On 2022-04-22 11:01, Petr Pisar wrote: > V Thu, Apr 21, 2022 at 11:12:41PM +0200, Marcin Zajączkowski napsal(a): >> Upgrading NetworkManager-sstp to the latest version, I've noticed that >> there is a failed test related to missing branch protection on AArch64 >> [1]. > > Check annocheck version installed when building your package (root.log). There > was a bug manifesting as -mbranch-protection=standard failure on AArch64 and > fixed in 10.66: > > * Wed Apr 13 2022 Nick Clifton <nickc@xxxxxxxxxx> - 10.66-1 > - Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled in LTO mode. Thanks Petr! It might be that. When I increase the build verbosity I clearly see that "-mbranch-protection=standard" is used [3] (it was missing on my x86_64 for obvious reasons :) ). The test itself was executed with: > annocheck: Version 10.65. Everything explained. Thanks. [3] - https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/rpminspect-pipeline/job/master/96013/testReport/(root)/tests/_annocheck/ Marcin > >> After reading that and [2], I know what it is all about, however, I >> wonder what is the best way to apply it to my package? >> >> Should I check if the build is for AArch64 and for Fedora 33+ (35+?) and >> just add "-mbranch-protection=standard"? Or there is some magic macro to >> add that (and maybe some other useful security options), similar to >> %{?_smp_mflags} (or maybe even included in %make_build on ARM64)? >> > The option is already presented in system-wide CFLAGS. Check any build.log. > If you package respects the flags (check your build.log), you don't need to do > anything. Otherwise, you should correct your package use all the options from > CFLAGS enviroment variable or %{build_cflags} RPM macro. > > -- Petr > _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
