From c92624aaad1969a82424cbd5e944cb7e944245e6 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Fri, 8 May 2026 10:16:45 +0300 Subject: [PATCH] checksec: update to 3.1.0 The upstream repository was renamed from checksec.sh to checksec and the main script was renamed from checksec to checksec.bash (still installed as /usr/bin/checksec). The checksec_automator subpackage was removed upstream, so drop it. Update PKG_NAME accordingly and adjust the install rule. Changelog: https://github.com/slimm609/checksec/releases/tag/3.1.0 Co-authored-by: George Sapkin Signed-off-by: Alexandru Ardelean --- utils/checksec/Makefile | 32 +++++--------------------------- utils/checksec/test-version.sh | 9 +++++++++ utils/checksec/test.sh | 8 ++++++++ 3 files changed, 22 insertions(+), 27 deletions(-) create mode 100644 utils/checksec/test-version.sh create mode 100644 utils/checksec/test.sh diff --git a/utils/checksec/Makefile b/utils/checksec/Makefile index 1b4eb3a63d..b122707a15 100644 --- a/utils/checksec/Makefile +++ b/utils/checksec/Makefile @@ -6,60 +6,38 @@ # include $(TOPDIR)/rules.mk -PKG_NAME:=checksec.sh -PKG_VERSION:=2.5.0 +PKG_NAME:=checksec +PKG_VERSION:=3.1.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/slimm609/checksec.sh/archive/$(PKG_VERSION) -PKG_HASH:=1034459d7cd2b0ee515c2b6b003375fec566fb59c838fc5e1961e1fcf76b54fa +PKG_HASH:=cd3112fb02577726dd6945a11d9225d508ac0d59984d772fbbda5d9cf2d2c290 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE_FILES:=LICENSE.txt -PKG_INSTALL:=1 - include $(INCLUDE_DIR)/package.mk -define Package/checksec/default +define Package/checksec SECTION:=utils CATEGORY:=Utilities URL:=https://github.com/slimm609/checksec.sh -endef - -define Package/checksec - $(call Package/checksec/default) TITLE:=Utility to check PIE, RELRO, ASLR etc. DEPENDS:=+bash +file +binutils +procps-ng +procps-ng-sysctl +openssl-util +coreutils +coreutils-stat endef -define Package/checksec_automator - $(call Package/checksec/default) - TITLE:=Utility to use checksec for dirs - DEPENDS:=+checksec +coreutils-tee +findutils-find +grep -endef - define Package/checksec/description Checksec is a bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source). endef -define Package/checksec_automator/description - Script for checksec directory scan. -endef - Build/Compile:=: Build/Install:=: define Package/checksec/install $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/checksec $(1)/usr/bin/ -endef - -define Package/checksec_automator/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/checksec_automator.sh $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/checksec.bash $(1)/usr/bin/checksec endef $(eval $(call BuildPackage,checksec)) -$(eval $(call BuildPackage,checksec_automator)) diff --git a/utils/checksec/test-version.sh b/utils/checksec/test-version.sh new file mode 100644 index 0000000000..7f044565f2 --- /dev/null +++ b/utils/checksec/test-version.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +# checksec reported version doesn't match package version as of 3.1.0 + +case "$1" in +checksec) + checksec --version 2>&1 | grep -qF "2.7.1" + ;; +esac diff --git a/utils/checksec/test.sh b/utils/checksec/test.sh new file mode 100644 index 0000000000..2f00cb98e0 --- /dev/null +++ b/utils/checksec/test.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +case "$1" in + checksec) + # Analyze a known binary; output must include the binary path + checksec --file=/usr/bin/checksec 2>&1 | grep -qF "checksec" + ;; +esac