packages/tboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!14 openEuler-22.03-LTS-Next: add sec compile option

Browse Source 
From: @hugel 
Reviewed-by: @huangzq6, @zhuchunyi 
Signed-off-by: @zhuchunyi
This commit is contained in:
openeuler-ci-bot 2022-07-14 09:28:29 +00:00 committed by Gitee
commit 7e4a24c0e2
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 8 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
add-PIE-and-BIND_NOW-for-some-binaries.patch
View File

@ -1,54 +0,0 @@
From 6d629a4f5387834211d61b6a332246ff4ef6d3cb Mon Sep 17 00:00:00 2001
From: sunguoshuai <sunguoshuai@huawei.com>
Date: Sat, 20 Mar 2021 17:38:08 +0800
Subject: [PATCH] add PIE and BIND_NOW for some binaries
---
Config.mk | 3 ++-
tb_polgen/Makefile | 2 +-
utils/Makefile | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/Config.mk b/Config.mk
index a47147a..06b346c 100644
--- a/Config.mk
+++ b/Config.mk
@@ -74,7 +74,8 @@ TARGET_ARCH ?= $(shell uname -m | sed -e s/i.86/x86_32/ -e s/i86pc/x86_32/)
CFLAGS += $(CFLAGS_WARN) -fno-strict-aliasing -std=gnu99
# due to bug in gcc v4.2,3,?
CFLAGS += $(call cc-option,$(CC),-Wno-array-bounds,)
-
+LDFLAGS += -Wl,-z,now,-z,relro,-z,noexecstack -fPIE
+CFLAGS += -fPIE
ifeq ($(debug),y)
CFLAGS += -g -DDEBUG
diff --git a/tb_polgen/Makefile b/tb_polgen/Makefile
index 742244d..5dcade1 100644
--- a/tb_polgen/Makefile
+++ b/tb_polgen/Makefile
@@ -10,7 +10,7 @@
ROOTDIR ?= $(CURDIR)/..
include $(ROOTDIR)/Config.mk
-
+CFLAGS += -fstack-protector-strong
TARGET = tb_polgen
diff --git a/utils/Makefile b/utils/Makefile
index 177f28b..75a7f75 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -13,7 +13,7 @@ include $(ROOTDIR)/Config.mk
TARGETS := txt-stat txt-parse_err txt-acminfo
-CFLAGS += -D_LARGEFILE64_SOURCE
+CFLAGS += -D_LARGEFILE64_SOURCE -fstack-protector-strong
LIBS += $(ROOTDIR)/safestringlib/libsafestring.a
#
--
2.30.0

10
tboot.spec
View File

@ -1,13 +1,12 @@
Name: tboot Name: tboot
Summary: A module to perform a measured and verified launch Summary: A module to perform a measured and verified launch
Version: 1.10.2 Version: 1.10.2
Release: 2 Release: 3
Epoch: 1 Epoch: 1
License: BSD License: BSD
URL: http://sourceforge.net/projects/tboot/ URL: http://sourceforge.net/projects/tboot/
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Patch0: add-PIE-and-BIND_NOW-for-some-binaries.patch
BuildRequires: gcc trousers-devel openssl-devel perl BuildRequires: gcc trousers-devel openssl-devel perl
@ -24,6 +23,7 @@ and verified launch of an OS kernel/VMM
%autosetup -p1 %autosetup -p1
%build %build
CFLAGS="$RPM_OPT_FLAGS -Wl,-z,relro,-z,now -fPIE -pie"; export CFLAGS
%make_build debug=y %make_build debug=y
%install %install
@ -42,6 +42,12 @@ and verified launch of an OS kernel/VMM
%{_mandir}/man8/*.gz %{_mandir}/man8/*.gz
%changelog %changelog
* Tue Jul 12 2022 Hugel <gengqihu1@h-partners.com> - 1:1.10.2-3
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:Add sec compile option
* Mon Jan 10 2022 Hugel<gengqihu1@huawei.com> - 1:1.10.2-2 * Mon Jan 10 2022 Hugel<gengqihu1@huawei.com> - 1:1.10.2-2
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA