github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/syft/file/cataloger/executable/test-fixtures/elf/project/Makefile

github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/syft/file/cataloger/executable/test-fixtures/elf/project/Makefile (about)

     1  ### GCC Options ############################################
     2  CANARY := -fstack-protector
     3  NO_CANARY := -fno-stack-protector
     4  
     5  SHARED_OBJ := -shared
     6  
     7  RELRO := -z relro -z now
     8  PARTIAL_RELRO := -z relro
     9  NO_RELRO := -z norelro
    10  
    11  NX := -z noexecstack
    12  NO_NX := -z execstack
    13  
    14  PIE := -fpic -pie
    15  NO_PIE := -no-pie
    16  
    17  # deprecated
    18  RPATH := -Wl,--disable-new-dtags,-rpath,./libs
    19  
    20  # replaces RPATH (thus us mutually exclusive with it)
    21  RUNPATH :=  -Wl,-rpath,./libs
    22  
    23  GCCFLAGS := -g 
    24  
    25  ### Clang Options ############################################
    26  
    27  SAFE_STACK := -fsanitize=safe-stack
    28  
    29  CFI := -flto -fvisibility=hidden -fsanitize=cfi
    30  
    31  FORTIFY := -O2 -D_FORTIFY_SOURCE=2
    32  
    33  ### Common Options ############################################
    34  
    35  SRC := main.c
    36  LIB_SRC := lib.c
    37  BIN := ../bin
    38  
    39  BINS :=        $(BIN)/no_protection $(BIN)/with_nx $(BIN)/pie_false_positive.so $(BIN)/with_pie $(BIN)/with_canary $(BIN)/with_relro $(BIN)/with_partial_relro $(BIN)/with_rpath $(BIN)/with_runpath $(BIN)/with_safestack $(BIN)/with_cfi $(BIN)/with_fortify $(BIN)/protected
    40  #.PHONY: verify $(BIN)/no_protection $(BIN)/with_nx $(BIN)/pie_false_positive.so $(BIN)/with_pie $(BIN)/with_canary $(BIN)/with_relro $(BIN)/with_partial_relro $(BIN)/with_rpath $(BIN)/with_runpath $(BIN)/with_safestack $(BIN)/with_cfi $(BIN)/with_fortify $(BIN)/protected
    41  .PHONY: verify clean all
    42  
    43  all: $(BINS)
    44  
    45  
    46  $(BIN)/no_protection : $(SRC)
    47  	gcc $< -o $@ $(GCCFLAGS) $(NO_CANARY) $(NO_NX) $(NO_RELRO) $(NO_PIE) $(RUNPATH) 
    48  
    49  $(BIN)/with_nx : $(SRC)
    50  	gcc $< -o $@ $(GCCFLAGS) $(NO_CANARY) $(NX) $(NO_RELRO) $(NO_PIE) 
    51  
    52  $(BIN)/pie_false_positive.so: $(LIB_SRC)
    53  	gcc $< -c -Wall -Werror -fpic $(LIB_SRC)
    54  	gcc -shared -o $@ lib.o ; rm lib.o
    55  
    56  $(BIN)/with_pie: $(SRC)
    57  	gcc $< -o $@ $(GCCFLAGS) $(NO_CANARY) $(NO_NX) $(NO_RELRO) $(PIE)
    58  
    59  $(BIN)/with_canary: $(SRC)
    60  	gcc $< -o $@ $(GCCFLAGS) $(CANARY) $(NO_NX) $(NO_RELRO) $(NO_PIE) 
    61  
    62  $(BIN)/with_relro: $(SRC)
    63  	gcc $< -o $@ $(GCCFLAGS) $(NO_CANARY) $(NO_NX) $(RELRO) $(NO_PIE)
    64  
    65  $(BIN)/with_partial_relro: $(SRC)
    66  	gcc $< -o $@ $(GCCFLAGS) $(NO_CANARY) $(NO_NX) $(PARTIAL_RELRO) $(NO_PIE)
    67  
    68  $(BIN)/with_rpath: $(SRC)
    69  	gcc $< -o $@ $(GCCFLAGS) $(NO_CANARY) $(NO_NX) $(NO_RELRO) $(NO_PIE) $(RPATH)
    70  
    71  $(BIN)/with_runpath: $(SRC)
    72  	gcc $< -o $@ $(GCCFLAGS) $(NO_CANARY) $(NO_NX) $(NO_RELRO) $(NO_PIE) $(RUNPATH)
    73  
    74  $(BIN)/with_safestack: $(SRC)
    75  	clang $< -o $@ $(SAFE_STACK)
    76  
    77  $(BIN)/with_cfi: $(SRC)
    78  	clang $< -o $@ $(CFI)
    79  
    80  $(BIN)/with_fortify: $(SRC)
    81  	clang $< -o $@ $(FORTIFY)
    82  
    83  #$(BIN)/with_selfrando: $(SRC)
    84  #	srenv gcc $< -o $@ $(GCCFLAGS) $(NO_CANARY) $(NO_NX) $(NO_RELRO) $(NO_PIE)
    85  
    86  $(BIN)/protected: $(SRC)
    87  	gcc $< -o $@ $(GCCFLAGS) $(CANARY) $(NX) $(RELRO) $(PIE)
    88  
    89  verify:
    90  	@/bin/checksec --dir=$(BIN) --extended --output=json
    91  
    92  clean:
    93  	rm -rf $(BINS)