Bug 2024929
| Summary: | Environment CFLAGS are not respected by the certificate C extension | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Pino Toscano <ptoscano> | |
| Component: | subscription-manager | Assignee: | Pino Toscano <ptoscano> | |
| Status: | CLOSED ERRATA | QA Contact: | Red Hat subscription-manager QE Team <rhsm-qe> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 9.0 | CC: | cdonnell, redakkan | |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
|
| Target Release: | 9.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | subscription-manager-1.29.23-1.el9 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2024930 (view as bug list) | Environment: | ||
| Last Closed: | 2022-05-17 15:58:19 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2024930 | |||
|
Description
Pino Toscano
2021-11-19 14:39:16 UTC
Reproducing the issue on : ========================= # subscription-manager version server type: This system is currently not registered. subscription management server: 3.2.22-1 subscription management rules: 5.41 subscription-manager: 1.29.21-1.el9 # annocheck --ignore-unknown --verbose /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so annocheck: Version 10.48. Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: pie test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: cf-protection test because correct flags found in .note.gnu.property note Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: writable-got test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: dynamic-segment test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: bind-now test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: entry test because shared libraries do not use entry points Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: gnu-stack test because stack segment exists with the correct permissions Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: gnu-relro test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: notes test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: not-branch-protection test because not an AArch64 binary Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: not-dynamic-tags test because AArch64 specific Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: fortify test because no C/C++ compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: glibcxx-assertions test because no C/C++ compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: go-revision test because no GO compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: instrumentation test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: lto test because not compiled C/C++ code Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: only-go test because no GO compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: optimization test because not C/C++ compiled code Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: pic test because not C/C++ compiled code Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: production test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: property-note test because CET enabled property note found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: run-path test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: rwx-seg test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: short-enums test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: stack-clash test because no compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: stack-prot test because no compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: stack-realign test because not a 32-bit i686 executable Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: textrel test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: threads test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: unicode test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: warnings test because no C/C++ compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: Overall: PASS. Notice even though the overall result is PASS there are many tests were skipped. Pre-Testing on : =============== # subscription-manager version server type: This system is currently not registered. subscription management server: 3.2.22-1 subscription management rules: 5.41 subscription-manager: 1.29.23-1.el9 # rpm -qa subscription-manager --changelog | grep 2024929 - 2024929: build: fix build on 'build' target (ptoscano) - 2024929: build: fix build on 'build' target (ptoscano) # annocheck --ignore-unknown --verbose /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so annocheck: Version 10.48. Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: pie test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: cf-protection test because correct flags found in .note.gnu.property note Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: writable-got test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: dynamic-segment test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: bind-now test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: lto test because detected in version note Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: stack-prot test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: pic test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: fortify test because LTO compilation discards preprocessor options Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: glibcxx-assertions test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: optimization test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: warnings test because LTO compilation discards preprocessor options Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: stack-clash test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: entry test because shared libraries do not use entry points Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: gnu-stack test because stack segment exists with the correct permissions Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: gnu-relro test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: notes test because no gaps found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: not-branch-protection test because not an AArch64 binary Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: not-dynamic-tags test because AArch64 specific Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: go-revision test because no GO compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: instrumentation test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: only-go test because no GO compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: production test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: property-note test because CET enabled property note found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: run-path test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: rwx-seg test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: short-enums test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: stack-realign test because not a 32-bit i686 executable Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: textrel test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: threads test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: unicode test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: Overall: PASS. ^^ Notice the overall tests are now marked as PASSed , and lot of tests ran this time Based on the observation, Marking the bugs as verified:tested //Note install annobin-annocheck to use annocheck Verifying on : ============== # subscription-manager version server type: This system is currently not registered. subscription management server: 3.2.22-1 subscription management rules: 5.41 subscription-manager: 1.29.23-1.el9 # rpm -qa subscription-manager --changelog | grep 2024929 - 2024929: build: fix build on 'build' target (ptoscano) - 2024929: build: fix build on 'build' target (ptoscano) # annocheck --ignore-unknown --verbose /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so annocheck: Version 10.51. Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: pie test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: cf-protection test because correct flags found in .note.gnu.property note Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: writable-got test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: dynamic-segment test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: bind-now test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: lto test because detected in version note Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: stack-prot test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: pic test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: fortify test because LTO compilation discards preprocessor options Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: glibcxx-assertions test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: optimization test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: warnings test because LTO compilation discards preprocessor options Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: stack-clash test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: entry test because shared libraries do not use entry points Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: gnu-stack test because stack segment exists with the correct permissions Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: gnu-relro test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: notes test because no gaps found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: not-branch-protection test because not an AArch64 binary Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: not-dynamic-tags test because AArch64 specific Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: go-revision test because no GO compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: instrumentation test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: only-go test because no GO compiled code found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: production test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: property-note test because CET enabled property note found Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: run-path test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: rwx-seg test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: short-enums test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: skip: stack-realign test because not a 32-bit i686 executable Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: textrel test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: threads test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: PASS: unicode test Hardened: /usr/lib64/python3.9/site-packages/rhsm/_certificate.cpython-39-x86_64-linux-gnu.so: Overall: PASS. Moving the bug to Verified!! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: subscription-manager), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:3984 |