Skip to content

Run annocheck for libruby.so #11324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 7, 2024
Merged

Run annocheck for libruby.so #11324

merged 2 commits into from
Aug 7, 2024

Conversation

junaruga
Copy link
Member

@junaruga junaruga commented Aug 7, 2024

This PR is a rework for the #11123. I tested in my forked repository, and confirmed the test-annocheck case passing properly testing both ruby and libruby.so. Below is the CI log.

https://github.com/junaruga/ruby/actions/runs/10284090286/job/28459376922#step:10:106

When building with the --shared option, most functionality is kept in libruby.so. Therefore also run annocheck for libruby.so.

Use ARG IN_DIR to propagate multiple files into the container instead of ARG FILES in the Dockerfile-copy. Because the COPY syntax in Dockerfile doesn't support copying the multiple files.
https://stackoverflow.com/questions/61599384/specify-multiple-files-in-arg-to-copy-in-dockerfile

Co-authored-by: Vít Ondruch vondruch@redhat.com

@junaruga junaruga force-pushed the wip/annocheck-libruby-so branch from 164a5fd to 14143c3 Compare August 7, 2024 12:24
@junaruga junaruga mentioned this pull request Aug 7, 2024
Closed
nobu
nobu reviewed Aug 7, 2024
View reviewed changes
@junaruga junaruga force-pushed the wip/annocheck-libruby-so branch from 14143c3 to d535ae6 Compare August 7, 2024 13:32
junaruga
junaruga commented Aug 7, 2024
View reviewed changes
@junaruga junaruga force-pushed the wip/annocheck-libruby-so branch from d535ae6 to 10d8db1 Compare August 7, 2024 13:44
@junaruga @voxik
CI: Run annocheck for libruby.so
41bbbfd 
When building with the `--shared` option, most functionality is kept in
`libruby.so`. Therefore also run annocheck for `libruby.so`.

Use `ARG IN_DIR` to propagate multiple files into the container instead of
`ARG FILES` in the `Dockerfile-copy`. Because the `COPY` syntax in Dockerfile
doesn't support copying the multiple files.
https://stackoverflow.com/questions/61599384/specify-multiple-files-in-arg-to-copy-in-dockerfile

Co-authored-by: Vít Ondruch <vondruch@redhat.com>
@junaruga junaruga force-pushed the wip/annocheck-libruby-so branch from 10d8db1 to 41bbbfd Compare August 7, 2024 13:47
@junaruga
Copy link
Member Author

junaruga commented Aug 7, 2024

I confirmed that the test-annocheck passed, checking the ruby and libruby.so on this PR's CI.

https://github.com/ruby/ruby/actions/runs/10285685378/job/28464546087?pr=11324#step:10:100

@junaruga junaruga merged commit 53f3036 into ruby:master Aug 7, 2024
106 checks passed
@junaruga junaruga deleted the wip/annocheck-libruby-so branch August 7, 2024 16:51
@voxik
Copy link
Contributor

voxik commented Aug 7, 2024

Just FTR, I would love to see if this was resolved:

Hardened: libruby.so.3.4.0: skip: cf-protection test because mixed Rust and C code - control flow protection is needed but not yet supported by Rust

Because that actually means Ruby is not properly hardened. But that has separate tracker:

https://bugs.ruby-lang.org/issues/20642

@junaruga
Copy link
Member Author

junaruga commented Aug 8, 2024

I added the prefix "CI: " to the commit message and title on this PR, changing it from the original PR. However, I realized that it was wrong. Because this PR improving make test-annocheck is not CI-specific. Sorry for my wrong change.

@junaruga junaruga changed the title CI: Run annocheck for libruby.so Run annocheck for libruby.so Aug 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nobu nobu nobu left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@junaruga @voxik @nobu