77 lines
2.8 KiB
Diff
77 lines
2.8 KiB
Diff
From cdc316c106722d4107961315d809232f5801338d Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
|
Date: Tue, 25 Sep 2018 13:44:32 +0200
|
|
Subject: [PATCH] add build note to assembler sources
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
When distros use the annobin compiler plugin [1], they have complete overview
|
|
what compiler flags were used for compilation and they are able to perform
|
|
security checks on the produced binaries. Compiling assembler source can't
|
|
provide this kind of information by default, so we need the explicit
|
|
-Wa,--generate-missing-build-notes=yes option during build. When the option is
|
|
missing, then the annocheck tool reports "GAPS" in the resulting binary.
|
|
|
|
binutils >= 2.31 or older with backport is needed
|
|
|
|
[1] https://fedoraproject.org/wiki/Changes/Annobin
|
|
|
|
Signed-off-by: Dan Horák <dan@danny.cz>
|
|
---
|
|
configure.ac | 4 ++++
|
|
libica.spec | 2 +-
|
|
src/Makefile.am | 2 +-
|
|
3 files changed, 6 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index e401afb..071a0e6 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -92,12 +92,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab
|
|
FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2"
|
|
fi
|
|
|
|
+# check if assembler can generate missing build notes, binutils >= 2.31 or older with backport is needed
|
|
+AX_CHECK_COMPILE_FLAG([-Wa,--generate-missing-build-notes=yes], [ICA_ASFLAGS="-Wa,--generate-missing-build-notes=yes"])
|
|
+
|
|
# restore cmdline flags (ignore PROG_AS/PROG_CC defaults)
|
|
CFLAGS="$cmdline_CFLAGS"
|
|
CCASFLAGS="$cmdline_CFLAGS"
|
|
|
|
AC_SUBST([FLAGS], $FLAGS)
|
|
AC_SUBST([LIBS], $LIBS)
|
|
+AC_SUBST([ICA_ASFLAGS], $ICA_ASFLAGS)
|
|
AC_CONFIG_FILES([Makefile doc/Makefile include/Makefile src/Makefile test/Makefile])
|
|
AC_OUTPUT
|
|
|
|
diff --git a/libica.spec b/libica.spec
|
|
index f28651f..f6f3e8b 100644
|
|
--- a/libica.spec
|
|
+++ b/libica.spec
|
|
@@ -9,7 +9,7 @@ URL: https://github.com/opencryptoki/libica
|
|
Source0: %{name}-%{version}.tar.gz
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
|
-BuildRequires: autoconf automake libtool openssl-devel
|
|
+BuildRequires: autoconf automake libtool openssl-devel autoconf-archive
|
|
|
|
%description
|
|
Interface library on Linux for IBM System z to utilize CPACF
|
|
diff --git a/src/Makefile.am b/src/Makefile.am
|
|
index 5e69dab..3a42258 100644
|
|
--- a/src/Makefile.am
|
|
+++ b/src/Makefile.am
|
|
@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libica.la
|
|
|
|
libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \
|
|
-fvisibility=hidden -pthread
|
|
-libica_la_CCASFLAGS = ${AM_CFLAGS}
|
|
+libica_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
|
|
libica_la_LIBADD = @LIBS@ -lrt -lcrypto -ldl
|
|
libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \
|
|
-version-number ${VERSION}
|
|
--
|
|
2.26.2
|
|
|