Description of problem:

Attempting to test if grub2 binaries were properly built with stack protection via -fstack-protector-strong yields skip: stack-prot test because not compiled C/C++ code.

Version-Release number of selected component (if applicable):

grub2-tools-minimal-2.06-27.el9_0.x86_64
annobin-annocheck-10.54-2.el9.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. dnf install -y annobin-annocheck grub2-tools-minimal
2. dnf debuginfo-install -y grub2-tools-minimal
3. rpm -ql grub2-tools-minimal | grep -E '/usr/s?bin/' | while read f ; do test -L $f || echo $f ; done | xargs – annocheck --verbose --skip-all --test-stack-prot

Actual results:

annocheck: Version 10.54.
Hardened: /usr/bin/grub2-editenv: PASS: stack-prot test
Hardened: /usr/bin/grub2-editenv: Overall: PASS.
Hardened: /usr/bin/grub2-mkpasswd-pbkdf2: PASS: stack-prot test
Hardened: /usr/bin/grub2-mkpasswd-pbkdf2: Overall: PASS.
Hardened: /usr/bin/grub2-mount: PASS: stack-prot test
Hardened: /usr/bin/grub2-mount: Overall: PASS.
annocheck: Warning: /usr/sbin/grub2-get-kernel-settings: is not an ELF format file.
Hardened: /usr/sbin/grub2-probe: PASS: stack-prot test
Hardened: /usr/sbin/grub2-probe: Overall: PASS.
Hardened: /usr/sbin/grub2-set-bootflag: skip: stack-prot test because not compiled C/C++ code
Hardened: /usr/sbin/grub2-set-bootflag: Overall: PASS.
annocheck: Warning: /usr/sbin/grub2-set-default: is not an ELF format file.
annocheck: Warning: /usr/sbin/grub2-set-password: is not an ELF format file.

Expected results:

No "skip: stack-prot test because not compiled C/C++ code" on the /usr/sbin/grub2-set-bootflag binary.

Additional info:

Adding Nick to Cc in case this turns out to be an issue in annocheck itself.