|
Björn Esser |
b3eaa61 |
# Testsuite needs root-privileges.
|
|
Björn Esser |
b3eaa61 |
%bcond_with testsuite
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
b3eaa61 |
%global giturl https://github.com/slimm609/%{name}.sh
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
14ad63f |
Name: checksec
|
|
 |
44e100a |
Version: 1.8.0
|
|
 |
0f53ff8 |
Release: 3%{?dist}
|
|
Björn Esser |
14ad63f |
Summary: Tool to check system for binary-hardening
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
License: BSD
|
|
|
44e100a |
URL: %{giturl}
|
|
Björn Esser |
b3eaa61 |
Source0: %{giturl}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
BuildArch: noarch
|
|
Björn Esser |
75e6a3e |
|
|
Björn Esser |
b3eaa61 |
%if %{with testsuite}
|
|
Björn Esser |
b3eaa61 |
BuildRequires: binutils
|
|
Björn Esser |
b3eaa61 |
BuildRequires: file
|
|
Björn Esser |
b3eaa61 |
BuildRequires: findutils
|
|
Björn Esser |
b3eaa61 |
BuildRequires: gawk
|
|
Björn Esser |
b3eaa61 |
BuildRequires: libxml2
|
|
Björn Esser |
b3eaa61 |
%if 0%{?fedora} || 0%{?rhel} >= 6
|
|
Björn Esser |
b3eaa61 |
BuildRequires: php-jsonlint
|
|
Björn Esser |
b3eaa61 |
%endif # 0#{?fedora} || 0#{?rhel} >= 6
|
|
Björn Esser |
b3eaa61 |
%endif # with testsuite
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
14ad63f |
Requires: binutils
|
|
Björn Esser |
75e6a3e |
Requires: file
|
|
Björn Esser |
75e6a3e |
Requires: findutils
|
|
Björn Esser |
b3eaa61 |
Requires: gawk
|
|
 |
3174dfd |
Requires: which
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%description
|
|
Björn Esser |
14ad63f |
Modern Linux distributions offer some mitigation techniques to make it harder
|
|
Björn Esser |
14ad63f |
to exploit software vulnerabilities reliably. Mitigations such as RELRO,
|
|
Björn Esser |
14ad63f |
NoExecute (NX), Stack Canaries, Address Space Layout Randomization (ASLR) and
|
|
Björn Esser |
14ad63f |
Position Independent Executables (PIE) have made reliably exploiting any
|
|
Björn Esser |
14ad63f |
vulnerabilities that do exist far more challenging. The checksec script is
|
|
Björn Esser |
14ad63f |
designed to test what *standard* Linux OS and PaX (http://pax.grsecurity.net/)
|
|
Björn Esser |
14ad63f |
security features are being used.
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
As of version 1.3 the script also lists the status of various Linux kernel
|
|
Björn Esser |
14ad63f |
protection mechanisms.
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%{name} can check binary-files and running processes for hardening features.
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%prep
|
|
Björn Esser |
b3eaa61 |
%autosetup -n %{name}.sh-%{version} -p 1
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%install
|
|
Björn Esser |
b3eaa61 |
%{__mkdir} -p %{buildroot}%{_bindir} %{buildroot}%{_mandir}/man7
|
|
Björn Esser |
b3eaa61 |
%{__install} -pm 0755 %{name} %{buildroot}%{_bindir}
|
|
Björn Esser |
b3eaa61 |
%{__install} -pm 0644 extras/man/%{name}.7 %{buildroot}%{_mandir}/man7
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
b3eaa61 |
%if %{with testsuite}
|
|
Björn Esser |
b3eaa61 |
%check
|
|
Björn Esser |
b3eaa61 |
pushd tests
|
|
Björn Esser |
b3eaa61 |
./xml-checks.sh || exit 2
|
|
Björn Esser |
b3eaa61 |
%if 0%{?fedora} || 0%{?rhel} >= 6
|
|
Björn Esser |
b3eaa61 |
./json-checks.sh || exit 2
|
|
Björn Esser |
b3eaa61 |
%endif # 0#{?fedora} || 0#{?rhel} >= 6
|
|
Björn Esser |
b3eaa61 |
popd
|
|
Björn Esser |
b3eaa61 |
%endif # with testsuite
|
|
Björn Esser |
723bf62 |
|
|
Björn Esser |
723bf62 |
|
|
Björn Esser |
14ad63f |
%files
|
|
Björn Esser |
b3eaa61 |
%license LICENSE.txt
|
|
Björn Esser |
b3eaa61 |
%doc ChangeLog README.md
|
|
Björn Esser |
14ad63f |
%{_bindir}/%{name}
|
|
Björn Esser |
b3eaa61 |
%{_mandir}/man7/%{name}.7*
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%changelog
|
|
|
0f53ff8 |
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-3
|
|
|
0f53ff8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
0f53ff8 |
|
|
Li Rui Bin |
c522625 |
* Thu Sep 27 2018 Robin Lee <cheeselee@fedoraproject.org> - 1.8.0-2
|
|
Li Rui Bin |
c522625 |
- Fix Linux 4.18 compitability (BZ#1632412)
|
|
Li Rui Bin |
c522625 |
|
|
|
44e100a |
* Sun Sep 23 2018 Robin Lee <cheeselee@fedoraproject.org> - 1.8.0-1
|
|
|
44e100a |
- Update to 1.8.0 (BZ#1485319)
|
|
|
44e100a |
|
|
|
3174dfd |
* Thu Aug 02 2018 Dan Horák
|
|
|
3174dfd |
- which is Required
|
|
|
3174dfd |
|
|
|
c8148d0 |
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.4-7
|
|
|
c8148d0 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
c8148d0 |
|
|
|
731761e |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.4-6
|
|
|
731761e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
731761e |
|
|
 |
43d4d5f |
* Fri Sep 08 2017 Troy Dawson <tdawson@redhat.com> - 1.7.4-5
|
|
|
43d4d5f |
- Cleanup spec file conditionals
|
|
|
43d4d5f |
|
|
|
88c05ff |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.4-4
|
|
|
88c05ff |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
88c05ff |
|
|
|
246b801 |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.4-3
|
|
|
246b801 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
246b801 |
|
|
Björn Esser |
93b47d1 |
* Sun Oct 02 2016 Björn Esser <fedora@besser82.io> - 1.7.4-2
|
|
Björn Esser |
93b47d1 |
- Add manpage a Source1
|
|
Björn Esser |
93b47d1 |
|
|
Björn Esser |
b3eaa61 |
* Sun Oct 02 2016 Björn Esser <fedora@besser82.io> - 1.7.4-1
|
|
Björn Esser |
b3eaa61 |
- Update to forked version (rhbz 1240391)
|
|
Björn Esser |
b3eaa61 |
- Added missing runtime-dependency on gawk (rhbz 1380950)
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
75e6a3e |
* Sun Oct 02 2016 Björn Esser <fedora@besser82.io> - 1.5-7
|
|
Björn Esser |
75e6a3e |
- Added missing runtime-dependencies (rhbz 1380950)
|
|
Björn Esser |
75e6a3e |
- Small improvements to spec-file
|
|
Björn Esser |
75e6a3e |
- Clean trailing whitespaces
|
|
Björn Esser |
75e6a3e |
|
|
 |
9b39f44 |
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.5-6
|
|
|
9b39f44 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
9b39f44 |
|
|
|
e81f9c3 |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-5
|
|
|
e81f9c3 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
e81f9c3 |
|
|
|
dee8d05 |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-4
|
|
|
dee8d05 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
dee8d05 |
|
|
|
489c848 |
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-3
|
|
|
489c848 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
489c848 |
|
|
Björn Esser |
723bf62 |
* Wed Jun 12 2013 Björn Esser <bjoern.esser@gmail.com> - 1.5-2
|
|
Björn Esser |
723bf62 |
- added stuff for el5-build
|
|
Björn Esser |
723bf62 |
|
|
Björn Esser |
14ad63f |
* Tue Jun 11 2013 Björn Esser <bjoern.esser@gmail.com> - 1.5-1
|
|
Björn Esser |
14ad63f |
- Initial rpm release
|