#7069 Enable annotaions of binaries compiled by gcc
Closed: Fixed 6 years ago Opened 6 years ago by nickc.

I would like to enable binary annotations for files compiled by gcc. This will allow extra information to be stored in these files, such as which hardening options were used, the stack size requirements, potential ABI conflicts and so on.

In order to do this I propose patching the redhat-rpm-config rpm to enable the use of the annobin plugin. This plugin will add the extra information to the binary files. Some example scripts in the annobin package demonstrate how this information might be used.

This change has several possible consequences for release engineering:

  • It might break the building of any package that uses gcc.
    [I have tried to test building various packages locally, and these have all succeeded,
    but I do not have the equivalent of an entire Fedora build system].

  • The size of gcc built binaries will increase. Not by a huge amount I hope, since
    the annotation format is designed to be compact, but it could still be a factor. Note
    the information is stored in an unallocated section in the binary, so it will not affect
    the size of the executable in memory, only on disk.

  • if the annotations work it should allow releng the opportunity to add extra checks
    for ABI incompatibilities and hardening problems.


I miss link to Change Proposal..

Well yes - this is my first attempt at this, and I am not sure that I have created/uploaded the wiki page correctly. This is the upload link:

https://fedoraproject.org/w/uploads/3/38/Annobin.wiki

But if I understand correctly this should be converted into a proper wiki page somehow, and once I find out the URL for that, I will update this issue

Ha! I have now been told that pages are not uploaded, they are just created out of thin air. I had no idea that you could do this. So here is the URL:

https://fedoraproject.org/wiki/Changes/Annobin

@adamwill @tflink Is there someone on the QA side of the fence that could help @nickc with getting tests together based on the extra data here?

Metadata Update from @ausil:
- Issue tagged with: change-noreleng, f28

6 years ago

Metadata Update from @ausil:
- Issue assigned to ausil

6 years ago

Metadata Update from @mohanboddu:
- Issue tagged with: changes

6 years ago

We believe this has all been done.

Metadata Update from @ausil:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Login to comment on this ticket.

Metadata