packages/gcc_secure
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!1 gcc_secure: package init

Browse Source 
Merge pull request !1 from syyhao/next
This commit is contained in:
openeuler-ci-bot 2020-01-13 22:09:06 +08:00 committed by Gitee
commit c463ea5d7e
3 changed files with 200 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
README.en.md
View File

@ -1,36 +0,0 @@
# gcc_secure
#### Description
Build with gcov
#### Software Architecture
Software architecture description
#### Installation
1. xxxx
2. xxxx
3. xxxx
#### Instructions
1. xxxx
2. xxxx
3. xxxx
#### Contribution
1. Fork the repository
2. Create Feat_xxx branch
3. Commit your code
4. Create Pull Request
#### Gitee Feature
1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
4. The most valuable open source project [GVP](https://gitee.com/gvp)
5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

37
README.md
View File

@ -1,37 +0,0 @@
# gcc_secure
#### 介绍
Build with gcov
#### 软件架构
软件架构说明
#### 安装教程
1. xxxx
2. xxxx
3. xxxx
#### 使用说明
1. xxxx
2. xxxx
3. xxxx
#### 参与贡献
1. Fork 本仓库
2. 新建 Feat_xxx 分支
3. 提交代码
4. 新建 Pull Request
#### 码云特技
1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md
2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com)
3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目
5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

200
gcc_secure.spec Normal file
View File

@ -0,0 +1,200 @@
Name: gcc_secure
Summary: Build with gcov
License: GPL
Group: System/Management
Version: 1.0
Release: 0.5
BuildRoot: %{_tmppath}/%{name}-%{version}
#Source: %{name}-%{version}.tar.bz2
BuildRequires: util-linux coreutils
BuildRequires: -custom_build_tool-nocheck
BuildRequires: -obs-env
BuildRequires: -gcc_secure
BuildRequires: -custom_build_tool-sign
BuildRequires: -bep-env
Requires: util-linux rpm grep binutils gcc coreutils rpm-build
#expect grep sudo kernel-default kernel-default-base openssh
%description
Build with gcov
%prep
#%setup -cT
%install
mkdir -p %{buildroot}/opt/needgcov
%pre
%post
echo -e '*cc1_options:\n+ %{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs:%{!fno-stack-protector:%{!fstack-protector-all:-fstack-protector-strong}}}}}' >/tmp/gcc-specs-fs-cc1
echo -e '*cc1_options:\n+ %{!r:%{!D__KERNEL__:%{!pie:%{!fpic:%{!fPIC:%{!fpie:%{!fPIE:%{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE:%{!shared:%{!static:%{!nostdlib:%{!nostartfiles:-fPIE}}}}}}}}}}}}}}}' >/tmp/gcc-specs-pie-cc1
echo -e '*self_spec:\n+ %{!D__KERNEL__:%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!static:%{!r:%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}}}' >/tmp/gcc-specs-pie-ld
old_gcc=/usr/bin/gcc
mv $old_gcc $old_gcc"_old"
cat <<END1 > $old_gcc
#!/bin/sh
gcc_secure_exclude=\`rpm --eval %{gcc_secure_exclude}\`
if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines'
fs_opt=''
if [[ "\$@" =~ "-O0" ]]; then
#openjdk set O0 can not use FS
sec_opt=\`echo \$sec_opt | sed 's/ -D_FORTIFY_SOURCE=2 -O2 / /'\`
fi
if [ -d '/home/abuild/rpmbuild/SOURCES' ]; then
configfile=/home/abuild/rpmbuild/SOURCES/config_for_secure
else
configfile=/root/rpmbuild/SOURCES/config_for_secure
fi
if [ -f \$configfile ]; then
rpm_name=\`cat \$configfile| grep rpm_name| awk -F: '{print \$NF}'\`
sec_opt=\`cat \$configfile| grep sec_opt| awk -F: '{print \$NF}'\`
fs_opt=\`cat \$configfile| grep fs_opt| awk -F: '{print \$NF}'\`
fi
if [[ x\$rpm_name = "xnumactl" ]] && [[ "\$@" =~ "-march=x86-64" ]];then
#numactl i686 use asm can't add -fPIC
sec_opt=\`echo \$sec_opt | sed 's/-fPIC / /'\`
fi
if [[ x\$rpm_name = "xglibc" ]] || [[ x\$rpm_name = "xcompat-glibc" ]];then
#glibc supply fs define, can not add fs for glibc self
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld
else
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld --specs=/tmp/gcc-specs-fs-cc1
fi
else
$old_gcc"_old" "\$@"
fi
END1
chmod 777 $old_gcc $old_gcc"_old"
old_gplus=/usr/bin/g++
if [ -f $old_gplus ]; then
mv $old_gplus $old_gplus"_old"
cat <<END1 > $old_gplus
#!/bin/sh
gcc_secure_exclude=\`rpm --eval %{gcc_secure_exclude}\`
if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines'
fs_opt=''
if [[ "\$@" =~ "-O0" ]]; then
#openjdk set O0 can not use FS
sec_opt=\`echo \$sec_opt | sed 's/ -D_FORTIFY_SOURCE=2 -O2 / /'\`
fi
if [ -d '/home/abuild/rpmbuild/SOURCES' ]; then
configfile=/home/abuild/rpmbuild/SOURCES/config_for_secure_g++
else
configfile=/root/rpmbuild/SOURCES/config_for_secure_g++
fi
if [ -f \$configfile ]; then
rpm_name=\`cat \$configfile| grep rpm_name| awk -F: '{print \$NF}'\`
sec_opt=\`cat \$configfile| grep sec_opt| awk -F: '{print \$NF}'\`
fs_opt=\`cat \$configfile| grep fs_opt| awk -F: '{print \$NF}'\`
fi
if [[ x"\$@" = "x-v" ]];then
#libtool use g++ -v for test compile env,if add Wl opt, it will make g++ -v fail
$old_gplus"_old" "\$@"
else
/usr/bin/g++_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld --specs=/tmp/gcc-specs-fs-cc1
fi
else
$old_gplus"_old" "\$@"
fi
END1
chmod 777 $old_gplus $old_gplus"_old"
fi
old_cpp=/usr/bin/c++
if [ -f $old_cpp ]; then
mv $old_cpp $old_cpp"_old"
cat <<END1 > $old_cpp
#!/bin/sh
gcc_secure_exclude=\`rpm --eval %{gcc_secure_exclude}\`
if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines'
fs_opt=''
if [[ "\$@" =~ "-O0" ]]; then
#openjdk set O0 can not use FS
sec_opt=\`echo \$sec_opt | sed 's/ -D_FORTIFY_SOURCE=2 -O2 / /'\`
fi
if [ -d '/home/abuild/rpmbuild/SOURCES' ]; then
configfile=/home/abuild/rpmbuild/SOURCES/config_for_secure_c++
else
configfile=/root/rpmbuild/SOURCES/config_for_secure_c++
fi
if [ -f \$configfile ]; then
rpm_name=\`cat \$configfile| grep rpm_name| awk -F: '{print \$NF}'\`
sec_opt=\`cat \$configfile| grep sec_opt| awk -F: '{print \$NF}'\`
fs_opt=\`cat \$configfile| grep fs_opt| awk -F: '{print \$NF}'\`
fi
/usr/bin/c++_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld --specs=/tmp/gcc-specs-fs-cc1
else
$old_cpp"_old" "\$@"
fi
END1
chmod 777 $old_cpp $old_cpp"_old"
fi
%preun
%postun
%files
%defattr(-,root,root)
%dir /opt/needgcov
%clean
rm -rf $RPM_BUILD_ROOT/*
rm -rf %{_tmppath}/%{name}-%{version}
rm -rf $RPM_BUILD_DIR/%{name}-%{version}
%changelog
* Mon Jan 13 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.0-0.5
- package init
* Mon Apr 01 2019 liuxueping<liuxueping1@huawei.com> - 1.0-0.4
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: no buildrequires rpms about tool
* Tue Nov 27 2018 zhangchenfeng<zhangchenfeng1@huawei.com> - 1.0-0.3
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:resolve numactl i686 fail
* Tue Nov 27 2018 zhangchenfeng<zhangchenfeng1@huawei.com> - 1.0-0.2
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:resolve numactl i686 fail
* Sat Nov 10 2018 Wuyou<wuyou88@huawei.com> - 1.0-0.1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:add safe compile options