Fix CET support

While the current implementation works on Fedora, on c9s/rhel
the CFLAGS haven't been set at this point yet, so we are missing
the -fcfprotection flag in ASMFLAGS. Using build_cflags avoids
this ordering problem.

Additionally, add -Wl,-z,cet-report=error to the libLLVM.so linker
flags, so we can detect such issues earlier in the future.

Resolves: rhbz#2222040
This commit is contained in:
Nikita Popov 2023-08-01 09:45:07 +02:00
parent d6edf66cab
commit 26f02f62c3

View File

@ -81,7 +81,7 @@ ver:rc%{rc_ver}}.src
Name: %{pkg_name} Name: %{pkg_name}
Version: %{maj_ver}.%{min_ver}.%{patch_ver}%{?rc_ver:~rc%{rc_ver}} Version: %{maj_ver}.%{min_ver}.%{patch_ver}%{?rc_ver:~rc%{rc_ver}}
Release: 1%{?dist} Release: 2%{?dist}
Summary: The Low Level Virtual Machine Summary: The Low Level Virtual Machine
License: Apache-2.0 WITH LLVM-exception OR NCSA License: Apache-2.0 WITH LLVM-exception OR NCSA
@ -279,7 +279,7 @@ mv %{third_party_srcdir} third-party
%endif %endif
# Copy CFLAGS into ASMFLAGS, so -fcf-protection is used when compiling assembly files. # Copy CFLAGS into ASMFLAGS, so -fcf-protection is used when compiling assembly files.
export ASMFLAGS=$CFLAGS export ASMFLAGS="%{build_cflags}"
# force off shared libs as cmake macros turns it on. # force off shared libs as cmake macros turns it on.
%cmake -G Ninja \ %cmake -G Ninja \
@ -355,7 +355,8 @@ export ASMFLAGS=$CFLAGS
-DCMAKE_INSTALL_PREFIX=%{install_prefix} \ -DCMAKE_INSTALL_PREFIX=%{install_prefix} \
-DLLVM_INSTALL_SPHINX_HTML_DIR=%{_pkgdocdir}/html \ -DLLVM_INSTALL_SPHINX_HTML_DIR=%{_pkgdocdir}/html \
-DSPHINX_EXECUTABLE=%{_bindir}/sphinx-build-3 \ -DSPHINX_EXECUTABLE=%{_bindir}/sphinx-build-3 \
-DLLVM_INCLUDE_BENCHMARKS=OFF -DLLVM_INCLUDE_BENCHMARKS=OFF \
-DCMAKE_SHARED_LINKER_FLAGS="-Wl,-z,cet-report=error"
# Build libLLVM.so first. This ensures that when libLLVM.so is linking, there # Build libLLVM.so first. This ensures that when libLLVM.so is linking, there
# are no other compile jobs running. This will help reduce OOM errors on the # are no other compile jobs running. This will help reduce OOM errors on the
@ -647,6 +648,9 @@ fi
%endif %endif
%changelog %changelog
* Tue Aug 01 2023 Nikita Popov <npopov@redhat.com> - 16.0.6-2
- Fix CET support
* Tue Jul 04 2023 Nikita Popov <npopov@redhat.com> - 16.0.6-1 * Tue Jul 04 2023 Nikita Popov <npopov@redhat.com> - 16.0.6-1
- Update to LLVM 16.0.6 - Update to LLVM 16.0.6