diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:42:30 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:42:30 +0000 |
| commit | 75808db17caf8b960b351e3408e74142f4c85aac (patch) | |
| tree | 7989e9c09a4240248bf4658a22208a0a52d991c4 /t/recipes/checks/binaries/hardening/binaries-hardening/build-spec | |
| parent | Initial commit. (diff) | |
| download | lintian-75808db17caf8b960b351e3408e74142f4c85aac.tar.xz lintian-75808db17caf8b960b351e3408e74142f4c85aac.zip | |
Adding upstream version 2.117.0.upstream/2.117.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 't/recipes/checks/binaries/hardening/binaries-hardening/build-spec')
4 files changed, 68 insertions, 0 deletions
diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/fill-values b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/fill-values new file mode 100644 index 0000000..96dea07 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-hardening +Description: Check for missing hardening features +Package-Architecture: any diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/Makefile b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/Makefile new file mode 100644 index 0000000..f1e06f8 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/Makefile @@ -0,0 +1,35 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell ${CC} -no-pie 2>&1)),) + CCWEAK := ${CC} +else + CCWEAK := ${CC} -fno-pie -no-pie +endif + +all: weak.1 strong.1 + # Build without dpkg-buildflags. + $(CCWEAK) -o weak -g \ + -fno-stack-protector \ + -Wl,-z,norelro \ + -U_FORTIFY_SOURCE \ + hello.c + $(CC) -o strong \ + $(shell dpkg-buildflags --get CPPFLAGS) \ + $(shell dpkg-buildflags --get CFLAGS) \ + $(shell dpkg-buildflags --get LDFLAGS) \ + hello.c +%.1: base.pod + sed s/@NAME@/$(basename $@)/g < $< | \ + pod2man --name $(basename $@) --section 1 > $@ + +install: + install -d $(DESTDIR)/usr/bin/ + install -d $(DESTDIR)/usr/share/man/man1 + install -m 755 -c weak $(DESTDIR)/usr/bin/weak + install -m 755 -c strong $(DESTDIR)/usr/bin/strong + install -m 644 -c weak.1 $(DESTDIR)/usr/share/man/man1/weak.1 + install -m 644 -c strong.1 $(DESTDIR)/usr/share/man/man1/strong.1 + +clean distclean: + rm -f weak strong *.1 + +check test: diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/base.pod b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/base.pod new file mode 100644 index 0000000..1e900d7 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/base.pod @@ -0,0 +1,12 @@ +=head1 NAME + +@NAME@ -- binary that does something + +=head1 SYNOPSIS + + @NAME@ [options] + +=head1 DESCRIPTION + +@NAME@ does something very useful. + diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/hello.c b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/hello.c new file mode 100644 index 0000000..7b87bd7 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/hello.c @@ -0,0 +1,17 @@ +#include <stdio.h> + +void +report(char *string) +{ + char buf[80]; + int len; + + strcpy(buf, string); + fprintf(stdout, "Hello world from %s!\n%n", buf, &len); +} + +int +main(int argc, char *argv[]) +{ + report(argv[0]); +} |