1538725 – redhat-rpm-config: Enable CET build flags on x86_64

Bug 1538725 - redhat-rpm-config: Enable CET build flags on x86_64

Summary: redhat-rpm-config: Enable CET build flags on x86_64

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	redhat-rpm-config
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Florian Weimer
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	1537255
Blocks:	1534527
TreeView+	depends on / blocked

Reported:	2018-01-25 16:49 UTC by Florian Weimer
Modified:	2018-02-15 09:40 UTC (History)
CC List:	12 users (show)
Fixed In Version:	redhat-rpm-config-87-1.fc28
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-15 09:40:46 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Florian Weimer 2018-01-25 16:49:46 UTC

According to Intel, we need -fcf-protection -mcet.

This can only land after GCC 8 is in the buildroot.

Comment 1 Florian Weimer 2018-01-25 18:17:50 UTC

We can build with the additional NOPs with GCC 8, but the actual glibc ABI for CET has not settled yet, so that will not get us the CET markup in the ELF notes.

https://sourceware.org/ml/libc-alpha/2018-01/msg00832.html

As far as I understand it, we'd need another mass rebuild to get binaries which are actually CET-compatible.

Note You need to log in before you can comment on or make changes to this bug.