From b6c8d7c180fb217692a2743fe1c00c0b86b763a5 Mon Sep 17 00:00:00 2001 From: chen-jan Date: Mon, 5 Jun 2023 14:49:11 +0800 Subject: [PATCH] Fix security compilation options strip and rpath issues --- obs-bundled-gems.spec | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/obs-bundled-gems.spec b/obs-bundled-gems.spec index 878c9db..9569182 100644 --- a/obs-bundled-gems.spec +++ b/obs-bundled-gems.spec @@ -19,7 +19,7 @@ %global rack_version 2.2.3 Name: obs-bundled-gems Version: 2.10.1 -Release: 10 +Release: 11 Summary: The Open Build Service -- Bundled Gems License: GPL-2.0-only OR GPL-3.0-only URL: http://www.openbuildservice.org @@ -29,7 +29,7 @@ Source2: Gemfile.lock.x86 Source3: verdor.obscpio BuildRequires: cyrus-sasl-devel mysql-devel nodejs openldap-devel python3-devel BuildRequires: gcc gcc-c++ glibc-devel libtool libxml2-devel libxslt-devel -BuildRequires: ruby-devel rubygem-bundler ruby-common make +BuildRequires: ruby-devel rubygem-bundler ruby-common make chrpath %description This package is useful for the Open Build Service. It will figure out @@ -129,8 +129,26 @@ find %{buildroot} -type f -print0 | xargs -0 grep -l /usr/bin/env | grep -v ruby chmod a-x $file done +cd $RPM_BUILD_ROOT/usr +file `find -type f`| grep -w ELF | awk -F":" '{print $1}' | for i in `xargs` +do + chrpath -d $i + strip $i +done +cd - +mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d +echo "%{_bindir}/%{name}" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf +echo "%{_libdir}/%{name}" >> $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf + +%post +/sbin/ldconfig + +%postun +/sbin/ldconfig + %files %_libdir/obs-api +%config /etc/ld.so.conf.d/* %files -n obs-api-deps %doc README @@ -139,6 +157,9 @@ done %doc README %changelog +* Mon Jun 05 2023 chenchen - 2.10.1-11 +- Fix security compilation options strip and rpath issues + * Mon Feb 13 2023 wangkai 2.10.1-10 - Modify the rdoc version to 6.3.3 -- Gitee