Created attachment 1845465 [details] Proposed patch to gcc.spec This is a request to apply the uploaded patch to the RHEL-9's gcc.spec file. The patch adds code to build an annobin plugin every time gcc is built. I am filing this BZ is in response to the recent problems that RHEL-9 builds have been having with annocheck - namely that it is falsely reporting that -fcf-protection and -fstack-clash-protection have not been enabled. This is due to the version of gcc in the RHEL-9 buildroot being newer than the version of annobin. On its own this patch does not solve the problem, since it builds a version of the annobin plugin with a different name. A second patch, this time to the redhat-rpm-config package, is needed in order to ensure that the correct plugin is chosen whenever a build runs. Originally I had planned to wait until the Fedora rawhide equivalent of these patches had gone in and been tested for a while. But given the RHEL-9 build problems it seems like a good idea to expedite the fix.
The redhat-rpm-config part of this fix has been submitted as: https://bugzilla.redhat.com/show_bug.cgi?id=2030671
Nick, can you please take a look at Comment 7?
(In reply to Marek Polacek from comment #8) > Nick, can you please take a look at Comment 7? Yes - there is a typo in the patch. The gcc.spec file looks like this (starting at line 2296): %if %{with annobin_plugin} %{ANNOBIN_GCC_PLUGIN_DIR} %{gver} %endif %files -f %{name}.lang %{_prefix}/bin/cc It should look like this: %files -f %{name}.lang %if %{with annobin_plugin} %{ANNOBIN_GCC_PLUGIN_DIR} %{gver} %endif %{_prefix}/bin/cc Ie, the %{gver} and %{ANNOBIN_GCC_PLUGIN_DIR} are meant to be part of the %files section of the spec file, not the %postun section. Do you want me to submit a patch to fix this, or can you take it from here ? Cheers Nick
Thanks, I'll take it from here and sorry I didn't notice that before!
*** Bug 2042476 has been marked as a duplicate of this bug. ***
So, bug 2042476 was closed as a duplicate of this one, but shortly after this one was fixed/verified, I started seeing redhat-rpm-config: Both plugins exist, checking version information redhat-rpm-config: Both plugin version files exist - comparing... redhat-rpm-config: Annobin plugin built by gcc gcc-11.2.1-7.5.el9.x86_64 redhat-rpm-config: GCC plugin built by gcc gcc-11.2.1-9.1.el9.x86_64 redhat-rpm-config: Versions differ - using gcc-built plugin redhat-rpm-config: Installing gcc version of redhat-annobin-cc1 when installing redhat-rpm-config. Could that be related to this BZ or is that just a coincidence? Thanks, Jiri
(In reply to Jiri Jaburek from comment #67) > So, bug 2042476 was closed as a duplicate of this one, but shortly after > this one was fixed/verified, I started seeing > > redhat-rpm-config: Both plugins exist, checking version information > redhat-rpm-config: Both plugin version files exist - comparing... > redhat-rpm-config: Annobin plugin built by gcc gcc-11.2.1-7.5.el9.x86_64 > redhat-rpm-config: GCC plugin built by gcc gcc-11.2.1-9.1.el9.x86_64 > redhat-rpm-config: Versions differ - using gcc-built plugin > redhat-rpm-config: Installing gcc version of redhat-annobin-cc1 > > when installing redhat-rpm-config. > > Could that be related to this BZ or is that just a coincidence? Yes, it's related. #c0 describes a problem of syncing gcc and annobin and proposes a solution, refined in the follow-up comments and which is still in process of implementation. In short, there would be two annobin plugins, one as we know it (annobin.rpm) and another as part of gcc (gcc-plugin-annobin.rpm). redhat-rpm-config would select (by maintaining a symlink) which of the two would be used by gcc when run in rpmbuild. Technically, this ticket (bz2030667) keeps track of introducing gcc-plugin-annobin.rpm. Another ticket - bz2030671 - keeps track of the redhat-rpm-config side of implementation. What you observed is debugging output of the latter, specifically output of http://pkgs.devel.redhat.com/cgit/rpms/redhat-rpm-config/tree/redhat-annobin-plugin-select.sh?h=rhel-9.0.0 Please note that bz2030671 is still in progress. I suppose Nick will disable or minimize the debugging output once the implementation settles down. I plan to request it but we are not at that point, unfortunately. I hope this briefly answers your question. Nick, please correct me if there's something wrong in my answer.
(In reply to Václav Kadlčík from comment #68) > I hope this briefly answers your question. Nick, please correct > me if there's something wrong in my answer. No - that is all correct. I had actually planned to disable the debugging output from redhat-rpm-config when the patch was committed and only enable it if I had to debug a problem. But it looks like I forgot to do so. Silly me. I will turn it off in a week or so unless someone complains before that. Cheers Nick PS It is nice to see that the new system is working...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: gcc), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:3966