Blob Blame History Raw
# Testsuite needs root-privileges.
%bcond_with testsuite

%global giturl https://github.com/slimm609/%{name}.sh


Name:		checksec
Version:	1.7.4
Release:	3%{?dist}
Summary:	Tool to check system for binary-hardening
Group:		Development/Tools

License:	BSD
URL:		http://www.trapkit.de/tools/%{name}.html
Source0:	%{giturl}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1:	%{name}.7

Patch0:		%{giturl}/commit/a4cce2901b87cd94ce41e9e7852d057ab8df15e2.patch#/checksec-1.7.4_fixed-manpage.patch
Patch1:		%{giturl}/commit/1065bee269a093c1ff3257f95632f718ac1d64b6.patch#/checksec-1.7.4_possible-fix-for-issue-28.patch
Patch2:		%{giturl}/commit/2e59a5eac6245136ce08e282eac9997c4ca29da3.patch#/checksec-1.7.4_updated-tests-to-pass-on-error-codes-from-lint-failures.patch
Patch3:		%{giturl}/commit/64057f955eb47eb358fc742c027d695748639cde.patch#/checksec-1.7.4_changed-order-of-checks.patch
Patch4:		%{giturl}/commit/0cdfda78178b3b8fd6f4918f63b4df6e984cf559.patch#/checksec-1.7.4_fixed-for-real-issue-28.patch

BuildArch:	noarch

%{?rhel:BuildRequires:	epel-rpm-macros}

%if %{with testsuite}
BuildRequires:	binutils
BuildRequires:	file
BuildRequires:	findutils
BuildRequires:	gawk
BuildRequires:	libxml2
%if 0%{?fedora} || 0%{?rhel} >= 6
BuildRequires:	php-jsonlint
%endif # 0#{?fedora} || 0#{?rhel} >= 6
%endif # with testsuite

Requires:	binutils
Requires:	file
Requires:	findutils
Requires:	gawk

%description
Modern Linux distributions offer some mitigation techniques to make it harder
to exploit software vulnerabilities reliably. Mitigations such as RELRO,
NoExecute (NX), Stack Canaries, Address Space Layout Randomization (ASLR) and
Position Independent Executables (PIE) have made reliably exploiting any
vulnerabilities that do exist far more challenging. The checksec script is
designed to test what *standard* Linux OS and PaX (http://pax.grsecurity.net/)
security features are being used.

As of version 1.3 the script also lists the status of various Linux kernel
protection mechanisms.

%{name} can check binary-files and running processes for hardening features.


%prep
%autosetup -n %{name}.sh-%{version} -p 1


%build
%{__install} -pm 0644 %{SOURCE1} extras/man/


%install
%{__mkdir} -p %{buildroot}%{_bindir} %{buildroot}%{_mandir}/man7
%{__install} -pm 0755 %{name} %{buildroot}%{_bindir}
%{__install} -pm 0644 extras/man/%{name}.7 %{buildroot}%{_mandir}/man7


%if %{with testsuite}
%check
pushd tests
./xml-checks.sh || exit 2
%if 0%{?fedora} || 0%{?rhel} >= 6
./json-checks.sh || exit 2
%endif # 0#{?fedora} || 0#{?rhel} >= 6
popd
%endif # with testsuite


%files
%license LICENSE.txt
%doc ChangeLog README.md
%{_bindir}/%{name}
%{_mandir}/man7/%{name}.7*


%changelog
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Sun Oct 02 2016 Björn Esser <fedora@besser82.io> - 1.7.4-2
- Add manpage a Source1

* Sun Oct 02 2016 Björn Esser <fedora@besser82.io> - 1.7.4-1
- Update to forked version (rhbz 1240391)
- Added missing runtime-dependency on gawk (rhbz 1380950)

* Sun Oct 02 2016 Björn Esser <fedora@besser82.io> - 1.5-7
- Added missing runtime-dependencies (rhbz 1380950)
- Small improvements to spec-file
- Clean trailing whitespaces

* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Wed Jun 12 2013 Björn Esser <bjoern.esser@gmail.com> - 1.5-2
- added stuff for el5-build

* Tue Jun 11 2013 Björn Esser <bjoern.esser@gmail.com> - 1.5-1
- Initial rpm release