Add `make test-annocheck` to detect security issues.

* Note that as the annocheck binary package is not available on Ubuntu, and it is working in progress in Debian, the script uses Fedora container, and it requires docker or podman command. https://www.debian.org/devel/wnpp/itp.en.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926470 * .github/workflows/compilers.yml: Add "gcc-11 annocheck" case. To pass the CI, set `TEST_ANNOCHECK_OPTS: "--skip-pie --skip-notes"` for now. See <https://bugs.ruby-lang.org/issues/18061>. * Skip MJIT tests in case of annocheck case. The MJIT tests fail in the annocheck case. See <https://bugs.ruby-lang.org/issues/18781>.
author: Jun Aruga <jaruga@redhat.com> 2022-05-10 16:34:08 +0200
committer: Jun Aruga <junaruga@users.noreply.github.com> 2022-05-16 10:10:16 +0200
commit: dccfff943c3ea9defd91647cfa3fd8714041bb5a (patch)
tree: 980e2e0f05cc7f9771d9f521d649542d5b450088 /tool/annocheck
parent: 36efb2a146b247efd3d8d0ac85542998cd67b437 (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/tool/annocheck/Dockerfile b/tool/annocheck/Dockerfile
new file mode 100644
index 0000000000..138adc48de
--- /dev/null
+++ b/tool/annocheck/Dockerfile
@@ -0,0 +1,4 @@
+FROM docker.io/fedora:latest
+
+RUN dnf -y install annobin-annocheck
+WORKDIR /work
diff --git a/tool/annocheck/Dockerfile-copy b/tool/annocheck/Dockerfile-copy
new file mode 100644
index 0000000000..e658d12ddc
--- /dev/null
+++ b/tool/annocheck/Dockerfile-copy
@@ -0,0 +1,7 @@
+FROM docker.io/fedora:latest
+ARG FILES
+
+RUN dnf -y install annobin-annocheck
+RUN mkdir /work
+COPY ${FILES} /work
+WORKDIR /work
author	Jun Aruga <jaruga@redhat.com>	2022-05-10 16:34:08 +0200
committer	Jun Aruga <junaruga@users.noreply.github.com>	2022-05-16 10:10:16 +0200
commit	dccfff943c3ea9defd91647cfa3fd8714041bb5a (patch)
tree	980e2e0f05cc7f9771d9f521d649542d5b450088 /tool/annocheck
parent	36efb2a146b247efd3d8d0ac85542998cd67b437 (diff)