From 1d220b99da468e1cdeffff2f00cdd51a53b56e91 Mon Sep 17 00:00:00 2001
From: Lokesh Mandvekar <lsm5@fedoraproject.org>
Date: Wed, 5 Feb 2025 20:12:12 +0530
Subject: [PATCH] [skip-ci] RPM: cleanup macro defs

The default `gobuild` macro on CentOS Stream 9 now includes support for
`BUILDTAGS`.

CentOS Stream envs now also define `_user_tmpfilesdir` macro by default.
Both these definitions are no longer needed here.

`libtrust_openssl` buildtag is also set in spec wherever relevant.

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
---
 rpm/podman.spec | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/rpm/podman.spec b/rpm/podman.spec
index 8e2635a304..303037ac6d 100644
--- a/rpm/podman.spec
+++ b/rpm/podman.spec
@@ -7,21 +7,8 @@
 %global debug_package %{nil}
 %endif
 
-# RHEL's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we
-# set it separately here and do not depend on RHEL's go-[s]rpm-macros package
-# until that's fixed.
-# c9s bz: https://bugzilla.redhat.com/show_bug.cgi?id=2227328
-%if %{defined rhel} && 0%{?rhel} < 10
-%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
-%endif
-
 %global gomodulesmode GO111MODULE=on
 
-%if %{defined rhel}
-# _user_tmpfiles.d currently undefined on rhel
-%global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d
-%endif
-
 %if %{defined fedora}
 %define build_with_btrfs 1
 # qemu-system* isn't packageed for CentOS Stream / RHEL
@@ -32,6 +19,11 @@
 %define copr_build 1
 %endif
 
+# Only RHEL and CentOS Stream rpms are built with fips-enabled go compiler
+%if %{defined rhel}
+%define fips_enabled 1
+%endif
+
 %global container_base_path github.com/containers
 %global container_base_url https://%{container_base_path}
 
@@ -251,6 +243,14 @@ LDFLAGS="-X %{ld_libpod}/define.buildInfo=${SOURCE_DATE_EPOCH:-$(date +%s)} \
 
 export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"
 
+# libtrust_openssl buildtag switches to using the FIPS-compatible func
+# `ecdsa.HashSign`.
+# Ref 1: https://github.com/golang-fips/go/blob/main/patches/015-add-hash-sign-verify.patch#L22
+# Ref 2: https://github.com/containers/libtrust/blob/main/ec_key_openssl.go#L23
+%if %{defined fips_enabled}
+export BASEBUILDTAGS="$BASEBUILDTAGS libtrust_openssl"
+%endif
+
 # build %%{name}
 export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh)"
 %gobuild -o bin/%{name} ./cmd/%{name}