Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4357

Multiple grub2 binaries are not compiled with annobin plugin enabled

XMLWordPrintable

    • None
    • None
    • rhel-sst-desktop-firmware-bootloaders
    • ssg_display
    • 3
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:
      Attempting to test if some grub2 binaries were properly built with stack protection yields skip: stack-prot test because sources compiled as if they were assembler are not checked by this test.

      This means that these binaries were compiled without the annobin plugin but based on https://one.redhat.com/rhel-development-guide/#_changing_the_build_flags disabling annobin is not listed as one of the allowed changes.

      Version-Release number of selected component (if applicable):
      grub2-tools-2.06-61.el9
      grub2-tools-minimal-2.06-61.el9
      annobin-annocheck-11.05-1.el9

      How reproducible:
      always

      Steps to Reproduce:
      1. dnf install -y annobin-annocheck grub2-tools grub2-tools-minimal
      2. dnf debuginfo-install -y grub2-tools grub2-tools-minimal
      3. rpm -ql grub2-tools | grep -E '/usr/s?bin/' | while read f ; do test -L $f || echo $f ; done | xargs – annocheck --verbose --skip-all --test-stack-prot
      4. rpm -ql grub2-tools-minimal | grep -E '/usr/s?bin/' | while read f ; do test -L $f || echo $f ; done | xargs – annocheck --verbose --skip-all --test-stack-prot

      Actual results:
      /usr/sbin/grub2-set-bootflag::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/sbin/grub2-probe::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/sbin/grub2-install::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/bin/grub2-script-check::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/bin/grub2-mount::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/bin/grub2-mkrelpath::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/bin/grub2-mkpasswd-pbkdf2::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/bin/grub2-mkimage::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/bin/grub2-menulst2cfg::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/bin/grub2-file::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/bin/grub2-editenv::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/sbin/grub2-bios-setup::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test
      /usr/sbin/grub2-ofpathname::skip: stack-prot test because sources compiled as if they were assembler are not checked by this test

      Expected results:
      No "skip: stack-prot test because sources compiled as if they were assembler are not checked by this test"

      Additional info:

              bootloader-eng-team bootloader -eng-team
              mmarhefk@redhat.com Matus Marhefka
              bootloader -eng-team bootloader -eng-team
              Release Test Team Release Test Team
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: