이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 7. Annobin
The Annobin project consists of the annobin plugin and the annockeck program.
The annobin plugin scans the GNU Compiler Collection (GCC) command line, the compilation state, and the compilation process, and generates the ELF notes. The ELF notes record how the binary was built and provide information for the annocheck program to perform security hardening checks.
The security hardening checker is part of the annocheck program and is enabled by default. It checks the binary files to determine whether the program was built with necessary security hardening options and compiled correctly. annocheck is able to recursively scan directories, archives, and RPM packages for ELF object files.
The files must be in ELF format. annocheck does not handle any other binary file types.
7.1. Installing Annobin
In Red Hat Developer Toolset, the annobin plugin and the annockeck program are provided by the devtoolset-12-gcc package and are installed as described in Section 1.5.3, “Installing Optional Packages”.
7.2. Using Annobin Plugin
To pass options to the annobin plugin with gcc, use:
$ scl enable devtoolset-12 'gcc -fplugin=annobin -fplugin-arg-annobin-option file-name'
Note that you can execute any command using the scl utility, causing it to be run with the Red Hat Developer Toolset binaries used in preference to the Red Hat Enterprise Linux system equivalent. This allows you to run a shell session with Red Hat Developer Toolset as as default:
$ scl enable devtoolset-12 'bash'
7.3. Using Annocheck
To scan files, directories or RPM packages with the annocheck program:
$ scl enable devtoolset-12 'annocheck file-name'
annocheck only looks for the ELF files. Other file types are ignored.
Note that you can execute any command using the scl utility, causing it to be run with the Red Hat Developer Toolset binaries used in preference to the Red Hat Enterprise Linux system equivalent. This allows you to run a shell session with Red Hat Developer Toolset as as default:
$ scl enable devtoolset-12 'bash'
To verify the version of annocheck you are using at any point:
$ which annocheck
Red Hat Developer Toolset’s annocheck executable path will begin with /opt. Alternatively, you can use the following command to confirm that the version number matches that for Red Hat Developer Toolset annocheck:
$ annocheck --version
7.4. Additional Resources
For more information about annocheck, annobin and its features, see the resources listed below.
Installed Documentation
annocheck(1) — The manual page for the
annocheckutility provides detailed information on its usage. To display the manual page for the version included in Red Hat Developer Toolset:$ scl enable devtoolset-12 'man annocheck'
annobin(1) — The manual page for the
annobinutility provides detailed information on its usage. To display the manual page for the version included in Red Hat Developer Toolset:$ scl enable devtoolset-12 'man annobin'
