Tidy up spec file
This commit is contained in:
parent
81adad3f31
commit
45b479d2d6
265
annobin.spec
265
annobin.spec
@ -2,7 +2,7 @@
|
|||||||
Name: annobin
|
Name: annobin
|
||||||
Summary: Annotate and examine compiled binary files
|
Summary: Annotate and examine compiled binary files
|
||||||
Version: 9.72
|
Version: 9.72
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
# Maintainer: nickc@redhat.com
|
# Maintainer: nickc@redhat.com
|
||||||
# Web Page: https://sourceware.org/annobin/
|
# Web Page: https://sourceware.org/annobin/
|
||||||
@ -54,10 +54,6 @@ License: GPLv3+
|
|||||||
%undefine _annotated_build
|
%undefine _annotated_build
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%{!?llvm_version:%global llvm_version 11.1.0}
|
|
||||||
%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/%{llvm_version}}
|
|
||||||
%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/%{llvm_version}}
|
|
||||||
|
|
||||||
#---------------------------------------------------------------------------------
|
#---------------------------------------------------------------------------------
|
||||||
|
|
||||||
Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
|
Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
|
||||||
@ -68,6 +64,121 @@ Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
|
|||||||
|
|
||||||
#---------------------------------------------------------------------------------
|
#---------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Make sure that the necessary sub-packages are built.
|
||||||
|
|
||||||
|
%if %{with gccplugin}
|
||||||
|
Requires: %{name}-plugin-gcc
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with llvmplugin}
|
||||||
|
Requires: %{name}-plugin-llvm
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with clangplugin}
|
||||||
|
Requires: %{name}-plugin-clang
|
||||||
|
%endif
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package contains the tools needed to annotate binary files created by
|
||||||
|
compilers, and also the tools needed to examine those annotations.
|
||||||
|
|
||||||
|
%if %{with gccplugin}
|
||||||
|
One of the tools is a plugin for GCC that records information about the
|
||||||
|
security options that were in effect when the binary was compiled.
|
||||||
|
|
||||||
|
Note - the plugin is automatically enabled in gcc builds via flags
|
||||||
|
provided by the redhat-rpm-macros package.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with clangplugin}
|
||||||
|
One of the tools is a plugin for Clang that records information about the
|
||||||
|
security options that were in effect when the binary was compiled.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with llvmplugin}
|
||||||
|
One of the tools is a plugin for LLVM that records information about the
|
||||||
|
security options that were in effect when the binary was compiled.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with annocheck}
|
||||||
|
One of the tools is a security checker which analyses the notes present in
|
||||||
|
annotated files and reports on any missing security options.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Now that we have sub-packages for all of the plugins and for annocheck,
|
||||||
|
# there are no executables left to go into the "annobin" rpm. But top-level
|
||||||
|
# packages cannot have "BuildArch: noarch" if sub-packages do have
|
||||||
|
# architecture requirements, and rpmlint generates an error if an
|
||||||
|
# architecture specific rpm does not contain any binaries. So instead all of
|
||||||
|
# the documentation has been moved into an architecture neutral sub-package,
|
||||||
|
# and there no longer is a top level annobin rpm at all.
|
||||||
|
|
||||||
|
%package docs
|
||||||
|
Summary: Documentation and shell scripts for use with annobin
|
||||||
|
BuildArch: noarch
|
||||||
|
# annobin renamed to annobin-doc in 9.66-1
|
||||||
|
Provides: %{name} = %{version}-%{release}
|
||||||
|
Obsoletes: %{name} < 9.66-1
|
||||||
|
# The documentation uses pod2man...
|
||||||
|
BuildRequires: perl-interpreter perl-podlators gawk make
|
||||||
|
|
||||||
|
%description docs
|
||||||
|
Provides the documentation files and example shell scripts for use with annobin.
|
||||||
|
|
||||||
|
#----------------------------------------------------------------------------
|
||||||
|
%if %{with tests}
|
||||||
|
|
||||||
|
%package tests
|
||||||
|
Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin
|
||||||
|
Requires: %{name}-docs = %{version}-%{release}
|
||||||
|
|
||||||
|
%description tests
|
||||||
|
Provides a means to test the generation of annotated binaries and the parsing
|
||||||
|
of the resulting files.
|
||||||
|
|
||||||
|
BuildRequires: make
|
||||||
|
|
||||||
|
%if %{with debuginfod}
|
||||||
|
BuildRequires: elfutils-debuginfod-client-devel
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%endif
|
||||||
|
|
||||||
|
#----------------------------------------------------------------------------
|
||||||
|
%if %{with annocheck}
|
||||||
|
|
||||||
|
%package annocheck
|
||||||
|
Summary: A tool for checking the security hardening status of binaries
|
||||||
|
|
||||||
|
BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel make
|
||||||
|
|
||||||
|
%if %{with debuginfod}
|
||||||
|
BuildRequires: elfutils-debuginfod-client-devel
|
||||||
|
%endif
|
||||||
|
|
||||||
|
Requires: %{name}-docs = %{version}-%{release}
|
||||||
|
|
||||||
|
%description annocheck
|
||||||
|
Installs the annocheck program which uses the notes generated by annobin to
|
||||||
|
check that the specified files were compiled with the correct security
|
||||||
|
hardening options.
|
||||||
|
|
||||||
|
%endif
|
||||||
|
|
||||||
|
#----------------------------------------------------------------------------
|
||||||
|
%if %{with gccplugin}
|
||||||
|
|
||||||
|
%package plugin-gcc
|
||||||
|
Summary: annobin gcc plugin
|
||||||
|
|
||||||
|
Requires: %{name}-docs = %{version}-%{release}
|
||||||
|
Conflicts: %{name} <= 9.60-1
|
||||||
|
BuildRequires: gcc-c++ gcc-plugin-devel
|
||||||
|
|
||||||
# [Stolen from gcc-python-plugin]
|
# [Stolen from gcc-python-plugin]
|
||||||
# GCC will only load plugins that were built against exactly that build of GCC
|
# GCC will only load plugins that were built against exactly that build of GCC
|
||||||
# We thus need to embed the exact GCC version as a requirement within the
|
# We thus need to embed the exact GCC version as a requirement within the
|
||||||
@ -112,7 +223,7 @@ Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
|
|||||||
%global gcc_major 0
|
%global gcc_major 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# This is a gcc plugin, hence gcc is required.
|
# For a gcc plugin gcc is required.
|
||||||
%if %{with_hard_gcc_version_requirement}
|
%if %{with_hard_gcc_version_requirement}
|
||||||
# BZ 1607430 - There is an exact requirement on the major version of gcc.
|
# BZ 1607430 - There is an exact requirement on the major version of gcc.
|
||||||
Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})
|
Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})
|
||||||
@ -120,114 +231,6 @@ Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})
|
|||||||
Requires: gcc
|
Requires: gcc
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{with gccplugin}
|
|
||||||
Requires: annobin-plugin-gcc
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with llvmplugin}
|
|
||||||
Requires: annobin-plugin-llvm
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with clangplugin}
|
|
||||||
Requires: annobin-plugin-clang
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# The documentation uses pod2man...
|
|
||||||
BuildRequires: gcc perl-interpreter perl-podlators gawk
|
|
||||||
|
|
||||||
%if %{with gccplugin}
|
|
||||||
BuildRequires: gcc-c++ gcc-plugin-devel
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with clangplugin}
|
|
||||||
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with llvmplugin}
|
|
||||||
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description
|
|
||||||
Provides a plugin for GCC that records extra information in the files
|
|
||||||
that it compiles.
|
|
||||||
|
|
||||||
Note - the plugin is automatically enabled in gcc builds via flags
|
|
||||||
provided by the redhat-rpm-macros package.
|
|
||||||
|
|
||||||
%if %{with clangplugin}
|
|
||||||
Also provides a plugin for Clang which performs a similar function.
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with llvmplugin}
|
|
||||||
Also provides a plugin for LLVM which performs a similar function.
|
|
||||||
%endif
|
|
||||||
|
|
||||||
#---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
# Now that we have sub-packages for all of the plugins and for annocheck,
|
|
||||||
# there are no executables left to go into the "annobin" rpm. But top-level
|
|
||||||
# packages cannot have "BuildArch: noarch" if sub-packages do have
|
|
||||||
# architecture requirements, and rpmlint generates an error if an
|
|
||||||
# architecture specific rpm does not contain any binaries. So instead all of
|
|
||||||
# the documentation has been moved into an architecture neutral sub-package,
|
|
||||||
# and there no longer is a top level annobin rpm at all.
|
|
||||||
|
|
||||||
%package docs
|
|
||||||
Summary: Documentation and shell scripts for use with annobin
|
|
||||||
BuildArch: noarch
|
|
||||||
# annobin renamed to annobin-doc in 9.66-1
|
|
||||||
Provides: %{name} = %{version}-%{release}
|
|
||||||
Obsoletes: %{name} < 9.66-1
|
|
||||||
|
|
||||||
%description docs
|
|
||||||
Provides the documentation files and example shell scripts for use with annobin.
|
|
||||||
|
|
||||||
#----------------------------------------------------------------------------
|
|
||||||
%if %{with tests}
|
|
||||||
|
|
||||||
%package tests
|
|
||||||
Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin
|
|
||||||
Requires: %{name}-docs = %{version}-%{release}
|
|
||||||
|
|
||||||
%description tests
|
|
||||||
Provides a means to test the generation of annotated binaries and the parsing
|
|
||||||
of the resulting files.
|
|
||||||
|
|
||||||
%if %{with debuginfod}
|
|
||||||
BuildRequires: elfutils-debuginfod-client-devel
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%endif
|
|
||||||
|
|
||||||
#----------------------------------------------------------------------------
|
|
||||||
%if %{with annocheck}
|
|
||||||
|
|
||||||
%package annocheck
|
|
||||||
Summary: A tool for checking the security hardening status of binaries
|
|
||||||
|
|
||||||
BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
|
|
||||||
%if %{with debuginfod}
|
|
||||||
BuildRequires: elfutils-debuginfod-client-devel make
|
|
||||||
%endif
|
|
||||||
|
|
||||||
Requires: %{name}-docs = %{version}-%{release}
|
|
||||||
|
|
||||||
%description annocheck
|
|
||||||
Installs the annocheck program which uses the notes generated by annobin to
|
|
||||||
check that the specified files were compiled with the correct security
|
|
||||||
hardening options.
|
|
||||||
|
|
||||||
%endif
|
|
||||||
|
|
||||||
#----------------------------------------------------------------------------
|
|
||||||
%if %{with gccplugin}
|
|
||||||
|
|
||||||
%package plugin-gcc
|
|
||||||
Summary: annobin gcc plugin
|
|
||||||
|
|
||||||
Requires: %{name}-docs = %{version}-%{release}
|
|
||||||
Conflicts: annobin <= 9.60-1
|
|
||||||
|
|
||||||
%description plugin-gcc
|
%description plugin-gcc
|
||||||
Installs an annobin plugin that can be used by gcc.
|
Installs an annobin plugin that can be used by gcc.
|
||||||
|
|
||||||
@ -240,10 +243,11 @@ Installs an annobin plugin that can be used by gcc.
|
|||||||
Summary: annobin llvm plugin
|
Summary: annobin llvm plugin
|
||||||
|
|
||||||
Requires: %{name}-docs = %{version}-%{release}
|
Requires: %{name}-docs = %{version}-%{release}
|
||||||
Conflicts: annobin <= 9.60-1
|
Conflicts: %{name} <= 9.60-1
|
||||||
|
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
||||||
|
|
||||||
%description plugin-llvm
|
%description plugin-llvm
|
||||||
Installs an annobin plugin that can be used by llvm tools.
|
Installs an annobin plugin that can be used by LLVM tools.
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -254,16 +258,24 @@ Installs an annobin plugin that can be used by llvm tools.
|
|||||||
Summary: annobin clang plugin
|
Summary: annobin clang plugin
|
||||||
|
|
||||||
Requires: %{name}-docs = %{version}-%{release}
|
Requires: %{name}-docs = %{version}-%{release}
|
||||||
Conflicts: annobin <= 9.60-1
|
Conflicts: %{name} <= 9.60-1
|
||||||
|
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
||||||
|
|
||||||
%description plugin-clang
|
%description plugin-clang
|
||||||
Installs an annobin plugin that can be used by clang.
|
Installs an annobin plugin that can be used by Clang.
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
#---------------------------------------------------------------------------------
|
#---------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Decide where the plugins will live. Change if necessary.
|
||||||
|
|
||||||
%global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
|
%global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
|
||||||
|
|
||||||
|
%{!?llvm_version:%global llvm_version 11.1.0}
|
||||||
|
%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/%{llvm_version}}
|
||||||
|
%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/%{llvm_version}}
|
||||||
|
|
||||||
#---------------------------------------------------------------------------------
|
#---------------------------------------------------------------------------------
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
@ -288,7 +300,7 @@ touch doc/annobin.info
|
|||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
CONFIG_ARGS="--quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}"
|
CONFIG_ARGS="--quiet"
|
||||||
|
|
||||||
%if %{with debuginfod}
|
%if %{with debuginfod}
|
||||||
CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"
|
CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"
|
||||||
@ -308,6 +320,8 @@ CONFIG_ARGS="$CONFIG_ARGS --with-clang"
|
|||||||
|
|
||||||
%if %{without gccplugin}
|
%if %{without gccplugin}
|
||||||
CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin"
|
CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin"
|
||||||
|
%else
|
||||||
|
CONFIG_ARGS="$CONFIG_ARGS --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}"
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{with llvmplugin}
|
%if %{with llvmplugin}
|
||||||
@ -318,10 +332,16 @@ CONFIG_ARGS="$CONFIG_ARGS --with-llvm"
|
|||||||
CONFIG_ARGS="$CONFIG_ARGS --without-test"
|
CONFIG_ARGS="$CONFIG_ARGS --without-test"
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if %{without annocheck}
|
||||||
|
CONFIG_ARGS="$CONFIG_ARGS --without-annocheck"
|
||||||
|
%endif
|
||||||
|
|
||||||
%configure ${CONFIG_ARGS} || cat config.log
|
%configure ${CONFIG_ARGS} || cat config.log
|
||||||
|
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------------
|
||||||
|
|
||||||
%if %{with plugin_rebuild}
|
%if %{with plugin_rebuild}
|
||||||
# Rebuild the plugin(s), this time using the plugin itself! This
|
# Rebuild the plugin(s), this time using the plugin itself! This
|
||||||
# ensures that the plugin works, and that it contains annotations
|
# ensures that the plugin works, and that it contains annotations
|
||||||
@ -341,8 +361,8 @@ BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so"
|
|||||||
# option, despite the fact that there patently is.
|
# option, despite the fact that there patently is.
|
||||||
BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable"
|
BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable"
|
||||||
|
|
||||||
# If building on RHEL7, enable the next option as the .attach_to_group
|
# If building on systems with an assembler that does not support the
|
||||||
# assembler pseudo op is not available in the assembler.
|
# .attach_to_group pseudo op (eg RHEL-7) then enable the next line.
|
||||||
# BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
|
# BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
|
||||||
|
|
||||||
make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
||||||
@ -433,6 +453,9 @@ fi
|
|||||||
#---------------------------------------------------------------------------------
|
#---------------------------------------------------------------------------------
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 19 2021 Nick Clifton <nickc@redhat.com> - 9.72-2
|
||||||
|
- Tidy up spec file.
|
||||||
|
|
||||||
* Thu May 13 2021 Nick Clifton <nickc@redhat.com> - 9.72-1
|
* Thu May 13 2021 Nick Clifton <nickc@redhat.com> - 9.72-1
|
||||||
- annocheck: Accept 0 as a valid number for gcc minor versions and release numbers.
|
- annocheck: Accept 0 as a valid number for gcc minor versions and release numbers.
|
||||||
- gcc-plugin: Add support for ARM and RISCV targets.
|
- gcc-plugin: Add support for ARM and RISCV targets.
|
||||||
|
Loading…
Reference in New Issue
Block a user