From: Michael Tremer Date: Tue, 14 Mar 2023 18:56:20 +0000 (+0000) Subject: file: Skip hardening checks for firmware files X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ec95c0c4703331fb960f64eaa8a7cd7958393a8c;p=people%2Fstevee%2Fpakfire.git file: Skip hardening checks for firmware files Signed-off-by: Michael Tremer --- diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c index f917e7b9..d4e370e6 100644 --- a/src/libpakfire/file.c +++ b/src/libpakfire/file.c @@ -1159,6 +1159,7 @@ static const struct extension { { "*.la", PAKFIRE_FILE_LIBTOOL_ARCHIVE }, { "*.pm", PAKFIRE_FILE_PERL }, { "*.pc", PAKFIRE_FILE_PKGCONFIG }, + { "/usr/lib/firmware/*", PAKFIRE_FILE_FIRMWARE }, { NULL , 0 }, }; @@ -1675,6 +1676,10 @@ int pakfire_file_is_stripped(struct pakfire_file* file) { return -1; } + // Do not perform this check on firmware + if (pakfire_file_matches_class(file, PAKFIRE_FILE_FIRMWARE)) + return 0; + switch (pakfire_file_get_elf_type(file)) { // Do not check Relocatable Objects case ET_REL: @@ -1864,6 +1869,10 @@ static int pakfire_file_hardening_check_relro(struct pakfire_file* file) { int pakfire_file_check_hardening(struct pakfire_file* file, int* issues) { int r; + // Do not perform this check on firmware + if (pakfire_file_matches_class(file, PAKFIRE_FILE_FIRMWARE)) + return 0; + // Return previous result if this has been run before if (!file->hardening_check_done) { switch (pakfire_file_get_elf_type(file)) { diff --git a/src/libpakfire/include/pakfire/file.h b/src/libpakfire/include/pakfire/file.h index 9d9b68ee..d284fc82 100644 --- a/src/libpakfire/include/pakfire/file.h +++ b/src/libpakfire/include/pakfire/file.h @@ -119,6 +119,7 @@ enum pakfire_file_classes { PAKFIRE_FILE_PERL = (1 << 10), PAKFIRE_FILE_STATIC_LIBRARY = (1 << 11), PAKFIRE_FILE_LIBTOOL_ARCHIVE = (1 << 12), + PAKFIRE_FILE_FIRMWARE = (1 << 13), }; int pakfire_file_create_from_path(struct pakfire_file** file,