diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 5f223b6..74f2911 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -176,7 +176,15 @@ jobs: dest="minio/jenkins/conflict-set/${{ gitea.run_number }}/release-${{ matrix.arch }}/" zstd build/Testing/*/Test.xml mc cp build/Testing/*/Test.xml.zst "$dest" - mc cp build/*.deb build/*.rpm "$dest" + # This step runs even when a previous step failed, to upload test + # results. The packages may never have been built though, so skip + # them if they're missing. + if compgen -G "build/*.deb" > /dev/null; then + mc cp build/*.deb "$dest" + fi + if compgen -G "build/*.rpm" > /dev/null; then + mc cp build/*.rpm "$dest" + fi if compgen -G "paper/*.pdf" > /dev/null; then mc cp paper/*.pdf "$dest" fi diff --git a/CMakeLists.txt b/CMakeLists.txt index 3fa03d3..150f179 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -383,9 +383,18 @@ if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR AND BUILD_TESTING) if(NOT CMAKE_CROSSCOMPILING) find_program(HARDENING_CHECK hardening-check) if(HARDENING_CHECK) - add_test(NAME hardening_check - COMMAND ${HARDENING_CHECK} $ - --nofortify --nostackprotector) + # Control flow integrity (CET) is x86-only and branch protection (PAC/BTI) + # is arm64-only, so ignore whichever doesn't apply. + if(CMAKE_SYSTEM_PROCESSOR STREQUAL aarch64 OR CMAKE_SYSTEM_PROCESSOR + STREQUAL arm64) + set(hardening_check_arch_flags --nocfprotection) + else() + set(hardening_check_arch_flags --nobranchprotection) + endif() + add_test( + NAME hardening_check + COMMAND ${HARDENING_CHECK} $ --nofortify + --nostackprotector ${hardening_check_arch_flags}) endif() endif()