From 4656334c922c0e00e8b53bbdf04e43e083bd8616 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 6 Jun 2018 17:25:49 +0100 Subject: [PATCH] Add the annocheck program as a sub-package. --- .gitignore | 1 + annobin.spec | 30 ++++++++++++++++++++++++++++-- sources | 2 +- 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 6369e5c..e81d3f6 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /annobin-5.9.tar.xz /annobin-5.10.tar.xz /annobin-5.11.tar.xz +/annobin-6.0.tar.xz diff --git a/annobin.spec b/annobin.spec index 39c7ae1..490c8e9 100644 --- a/annobin.spec +++ b/annobin.spec @@ -11,7 +11,7 @@ Name: annobin Summary: Binary annotation plugin for GCC -Version: 5.11 +Version: 6.0 Release: 1%{?dist} License: GPLv3+ @@ -20,6 +20,9 @@ URL: https://fedoraproject.org/wiki/Toolchain/Watermark # Use "--without tests" to disable the testsuite. The default is to run them. %bcond_without tests +# Use "--without annocheck" to disable the installation of the annocheck program. +%bcond_without annocheck + # Set this to zero to disable the requirement for a specific version of gcc. # This should only be needed if there is some kind of problem with the version # checking logic. @@ -57,9 +60,24 @@ Summary: Test scripts and binaries for checking the behaviour and output of the %description tests Provides a means to test the generation of annotated binaries and the parsing of the resulting files. -# FIXME: Does not actually do this yet... %endif + +#--------------------------------------------------------------------------------- +%if %{with annocheck} + +%package annocheck +Summary: A tool for checking the security hardening status of binaries + +BuildRequires: elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel + +%description annocheck +Installs the annocheck program which uses the notes generated by annobin to +check that the specified files were compiled with the correct security +hardening options. + +%endif + #--------------------------------------------------------------------------------- %global ANNOBIN_PLUGIN_DIR %(gcc --print-file-name=plugin) @@ -190,9 +208,17 @@ exit 0 %doc %{_mandir}/man1/hardened.1.gz %doc %{_mandir}/man1/run-on-binaries.1.gz +%if %{with annocheck} +%{_bindir}/annocheck +%doc %{_mandir}/man1/annocheck.1.gz +%endif + #--------------------------------------------------------------------------------- %changelog +* Wed Jun 06 2018 Nick Clifton - 6.0-1 +- Add the annocheck program. + * Fri Jun 01 2018 Nick Clifton - 5.11-1 - Do not use the SHF_GNU_BUILD_NOTE section flag. diff --git a/sources b/sources index 12c92de..cbd0fb9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (annobin-5.11.tar.xz) = 8c0cb4f9f31a1cb534c4449b6331353d9aaa7e087d8eaee7d3787499ada305ba88f64d9dedab727a737efce44af1f62a7f9d2a89b8c417fa6ecf8e9728182c94 +SHA512 (annobin-6.0.tar.xz) = 01e5693a5584cc6f532686863e0c8fa29ef0eeeba7860b16e067bec7a7f363bf72d63c4be56707288355409b748da2f5fcfd3e579925dd68fd751591ae678d7d