Bug 1548548

Summary: jss: Partial Fedora build flags injection
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: jssAssignee: Endi Sukma Dewata <edewata>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 28CC: cfu, edewata, elio.maldonado.batiz, fweimer, jmagne, kwright, mharmsen, nkinder, rcritten, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: jss-4.4.3-1.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-11 23:02:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1539083    

Description Florian Weimer 2018-02-23 20:05:20 UTC 
/usr/lib64/jss/libjss4.so in jss-4.4.2-10.fc28.x86_64 is not linked with the standard Fedora linker flags (LDFLAGS) from redhat-rpm-config.

I tried setting LDFLAGS in the %build section of the RPM spec file (similar to XCFLAGS), but this did not have the desired effect.

See https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md for information on RPM macros and environment variables provided by the build environment.
Comment 1 Endi Sukma Dewata 2018-03-07 18:14:43 UTC 
If I understand correctly basically the linker needs to be invoked with -specs=/usr/lib/rpm/redhat/redhat-hardened-ld flag. I have tried adding %set_build_flags into the %build section, which added the above flag into LDFLAGS, but it only affected one linker:

gcc -o Linux4.16_x86_64_glibc_PTH_64_OPT.OBJ/nsinstall -O2 -D_POSIX_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE -fPIC -DLINUX2_1  -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DUSE_UTIL_DIRECTLY -I/usr/include/nspr4  -I/usr/include/nss3 -I/usr/include/nspr4  -I../../../dist/Linux4.16_x86_64_glibc_PTH_64_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -g -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -mcet -fcf-protection Linux4.16_x86_64_glibc_PTH_64_OPT.OBJ/nsinstall.o Linux4.16_x86_64_glibc_PTH_64_OPT.OBJ/pathsub.o -Wl,-z,relro  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld     -lpthread  -ldl -lc

and not the other:

gcc -shared  -Wl,-z,defs -Wl,-soname -Wl,libjss4.so  -Wl,--version-script,Linux4.14_x86_64_glibc_PTH_64_OPT.OBJ/jssmap.linux -o Linux4.14_x86_64_glibc_PTH_64_OPT.OBJ/libjss4.so  ...<snip>...   -L/usr/lib64  -lsmime3 -lssl3 -lnss3 -lnssutil3 -L/usr/lib64  -lplc4 -lplds4 -lnspr4   -lpthread  -ldl -lc

Christina, Jack, or Matt, do you know which code that triggers the second linker, and how should we fix it? Should this be fixed upstream as well? Thanks.
Comment 2 Endi Sukma Dewata 2018-03-07 19:42:17 UTC 
This seems to be caused by an upstream JSS bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=583666
Comment 3 Endi Sukma Dewata 2018-03-07 21:10:36 UTC 
Florian,

I created a COPR build using a patch from the upstream bug:

https://copr.fedorainfracloud.org/coprs/edewata/pki-10.6/build/725449/

Does this look OK? Once confirmed, I'll create a Koji build. Thanks.
Comment 4 Florian Weimer 2018-03-12 10:28:12 UTC 
(In reply to Endi Sukma Dewata from comment #3)
> Florian,
> 
> I created a COPR build using a patch from the upstream bug:
> 
> https://copr.fedorainfracloud.org/coprs/edewata/pki-10.6/build/725449/

jss-4.4.3-1.fc28.x86_64.rpm under that URL looks fixed.
Comment 5 Igor Gnatenko 2018-03-26 08:46:49 UTC 
Can you build it in Fedora too?
Comment 6 Fedora Update System 2018-04-05 21:27:13 UTC 
jss-4.4.3-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-acd3fd298c
Comment 7 Endi Sukma Dewata 2018-04-05 22:18:40 UTC 
I've built it for Fedora 28 and 29 on Koji.
Comment 8 Fedora Update System 2018-04-06 18:56:15 UTC 
jss-4.4.3-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-acd3fd298c
Comment 9 Fedora Update System 2018-04-11 23:02:22 UTC 
jss-4.4.3-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.