Add build with hardened flag #2396
Conversation
|
General CI Tests / gcc-14-hardened (14, 0) is the test that currently runs (since FIPS is disabled on GCC 14). Passing output here: https://github.com/aws/aws-lc/actions/runs/14856703315/job/41711890198?pr=2396 |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2396 +/- ##
==========================================
+ Coverage 78.78% 78.80% +0.02%
==========================================
Files 620 621 +1
Lines 108077 108432 +355
Branches 15349 15389 +40
==========================================
+ Hits 85153 85455 +302
- Misses 22266 22310 +44
- Partials 658 667 +9 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| if: ${{ !( matrix.gccversion == '14' && matrix.fips == '1' ) }} | ||
| run: | | ||
| cmake -DCMAKE_C_FLAGS='-O2 -fhardened -Wno-error=hardened' -S. -Bbuild | ||
| cmake --build ./build --target all |
There was a problem hiding this comment.
Should we use the run_tests target so that we verify the tests pass with this build configuration?
| # TODO: Re-enable gcc-14/FIPS build once delocator updated | ||
| if: ${{ !( matrix.gccversion == '14' && matrix.fips == '1' ) }} | ||
| run: | | ||
| cmake -DCMAKE_C_FLAGS='-O2 -fhardened -Wno-error=hardened' -S. -Bbuild |
There was a problem hiding this comment.
I'm curious what errors do we see with just -O2 -fhardened. Are these errors things we can fix in our code?
Issues:
Addresses (aws/aws-lc-rs#614)
Description of changes:
Adds a build with GCC-14 on Linux using the hardened flag to prevent regressions.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.