diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-06-18 11:28:21 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-06-18 13:43:55 -0300 |
commit | 63f1a045ba675568a1e92b204c301359dbccc85b (patch) | |
tree | 3b4168433e6b430606cf51b833f0a4d0eeb04191 | |
parent | Merge pull request #5857 from kmk3/ci-standardize-apt (diff) | |
download | firejail-63f1a045ba675568a1e92b204c301359dbccc85b.tar.gz firejail-63f1a045ba675568a1e92b204c301359dbccc85b.tar.zst firejail-63f1a045ba675568a1e92b204c301359dbccc85b.zip |
build: remove -mretpoline and NO_EXTRA_CFLAGS
The -mretpoline flag is not documented in the current versions of gcc
and clang and it is what causes scan-build to fail:
$ ./configure CC=clang | grep retpoline
checking whether C compiler accepts -mretpoline... yes
EXTRA_CFLAGS: -mretpoline -fstack-clash-protection -fstack-protector-strong
$ scan-build --status-bugs make
scan-build: Using '/usr/bin/clang-15' for static analysis
make -C src/lib
make[1]: Entering directory '/tmp/firejail/src/lib'
/usr/bin/../lib/clang/ccc-analyzer [...] -mretpoline [...] -c common.c -o common.o
gcc: error: unrecognized command-line option ‘-mretpoline’
make[1]: *** [../../src/prog.mk:16: common.o] Error 1
make[1]: Leaving directory '/tmp/firejail/src/lib'
make: *** [Makefile:59: src/lib] Error 2
scan-build: Analysis run complete.
scan-build: Removing directory '/tmp/scan-build-[...]' because it contains no reports.
scan-build: No bugs found.
Environment: clang 15.0.7-9 and gcc 13.1.1-1 on Artix Linux.
Note: NO_EXTRA_CFLAGS was added to work around this issue by causing all
of the flags in EXTRA_CFLAGS to be ignored.
Note2: -mretpoline was added on commit 4a99c8aa2 ("spectre support for
clang compiler", 2018-03-30) and NO_EXTRA_CFLAGS was added on commit
490918c35 ("fix make scan-build for debian 10 and arch", 2019-07-22).
See also commit 2c64d1fdd ("use AX_CHECK_COMPILE_FLAG to check for
spectre flags", 2019-06-21).
Closes #5509.
Kind of relates to #2661.
-rw-r--r-- | .github/workflows/build-extra.yml | 2 | ||||
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | config.mk.in | 4 | ||||
-rwxr-xr-x | configure | 38 | ||||
-rw-r--r-- | configure.ac | 4 |
5 files changed, 2 insertions, 48 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index e32f827e1..c2b035e11 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -105,7 +105,7 @@ jobs: | |||
105 | --enable-selinux | 105 | --enable-selinux |
106 | || (cat config.log; exit 1) | 106 | || (cat config.log; exit 1) |
107 | - name: scan-build | 107 | - name: scan-build |
108 | run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make | 108 | run: scan-build-14 --status-bugs make |
109 | cppcheck: | 109 | cppcheck: |
110 | runs-on: ubuntu-22.04 | 110 | runs-on: ubuntu-22.04 |
111 | steps: | 111 | steps: |
@@ -358,7 +358,7 @@ cppcheck: clean | |||
358 | 358 | ||
359 | .PHONY: scan-build | 359 | .PHONY: scan-build |
360 | scan-build: clean | 360 | scan-build: clean |
361 | NO_EXTRA_CFLAGS="yes" scan-build make | 361 | scan-build make |
362 | 362 | ||
363 | .PHONY: codespell | 363 | .PHONY: codespell |
364 | codespell: clean | 364 | codespell: clean |
diff --git a/config.mk.in b/config.mk.in index 6b6cf1b99..dea3d8a52 100644 --- a/config.mk.in +++ b/config.mk.in | |||
@@ -61,9 +61,5 @@ LDFLAGS=@LDFLAGS@ | |||
61 | # Project variables | 61 | # Project variables |
62 | LIBS=@LIBS@ | 62 | LIBS=@LIBS@ |
63 | 63 | ||
64 | ifdef NO_EXTRA_CFLAGS | ||
65 | else | ||
66 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | 64 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ |
67 | endif | ||
68 | |||
69 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 65 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
@@ -2925,44 +2925,6 @@ else | |||
2925 | : | 2925 | : |
2926 | fi | 2926 | fi |
2927 | 2927 | ||
2928 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mretpoline" >&5 | ||
2929 | $as_echo_n "checking whether C compiler accepts -mretpoline... " >&6; } | ||
2930 | if ${ax_cv_check_cflags___mretpoline+:} false; then : | ||
2931 | $as_echo_n "(cached) " >&6 | ||
2932 | else | ||
2933 | |||
2934 | ax_check_save_flags=$CFLAGS | ||
2935 | CFLAGS="$CFLAGS -mretpoline" | ||
2936 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2937 | /* end confdefs.h. */ | ||
2938 | |||
2939 | int | ||
2940 | main () | ||
2941 | { | ||
2942 | |||
2943 | ; | ||
2944 | return 0; | ||
2945 | } | ||
2946 | _ACEOF | ||
2947 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2948 | ax_cv_check_cflags___mretpoline=yes | ||
2949 | else | ||
2950 | ax_cv_check_cflags___mretpoline=no | ||
2951 | fi | ||
2952 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2953 | CFLAGS=$ax_check_save_flags | ||
2954 | fi | ||
2955 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5 | ||
2956 | $as_echo "$ax_cv_check_cflags___mretpoline" >&6; } | ||
2957 | if test "x$ax_cv_check_cflags___mretpoline" = xyes; then : | ||
2958 | |||
2959 | HAVE_SPECTRE="yes" | ||
2960 | EXTRA_CFLAGS="$EXTRA_CFLAGS -mretpoline" | ||
2961 | |||
2962 | else | ||
2963 | : | ||
2964 | fi | ||
2965 | |||
2966 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-clash-protection" >&5 | 2928 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-clash-protection" >&5 |
2967 | $as_echo_n "checking whether C compiler accepts -fstack-clash-protection... " >&6; } | 2929 | $as_echo_n "checking whether C compiler accepts -fstack-clash-protection... " >&6; } |
2968 | if ${ax_cv_check_cflags___fstack_clash_protection+:} false; then : | 2930 | if ${ax_cv_check_cflags___fstack_clash_protection+:} false; then : |
diff --git a/configure.ac b/configure.ac index 30b031801..93de61b95 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -25,10 +25,6 @@ AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], [ | |||
25 | HAVE_SPECTRE="yes" | 25 | HAVE_SPECTRE="yes" |
26 | EXTRA_CFLAGS="$EXTRA_CFLAGS -mindirect-branch=thunk" | 26 | EXTRA_CFLAGS="$EXTRA_CFLAGS -mindirect-branch=thunk" |
27 | ]) | 27 | ]) |
28 | AX_CHECK_COMPILE_FLAG([-mretpoline], [ | ||
29 | HAVE_SPECTRE="yes" | ||
30 | EXTRA_CFLAGS="$EXTRA_CFLAGS -mretpoline" | ||
31 | ]) | ||
32 | AX_CHECK_COMPILE_FLAG([-fstack-clash-protection], [ | 28 | AX_CHECK_COMPILE_FLAG([-fstack-clash-protection], [ |
33 | HAVE_SPECTRE="yes" | 29 | HAVE_SPECTRE="yes" |
34 | EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-clash-protection" | 30 | EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-clash-protection" |