libgcrypt.so library is linked without -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 option <https://kojipkgs.fedoraproject.org//packages/libgcrypt/1.9.4/1.fc36/data/logs/x86_64/build.log>: libtool: link: gcc -shared -fPIC -DPIC .libs/libgcrypt_la-visibility.o .libs/libgcrypt_la-misc.o .libs/libgcrypt_la-global.o .libs/libgcrypt_la-sexp.o .libs/libgcrypt_la-hwfeatures.o .libs/libgcrypt_la-stdmem.o .libs/libgcrypt_la-secmem.o .libs/libgcrypt_la-missing-string.o .libs/libgcrypt_la-fips.o .libs/libgcrypt_la-hmac256.o .libs/libgcrypt_la-context.o .libs/libgcrypt_la-hwf-x86.o -Wl,--whole-archive ../cipher/.libs/libcipher.a ../random/.libs/librandom.a ../mpi/.libs/libmpi.a ../compat/.libs/libcompat.a -Wl,--no-whole-archive -lgpg-error -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -O2 -flto=auto -m64 -mtune=generic -Wl,--version-script=./libgcrypt.vers -Wl,-z -Wl,relro -Wl,--as-needed -Wl,-z -Wl,now -Wl,-soname -Wl,libgcrypt.so.20 -o .libs/libgcrypt.so.20.3.4 Because LTO is active in Fedora (-flto=auto), some objects are recompiled at link time. Because the annobin option is missing, libgcrypt.so.20.3.4 is missing an annobin coverage. That triggers annocheck warnings and failures in Fedora CI. As discussed in bug #2013694 comment#9, that's probably caused by libtool which does not pass the option from its invocation to the above mentioned gcc command: /bin/sh ../libtool --tag=CC --mode=link gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fvisibility=hidden -fno-delete-null-pointer-checks -Wall -Wl,--version-script=./libgcrypt.vers -version-info 23:4:3 -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -o libgcrypt.la -rpath /usr/lib64 libgcrypt_la-visibility.lo libgcrypt_la-misc.lo libgcrypt_la-global.lo libgcrypt_la-sexp.lo libgcrypt_la-hwfeatures.lo libgcrypt_la-stdmem.lo libgcrypt_la-secmem.lo libgcrypt_la-missing-string.lo libgcrypt_la-fips.lo libgcrypt_la-hmac256.lo libgcrypt_la-context.lo libgcrypt_la-hwf-x86.lo ../cipher/libcipher.la ../random/librandom.la ../mpi/libmpi.la ../compat/libcompat.la -lgpg-error But this libtool bug #1961686 was rejected. Please either renegotiate with libtool maintainer, or apply a patch from attachment #1834611 [details] which smuggles an annobin option with -Wc option.
Please also look at bug #2013694 comment #28 which explains how to fix other failures annocheck reports on libgcrypt.
This bug appears to have been reported against 'rawhide' during the Fedora 36 development cycle. Changing version to 36.
Pushed to rawhide: https://src.fedoraproject.org/rpms/libgcrypt/c/491a0e733e7d8fe5f393c1846b247c214c8101e1?branch=rawhide I will include it in the next build.
This was built as part of the mass rebuild in Fedora 37: https://koji.fedoraproject.org/koji/buildinfo?buildID=2014360 Closing.