Bug 1901971
| Summary: | annobin: annocheck complains about missing -Wall or -Wformat-security flag when -flto is used | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Jiri Danek <jdanek> | ||||
| Component: | annobin | Assignee: | Nick Clifton <nickc> | ||||
| annobin sub component: | system-version | QA Contact: | Martin Cermak <mcermak> | ||||
| Status: | CLOSED ERRATA | Docs Contact: | |||||
| Severity: | unspecified | ||||||
| Priority: | unspecified | CC: | fweimer, mcermak, nickc, tschelle | ||||
| Version: | 8.2 | Keywords: | Triaged | ||||
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
||||
| Target Release: | 8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | annobin-9.46-1.el8 | Doc Type: | No Doc Update | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-05-18 15:30:25 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Jiri Danek
2020-11-26 13:54:09 UTC
Hi Jiri,
Short version:
Known problem. Will be fixed soon. Please waive the result for now.
Long version:
This is a known problem. The issue is that with LTO compilation there are two compilation stages, and the second one ignores all warning options and preprocessor options. So things like -Wall or -D_FORTIFY_SOUCRE=2 are dropped. (These options are processed during the first compilation stage, so their effects are not lost). Since the annobin plugin works during the second stage compilation, it misses the options.
I have added a workaround to help with this problem to annobin 9.42. But unfortunately rpmdiff is using annobin 9.41. (I do have a JIRA tickets open to rebase rpmdiff's annobin to 9.46).
Note - even if you are using the latest version of annobin, the problem will still appear if you do not provide the debuginfo rpm along with the binary rpm:
% annocheck qpid-proton-cpp-0.33.0-3.el8.ppc64le.rpm
annocheck: Version 9.46.
Hardened: libqpid-proton-cpp.so.12.7.2: FAIL: Compiled without using either the -Wall or -Wformat-security options.
% annocheck qpid-proton-cpp-0.33.0-3.el8.ppc64le.rpm --debugrpm qpid-proton-cpp-debuginfo-0.33.0-3.el8.ppc64le.rpm
annocheck: Version 9.46.
Hardened: libqpid-proton-cpp.so.12.7.2: PASS.
This is because annocheck now also looks at the DW_AT_producer strings in the debuginfo where it is able to find more information about how the binary was compiled.
I hope that this helps.
If you are happy with this explanation I can close this BZ now, or leave it open until rpmdiff's machines are updated and another build of libqpid-proton passes without FAILures. Your choice.
Cheers
Nick
I don't need an open bugzilla for my purposes, so feel free to close this if you like. Thanks for the explanation. I understand the RPMDiff warning is a false warning and we will waive it. Fixed in annobin-9.46-1.el8 Created attachment 1736419 [details]
test logs
Verified with annobin-9.46-1.el8 and qpid-proton-0.33.0-3.el8.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (annobin bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:1792 |