The package rpms/skopeo.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/skopeo.git/commit/?id=9ca5f7a10bd....
Change:
+%ifarch x86_64
Thanks.
Full change:
============
commit 9ca5f7a10bd1afe5a64c89251118e42f015078d6
Author: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
Date: Fri Dec 4 23:57:25 2020 -0500
harden cgo based golang binaries
Reported-by: Wade Mealing <wmealing(a)gmail.com>
Signed-off-by: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
(cherry picked from commit 6a49b0d69c6ac2fbb9c215d0c96f237a3654b009)
Signed-off-by: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
diff --git a/skopeo.spec b/skopeo.spec
index b6b1b49..445ff47 100644
--- a/skopeo.spec
+++ b/skopeo.spec
@@ -50,7 +50,7 @@ ExcludeArch: ppc64
Name: %{repo}
Epoch: %{conditional_epoch}
Version: 1.2.0
-Release: 12%{?dist}
+Release: 13%{?dist}
Summary: Inspect container images and repositories on registries
License: ASL 2.0
URL: %{git0}
@@ -299,6 +299,13 @@ sed -i 's/install-docs: docs/install-docs:/' Makefile
mkdir -p
src/github.com/containers
ln -s ../../../ src/%{import_path}
+export CGO_CFLAGS='-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -ffat-lto-objects
-fexceptions -fasynchronous-unwind-tables -fstack-protector-strong
-fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64'
+%ifarch x86_64
+export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic -fcf-protection"
+%endif
+# These extra flags present in %%{optflags} have been skipped for now as they break the
build
+#export CGO_CFLAGS="$CGO_CFLAGS -flto=auto -Wp,D_GLIBCXX_ASSERTIONS
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1"
+
mkdir -p vendor/src
for v in vendor/*; do
if test ${v} = vendor/src; then continue; fi
@@ -459,6 +466,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_datadir}/%{name}/test
%changelog
+* Thu Dec 10 2020 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 1:1.2.0-13
+- harden cgo based golang binaries
+- Reported-by: Wade Mealing <wmealing(a)gmail.com>
+
* Thu Dec 3 2020 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 1:1.2.0-12
- bump for centos