rpms/ruby
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Check hardening only on Fedora.

Browse Source
This commit is contained in:
Vít Ondruch 2017-11-01 16:22:02 +01:00
parent 150d4f5dc0
commit ad05a88747
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ruby.spec
View File

@ -66,6 +66,10 @@
%bcond_without git %bcond_without git
%bcond_without cmake %bcond_without cmake
%if 0%{?fedora}
%bcond_without hardening_test
%endif
Summary: An interpreter of object-oriented scripting language Summary: An interpreter of object-oriented scripting language
Name: ruby Name: ruby
Version: %{ruby_version} Version: %{ruby_version}
@ -148,7 +152,7 @@ BuildRequires: procps
%{?with_git:BuildRequires: git} %{?with_git:BuildRequires: git}
%{?with_cmake:BuildRequires: %{_bindir}/cmake} %{?with_cmake:BuildRequires: %{_bindir}/cmake}
# Required to test hardening. # Required to test hardening.
BuildRequires: %{_bindir}/checksec %{?with_hardening_test:BuildRequires: %{_bindir}/checksec}
BuildRequires: multilib-rpm-config BuildRequires: multilib-rpm-config
# This package provides %%{_bindir}/ruby-mri therefore it is marked by this # This package provides %%{_bindir}/ruby-mri therefore it is marked by this
@ -685,6 +689,7 @@ sed -i 's/^/%doc /' .ruby-doc.*
sed -i 's/^/%lang(ja) /' .ruby-doc.ja sed -i 's/^/%lang(ja) /' .ruby-doc.ja
%check %check
%if 0%{?with_hardening_test}
# Temporary change the hardening check on PPC64LE as long as the checksec is # Temporary change the hardening check on PPC64LE as long as the checksec is
# is providing incorrect output. # is providing incorrect output.
# https://bugzilla.redhat.com/show_bug.cgi?id=1479302 # https://bugzilla.redhat.com/show_bug.cgi?id=1479302
@ -696,6 +701,7 @@ checksec -f libruby.so.%{ruby_version} | \
checksec -f libruby.so.%{ruby_version} | \ checksec -f libruby.so.%{ruby_version} | \
grep "Full RELRO.*Canary found.*NX enabled.*DSO.*No RPATH.*No RUNPATH.*No.*\d*.*\d*.*libruby.so.%{ruby_version}" grep "Full RELRO.*Canary found.*NX enabled.*DSO.*No RPATH.*No RUNPATH.*No.*\d*.*\d*.*libruby.so.%{ruby_version}"
%endif %endif
%endif
# Check RubyGems version correctness. # Check RubyGems version correctness.
[ "`make runruby TESTRUN_SCRIPT='bin/gem -v' | tail -1`" == '%{rubygems_version}' ] [ "`make runruby TESTRUN_SCRIPT='bin/gem -v' | tail -1`" == '%{rubygems_version}' ]