From: Mark Wielaard <mark@klomp.org>
To: Nick Clifton <nickc@redhat.com>
Cc: annobin@sourceware.org
Subject: Re: s390x build test failure for GO FIPS
Date: Tue, 2 Jan 2024 13:06:44 +0100 [thread overview]
Message-ID: <20240102120644.GD26453@gnu.wildebeest.org> (raw)
In-Reply-To: <bc689b12-fc3d-4fa1-ba22-841604c029ce@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1768 bytes --]
Hi Nick,
On Tue, Jan 02, 2024 at 10:30:45AM +0000, Nick Clifton wrote:
> >Since commit 08bc2832527f42b517f2d550e8ada452b4ad21ee
> >12.24: Annocheck: Changes GO FIPS test to look for CGO_ENABLED markers
> >The s390x CI builder has been failing:
> >https://builder.sourceware.org/buildbot/#/builders/annobin-fedora-s390x
>
> Is there any way to recover the test binary that was built as part of the failing test ?
Attached.
> >annocheck: Version 12.34.
> >Hardened: use-crypto: warn: Unable to determine the binary's producer from it's DW_AT_producer string.
> >Hardened: use-crypto: FAIL: fips test because the binary was not built with CGO_ENABLED=1
>
> Annocheck looks for two symbols in the binary's symbol table:
> "crypto" which indicates that the crypto library is being used and
> "cgo_topofstack" which indicates that the binary was compiled with
> CGO_ENABLED=1. The test only fails if the "crypto" symbol is present
> but the "cgo_topofstack" symbol is missing.
>
> Since this failure is specific to the s390x architecture, I am guessing
> that there is a symbol prefix problem here. Ie the symbols are probably
> called "_crypto" and "_cgo_topofstack" on the s390x. But I would need to
> examine the actual failing binary in order to check.
Or gccgo just doesn't use the same symbols as golang?
> PS. There is sourceware bugzilla support for annobin...
> PPS. Did you really report this problem on the 25th of December ?
ah, sorry, yes. I was just playing with the little starfive riscv
board, to admire the blinklights for Christmas. I admit I didn't have
a s390x mainframe around (which probably has even more blinkenlights!)
but just happened to look at the other test results.
I can file a bug report in bugzilla if you like.
Cheers,
Mark
[-- Attachment #2: use-crypto.gz --]
[-- Type: application/gzip, Size: 47584 bytes --]
prev parent reply other threads:[~2024-01-02 12:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-25 17:09 Mark Wielaard
2024-01-02 10:30 ` Nick Clifton
2024-01-02 12:06 ` Mark Wielaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240102120644.GD26453@gnu.wildebeest.org \
--to=mark@klomp.org \
--cc=annobin@sourceware.org \
--cc=nickc@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).