Name: hardened_malloc
Version: 13
Release: 1%{?dist}
Summary: Hardened allocator designed for modern systems
License: MIT
URL: https://github.com/GrapheneOS/hardened_malloc
Source0: %{url}/archive/refs/tags/%{version}.tar.gz
Source1: opt.patch
BuildRequires: systemd-rpm-macros rpm-build rpmdevtools rpmlint make gcc gcc-c++
%global debug_package %{nil}
# https://github.com/GrapheneOS/hardened_malloc/issues/200
%global optflags %{optflags} -fno-fat-lto-objects
%if 0%{?fedora} == 40
%undefine _ld_pack_relocs
%endif
%description
Hardened allocator designed for modern systems.
It has integration into Android's Bionic libc and can be used externally with
musl and glibc as a dynamic library for use on other Linux-based platforms. It
will gain more portability / integration over time.
# start section from https://github.com/divestedcg/rpm-hardened_malloc/blob/master/hardened_malloc.spec
#
# MIT License
#
# Copyright (c) 2022 noatsecure
# Copyright (c) 2022 Divested Computing Group
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
%prep
%define _srcdir hardened_malloc
%{__mkdir} %{_srcdir};
%{__tar} -x -f %{SOURCE0} -C %{_srcdir} --strip-components 1;
%build
cd %{_srcdir};
cp config/default.mk config/pkey.mk
sed -i 's/CONFIG_SEAL_METADATA := false/CONFIG_SEAL_METADATA := true/' config/pkey.mk
patch -p1 < %{SOURCE1};
make CONFIG_NATIVE=false VARIANT=default;
make CONFIG_NATIVE=false VARIANT=light
make CONFIG_NATIVE=false VARIANT=pkey
%ifarch x86_64
ln -s default.mk config/default-x86-64.mk;
ln -s default.mk config/default-x86-64-v2.mk;
ln -s default.mk config/default-x86-64-v3.mk;
ln -s default.mk config/default-x86-64-v4.mk;
ln -s light.mk config/light-x86-64.mk;
ln -s light.mk config/light-x86-64-v2.mk;
ln -s light.mk config/light-x86-64-v3.mk;
ln -s light.mk config/light-x86-64-v4.mk;
ln -s pkey.mk config/pkey-x86-64.mk;
ln -s pkey.mk config/pkey-x86-64-v2.mk;
ln -s pkey.mk config/pkey-x86-64-v3.mk;
ln -s pkey.mk config/pkey-x86-64-v4.mk;
make CONFIG_NATIVE=false CONFIG_X86_64=true VARIANT=default-x86-64;
make CONFIG_NATIVE=false CONFIG_X86_64_V2=true VARIANT=default-x86-64-v2;
make CONFIG_NATIVE=false CONFIG_X86_64_V3=true VARIANT=default-x86-64-v3;
make CONFIG_NATIVE=false CONFIG_X86_64_V4=true VARIANT=default-x86-64-v4;
make CONFIG_NATIVE=false CONFIG_X86_64=true VARIANT=light-x86-64;
make CONFIG_NATIVE=false CONFIG_X86_64_V2=true VARIANT=light-x86-64-v2;
make CONFIG_NATIVE=false CONFIG_X86_64_V3=true VARIANT=light-x86-64-v3;
make CONFIG_NATIVE=false CONFIG_X86_64_V4=true VARIANT=light-x86-64-v4;
make CONFIG_NATIVE=false CONFIG_X86_64=true VARIANT=pkey-x86-64;
make CONFIG_NATIVE=false CONFIG_X86_64_V2=true VARIANT=pkey-x86-64-v2;
make CONFIG_NATIVE=false CONFIG_X86_64_V3=true VARIANT=pkey-x86-64-v3;
make CONFIG_NATIVE=false CONFIG_X86_64_V4=true VARIANT=pkey-x86-64-v4;
%endif
# end section from https://github.com/divestedcg/rpm-hardened_malloc/blob/master/hardened_malloc.spec
%install
install -Dm4644 -s %{_srcdir}/out/libhardened_malloc.so %{buildroot}%{_libdir}/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-light/libhardened_malloc-light.so %{buildroot}%{_libdir}/libhardened_malloc-light.so
install -Dm4644 -s %{_srcdir}/out-pkey/libhardened_malloc-pkey.so %{buildroot}%{_libdir}/libhardened_malloc-pkey.so
%ifarch x86_64
install -Dm4644 -s %{_srcdir}/out-default-x86-64/libhardened_malloc-default-x86-64.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-default-x86-64-v2/libhardened_malloc-default-x86-64-v2.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-default-x86-64-v3/libhardened_malloc-default-x86-64-v3.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-default-x86-64-v4/libhardened_malloc-default-x86-64-v4.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc.so
install -Dm4644 -s %{_srcdir}/out-light-x86-64/libhardened_malloc-light-x86-64.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc-light.so;
install -Dm4644 -s %{_srcdir}/out-light-x86-64-v2/libhardened_malloc-light-x86-64-v2.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc-light.so
install -Dm4644 -s %{_srcdir}/out-light-x86-64-v3/libhardened_malloc-light-x86-64-v3.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc-light.so
install -Dm4644 -s %{_srcdir}/out-light-x86-64-v4/libhardened_malloc-light-x86-64-v4.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc-light.so
install -Dm4644 -s %{_srcdir}/out-pkey-x86-64/libhardened_malloc-pkey-x86-64.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc-pkey.so;
install -Dm4644 -s %{_srcdir}/out-pkey-x86-64-v2/libhardened_malloc-pkey-x86-64-v2.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc-pkey.so;
install -Dm4644 -s %{_srcdir}/out-pkey-x86-64-v3/libhardened_malloc-pkey-x86-64-v3.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc-pkey.so;
install -Dm4644 -s %{_srcdir}/out-pkey-x86-64-v4/libhardened_malloc-pkey-x86-64-v4.so %{buildroot}%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc-pkey.so;
%endif
%check
cd %{_srcdir};
make test
%files
%license %{_srcdir}/LICENSE %{_srcdir}/CREDITS
%doc %{_srcdir}/README.md
%{_libdir}/libhardened_malloc.so
%{_libdir}/libhardened_malloc-light.so
%{_libdir}/libhardened_malloc-pkey.so
%ifarch x86_64
%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc.so
%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc.so
%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc.so
%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc.so
%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc-light.so
%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc-light.so
%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc-light.so
%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc-light.so
%{_libdir}/glibc-hwcaps/x86-64/libhardened_malloc-pkey.so
%{_libdir}/glibc-hwcaps/x86-64-v2/libhardened_malloc-pkey.so
%{_libdir}/glibc-hwcaps/x86-64-v3/libhardened_malloc-pkey.so
%{_libdir}/glibc-hwcaps/x86-64-v4/libhardened_malloc-pkey.so
%endif
%changelog
* Tue Dec 12 2023 rusty-snake - 12-5
- hardened_malloc.so: 4755 -> 4644
* Sun Dec 10 2023 rusty-snake - 12-4
- Set set-user-id bit on libhardened_malloc.so.
Thanks to Tad for the finding and reporting.
Fixes #2
* Sat Dec 09 2023 rusty-snake - 12-3
- Remove 30-hardened_malloc.conf, Fedora 39 does this by default
* Sat Dec 09 2023 rusty-snake - 12-2
- Add pkey variant
* Fri Sep 29 2023 rusty-snake - 12-1
- Update to version 12
* Sat Jan 22 2022 rusty-snake - 11-1
- Update to version 11
* Thu Jan 13 2022 rusty-snake - 10-1
- Update to version 10
- Add libhardened_malloc-light.so
* Mon Jan 3 2022 rusty-snake - 9-1
- Update to version 9
* Sun Nov 14 2021 rusty-snake - 8-3
- Install 30-hardened_malloc.conf under %%_sysctldir
- Cleanup the specfile
* Thu Sep 30 2021 rusty-snake - 8-2
- Disable the post-transaction scriptlet to insert hardened_malloc
into `/etc/ld.so.preload
* Sat Sep 18 2021 rusty-snake - 8-1
- Initial hardened_malloc spec