libica/libica-4.0.0-annotate.patch

84 lines
3.1 KiB
Diff
Raw Permalink Normal View History

2022-01-18 13:13:32 +00:00
From daad2a867cff48a7c4322716917d63538b083284 Mon Sep 17 00:00:00 2001
2018-11-16 12:46:33 +00:00
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Tue, 25 Sep 2018 13:44:32 +0200
2021-05-21 11:41:00 +00:00
Subject: [libica PATCH] add build note to assembler sources
2018-11-16 12:46:33 +00:00
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When distros use the annobin compiler plugin [1], they have complete overview
what compiler flags were used for compilation and they are able to perform
security checks on the produced binaries. Compiling assembler source can't
provide this kind of information by default, so we need the explicit
-Wa,--generate-missing-build-notes=yes option during build. When the option is
missing, then the annocheck tool reports "GAPS" in the resulting binary.
binutils >= 2.31 or older with backport is needed
[1] https://fedoraproject.org/wiki/Changes/Annobin
Signed-off-by: Dan Horák <dan@danny.cz>
---
configure.ac | 4 ++++
libica.spec | 2 +-
2021-05-21 11:41:00 +00:00
src/Makefile.am | 4 ++--
3 files changed, 7 insertions(+), 3 deletions(-)
2018-11-16 12:46:33 +00:00
diff --git a/configure.ac b/configure.ac
2022-01-18 13:13:32 +00:00
index 958371c..b8d0e42 100644
2018-11-16 12:46:33 +00:00
--- a/configure.ac
+++ b/configure.ac
2022-01-18 13:13:32 +00:00
@@ -113,12 +113,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab
2018-11-16 12:46:33 +00:00
FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2"
fi
+# check if assembler can generate missing build notes, binutils >= 2.31 or older with backport is needed
+AX_CHECK_COMPILE_FLAG([-Wa,--generate-missing-build-notes=yes], [ICA_ASFLAGS="-Wa,--generate-missing-build-notes=yes"])
+
# restore cmdline flags (ignore PROG_AS/PROG_CC defaults)
CFLAGS="$cmdline_CFLAGS"
CCASFLAGS="$cmdline_CFLAGS"
AC_SUBST([FLAGS], $FLAGS)
AC_SUBST([LIBS], $LIBS)
+AC_SUBST([ICA_ASFLAGS], $ICA_ASFLAGS)
AC_CONFIG_FILES([Makefile doc/Makefile include/Makefile src/Makefile test/Makefile])
AC_OUTPUT
diff --git a/libica.spec b/libica.spec
2022-01-18 13:13:32 +00:00
index d71890a..e51430e 100644
2018-11-16 12:46:33 +00:00
--- a/libica.spec
+++ b/libica.spec
@@ -9,7 +9,7 @@ URL: https://github.com/opencryptoki/libica
Source0: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: autoconf automake libtool openssl-devel
+BuildRequires: autoconf automake libtool openssl-devel autoconf-archive
%description
Interface library on Linux for IBM System z to utilize CPACF
diff --git a/src/Makefile.am b/src/Makefile.am
2022-01-18 13:13:32 +00:00
index c630048..1b5ec71 100644
2018-11-16 12:46:33 +00:00
--- a/src/Makefile.am
+++ b/src/Makefile.am
2022-01-18 13:13:32 +00:00
@@ -31,13 +31,13 @@ SOURCES_common = ica_api.c init.c icastats_shared.c s390_rsa.c \
2021-05-21 11:41:00 +00:00
include/rng.h
2018-11-16 12:46:33 +00:00
2021-05-21 11:41:00 +00:00
libica_la_CFLAGS = ${CFLAGS_common} -DLIBNAME=\"libica\"
2018-11-16 12:46:33 +00:00
-libica_la_CCASFLAGS = ${AM_CFLAGS}
+libica_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
2021-05-21 11:41:00 +00:00
libica_la_LIBADD = ${LIBS_common}
libica_la_LDFLAGS = ${LDFLAGS_common}
libica_la_SOURCES = ${SOURCES_common}
2022-01-18 13:13:32 +00:00
libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DLIBNAME=\"libica-cex\"
2021-05-21 11:41:00 +00:00
-libica_cex_la_CCASFLAGS = ${AM_CFLAGS}
+libica_cex_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
libica_cex_la_LIBADD = ${LIBS_common}
libica_cex_la_LDFLAGS = ${LDFLAGS_common}
libica_cex_la_SOURCES = ${SOURCES_common}
2018-11-16 12:46:33 +00:00
--
2022-01-18 13:13:32 +00:00
2.31.1
2018-11-16 12:46:33 +00:00