|
Björn Esser |
b3eaa61 |
# Testsuite needs root-privileges.
|
|
Björn Esser |
b3eaa61 |
%bcond_with testsuite
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
b3eaa61 |
%global giturl https://github.com/slimm609/%{name}.sh
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
14ad63f |
Name: checksec
|
|
Björn Esser |
b3eaa61 |
Version: 1.7.4
|
|
|
246b801 |
Release: 3%{?dist}
|
|
Björn Esser |
14ad63f |
Summary: Tool to check system for binary-hardening
|
|
Björn Esser |
723bf62 |
Group: Development/Tools
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
License: BSD
|
|
Björn Esser |
14ad63f |
URL: http://www.trapkit.de/tools/%{name}.html
|
|
Björn Esser |
b3eaa61 |
Source0: %{giturl}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
|
Björn Esser |
93b47d1 |
Source1: %{name}.7
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
b3eaa61 |
Patch0: %{giturl}/commit/a4cce2901b87cd94ce41e9e7852d057ab8df15e2.patch#/checksec-1.7.4_fixed-manpage.patch
|
|
Björn Esser |
b3eaa61 |
Patch1: %{giturl}/commit/1065bee269a093c1ff3257f95632f718ac1d64b6.patch#/checksec-1.7.4_possible-fix-for-issue-28.patch
|
|
Björn Esser |
b3eaa61 |
Patch2: %{giturl}/commit/2e59a5eac6245136ce08e282eac9997c4ca29da3.patch#/checksec-1.7.4_updated-tests-to-pass-on-error-codes-from-lint-failures.patch
|
|
Björn Esser |
b3eaa61 |
Patch3: %{giturl}/commit/64057f955eb47eb358fc742c027d695748639cde.patch#/checksec-1.7.4_changed-order-of-checks.patch
|
|
Björn Esser |
b3eaa61 |
Patch4: %{giturl}/commit/0cdfda78178b3b8fd6f4918f63b4df6e984cf559.patch#/checksec-1.7.4_fixed-for-real-issue-28.patch
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
BuildArch: noarch
|
|
Björn Esser |
75e6a3e |
|
|
Björn Esser |
b3eaa61 |
%{?rhel:BuildRequires: epel-rpm-macros}
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
b3eaa61 |
%if %{with testsuite}
|
|
Björn Esser |
b3eaa61 |
BuildRequires: binutils
|
|
Björn Esser |
b3eaa61 |
BuildRequires: file
|
|
Björn Esser |
b3eaa61 |
BuildRequires: findutils
|
|
Björn Esser |
b3eaa61 |
BuildRequires: gawk
|
|
Björn Esser |
b3eaa61 |
BuildRequires: libxml2
|
|
Björn Esser |
b3eaa61 |
%if 0%{?fedora} || 0%{?rhel} >= 6
|
|
Björn Esser |
b3eaa61 |
BuildRequires: php-jsonlint
|
|
Björn Esser |
b3eaa61 |
%endif # 0#{?fedora} || 0#{?rhel} >= 6
|
|
Björn Esser |
b3eaa61 |
%endif # with testsuite
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
14ad63f |
Requires: binutils
|
|
Björn Esser |
75e6a3e |
Requires: file
|
|
Björn Esser |
75e6a3e |
Requires: findutils
|
|
Björn Esser |
b3eaa61 |
Requires: gawk
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%description
|
|
Björn Esser |
14ad63f |
Modern Linux distributions offer some mitigation techniques to make it harder
|
|
Björn Esser |
14ad63f |
to exploit software vulnerabilities reliably. Mitigations such as RELRO,
|
|
Björn Esser |
14ad63f |
NoExecute (NX), Stack Canaries, Address Space Layout Randomization (ASLR) and
|
|
Björn Esser |
14ad63f |
Position Independent Executables (PIE) have made reliably exploiting any
|
|
Björn Esser |
14ad63f |
vulnerabilities that do exist far more challenging. The checksec script is
|
|
Björn Esser |
14ad63f |
designed to test what *standard* Linux OS and PaX (http://pax.grsecurity.net/)
|
|
Björn Esser |
14ad63f |
security features are being used.
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
As of version 1.3 the script also lists the status of various Linux kernel
|
|
Björn Esser |
14ad63f |
protection mechanisms.
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%{name} can check binary-files and running processes for hardening features.
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%prep
|
|
Björn Esser |
b3eaa61 |
%autosetup -n %{name}.sh-%{version} -p 1
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%build
|
|
Björn Esser |
93b47d1 |
%{__install} -pm 0644 %{SOURCE1} extras/man/
|
|
Björn Esser |
93b47d1 |
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%install
|
|
Björn Esser |
b3eaa61 |
%{__mkdir} -p %{buildroot}%{_bindir} %{buildroot}%{_mandir}/man7
|
|
Björn Esser |
b3eaa61 |
%{__install} -pm 0755 %{name} %{buildroot}%{_bindir}
|
|
Björn Esser |
b3eaa61 |
%{__install} -pm 0644 extras/man/%{name}.7 %{buildroot}%{_mandir}/man7
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
b3eaa61 |
%if %{with testsuite}
|
|
Björn Esser |
b3eaa61 |
%check
|
|
Björn Esser |
b3eaa61 |
pushd tests
|
|
Björn Esser |
b3eaa61 |
./xml-checks.sh || exit 2
|
|
Björn Esser |
b3eaa61 |
%if 0%{?fedora} || 0%{?rhel} >= 6
|
|
Björn Esser |
b3eaa61 |
./json-checks.sh || exit 2
|
|
Björn Esser |
b3eaa61 |
%endif # 0#{?fedora} || 0#{?rhel} >= 6
|
|
Björn Esser |
b3eaa61 |
popd
|
|
Björn Esser |
b3eaa61 |
%endif # with testsuite
|
|
Björn Esser |
723bf62 |
|
|
Björn Esser |
723bf62 |
|
|
Björn Esser |
14ad63f |
%files
|
|
Björn Esser |
b3eaa61 |
%license LICENSE.txt
|
|
Björn Esser |
b3eaa61 |
%doc ChangeLog README.md
|
|
Björn Esser |
14ad63f |
%{_bindir}/%{name}
|
|
Björn Esser |
b3eaa61 |
%{_mandir}/man7/%{name}.7*
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
|
|
Björn Esser |
14ad63f |
%changelog
|
|
|
246b801 |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.4-3
|
|
|
246b801 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
246b801 |
|
|
Björn Esser |
93b47d1 |
* Sun Oct 02 2016 Björn Esser <fedora@besser82.io> - 1.7.4-2
|
|
Björn Esser |
93b47d1 |
- Add manpage a Source1
|
|
Björn Esser |
93b47d1 |
|
|
Björn Esser |
b3eaa61 |
* Sun Oct 02 2016 Björn Esser <fedora@besser82.io> - 1.7.4-1
|
|
Björn Esser |
b3eaa61 |
- Update to forked version (rhbz 1240391)
|
|
Björn Esser |
b3eaa61 |
- Added missing runtime-dependency on gawk (rhbz 1380950)
|
|
Björn Esser |
b3eaa61 |
|
|
Björn Esser |
75e6a3e |
* Sun Oct 02 2016 Björn Esser <fedora@besser82.io> - 1.5-7
|
|
Björn Esser |
75e6a3e |
- Added missing runtime-dependencies (rhbz 1380950)
|
|
Björn Esser |
75e6a3e |
- Small improvements to spec-file
|
|
Björn Esser |
75e6a3e |
- Clean trailing whitespaces
|
|
Björn Esser |
75e6a3e |
|
|
|
9b39f44 |
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.5-6
|
|
|
9b39f44 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
9b39f44 |
|
|
|
e81f9c3 |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-5
|
|
|
e81f9c3 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
e81f9c3 |
|
|
|
dee8d05 |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-4
|
|
|
dee8d05 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
dee8d05 |
|
|
|
489c848 |
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-3
|
|
|
489c848 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
489c848 |
|
|
Björn Esser |
723bf62 |
* Wed Jun 12 2013 Björn Esser <bjoern.esser@gmail.com> - 1.5-2
|
|
Björn Esser |
723bf62 |
- added stuff for el5-build
|
|
Björn Esser |
723bf62 |
|
|
Björn Esser |
14ad63f |
* Tue Jun 11 2013 Björn Esser <bjoern.esser@gmail.com> - 1.5-1
|
|
Björn Esser |
14ad63f |
- Initial rpm release
|