-
-
Notifications
You must be signed in to change notification settings - Fork 249
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
strace_analysis needs to handle known gcc compiler or devkit version/location #3690
Comments
Is the purpose of those to exclude those entries? To my mind those messages are correct (i.e. they're not associated with an |
no, the purpose to aid it in identifying what the gcc/devkit folder is and add correctly to the SBOM. sbin/build.sh knows what's in /usr/local/gcc11 so it can tell the analysis script, rather than just ignoring it as is currently the case |
OK gotcha ... Initial gut feel is that I'd be tempted to pull the version string, maybe record the SHA of the gcc executable or something (thinking off the top of my head). If be nervous about having an explicit mapping back to the tarball URL when it can't be proved. (Noting that none of the rpms can be proved to be accurate, other than by being able to do a reproduce comparison) |
So yeah, the /usr/local/gcc11/bin/gcc will already been pulled out correctly by the script and gcc -version of it.., it's just when it analsyses files like: |
|
This has already been fixed by https://github.com/adoptium/temurin-build/pull/3867/files |
strace_analysis.sh currently reports:
We should have a way of telling the script that a known gcc compiler or devkit is in location /usr/local/gcc11 for example..
The text was updated successfully, but these errors were encountered: