7aa958eb58
- Resolves: #2040237
84 lines
3.1 KiB
Diff
84 lines
3.1 KiB
Diff
From daad2a867cff48a7c4322716917d63538b083284 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
|
Date: Tue, 25 Sep 2018 13:44:32 +0200
|
|
Subject: [libica PATCH] add build note to assembler sources
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
When distros use the annobin compiler plugin [1], they have complete overview
|
|
what compiler flags were used for compilation and they are able to perform
|
|
security checks on the produced binaries. Compiling assembler source can't
|
|
provide this kind of information by default, so we need the explicit
|
|
-Wa,--generate-missing-build-notes=yes option during build. When the option is
|
|
missing, then the annocheck tool reports "GAPS" in the resulting binary.
|
|
|
|
binutils >= 2.31 or older with backport is needed
|
|
|
|
[1] https://fedoraproject.org/wiki/Changes/Annobin
|
|
|
|
Signed-off-by: Dan Horák <dan@danny.cz>
|
|
---
|
|
configure.ac | 4 ++++
|
|
libica.spec | 2 +-
|
|
src/Makefile.am | 4 ++--
|
|
3 files changed, 7 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 958371c..b8d0e42 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -113,12 +113,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab
|
|
FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2"
|
|
fi
|
|
|
|
+# check if assembler can generate missing build notes, binutils >= 2.31 or older with backport is needed
|
|
+AX_CHECK_COMPILE_FLAG([-Wa,--generate-missing-build-notes=yes], [ICA_ASFLAGS="-Wa,--generate-missing-build-notes=yes"])
|
|
+
|
|
# restore cmdline flags (ignore PROG_AS/PROG_CC defaults)
|
|
CFLAGS="$cmdline_CFLAGS"
|
|
CCASFLAGS="$cmdline_CFLAGS"
|
|
|
|
AC_SUBST([FLAGS], $FLAGS)
|
|
AC_SUBST([LIBS], $LIBS)
|
|
+AC_SUBST([ICA_ASFLAGS], $ICA_ASFLAGS)
|
|
AC_CONFIG_FILES([Makefile doc/Makefile include/Makefile src/Makefile test/Makefile])
|
|
AC_OUTPUT
|
|
|
|
diff --git a/libica.spec b/libica.spec
|
|
index d71890a..e51430e 100644
|
|
--- a/libica.spec
|
|
+++ b/libica.spec
|
|
@@ -9,7 +9,7 @@ URL: https://github.com/opencryptoki/libica
|
|
Source0: %{name}-%{version}.tar.gz
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
|
-BuildRequires: autoconf automake libtool openssl-devel
|
|
+BuildRequires: autoconf automake libtool openssl-devel autoconf-archive
|
|
|
|
%description
|
|
Interface library on Linux for IBM System z to utilize CPACF
|
|
diff --git a/src/Makefile.am b/src/Makefile.am
|
|
index c630048..1b5ec71 100644
|
|
--- a/src/Makefile.am
|
|
+++ b/src/Makefile.am
|
|
@@ -31,13 +31,13 @@ SOURCES_common = ica_api.c init.c icastats_shared.c s390_rsa.c \
|
|
include/rng.h
|
|
|
|
libica_la_CFLAGS = ${CFLAGS_common} -DLIBNAME=\"libica\"
|
|
-libica_la_CCASFLAGS = ${AM_CFLAGS}
|
|
+libica_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
|
|
libica_la_LIBADD = ${LIBS_common}
|
|
libica_la_LDFLAGS = ${LDFLAGS_common}
|
|
libica_la_SOURCES = ${SOURCES_common}
|
|
|
|
libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DLIBNAME=\"libica-cex\"
|
|
-libica_cex_la_CCASFLAGS = ${AM_CFLAGS}
|
|
+libica_cex_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
|
|
libica_cex_la_LIBADD = ${LIBS_common}
|
|
libica_cex_la_LDFLAGS = ${LDFLAGS_common}
|
|
libica_cex_la_SOURCES = ${SOURCES_common}
|
|
--
|
|
2.31.1
|
|
|