packages/tboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add some compile options

Browse Source
This commit is contained in:
wangchen2020 2021-09-08 14:50:08 +08:00
parent 5ef6fcf4c3
commit 0bc16f2117
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
add-PIE-and-BIND_NOW-for-some-binaries.patch Normal file
View File

@ -0,0 +1,54 @@
From 6d629a4f5387834211d61b6a332246ff4ef6d3cb Mon Sep 17 00:00:00 2001
From: sunguoshuai <sunguoshuai@huawei.com>
Date: Sat, 20 Mar 2021 17:38:08 +0800
Subject: [PATCH] add PIE and BIND_NOW for some binaries
---
Config.mk | 3 ++-
tb_polgen/Makefile | 2 +-
utils/Makefile | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/Config.mk b/Config.mk
index a47147a..06b346c 100644
--- a/Config.mk
+++ b/Config.mk
@@ -74,7 +74,8 @@ TARGET_ARCH ?= $(shell uname -m | sed -e s/i.86/x86_32/ -e s/i86pc/x86_32/)
CFLAGS += $(CFLAGS_WARN) -fno-strict-aliasing -std=gnu99
# due to bug in gcc v4.2,3,?
CFLAGS += $(call cc-option,$(CC),-Wno-array-bounds,)
-
+LDFLAGS += -Wl,-z,now,-z,relro,-z,noexecstack -fPIE
+CFLAGS += -fPIE
ifeq ($(debug),y)
CFLAGS += -g -DDEBUG
diff --git a/tb_polgen/Makefile b/tb_polgen/Makefile
index 742244d..5dcade1 100644
--- a/tb_polgen/Makefile
+++ b/tb_polgen/Makefile
@@ -10,7 +10,7 @@
ROOTDIR ?= $(CURDIR)/..
include $(ROOTDIR)/Config.mk
-
+CFLAGS += -fstack-protector-strong
TARGET = tb_polgen
diff --git a/utils/Makefile b/utils/Makefile
index 177f28b..75a7f75 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -13,7 +13,7 @@ include $(ROOTDIR)/Config.mk
TARGETS := txt-stat parse_err acminfo
-CFLAGS += -D_LARGEFILE64_SOURCE
+CFLAGS += -D_LARGEFILE64_SOURCE -fstack-protector-strong
LIBS += $(ROOTDIR)/safestringlib/libsafestring.a
#
--
2.30.0

6
tboot.spec
View File

@ -1,12 +1,13 @@
Name: tboot
Summary: A module to perform a measured and verified launch
Version: 1.9.12
Release: 3
Release: 4
Epoch: 1
License: BSD
URL: http://sourceforge.net/projects/tboot/
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Patch0: add-PIE-and-BIND_NOW-for-some-binaries.patch
BuildRequires: gcc trousers-devel openssl-devel
@ -41,6 +42,9 @@ and verified launch of an OS kernel/VMM
%{_mandir}/man8/*.gz
%changelog
* Wed Sep 8 2021 wangchen<wangchen137@huawei.com> - 1:1.9.12-4
- add some compile options
* Tue Jul 28 2020 chxssg<chxssg@qq.com> - 1:1.9.12-1
- update to 1.9.12