packages/hikptool
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!18 修复hikptool包的安全编译告警问题

Browse Source 
From: @veega2022 
Reviewed-by: @kongzizaixian 
Signed-off-by: @chenjunxin1992
This commit is contained in:
openeuler-ci-bot 2022-12-15 06:35:15 +00:00 committed by Gitee
commit a23d57023f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 44 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
0002-fix-compiler-security-option-problem.patch Normal file
View File

@ -0,0 +1,39 @@
From 0a4e7eb4cb35e126e9ca6e8e1f8f4282a008d0d2 Mon Sep 17 00:00:00 2001
From: veega2022 <zhuweijia@huawei.com>
Date: Tue, 13 Dec 2022 21:32:52 +0800
Subject: [PATCH] fix compiler security option problem
add compiler option -pie -fPIE, -Wl,-z,relro,-z,now
and disable rpath
Signed-off-by: veega2022 <zhuweijia@huawei.com>
---
CMakeLists.txt | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1d79a31..c697edf 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,6 +11,9 @@
project(hikptool C)
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -pie -fPIE -Wall")
+set(CMAKE_SKIP_RPATH TRUE)
+
macro(get_header_dir_recurse HEADER_DIR_LIST)
file(GLOB_RECURSE HEADER_LIST *.h)
set(DIR_LIST "")
@@ -40,5 +43,7 @@ get_header_dir_recurse(HIKPTOOL_HEADER_DIR)
target_include_directories(hikptool PRIVATE ${HIKPTOOL_HEADER_DIR})
target_link_directories(hikptool PRIVATE ${CMAKE_INSTALL_PREFIX}/lib)
target_link_libraries(hikptool PRIVATE KPTDEV_SO)
-target_link_options(hikptool PRIVATE -g -lpthread -ldl -lm -lrt -T ${CMAKE_CURRENT_SOURCE_DIR}/hikp_register.ld)
+target_link_options(hikptool PRIVATE
+ -Wl,-z,relro,-z,now -Wl,-z,noexecstack
+ -g -lpthread -ldl -lm -lrt -T ${CMAKE_CURRENT_SOURCE_DIR}/hikp_register.ld)
install(TARGETS hikptool RUNTIME DESTINATION bin OPTIONAL)
--
2.33.0

8
hikptool.spec
View File

@ -1,9 +1,7 @@
%global debug_package %{nil}
Name: hikptool
Summary: A userspace tool for Linux providing problem location on Kunpeng chips
Version: 1.0.0
Release: 6
Release: 7
License: MulanPSL2
Source: %{name}-%{version}.tar.gz
ExclusiveOS: linux
@ -17,6 +15,7 @@ Requires: glibc
ExclusiveArch: aarch64
Patch0001: 0001-socip-Return-EINVAL-when-the-parameter-check-fails.patch
Patch0002: 0002-fix-compiler-security-option-problem.patch
%description
This package contains the hikptool
@ -69,6 +68,9 @@ fi
/sbin/ldconfig
%changelog
* Tue Dec 13 2022 veega2022 <zhuweijia@huawei.com> 1.0.0-7
- fix compiler security option problem
* Mon Dec 12 2022 veega2022 <zhuweijia@huawei.com> 1.0.0-6
- Add socip patch for fix return -EINVAL when the parameter check fails