diff options
author | Jun Aruga <jaruga@redhat.com> | 2022-05-10 16:34:08 +0200 |
---|---|---|
committer | Jun Aruga <junaruga@users.noreply.github.com> | 2022-05-16 10:10:16 +0200 |
commit | dccfff943c3ea9defd91647cfa3fd8714041bb5a (patch) | |
tree | 980e2e0f05cc7f9771d9f521d649542d5b450088 /tool/annocheck | |
parent | 36efb2a146b247efd3d8d0ac85542998cd67b437 (diff) |
Add `make test-annocheck` to detect security issues.
* Note that as the annocheck binary package is not available on Ubuntu, and it
is working in progress in Debian, the script uses Fedora container, and
it requires docker or podman command.
https://www.debian.org/devel/wnpp/itp.en.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926470
* .github/workflows/compilers.yml: Add "gcc-11 annocheck" case.
To pass the CI, set `TEST_ANNOCHECK_OPTS: "--skip-pie --skip-notes"` for now.
See <https://bugs.ruby-lang.org/issues/18061>.
* Skip MJIT tests in case of annocheck case.
The MJIT tests fail in the annocheck case.
See <https://bugs.ruby-lang.org/issues/18781>.
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/5900
Diffstat (limited to 'tool/annocheck')
-rw-r--r-- | tool/annocheck/Dockerfile | 4 | ||||
-rw-r--r-- | tool/annocheck/Dockerfile-copy | 7 |
2 files changed, 11 insertions, 0 deletions
diff --git a/tool/annocheck/Dockerfile b/tool/annocheck/Dockerfile new file mode 100644 index 0000000000..138adc48de --- /dev/null +++ b/tool/annocheck/Dockerfile @@ -0,0 +1,4 @@ +FROM docker.io/fedora:latest + +RUN dnf -y install annobin-annocheck +WORKDIR /work diff --git a/tool/annocheck/Dockerfile-copy b/tool/annocheck/Dockerfile-copy new file mode 100644 index 0000000000..e658d12ddc --- /dev/null +++ b/tool/annocheck/Dockerfile-copy @@ -0,0 +1,7 @@ +FROM docker.io/fedora:latest +ARG FILES + +RUN dnf -y install annobin-annocheck +RUN mkdir /work +COPY ${FILES} /work +WORKDIR /work |