The package rpms/buildah.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/buildah.git/commit/?id=199c09e946....
Change:
+%ifarch x86_64
Thanks.
Full change:
============
commit 199c09e946b1632e786c45df6783661a9c38787d
Author: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
Date: Mon Dec 7 15:23:22 2020 -0500
buildah-1.18.0-2
- harden cgo based go binaries
Reported-by: Wade Mealing <wmealing(a)gmail.com>
Signed-off-by: Lokesh Mandvekar <lsm5(a)fedoraproject.org>
diff --git a/buildah.spec b/buildah.spec
index c81a8be..496ed8d 100644
--- a/buildah.spec
+++ b/buildah.spec
@@ -112,6 +112,16 @@ popd
mv vendor src
+export CGO_CFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -ffat-lto-objects
-fexceptions -fasynchronous-unwind-tables -fstack-protector-strong
-fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64"
+%ifarch x86_64
+export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic"
+%if 0%{?fedora} || 0%{?centos} >= 8
+export CGO_CFLAGS="$CGO_CFLAGS -fcf-protection"
+%endif
+%endif
+# These extra flags present in %%{optflags} have been skipped for now as they break the
build
+#export CGO_CFLAGS="$CGO_CFLAGS -flto=auto -Wp,D_GLIBCXX_ASSERTIONS
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1"
+
export GOPATH=$(pwd)/_build:$(pwd)
export BUILDTAGS='seccomp selinux'
%if 0%{?centos} >= 8
@@ -148,8 +158,9 @@ cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
%{_datadir}/%{name}/test
%changelog
-* Thu Nov 19 2020 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 1.18.0-2
-- bump release tag for OBS
+* Mon Dec 07 2020 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 1.18.0-2
+- harden cgo based go binaries
+- Reported-by: Wade Mealing <wmealing(a)gmail.com>
* Mon Nov 16 2020 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 1.18.0-1
- autobuilt v1.18.0