Compare commits
No commits in common. "0aa76d081bb17b632ea50fd7ff4781d70f19319c" and "0447f4685eb8cd9971f8c240cc656d2ee956cd04" have entirely different histories.
0aa76d081b
...
0447f4685e
@ -1,29 +1,39 @@
|
||||
Name: gcc_secure
|
||||
Summary: Enforcing secure compile options for abuild
|
||||
License: GPL-2.0-only
|
||||
Summary: Build with gcov
|
||||
License: GPL
|
||||
Group: System/Management
|
||||
Version: 1.0
|
||||
Release: 0.13
|
||||
Release: 0.8
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}
|
||||
#Source: %{name}-%{version}.tar.bz2
|
||||
|
||||
BuildRequires: util-linux coreutils
|
||||
Requires: util-linux rpm grep binutils gcc coreutils rpm-build gcc-c++
|
||||
BuildRequires: -custom_build_tool-nocheck
|
||||
BuildRequires: -obs-env
|
||||
BuildRequires: -gcc_secure
|
||||
BuildRequires: -custom_build_tool-sign
|
||||
BuildRequires: -bep-env
|
||||
|
||||
Requires: util-linux rpm grep binutils gcc coreutils rpm-build
|
||||
#expect grep sudo kernel-default kernel-default-base openssh
|
||||
%description
|
||||
Enforcing secure compile option for abuild
|
||||
Build with gcov
|
||||
|
||||
%prep
|
||||
#%setup -cT
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}/opt/needgcov
|
||||
|
||||
|
||||
%pre
|
||||
|
||||
%post
|
||||
echo -e '*cc1_options:\n+ %{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs:%{!fno-stack-protector:%{!fstack-protector-all:-fstack-protector-strong}}}}}' >/opt/gcc-specs-fs-cc1
|
||||
echo -e '*cc1_options:\n+ %{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs:%{!fno-stack-protector:%{!fstack-protector-all:-fstack-protector-strong}}}}}' >/tmp/gcc-specs-fs-cc1
|
||||
|
||||
echo -e '*cc1_options:\n+ %{!r:%{!D__KERNEL__:%{!pie:%{!fpic:%{!fPIC:%{!fpie:%{!fPIE:%{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE:%{!shared:%{!static:%{!nostdlib:%{!nostartfiles:-fPIE}}}}}}}}}}}}}}}' >/opt/gcc-specs-pie-cc1
|
||||
echo -e '*cc1_options:\n+ %{!r:%{!D__KERNEL__:%{!pie:%{!fpic:%{!fPIC:%{!fpie:%{!fPIE:%{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE:%{!shared:%{!static:%{!nostdlib:%{!nostartfiles:-fPIE}}}}}}}}}}}}}}}' >/tmp/gcc-specs-pie-cc1
|
||||
|
||||
echo -e '*self_spec:\n+ %{!D__KERNEL__:%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!static:%{!r:%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}}}' >/opt/gcc-specs-pie-ld
|
||||
echo -e '*self_spec:\n+ %{!D__KERNEL__:%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!static:%{!r:%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}}}' >/tmp/gcc-specs-pie-ld
|
||||
|
||||
old_gcc=/usr/bin/gcc
|
||||
mv $old_gcc $old_gcc"_old"
|
||||
@ -58,9 +68,9 @@ if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
|
||||
|
||||
if [[ x\$rpm_name = "xglibc" ]] || [[ x\$rpm_name = "xcompat-glibc" ]];then
|
||||
#glibc supply fs define, can not add fs for glibc self
|
||||
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld
|
||||
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld
|
||||
else
|
||||
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld --specs=/opt/gcc-specs-fs-cc1
|
||||
/usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld --specs=/tmp/gcc-specs-fs-cc1
|
||||
fi
|
||||
|
||||
else
|
||||
@ -76,7 +86,7 @@ cat <<END1 > $old_gplus
|
||||
#!/bin/sh
|
||||
gcc_secure_exclude=\`rpm --eval %{gcc_secure_exclude}\`
|
||||
if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
|
||||
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -fsigned-char'
|
||||
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines'
|
||||
fs_opt=''
|
||||
|
||||
if [[ "\$@" =~ "-O0" ]]; then
|
||||
@ -100,7 +110,7 @@ if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
|
||||
#libtool use g++ -v for test compile env,if add Wl opt, it will make g++ -v fail
|
||||
$old_gplus"_old" "\$@"
|
||||
else
|
||||
/usr/bin/g++_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld --specs=/opt/gcc-specs-fs-cc1
|
||||
/usr/bin/g++_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld --specs=/tmp/gcc-specs-fs-cc1
|
||||
fi
|
||||
else
|
||||
$old_gplus"_old" "\$@"
|
||||
@ -116,7 +126,7 @@ cat <<END1 > $old_cpp
|
||||
#!/bin/sh
|
||||
gcc_secure_exclude=\`rpm --eval %{gcc_secure_exclude}\`
|
||||
if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
|
||||
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -fsigned-char'
|
||||
sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines'
|
||||
fs_opt=''
|
||||
|
||||
if [[ "\$@" =~ "-O0" ]]; then
|
||||
@ -136,7 +146,7 @@ if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then
|
||||
fs_opt=\`cat \$configfile| grep fs_opt| awk -F: '{print \$NF}'\`
|
||||
fi
|
||||
|
||||
/usr/bin/c++_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld --specs=/opt/gcc-specs-fs-cc1
|
||||
/usr/bin/c++_old \$sec_opt "\$@" \$fs_opt --specs=/tmp/gcc-specs-pie-cc1 --specs=/tmp/gcc-specs-pie-ld --specs=/tmp/gcc-specs-fs-cc1
|
||||
|
||||
else
|
||||
$old_cpp"_old" "\$@"
|
||||
@ -148,24 +158,13 @@ fi
|
||||
%preun
|
||||
|
||||
%postun
|
||||
rm -rf /opt/gcc-specs-fs-cc1
|
||||
rm -rf /opt/gcc-specs-pie-cc1
|
||||
rm -rf /opt/gcc-specs-pie-ld
|
||||
if [ -f /usr/bin/gcc_old ];then
|
||||
rm -rf /usr/bin/gcc
|
||||
mv /usr/bin/gcc_old /usr/bin/gcc
|
||||
fi
|
||||
if [ -f /usr/bin/g++_old ];then
|
||||
rm -rf /usr/bin/g++
|
||||
mv /usr/bin/g++_old /usr/bin/g++
|
||||
fi
|
||||
if [ -f /usr/bin/c++_old ];then
|
||||
rm -rf /usr/bin/c++
|
||||
mv /usr/bin/c++_old /usr/bin/c++
|
||||
fi
|
||||
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%dir /opt/needgcov
|
||||
|
||||
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT/*
|
||||
@ -173,36 +172,6 @@ rm -rf %{_tmppath}/%{name}-%{version}
|
||||
rm -rf $RPM_BUILD_DIR/%{name}-%{version}
|
||||
|
||||
%changelog
|
||||
* Fri Nov 25 2022 Ge Wang<wnagge20@h-partners.com> - 1.0-0.13
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC: add requires gcc-c++
|
||||
|
||||
* Fri Nov 25 2022 Ge Wang<wnagge20@h-partners.com> - 1.0-0.12
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC: add postun operation
|
||||
|
||||
* Thu Apr 28 2022 zhangchenfeng<zhangchenfeng1@huawei.com> - 1.0-0.11
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC: clean spec
|
||||
|
||||
* Wed Dec 29 2021 wangjie <wangjie375@huawei.com> - 1.0-0.10
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC: Add automake.spec to gcc_secure_exclude
|
||||
|
||||
* Wed Jul 21 2021 licihua<licihua@huawei.com> - 1.0-0.9
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC: support -fsigned-char for g++
|
||||
|
||||
* Mon Jul 12 2021 shenyangyang<shenyangyang4@huawei.com> - 1.0-0.8
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user