linter: Implement aarch64 checks

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/libpakfire/linter-file.c b/src/libpakfire/linter-file.c
index ee39d6143360d5acd00004e60fdd510e27a82b85..9cfa27c3672156f11864dbd9a25faacfac7f0c1b 100644 (file)
--- a/src/libpakfire/linter-file.c
+++ b/src/libpakfire/linter-file.c
@@ -752,13 +752,31 @@ static uint32_t read_4_bytes(const int endianess, const char* data) {
 
 static int __pakfire_linter_file_check_cf_protection_aarch64(struct pakfire_linter_file* lfile,
                const int endianess, const uint32_t type, const char* payload) {
-       # warning TODO
+       switch (type) {
+               case GNU_PROPERTY_AARCH64_FEATURE_1_AND:
+                       break;
+
+               // Ignore the rest
+               default:
+                       return 0;
+       }
+
+       uint32_t property = read_4_bytes(endianess, payload);
+
+       // Check for BTI
+       if (!(property & GNU_PROPERTY_AARCH64_FEATURE_1_BTI))
+               return pakfire_linter_file_error(lfile, "Branch Target Identification (BTI) is not enabled");
+
+       // Check for PAC
+       if (!(property & GNU_PROPERTY_AARCH64_FEATURE_1_PAC))
+               return pakfire_linter_file_error(lfile, "Pointer Authentication (PAC) is not enabled");
+
        return 0;
 }
 
 static int __pakfire_linter_file_check_cf_protection_riscv64(struct pakfire_linter_file* lfile,
                const int endianess, const uint32_t type, const char* payload) {
-       # warning TODO
+       // There is nothing to do here
        return 0;
 }
 
@@ -768,7 +786,7 @@ static int __pakfire_linter_file_check_cf_protection_x86(struct pakfire_linter_f
                case GNU_PROPERTY_X86_FEATURE_1_AND:
                        break;
 
-               // XXX what should we do in this case? Just ignore?
+               // Ignore the rest
                default:
                        return 0;
        }