Description of problem: annobin doesn't pass it own annocheck. As a consequence, fedora-ci.koji-build.rpminspect.static-analysis fails in Fedora gating, see e.g. https://bodhi.fedoraproject.org/updates/FEDORA-2023-8a88444e9e Version-Release number of selected component (if applicable): annobin-11.07-1.fc38 in Rawhide annobin-11.06-2.fc37 annobin-11.06-2.fc36 Steps to Reproduce: 1. koji download-build --debuginfo annobin-11.06-2.fc36 2. mkdir debug_files 3. for i in *debuginfo*; do rpm2cpio <$i | cpio -id -D debug_files; done 4. annocheck --ignore-unknown --verbose --debug-dir=debug_files *.rpm | grep FAIL Actual results: Hardened: ./usr/lib64/clang/plugins/annobin-for-clang.so: FAIL: dynamic-tags test because the BTI_PLT flag is missing from the dynamic tags Hardened: ./usr/lib64/clang/plugins/annobin-for-clang.so: FAIL: property-note test because properly formatted .note.gnu.property not found (it is needed for branch protection support) Hardened: ./usr/lib64/clang/plugins/annobin-for-clang.so: Overall: FAIL. Hardened: ./usr/lib64/llvm/plugins/annobin-for-llvm.so: FAIL: dynamic-tags test because the BTI_PLT flag is missing from the dynamic tags Hardened: ./usr/lib64/llvm/plugins/annobin-for-llvm.so: FAIL: property-note test because properly formatted .note.gnu.property not found (it is needed for branch protection support) Hardened: ./usr/lib64/llvm/plugins/annobin-for-llvm.so: Overall: FAIL. Expected results: No FAIL
*sigh* Hoist by my own petard! OK, I have added the missing security option when building the LLVM and Clang plugins. Fixed in annobin-11.07-2.fc38
This bug appears to have been reported against 'rawhide' during the Fedora Linux 38 development cycle. Changing version to 38.