a2afcdab91
- eliminate SW fallback functions (#1924119) - updated for OpenSSL 3.0 (#1952946) - disable FIPS support (broken) - Resolves: #1869532 #1924119 #1952946
84 lines
3.1 KiB
Diff
84 lines
3.1 KiB
Diff
From 0e4592f46c6c4a94eef66257af423d57c73af134 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
|
Date: Tue, 25 Sep 2018 13:44:32 +0200
|
|
Subject: [libica PATCH] add build note to assembler sources
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
When distros use the annobin compiler plugin [1], they have complete overview
|
|
what compiler flags were used for compilation and they are able to perform
|
|
security checks on the produced binaries. Compiling assembler source can't
|
|
provide this kind of information by default, so we need the explicit
|
|
-Wa,--generate-missing-build-notes=yes option during build. When the option is
|
|
missing, then the annocheck tool reports "GAPS" in the resulting binary.
|
|
|
|
binutils >= 2.31 or older with backport is needed
|
|
|
|
[1] https://fedoraproject.org/wiki/Changes/Annobin
|
|
|
|
Signed-off-by: Dan Horák <dan@danny.cz>
|
|
---
|
|
configure.ac | 4 ++++
|
|
libica.spec | 2 +-
|
|
src/Makefile.am | 4 ++--
|
|
3 files changed, 7 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index ae6370c..bc2fff4 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -99,12 +99,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab
|
|
FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2"
|
|
fi
|
|
|
|
+# check if assembler can generate missing build notes, binutils >= 2.31 or older with backport is needed
|
|
+AX_CHECK_COMPILE_FLAG([-Wa,--generate-missing-build-notes=yes], [ICA_ASFLAGS="-Wa,--generate-missing-build-notes=yes"])
|
|
+
|
|
# restore cmdline flags (ignore PROG_AS/PROG_CC defaults)
|
|
CFLAGS="$cmdline_CFLAGS"
|
|
CCASFLAGS="$cmdline_CFLAGS"
|
|
|
|
AC_SUBST([FLAGS], $FLAGS)
|
|
AC_SUBST([LIBS], $LIBS)
|
|
+AC_SUBST([ICA_ASFLAGS], $ICA_ASFLAGS)
|
|
AC_CONFIG_FILES([Makefile doc/Makefile include/Makefile src/Makefile test/Makefile])
|
|
AC_OUTPUT
|
|
|
|
diff --git a/libica.spec b/libica.spec
|
|
index 812b73d..3461b65 100644
|
|
--- a/libica.spec
|
|
+++ b/libica.spec
|
|
@@ -9,7 +9,7 @@ URL: https://github.com/opencryptoki/libica
|
|
Source0: %{name}-%{version}.tar.gz
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
|
-BuildRequires: autoconf automake libtool openssl-devel
|
|
+BuildRequires: autoconf automake libtool openssl-devel autoconf-archive
|
|
|
|
%description
|
|
Interface library on Linux for IBM System z to utilize CPACF
|
|
diff --git a/src/Makefile.am b/src/Makefile.am
|
|
index 4a1ef14..d6f7f7f 100644
|
|
--- a/src/Makefile.am
|
|
+++ b/src/Makefile.am
|
|
@@ -30,13 +30,13 @@ SOURCES_common = ica_api.c init.c icastats_shared.c s390_rsa.c \
|
|
include/rng.h
|
|
|
|
libica_la_CFLAGS = ${CFLAGS_common} -DLIBNAME=\"libica\"
|
|
-libica_la_CCASFLAGS = ${AM_CFLAGS}
|
|
+libica_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
|
|
libica_la_LIBADD = ${LIBS_common}
|
|
libica_la_LDFLAGS = ${LDFLAGS_common}
|
|
libica_la_SOURCES = ${SOURCES_common}
|
|
|
|
libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DNO_SW_FALLBACKS -DLIBNAME=\"libica-cex\"
|
|
-libica_cex_la_CCASFLAGS = ${AM_CFLAGS}
|
|
+libica_cex_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
|
|
libica_cex_la_LIBADD = ${LIBS_common}
|
|
libica_cex_la_LDFLAGS = ${LDFLAGS_common}
|
|
libica_cex_la_SOURCES = ${SOURCES_common}
|
|
--
|
|
2.26.3
|
|
|