diff --git a/.gitignore b/.gitignore index 95233ca..e48c422 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /annobin-*.tar.xz /annobin-9.51-1.fc34.src.rpm +/annobin-11.11-1.fc37.src.rpm diff --git a/annobin.spec b/annobin.spec index 16b53a1..e0c4b34 100644 --- a/annobin.spec +++ b/annobin.spec @@ -1,11 +1,12 @@ Name: annobin Summary: Annotate and examine compiled binary files -Version: 10.79 +Version: 12.28 Release: 1%{?dist} -License: GPLv3+ +License: GPL-3.0-or-later AND LGPL-2.0-or-later AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND GFDL-1.3-or-later URL: https://sourceware.org/annobin/ # Maintainer: nickc@redhat.com +# Web Page: https://sourceware.org/annobin/ # Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark #--------------------------------------------------------------------------------- @@ -37,7 +38,7 @@ URL: https://sourceware.org/annobin/ # checking logic or when building on RHEL-7 or earlier. %global with_hard_gcc_version_requirement 1 -%bcond_with plugin_rebuild +%bcond_without plugin_rebuild # Allow the building of annobin without using annobin itself. # This is because if we are bootstrapping a new build environment we can have # a new version of gcc installed, but without a new of annobin installed. @@ -171,6 +172,23 @@ Installs the annocheck program which uses the notes generated by annobin to check that the specified files were compiled with the correct security hardening options. +%package libannocheck +Summary: A library for checking the security hardening status of binaries + +BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel make + +%if %{with debuginfod} +BuildRequires: elfutils-debuginfod-client-devel +%endif + +Requires: %{name}-docs = %{version}-%{release} +Requires: binutils-devel + +%description libannocheck +Installs the libannocheck library which uses the notes generated by the +annobin plugins to check that the specified files were compiled with the +correct security hardening options. + %endif #---------------------------------------------------------------------------- @@ -359,6 +377,11 @@ export LDFLAGS="$LDFLAGS %build_ldflags" export CLANG_TARGET_OPTIONS="-fcf-protection" %endif +%ifarch ppc ppc64 ppc64le +# FIXME: This is a workaround for a problem with the Clang C++ headers. It should not be needed. +export CLANG_TARGET_OPTIONS="-mabi=ibmlongdouble" +%endif + CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log %make_build @@ -374,7 +397,12 @@ make -C gcc-plugin clean BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so" # Disable the standard annobin plugin so that we do get conflicts. +# Note - Fedora's rpm uses a different way of evaluating macros. +%if 0%{?fedora} == 0 OPTS="$(rpm --eval '%undefine _annotated_build %build_cflags %build_ldflags')" +%else +OPTS="$(rpm --undefine=_annotated_build --eval '%build_cflags %build_ldflags')" +%endif # If building on systems with an assembler that does not support the # .attach_to_group pseudo op (eg RHEL-7) then enable the next line. @@ -474,15 +502,147 @@ fi %if %{with annocheck} %files annocheck -%{_includedir}/libannocheck.h -%{_libdir}/libannocheck.* %{_bindir}/annocheck %{_mandir}/man1/annocheck.1* + +%files libannocheck +%{_includedir}/libannocheck.h +%{_libdir}/libannocheck.* +%{_libdir}/pkgconfig/libannocheck.pc %endif #--------------------------------------------------------------------------------- %changelog +* Tue Oct 10 2023 Yara Ahmad - 12.28-1 +- GCC Plugin: Record settings of -Wstrict-flex-arrays and -fstrict-flex-arrays +- Annobin: Add future test of these options. + +* Mon Oct 02 2023 Yara Ahmad - 12.27-1 +- GCC Plugin: Record settings of -Wimplicit-int and -Wimplicit-function-declaration. +- Annobin: Add test for these warnings. + +* Thu Sep 14 2023 Yara Ahmad - 12.26-1 +- LLVM Plugin: Fix building with LLVM version 17. +- GCC Plugin: Enable string note format by default. +- Annocheck: Change GO FIPS test to look for CGO_ENABLED markers. + +* Tue Aug 01 2023 Yara Ahmad - 12.23-1 +- Annocheck: Add test for FIPS compliant GO binaries. +- Annocheck: Fix double free. (#2226749) +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild +- Spec File: migrated to SPDX license. (#2222112) + +* Tue Jul 18 2023 Yara Ahmad - 12.20-2 +- Spec File: Change License field to use SPDX notation. (#2222112) +- Annocheck: Ignore AArch64 $x and $d symbols. (#2221192) + +* Mon Jul 10 2023 Yara Ahmad - 12.19-1 +- GCC Plugin: Suppress active checks for fortran sources. Improve scanning of COLLECT_GCC_OPTIONS. +- Annocheck: Remove dependency upon binutils-devel. +- Annocheck: Add detection of known parts of libstdc++-nonshared.a that contain gaps. (#2217864) +- Annocheck: Ignore weak/undef function symbols when checking to see if a binary contains code. (#2217840) +- Annocheck: Add --suppress-version-warnings option. + +* Fri Jun 23 2023 Yara Ahmad - 12.14-1 +- Annocheck: Do not ignore separate debuginfo files that do not contain any DWARF. (#2144553) +- Annocheck: Ignore /dev/null filename in string notes. +- Annocheck: More tweaks to glibc detection heuristics. (#2215968) + +* Mon Jun 05 2023 Yara Ahmad - 12.12-1 +- Annocheck: Check for string notes in separate debug info files. (#2211694) +- Annocheck: Add support for el10 and rhel-10 profiles. (RHEL-526) +- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) + +* Tue May 02 2023 Yara Ahmad - 12.10-1 +- Annocheck: Suppress more tests for Rust binaries. +- Annocheck: Fix detection of missing plugin options. (#2189492) +- Fix generation of auto-generated files. +- Fix covscan reported errors. +- gcc-plugin: generate warnings about misspelt -D_FORTIFY_SOURCE and/or -D_GLIBCXX_ASSERTIONS options. +- gcc-plugin: use a bigger buffer for constructing notes. +- llvm-plugin: Fix detection of optimization level. Improve test. +- clang-plugin: Improve test. +- configure: More improvements. +- annocheck: Fix seg-fault when checking for glibc components in string format notes. +- configure: Simplify. + +* Wed Apr 12 2023 Yara Ahmad - 12.02-1 +- gcc plugin: Add filenames to string notes. Allow use of ANNOBIN environment variable. +- llvm plugin: Add workaround for building with LLVM-16. +- clang plugin: Fix for building with Clang-16. + +* Thu Mar 30 2023 Yara Ahmad - 12.01-1 +- gcc plugin: Keep ELF notes at protocol version 3. + +* Wed Mar 29 2023 Yara Ahmad - 12.00-1 +- Protocol Version 4: String format notes. + +* Tue Mar 21 2023 Yara Ahmad - 11.14-1 +- Annocheck: Update message for LTO tests. (#2177140) +- Annocheck: Add even more code to handle another glibc function built without LTO. +- Annocheck: Add code to handle another glibc function built without LTO. + +* Tue Feb 28 2023 Yara Ahmad - 11.11-1 +- GCC Plugin: Do not run if other plugins are active. (#2162746) +- Annocheck: Add code to handle glibc functions built without LTO. +- Libannocheck: Fix thinko in debugging code. +- Annocheck: Fix LTO test. +- Notes: Display notes held in separate dbeuginfo files. +- Annocheck: Fix atexit test. Fix recording of version numbers. (#2165528) +- LLVM & Clang Plugins: Build with branch protection on AArch64. (#2164364) +- Fix gating tests. +- Libannocheck: Fix bug causing infinite looping when running tests. +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jan 18 2023 Yara Ahmad - 11.06-2 +- Rebuilt against GCC 13. +- Annocheck: Fix handling of file built by multiple versions of gcc. (#2160700) +- Annocheck: Fix handling of empty files. (#2159292) +- Annocheck: Add crti.o and crtn.o to the list of known glibc special files. (#2158740) +- Annocheck: Fix memory leaks. + +* Thu Jan 05 2023 Nick Clifton - 11.02-1 +- Annocheck: Do not assume that object files contain no code simply because they do not have an executable segment. (#2158182) +- Annocheck: Add more special glibc filenames. (#2158100) + +* Wed Dec 21 2022 Nick Clifton - 10.99-1 +- Annocheck: Improve handling of tool versions. +- Spec File: Fix building with plugin_rebuild enabled. +- GCC plugin: Fix building with gcc-13. + +* Fri Dec 16 2022 Nick Clifton - 10.97-1 +- Annocheck: Add test for binaries built by cross compilers. +- Annocheck: Improve heuristic used to detect binaries without code. (#2144533) + +* Mon Dec 12 2022 Nick Clifton - 10.95-1 +- Annocheck: Avoid using debug filename when parsing notes in a debuginfo file. (#2152280) + +* Wed Nov 23 2022 Yara Ahmad - 10.93-1 +- Annocheck: Provide more information when a test is skipped because the file being tested was not compiled. + +* Wed Nov 09 2022 Yara Ahmad - 10.92-1 +- Annocheck: Try harder not to run mutually exclusive tests. + +* Fri Oct 21 2022 Yara Ahmad - 10.91-1 +- Rebase to annobin-10.91 + - Tests: Fix future-test so that it properly handles the situation where the compiler does not support the new options. + - Libannocheck: Actually set result fields after tests are run. + - Libannocheck: Replace libannocheck_version variable with LIBANNOCHECK_VERSION define. + - Libannocheck: Remove 'Requires binutils-devel' from libannocheck.pc. + - Libannocheck: Move into separate sub-package. + - Libannocheck: Add libannocheck.pc pkgconfig file. + - Libannocheck: Add libannocheck_reinit(). + - GCC Plugin: Record -ftrivial-auto-var-init and -fzero-call-used-regs. + - Annocheck: Add future tests for -ftrivial-auto-var-init and -fzero-call-used-regs. + - Clang Plugin: Fix for building with Clang-15. (#2125875) + - Annocheck: Add a test for the inconsistent use of -Ofast. (#1248744) + - NVR Bump in order to trigger a rebuild for ELN. (#2124562) + +* Thu Aug 11 2022 Yara Ahmad - 10.81-1 +- Plugin: Fix top level configuration support for RiscV. +- Annocheck: Improvements to the size tool. + * Mon Jul 25 2022 Nick Clifton - 10.79-1 - Annocheck: Fixes for libannocheck.h. diff --git a/plans/ci.fmf b/plans/ci.fmf index 1ad2c12..6ae9ce7 100644 --- a/plans/ci.fmf +++ b/plans/ci.fmf @@ -1,6 +1,6 @@ summary: CI Gating Plan discover: how: fmf - directory: tests + url: https://src.fedoraproject.org/tests/annobin.git execute: - how: beakerlib + how: tmt diff --git a/sources b/sources index 0fb4870..46c32fe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (annobin-10.79.tar.xz) = 05410eaa5f9a75015563b009f571bfd12644b3bfd5579a9f4da80a9bbdac5014e07ed5430323252387290e41a74cdb80fd871cb688085c89737fec3920134759 +SHA512 (annobin-12.28.tar.xz) = 624373d1eba36bc7a0804e0b33dfcb9a8c2415047329c5b96fd6cc2d88cbc9a355bd36ecb00214c4928f6fb4968ec910d76c8ca361b1c13584d4a06f3ee97b05 diff --git a/tests/README b/tests/README deleted file mode 100644 index 9ad59d4..0000000 --- a/tests/README +++ /dev/null @@ -1,2 +0,0 @@ -The test's Makefiles are not used in Fedora CI infrastructure. But are kept here -for backward compatibility with traditional beakerlib test harness in RHEL. diff --git a/tests/Regression/annobin-fails-to-skip-endbr64-entry-point-check/main.fmf b/tests/Regression/annobin-fails-to-skip-endbr64-entry-point-check/main.fmf deleted file mode 100644 index 435d7ff..0000000 --- a/tests/Regression/annobin-fails-to-skip-endbr64-entry-point-check/main.fmf +++ /dev/null @@ -1,16 +0,0 @@ -summary: Test for BZ#1958954 (annobin fails to skip endbr64 entry point check) -description: | - Bug summary: annobin fails to skip endbr64 entry point check for shared objects - Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1958954 -contact: -- Martin Cermak -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- annobin-annocheck -- gcc -duration: 48h -extra-summary: /tools/annobin/Regression/annobin-fails-to-skip-endbr64-entry-point-check -extra-task: /tools/annobin/Regression/annobin-fails-to-skip-endbr64-entry-point-check diff --git a/tests/Regression/annobin-fails-to-skip-endbr64-entry-point-check/runtest.sh b/tests/Regression/annobin-fails-to-skip-endbr64-entry-point-check/runtest.sh deleted file mode 100755 index 41312a4..0000000 --- a/tests/Regression/annobin-fails-to-skip-endbr64-entry-point-check/runtest.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /tools/annobin/Regression/annobin-fails-to-skip-endbr64-entry-point-check -# Description: Test for BZ#1958954 (annobin fails to skip endbr64 entry point check) -# Author: Martin Cermak -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2021 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="annobin" - -rlJournalStart - rlPhaseStartSetup - rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlRun "rpm -q annobin-annocheck gcc" - rlPhaseEnd - - rlPhaseStartTest - rlRun "echo 'void f1(void) {}' > f1.c" - rlRun "echo 'void f2(void) {}' > f2.c" - rlRun "gcc `rpm --eval %build_cflags` -fpic -c f1.c" - rlRun "gcc `rpm --eval %build_cflags` -fpic -c f2.c" - rlRun "gcc `rpm --eval %build_ldflags` -shared f1.o f2.o" - rlRun "annocheck -v a.out" - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Regression/identify/main.fmf b/tests/Regression/identify/main.fmf deleted file mode 100644 index a10e87d..0000000 --- a/tests/Regression/identify/main.fmf +++ /dev/null @@ -1,21 +0,0 @@ -summary: identify -description: '' -contact: -- Martin Cermak -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- annobin -- devtoolset-10 -- devtoolset-10-annocheck -- devtoolset-11 -- devtoolset-11-annocheck -- gcc-toolset-10 -- gcc-toolset-10-annocheck -- gcc-toolset-11 -- gcc-toolset-11-annocheck -duration: 48h -extra-summary: /tools/annobin/Regression/identify -extra-task: /tools/annobin/Regression/identify diff --git a/tests/Regression/identify/runtest.sh b/tests/Regression/identify/runtest.sh deleted file mode 100755 index 7907036..0000000 --- a/tests/Regression/identify/runtest.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /tools/annobin/Regression/identify -# Description: identify -# Author: Martin Cermak -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2019 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="annobin" - -rlJournalStart - rlPhaseStartTest - rlRun "rpm -qa | fgrep -e redhat-rpm-config -e gcc -e annobin -e binutils | sort" - rlRun "tool_v=$(annocheck --version | awk '/^annocheck: Version/ {print $3}')" - rlRun "__RPM=$(rpm --queryformat='%{name}\n' -qf $(man -w annobin))" - rlRun "rpm_v=$(rpm -q --queryformat='%{version}\n' $__RPM)" - # Following fails for annobin-8.89-2.el8 - rlRun "[[ "x${tool_v}" == "x${rpm_v}." ]]" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Regression/lto-preprocessor-options/main.fmf b/tests/Regression/lto-preprocessor-options/main.fmf deleted file mode 100644 index 03e6b88..0000000 --- a/tests/Regression/lto-preprocessor-options/main.fmf +++ /dev/null @@ -1,16 +0,0 @@ -summary: lto-preprocessor-options -description: '' -contact: -- Martin Cermak -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- gcc -- annobin -- annobin-annocheck -- redhat-rpm-config -duration: 48h -extra-summary: /tools/annobin/Regression/lto-preprocessor-options -extra-task: /tools/annobin/Regression/lto-preprocessor-options diff --git a/tests/Regression/lto-preprocessor-options/runtest.sh b/tests/Regression/lto-preprocessor-options/runtest.sh deleted file mode 100755 index 430d830..0000000 --- a/tests/Regression/lto-preprocessor-options/runtest.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /tools/annobin/Regression/lto-preprocessor-options -# Description: lto-preprocessor-options -# Author: Martin Cermak -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2020 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="annobin" - -rlJournalStart - rlPhaseStartTest - b=`mktemp` - rlRun "rpm -qa | fgrep -e redhat-rpm-config -e gcc -e annobin -e binutils | sort" - rlRun "cflags=\"$(rpm --eval '%build_cflags')\"" - rlRun "ldflags=\"$(rpm --eval '%build_ldflags')\"" - rlRun "echo 'int main (void) { return 0; }' | gcc -xc -o $b $cflags $ldflags -flto - " - rlRun "annocheck -v $b" - rm $b - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Regression/missing-check-for-x86-property-note-content/main b/tests/Regression/missing-check-for-x86-property-note-content/main deleted file mode 100644 index b7f4983..0000000 Binary files a/tests/Regression/missing-check-for-x86-property-note-content/main and /dev/null differ diff --git a/tests/Regression/missing-check-for-x86-property-note-content/main.fmf b/tests/Regression/missing-check-for-x86-property-note-content/main.fmf deleted file mode 100644 index a7afb11..0000000 --- a/tests/Regression/missing-check-for-x86-property-note-content/main.fmf +++ /dev/null @@ -1,16 +0,0 @@ -summary: missing-check-for-x86-property-note-content -description: | - Bug summary: annobin: Missing check for contents of x86 property note - Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1991931 -contact: Martin Cermak -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- annobin -duration: 48h -link: -- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1991931 -extra-summary: /tools/annobin/Regression/missing-check-for-x86-property-note-content -extra-task: /tools/annobin/Regression/missing-check-for-x86-property-note-content diff --git a/tests/Regression/missing-check-for-x86-property-note-content/runtest.sh b/tests/Regression/missing-check-for-x86-property-note-content/runtest.sh deleted file mode 100755 index 14392c0..0000000 --- a/tests/Regression/missing-check-for-x86-property-note-content/runtest.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /tools/annobin/Regression/missing-check-for-x86-property-note-content -# Description: missing-check-for-x86-property-note-content -# Author: Martin Cermak -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2021 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="annobin" - -rlJournalStart - rlPhaseStartTest - rlRun "annocheck main" 1 - rlRun "annocheck --fixed-format-messages main | \ - grep '^Hardened: FAIL: test: cf-protection file: main.$'" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Regression/processing-params-in-reverse-order/main.fmf b/tests/Regression/processing-params-in-reverse-order/main.fmf deleted file mode 100644 index 19b497d..0000000 --- a/tests/Regression/processing-params-in-reverse-order/main.fmf +++ /dev/null @@ -1,16 +0,0 @@ -summary: processing-params-in-reverse-order -description: | - Bug summary: annocheck processes (reports) parameters in reverse order - Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1988714 -contact: Martin Cermak -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- annobin -duration: 48h -link: -- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1988714 -extra-summary: /tools/annobin/Regression/processing-params-in-reverse-order -extra-task: /tools/annobin/Regression/processing-params-in-reverse-order diff --git a/tests/Regression/processing-params-in-reverse-order/runtest.sh b/tests/Regression/processing-params-in-reverse-order/runtest.sh deleted file mode 100755 index 75b357e..0000000 --- a/tests/Regression/processing-params-in-reverse-order/runtest.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /tools/annobin/Regression/processing-params-in-reverse-order -# Description: processing-params-in-reverse-order -# Author: Martin Cermak -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2021 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="annobin" - -rlJournalStart - rlPhaseStartTest - rlRun "TMP=$(mktemp)" - rlRun "annocheck --verbose --skip-all --test-stack-prot /bin/bash /bin/cat |& tee $TMP" - rlRun "fgrep -i /bin/ $TMP | head -1 | fgrep /bash" - rlRun "fgrep -i /bin/ $TMP | tail -1 | fgrep /cat" - rlRun "rm -f $TMP" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Regression/segv-when-processing-multiple-params-incl-symlink/main.fmf b/tests/Regression/segv-when-processing-multiple-params-incl-symlink/main.fmf deleted file mode 100644 index bd8362f..0000000 --- a/tests/Regression/segv-when-processing-multiple-params-incl-symlink/main.fmf +++ /dev/null @@ -1,17 +0,0 @@ -summary: segv-when-processing-multiple-params-incl-symlink -description: | - Bug summary: annocheck segfaults sometimes when processing multiple parameters and symlink is involved - Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1988715 -contact: Martin Cermak -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- annobin -- libstdc++ -duration: 48h -link: -- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1988715 -extra-summary: /tools/annobin/Regression/segv-when-processing-multiple-params-incl-symlink -extra-task: /tools/annobin/Regression/segv-when-processing-multiple-params-incl-symlink diff --git a/tests/Regression/segv-when-processing-multiple-params-incl-symlink/runtest.sh b/tests/Regression/segv-when-processing-multiple-params-incl-symlink/runtest.sh deleted file mode 100755 index 6603c3c..0000000 --- a/tests/Regression/segv-when-processing-multiple-params-incl-symlink/runtest.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /tools/annobin/Regression/segv-when-processing-multiple-params-incl-symlink -# Description: segv-when-processing-multiple-params-incl-symlink -# Author: Martin Cermak -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2021 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="annobin" - -rlJournalStart - rlPhaseStartTest - # This tries to test https://bugzilla.redhat.com/show_bug.cgi?id=1988715#c0 - # keeping in mind that annocheck will evolve in the future, along its - # rules / policies, and the surrounding OS will evolve too. This test - # shouldn't report false positives though. - rlRun "rpm -qf /usr/lib64/libstdc++.so*" - rlRun "annocheck --follow-links --skip-all /usr/lib64/libstdc++.so*" - rlRun "annocheck --ignore-links --skip-all /usr/lib64/libstdc++.so*" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Regression/testsuite/main.fmf b/tests/Regression/testsuite/main.fmf deleted file mode 100644 index 7352f78..0000000 --- a/tests/Regression/testsuite/main.fmf +++ /dev/null @@ -1,28 +0,0 @@ -summary: testsuite -description: '' -contact: -- Martin Cermak -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- annobin -- annobin-annocheck -- binutils-devel -- gcc -- gcc-c++ -- elfutils -- elfutils-devel -- make -- rpm-build -- rpm-devel -- gcc-plugin-devel -- yum -- dnf -- yum-utils -- bzip2-devel -- rpm-build -duration: 48h -extra-summary: /tools/annobin/Regression/testsuite -extra-task: /tools/annobin/Regression/testsuite diff --git a/tests/Regression/testsuite/runtest.sh b/tests/Regression/testsuite/runtest.sh deleted file mode 100755 index c8016ad..0000000 --- a/tests/Regression/testsuite/runtest.sh +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /tools/annobin/Regression/testsuite -# Description: testsuite -# Author: Martin Cermak -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2018 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="${PACKAGE:-$(rpm -qf --queryformat=%{name} $(man -w annobin))}" -export PACKAGE - -GCC="${GCC:-$(which gcc)}" - - -rlJournalStart - rlPhaseStartSetup - rlLogInfo "PACKAGES=$PACKAGES" - rlLogInfo "REQUIRES=$REQUIRES" - rlLogInfo "COLLECTIONS=$COLLECTIONS" - rlLogInfo "X_SCLS=$X_SCLS" - rlLogInfo "GCC=$GCC" - - rlRun "rpm -qa | fgrep -e redhat-rpm-config -e gcc -e annobin -e binutils | sort" - - # In case more than one devtoolset- or gcc-toolset -build package is - # installed (they can co-exist from the packaging persp, but their - # coexistence causes unexpected results with rpm macros), then we have - # a mess of defined rpm macros coming e.g. from - # /etc/rpm/macros.gcc-toolset-10-config - # /etc/rpm/macros.gcc-toolset-9-config etc. To have just the needed - # macros (respective to given SCL under test) defined without - # uninstalling unneeded RPMs, we'll need an override mechanism. The - # following assumes just one SCL *enabled* (more than one installed), - # and doesn't care of a (useless) revert: - echo ${X_SCLS} | fgrep toolset && \ - rlRun "cat /etc/rpm/*${X_SCLS%\ }* > ~/.rpmmacros" - - rlAssertRpm $PACKAGE - rlRun "TMP=\$(mktemp -d)" - rlRun "pushd $TMP" - - rlFetchSrcForInstalled $PACKAGE - rlRun "yum-builddep -y *src.rpm" - rlRun "rpm --define='_topdir $TMP' -Uvh *src.rpm" - rlRun "rpmbuild --define='_topdir $TMP' -bc SPECS/annobin.spec" - rlPhaseEnd - - rlPhaseStartTest - rlRun "pushd BUILD/annobin-*" - set -o pipefail - rlRun "make check |& tee $TMP/check.log" - rlRun -l "grep '^PASS:' $TMP/check.log" 0 - rlRun -l "grep '^FAIL:' $TMP/check.log" 1 - PASSCOUNT=$(grep '^PASS:' $TMP/check.log | wc -l) - rlRun "[[ $PASSCOUNT -ge 7 ]]" - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "popd" - rlRun "rm -r $TMP" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Sanity/annocheck-silently-ignores-any-file-parameter/main.fmf b/tests/Sanity/annocheck-silently-ignores-any-file-parameter/main.fmf deleted file mode 100644 index 9aea593..0000000 --- a/tests/Sanity/annocheck-silently-ignores-any-file-parameter/main.fmf +++ /dev/null @@ -1,16 +0,0 @@ -summary: Test for BZ#1973981 (annocheck silently ignores any file parameter) -description: | - Bug summary: annocheck silently ignores any file parameter beyond 256 - Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1973981 -contact: Martin Cermak -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- annobin -duration: 48h -link: -- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1973981 -extra-summary: /tools/annobin/Sanity/annocheck-silently-ignores-any-file-parameter -extra-task: /tools/annobin/Sanity/annocheck-silently-ignores-any-file-parameter diff --git a/tests/Sanity/annocheck-silently-ignores-any-file-parameter/runtest.sh b/tests/Sanity/annocheck-silently-ignores-any-file-parameter/runtest.sh deleted file mode 100755 index ca991af..0000000 --- a/tests/Sanity/annocheck-silently-ignores-any-file-parameter/runtest.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /tools/annobin/Sanity/annocheck-silently-ignores-any-file-parameter -# Description: Test for BZ#1973981 (annocheck silently ignores any file parameter) -# Author: Martin Cermak -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2021 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="annobin" - -rlJournalStart - rlPhaseStartSetup - rlRun "TMP=$(mktemp -d)" - rlRun "pushd $TMP" - rlPhaseEnd - - rlPhaseStartTest - for i in `seq 0 299`; do touch ${i}.sample; done - samplecnt=$(ls *.sample | wc -l) - testcnt=$(ls *.sample | \ - xargs annocheck |& \ - fgrep '.sample: is not an ELF format file' | wc -l) - rlRun "test $samplecnt -eq 300" - rlRun "test $testcnt -eq 300" - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "popd" - rlRun "rm -r $TMP" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Sanity/gcc-fedora-flags/hello.c b/tests/Sanity/gcc-fedora-flags/hello.c deleted file mode 100644 index 51b259b..0000000 --- a/tests/Sanity/gcc-fedora-flags/hello.c +++ /dev/null @@ -1,5 +0,0 @@ -#include - -void hello() { - printf("Hello World\n"); -} diff --git a/tests/Sanity/gcc-fedora-flags/hello.cpp b/tests/Sanity/gcc-fedora-flags/hello.cpp deleted file mode 100644 index 400612b..0000000 --- a/tests/Sanity/gcc-fedora-flags/hello.cpp +++ /dev/null @@ -1,5 +0,0 @@ -#include - -void hello() { - std::cout << "Hello World\n"; -} diff --git a/tests/Sanity/gcc-fedora-flags/main.c b/tests/Sanity/gcc-fedora-flags/main.c deleted file mode 100644 index 1a3455d..0000000 --- a/tests/Sanity/gcc-fedora-flags/main.c +++ /dev/null @@ -1,6 +0,0 @@ -void hello(); - -int main(int argc, char **argv) { - hello(); - return 0; -} diff --git a/tests/Sanity/gcc-fedora-flags/main.cpp b/tests/Sanity/gcc-fedora-flags/main.cpp deleted file mode 100644 index 1a3455d..0000000 --- a/tests/Sanity/gcc-fedora-flags/main.cpp +++ /dev/null @@ -1,6 +0,0 @@ -void hello(); - -int main(int argc, char **argv) { - hello(); - return 0; -} diff --git a/tests/Sanity/gcc-fedora-flags/main.fmf b/tests/Sanity/gcc-fedora-flags/main.fmf deleted file mode 100644 index f053025..0000000 --- a/tests/Sanity/gcc-fedora-flags/main.fmf +++ /dev/null @@ -1,17 +0,0 @@ -summary: gcc-fedora-flags -description: '' -contact: -- Tom Stellard -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- gcc -- gcc-c++ -- annobin -- annobin-annocheck -- redhat-rpm-config -duration: 1h -extra-summary: /tools/annobin/Sanity/gcc-fedora-flags -extra-task: /tools/annobin/Sanity/gcc-fedora-flags diff --git a/tests/Sanity/gcc-fedora-flags/runtest.sh b/tests/Sanity/gcc-fedora-flags/runtest.sh deleted file mode 100755 index 8ef829f..0000000 --- a/tests/Sanity/gcc-fedora-flags/runtest.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -set -x - -default_cflags=`rpm -E %{build_cflags}` -default_cxxflags=`rpm -E %{build_cxxflags}` -default_ldflags=`rpm -E %{build_ldflags}` - -cflags=`rpm -D '%toolchain gcc' -E %{build_cflags}` -cxxflags=`rpm -D '%toolchain gcc' -E %{build_cxxflags}` -ldflags=`rpm -D '%toolchain gcc' -E %{build_ldflags}` - -set +x - -rlJournalStart -rlPhaseStartTest - rlRun "rpm -qa | fgrep -e redhat-rpm-config -e gcc -e annobin -e binutils | sort" - - rlRun "test \"$default_cflags\" = \"$cflags\"" - rlRun "test \"$default_cxxflags\" = \"$cxxflags\"" - rlRun "test \"$default_ldflags\" = \"$ldflags\"" - - rlRun "gcc $cflags -o hello.o -c hello.c" - rlRun "annocheck hello.o" - rlRun "gcc $cflags -o main.o -c main.c" - rlRun "gcc $ldflags -o hello main.o hello.o" - rlRun "annocheck hello" - rlRun "./hello | grep \"Hello World\"" - - rlRun "g++ $cxxflags -o hello-cpp.o -c hello.cpp" - rlRun "annocheck hello-cpp.o" - rlRun "g++ $cxxflags -o main-cpp.o -c main.cpp" - rlRun "g++ $ldflags -o hello-cpp main-cpp.o hello-cpp.o" - rlRun "annocheck hello-cpp" - rlRun "./hello-cpp | grep \"Hello World\"" -rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Sanity/smoke/main.fmf b/tests/Sanity/smoke/main.fmf deleted file mode 100644 index 49d2862..0000000 --- a/tests/Sanity/smoke/main.fmf +++ /dev/null @@ -1,16 +0,0 @@ -summary: smoke test for annobin plugin -description: '' -contact: -- Martin Cermak -component: -- annobin -test: ./runtest.sh -framework: beakerlib -recommend: -- man-db -- gcc -- annobin -- annobin-annocheck -duration: 48h -extra-summary: /tools/annobin/Sanity/smoke -extra-task: /tools/annobin/Sanity/smoke diff --git a/tests/Sanity/smoke/runtest.sh b/tests/Sanity/smoke/runtest.sh deleted file mode 100755 index 566e571..0000000 --- a/tests/Sanity/smoke/runtest.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /tools/annobin/Sanity/smoke -# Description: smoke test for annobin plugin -# Author: Martin Cermak -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2019 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="annobin" - -rlJournalStart - rlPhaseStartSetup - rlRun "which gcc" - rlRun "man -w annobin" - rlRun "echo $X_SCLS" - rlPhaseEnd - - rlPhaseStartTest - rlRun "rpm -qa | fgrep -e redhat-rpm-config -e gcc -e annobin -e binutils | sort" - rlRun "echo 'int main() {return 0;}' | gcc -xc -fplugin=annobin -o /dev/null -" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd