| |
@@ -0,0 +1,42 @@
|
| |
+ From 3dd725eca0079e2b49821dfeb0ec1cb166cc7414 Mon Sep 17 00:00:00 2001
|
| |
+ From: Omair Majid <omajid@redhat.com>
|
| |
+ Date: Fri, 4 Oct 2019 19:29:53 -0400
|
| |
+ Subject: [PATCH] Handle glibc sys/sysctl.h deprecation
|
| |
+
|
| |
+ glibc has deprecated sys/sysctl.h:
|
| |
+
|
| |
+ In file included from /coreclr/src/pal/src/misc/sysinfo.cpp:32:
|
| |
+ /usr/include/sys/sysctl.h:21:2: error: "The <sys/sysctl.h> header is deprecated and will be removed." [-Werror,-W#warnings]
|
| |
+ #warning "The <sys/sysctl.h> header is deprecated and will be removed."
|
| |
+ ^
|
| |
+ 1 error generated.
|
| |
+
|
| |
+ Fix that by preferring sysconf and only including sys/sysctl.h if
|
| |
+ HAVE_SYSCONF is not true. This mirrors the order of the implementation
|
| |
+ code in this file (sysinfo.cpp) which checks for HAVE_SYSCONF
|
| |
+ before HAVE_SYSCTL.
|
| |
+
|
| |
+ Fixes #27008
|
| |
+ ---
|
| |
+ src/pal/src/misc/sysinfo.cpp | 7 +++++--
|
| |
+ 1 file changed, 5 insertions(+), 2 deletions(-)
|
| |
+
|
| |
+ diff --git a/src/pal/src/misc/sysinfo.cpp b/src/pal/src/misc/sysinfo.cpp
|
| |
+ index e1c949e38d53..50ccf3a75e16 100644
|
| |
+ --- a/src/pal/src/misc/sysinfo.cpp
|
| |
+ +++ b/src/pal/src/misc/sysinfo.cpp
|
| |
+ @@ -28,9 +28,12 @@ Revision History:
|
| |
+ #include <errno.h>
|
| |
+ #include <unistd.h>
|
| |
+ #include <sys/types.h>
|
| |
+ -#if HAVE_SYSCTL
|
| |
+ +
|
| |
+ +#if HAVE_SYSCONF
|
| |
+ +// <unistd.h> already included above
|
| |
+ +#elif HAVE_SYSCTL
|
| |
+ #include <sys/sysctl.h>
|
| |
+ -#elif !HAVE_SYSCONF
|
| |
+ +#else
|
| |
+ #error Either sysctl or sysconf is required for GetSystemInfo.
|
| |
+ #endif
|
| |
+
|
| |
After building and installing all the built packages (including -debuginfo and -debugsources), annocheck -v reports no FAILs or MAYBs on my system.
This doesn't mean that .NET Core has been completely hardened. annocheck can only partially check binaries produced by non-gcc compilers. It requires code to have been compiled by gcc to be able to accurately verify binaries. Additionally, clang lacks several hardening flags.
For more information about annocheck, see: https://developers.redhat.com/blog/2019/02/04/annocheck-examining-the-contents-of-binary-files/
There is also some support for building on Fedora 32, but it's currently blocked by corefx RID issues being discussed upstream.
Build: https://copr.fedorainfracloud.org/coprs/g/dotnet-sig/dotnet/build/1062244/