Bug 2065867
| Summary: | annobin: Build order issue with gcc? | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Nir Soffer <nsoffer> |
| Component: | annobin | Assignee: | Nick Clifton <nickc> |
| annobin sub component: | system-version | QA Contact: | Václav Kadlčík <vkadlcik> |
| Status: | CLOSED CURRENTRELEASE | Docs Contact: | |
| Severity: | unspecified | ||
| Priority: | unspecified | CC: | codonell, fberat, fweimer, mcermak, nickc, sipoyare, tschelle |
| Version: | 8.6 | Keywords: | Bugfix, Triaged |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-30 09:49:08 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Nir Soffer
2022-03-18 23:50:27 UTC
Please note that -fcf-protection is an alias for -fcf-protection=full. I've asked Nick Clifton, our annobin expert to have a look at this. This looks like an annobin problem. The fact that the annobin plugin was built for a newer version of gcc is worrying. It implies that annobin was built by a version of gcc that is no longer in the buildroot... Hmm, so annocheck reports: Hardened: ./usr/lib64/python3.6/site-packages/ovirt_imageio/_internal/ioutil.cpython-36m-x86_64-linux-gnu.so: WARN: The annobin plugin was built to run on a newer version of the compiler Hardened: debug: Annobin plugin was built by gcc 8.5.0 but run on gcc version 8.3.1. Looking in the build log for: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43785592 Shows: DEBUG util.py:636: gcc x86_64 8.3.1-5.1.el8 build 23 M DEBUG util.py:636: annobin x86_64 9.72-1.el8_5.2 build 110 k which confirms that gcc 8.3.1 was the build compiler. Checking with brew confirms this: % brew --quiet latest-build rhevm-4.5-rhel-8-build gcc annobin gcc-8.3.1-5.1.el8 rhevm-4.4-rhel-8 mpolacek annobin-9.72-1.el8_5.2 rhel-8.5.0-z sipoyare So the issue is that the rhevm-4.5-rhel-8 buildroot either contains an out of date version of gcc or else a too-new version of annobin. I am not sure which... Oh by the way - I should explain that this discrepancy between the version of gcc that was used to build the annobin plugin and the version of gcc on which the plugin is run, explains why there is a bogus message from annocheck about the -fcf-protection option. GCC does not have a consistent way for plugins to access information about command line options, so instead they have to examine internal gcc structures. Structures whose layout changes frequently between different versions of gcc. So the annobin plugin is expecting a structure layout as used by gcc 8.5.0 but it is run on gcc 8.3.1 which has a different layout, and so it gets bad information about the command line options. This bad information is then recorded in the object files produced, and later on annocheck loads that information and then issues its FAIL messages. Just noticed that the "brew latest-build" output shows that annobin was tagged with rhel-8.5.0-z rather than rhevm-4.4-rhel-8. So this explains the problem. I am going to try rebuilding annobin for rhevm-4.5. The RHEVM 4.5 buildroot has been fixed - for now. The issue may reoccur in the future, but we are looking into preventing that from happening. |