Restoring `azl` macro usage. (#8292)

SPECS/asc/asc.spec

@@ -1,6 +1,6 @@
 Summary:        Package for Mariner to meet Azure Security Baseline 
 Name:           asc
-Version:        3.0
+Version:        %{azl}.0
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation

SPECS/azurelinux-repos/azurelinux-repos.spec

@@ -1,6 +1,6 @@
 Summary:        AzureLinux repo files, gpg keys
 Name:           azurelinux-repos
-Version:        3.0
+Version:        %{azl}.0
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation

SPECS/azurelinux-rpm-macros/azurelinux-rpm-macros.spec

@@ -6,7 +6,7 @@
 %global __brp_python_bytecompile %{nil}
 Summary:        Azure Linux specific rpm macro files
 Name:           azurelinux-rpm-macros
-Version:        3.0
+Version:        %{azl}.0
 Release:        2%{?dist}
 License:        GPL+ AND MIT
 Vendor:         Microsoft Corporation

SPECS/build-essential/build-essential.spec

@@ -1,6 +1,6 @@
 Summary:        Metapackage to install all build tools
 Name:           build-essential
-Version:        3.0
+Version:        %{azl}.0
 Release:        2%{?dist}
 License:        GPLv2
 Requires:       autoconf

SPECS/ca-certificates/ca-certificates.spec

@@ -44,7 +44,7 @@ Name:           ca-certificates
 
 # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "prebuilt-ca-certificates*" packages as well.
 Epoch:          1
-Version:        3.0.0
+Version:        %{azl}.0.0
 Release:        4%{?dist}
 License:        MPLv2.0
 Vendor:         Microsoft Corporation
@@ -324,7 +324,7 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
 %{_bindir}/bundle2pem.sh
 
 %changelog
-* Wed Feb 28 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 3.0.0-3
+* Wed Feb 28 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 3.0.0-4
 - Updated certdata.base.txt to replace CBL-Mariner with Azure Linux
 
 * Sat Jan 27 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0.0-3

SPECS/core-packages/core-packages.spec

@@ -1,6 +1,6 @@
 Summary:        Metapackage with core sets of packages
 Name:           core-packages
-Version:        3.0
+Version:        %{azl}.0
 Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation

SPECS/distroless-packages/distroless-packages.spec

@@ -1,6 +1,6 @@
 Summary:        Metapackage with core sets of packages for distroless containers.
 Name:           distroless-packages
-Version:        3.0
+Version:        %{azl}.0
 Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation

SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec

@@ -2,7 +2,7 @@ Summary:        Prebuilt version of ca-certificates-base package.
 Name:           prebuilt-ca-certificates-base
 # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well.
 Epoch:          1
-Version:        3.0.0
+Version:        %{azl}.0.0
 Release:        4%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation

SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec

@@ -2,7 +2,7 @@ Summary:        Prebuilt version of ca-certificates package.
 Name:           prebuilt-ca-certificates
 # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well.
 Epoch:          1
-Version:        3.0.0
+Version:        %{azl}.0.0
 Release:        4%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation

toolkit/scripts/toolchain/build_official_toolchain_rpms.sh

@@ -54,13 +54,22 @@ PARAM_BUILD_NUM=$MARINER_BUILD_NUMBER
 PARAM_RELEASE_VER=$MARINER_RELEASE_VERSION
 
 if [ "$RUN_CHECK" = "y" ]; then
-    export CHECK_SETTING=" "
-    export CHECK_DEFINE_NUM="1"
+    CHECK_SETTING=" "
+    CHECK_DEFINE_NUM="1"
 else
-    export CHECK_SETTING="--nocheck"
-    export CHECK_DEFINE_NUM="0"
+    CHECK_SETTING="--nocheck"
+    CHECK_DEFINE_NUM="0"
 fi
 
+SHARED_RPM_MACROS=(                                                         \
+    -D "$MARINER_DIST_MACRO"                                                \
+    -D "dist                    $PARAM_DIST_TAG"                            \
+    -D "distro_module_ldflags   -Wl,-dT,%{_topdir}/BUILD/module_info.ld"    \
+    -D "distro_release_version  $PARAM_RELEASE_VER"                         \
+    -D "mariner_build_number    $PARAM_BUILD_NUM"                           \
+    -D "with_check              $CHECK_DEFINE_NUM"                          \
+    )
+
 # Assumption: pipeline has copied file: build/toolchain/toolchain_from_container.tar.gz
 # Or, if toolchain-build-all was called, both of the following will exist:
 #       build/toolchain/populated_toolchain
@@ -201,8 +210,8 @@ chroot_and_install_rpms () {
         # This is a heuristic to find the associated RPMs. In theory we should instead use a more selective filtering like
         # we use for build_rpm_in_chroot_no_install by querying for exact RPMs that match $2 found in $1.spec however to
         # preserve the existing behavior we'll just copy all RPMs that match the name-version-release string.
-        #     e.g. matching_rpms=$(rpmspec -q $specPath --srpm --define="with_check $CHECK_DEFINE_NUM" --define="_sourcedir $specDir" --define="dist $PARAM_DIST_TAG" --builtrpms --queryformat '%{nvra}.rpm\n' | grep $2)
-        verrel=$(rpmspec -q $specPath --srpm --define="with_check $CHECK_DEFINE_NUM" --define="_sourcedir $specDir" --define="dist $PARAM_DIST_TAG" --define="$MARINER_DIST_MACRO" --queryformat %{VERSION}-%{RELEASE})
+        #     e.g. matching_rpms=$(rpmspec -q $specPath --srpm "${SHARED_RPM_MACROS[@]}" --define="_sourcedir $specDir" --builtrpms --queryformat '%{nvra}.rpm\n' | grep $2)
+        verrel=$(rpmspec -q $specPath --srpm "${SHARED_RPM_MACROS[@]}" --define="_sourcedir $specDir" --queryformat %{VERSION}-%{RELEASE})
         # Do not include any files with "debuginfo" in the name
         find $CHROOT_RPMS_DIR -name "$2*$verrel*" ! -name "*debuginfo*" -exec cp {} $CHROOT_INSTALL_RPM_DIR ';'
     else
@@ -230,17 +239,16 @@ chroot_and_run_rpmbuild () {
     echo "Will build spec for $1 in chroot"
     chroot_mount
 
-    chroot "$LFS" /usr/bin/env -i          \
-        HOME=/root                         \
-        TERM="$TERM"                       \
-        PS1='\u:\w\$ '                     \
-        PATH=/bin:/usr/bin:/sbin:/usr/sbin \
-        SHELL=/bin/bash                    \
-        rpmbuild --nodeps --rebuild --clean     \
-            $CHECK_SETTING                 \
-            --define "with_check $CHECK_DEFINE_NUM" --define "dist $PARAM_DIST_TAG" --define "$MARINER_DIST_MACRO" --define "mariner_build_number $PARAM_BUILD_NUM" \
-            --define "distro_release_version $PARAM_RELEASE_VER" $TOPDIR/SRPMS/$1 \
-            --define "distro_module_ldflags  -Wl,-dT,%{_topdir}/BUILD/module_info.ld" \
+    chroot "$LFS" /usr/bin/env -i           \
+        HOME=/root                          \
+        TERM="$TERM"                        \
+        PS1='\u:\w\$ '                      \
+        PATH=/bin:/usr/bin:/sbin:/usr/sbin  \
+        SHELL=/bin/bash                     \
+        rpmbuild --nodeps --rebuild --clean \
+            "$CHECK_SETTING"                \
+            "${SHARED_RPM_MACROS[@]}"       \
+            "$TOPDIR/SRPMS/$1"              \
             || echo "$1" >> "$TOOLCHAIN_FAILURES"
 
     chroot_unmount
@@ -255,7 +263,7 @@ build_rpm_in_chroot_no_install () {
 
     specPath=$(find $SPECROOT -name "$1.spec" -print -quit)
     specDir=$(dirname $specPath)
-    rpmMacros=(-D "with_check $CHECK_DEFINE_NUM" -D "_sourcedir $specDir" -D "dist $PARAM_DIST_TAG")
+    rpmMacros=("${SHARED_RPM_MACROS[@]}" -D "_sourcedir $specDir")
     builtRpms="$(rpmspec -q $specPath --builtrpms "${rpmMacros[@]}" --queryformat="%{nvra}.rpm\n")"
 
     # Find all the associated RPMs for the SRPM and check if they are in the chroot RPM directory