-
Bug
-
Resolution: Done
-
Undefined
-
rhel-10.0.beta
-
None
-
None
-
None
-
1
-
rhel-sst-pt-gcc
-
ssg_platform_tools
-
1
-
None
-
GCC Sprint 5
-
None
-
None
-
None
Several go binaries and testdata fail the rpminspect annocheck 'hardened' test (more specifically "gaps test because no annobin notes were detected") with golang-1.22.2-7.el10:
annocheck 'hardened' test fails for /usr/lib/golang/bin/gofmt on aarch64 Anyone Suggested remedy: Ensure all object files are compiled with '-O2 -D_FORTIFY_SOURCE=2', and that all appropriate headers are included (no implicit function declarations). Symbols may also appear as unfortified if the compiler is unable to determine the size of a buffer, which is not necessarily an error. Command: annocheck --ignore-unknown --verbose --profile=el10 /usr/lib/golang/bin/gofmt Exit Code: 1 compared with the output of: Command: annocheck --ignore-unknown --verbose --profile=el10 /usr/lib/golang/bin/gofmt Exit Code: 1 annocheck: Version 12.52. Hardened: /usr/lib/golang/bin/gofmt: PASS: go-revision test because GO compiler revision is sufficient Hardened: /usr/lib/golang/bin/gofmt: info: Command line options not recorded in DWARF DW_AT_producer variable. Hardened: /usr/lib/golang/bin/gofmt: PASS: fips test because the binary was built with CGO_ENABLED=1 Hardened: /usr/lib/golang/bin/gofmt: PASS: gnu-stack test because stack segment exists with the correct permissions Hardened: /usr/lib/golang/bin/gofmt: skip: notes test because binary created by a GO compiler Hardened: /usr/lib/golang/bin/gofmt: FAIL: gaps test because no annobin notes were detected Hardened: /usr/lib/golang/bin/gofmt: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-gaps.html Hardened: /usr/lib/golang/bin/gofmt: skip: bind-now test because no dynamic segment present Hardened: /usr/lib/golang/bin/gofmt: skip: branch-protection test because GO binaries do not support branch protection Hardened: /usr/lib/golang/bin/gofmt: skip: cf-protection test because not an x86_64 binary Hardened: /usr/lib/golang/bin/gofmt: PASS: dynamic-segment test Hardened: /usr/lib/golang/bin/gofmt: skip: dynamic-tags test because GO compilation does not support branch protection Hardened: /usr/lib/golang/bin/gofmt: PASS: entry test Hardened: /usr/lib/golang/bin/gofmt: PASS: fast test Hardened: /usr/lib/golang/bin/gofmt: skip: fortify test because GO compilation does not use the C preprocessor Hardened: /usr/lib/golang/bin/gofmt: skip: glibcxx-assertions test because source language not C++ Hardened: /usr/lib/golang/bin/gofmt: skip: gnu-relro test because built by GO Hardened: /usr/lib/golang/bin/gofmt: skip: implicit-values test because These tests are only relevent to C source code Hardened: /usr/lib/golang/bin/gofmt: PASS: instrumentation test Hardened: /usr/lib/golang/bin/gofmt: skip: lto test because at least part of the binary is compield GO Hardened: /usr/lib/golang/bin/gofmt: PASS: openssl-engine test Hardened: /usr/lib/golang/bin/gofmt: skip: optimization test because GO does not need/use this feature Hardened: /usr/lib/golang/bin/gofmt: skip: pic test because GO binaries are safe without PIC Hardened: /usr/lib/golang/bin/gofmt: skip: pie test because GO binaries are safe without PIE Hardened: /usr/lib/golang/bin/gofmt: PASS: production test Hardened: /usr/lib/golang/bin/gofmt: skip: property-note test because property notes not needed for GO binaries Hardened: /usr/lib/golang/bin/gofmt: PASS: run-path test Hardened: /usr/lib/golang/bin/gofmt: PASS: rwx-seg test Hardened: /usr/lib/golang/bin/gofmt: PASS: short-enums test Hardened: /usr/lib/golang/bin/gofmt: skip: stack-clash test because GO is stack safe Hardened: /usr/lib/golang/bin/gofmt: skip: stack-prot test because GO is stack safe Hardened: /usr/lib/golang/bin/gofmt: skip: stack-realign test because not an i686 executable Hardened: /usr/lib/golang/bin/gofmt: PASS: textrel test Hardened: /usr/lib/golang/bin/gofmt: PASS: threads test Hardened: /usr/lib/golang/bin/gofmt: PASS: unicode test Hardened: /usr/lib/golang/bin/gofmt: skip: warnings test because GO compilation does not use the C preprocessor Hardened: /usr/lib/golang/bin/gofmt: PASS: writable-got test Hardened: /usr/lib/golang/bin/gofmt: Overall: FAIL.
https://artifacts.osci.redhat.com/testing-farm/bc9f62fc-705c-4621-98e8-daebc856aaa0/
The list of failing binaries:
/usr/lib/golang/pkg/tool/linux_arm64/addr2line on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/asm on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/cgo on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/covdata on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/dist on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/doc on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/fix on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/link on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/nm on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/objdump on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/pack on aarch64 /usr/lib/golang/pkg/tool/linux_arm64/test2json on aarch64 /usr/lib/golang/src/crypto/internal/boring/syso/goboringcrypto_linux_amd64.syso on noarch /usr/lib/golang/src/crypto/internal/boring/syso/goboringcrypto_linux_arm64.syso on noarch /usr/lib/golang/src/runtime/race/internal/amd64v1/race_freebsd.syso on noarch /usr/lib/golang/src/runtime/race/internal/amd64v1/race_linux.syso on noarch /usr/lib/golang/src/runtime/race/internal/amd64v1/race_netbsd.syso on noarch /usr/lib/golang/src/runtime/race/internal/amd64v1/race_openbsd.syso on noarch /usr/lib/golang/src/runtime/race/internal/amd64v3/race_linux.syso on noarch /usr/lib/golang/src/runtime/race/race_linux_arm64.syso on noarch /usr/lib/golang/src/runtime/race/race_linux_ppc64le.syso on noarch /usr/lib/golang/src/runtime/race/race_linux_s390x.syso on noarch /usr/lib/golang/src/debug/dwarf/testdata/bitfields.elf4 on noarch /usr/lib/golang/src/debug/dwarf/testdata/cppunsuptypes.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/cycle.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/line-clang-dwarf5.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/line-clang.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/line-gcc-dwarf5.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/line-gcc-zstd.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/line-gcc.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/ranges.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/rnglistx.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/split.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/typedef.elf on noarch /usr/lib/golang/src/debug/dwarf/testdata/typedef.elf4 on noarch /usr/lib/golang/src/debug/dwarf/testdata/typedef.elf5 on noarch /usr/lib/golang/src/debug/elf/testdata/compressed-64.obj on noarch /usr/lib/golang/src/debug/elf/testdata/gcc-amd64-linux-exec on noarch /usr/lib/golang/src/debug/elf/testdata/gcc-amd64-openbsd-debug-with-rela.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-clang-arm.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc424-x86-64.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc441-x86-64.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc482-aarch64.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc482-ppc64le.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc492-arm.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc492-mips64.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc492-mipsle.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc493-mips64le.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc5-ppc.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc531-s390x.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc540-mips.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc620-sparc64.obj on noarch /usr/lib/golang/src/debug/elf/testdata/go-relocation-test-gcc720-riscv64.obj on noarch /usr/lib/golang/src/debug/elf/testdata/zdebug-test-gcc484-x86-64.obj on noarch /usr/lib/golang/src/runtime/pprof/testdata/test32be on noarch /usr/lib/golang/src/runtime/pprof/testdata/test64 on noarch /usr/lib/golang/src/runtime/pprof/testdata/test64be on noarch /usr/lib/golang/bin/gofmt on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/addr2line on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/asm on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/cgo on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/covdata on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/dist on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/doc on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/fix on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/link on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/nm on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/objdump on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/pack on ppc64le /usr/lib/golang/pkg/tool/linux_ppc64le/test2json on ppc64le /usr/lib/golang/bin/gofmt on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/addr2line on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/asm on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/cgo on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/covdata on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/dist on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/doc on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/fix on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/link on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/nm on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/objdump on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/pack on x86_64 /usr/lib/golang/pkg/tool/linux_amd64/test2json on x86_64 /usr/lib/golang/bin/gofmt on s390x /usr/lib/golang/pkg/tool/linux_s390x/addr2line on s390x /usr/lib/golang/pkg/tool/linux_s390x/asm on s390x /usr/lib/golang/pkg/tool/linux_s390x/cgo on s390x /usr/lib/golang/pkg/tool/linux_s390x/covdata on s390x /usr/lib/golang/pkg/tool/linux_s390x/dist on s390x /usr/lib/golang/pkg/tool/linux_s390x/doc on s390x /usr/lib/golang/pkg/tool/linux_s390x/fix on s390x /usr/lib/golang/pkg/tool/linux_s390x/link on s390x /usr/lib/golang/pkg/tool/linux_s390x/nm on s390x /usr/lib/golang/pkg/tool/linux_s390x/objdump on s390x /usr/lib/golang/pkg/tool/linux_s390x/pack on s390x /usr/lib/golang/pkg/tool/linux_s390x/test2json on s390x
- split from
-
RHEL-36308 rpminspect: annocheck 'hardened' test fails for go binaries [rhel-10]
- Release Pending