From 6bf8a8db3c523949efd1e8258a85adc4e51fe202 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Jan 2024 12:09:55 -0500 Subject: [PATCH 1/3] Update fedora versions for CI workflows Signed-off-by: Peter Jones --- .github/workflows/pullrequest.yml | 34 +++++++++++++++---------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml index 41ea9dd..8fd2e8e 100644 --- a/.github/workflows/pullrequest.yml +++ b/.github/workflows/pullrequest.yml @@ -22,57 +22,57 @@ jobs: efiarch: aa64 gccarch: aarch64 makearch: aarch64 - distro: f36 + distro: f39 - arch: amd64 efiarch: aa64 gccarch: aarch64 makearch: aarch64 - distro: f35 + distro: f38 - arch: amd64 efiarch: arm gccarch: arm makearch: arm - distro: f36 + distro: f39 - arch: amd64 efiarch: arm gccarch: arm makearch: arm - distro: f35 + distro: f38 - arch: amd64 efiarch: arm gccarch: arm makearch: arm - distro: f34 + distro: f37 - arch: amd64 efiarch: x64 gccarch: x86_64 makearch: x86_64 - distro: f36 + distro: f39 - arch: amd64 efiarch: x64 gccarch: x86_64 makearch: x86_64 - distro: f35 + distro: f38 - arch: amd64 efiarch: x64 gccarch: x86_64 makearch: x86_64 - distro: f34 + distro: f37 - arch: amd64 efiarch: ia32 gccarch: x86_64 makearch: ia32 - distro: f36 + distro: f39 - arch: amd64 efiarch: ia32 gccarch: x86_64 makearch: ia32 - distro: f35 + distro: f38 - arch: amd64 efiarch: ia32 gccarch: x86_64 makearch: ia32 - distro: f34 + distro: f37 steps: - name: Checkout @@ -118,15 +118,15 @@ jobs: - arch: amd64 efiarch: x64 makearch: x86_64 - distro: f36 + distro: f39 - arch: amd64 efiarch: x64 makearch: x86_64 - distro: f35 + distro: f38 - arch: amd64 efiarch: x64 makearch: x86_64 - distro: f34 + distro: f37 - arch: amd64 efiarch: x64 makearch: x86_64 @@ -134,15 +134,15 @@ jobs: - arch: amd64 efiarch: ia32 makearch: ia32 - distro: f36 + distro: f39 - arch: amd64 efiarch: ia32 makearch: ia32 - distro: f35 + distro: f38 - arch: amd64 efiarch: ia32 makearch: ia32 - distro: f34 + distro: f37 steps: - name: Checkout From e004c57485131aa0ad03418ed52cd5a2711b3b14 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Jan 2024 13:54:12 -0500 Subject: [PATCH 2/3] Work around github weirdness Currently on the "update submodule" step, we're getting this: git submodule update --init --recursive fatal: detected dubious ownership in repository at '/__w/certwrapper/certwrapper' To add an exception for this directory, call: git config --global --add safe.directory /__w/certwrapper/certwrapper make: *** [Makefile:126: update] Error 128 Given the absolute lack of any details of what user the owner is and why that might be dubious, I've chosen to follow it's advice without prying too hard. Signed-off-by: Peter Jones --- .github/workflows/pullrequest.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml index 8fd2e8e..7cd5abc 100644 --- a/.github/workflows/pullrequest.yml +++ b/.github/workflows/pullrequest.yml @@ -82,6 +82,10 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 submodules: recursive + - name: Work around github/git ownership weirdness + id: ignore-directory-ownership + run: | + git config --global --add safe.directory /__w/certwrapper/certwrapper - name: Update submodules on ${{ matrix.distro }} for ${{ matrix.efiarch }} id: update-submodules run: | @@ -152,6 +156,10 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 submodules: recursive + - name: Work around github/git ownership weirdness + id: ignore-directory-ownership + run: | + git config --global --add safe.directory /__w/certwrapper/certwrapper - name: Update submodules on ${{ matrix.distro }} for ${{ matrix.efiarch }} id: update-submodules run: | From 9ad0c5f68be4b636dcf9590d1543727ddf664360 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Jan 2024 14:05:22 -0500 Subject: [PATCH 3/3] Build: for now, don't error on RWX loadable segments Right now on some CI builds we get: aarch64-linux-gnu-gcc -nostdlib -fPIC -Wl,--warn-common -Wl,--no-undefined \ -Wl,--fatal-warnings -Wl,-shared -Wl,-Bsymbolic -L/usr/lib64 \ -L/__w/certwrapper/certwrapper/gnu-efi/ -Wl,--build-id=sha1 \ -Wl,--hash-style=sysv -o certmule.so certmule.o sbat_data.o \ /usr/lib/gcc/aarch64-linux-gnu/12/libgcc.a \ -T /__w/certwrapper/certwrapper/elf_aarch64_efi.lds /usr/bin/aarch64-linux-gnu-ld: warning: certmule.so has a LOAD segment with RWX permissions collect2: error: ld returned 1 exit status make: *** [../Makefile:115: certmule.so] Error 1 Right now this breaks CI despite no code change from when CI worked (due to the distros being updated). The segments themselves don't really matter (they exist in ELF but not in PE), so we could plausibly fix them, but that belongs in a different patch series. Unfortunately some of the linkers we're testing against don't support "--no-warn-rwx-segments", and some of them don't support "--no-error-rwx-segments". So for right now, I'm disabling "--fatal-warnings" instead. Signed-off-by: Peter Jones --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d8b4308..628c7cf 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ BUILDFLAGS := $(CFLAGS) -fPIC -Werror -Wall -Wextra -fshort-wchar \ -I$(GNUEFIDIR)/inc/$(ARCH) \ -I$(GNUEFIDIR)/inc/protocol CCLDFLAGS ?= -nostdlib -fPIC -Wl,--warn-common \ - -Wl,--no-undefined -Wl,--fatal-warnings \ + -Wl,--no-undefined \ -Wl,-shared -Wl,-Bsymbolic -L$(LIBDIR) -L$(GNUEFIDIR) \ -Wl,--build-id=sha1 -Wl,--hash-style=sysv LD = $(CROSS_COMPILE)ld