Bug 1538725

Summary: redhat-rpm-config: Enable CET build flags on x86_64
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: redhat-rpm-configAssignee: Florian Weimer <fweimer>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: ajax, codonell, dzickus, ffesti, fweimer, herrold, ignatenko, john.j5live, jonathan, law, pmatilai, praiskup
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: redhat-rpm-config-87-1.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-15 09:40:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1537255    
Bug Blocks: 1534527    

Description Florian Weimer 2018-01-25 16:49:46 UTC 
According to Intel, we need -fcf-protection -mcet.

This can only land after GCC 8 is in the buildroot.
Comment 1 Florian Weimer 2018-01-25 18:17:50 UTC 
We can build with the additional NOPs with GCC 8, but the actual glibc ABI for CET has not settled yet, so that will not get us the CET markup in the ELF notes.

https://sourceware.org/ml/libc-alpha/2018-01/msg00832.html

As far as I understand it, we'd need another mass rebuild to get binaries which are actually CET-compatible.