Due to an influx of spam, we have had to temporarily disable account registrations. Please write an email to accountsupport@archlinux.org, with your desired username, if you want to get access. Sorry for the inconvenience.
The lint for shadow stack support added in !45 (closed) is not helpful, as the message gives no specific indication on how to circumvent this or what to do to change it.
Only mentioning lacks GNU_PROPERTY_X86_FEATURE_1_SHSTK is not necessarily enough to figure out what this is even about.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Child items ...
Show closed items
Linked items 0
Link issues together to show that they're related or that one is blocking others.
Learn more.
Would the expected fix for this be to mention "check that CFLAGS and/or CXXFLAGS are being used by the build", kind of like elffile-without-relro does? Per #63 (closed) it seems like that should cover most cases.
Searching the webs I found some references on this topic, but to be honest I'm not sure whether the package I'm building needs shadow stack (even though namcap reported it), whether I should report this to upstream.. Some info or useful link with more info would be very useful.
I get this for all my packages, I think this lint should be off until packages built according to the package guidelines for Go and Rust produce binaries without this warning.
This lint is not disabled by default. I kept this issue open to track getting it enabled again when the message is useful and/or we have heuristics for when to run it such that it is actually useful more of the time than not.
Do you mean "now disabled" instead of "not disabled"? !56 (merged) is now merged.
I'm here as I got warnings about GNU_PROPERTY_X86_FEATURE_1_SHSTK with lib32-pcsclite. Following tips in https://bbs.archlinux.org/viewtopic.php?id=292194, I noticed lib32-glibc also has those warnings. I wonder if it's supported with 32-bit toolchain.
Does the following change limit the warning to being produced for X86_64?
diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.pyindex 69a32d6..69e6c46 100644--- a/Namcap/rules/elffiles.py+++ b/Namcap/rules/elffiles.py@@ -238,7 +238,7 @@ class ELFSHSTKRule(TarballRule): noshstk_binaries = [] for elffile, entry_name in elf_files_from_tar(tar):- if ".debug" in entry_name:+ if ".debug" in entry_name or elffile.'e_machine' != 'EM_X86_64': continue for prop in _note_props( elffile,
Cool, it almost works, just needs a small typo fix :)
Here is updated patch:
diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.pyindex 69a32d6..dbfd1ee 100644--- a/Namcap/rules/elffiles.py+++ b/Namcap/rules/elffiles.py@@ -238,7 +238,7 @@ class ELFSHSTKRule(TarballRule): noshstk_binaries = [] for elffile, entry_name in elf_files_from_tar(tar):- if ".debug" in entry_name:+ if ".debug" in entry_name or elffile['e_machine'] != 'EM_X86_64': continue for prop in _note_props( elffile,
Now, the warning is reported only for 64-bit packages, not multilib ones
$ ./namcap-devel -r elfnoshstk /var/cache/pacman/pkg/lib32-glibc-2.39-1-x86_64.pkg.tar.zst$ ./namcap-devel -r elfnoshstk /var/cache/pacman/pkg/qtermwidget-1.4.0-1-x86_64.pkg.tar.zstqtermwidget W: ELF file ('usr/lib/python3.11/site-packages/QTermWidget.abi3.so') lacks GNU_PROPERTY_X86_FEATURE_1_SHSTK, check CFLAGS/CXXFLAGS.qtermwidget W: Dependency included, but may not be needed ('qt5-base')