Hey Aurelien, On 2023-12-05 08:32, Aurelien Jarno wrote: > What about the patch below, it basically just change the compiler to > always enable -mbranch-protection=standard, and it's also used for the > configure script.
> --- glibc-2.37/debian/sysdeps/arm64.mk > +++ glibc-2.37/debian/sysdeps/arm64.mk > @@ -1,2 +1,5 @@ > # configuration options for all flavours > extra_config_options = --enable-multi-arch --enable-memory-tagging > + > +CC = $(DEB_HOST_GNU_TYPE)-$(BASE_CC)$(DEB_GCC_VERSION) > -mbranch-protection=standard > +CXX = $(DEB_HOST_GNU_TYPE)-$(BASE_CXX)$(DEB_GCC_VERSION) > -mbranch-protection=standard Your patch works. Highlights: cd build-tree/arm64-libc && \ CC="aarch64-linux-gnu-gcc-12 -mbranch-protection=standard" \ CXX="aarch64-linux-gnu-g++-12 -mbranch-protection=standard" \ [...] checking for BTI support... yes checking if pac-ret is enabled... yes [...] aarch64-linux-gnu-gcc-12 -mbranch-protection=standard -nostdlib -nostartfiles -r -o /<<PKGBUILDDIR>>/build-tree/arm64-libc/csu/Scrt1.o /<<PKGBUILDDIR>>/build-tree/arm64-libc/csu/start.os /<<PKGBUILDDIR>>/build-tree/arm64-libc/csu/abi-note.o /<<PKGBUILDDIR>>/build-tree/arm64-libc/csu/init.o Full logs at https://people.debian.org/~ema/glibc_2.37-13.1_arm64.build At some later point when both gcc and glibc with BTI enabled are in the archive we could think of adding an autopkgtest checking for something like: readelf -n /usr/lib/aarch64-linux-gnu/Scrt1.o | grep 'BTI, PAC' But for now: do you want me to file a bug against glibc to keep track of this in the BTS? Thank you very much! Emanuele