10000 Add build with hardened flag by m271828 · Pull Request #2396 · aws/aws-lc · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add build with hardened flag #2396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
May 30, 2025
Merged

Add build with hardened flag #2396

merged 7 commits into from
May 30, 2025

Conversation

m271828
Copy link
Contributor
@m271828 m271828 commented May 6, 2025

Issues:

Addresses (aws/aws-lc-rs#614)

Description of changes:

Adds a build with GCC-14 on Linux using the hardened flag to prevent regressions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@m271828 m271828 marked this pull request as ready for review May 6, 2025 10:00
@m271828 m271828 requested a review from a team as a code owner May 6, 2025 10:00
@m271828 m271828 requested a review from justsmth May 6, 2025 10:00
@m271828
Copy link
Contributor Author
m271828 commented May 6, 2025

General CI Tests / gcc-14-hardened (14, 0) is the test that currently runs (since FIPS is disabled on GCC 14). Passing output here: https://github.com/aws/aws-lc/actions/runs/14856703315/job/41711890198?pr=2396

@codecov-commenter
Copy link
codecov-commenter commented May 6, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.88%. Comparing base (d6ade6a) to head (cde453b).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2396      +/-   ##
==========================================
- Coverage   78.88%   78.88%   -0.01%     
==========================================
  Files         621      621              
  Lines      108675   108675              
  Branches    15420    15419       -1     
==========================================
- Hits        85726    85723       -3     
- Misses      22278    22280       +2     
- Partials      671      672       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

justsmth
justsmth reviewed May 8, 2025
View reviewed changes
@m271828 m271828 requested a review from justsmth May 14, 2025 23:38
justsmth
justsmth reviewed May 16, 2025
View reviewed changes
10000
@m271828
Copy link
Contributor Author
m271828 commented May 30, 2025

Update to include run_tests, all of which are currently passing: https://github.com/aws/aws-lc/actions/runs/15355889770/job/43214962866?pr=2396

@m271828 m271828 requested a review from justsmth May 30, 2025 21:26
justsmth
justsmth approved these changes May 30, 2025
View reviewed changes
@justsmth justsmth merged commit 29c94fa into aws:main May 30, 2025
115 of 118 checks passed
@m271828 m271828 deleted the add_hardened_build branch June 4, 2025 20:11
@justsmth justsmth mentioned this pull request Jun 6, 2025
Merged
justsmth added a commit that referenced this pull request Jun 13, 2025
@justsmth
Prepare v1.53.0 (#2471)
0f76ff1 
## What's Changed
* Add build with hardened flag by @m271828 in
#2396
* Openssl tool output ordered by options provided by @justsmth in
#2452
* [SCRUTINICE] Remove redundant condition check by @nhatnghiho in
#2450
* Support relro in delocator by @torben-hansen in
#2455
* Explicitly don't allow buffers aliasing in ctr-drbg implementation by
@torben-hansen in #2458
* Remove unused Windows afunix.h by @justsmth in
#2461
* Revert "Rework memory BIOs and implement BIO_seek (2nd try) (#2433)"
by @justsmth in #2466
* Use max_cert_list for TLSv1.3 NewSessionTicket by @skmcgrail in
#2453
* ML-KEM memory safety by @m271828 in
#2263
* Simplify Compiler CI jobs by @justsmth in
#2430
* Improve support for multilib-style distros in our test scripts by
@justsmth in #2467
* Fix Ruby mainline and nginx CI by @samuel40791765 in
#2460
* Add hardened build back in by @m271828 in
#2474
* Fix OCSP integration test failures by @samuel40791765 in
#2480
* Fix some theoretical missing earlyclobber markers in inline assembly
by @torben-hansen in #2477
* Simplify sshkdf and kbkdf by @torben-hansen in
#2478
* Run 3p module tests on python 3.13, add patch for 3.14 by
@WillChilds-Klein in #2476
* [UPSTREAM] Fix BIO_eof for BIO pairs by @justsmth in
#2440
* Fix service indicator in HKDF, more paranoid zeroization, and simplify
logic by @torben-hansen in #2482


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
@BrewTestBot BrewTestBot mentioned this pull request Jun 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skmcgrail skmcgrail skmcgrail approved these changes

@justsmth justsmth justsmth approved these changes

@samuel40791765 samuel40791765 Awaiting requested review from samuel40791765

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@m271828 @codecov-commenter @skmcgrail @justsmth
0