V Thu, Apr 21, 2022 at 11:12:41PM +0200, Marcin Zajączkowski napsal(a):
> Upgrading NetworkManager-sstp to the latest version, I've noticed that
> there is a failed test related to missing branch protection on AArch64
> [1].
Check annocheck version installed when building your package (root.log). There
was a bug manifesting as -mbranch-protection=standard failure on AArch64 and
fixed in 10.66:
* Wed Apr 13 2022 Nick Clifton <nickc@xxxxxxxxxx> - 10.66-1
- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled in LTO mode.
> After reading that and [2], I know what it is all about, however, I
> wonder what is the best way to apply it to my package?
>
> Should I check if the build is for AArch64 and for Fedora 33+ (35+?) and
> just add "-mbranch-protection=standard"? Or there is some magic macro to
> add that (and maybe some other useful security options), similar to
> %{?_smp_mflags} (or maybe even included in %make_build on ARM64)?
>
The option is already presented in system-wide CFLAGS. Check any build.log.
If you package respects the flags (check your build.log), you don't need to do
anything. Otherwise, you should correct your package use all the options from
CFLAGS enviroment variable or %{build_cflags} RPM macro.
-- Petr
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
