diff --git a/.gitignore b/.gitignore index 95a22a0..2be4a90 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,8 @@ /annobin-3.2.tar.xz /annobin-3.3.tar.xz /annobin-3.4.tar.xz +/annobin-5.0.tar.xz +/annobin-5.1.tar.xz +/annobin-5.2.tar.xz +/annobin-5.6.tar.xz +/annobin-5.7.tar.xz diff --git a/annobin-skip-assembler-test.patch b/annobin-skip-assembler-test.patch new file mode 100644 index 0000000..932130e --- /dev/null +++ b/annobin-skip-assembler-test.patch @@ -0,0 +1,24 @@ +diff -rup annobin.orig/tests/Makefile.am annobin-5.6/tests/Makefile.am +--- annobin.orig/tests/Makefile.am 2018-05-04 14:23:33.303562575 +0100 ++++ annobin-5.6/tests/Makefile.am 2018-05-04 14:23:52.212354792 +0100 +@@ -12,7 +12,7 @@ TESTS=compile-test \ + abi-test \ + missing-notes-test \ + function-sections-test \ +- assembler-gap-test ++ + + XFAIL_TESTS=hardening-fail-test + +diff -rup annobin.orig/tests/Makefile.in annobin-5.6/tests/Makefile.in +--- annobin.orig/tests/Makefile.in 2018-05-04 14:23:33.304562564 +0100 ++++ annobin-5.6/tests/Makefile.in 2018-05-04 14:23:59.205277949 +0100 +@@ -217,7 +217,7 @@ TESTS = compile-test \ + abi-test \ + missing-notes-test \ + function-sections-test \ +- assembler-gap-test ++ + + XFAIL_TESTS = hardening-fail-test + all: all-am diff --git a/annobin-skip-minor-version-check.patch b/annobin-skip-minor-version-check.patch new file mode 100644 index 0000000..6b81d38 --- /dev/null +++ b/annobin-skip-minor-version-check.patch @@ -0,0 +1,20 @@ +diff -rup annobin.orig/plugin/annobin.cc annobin-5.7/plugin/annobin.cc +--- annobin.orig/plugin/annobin.cc 2018-10-15 11:57:59.263140156 +0100 ++++ annobin-5.7/plugin/annobin.cc 2018-10-15 12:00:17.358170612 +0100 +@@ -1158,10 +1158,14 @@ plugin_init (struct plugin_name_args * + { + bool fail = false; + +- if (strcmp (version->basever, gcc_version.basever)) ++ /* plugin_default_version_check is very strict and requires that the ++ major, minor and revision numbers all match. Since annobin only ++ lightly touches gcc we assume that major number compatibility will ++ be sufficient... */ ++ if (strncmp (version->basever, gcc_version.basever, strchr (version->basever, '.') - version->basever)) + { + annobin_inform (0, _("Error: plugin built for compiler version (%s) but run with compiler version (%s)"), +- version->basever, gcc_version.basever); ++ gcc_version.basever, version->basever); + fail = true; + } + diff --git a/annobin.spec b/annobin.spec index fdc2f06..a45ec22 100644 --- a/annobin.spec +++ b/annobin.spec @@ -11,8 +11,8 @@ Name: annobin Summary: Binary annotation plugin for GCC -Version: 3.4 -Release: 1%{?dist} +Version: 5.7 +Release: 3%{?dist} License: GPLv3+ URL: https://fedoraproject.org/wiki/Toolchain/Watermark @@ -20,12 +20,25 @@ URL: https://fedoraproject.org/wiki/Toolchain/Watermark # Use "--without tests" to disable the testsuite. The default is to run them. %bcond_without tests +# Set this to zero to disable the requirement for a specific version of gcc. +# This should only be needed if there is some kind of problem with the version +# checking logic. +%global with_hard_gcc_version_requirement 1 + #--------------------------------------------------------------------------------- Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz # For the latest sources use: git clone git://sourceware.org/git/annobin.git -# This is a gcc plugin, hence gcc is required. -Requires: gcc +# Insert patches here, if needed. + +# Skip the assembler test as the Fedora 28 assembler does not support +# the --generate-missing-build-notes=yes commmand line option. +Patch01: annobin-skip-assembler-test.patch + +# Only test that the major version of gcc used to build the annobin plugin +# matches with the major version of gcc used to run the plugin. +Patch02: annobin-skip-minor-version-check.patch + Requires(post): /sbin/install-info Requires(preun): /sbin/install-info @@ -55,7 +68,60 @@ of the resulting files. %endif #--------------------------------------------------------------------------------- -%global ANNOBIN_PLUGIN_DIR %(g++ -print-file-name=plugin) +%global ANNOBIN_PLUGIN_DIR %(gcc --print-file-name=plugin) + +# [Stolen from gcc-python-plugin] +# GCC will only load plugins that were built against exactly that build of GCC +# We thus need to embed the exact GCC version as a requirement within the +# metadata. +# +# Define "gcc_vr", a variable to hold the VERSION-RELEASE string for the gcc +# we are being built against. +# +# Unfortunately, we can't simply run: +# rpm -q --qf="%%{version}-%%{release}" +# to determine this, as there's no guarantee of a sane rpm database within +# the chroots created by our build system +# +# So we instead query the version from gcc's output. +# +# gcc.spec has: +# Version: %%{gcc_version} +# Release: %%{gcc_release}%%{?dist} +# ...snip... +# echo 'Red Hat %%{version}-%%{gcc_release}' > gcc/DEV-PHASE +# +# So, given this output: +# +# $ gcc --version +# gcc (GCC) 4.6.1 20110908 (Red Hat 4.6.1-9) +# Copyright (C) 2011 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# we can scrape out the "4.6.1" from the version line. +# +# The following implements the above: +# +# Note - gawk will emit a warning message saying: +# +# gawk: cmd. line:1: warning: escape sequence `\)' treated as plain `)' +# +# I have not been able to work out how to remove this message, but still provide +# sufficient escaping for the command line to survive intact as it is passed +# down through the sub-shell. + +%global gcc_vr %(gcc --version | gawk 'match (\$0, ".*Red Hat \([^\\)-]*\)", a) { print a[1]; }') + +# This is a gcc plugin, hence gcc is required. +%if %{with_hard_gcc_version_requirement} +Requires: gcc == %{gcc_vr} +BuildRequires: gcc == %{gcc_vr} +%else +Requires: gcc +%endif + +#--------------------------------------------------------------------------------- %prep %autosetup -p1 @@ -68,29 +134,51 @@ touch configure */configure Makefile.in */Makefile.in # Similarly we do not want to rebuild the documentation. touch doc/annobin.info +#--------------------------------------------------------------------------------- + %build %configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_PLUGIN_DIR} %make_build +# Rebuild the plugin, this time using the plugin itself! This +# ensures that the plugin works, and that it contains annotations +# of its own. This could mean that we end up with a plugin with +# double annotations in it. (If the build system enables annotations +# for plugins by default). I have not tested this yet, but I think +# that it should be OK. +cp plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp-annobin.so +make -C plugin clean +make -C plugin CXXFLAGS="%{optflags} -fplugin=%{_tmppath}/tmp-annobin.so" +rm %{_tmppath}/tmp-annobin.so + +#--------------------------------------------------------------------------------- %install %make_install %{__rm} -f %{buildroot}%{_infodir}/dir +#--------------------------------------------------------------------------------- + %if %{with tests} %check make check %endif +#--------------------------------------------------------------------------------- + %post /sbin/install-info %{_infodir}/annobin.info.gz %{_infodir} >/dev/null 2>&1 || : exit 0 +#--------------------------------------------------------------------------------- + %preun if [ $1 = 0 ]; then /sbin/install-info --delete %{_infodir}/annobin.info.gz %{_infodir} >/dev/null 2>&1|| : fi exit 0 +#--------------------------------------------------------------------------------- + %files %{ANNOBIN_PLUGIN_DIR} %{_bindir}/built-by.sh @@ -102,10 +190,44 @@ exit 0 %exclude %{_datadir}/doc/annobin-plugin/LICENSE %doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt %doc %{_infodir}/annobin.info.gz +%doc %{_mandir}/man1/annobin.1.gz +%doc %{_mandir}/man1/built-by.1.gz +%doc %{_mandir}/man1/check-abi.1.gz +%doc %{_mandir}/man1/hardened.1.gz +%doc %{_mandir}/man1/run-on-binaries.1.gz #--------------------------------------------------------------------------------- %changelog +* Mon Oct 10 2018 Nick Clifton - 5.7-3 +- Only check major version numbers when verifying gcc builder and runner. (#16329224) + +* Thu May 10 2018 Nick Clifton - 5.7-2 +- Version bump in order to allow a rebuild with the latest version of gcc. + +* Tue May 08 2018 Nick Clifton - 5.7-1 +- Fix script bug in hardended.sh. (Thanks to: Stefan Sørensen ) + +* Fri May 04 2018 Nick Clifton - 5.6-3 +- Import latest changes from rawhide, including hard requirement on the version of gcc used. + +* Thu May 03 2018 Nick Clifton - 5.2-3 +- Rebuild with the latest gcc. + +* Mon Apr 30 2018 Nick Clifton - 5.2-2 +- Rebuild the plugin with the newly created plugin enabled. (#1573082) + +* Tue Apr 03 2018 Nick Clifton - 5.2-1 +- Do not record a stack protection setting of -1. (#1563141) + +* Tue Mar 20 2018 Nick Clifton - 5.1-1 +- Do not complain about a dwarf_version value of -1. (#1557511) + +* Mon Mar 19 2018 Nick Clifton - 5.0-1 +- Sync with rawhide, since that seems to fix #1557511. +- Bias file start symbols by 2 in order to avoid them confused with function symbols. (#1554332) +- Version jump is to sync the version number with the annobin plugins internal version number. + * Fri Feb 09 2018 Nick Clifton - 3.4-1 - Change type and size of symbols to STT_NOTYPE/0 so that they do not confuse GDB. (#1539664) - Add run-on-binaries-in.sh script to allow the other scripts to be run over a repository. diff --git a/sources b/sources index c3898d5..ccfb55c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (annobin-3.4.tar.xz) = 387ab363b463d182c4d775ed516eeaea898640b5117937db16a100034ff83867c7012e0045dda5eb272d6c09a3d6003683d0918524907cbbb69500c19fd478b4 +SHA512 (annobin-5.7.tar.xz) = 9f0ff5d4ce0d3028e79cf4b9ebe8adf328962100d805a7faa4cd9b3fd239f11dc4178290a755c61ce2d73aeaa3aa794af0de7151922cfabeb18b3048d5073d87