The package rpms/buildah.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/buildah.git/commit/?id=66d964f058....
Change:
+%ifarch x86_64
Thanks.
Full change:
============
commit 66d964f058eeab2b650045a4e98c2c48ca032dee
Author: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
Date: Fri Dec 4 23:20:04 2020 -0500
buildah-1.19.0-0.12.dev.git75ae8be
- harden cgo binaries
Reported-by: Wade Mealing <wmealing(a)gmail.com>
Signed-off-by: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
diff --git a/buildah.spec b/buildah.spec
index 35ca2cb..eec07d8 100644
--- a/buildah.spec
+++ b/buildah.spec
@@ -35,7 +35,7 @@
Name: %{repo}
Version: 1.19.0
-Release: 0.11.dev.git%{shortcommit0}%{?dist}
+Release: 0.12.dev.git%{shortcommit0}%{?dist}
Summary: A command line tool used for creating OCI Images
License: ASL 2.0
URL: https://%{name}.io
@@ -115,6 +115,13 @@ mv vendor src
export GOPATH=$(pwd)/_build:$(pwd)
export BUILDTAGS='seccomp selinux'
+export CGO_CFLAGS='-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -ffat-lto-objects
-fexceptions -fasynchronous-unwind-tables -fstack-protector-strong
-fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64'
+%ifarch x86_64
+export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic -fcf-protection"
+%endif
+# These extra flags present in %%{optflags} have been skipped for now as they break the
build
+#export CGO_CFLAGS="$CGO_CFLAGS -flto=auto -Wp,D_GLIBCXX_ASSERTIONS
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1"
+
%if 0%{?centos} >= 8
export BUILDTAGS+=' exclude_graphdriver_btrfs'
%endif
@@ -149,6 +156,10 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
%{_datadir}/%{name}/test
%changelog
+* Sat Dec 5 2020 Lokesh Mandvekar <lsm5(a)fedoraproject.org> -
1.19.0-0.12.dev.git75ae8be
+- harden cgo binaries
+- Reported-by: Wade Mealing <wmealing(a)gmail.com>
+
* Wed Dec 2 2020 RH Container Bot <rhcontainerbot(a)fedoraproject.org> -
1.19.0-0.11.dev.git75ae8be
- autobuilt 75ae8be