Bug 1701359

Summary: rpmdiff message: Detecting usr/bin/buildah with not-hardened warnings
Product: Red Hat Enterprise Linux 8 Reporter: Lokesh Mandvekar <lsm5>
Component: buildahAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Joy Pu <ypu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: deparker, dwalsh, jnovy, kanderso, tstellar, tsweeney, ypu
Target Milestone: rc   
Target Release: 8.4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: buildah-1.15.1-2.el8 and newer Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1701361 1701362 (view as bug list) Environment:
Last Closed: 2021-02-16 14:21:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lokesh Mandvekar 2019-04-18 18:17:31 UTC 
Description of problem:

Seems that buildah wasn't built with hardening flags enabled.
See: https://rpmdiff.engineering.redhat.com/run/402505/7/

I'm guessing this would need changes to the %gobuild macro. Filing this here just for the record.
Comment 1 Daniel Walsh 2019-09-01 11:12:02 UTC 
Can we get buildah bugs assigned to Tom directly with a CC to me?
Comment 2 Tom Sweeney 2020-06-03 21:46:59 UTC 
Dan or Lokesh, any idea what needs to be changed in the spec file to enable the hardening flags?
Comment 3 Daniel Walsh 2020-06-04 19:59:15 UTC 
Jindrich do you know how to turn these on?
Comment 4 Jindrich Novy 2020-06-09 07:11:10 UTC 
Tom Stellard, given I'm subject matter expert here, would you know how to enable hardening flags reliably here? Thanks!
Comment 5 Derek Parker 2020-06-23 15:33:42 UTC 
We discussed this internally and believe it's due to an older version of annobin and is a false red flag for Go binaries.
Comment 15 Joy Pu 2020-11-13 07:56:17 UTC 
The new rpmdiff results for Execshield is clean now. So set this to verified. Details:
https://rpmdiff.engineering.redhat.com/run/472171/7/
Comment 17 errata-xmlrpc 2021-02-16 14:21:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0531