" -source = "0011-fix-azurelinux-update-test_util-with-Azure-Linux-4-o.patch" -file = "0011-fix-azurelinux-update-test_util-with-Azure-Linux-4-o.patch" - -[[components.cloud-init.overlays]] -description = "Set distro to azurelinux" -type = "spec-search-replace" -section = "%install" -regex = '%py3_install -- --init-system=systemd' -replacement = '%py3_install -- --init-system=systemd --distro=azurelinux' - -[[components.cloud-init.overlays]] -description = "Set variant to azurelinux" -type = "spec-search-replace" -regex = 'python3 tools/render-template --variant %{\?rhel:rhel}%{!\?rhel:fedora}' -replacement = "python3 tools/render-template --variant azurelinux" diff --git a/base/comps/cloud-init/overlays/0001-workaround-cpe-parsing-bug.overlay.toml b/base/comps/cloud-init/overlays/0001-workaround-cpe-parsing-bug.overlay.toml new file mode 100644 index 00000000000..0594ac582e3 --- /dev/null +++ b/base/comps/cloud-init/overlays/0001-workaround-cpe-parsing-bug.overlay.toml @@ -0,0 +1,16 @@ +# Workaround CPE parsing bug in cloud-init 25.2. +[metadata] +category = "azl-compatibility" +upstreamable = false + +[[overlays]] +description = "Workaround CPE parsing bug in cloud-init 25.2" +type = "spec-add-tag" +tag = "Patch" +value = "fix-avoid-incorrect-CPE-parsing-on-Azure-Linux.patch" + +[[overlays]] +description = "Add the CPE parsing bug fix patch file" +type = "file-add" +source = "../fix-avoid-incorrect-CPE-parsing-on-Azure-Linux.patch" +file = "fix-avoid-incorrect-CPE-parsing-on-Azure-Linux.patch" diff --git a/base/comps/cloud-init/overlays/0002-apply-patches-upstream-cloud.overlay.toml b/base/comps/cloud-init/overlays/0002-apply-patches-upstream-cloud.overlay.toml new file mode 100644 index 00000000000..886956252f2 --- /dev/null +++ b/base/comps/cloud-init/overlays/0002-apply-patches-upstream-cloud.overlay.toml @@ -0,0 +1,150 @@ +# Apply patches from the upstream cloud-init azl4 PR (downstream Azure Linux +# enablement series staged as Patch tags and source files). +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = [ + "https://github.com/canonical/cloud-init/commit/e591185d8393bfbff2b09c20b9dad415a68973db", + "https://github.com/canonical/cloud-init/commit/8ae74678152957e23fda2c670d0f7ec29ec2c5a2", + "https://github.com/canonical/cloud-init/commit/314531fa3c760b86138be26bd7ad51cb03a94f42", + "https://github.com/canonical/cloud-init/commit/8771a379e59e9fa576a43952447e4e50322c173d", + "https://github.com/canonical/cloud-init/commit/1fd06a6ef65648aad18309537ff7953e763c27d9", + "https://github.com/canonical/cloud-init/commit/9a8656669ec483ce34bb26b1d2817c96bee261ae", + "https://github.com/canonical/cloud-init/commit/fe50391f2eebcc1e31b0b58035d181baf0f319bc", + "https://github.com/canonical/cloud-init/commit/1c634786941717902342e61899c5684bc8360c6e", + "https://github.com/canonical/cloud-init/commit/24bd380d48efc4944ddb0cbd35db089fef36bcaf", + "https://github.com/canonical/cloud-init/commit/81001c5b2f64938288b78db99860500a35f432ea", + "https://github.com/canonical/cloud-init/commit/f2d5f5e7fd1f33e4c105257b97d003b7356ab4a3", +] + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0001-fix-azurelinux-remove-some-config-excluded-only-from.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0001-fix-azurelinux-remove-some-config-excluded-only-from.patch" +file = "0001-fix-azurelinux-remove-some-config-excluded-only-from.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0002-fix-azurelinux-remove-custom-azurelinux-group-config.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0002-fix-azurelinux-remove-custom-azurelinux-group-config.patch" +file = "0002-fix-azurelinux-remove-custom-azurelinux-group-config.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0003-fix-azurelinux-set-azurelinux-default-username-to-az.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0003-fix-azurelinux-set-azurelinux-default-username-to-az.patch" +file = "0003-fix-azurelinux-set-azurelinux-default-username-to-az.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0004-fix-azurelinux-include-azurelinux-in-distro-group-wi.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0004-fix-azurelinux-include-azurelinux-in-distro-group-wi.patch" +file = "0004-fix-azurelinux-include-azurelinux-in-distro-group-wi.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0005-fix-azurelinux-Set-specific-list-of-network-renderer.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0005-fix-azurelinux-Set-specific-list-of-network-renderer.patch" +file = "0005-fix-azurelinux-Set-specific-list-of-network-renderer.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0006-fix-azurelinux-use-libexec-path-for-ds-identify-6874.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0006-fix-azurelinux-use-libexec-path-for-ds-identify-6874.patch" +file = "0006-fix-azurelinux-use-libexec-path-for-ds-identify-6874.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0007-fix-azurelinux-remove-overridden-package_command-met.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0007-fix-azurelinux-remove-overridden-package_command-met.patch" +file = "0007-fix-azurelinux-remove-overridden-package_command-met.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0008-fix-azurelinux-remove-use_lib_exec-property-override.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0008-fix-azurelinux-remove-use_lib_exec-property-override.patch" +file = "0008-fix-azurelinux-remove-use_lib_exec-property-override.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0009-fix-azurelinux-update-systemd-cloud-init-.service-te.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0009-fix-azurelinux-update-systemd-cloud-init-.service-te.patch" +file = "0009-fix-azurelinux-update-systemd-cloud-init-.service-te.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0010-fix-azurelinux-update-hosts.azurelinux.tmpl-6874.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0010-fix-azurelinux-update-hosts.azurelinux.tmpl-6874.patch" +file = "0010-fix-azurelinux-update-hosts.azurelinux.tmpl-6874.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "spec-add-tag" +tag = "Patch" +value = "0011-fix-azurelinux-update-test_util-with-Azure-Linux-4-o.patch" + +[[overlays]] +description = "Apply patches from upstream cloud-init azl4 pr" +type = "file-add" +source = "../0011-fix-azurelinux-update-test_util-with-Azure-Linux-4-o.patch" +file = "0011-fix-azurelinux-update-test_util-with-Azure-Linux-4-o.patch" diff --git a/base/comps/cloud-init/overlays/0003-set-distro-variant.overlay.toml b/base/comps/cloud-init/overlays/0003-set-distro-variant.overlay.toml new file mode 100644 index 00000000000..7cce2fdda85 --- /dev/null +++ b/base/comps/cloud-init/overlays/0003-set-distro-variant.overlay.toml @@ -0,0 +1,17 @@ +# Set the cloud-init distro/variant to azurelinux. +[metadata] +category = "azl-branding-policy" +upstreamable = false + +[[overlays]] +description = "Set distro to azurelinux" +type = "spec-search-replace" +section = "%install" +regex = '%py3_install -- --init-system=systemd' +replacement = '%py3_install -- --init-system=systemd --distro=azurelinux' + +[[overlays]] +description = "Set variant to azurelinux" +type = "spec-search-replace" +regex = 'python3 tools/render-template --variant %{\?rhel:rhel}%{!\?rhel:fedora}' +replacement = "python3 tools/render-template --variant azurelinux" diff --git a/base/comps/components.toml b/base/comps/components.toml index e7b24dbc250..ede81775ec1 100644 --- a/base/comps/components.toml +++ b/base/comps/components.toml @@ -1,5 +1,15 @@ includes = ["**/*.comp.toml", "component-check-disablement.toml", "component-mingw-disablement.toml", "components-publish-channels.toml"] +# Project-wide default: every component automatically discovers per-file overlay +# documents under its own `overlays/` directory. The glob is resolved relative +# to each concrete component's config file, so components without an `overlays/` +# directory simply match nothing (non-matching globs are ignored). This lets +# components keep their overlays as one-logical-change-per-file `*.overlay.toml` +# documents without repeating `overlay-files` in every comp.toml. +# See https://github.com/microsoft/azure-linux-dev-tools/blob/main/docs/user/reference/config/overlays.md#per-file-overlay-format +[default-component-config] +overlay-files = ["overlays/*.overlay.toml"] + # # Components imported from Fedora with no per-component modifications. # Please keep this list sorted alphabetically for readability. diff --git a/base/comps/cpio/cpio.comp.toml b/base/comps/cpio/cpio.comp.toml index 419e2dc05d4..afab3810674 100644 --- a/base/comps/cpio/cpio.comp.toml +++ b/base/comps/cpio/cpio.comp.toml @@ -1,14 +1 @@ [components.cpio] - -[[components.cpio.overlays]] -description = "Drop BR on 'rmt'. Mirroring Rawhide's https://src.fedoraproject.org/rpms/cpio/c/84d5a4fe965609681000fd3911b7246c2a6973fb?branch=rawhide. Required to remove the need for the `star` component (provider of `rmt`)." -type = "spec-search-replace" -regex = ',\s*rmt\b' -replacement = '' - -[[components.cpio.overlays]] -description = "Drop the `rm -f $RPM_BUILD_ROOT%{_libexecdir}/rmt` line from %install. cpio's build tree no longer ships its own `rmt` helper under `_libexecdir`, so the deletion is a stale leftover. Mirrors the same Fedora rawhide commit (84d5a4fe) referenced by the BR-drop overlay above." -type = "spec-search-replace" -section = "%install" -regex = "rm -f \\$RPM_BUILD_ROOT%\\{_libexecdir\\}/rmt" -replacement = "" diff --git a/base/comps/cpio/overlays/0001-drop-br-rmt-mirroring.overlay.toml b/base/comps/cpio/overlays/0001-drop-br-rmt-mirroring.overlay.toml new file mode 100644 index 00000000000..5258c143c50 --- /dev/null +++ b/base/comps/cpio/overlays/0001-drop-br-rmt-mirroring.overlay.toml @@ -0,0 +1,19 @@ +# Mirroring Rawhide's cpio commit 84d5a4fe: drop the dependency on 'rmt'. +# Required to remove the need for the `star` component (provider of `rmt`). +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/cpio/c/84d5a4fe965609681000fd3911b7246c2a6973fb"] + +[[overlays]] +description = "Drop BR on 'rmt'. Mirroring Rawhide's https://src.fedoraproject.org/rpms/cpio/c/84d5a4fe965609681000fd3911b7246c2a6973fb?branch=rawhide. Required to remove the need for the `star` component (provider of `rmt`)." +type = "spec-search-replace" +regex = ',\s*rmt\b' +replacement = '' + +[[overlays]] +description = "Drop the `rm -f $RPM_BUILD_ROOT%{_libexecdir}/rmt` line from %install. cpio's build tree no longer ships its own `rmt` helper under `_libexecdir`, so the deletion is a stale leftover. Mirrors the same Fedora rawhide commit (84d5a4fe) referenced by the BR-drop overlay above." +type = "spec-search-replace" +section = "%install" +regex = "rm -f \\$RPM_BUILD_ROOT%\\{_libexecdir\\}/rmt" +replacement = "" diff --git a/base/comps/glade/glade.comp.toml b/base/comps/glade/glade.comp.toml index 11d1ceeac50..928a04c0f1d 100644 --- a/base/comps/glade/glade.comp.toml +++ b/base/comps/glade/glade.comp.toml @@ -1,9 +1 @@ [components.glade] - -# Backport from Fedora rawhide: https://src.fedoraproject.org/rpms/glade/c/478c15c -# Required by meson's gnome.generate_gir; missing from f43 spec. -[[components.glade.overlays]] -description = "Add missing BuildRequires for gobject-introspection-devel needed by meson gnome.generate_gir" -type = "spec-add-tag" -tag = "BuildRequires" -value = "gobject-introspection-devel" diff --git a/base/comps/glade/overlays/0001-add-missing-buildrequires-gobject.overlay.toml b/base/comps/glade/overlays/0001-add-missing-buildrequires-gobject.overlay.toml new file mode 100644 index 00000000000..3d8630d4d4e --- /dev/null +++ b/base/comps/glade/overlays/0001-add-missing-buildrequires-gobject.overlay.toml @@ -0,0 +1,12 @@ +# Backport from Fedora rawhide commit 478c15c. +# Required by meson's gnome.generate_gir; missing from f43 spec. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/glade/c/478c15c"] + +[[overlays]] +description = "Add missing BuildRequires for gobject-introspection-devel needed by meson gnome.generate_gir" +type = "spec-add-tag" +tag = "BuildRequires" +value = "gobject-introspection-devel" diff --git a/base/comps/gnulib/gnulib.comp.toml b/base/comps/gnulib/gnulib.comp.toml index 652cfc7059c..2aedd03b90f 100644 --- a/base/comps/gnulib/gnulib.comp.toml +++ b/base/comps/gnulib/gnulib.comp.toml @@ -1,22 +1,3 @@ [components.gnulib] # Release: 56.%{gitdate}git%{?dist} release = { calculation = "manual" } -# These overlays are only needed until the snapshot advances past the Fedora f43 -# commit that updated Source URLs from erislabs.net to salsa.debian.org: -# https://src.fedoraproject.org/rpms/gnulib/c/41cae067 -# ("Update to git4a3650d branch stable-202601"). -# The old gitweb query-string URLs can't be parsed by the rendered spec -# filter, causing check-module.1 and gnulib-tool.1 to be dropped. -# Adding #/filename hints lets the filter extract the correct basename. - -[[components.gnulib.overlays]] -description = "Temporary: append #/filename hint to Source1 so rendered spec filter can match check-module.1. Remove when snapshot includes f43 commit 41cae067." -type = "spec-update-tag" -tag = "Source1" -value = "https://erislabs.net/gitweb/?p=gnulib.git;a=blob_plain;hb=HEAD;f=debian/manpages/check-module.1#/check-module.1" - -[[components.gnulib.overlays]] -description = "Temporary: append #/filename hint to Source2 so rendered spec filter can match gnulib-tool.1. Remove when snapshot includes f43 commit 41cae067." -type = "spec-update-tag" -tag = "Source2" -value = "https://erislabs.net/gitweb/?p=gnulib.git;a=blob_plain;hb=HEAD;f=debian/manpages/gnulib-tool.1#/gnulib-tool.1" diff --git a/base/comps/gnulib/overlays/0001-fix-source-url-filter.overlay.toml b/base/comps/gnulib/overlays/0001-fix-source-url-filter.overlay.toml new file mode 100644 index 00000000000..4d4416aed7b --- /dev/null +++ b/base/comps/gnulib/overlays/0001-fix-source-url-filter.overlay.toml @@ -0,0 +1,23 @@ +# Temporary backport of upstream Fedora commit 41cae067 ("Update to git4a3650d +# branch stable-202601") which updated the Source URLs from erislabs.net to +# salsa.debian.org. The old gitweb query-string URLs can't be parsed by the +# rendered-spec filter, so check-module.1 and gnulib-tool.1 get dropped. +# Appending #/filename hints lets the filter extract the correct basename. +# Remove this file when the snapshot advances past that commit. + +[metadata] +category = "backport-dist-git" +commits = ["https://src.fedoraproject.org/rpms/gnulib/c/41cae067"] +upstreamable = false + +[[overlays]] +description = "Temporary: append #/filename hint to Source1 so rendered spec filter can match check-module.1. Remove when snapshot includes f43 commit 41cae067." +type = "spec-update-tag" +tag = "Source1" +value = "https://erislabs.net/gitweb/?p=gnulib.git;a=blob_plain;hb=HEAD;f=debian/manpages/check-module.1#/check-module.1" + +[[overlays]] +description = "Temporary: append #/filename hint to Source2 so rendered spec filter can match gnulib-tool.1. Remove when snapshot includes f43 commit 41cae067." +type = "spec-update-tag" +tag = "Source2" +value = "https://erislabs.net/gitweb/?p=gnulib.git;a=blob_plain;hb=HEAD;f=debian/manpages/gnulib-tool.1#/gnulib-tool.1" diff --git a/base/comps/grub2/grub2.comp.toml b/base/comps/grub2/grub2.comp.toml index f904308f603..51f186b3de3 100644 --- a/base/comps/grub2/grub2.comp.toml +++ b/base/comps/grub2/grub2.comp.toml @@ -1,66 +1 @@ [components.grub2] - -# Disable Xen module builds — not applicable to Azure Linux (Hyper-V/KVM). -# grub.macros enables with_xen_arch and with_xen_pvh_arch on x86_64 by default, -# producing grub2-xen-x64-modules and grub2-xen_pvh-i386-modules subpackages. -[[components.grub2.overlays]] -description = "Disable Xen module build (with_xen_arch) in grub.macros" -type = "file-search-replace" -file = "grub.macros" -regex = '%global with_xen_arch 1' -replacement = '%global with_xen_arch 0' - -[[components.grub2.overlays]] -description = "Disable Xen PVH module build (with_xen_pvh_arch) in grub.macros" -type = "file-search-replace" -file = "grub.macros" -regex = '%global with_xen_pvh_arch 1' -replacement = '%global with_xen_pvh_arch 0' - -# Re-disable os-prober by default. The Fedora grub2 package carries three -# downstream reverts -- Patch0001, Patch0002 and Patch0003 -- that undo upstream's -# os-prober changes (re-enabling it by default and re-introducing an "it's" typo). -# Automatic, silent execution of os-prober is a known attack vector, so Azure -# Linux restores upstream GRUB's secure default. Rather than dropping the Fedora -# reverts (which would shift line numbers and break the context of later -# patches), these three trailing patches are appended to the end of the -# grub.patches series and are exact git reverts of the Fedora reverts. -# -# NOTE: grub2's patch series lives in the %include'd grub.patches file (Source11), -# not as inline PatchNNNN: tags in the spec, so the patch-add overlay cannot see -# the existing 382 patches to number new ones correctly. Instead we stage the -# files with file-add and append their Patch0383/Patch0384/Patch0385 entries to -# grub.patches directly. -[[components.grub2.overlays]] -description = "Stage os-prober revert patch 0383 (revert of Fedora Patch0003)" -type = "file-add" -file = "0383-Revert-Revert-templates-Disable-the-os-prober-by-default.patch" -source = "0383-Revert-Revert-templates-Disable-the-os-prober-by-default.patch" - -[[components.grub2.overlays]] -description = "Stage os-prober revert patch 0384 (revert of Fedora Patch0002), restoring GRUB_DISABLE_OS_PROBER=true" -type = "file-add" -file = "0384-Revert-Revert-templates-Properly-disable-the-os-prober-by-d.patch" -source = "0384-Revert-Revert-templates-Properly-disable-the-os-prober-by-d.patch" - -[[components.grub2.overlays]] -description = "Stage os-prober revert patch 0385 (revert of Fedora Patch0001), restoring upstream's 'Its output' typo fix" -type = "file-add" -file = "0385-Revert-Revert-templates-Fix-user-facing-typo-with-an.patch" -source = "0385-Revert-Revert-templates-Fix-user-facing-typo-with-an.patch" - -[[components.grub2.overlays]] -description = "Append Patch0383/Patch0384/Patch0385 (os-prober reverts) to the end of the grub.patches series" -type = "file-search-replace" -file = "grub.patches" -# Match the exact Patch0382 line. file-search-replace does a literal replacement -# (no regex backreferences), so the matched text is re-emitted verbatim ahead of -# the three appended os-prober reverts. Matching the full filename is deliberate: -# the regex and replacement must stay in lockstep, and if Fedora ever renames the -# 0382 patch this overlay fails loudly at render time rather than silently -# rewriting the line back to the stale name. -regex = 'Patch0382: 0382-Set-correctly-the-memory-attributes-for-the-kernel-P\.patch' -replacement = '''Patch0382: 0382-Set-correctly-the-memory-attributes-for-the-kernel-P.patch -Patch0383: 0383-Revert-Revert-templates-Disable-the-os-prober-by-default.patch -Patch0384: 0384-Revert-Revert-templates-Properly-disable-the-os-prober-by-d.patch -Patch0385: 0385-Revert-Revert-templates-Fix-user-facing-typo-with-an.patch''' diff --git a/base/comps/grub2/overlays/0001-disable-xen-module-build.overlay.toml b/base/comps/grub2/overlays/0001-disable-xen-module-build.overlay.toml new file mode 100644 index 00000000000..8e1005d54e5 --- /dev/null +++ b/base/comps/grub2/overlays/0001-disable-xen-module-build.overlay.toml @@ -0,0 +1,20 @@ +# Disable Xen module builds — not applicable to Azure Linux (Hyper-V/KVM). +# grub.macros enables with_xen_arch and with_xen_pvh_arch on x86_64 by default, +# producing grub2-xen-x64-modules and grub2-xen_pvh-i386-modules subpackages. +[metadata] +category = "azl-pruning" +upstreamable = false + +[[overlays]] +description = "Disable Xen module build (with_xen_arch) in grub.macros" +type = "file-search-replace" +file = "grub.macros" +regex = '%global with_xen_arch 1' +replacement = '%global with_xen_arch 0' + +[[overlays]] +description = "Disable Xen PVH module build (with_xen_pvh_arch) in grub.macros" +type = "file-search-replace" +file = "grub.macros" +regex = '%global with_xen_pvh_arch 1' +replacement = '%global with_xen_pvh_arch 0' diff --git a/base/comps/grub2/overlays/0002-restore-os-prober-secure-default.overlay.toml b/base/comps/grub2/overlays/0002-restore-os-prober-secure-default.overlay.toml new file mode 100644 index 00000000000..ec1fd5a6937 --- /dev/null +++ b/base/comps/grub2/overlays/0002-restore-os-prober-secure-default.overlay.toml @@ -0,0 +1,56 @@ +# Re-disable os-prober by default. The Fedora grub2 package carries three +# downstream reverts -- Patch0001, Patch0002 and Patch0003 -- that undo upstream's +# os-prober changes (re-enabling it by default and re-introducing an "it's" typo). +# Automatic, silent execution of os-prober is a known attack vector, so Azure +# Linux restores upstream GRUB's secure default. Rather than dropping the Fedora +# reverts (which would shift line numbers and break the context of later +# patches), these three trailing patches are appended to the end of the +# grub.patches series and are exact git reverts of the Fedora reverts (restoring +# upstream GRUB's secure default). +# +# This is one logical change with two halves: the three `file-add` overlays +# stage the revert patches, and the final `file-search-replace` wires their +# Patch0383/Patch0384/Patch0385 entries into the patch series. +# +# NOTE: grub2's patch series lives in the %include'd grub.patches file (Source11), +# not as inline PatchNNNN: tags in the spec, so the patch-add overlay cannot see +# the existing 382 patches to number new ones correctly. Instead we stage the +# files with file-add and append their Patch0383/Patch0384/Patch0385 entries to +# grub.patches directly. +[metadata] +category = "azl-security-compliance" +upstreamable = false + +[[overlays]] +description = "Stage os-prober revert patch 0383 (revert of Fedora Patch0003)" +type = "file-add" +file = "0383-Revert-Revert-templates-Disable-the-os-prober-by-default.patch" +source = "../0383-Revert-Revert-templates-Disable-the-os-prober-by-default.patch" + +[[overlays]] +description = "Stage os-prober revert patch 0384 (revert of Fedora Patch0002), restoring GRUB_DISABLE_OS_PROBER=true" +type = "file-add" +file = "0384-Revert-Revert-templates-Properly-disable-the-os-prober-by-d.patch" +source = "../0384-Revert-Revert-templates-Properly-disable-the-os-prober-by-d.patch" + +[[overlays]] +description = "Stage os-prober revert patch 0385 (revert of Fedora Patch0001), restoring upstream's 'Its output' typo fix" +type = "file-add" +file = "0385-Revert-Revert-templates-Fix-user-facing-typo-with-an.patch" +source = "../0385-Revert-Revert-templates-Fix-user-facing-typo-with-an.patch" + +[[overlays]] +description = "Append Patch0383/Patch0384/Patch0385 (os-prober reverts) to the end of the grub.patches series" +type = "file-search-replace" +file = "grub.patches" +# Match the exact Patch0382 line. file-search-replace does a literal replacement +# (no regex backreferences), so the matched text is re-emitted verbatim ahead of +# the three appended os-prober reverts. Matching the full filename is deliberate: +# the regex and replacement must stay in lockstep, and if Fedora ever renames the +# 0382 patch this overlay fails loudly at render time rather than silently +# rewriting the line back to the stale name. +regex = 'Patch0382: 0382-Set-correctly-the-memory-attributes-for-the-kernel-P\.patch' +replacement = '''Patch0382: 0382-Set-correctly-the-memory-attributes-for-the-kernel-P.patch +Patch0383: 0383-Revert-Revert-templates-Disable-the-os-prober-by-default.patch +Patch0384: 0384-Revert-Revert-templates-Properly-disable-the-os-prober-by-d.patch +Patch0385: 0385-Revert-Revert-templates-Fix-user-facing-typo-with-an.patch''' diff --git a/base/comps/gt/gt.comp.toml b/base/comps/gt/gt.comp.toml index b646260721c..7294ece4654 100644 --- a/base/comps/gt/gt.comp.toml +++ b/base/comps/gt/gt.comp.toml @@ -1,17 +1 @@ [components.gt] - -# The upstream spec sets %build_type_safety_c 0 which adds -fpermissive, but that -# is insufficient for GCC's treatment of K&R empty-parens declarations (e.g., -# `FILE *efopen()`) as zero-argument prototypes. Adding -std=gnu89 restores C89 -# semantics where empty parens mean "unspecified arguments," fixing hard errors -# like "too many arguments to function 'efopen'; expected 0, have 2" in dim.c. -# -# Fixed via a patch that addresses the issue in F44 with -# https://src.fedoraproject.org/rpms/gt/c/a8aec4724c07e306085f4b6e1a68e2ebde540359 -[[components.gt.overlays]] -description = "Add -std=gnu89 to CFLAGS to fix K&R C function declarations failing with modern GCC" -type = "spec-prepend-lines" -section = "%build" -lines = [ - 'export CFLAGS="$CFLAGS -std=gnu89"', -] diff --git a/base/comps/gt/overlays/0001-add-std-gnu89-cflags.overlay.toml b/base/comps/gt/overlays/0001-add-std-gnu89-cflags.overlay.toml new file mode 100644 index 00000000000..af6ee8b20fd --- /dev/null +++ b/base/comps/gt/overlays/0001-add-std-gnu89-cflags.overlay.toml @@ -0,0 +1,19 @@ +# The upstream spec sets %build_type_safety_c 0 which adds -fpermissive, but that +# is insufficient for GCC's treatment of K&R empty-parens declarations (e.g., +# `FILE *efopen()`) as zero-argument prototypes. Adding -std=gnu89 restores C89 +# semantics where empty parens mean "unspecified arguments," fixing hard errors +# like "too many arguments to function 'efopen'; expected 0, have 2" in dim.c. +# +# Fixed via a patch that addresses the issue in F44 with +# https://src.fedoraproject.org/rpms/gt/c/a8aec4724c07e306085f4b6e1a68e2ebde540359 +[metadata] +category = "backport-dist-git" +commits = ["https://src.fedoraproject.org/rpms/gt/c/a8aec4724c07e306085f4b6e1a68e2ebde540359"] + +[[overlays]] +description = "Add -std=gnu89 to CFLAGS to fix K&R C function declarations failing with modern GCC" +type = "spec-prepend-lines" +section = "%build" +lines = [ + 'export CFLAGS="$CFLAGS -std=gnu89"', +] diff --git a/base/comps/intel-qpl/intel-qpl.comp.toml b/base/comps/intel-qpl/intel-qpl.comp.toml index 524bbd90f20..de84883bbb3 100644 --- a/base/comps/intel-qpl/intel-qpl.comp.toml +++ b/base/comps/intel-qpl/intel-qpl.comp.toml @@ -1,22 +1 @@ [components.intel-qpl] - -# Drop -DSANITIZE_THREADS=ON from the cmake invocation. Enabling -# ThreadSanitizer in a release build adds 2x-10x runtime overhead and -# 5x-20x memory overhead per the LLVM TSan documentation -# (https://clang.llvm.org/docs/ThreadSanitizer.html), so it has no -# business being on in shipped binaries. -# -# It also breaks at load time in many container configurations: the TSan -# runtime re-execs the process with personality(ADDR_NO_RANDOMIZE) to -# disable ASLR (see compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp -# in llvm/llvm-project), and the personality(2) syscall is blocked by -# Docker's default seccomp profile. The resulting failures show up as -# "FATAL: ThreadSanitizer: unexpected memory mapping ..." aborts (e.g. -# google/sanitizers#1716) when libqpl is loaded inside an unprivileged -# container. Upstream made the same change in -# https://src.fedoraproject.org/rpms/intel-qpl/c/7a433cf7338f7922f90b8819bcfd3b9fb9d4cb35 -[[components.intel-qpl.overlays]] -description = "Disable ThreadSanitizer in release build (perf overhead + breaks under Docker seccomp)." -type = "spec-search-replace" -regex = '-DSANITIZE_THREADS=ON' -replacement = "-DSANITIZE_THREADS=OFF" diff --git a/base/comps/intel-qpl/overlays/0001-disable-threadsanitizer-release-build.overlay.toml b/base/comps/intel-qpl/overlays/0001-disable-threadsanitizer-release-build.overlay.toml new file mode 100644 index 00000000000..d8e604b41f4 --- /dev/null +++ b/base/comps/intel-qpl/overlays/0001-disable-threadsanitizer-release-build.overlay.toml @@ -0,0 +1,24 @@ +# Drop -DSANITIZE_THREADS=ON from the cmake invocation. Enabling +# ThreadSanitizer in a release build adds 2x-10x runtime overhead and +# 5x-20x memory overhead per the LLVM TSan documentation +# (https://clang.llvm.org/docs/ThreadSanitizer.html), so it has no +# business being on in shipped binaries. +# +# It also breaks at load time in many container configurations: the TSan +# runtime re-execs the process with personality(ADDR_NO_RANDOMIZE) to +# disable ASLR (see compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp +# in llvm/llvm-project), and the personality(2) syscall is blocked by +# Docker's default seccomp profile. The resulting failures show up as +# "FATAL: ThreadSanitizer: unexpected memory mapping ..." aborts (e.g. +# google/sanitizers#1716) when libqpl is loaded inside an unprivileged +# container. Upstream made the same change in commit 7a433cf7. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/intel-qpl/c/7a433cf7338f7922f90b8819bcfd3b9fb9d4cb35"] + +[[overlays]] +description = "Disable ThreadSanitizer in release build (perf overhead + breaks under Docker seccomp)." +type = "spec-search-replace" +regex = '-DSANITIZE_THREADS=ON' +replacement = "-DSANITIZE_THREADS=OFF" diff --git a/base/comps/javapackages-tools/javapackages-tools.comp.toml b/base/comps/javapackages-tools/javapackages-tools.comp.toml index 3cec3ba4d13..f1c285fa066 100644 --- a/base/comps/javapackages-tools/javapackages-tools.comp.toml +++ b/base/comps/javapackages-tools/javapackages-tools.comp.toml @@ -1,79 +1 @@ [components.javapackages-tools] - -# Backport of upstream Fedora rawhide commits to remove openjdk21 support: -# - 62dfe8f: https://src.fedoraproject.org/rpms/javapackages-tools/c/62dfe8f -# - 7debb9d: https://src.fedoraproject.org/rpms/javapackages-tools/c/7debb9d -# - 83cd9c8: https://src.fedoraproject.org/rpms/javapackages-tools/c/83cd9c8 -# AZL only ships java-25-openjdk; there is no java-21-openjdk, so -# maven-local-openjdk21 and javapackages-local-openjdk21 have unsatisfiable deps. - -# --- Remove maven-local-openjdk21 subpackage --- - -[[components.javapackages-tools.overlays]] -description = "Remove maven-local-openjdk21 %package section" -type = "spec-remove-section" -section = "%package" -package = "maven-local-openjdk21" - -[[components.javapackages-tools.overlays]] -description = "Remove maven-local-openjdk21 %description section" -type = "spec-remove-section" -section = "%description" -package = "maven-local-openjdk21" - -[[components.javapackages-tools.overlays]] -description = "Remove maven-local-openjdk21 %files section" -type = "spec-remove-section" -section = "%files" -package = "maven-local-openjdk21" - -# --- Remove javapackages-local-openjdk21 subpackage --- - -[[components.javapackages-tools.overlays]] -description = "Remove javapackages-local-openjdk21 %package section" -type = "spec-remove-section" -section = "%package" -package = "javapackages-local-openjdk21" - -[[components.javapackages-tools.overlays]] -description = "Remove javapackages-local-openjdk21 %description section" -type = "spec-remove-section" -section = "%description" -package = "javapackages-local-openjdk21" - -[[components.javapackages-tools.overlays]] -description = "Remove javapackages-local-openjdk21 %files section" -type = "spec-remove-section" -section = "%files" -package = "javapackages-local-openjdk21" - -# --- Remove --jvm=openjdk21 configure flag --- - -[[components.javapackages-tools.overlays]] -description = "Remove --jvm=openjdk21 from configure — keep backslash continuation for openjdk25 line" -type = "spec-search-replace" -section = "%build" -regex = " --jvm=openjdk21=.*openjdk .+" -replacement = " \\" - -# --- Fix broken Requires that reference the virtual 'javapackages-local' provide --- -# Backports of upstream Fedora rawhide commits 7debb9d and 83cd9c8. -# After removing the openjdk21 subpackages, the virtual provide -# 'javapackages-local' only comes from openjdk25. Use explicit names -# to match upstream's fix. - -[[components.javapackages-tools.overlays]] -description = "Fix ivy-local Requires to use explicit openjdk25 (upstream 7debb9d)" -type = "spec-search-replace" -section = "%package" -package = "ivy-local" -regex = 'Requires: javapackages-local = %\{version\}-%\{release\}' -replacement = "Requires: javapackages-local-openjdk25 = %{version}-%{release}" - -[[components.javapackages-tools.overlays]] -description = "Fix javapackages-compat Requires to use javapackages-tools (upstream 83cd9c8)" -type = "spec-search-replace" -section = "%package" -package = "javapackages-compat" -regex = 'Requires: javapackages-local = %\{version\}-%\{release\}' -replacement = "Requires: javapackages-tools = %{version}-%{release}" diff --git a/base/comps/javapackages-tools/overlays/0001-remove-maven-local-openjdk21.overlay.toml b/base/comps/javapackages-tools/overlays/0001-remove-maven-local-openjdk21.overlay.toml new file mode 100644 index 00000000000..a6b764404a0 --- /dev/null +++ b/base/comps/javapackages-tools/overlays/0001-remove-maven-local-openjdk21.overlay.toml @@ -0,0 +1,85 @@ +# Backport of upstream Fedora rawhide commits to remove openjdk21 support: +# - 62dfe8f: https://src.fedoraproject.org/rpms/javapackages-tools/c/62dfe8f +# - 7debb9d: https://src.fedoraproject.org/rpms/javapackages-tools/c/7debb9d +# - 83cd9c8: https://src.fedoraproject.org/rpms/javapackages-tools/c/83cd9c8 +# AZL only ships java-25-openjdk; there is no java-21-openjdk, so +# maven-local-openjdk21 and javapackages-local-openjdk21 have unsatisfiable deps. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = [ + "https://src.fedoraproject.org/rpms/javapackages-tools/c/62dfe8f", + "https://src.fedoraproject.org/rpms/javapackages-tools/c/7debb9d", + "https://src.fedoraproject.org/rpms/javapackages-tools/c/83cd9c8", +] + +# --- Remove maven-local-openjdk21 subpackage --- + +[[overlays]] +description = "Remove maven-local-openjdk21 %package section" +type = "spec-remove-section" +section = "%package" +package = "maven-local-openjdk21" + +[[overlays]] +description = "Remove maven-local-openjdk21 %description section" +type = "spec-remove-section" +section = "%description" +package = "maven-local-openjdk21" + +[[overlays]] +description = "Remove maven-local-openjdk21 %files section" +type = "spec-remove-section" +section = "%files" +package = "maven-local-openjdk21" + +# --- Remove javapackages-local-openjdk21 subpackage --- + +[[overlays]] +description = "Remove javapackages-local-openjdk21 %package section" +type = "spec-remove-section" +section = "%package" +package = "javapackages-local-openjdk21" + +[[overlays]] +description = "Remove javapackages-local-openjdk21 %description section" +type = "spec-remove-section" +section = "%description" +package = "javapackages-local-openjdk21" + +[[overlays]] +description = "Remove javapackages-local-openjdk21 %files section" +type = "spec-remove-section" +section = "%files" +package = "javapackages-local-openjdk21" + +# --- Remove --jvm=openjdk21 configure flag --- + +[[overlays]] +description = "Remove --jvm=openjdk21 from configure — keep backslash continuation for openjdk25 line" +type = "spec-search-replace" +section = "%build" +regex = " --jvm=openjdk21=.*openjdk .+" +replacement = " \\" + +# --- Fix broken Requires that reference the virtual 'javapackages-local' provide --- +# Backports of upstream Fedora rawhide commits 7debb9d and 83cd9c8. +# After removing the openjdk21 subpackages, the virtual provide +# 'javapackages-local' only comes from openjdk25. Use explicit names +# to match upstream's fix. + +[[overlays]] +description = "Fix ivy-local Requires to use explicit openjdk25 (upstream 7debb9d)" +type = "spec-search-replace" +section = "%package" +package = "ivy-local" +regex = 'Requires: javapackages-local = %\{version\}-%\{release\}' +replacement = "Requires: javapackages-local-openjdk25 = %{version}-%{release}" + +[[overlays]] +description = "Fix javapackages-compat Requires to use javapackages-tools (upstream 83cd9c8)" +type = "spec-search-replace" +section = "%package" +package = "javapackages-compat" +regex = 'Requires: javapackages-local = %\{version\}-%\{release\}' +replacement = "Requires: javapackages-tools = %{version}-%{release}" diff --git a/base/comps/kdump-utils/kdump-utils.comp.toml b/base/comps/kdump-utils/kdump-utils.comp.toml index 782a1f2a81e..5a66a746a44 100644 --- a/base/comps/kdump-utils/kdump-utils.comp.toml +++ b/base/comps/kdump-utils/kdump-utils.comp.toml @@ -1,7 +1 @@ [components.kdump-utils] - -# Upstream (currently unmerged) PR: https://github.com/rhkdump/kdump-utils/pull/153 -[[components.kdump-utils.overlays]] -description = "Use only first match in _find_kernel_path_by_release()" -type = "patch-add" -source = "kdumpctl-Use-only-first-match-in-_find_kernel_path_b.patch" diff --git a/base/comps/kdump-utils/overlays/0001-only-first-match-find.overlay.toml b/base/comps/kdump-utils/overlays/0001-only-first-match-find.overlay.toml new file mode 100644 index 00000000000..731edcccd96 --- /dev/null +++ b/base/comps/kdump-utils/overlays/0001-only-first-match-find.overlay.toml @@ -0,0 +1,11 @@ +# Upstream (currently unmerged) PR: https://github.com/rhkdump/kdump-utils/pull/153 +# The commit below is the PR's head commit (not yet merged upstream). +[metadata] +category = "backport-dist-git" +upstreamable = true +commits = ["https://github.com/rhkdump/kdump-utils/commit/c999bac950b817d229549d57f592980f4dc1655b"] + +[[overlays]] +description = "Use only first match in _find_kernel_path_by_release()" +type = "patch-add" +source = "../kdumpctl-Use-only-first-match-in-_find_kernel_path_b.patch" diff --git a/base/comps/maven/maven.comp.toml b/base/comps/maven/maven.comp.toml index bb416bf1eba..07d94233fcc 100644 --- a/base/comps/maven/maven.comp.toml +++ b/base/comps/maven/maven.comp.toml @@ -1,13 +1 @@ [components.maven] - -# Backport of upstream Fedora rawhide commit e19767f: remove openjdk21 binding. -# https://src.fedoraproject.org/rpms/maven/c/e19767f -# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the -# maven-openjdk21 subpackage has an unsatisfiable dependency. - -[[components.maven.overlays]] -description = "Remove openjdk21 JDK binding lines — AZL does not ship java-21-openjdk" -type = "spec-search-replace" -section = "%install" -regex = '.*openjdk21.*' -replacement = '' diff --git a/base/comps/maven/overlays/0001-remove-openjdk21-jdk-binding.overlay.toml b/base/comps/maven/overlays/0001-remove-openjdk21-jdk-binding.overlay.toml new file mode 100644 index 00000000000..baf6cab0eeb --- /dev/null +++ b/base/comps/maven/overlays/0001-remove-openjdk21-jdk-binding.overlay.toml @@ -0,0 +1,14 @@ +# Backport of upstream Fedora rawhide commit e19767f: remove openjdk21 binding. +# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the +# maven-openjdk21 subpackage has an unsatisfiable dependency. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/maven/c/e19767f"] + +[[overlays]] +description = "Remove openjdk21 JDK binding lines — AZL does not ship java-21-openjdk" +type = "spec-search-replace" +section = "%install" +regex = '.*openjdk21.*' +replacement = '' diff --git a/base/comps/maven4/maven4.comp.toml b/base/comps/maven4/maven4.comp.toml index 8b6912830f9..de9abb738b5 100644 --- a/base/comps/maven4/maven4.comp.toml +++ b/base/comps/maven4/maven4.comp.toml @@ -1,13 +1 @@ [components.maven4] - -# Backport of upstream Fedora rawhide commit 4b6c6ee: remove openjdk21 binding. -# https://src.fedoraproject.org/rpms/maven4/c/4b6c6ee -# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the -# maven4-openjdk21 subpackage has an unsatisfiable dependency. - -[[components.maven4.overlays]] -description = "Remove openjdk21 JDK binding lines — AZL does not ship java-21-openjdk" -type = "spec-search-replace" -section = "%install" -regex = '.*openjdk21.*' -replacement = '' diff --git a/base/comps/maven4/overlays/0001-remove-openjdk21-jdk-binding.overlay.toml b/base/comps/maven4/overlays/0001-remove-openjdk21-jdk-binding.overlay.toml new file mode 100644 index 00000000000..d12d226443c --- /dev/null +++ b/base/comps/maven4/overlays/0001-remove-openjdk21-jdk-binding.overlay.toml @@ -0,0 +1,14 @@ +# Backport of upstream Fedora rawhide commit 4b6c6ee: remove openjdk21 binding. +# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the +# maven4-openjdk21 subpackage has an unsatisfiable dependency. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/maven4/c/4b6c6ee"] + +[[overlays]] +description = "Remove openjdk21 JDK binding lines — AZL does not ship java-21-openjdk" +type = "spec-search-replace" +section = "%install" +regex = '.*openjdk21.*' +replacement = '' diff --git a/base/comps/rust-podman-sequoia/overlays/0001-enable-dlwrap-clang-runtime.overlay.toml b/base/comps/rust-podman-sequoia/overlays/0001-enable-dlwrap-clang-runtime.overlay.toml new file mode 100644 index 00000000000..59d17705466 --- /dev/null +++ b/base/comps/rust-podman-sequoia/overlays/0001-enable-dlwrap-clang-runtime.overlay.toml @@ -0,0 +1,28 @@ +# Fix build failure: clang-sys "runtime" feature unification causes panic +# in dlwrap's build script because libclang is loaded via dlopen but +# clang_sys::load() is never called. +# +# When bindgen (a transitive build-dep) enables clang-sys/runtime, Cargo +# feature unification applies it to the shared clang-sys instance used by +# dlwrap's clang dependency. But without dlwrap's clang-runtime feature, +# the clang crate doesn't know to call load() first — causing a panic: +# "a `libclang` shared library is not loaded on this thread" +# +# The clang-runtime feature (added in dlwrap 0.3.9) propagates the runtime +# feature through clang and clang-sys, ensuring load() is called. +# +# Fedora hit the same issue with 0.2.0-4.fc44 mass rebuild and resolved +# it by bumping to 0.3.2 and adding the equivalent patch to enable building +# dlwrap with the clang-runtime feature in the podman-sequoia toml. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = [ + "https://src.fedoraproject.org/rpms/rust-podman-sequoia/c/7f0694fa51b07b8d1f2cb839f685365731306a1b", + "https://github.com/ueno/podman-sequoia/commit/9bedf62e6d538c1c28b7e7fbece0113c5a151d18", +] + +[[overlays]] +description = "Enable dlwrap clang-runtime feature to fix libclang loading panic caused by Cargo feature unification with bindgen" +type = "patch-add" +source = "../enable-dlwrap-clang-runtime.patch" diff --git a/base/comps/rust-podman-sequoia/rust-podman-sequoia.comp.toml b/base/comps/rust-podman-sequoia/rust-podman-sequoia.comp.toml index 77b74c2a0c1..b28b4f3778a 100644 --- a/base/comps/rust-podman-sequoia/rust-podman-sequoia.comp.toml +++ b/base/comps/rust-podman-sequoia/rust-podman-sequoia.comp.toml @@ -1,25 +1 @@ [components.rust-podman-sequoia] - -# Fix build failure: clang-sys "runtime" feature unification causes panic -# in dlwrap's build script because libclang is loaded via dlopen but -# clang_sys::load() is never called. -# -# When bindgen (a transitive build-dep) enables clang-sys/runtime, Cargo -# feature unification applies it to the shared clang-sys instance used by -# dlwrap's clang dependency. But without dlwrap's clang-runtime feature, -# the clang crate doesn't know to call load() first — causing a panic: -# "a `libclang` shared library is not loaded on this thread" -# -# The clang-runtime feature (added in dlwrap 0.3.9) propagates the runtime -# feature through clang and clang-sys, ensuring load() is called. -# -# Fedora hit the same issue with 0.2.0-4.fc44 mass rebuild and resolved -# it by bumping to 0.3.2 and adding the equivalent patch to enable building -# dlwrap with the clang-runtime feature in the podman-sequoia toml: -# https://src.fedoraproject.org/rpms/rust-podman-sequoia/c/7f0694fa51b07b8d1f2cb839f685365731306a1b?branch=f44 -# Upstream podman-sequoia change: -# https://github.com/ueno/podman-sequoia/commit/9bedf62e6d538c1c28b7e7fbece0113c5a151d18 -[[components.rust-podman-sequoia.overlays]] -description = "Enable dlwrap clang-runtime feature to fix libclang loading panic caused by Cargo feature unification with bindgen" -type = "patch-add" -source = "enable-dlwrap-clang-runtime.patch" diff --git a/base/comps/sos/overlays/0001-fix-os-release-name.overlay.toml b/base/comps/sos/overlays/0001-fix-os-release-name.overlay.toml new file mode 100644 index 00000000000..3c80a3efd4e --- /dev/null +++ b/base/comps/sos/overlays/0001-fix-os-release-name.overlay.toml @@ -0,0 +1,12 @@ +# Microsoft-authored sos Policy fix so os_release_name matches the os-release +# NAME field on Azure Linux. Upstreamed as sosreport/sos commit 48c34be5. +[metadata] +category = "backport-dist-git" +upstreamable = true +commits = ["https://github.com/sosreport/sos/commit/48c34be5c676408a48aab663ac3497a5cdb27f61"] + +[[overlays]] +description = "Fix os_release_name value to match os-release NAME" +type = "patch-add" +file = "Policy-Fix-os_release_name-value.patch" +source = "../Policy-Fix-os_release_name-value.patch" diff --git a/base/comps/sos/overlays/0002-add-os-release-id.overlay.toml b/base/comps/sos/overlays/0002-add-os-release-id.overlay.toml new file mode 100644 index 00000000000..bd8b233d632 --- /dev/null +++ b/base/comps/sos/overlays/0002-add-os-release-id.overlay.toml @@ -0,0 +1,12 @@ +# Microsoft-authored sos Policy fix so os_release_id matches the os-release +# ID field on Azure Linux. Upstreamed as sosreport/sos commit fcc6a5f4. +[metadata] +category = "backport-dist-git" +upstreamable = true +commits = ["https://github.com/sosreport/sos/commit/fcc6a5f498bc1e7edf7c2f2acf0f506ced0f21dc"] + +[[overlays]] +description = "Add os_release_id value to match os-release ID" +type = "patch-add" +file = "Policy-Add-os_release_id-check.patch" +source = "../Policy-Add-os_release_id-check.patch" diff --git a/base/comps/sos/overlays/0003-add-missing-cloud-init.overlay.toml b/base/comps/sos/overlays/0003-add-missing-cloud-init.overlay.toml new file mode 100644 index 00000000000..c7538f77d1a --- /dev/null +++ b/base/comps/sos/overlays/0003-add-missing-cloud-init.overlay.toml @@ -0,0 +1,13 @@ +# Backport of upstream sos PR sosreport/sos#4318 (merged as 3aff70c2): add the +# missing cloud-init systemd service units for the cloud-init >= 24.3 +# single-process optimization. +[metadata] +category = "backport-dist-git" +upstreamable = true +commits = ["https://github.com/sosreport/sos/commit/3aff70c2f55567c6aa911e4434e0ab59eb497044"] + +[[overlays]] +description = "Add missing cloud-init systemd service units for cloud-init >= 24.3 single-process optimization (upstream PR sosreport/sos#4318)" +type = "patch-add" +file = "cloud_init-add-missing-systemd-service-units.patch" +source = "../cloud_init-add-missing-systemd-service-units.patch" diff --git a/base/comps/sos/overlays/0004-add-dnf5-support-dnf.overlay.toml b/base/comps/sos/overlays/0004-add-dnf5-support-dnf.overlay.toml new file mode 100644 index 00000000000..bd6e5bfb094 --- /dev/null +++ b/base/comps/sos/overlays/0004-add-dnf5-support-dnf.overlay.toml @@ -0,0 +1,12 @@ +# Backport of upstream sos PR sosreport/sos#4311 (merged as b8ba38e8, closes +# issue #4308): initial dnf5 support in the dnf plugin. +[metadata] +category = "backport-dist-git" +upstreamable = true +commits = ["https://github.com/sosreport/sos/commit/b8ba38e844c085abefca44b1b11b9522a18b8fa2"] + +[[overlays]] +description = "Add dnf5 support in dnf plugin" +type = "patch-add" +file = "dnf-initial-dnf5-support-in-dnf-plugin.patch" +source = "../dnf-initial-dnf5-support-in-dnf-plugin.patch" diff --git a/base/comps/sos/sos.comp.toml b/base/comps/sos/sos.comp.toml index 70ca82d1c08..d917276342f 100644 --- a/base/comps/sos/sos.comp.toml +++ b/base/comps/sos/sos.comp.toml @@ -1,25 +1 @@ [components.sos] - -[[components.sos.overlays]] -description = "Fix os_release_name value to match os-release NAME" -type = "patch-add" -file = "Policy-Fix-os_release_name-value.patch" -source = "Policy-Fix-os_release_name-value.patch" - -[[components.sos.overlays]] -description = "Add os_release_id value to match os-release ID" -type = "patch-add" -file = "Policy-Add-os_release_id-check.patch" -source = "Policy-Add-os_release_id-check.patch" - -[[components.sos.overlays]] -description = "Add missing cloud-init systemd service units for cloud-init >= 24.3 single-process optimization (upstream PR sosreport/sos#4318)" -type = "patch-add" -file = "cloud_init-add-missing-systemd-service-units.patch" -source = "cloud_init-add-missing-systemd-service-units.patch" - -[[components.sos.overlays]] -description = "Add dnf5 support in dnf plugin" -type = "patch-add" -file = "dnf-initial-dnf5-support-in-dnf-plugin.patch" -source = "dnf-initial-dnf5-support-in-dnf-plugin.patch" diff --git a/base/comps/sssd/overlays/0001-remove-gdm-pam-extensions.overlay.toml b/base/comps/sssd/overlays/0001-remove-gdm-pam-extensions.overlay.toml new file mode 100644 index 00000000000..bb2737e9438 --- /dev/null +++ b/base/comps/sssd/overlays/0001-remove-gdm-pam-extensions.overlay.toml @@ -0,0 +1,16 @@ +# Remove gdm-pam-extensions-devel build dependency — GDM desktop features are not needed. +# Upstream SSSD guards all GDM code behind #ifdef HAVE_GDM_PAM_EXTENSIONS and +# HAVE_GDM_CUSTOM_JSON_PAM_EXTENSION, which are set by AC_CHECK_HEADERS at configure time. +# When the headers are absent the macros are simply not defined and the GDM code is compiled out. +# The only effect is that two GDM-specific PAM UI features are disabled: +# - prompt_multi_cert_gdm(): smartcard certificate selection via GDM's choice list +# - auth_selection_conversation_gdm(): auth mechanism selection via GDM's JSON protocol +# Both have text-based fallbacks that are used automatically (return ENOTSUP -> caller uses fallback). +[metadata] +category = "azl-pruning" + +[[overlays]] +description = "Remove gdm-pam-extensions-devel BuildRequires (GDM desktop features not needed)" +type = "spec-remove-tag" +tag = "BuildRequires" +value = "gdm-pam-extensions-devel" diff --git a/base/comps/sssd/overlays/0002-fix-platform-m4-sourcing.overlay.toml b/base/comps/sssd/overlays/0002-fix-platform-m4-sourcing.overlay.toml new file mode 100644 index 00000000000..01499ae59ab --- /dev/null +++ b/base/comps/sssd/overlays/0002-fix-platform-m4-sourcing.overlay.toml @@ -0,0 +1,11 @@ +# Backport of upstream SSSD PR sssd/sssd#8397 (merged as 308af8f2): fix +# platform.m4 sourcing /etc/os-release overwriting the VERSION shell variable. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://github.com/SSSD/sssd/commit/308af8f215eea347a32d068e658d99bb1bfb2ba9"] + +[[overlays]] +description = "Fix platform.m4 sourcing /etc/os-release overwriting VERSION shell variable, which breaks @VERSION@ substitutions in .in files" +type = "patch-add" +source = "../fix-platform-m4-version-overwrite.patch" diff --git a/base/comps/sssd/sssd.comp.toml b/base/comps/sssd/sssd.comp.toml index b005454978e..1d146865de9 100644 --- a/base/comps/sssd/sssd.comp.toml +++ b/base/comps/sssd/sssd.comp.toml @@ -1,23 +1 @@ [components.sssd] - -# Remove gdm-pam-extensions-devel build dependency — GDM desktop features are not needed. -# Upstream SSSD guards all GDM code behind #ifdef HAVE_GDM_PAM_EXTENSIONS and -# HAVE_GDM_CUSTOM_JSON_PAM_EXTENSION, which are set by AC_CHECK_HEADERS at configure time. -# When the headers are absent the macros are simply not defined and the GDM code is compiled out. -# The only effect is that two GDM-specific PAM UI features are disabled: -# - prompt_multi_cert_gdm(): smartcard certificate selection via GDM's choice list -# - auth_selection_conversation_gdm(): auth mechanism selection via GDM's JSON protocol -# See: https://github.com/SSSD/sssd/blob/master/src/sss_client/pam_sss.c (search for HAVE_GDM_PAM_EXTENSIONS) -# Both have text-based fallbacks that are used automatically (return ENOTSUP -> caller uses fallback). -[[components.sssd.overlays]] -description = "Remove gdm-pam-extensions-devel BuildRequires (GDM desktop features not needed)" -type = "spec-remove-tag" -tag = "BuildRequires" -value = "gdm-pam-extensions-devel" - -# Fix sourcing /etc/os-release overwriting VERSION variable in platform.m4 -# Upstream PR: https://github.com/SSSD/sssd/pull/8397 -[[components.sssd.overlays]] -description = "Fix platform.m4 sourcing /etc/os-release overwriting VERSION shell variable, which breaks @VERSION@ substitutions in .in files" -type = "patch-add" -source = "fix-platform-m4-version-overwrite.patch" diff --git a/base/comps/vamp-plugin-sdk/overlays/0001-re-number-existing-patch.overlay.toml b/base/comps/vamp-plugin-sdk/overlays/0001-re-number-existing-patch.overlay.toml new file mode 100644 index 00000000000..21435798c59 --- /dev/null +++ b/base/comps/vamp-plugin-sdk/overlays/0001-re-number-existing-patch.overlay.toml @@ -0,0 +1,26 @@ +# The sdkstatic target runs ranlib on the static archives as a recipe +# command after the archive files are built. Other targets (host, plugins, +# rdfgen) depend on the archive files directly, not on sdkstatic. With +# parallel make (-jN), the linker can read an archive while ranlib is +# still rewriting its symbol table. +# +# Fix by moving ranlib into the individual archive target recipes so the +# archive file is not considered up-to-date until ranlib has finished. +# Mirrors the fix in Fedora rawhide vamp-plugin-sdk-2.10-4; the Makefile race +# fix is upstream c4dm/vamp-plugin-sdk commit da2d66f. +[metadata] +category = "backport-dist-git" +upstreamable = true +commits = ["https://github.com/c4dm/vamp-plugin-sdk/commit/da2d66f570b14b62c5ad5a5c9de38f024ac4e217"] + +[[overlays]] +description = "Re-number existing patch and add new makefile.in patch" +type = "spec-search-replace" +regex = "Patch: %.name.-libdir.diff" +replacement = "Patch0: %{name}-libdir.diff\nPatch1: 0001-Fix-race-in-Makefile.in.patch" + +[[overlays]] +description = "Add Makefile.in patch to fix make race" +type = "file-add" +file = "0001-Fix-race-in-Makefile.in.patch" +source = "../0001-Fix-race-in-Makefile.in.patch" diff --git a/base/comps/vamp-plugin-sdk/vamp-plugin-sdk.comp.toml b/base/comps/vamp-plugin-sdk/vamp-plugin-sdk.comp.toml index 53dc2de50f2..04fee3e4e6a 100644 --- a/base/comps/vamp-plugin-sdk/vamp-plugin-sdk.comp.toml +++ b/base/comps/vamp-plugin-sdk/vamp-plugin-sdk.comp.toml @@ -1,21 +1 @@ [components.vamp-plugin-sdk] - -# The sdkstatic target runs ranlib on the static archives as a recipe -# command after the archive files are built. Other targets (host, plugins, -# rdfgen) depend on the archive files directly, not on sdkstatic. With -# parallel make (-jN), the linker can read an archive while ranlib is -# still rewriting its symbol table. -# -# Fix by moving ranlib into the individual archive target recipes so the -# archive file is not considered up-to-date until ranlib has finished. -[[components.vamp-plugin-sdk.overlays]] -description = "Re-number existing patch and add new makefile.in patch" -type = "spec-search-replace" -regex = "Patch: %.name.-libdir.diff" -replacement = "Patch0: %{name}-libdir.diff\nPatch1: 0001-Fix-race-in-Makefile.in.patch" - -[[components.vamp-plugin-sdk.overlays]] -description = "Add Makefile.in patch to fix make race" -type = "file-add" -file = "0001-Fix-race-in-Makefile.in.patch" -source = "0001-Fix-race-in-Makefile.in.patch" diff --git a/base/comps/xbean/overlays/0001-remove-buildrequires-maven-local.overlay.toml b/base/comps/xbean/overlays/0001-remove-buildrequires-maven-local.overlay.toml new file mode 100644 index 00000000000..11a267b4e01 --- /dev/null +++ b/base/comps/xbean/overlays/0001-remove-buildrequires-maven-local.overlay.toml @@ -0,0 +1,20 @@ +# AZL ships only java-25-openjdk; there is no java-21-openjdk, so the +# upstream BuildRequires on maven-local-openjdk21 is unsatisfiable. +# Retarget to the openjdk25 variant. This is the openjdk21 -> openjdk25 +# portion of Fedora rawhide commit 1df289d. +[metadata] +category = "backport-dist-git" +upstreamable = true +commits = ["https://src.fedoraproject.org/rpms/xbean/c/1df289d87c3617482e813a5dac348b01c67d271f"] + +[[overlays]] +description = "Remove BuildRequires on maven-local-openjdk21 — AZL does not ship java-21-openjdk" +type = "spec-remove-tag" +tag = "BuildRequires" +value = "maven-local-openjdk21" + +[[overlays]] +description = "Add BuildRequires on maven-local-openjdk25 in place of maven-local-openjdk21" +type = "spec-add-tag" +tag = "BuildRequires" +value = "maven-local-openjdk25" diff --git a/base/comps/xbean/overlays/0002-pass-force-mvn-build.overlay.toml b/base/comps/xbean/overlays/0002-pass-force-mvn-build.overlay.toml new file mode 100644 index 00000000000..b423b3f8ef6 --- /dev/null +++ b/base/comps/xbean/overlays/0002-pass-force-mvn-build.overlay.toml @@ -0,0 +1,18 @@ +# Backport from Fedora rawhide commit 1df289d (the test-skip portion of): +# https://src.fedoraproject.org/rpms/xbean/c/1df289d87c3617482e813a5dac348b01c67d271f?branch=rawhide +# Upstream tests fail under jdk25; rawhide added `--force` to `%mvn_build` +# so the build proceeds despite test failures. The openjdk21 -> openjdk25 +# portion of that same commit is handled by the BuildRequires overlays +# in 0001. Drop this overlay once the default Fedora 43 snapshot in +# distro/azurelinux.distro.toml advances past a commit that includes this +# change. +[metadata] +category = "backport-dist-git" +upstreamable = true +commits = ["https://src.fedoraproject.org/rpms/xbean/c/1df289d87c3617482e813a5dac348b01c67d271f"] + +[[overlays]] +description = "Pass --force to %mvn_build to skip tests that fail under jdk25 (backport from Fedora rawhide)" +type = "spec-search-replace" +regex = '^%mvn_build -- ' +replacement = '%mvn_build --force -- ' diff --git a/base/comps/xbean/xbean.comp.toml b/base/comps/xbean/xbean.comp.toml index ec0dc71913d..4dc2c40ed4e 100644 --- a/base/comps/xbean/xbean.comp.toml +++ b/base/comps/xbean/xbean.comp.toml @@ -1,30 +1 @@ [components.xbean] - -# AZL ships only java-25-openjdk; there is no java-21-openjdk, so the -# upstream BuildRequires on maven-local-openjdk21 is unsatisfiable. -# Retarget to the openjdk25 variant. -[[components.xbean.overlays]] -description = "Remove BuildRequires on maven-local-openjdk21 — AZL does not ship java-21-openjdk" -type = "spec-remove-tag" -tag = "BuildRequires" -value = "maven-local-openjdk21" - -[[components.xbean.overlays]] -description = "Add BuildRequires on maven-local-openjdk25 in place of maven-local-openjdk21" -type = "spec-add-tag" -tag = "BuildRequires" -value = "maven-local-openjdk25" - -# Backport from Fedora rawhide commit (the test-skip portion of): -# https://src.fedoraproject.org/rpms/xbean/c/1df289d87c3617482e813a5dac348b01c67d271f?branch=rawhide -# Upstream tests fail under jdk25; rawhide added `--force` to `%mvn_build` -# so the build proceeds despite test failures. The openjdk21 -> openjdk25 -# portion of that same commit is handled by the BuildRequires overlays -# above. Drop this overlay once the default Fedora 43 snapshot in -# distro/azurelinux.distro.toml advances past a commit that includes this -# change. -[[components.xbean.overlays]] -description = "Pass --force to %mvn_build to skip tests that fail under jdk25 (backport from Fedora rawhide)" -type = "spec-search-replace" -regex = '^%mvn_build -- ' -replacement = '%mvn_build --force -- ' diff --git a/base/comps/xclock/overlays/0001-pass-force-autoreconf-autopoint.overlay.toml b/base/comps/xclock/overlays/0001-pass-force-autoreconf-autopoint.overlay.toml new file mode 100644 index 00000000000..e70cb97d907 --- /dev/null +++ b/base/comps/xclock/overlays/0001-pass-force-autoreconf-autopoint.overlay.toml @@ -0,0 +1,12 @@ +# Upstream fix: https://src.fedoraproject.org/rpms/xclock/c/1e407488967006428f14fa87fe0cd63e6cf77ce0 +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/xclock/c/1e407488967006428f14fa87fe0cd63e6cf77ce0"] + +[[overlays]] +description = "Pass --force to autoreconf so autopoint overwrites the locally modified config.rpath. Fixed upstream in Fedora rawhide (xclock-1.1.1-11)." +type = "spec-search-replace" +section = "%build" +regex = 'autoreconf -v --install' +replacement = 'autoreconf -v --install --force' diff --git a/base/comps/xclock/xclock.comp.toml b/base/comps/xclock/xclock.comp.toml index 5bf8d9ac433..cfbf3e8cfdf 100644 --- a/base/comps/xclock/xclock.comp.toml +++ b/base/comps/xclock/xclock.comp.toml @@ -1,9 +1 @@ [components.xclock] - -# Upstream fix: https://src.fedoraproject.org/rpms/xclock/c/1e407488967006428f14fa87fe0cd63e6cf77ce0 -[[components.xclock.overlays]] -description = "Pass --force to autoreconf so autopoint overwrites the locally modified config.rpath. Fixed upstream in Fedora rawhide (xclock-1.1.1-11)." -type = "spec-search-replace" -section = "%build" -regex = 'autoreconf -v --install' -replacement = 'autoreconf -v --install --force' diff --git a/base/comps/xmvn/overlays/0001-remove-openjdk21-toolchain-lines.overlay.toml b/base/comps/xmvn/overlays/0001-remove-openjdk21-toolchain-lines.overlay.toml new file mode 100644 index 00000000000..bdbcde6b7f9 --- /dev/null +++ b/base/comps/xmvn/overlays/0001-remove-openjdk21-toolchain-lines.overlay.toml @@ -0,0 +1,14 @@ +# Backport of upstream Fedora rawhide commit 2c9d321: remove openjdk21 toolchains. +# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the +# xmvn-toolchain-openjdk21 subpackage has an unsatisfiable dependency. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/xmvn/c/2c9d321"] + +[[overlays]] +description = "Remove openjdk21 toolchain lines — AZL does not ship java-21-openjdk" +type = "spec-search-replace" +section = "%install" +regex = '.*openjdk21.*' +replacement = '' diff --git a/base/comps/xmvn/xmvn.comp.toml b/base/comps/xmvn/xmvn.comp.toml index eb6f3505f6f..1d608bcf961 100644 --- a/base/comps/xmvn/xmvn.comp.toml +++ b/base/comps/xmvn/xmvn.comp.toml @@ -1,13 +1 @@ [components.xmvn] - -# Backport of upstream Fedora rawhide commit 2c9d321: remove openjdk21 toolchains. -# https://src.fedoraproject.org/rpms/xmvn/c/2c9d321 -# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the -# xmvn-toolchain-openjdk21 subpackage has an unsatisfiable dependency. - -[[components.xmvn.overlays]] -description = "Remove openjdk21 toolchain lines — AZL does not ship java-21-openjdk" -type = "spec-search-replace" -section = "%install" -regex = '.*openjdk21.*' -replacement = '' diff --git a/base/comps/xmvn5/overlays/0001-remove-openjdk21-toolchain-lines.overlay.toml b/base/comps/xmvn5/overlays/0001-remove-openjdk21-toolchain-lines.overlay.toml new file mode 100644 index 00000000000..ffd1bdc408e --- /dev/null +++ b/base/comps/xmvn5/overlays/0001-remove-openjdk21-toolchain-lines.overlay.toml @@ -0,0 +1,14 @@ +# Backport of upstream Fedora rawhide commit b9afca4: remove openjdk21 toolchains. +# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the +# xmvn5-toolchain-openjdk21 subpackage has an unsatisfiable dependency. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://src.fedoraproject.org/rpms/xmvn5/c/b9afca4"] + +[[overlays]] +description = "Remove openjdk21 toolchain lines — AZL does not ship java-21-openjdk" +type = "spec-search-replace" +section = "%install" +regex = '.*openjdk21.*' +replacement = '' diff --git a/base/comps/xmvn5/xmvn5.comp.toml b/base/comps/xmvn5/xmvn5.comp.toml index adba78c73cc..ddeb06a5e5a 100644 --- a/base/comps/xmvn5/xmvn5.comp.toml +++ b/base/comps/xmvn5/xmvn5.comp.toml @@ -1,13 +1 @@ [components.xmvn5] - -# Backport of upstream Fedora rawhide commit b9afca4: remove openjdk21 toolchains. -# https://src.fedoraproject.org/rpms/xmvn5/c/b9afca4 -# AZL only ships java-25-openjdk; there is no java-21-openjdk, so the -# xmvn5-toolchain-openjdk21 subpackage has an unsatisfiable dependency. - -[[components.xmvn5.overlays]] -description = "Remove openjdk21 toolchain lines — AZL does not ship java-21-openjdk" -type = "spec-search-replace" -section = "%install" -regex = '.*openjdk21.*' -replacement = '' diff --git a/base/comps/xsimd/overlays/0001-apply-patch-fix-arm64.overlay.toml b/base/comps/xsimd/overlays/0001-apply-patch-fix-arm64.overlay.toml new file mode 100644 index 00000000000..e4294946963 --- /dev/null +++ b/base/comps/xsimd/overlays/0001-apply-patch-fix-arm64.overlay.toml @@ -0,0 +1,12 @@ +# Backport fix for ARM64 SVE static assertion failure from upstream commit 0fd437f. +# Changes std::is_same to std::is_base_of to handle derived arch types like i8mm. +[metadata] +category = "backport-dist-git" +upstreamable = false +commits = ["https://github.com/xtensor-stack/xsimd/commit/0fd437f"] + +[[overlays]] +description = "Apply patch to fix ARM64 static check compile failure" +type = "patch-add" +file = "xsimd-sve-fix.patch" +source = "../xsimd-sve-fix.patch" diff --git a/base/comps/xsimd/xsimd.comp.toml b/base/comps/xsimd/xsimd.comp.toml index 5d7fbf58c32..22e44c3b909 100644 --- a/base/comps/xsimd/xsimd.comp.toml +++ b/base/comps/xsimd/xsimd.comp.toml @@ -1,11 +1 @@ -# Backport fix for ARM64 SVE static assertion failure from upstream commit 0fd437f. -# Changes std::is_same to std::is_base_of to handle derived arch types like i8mm. -# -# Upstream commit: https://github.com/xtensor-stack/xsimd/commit/0fd437f [components.xsimd] - -[[components.xsimd.overlays]] -description = "Apply patch to fix ARM64 static check compile failure" -type = "patch-add" -file = "xsimd-sve-fix.patch" -source = "xsimd-sve-fix.patch" diff --git a/base/comps/zbar/overlays/0001-remove-gir-typelib-entries.overlay.toml b/base/comps/zbar/overlays/0001-remove-gir-typelib-entries.overlay.toml new file mode 100644 index 00000000000..46600f23341 --- /dev/null +++ b/base/comps/zbar/overlays/0001-remove-gir-typelib-entries.overlay.toml @@ -0,0 +1,27 @@ +# Since GLib 2.80, gobject-introspection tools (g-ir-scanner) were merged into +# glib2 but the legacy tools still live in a separate package. The zbar configure +# script autodetects g-ir-scanner and won't generate typelibs without it, but the +# spec never explicitly BuildRequires it — it only worked by accident through +# transitive deps. Fedora dropped the GIR file listings in rawhide (release 10). +# We do the same: remove the typelib/gir entries from %files so the build doesn't +# fail when g-ir-scanner isn't present. +[metadata] +category = "backport-dist-git" +upstreamable = true +commits = ["https://src.fedoraproject.org/rpms/zbar/c/a1e97927fd862a8ca777462155b54c4ee4176923"] + +[[overlays]] +description = "Remove GIR typelib entries from zbar-gtk %files (g-ir-scanner not available, aligns with Fedora rawhide)" +type = "spec-search-replace" +section = "%files" +package = "gtk" +regex = '%.*girepository-1\.0.*' +replacement = "" + +[[overlays]] +description = "Remove GIR data entries from zbar-gtk-devel %files (g-ir-scanner not available, aligns with Fedora rawhide)" +type = "spec-search-replace" +section = "%files" +package = "gtk-devel" +regex = '%.*gir-1\.0.*' +replacement = "" diff --git a/base/comps/zbar/overlays/0002-remove-libv4l-devel-buildrequires.overlay.toml b/base/comps/zbar/overlays/0002-remove-libv4l-devel-buildrequires.overlay.toml new file mode 100644 index 00000000000..54c3c39eea3 --- /dev/null +++ b/base/comps/zbar/overlays/0002-remove-libv4l-devel-buildrequires.overlay.toml @@ -0,0 +1,16 @@ +# v4l-utils/libv4l not shipped in AZL — disable video capture support. +[metadata] +category = "azl-pruning" + +[[overlays]] +description = "Remove libv4l-devel BuildRequires — libv4l not shipped in AZL" +type = "spec-remove-tag" +tag = "BuildRequires" +value = "libv4l-devel" + +[[overlays]] +description = "Disable video capture support — libv4l not shipped in AZL" +type = "spec-search-replace" +section = "%build" +regex = '%configure ' +replacement = '%configure --without-video ' diff --git a/base/comps/zbar/zbar.comp.toml b/base/comps/zbar/zbar.comp.toml index 22f5e11d44c..3b7f5203d13 100644 --- a/base/comps/zbar/zbar.comp.toml +++ b/base/comps/zbar/zbar.comp.toml @@ -1,41 +1 @@ [components.zbar] - -# Since GLib 2.80, gobject-introspection tools (g-ir-scanner) were merged into -# glib2 but the legacy tools still live in a separate package. The zbar configure -# script autodetects g-ir-scanner and won't generate typelibs without it, but the -# spec never explicitly BuildRequires it — it only worked by accident through -# transitive deps. Fedora dropped the GIR file listings in rawhide (release 10). -# We do the same: remove the typelib/gir entries from %files so the build doesn't -# fail when g-ir-scanner isn't present. -# Ref: https://src.fedoraproject.org/rpms/zbar/c/a1e97927fd862a8ca777462155b54c4ee4176923 ("Fix FTBFS") - -[[components.zbar.overlays]] -description = "Remove GIR typelib entries from zbar-gtk %files (g-ir-scanner not available, aligns with Fedora rawhide)" -type = "spec-search-replace" -section = "%files" -package = "gtk" -regex = '%.*girepository-1\.0.*' -replacement = "" - -[[components.zbar.overlays]] -description = "Remove GIR data entries from zbar-gtk-devel %files (g-ir-scanner not available, aligns with Fedora rawhide)" -type = "spec-search-replace" -section = "%files" -package = "gtk-devel" -regex = '%.*gir-1\.0.*' -replacement = "" - -# v4l-utils/libv4l not shipped in AZL — disable video capture support. - -[[components.zbar.overlays]] -description = "Remove libv4l-devel BuildRequires — libv4l not shipped in AZL" -type = "spec-remove-tag" -tag = "BuildRequires" -value = "libv4l-devel" - -[[components.zbar.overlays]] -description = "Disable video capture support — libv4l not shipped in AZL" -type = "spec-search-replace" -section = "%build" -regex = '%configure ' -replacement = '%configure --without-video ' diff --git a/external/schemas/azldev.schema.json b/external/schemas/azldev.schema.json index e2e8dd16836..d665b45f9bd 100644 --- a/external/schemas/azldev.schema.json +++ b/external/schemas/azldev.schema.json @@ -3,6 +3,22 @@ "$id": "https://github.com/microsoft/azure-linux-dev-tools/internal/projectconfig/config-file", "$ref": "#/$defs/ConfigFile", "$defs": { + "BugRef": { + "properties": { + "url": { + "type": "string", + "pattern": "^https?://", + "format": "uri", + "title": "URL", + "description": "HTTP(S) link to the bug entry" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "url" + ] + }, "CheckConfig": { "properties": { "skip": { @@ -119,6 +135,14 @@ "title": "Overlays", "description": "Overlays to apply to this component's spec and/or sources" }, + "overlay-files": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Overlay files", + "description": "Path or glob patterns (relative to the component config file or matched spec directory) matched against the filesystem to locate per-file overlay documents after component config resolution. Use an empty list to disable inherited overlay-file patterns" + }, "build": { "$ref": "#/$defs/ComponentBuildConfig", "title": "Build configuration", @@ -278,6 +302,11 @@ "type": "string", "title": "Source", "description": "For overlays that require a source file as input" + }, + "metadata": { + "$ref": "#/$defs/OverlayMetadata", + "title": "Metadata", + "description": "Optional documentation metadata describing the overlay's intent and provenance" } }, "additionalProperties": false, @@ -344,6 +373,11 @@ "title": "Distros", "description": "Definitions of distros to build for or consume from" }, + "resources": { + "$ref": "#/$defs/ResourcesConfig", + "title": "Resources", + "description": "Reusable named resource definitions" + }, "component-groups": { "additionalProperties": { "$ref": "#/$defs/ComponentGroupConfig" @@ -513,6 +547,11 @@ "type": "string", "title": "Mock config file", "description": "Path to the aarch64 mock config file for this version" + }, + "inputs": { + "$ref": "#/$defs/DistroVersionInputs", + "title": "Inputs", + "description": "Per-use-case input repositories" } }, "additionalProperties": false, @@ -521,6 +560,44 @@ "release-ver" ] }, + "DistroVersionInput": { + "properties": { + "repo": { + "type": "string", + "title": "Repo", + "description": "Name of an entry under [resources.rpm-repos]; mutually exclusive with set" + }, + "set": { + "type": "string", + "title": "Set", + "description": "Name of an entry under [resources.rpm-repo-sets]; mutually exclusive with repo" + } + }, + "additionalProperties": false, + "type": "object" + }, + "DistroVersionInputs": { + "properties": { + "rpm-build": { + "items": { + "$ref": "#/$defs/DistroVersionInput" + }, + "type": "array", + "title": "RPM-build inputs", + "description": "Repos and repo-sets made available to mock when building RPMs" + }, + "image-build": { + "items": { + "$ref": "#/$defs/DistroVersionInput" + }, + "type": "array", + "title": "Image-build inputs", + "description": "Repos and repo-sets made available to kiwi when building images" + } + }, + "additionalProperties": false, + "type": "object" + }, "ImageCapabilities": { "properties": { "machine-bootable": { @@ -663,6 +740,53 @@ "type" ] }, + "OverlayMetadata": { + "properties": { + "category": { + "type": "string", + "enum": [ + "backport-dist-git", + "azl-pruning", + "azl-compatibility", + "azl-dep-missing-workaround", + "azl-branding-policy", + "azl-disable-flaky-tests", + "azl-disable-unsupported-tests", + "azl-security-compliance", + "azl-release-management", + "azl-platform-adaptation" + ], + "title": "Category", + "description": "Classification of the overlay's intent" + }, + "commits": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Commits", + "description": "URLs of upstream commits this overlay backports or references" + }, + "bugs": { + "items": { + "$ref": "#/$defs/BugRef" + }, + "type": "array", + "title": "Bug references", + "description": "References to issue-tracker entries related to this overlay" + }, + "upstreamable": { + "type": "boolean", + "title": "Upstreamable", + "description": "Whether this overlay's change can be upstreamed; omit if not yet assessed" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "category" + ] + }, "PackageConfig": { "properties": { "publish": { @@ -846,6 +970,206 @@ "additionalProperties": false, "type": "object" }, + "ResourcesConfig": { + "properties": { + "rpm-repos": { + "additionalProperties": { + "$ref": "#/$defs/RpmRepoResource" + }, + "propertyNames": { + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9_.:-]*$", + "description": "Name; projected verbatim into dnf section headers and kiwi --add-repo arguments." + }, + "type": "object", + "title": "RPM repositories", + "description": "Reusable named RPM repository definitions" + }, + "rpm-repo-set-templates": { + "additionalProperties": { + "$ref": "#/$defs/RpmRepoSetTemplate" + }, + "propertyNames": { + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9_.:-]*$", + "description": "Name; projected verbatim into dnf section headers and kiwi --add-repo arguments." + }, + "type": "object", + "title": "RPM repo set templates", + "description": "Named layout templates that describe a fixed matrix of sub-repos" + }, + "rpm-repo-sets": { + "additionalProperties": { + "$ref": "#/$defs/RpmRepoSet" + }, + "propertyNames": { + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9_.:-]*$", + "description": "Name; projected verbatim into dnf section headers and kiwi --add-repo arguments." + }, + "type": "object", + "title": "RPM repo sets", + "description": "Template instantiations that expand to a group of related RPM repos" + } + }, + "additionalProperties": false, + "type": "object" + }, + "RpmRepoResource": { + "oneOf": [ + { + "not": { + "required": [ + "metalink" + ] + }, + "required": [ + "base-uri" + ] + }, + { + "not": { + "required": [ + "base-uri" + ] + }, + "required": [ + "metalink" + ] + } + ], + "properties": { + "description": { + "type": "string", + "title": "Description", + "description": "Human-readable description (diagnostic only)" + }, + "type": { + "type": "string", + "enum": [ + "rpm-md" + ], + "title": "Type", + "description": "Repository access protocol; defaults to rpm-md" + }, + "base-uri": { + "type": "string", + "pattern": "^https?://[^\\s]+$", + "format": "uri", + "title": "Base URI", + "description": "Repository base URI (dnf baseurl). Mutually exclusive with metalink. Must be an http(s) URL." + }, + "metalink": { + "type": "string", + "pattern": "^https?://[^\\s]+$", + "format": "uri", + "title": "Metalink", + "description": "Repository metalink URL. Mutually exclusive with base-uri. Must be an http(s) URL." + }, + "disable-gpg-check": { + "type": "boolean", + "title": "Disable GPG check", + "description": "Opt out of GPG signature verification for this repo (zero value = checking enabled)" + }, + "gpg-key": { + "type": "string", + "pattern": "^((https?|file)://\\S+|[^\\s:]\\S*)$", + "title": "GPG key", + "description": "Path or URI to the GPG key file. Accepted URI schemes: http, https, file. Bare paths are resolved relative to the defining TOML file." + }, + "arches": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Arches", + "description": "Restrict to specific target architectures; empty = all" + } + }, + "additionalProperties": false, + "type": "object" + }, + "RpmRepoSet": { + "properties": { + "description": { + "type": "string", + "title": "Description", + "description": "Human-readable description (diagnostic only)" + }, + "template": { + "type": "string", + "title": "Template", + "description": "Name of the rpm-repo-set-template to instantiate" + }, + "base-uri": { + "type": "string", + "pattern": "^https?://[^\\s]+$", + "format": "uri", + "title": "Base URI", + "description": "URL prefix under which all sub-repos in this set live" + }, + "name-prefix": { + "type": "string", + "title": "Name prefix", + "description": "Prepended to each sub-repo's name to form the repo ID" + }, + "gpg-key": { + "type": "string", + "pattern": "^\\S+$", + "title": "GPG key", + "description": "Path or URI to the GPG key file. Accepted URI schemes: http, https, file. Bare paths are resolved relative to the defining TOML file." + }, + "disable-gpg-check": { + "type": "boolean", + "title": "Disable GPG check", + "description": "Opt out of GPG signature verification for repos in this set" + }, + "arches": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Arches", + "description": "Restrict to specific target architectures; empty = all" + }, + "subrepos": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Sub-repos", + "description": "Allowlist of template sub-repos to instantiate (default: all)" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "template", + "base-uri" + ] + }, + "RpmRepoSetTemplate": { + "properties": { + "description": { + "type": "string", + "title": "Description", + "description": "Human-readable description (diagnostic only)" + }, + "subrepos": { + "items": { + "$ref": "#/$defs/SubrepoSpec" + }, + "type": "array", + "title": "Sub-repos", + "description": "Ordered list of sub-repos in the layout" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "subrepos" + ] + }, "SourceFileReference": { "properties": { "filename": { @@ -934,6 +1258,36 @@ "type" ] }, + "SubrepoSpec": { + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "Stable short identifier; combined with the set's name-prefix to form the repo ID" + }, + "subpath": { + "type": "string", + "title": "Sub-path", + "description": "Relative path under the set's base URI; may contain $basearch" + }, + "kind": { + "type": "string", + "enum": [ + "binary", + "debug", + "source" + ], + "title": "Kind", + "description": "Sub-repo classification; defaults to binary" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "subpath" + ] + }, "TestSuiteConfig": { "properties": { "description": {