Replies: 2 comments
-
Outstanding steps:
Force-majour:
|
Beta Was this translation helpful? Give feedback.
0 replies
This comment has been minimized.
This comment has been minimized.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
New changes
Prior to November 2024, melange builds in wolfi relied on environment variables to set many C/C++ compiler options.
However, these environment variables are not honored by many build systems. CMake, Bazel, CGO, OpenJDK all consistently able to override or ignore environment variables.
Instead Wolfi is adopting clang configuration files and GCC spec files. Using on disk configuration files ensures that compiler really does use the recommended OpenSSF compiler options.
From November 2024:
Prior to November 2024:
How to deal with build failures when warnings are treated as errors
Meaning one may have to update CFLAGS again
How to deal with customizing build behaviour
Any and all flags passed via specs and configuration files, can be overridden via CFLAGS as usual, in well behaved build systems, i.e. one can opt-out of pie with -fno-pie, opt out of FORTIFY_SOURCE with undefining it and redefining it to any desired value and so on.
Known Issues / Anecdotes
-Werror
+-fhardened
It has been discovered that upstreams that use
Werror
and have not been tested with GCC-14 with-fhardened
flag can trigger the below warnings as errors, thus needing:-Wno-error=maybe-uninitialized
-Wno-error=format-truncation
-Wno-error=implicit-function-declaration
-Wno-error=implicit-int
error: '<something>' is not a constant expression
This is frequently seen with packages use
abseil-cpp
. See: #34075. Try adding-fdelete-null-pointer-checks
using e.g.CXXFLAGS
, or-DCMAKE_CXX_FLAGS
. Rungrep fdelete-null-pointer-checks *.yaml
for examples.symbol lookup error: : undefined symbol:
This commonly impacts packages that use CUDA libraries because they require runtime symbol binding, which
openssf-compiler-options
disables via-Wl,-z,now
. There does not seem to be an easy way to override this, so we currently use a hack that creates a build-specificopenssf.spec
file with this flag filtered out. Example: 3dc98f1How to really really revert the build to behave as before
This is is a brake glass to escape option.
Create a new bug report at https://github.com/wolfi-dev/os/issues/new/choose with the full failing build log, together with the full melange file.
Use the following environment block in the melange file
If using clang, pass in
--config-system-dir=/var/empty
to clang, for example via CFLAGS, there is no environment variable equivalent.Beta Was this translation helpful? Give feedback.
All reactions