Re: s390x build test failure for GO FIPS

[Mark Wielaard <mark@klomp.org>]

[-- Attachment #1: Type: text/plain, Size: 1768 bytes --]

Hi Nick,

On Tue, Jan 02, 2024 at 10:30:45AM +0000, Nick Clifton wrote:
> >Since commit 08bc2832527f42b517f2d550e8ada452b4ad21ee
> >12.24: Annocheck: Changes GO FIPS test to look for CGO_ENABLED markers
> >The s390x CI builder has been failing:
> >https://builder.sourceware.org/buildbot/#/builders/annobin-fedora-s390x
> 
> Is there any way to recover the test binary that was built as part of the failing test ?

Attached.

> >annocheck: Version 12.34.
> >Hardened: use-crypto: warn: Unable to determine the binary's producer from it's DW_AT_producer string.
> >Hardened: use-crypto: FAIL: fips test because the binary was not built with CGO_ENABLED=1
> 
> Annocheck looks for two symbols in the binary's symbol table:
> "crypto" which indicates that the crypto library is being used and
> "cgo_topofstack" which indicates that the binary was compiled with
> CGO_ENABLED=1.  The test only fails if the "crypto" symbol is present
> but the "cgo_topofstack" symbol is missing.
> 
> Since this failure is specific to the s390x architecture, I am guessing
> that there is a symbol prefix problem here.  Ie the symbols are probably
> called "_crypto" and "_cgo_topofstack" on the s390x.  But I would need to
> examine the actual failing binary in order to check.

Or gccgo just doesn't use the same symbols as golang?

> PS.  There is sourceware bugzilla support for annobin...
> PPS. Did you really report this problem on the 25th of December ?

ah, sorry, yes. I was just playing with the little starfive riscv
board, to admire the blinklights for Christmas. I admit I didn't have
a s390x mainframe around (which probably has even more blinkenlights!)
but just happened to look at the other test results.

I can file a bug report in bugzilla if you like.

Cheers,

Mark

[-- Attachment #2: use-crypto.gz --]
[-- Type: application/gzip, Size: 47584 bytes --]