From 63f1a045ba675568a1e92b204c301359dbccc85b Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sun, 18 Jun 2023 11:28:21 -0300
Subject: build: remove -mretpoline and NO_EXTRA_CFLAGS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The -mretpoline flag is not documented in the current versions of gcc
and clang and it is what causes scan-build to fail:

    $ ./configure CC=clang | grep retpoline
    checking whether C compiler accepts -mretpoline... yes
       EXTRA_CFLAGS:  -mretpoline -fstack-clash-protection -fstack-protector-strong
    $ scan-build --status-bugs make
    scan-build: Using '/usr/bin/clang-15' for static analysis
    make -C src/lib
    make[1]: Entering directory '/tmp/firejail/src/lib'
    /usr/bin/../lib/clang/ccc-analyzer [...] -mretpoline [...] -c common.c -o common.o
    gcc: error: unrecognized command-line option ‘-mretpoline’
    make[1]: *** [../../src/prog.mk:16: common.o] Error 1
    make[1]: Leaving directory '/tmp/firejail/src/lib'
    make: *** [Makefile:59: src/lib] Error 2
    scan-build: Analysis run complete.
    scan-build: Removing directory '/tmp/scan-build-[...]' because it contains no reports.
    scan-build: No bugs found.

Environment: clang 15.0.7-9 and gcc 13.1.1-1 on Artix Linux.

Note: NO_EXTRA_CFLAGS was added to work around this issue by causing all
of the flags in EXTRA_CFLAGS to be ignored.

Note2: -mretpoline was added on commit 4a99c8aa2 ("spectre support for
clang compiler", 2018-03-30) and NO_EXTRA_CFLAGS was added on commit
490918c35 ("fix make scan-build for debian 10 and arch", 2019-07-22).
See also commit 2c64d1fdd ("use AX_CHECK_COMPILE_FLAG to check for
spectre flags", 2019-06-21).

Closes #5509.

Kind of relates to #2661.
---
 .github/workflows/build-extra.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to '.github')

diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml
index e32f827e1..c2b035e11 100644
--- a/.github/workflows/build-extra.yml
+++ b/.github/workflows/build-extra.yml
@@ -105,7 +105,7 @@ jobs:
         --enable-selinux
         || (cat config.log; exit 1)
     - name: scan-build
-      run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make
+      run: scan-build-14 --status-bugs make
   cppcheck:
     runs-on: ubuntu-22.04
     steps:
-- 
cgit v1.2.3-54-g00ecf