From ce3565569898bf6d39c503f7c5e9b0424114a160 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 11 Jul 2024 11:18:46 +0200 Subject: [PATCH] Silence 'rpminspect --tests=stack-prot' The stack-prot test [1] currently fails in Fedora and RHEL 10. On Fedora, it says: Hardened: /usr/bin/toolbox: FAIL: stack-prot test because stack protection not enabled (lto:_cgo_6f668e16310a_Cfunc_mygetgrnam_r) According to the documentation [1], the test is supposed to pass if the C compiler is GCC and it was used with the -fstack-protector-strong option. That's definitely the case, since both Fedora and RHEL 10 use GCC by default, and their default build flags (including %optflags) include -fstack-protector-strong. There's also no function called mygetgrnam() in neither Toolbx nor its chain of dependencies. Therefore, temporarily disable the stack-prot test to prevent the Fedora and RHEL CIs from failing. [1] https://sourceware.org/annobin/annobin.html/Test-stack-prot.html Resolves: RHEL-33522 --- rpminspect.yaml | 2 +- toolbox.spec | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/rpminspect.yaml b/rpminspect.yaml index c7177c4..ab3e59b 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -5,7 +5,7 @@ annocheck: extra_opts: - hardened: --skip-run-path + hardened: --skip-run-path --skip-stack-prot runpath: allowed_paths: diff --git a/toolbox.spec b/toolbox.spec index 9188edf..b44b5dc 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.5 %endif %endif -Release: 13%{?dist} +Release: 14%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -206,6 +206,11 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-14 +- Silence 'rpminspect --tests=stack-prot' +- Silence 'rpminspect --tests=annocheck' (part 2) +Resolves: RHEL-33522 + * Mon Jun 24 2024 Troy Dawson - 0.0.99.5-13 - Bump release for June 2024 mass rebuild