forked from secureblue/hardened_malloc
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhardened_malloc.spec
More file actions
192 lines (151 loc) · 8.02 KB
/
hardened_malloc.spec
File metadata and controls
192 lines (151 loc) · 8.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
%global tag 2026030700
Name: hardened_malloc
Version: 14
Release: %{tag}%{?dist}
Summary: Hardened allocator designed for modern systems
License: MIT
URL: https://github.com/GrapheneOS/hardened_malloc
Source0: %{url}/archive/refs/tags/%{tag}.tar.gz
Source1: opt.patch
BuildRequires: systemd-rpm-macros rpm-build rpmdevtools make gcc gcc-c++
ExclusiveArch: x86_64 aarch64
%global debug_package %{nil}
# https://github.com/GrapheneOS/hardened_malloc/issues/200
%global optflags %{optflags} -fno-fat-lto-objects
%description
Hardened allocator designed for modern systems.
It has integration into Android's Bionic libc and can be used externally with
musl and glibc as a dynamic library for use on other Linux-based platforms. It
will gain more portability / integration over time.
# start section from https://github.com/divestedcg/rpm-hardened_malloc/blob/master/hardened_malloc.spec
#
# MIT License
#
# Copyright (c) 2022 noatsecure
# Copyright (c) 2022 Divested Computing Group
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
%prep
%define _srcdir hardened_malloc
%{__mkdir} %{_srcdir};
%{__tar} -x -f %{SOURCE0} -C %{_srcdir} --strip-components 1;
%build
cd %{_srcdir};
cp config/default.mk config/pkey.mk
sed -i 's/CONFIG_SEAL_METADATA := false/CONFIG_SEAL_METADATA := true/' config/pkey.mk
patch -p1 < %{SOURCE1};
make CONFIG_NATIVE=false VARIANT=default;
make CONFIG_NATIVE=false VARIANT=light
make CONFIG_NATIVE=false VARIANT=pkey
%ifarch x86_64
ln -s default.mk config/default-x86-64.mk;
ln -s default.mk config/default-x86-64-v2.mk;
ln -s default.mk config/default-x86-64-v3.mk;
ln -s default.mk config/default-x86-64-v4.mk;
ln -s light.mk config/light-x86-64.mk;
ln -s light.mk config/light-x86-64-v2.mk;
ln -s light.mk config/light-x86-64-v3.mk;
ln -s light.mk config/light-x86-64-v4.mk;
ln -s pkey.mk config/pkey-x86-64.mk;
ln -s pkey.mk config/pkey-x86-64-v2.mk;
ln -s pkey.mk config/pkey-x86-64-v3.mk;
ln -s pkey.mk config/pkey-x86-64-v4.mk;
make CONFIG_NATIVE=false CONFIG_X86_64=true VARIANT=default-x86-64;
make CONFIG_NATIVE=false CONFIG_X86_64_V2=true VARIANT=default-x86-64-v2;
make CONFIG_NATIVE=false CONFIG_X86_64_V3=true VARIANT=default-x86-64-v3;
make CONFIG_NATIVE=false CONFIG_X86_64_V4=true VARIANT=default-x86-64-v4;
make CONFIG_NATIVE=false CONFIG_X86_64=true VARIANT=light-x86-64;
make CONFIG_NATIVE=false CONFIG_X86_64_V2=true VARIANT=light-x86-64-v2;
make CONFIG_NATIVE=false CONFIG_X86_64_V3=true VARIANT=light-x86-64-v3;
make CONFIG_NATIVE=false CONFIG_X86_64_V4=true VARIANT=light-x86-64-v4;
make CONFIG_NATIVE=false CONFIG_X86_64=true VARIANT=pkey-x86-64;
make CONFIG_NATIVE=false CONFIG_X86_64_V2=true VARIANT=pkey-x86-64-v2;
make CONFIG_NATIVE=false CONFIG_X86_64_V3=true VARIANT=pkey-x86-64-v3;
make CONFIG_NATIVE=false CONFIG_X86_64_V4=true VARIANT=pkey-x86-64-v4;
%endif
# end section from https://github.com/divestedcg/rpm-hardened_malloc/blob/master/hardened_malloc.spec
%install
install -Dm4644 -s %{_srcdir}/out/libhardened_malloc.so %{buildroot}%{_libdir}/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-light/libhardened_malloc-light.so %{buildroot}%{_libdir}/libhardened_malloc-light.so
install -Dm4644 -s %{_srcdir}/out-pkey/libhardened_malloc-pkey.so %{buildroot}%{_libdir}/libhardened_malloc-pkey.so
%ifarch x86_64
install -Dm4644 -s %{_srcdir}/out-default-x86-64/libhardened_malloc-default-x86-64.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-default-x86-64-v2/libhardened_malloc-default-x86-64-v2.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-default-x86-64-v3/libhardened_malloc-default-x86-64-v3.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-default-x86-64-v4/libhardened_malloc-default-x86-64-v4.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-light-x86-64/libhardened_malloc-light-x86-64.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc-light.so;
install -Dm4644 -s %{_srcdir}/out-light-x86-64-v2/libhardened_malloc-light-x86-64-v2.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc-light.so
install -Dm4644 -s %{_srcdir}/out-light-x86-64-v3/libhardened_malloc-light-x86-64-v3.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc-light.so
install -Dm4644 -s %{_srcdir}/out-light-x86-64-v4/libhardened_malloc-light-x86-64-v4.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc-light.so
install -Dm4644 -s %{_srcdir}/out-pkey-x86-64/libhardened_malloc-pkey-x86-64.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc-pkey.so;
install -Dm4644 -s %{_srcdir}/out-pkey-x86-64-v2/libhardened_malloc-pkey-x86-64-v2.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc-pkey.so;
install -Dm4644 -s %{_srcdir}/out-pkey-x86-64-v3/libhardened_malloc-pkey-x86-64-v3.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc-pkey.so;
install -Dm4644 -s %{_srcdir}/out-pkey-x86-64-v4/libhardened_malloc-pkey-x86-64-v4.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc-pkey.so;
%endif
%check
cd %{_srcdir};
make test
%files
%license %{_srcdir}/LICENSE %{_srcdir}/CREDITS
%doc %{_srcdir}/README.md
%{_libdir}/libhardened_malloc.so
%{_libdir}/libhardened_malloc-light.so
%{_libdir}/libhardened_malloc-pkey.so
%ifarch x86_64
%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc.so
%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc.so
%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc.so
%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc.so
%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc-light.so
%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc-light.so
%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc-light.so
%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc-light.so
%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc-pkey.so
%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc-pkey.so
%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc-pkey.so
%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc-pkey.so
%endif
%changelog
* Tue Dec 12 2023 rusty-snake - 12-5
- hardened_malloc.so: 4755 -> 4644
* Sun Dec 10 2023 rusty-snake - 12-4
- Set set-user-id bit on libhardened_malloc.so.
Thanks to Tad for the finding and reporting.
Fixes #2
* Sat Dec 09 2023 rusty-snake - 12-3
- Remove 30-hardened_malloc.conf, Fedora 39 does this by default
* Sat Dec 09 2023 rusty-snake - 12-2
- Add pkey variant
* Fri Sep 29 2023 rusty-snake - 12-1
- Update to version 12
* Sat Jan 22 2022 rusty-snake - 11-1
- Update to version 11
* Thu Jan 13 2022 rusty-snake - 10-1
- Update to version 10
- Add libhardened_malloc-light.so
* Mon Jan 3 2022 rusty-snake - 9-1
- Update to version 9
* Sun Nov 14 2021 rusty-snake - 8-3
- Install 30-hardened_malloc.conf under %%_sysctldir
- Cleanup the specfile
* Thu Sep 30 2021 rusty-snake - 8-2
- Disable the post-transaction scriptlet to insert hardened_malloc
into `/etc/ld.so.preload
* Sat Sep 18 2021 rusty-snake - 8-1
- Initial hardened_malloc spec