Add sec compile option
This commit is contained in:
Hugel
parent
73d4718ca1
commit
7f5a5a972b
@ -1,54 +0,0 @@
|
||||
From 6d629a4f5387834211d61b6a332246ff4ef6d3cb Mon Sep 17 00:00:00 2001
|
||||
From: sunguoshuai <sunguoshuai@huawei.com>
|
||||
Date: Sat, 20 Mar 2021 17:38:08 +0800
|
||||
Subject: [PATCH] add PIE and BIND_NOW for some binaries
|
||||
|
||||
---
|
||||
Config.mk | 3 ++-
|
||||
tb_polgen/Makefile | 2 +-
|
||||
utils/Makefile | 2 +-
|
||||
3 files changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/Config.mk b/Config.mk
|
||||
index a47147a..06b346c 100644
|
||||
--- a/Config.mk
|
||||
+++ b/Config.mk
|
||||
@@ -74,7 +74,8 @@ TARGET_ARCH ?= $(shell uname -m | sed -e s/i.86/x86_32/ -e s/i86pc/x86_32/)
|
||||
CFLAGS += $(CFLAGS_WARN) -fno-strict-aliasing -std=gnu99
|
||||
# due to bug in gcc v4.2,3,?
|
||||
CFLAGS += $(call cc-option,$(CC),-Wno-array-bounds,)
|
||||
-
|
||||
+LDFLAGS += -Wl,-z,now,-z,relro,-z,noexecstack -fPIE
|
||||
+CFLAGS += -fPIE
|
||||
|
||||
ifeq ($(debug),y)
|
||||
CFLAGS += -g -DDEBUG
|
||||
diff --git a/tb_polgen/Makefile b/tb_polgen/Makefile
|
||||
index 742244d..5dcade1 100644
|
||||
--- a/tb_polgen/Makefile
|
||||
+++ b/tb_polgen/Makefile
|
||||
@@ -10,7 +10,7 @@
|
||||
ROOTDIR ?= $(CURDIR)/..
|
||||
|
||||
include $(ROOTDIR)/Config.mk
|
||||
-
|
||||
+CFLAGS += -fstack-protector-strong
|
||||
|
||||
TARGET = tb_polgen
|
||||
|
||||
diff --git a/utils/Makefile b/utils/Makefile
|
||||
index 177f28b..75a7f75 100644
|
||||
--- a/utils/Makefile
|
||||
+++ b/utils/Makefile
|
||||
@@ -13,7 +13,7 @@ include $(ROOTDIR)/Config.mk
|
||||
|
||||
TARGETS := txt-stat txt-parse_err txt-acminfo
|
||||
|
||||
-CFLAGS += -D_LARGEFILE64_SOURCE
|
||||
+CFLAGS += -D_LARGEFILE64_SOURCE -fstack-protector-strong
|
||||
LIBS += $(ROOTDIR)/safestringlib/libsafestring.a
|
||||
|
||||
#
|
||||
--
|
||||
2.30.0
|
||||
|
||||
10
tboot.spec
10
tboot.spec
@ -1,13 +1,12 @@
|
||||
Name: tboot
|
||||
Summary: A module to perform a measured and verified launch
|
||||
Version: 1.10.2
|
||||
Release: 2
|
||||
Release: 3
|
||||
Epoch: 1
|
||||
License: BSD
|
||||
|
||||
URL: http://sourceforge.net/projects/tboot/
|
||||
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
||||
Patch0: add-PIE-and-BIND_NOW-for-some-binaries.patch
|
||||
|
||||
BuildRequires: gcc trousers-devel openssl-devel perl
|
||||
|
||||
@ -24,6 +23,7 @@ and verified launch of an OS kernel/VMM
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
CFLAGS="$RPM_OPT_FLAGS -Wl,-z,relro,-z,now -fPIE -pie"; export CFLAGS
|
||||
%make_build debug=y
|
||||
|
||||
%install
|
||||
@ -42,6 +42,12 @@ and verified launch of an OS kernel/VMM
|
||||
%{_mandir}/man8/*.gz
|
||||
|
||||
%changelog
|
||||
* Tue Jul 12 2022 Hugel <gengqihu1@h-partners.com> - 1:1.10.2-3
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:Add sec compile option
|
||||
|
||||
* Mon Jan 10 2022 Hugel<gengqihu1@huawei.com> - 1:1.10.2-2
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user