Debarshi Ray
b78b16e24a
Update to 0.0.99.6
...
Update the compiler and linker flags for RHEL 10 by incorporating the
distribution's defaults from RHEL 10.0 Beta, because RHEL 10.0 is still
early in its development cycle and the defaults may be in a state of
flux. Some exceptions are mentioned below.
The '-z pack-relative-relocs' linker flag was left out. It's currently
not supported on s390x, so using it would require architecture specific
patches, which is a hassle. Support for aarch64 was recently added [1],
so hopefully s390x will also be supported soon.
The change to use the RPM's %{name}, %{version}, %{release} and the
SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to
generate the build ID annotation for the toolbox(1) binary [3] was left
out. It will need more work to propagate the RPM's %{name}, %{version}
and %{release} to Meson.
The 'rpminspect --tests=elf' test run by the downstream CI was silenced
because toolbox(1) is only built with the '-z relro' linker flag, but
not '-z now' [4]. Otherwise, it fails with:
/usr/bin/toolbox lost full GNU_RELRO security protection
Stop carrying the downstream patch for the compiler and linker flags for
PPC64. The architecture was already discontinued from Fedora 29 [5],
even before the patch was added [6]. It was added purely for the sake
of completeness, and in the last four years since it was introduced, it
hasn't been tested or used. At this point it's becoming too much of a
maintenance burden, and removing it silences the %ifarch-applied-patch
warning from rpmlint.
Fill in some of the missing Requires for the toolbox-tests sub-package.
[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b
https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b
https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42
https://issues.redhat.com/browse/RHEL-40379
[2] https://reproducible-builds.org/docs/source-date-epoch/
[3] go-rpm-macros commit 1980932bf3a21890
https://pagure.io/go-rpm-macros/c/1980932bf3a21890
https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds
[4] Upstream commit 83f28c52e47c2d44
https://github.com/containers/toolbox/commit/83f28c52e47c2d44
https://github.com/containers/toolbox/pull/1548
[5] https://fedoraproject.org/wiki/Changes/DiscontinuePPC64
[6] Fedora toolbox commit ba60453d21
https://src.fedoraproject.org/rpms/toolbox/c/ba60453d216a9226
https://src.fedoraproject.org/rpms/toolbox/pull-request/2
Resolves: RHEL-61579
2024-10-04 22:22:54 +02:00
Debarshi Ray
ce35655698
Silence 'rpminspect --tests=stack-prot'
...
The stack-prot test [1] currently fails in Fedora and RHEL 10. On
Fedora, it says:
Hardened: /usr/bin/toolbox: FAIL: stack-prot test because stack
protection not enabled (lto:_cgo_6f668e16310a_Cfunc_mygetgrnam_r)
According to the documentation [1], the test is supposed to pass if the
C compiler is GCC and it was used with the -fstack-protector-strong
option. That's definitely the case, since both Fedora and RHEL 10 use
GCC by default, and their default build flags (including %optflags)
include -fstack-protector-strong.
There's also no function called mygetgrnam() in neither Toolbx nor its
chain of dependencies.
Therefore, temporarily disable the stack-prot test to prevent the Fedora
and RHEL CIs from failing.
[1] https://sourceware.org/annobin/annobin.html/Test-stack-prot.html
Resolves: RHEL-33522
2024-07-11 11:23:33 +02:00
Debarshi Ray
fa705ed622
Silence 'rpminspect --tests=annocheck' (part 2)
...
In recent times, 'rpminspect --tests=annocheck', run by the Fedora CI,
has been failing because of the intentional DT_RPATH or DT_RUNPATH value
of /run/host%{_libdir} that's present in %{_bindir}/toolbox [1]. It's
not clear if they started failing again only recently due to changes in
rpminspect(1), or if the previous attempt at silencing it was broken and
never actually worked [2].
[1] Upstream commit 6063eb27b9893994
https://github.com/containers/toolbox/commit/6063eb27b9893994
https://github.com/containers/toolbox/issues/821
[2] Commit 12fabacd03
https://github.com/rpminspect/rpminspect/issues/1296
Resolves: RHEL-33522
2024-07-11 11:23:29 +02:00