packages/gcc_secure
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:0447f4685eb8cd9971f8c240cc656d2ee956cd04
Branches Tags
packages:main
...
compare: packages:0aa76d081bb17b632ea50fd7ff4781d70f19319c
Branches Tags
packages:main

10 Commits
0447f4685e ... 0aa76d081b

Author SHA1 Message Date
openeuler-ci-bot
0aa76d081b
!39 add requires gcc-c++ to resolution -fsigned-char does not take effect for g++. 
From: @cherry530 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2024-06-05 08:37:24 +00:00
cherry530
590d380c4f add requires gcc-c++ to resolution -fsigned-char does not take effect for g++. 
Signed-off-by: cherry530 <707078654@qq.com>
 2024-06-05 15:38:13 +08:00
openeuler-ci-bot
58f390e17e
!36 [sync] PR-32: Add postun operation 
From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2023-03-31 06:49:36 +00:00
wang--ge
3437941697 add postun operation 
(cherry picked from commit 5acf4502381f177d61e88f3114980f06ee5db34a)
 2023-03-31 14:08:33 +08:00
openeuler-ci-bot
e6a5fda80e
!27 清理spec文件 
From: @zcfsite 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek
 2022-04-28 11:11:12 +00:00
zcfsite
1e11b91372 clean spec 2022-04-28 17:35:03 +08:00
openeuler-ci-bot
b3e4b82feb !23 Add automake.spec to gcc_secure_exclude 
Merge pull request !23 from jlwwlsqc/openEuler-22.03-LTS-Next
 2021-12-29 03:39:30 +00:00
jlwwlsqc
2341b61420 Add automake.spec to gcc_secure_exclude 2021-12-29 10:14:42 +08:00
openeuler-ci-bot
d6576ea327 !17 g++ 支持 -fsigned-char 选项 
From: @licihua
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2021-07-21 06:03:04 +00:00
licihua
41d3648fe8 support -fsigned-char for g++ 2021-07-21 12:10:45 +08:00
1 changed files with 59 additions and 28 deletions
Show Stats Expand all files Collapse all files

87
gcc_secure.spec
View File

@ -1,39 +1,29 @@
Name: gcc_secure
Summary: Build with gcov
License: GPL
Summary: Enforcing secure compile options for abuild
License: GPL-2.0-only
Group: System/Management
Version: 1.0
Release: 0.8
Release: 0.13
BuildRoot: %{_tmppath}/%{name}-%{version}
#Source: %{name}-%{version}.tar.bz2
BuildRequires: util-linux coreutils
BuildRequires: -custom_build_tool-nocheck
BuildRequires: -obs-env
BuildRequires: -gcc_secure
BuildRequires: -custom_build_tool-sign
BuildRequires: -bep-env
Requires: util-linux rpm grep binutils gcc coreutils rpm-build gcc-c++
Requires: util-linux rpm grep binutils gcc coreutils rpm-build
#expect grep sudo kernel-default kernel-default-base openssh
%description
Build with gcov
Enforcing secure compile option for abuild
%prep
#%setup -cT
%install
mkdir -p %{buildroot}/opt/needgcov
%pre
%post
echo -e '*cc1_options:\n+ %{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs:%{!fno-stack-protector:%{!fstack-protector-all:-fstack-protector-strong}}}}}' >/tmp/gcc-specs-fs-cc1
echo -e '*cc1_options:\n+ %{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs:%{!fno-stack-protector:%{!fstack-protector-all:-fstack-protector-strong}}}}}' >/opt/gcc-specs-fs-cc1
echo -e '*cc1_options:\n+ %{!r:%{!D__KERNEL__:%{!pie:%{!fpic:%{!fPIC:%{!fpie:%{!fPIE:%{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE:%{!shared:%{!static:%{!nostdlib:%{!nostartfiles:-fPIE}}}}}}}}}}}}}}}' >/tmp/gcc-specs-pie-cc1
echo -e '*cc1_options:\n+ %{!r:%{!D__KERNEL__:%{!pie:%{!fpic:%{!fPIC:%{!fpie:%{!fPIE:%{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE:%{!shared:%{!static:%{!nostdlib:%{!nostartfiles:-fPIE}}}}}}}}}}}}}}}' >/opt/gcc-specs-pie-cc1
echo -e '*self_spec:\n+ %{!D__KERNEL__:%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!static:%{!r:%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}}}' >/tmp/gcc-specs-pie-ld
echo -e '*self_spec:\n+ %{!D__KERNEL__:%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!static:%{!r:%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}}}' >/opt/gcc-specs-pie-ld
old_gcc=/usr/bin/gcc
mv $old_gcc $old_gcc"_old"
@ -68,9 +58,9 @@ if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
if [[ x\$rpm_name = "xglibc" ]] || [[ x\$rpm_name = "xcompat-glibc" ]];then
#glibc supply fs define, can not add fs for glibc self
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld
else
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld --specs=/tmp/gcc-specs-fs-cc1
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld --specs=/opt/gcc-specs-fs-cc1
fi
else
@ -86,7 +76,7 @@ cat <<END1 > $old_gplus
#!/bin/sh
gcc_secure_exclude=\`rpm --eval %{gcc_secure_exclude}\`
if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines'
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -fsigned-char'
fs_opt=''
if [[ "\$@" =~ "-O0" ]]; then
@ -110,7 +100,7 @@ if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
#libtool use g++ -v for test compile env,if add Wl opt, it will make g++ -v fail
$old_gplus"_old" "\$@"
else
/usr/bin/g++_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld --specs=/tmp/gcc-specs-fs-cc1
/usr/bin/g++_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld --specs=/opt/gcc-specs-fs-cc1
fi
else
$old_gplus"_old" "\$@"
@ -126,7 +116,7 @@ cat <<END1 > $old_cpp
#!/bin/sh
gcc_secure_exclude=\`rpm --eval %{gcc_secure_exclude}\`
if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines'
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -fsigned-char'
fs_opt=''
if [[ "\$@" =~ "-O0" ]]; then
@ -146,7 +136,7 @@ if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
fs_opt=\`cat \$configfile| grep fs_opt| awk -F: '{print \$NF}'\`
fi
/usr/bin/c++_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld --specs=/tmp/gcc-specs-fs-cc1
/usr/bin/c++_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld --specs=/opt/gcc-specs-fs-cc1
else
$old_cpp"_old" "\$@"
@ -158,13 +148,24 @@ fi
%preun
%postun
rm -rf /opt/gcc-specs-fs-cc1
rm -rf /opt/gcc-specs-pie-cc1
rm -rf /opt/gcc-specs-pie-ld
if [ -f /usr/bin/gcc_old ];then
rm -rf /usr/bin/gcc
mv /usr/bin/gcc_old /usr/bin/gcc
fi
if [ -f /usr/bin/g++_old ];then
rm -rf /usr/bin/g++
mv /usr/bin/g++_old /usr/bin/g++
fi
if [ -f /usr/bin/c++_old ];then
rm -rf /usr/bin/c++
mv /usr/bin/c++_old /usr/bin/c++
fi
%files
%defattr(-,root,root)
%dir /opt/needgcov
%clean
rm -rf $RPM_BUILD_ROOT/*
@ -172,6 +173,36 @@ rm -rf %{_tmppath}/%{name}-%{version}
rm -rf $RPM_BUILD_DIR/%{name}-%{version}
%changelog
* Fri Nov 25 2022 Ge Wang<wnagge20@h-partners.com> - 1.0-0.13
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: add requires gcc-c++
* Fri Nov 25 2022 Ge Wang<wnagge20@h-partners.com> - 1.0-0.12
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: add postun operation
* Thu Apr 28 2022 zhangchenfeng<zhangchenfeng1@huawei.com> - 1.0-0.11
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: clean spec
* Wed Dec 29 2021 wangjie <wangjie375@huawei.com> - 1.0-0.10
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: Add automake.spec to gcc_secure_exclude
* Wed Jul 21 2021 licihua<licihua@huawei.com> - 1.0-0.9
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: support -fsigned-char for g++
* Mon Jul 12 2021 shenyangyang<shenyangyang4@huawei.com> - 1.0-0.8
- Type:enhancement
- ID:NA