From 424d674400a52e9b89ea8675cd36a0be8b9889d7 Mon Sep 17 00:00:00 2001 From: Troy Dawson Date: Fri, 10 Mar 2023 12:02:29 -0800 Subject: [PATCH] Bring rpminspect.yaml over from Brew dist-git Signed-off-by: Troy Dawson --- rpminspect.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 rpminspect.yaml diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..8be62df --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,27 @@ +--- +inspections: + # xml files shipped are GDB register set descriptions which can only be + # verified with gdb/features/gdb-target.dtd, provided in GDB sources. + xml: off + +annocheck: + # Currently lto is disabled globally for valgrind, it should be able + # to be enabled through upstream configure --enable-lto in the future. + # Note that all (default hardened) flags need to be repeated here, if + # you override some config flags it will completely overwrite the + # defaults (--ignore-unknown --verbose). + jobs: + - hardened: --ignore-unknown --verbose --skip-lto + # Ignore files built specially without hardening flags + ignore: + # Valgrind tools themselves (memcheck, cachegrind, massif, etc) are + # statically linked and need to be built without PIE to be loaded at + # a fixed address in the program's address space. + # Also need to be built without stack protection so the generated + # code (valgrind VEX jit) interacts correctly with their own static code. + - /usr/libexec/valgrind/*-*-linux + # Wrappers for various string and mem functions such as memcpy, strlen, etc + # that valgrind uses to keep track of memory usage. Hardening settings such + # as optimizations need to be disabled so they don't interfere or break + # the checks that valgrind does internally. + - /usr/libexec/valgrind/vgpreload*so