Bug 2044859

Summary: annocheck FAIL: bind-now test (flexiblas)
Product: Red Hat Enterprise Linux 9 Reporter: Rui Ormonde <rlemosor>
Component: flexiblasAssignee: Matej Mužila <mmuzila>
Status: CLOSED ERRATA QA Contact: Dita Stehlikova <dstehlik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: dstehlik, fjanus, hhorak, mattias.ellert, nforro
Target Milestone: rcKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: flexiblas-3.0.4-8.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 14:17:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2044387, 2059049    

Description Rui Ormonde 2022-01-25 10:29:56 UTC 
Failed test: bind-now test

Test results:
\n Hardened: libflexiblas_fallback_lapack.so: FAIL: bind-now test because not linked with -Wl'-z'now \n Hardened: libflexiblas_netlib.so: FAIL: bind-now test because not linked with -Wl'-z'now \n Hardened: libflexiblas.so.3.0: FAIL: bind-now test because not linked with -Wl'-z'now \n Hardened: libflexiblas_api.so.3.0: FAIL: bind-now test because not linked with -Wl'-z'now \n Hardened: libflexiblas_mgmt.so.3.0: FAIL: bind-now test because not linked with -Wl'-z'now

Applicable RPMs:
flexiblas-netlib-3.0.4-5.el9.aarch64.rpm; flexiblas-netlib-3.0.4-5.el9.i686.rpm; flexiblas-netlib-3.0.4-5.el9.ppc64le.rpm; flexiblas-netlib-3.0.4-5.el9.s390x.rpm; flexiblas-netlib-3.0.4-5.el9.x86_64.rpm; flexiblas-openblas-openmp-3.0.4-5.el9.aarch64.rpm; flexiblas-openblas-openmp-3.0.4-5.el9.i686.rpm; flexiblas-openblas-openmp-3.0.4-5.el9.ppc64le.rpm; flexiblas-openblas-openmp-3.0.4-5.el9.s390x.rpm; flexiblas-openblas-openmp-3.0.4-5.el9.x86_64.rpm

Recommendation: Please fix the build system for the package or else add a skip of tests to the rpminspect.yaml file. For more details please see https://sourceware.org/annobin/annobin.html/Test-bind-now.html and https://sourceware.org/annobin/annobin.html/Waiving-Hardened-Results.html#Waiving-Hardened-Results.

Why this bug was filed: All packages in RHEL 9 built with gcc (g++, etc.) are required to use a common set of flags provided by the distribution. These flags turn on important security and performance features so it is critical that any package that lacks these flags be repaired. A scanning tool named annocheck, part of the annobin package, was used to scan RHEL 9 packages. This BZ was created because binary packages of this component with the mentioned NVRs were not built with the requisite flags for one or more RHEL 9 architectures.

How to reproduce the failure: You could try running annocheck locally against your builds: https://developers.redhat.com/blog/2019/02/04/annocheck-examining-the-contents-of-binary-files.

Annocheck resources:
* annobin documentation: https://sourceware.org/annobin/annobin.html/index.html
* annocheck on the customer portal: https://access.redhat.com/documentation/en-us/red_hat_developer_toolset/9/html/user_guide/chap-annobin

Contacts:
* Instant messaging: #tools on IRC
* Email: use tools for generic questions. Otherwise, use go-tools and llvm-clang-list for Go and Clang/LLVM specific questions.
* annobin-annocheck maintainer: Nick Clifton (nickc)
Comment 4 Filip Januš 2022-02-24 10:34:09 UTC 
Annocheck passed: http://artifacts.osci.redhat.com/testing-farm/7d1262a4-f7a1-47d0-aedc-2c180cd10d5b/work-rpminspectLTlhPH/rpminspect/execute/data/annocheck/output.txt

Setting verified: tested
Comment 7 Mattias Ellert 2022-02-26 10:08:29 UTC 
The fix for this bug added the default linker flags to the build - which is desirable. 

This removed the over-linking of libgfortran to the the main flexiblas library due to the addition of -Wl,--as-needed.

Old version:

# ldd -u /usr/lib64/libflexiblas.so.3
Unused direct dependencies:
	/lib64/libm.so.6
	/lib64/libgfortran.so.5
	/lib64/libquadmath.so.0

These are now not there any more.

However, this now exposes an under-linking problem in /usr/lib64/flexiblas/libflexiblas_fallback_lapack.so and /usr/lib64/flexiblas64/libflexiblas_fallback_lapack.so, which uses symbols from libgfortran without linking to it. Previously they got away with it since those symbols could be resolved using libgfortran that had been loaded due to the overlinking of libflexiblas.so.3.

The libflexiblas_fallback_lapack.so modules must be linked to libgfortran.

This brakes numpy:

# python3 -c "import numpy as n"
flexiblas dlopen: /usr/lib64/flexiblas//libflexiblas_fallback_lapack.so: undefined symbol: _gfortran_transfer_character_write
flexiblas  Failed to load the LAPACK fallback library.  Abort!
Aborted (core dumped)

See also bug 2058840.
Comment 8 Mattias Ellert 2022-02-28 11:11:25 UTC 
FYI. The issue with LDFLAGS being ignored has been fixed upstream - using a different change in case you want to update the downstream patch:

https://github.com/mpimd-csc/flexiblas/pull/25

( Still needs %undefine _ld_as_needed too of course to fix bug 2058840 )
Comment 13 Matej Mužila 2022-03-01 14:53:11 UTC 
*** Bug 2058840 has been marked as a duplicate of this bug. ***
Comment 17 errata-xmlrpc 2022-05-17 14:17:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: flexiblas), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2684