1ANNOCHECK(1) RPM Development Tools ANNOCHECK(1)
2
6 annocheck - Analysing binary files.
7
9 annocheck
10 [-h | --help]
11 [--help-tool]
12 [--version]
13 [-v | --verbose]
14 [-q | --quiet]
15 [-i | --ignore-unknown]
16 [-r | --report-unknown]
17 [-f | --follow-links]
18 [-I | --ignore-links]
19 [--debug-rpm=file]
20 [--dwarf-dir=dir]
21 [-p text | --prefix=text]
22 [-u | --use-debuginfod]
23 [-n | --no-use-debuginfod]
24 [--enable-tool]
25 [--disable-tool]
26 [--tool-option]
27 file...
28 annocheck
30 --enable-builtby
31 [--all]
32 [--tool=name]
33 [--nottool=name]
34 file...
35
37 The annocheck program can analyse binary files and report information
38 about them. It is designed to be modular, with a set of self-contained
39 tools providing the checking functionality. Currently the following
40 tools are implemented:
41 The annocheck program is able to scan inside rpm files and libraries.
43 It will automatically recurse into any directories that are specified
44 on the command line. In addition annocheck knows how to find debug
45 information held in separate debug files, and it will search for these
46 whenever it needs the resources that they contain.
47 New tools can be added to the annocheck framework by creating a new
49 source file and including it in the Makefile used to build annocheck.
50 The modular nature of annocheck means that nothing else needs to be
51 updated.
52 New tools must fill out a "struct checker" structure (defined in
54 annocheck.h) and they must define a constructor function that calls
55 "annocheck_add_checker" to register their presence at program start-up.
56 The annocheck program supports some generic command line options that
58 are used regardless of which tools are enabled.
59 "--debug-rpm=file"
61 Look in file for separate dwarf debug information.
62 "--dwarf-dir=dir"
64 Look in dir for separate dwarf debug information files.
65 "--help"
67 "-h"
68 Displays the generic annobin usage information and then exits.
69 "--help-tool"
71 Display the usage information for tool and then exits.
72 "--report-unknown"
74 "--ignore-unknown"
75 "-r"
76 "-i"
77 If enabled, unknown file types are reported when they are
78 encountered. This includes non-ELF format files, block devices and
79 so on. Directories are not considered to be unknown and are
80 automatically descended.
81 The default setting depends upon the file being processed. For rpm
83 files the default is to ignore unknowns, since these often contain
84 non-executable files. For other file types, including directories,
85 the default is to report unknown files.
86 "--ignore-links"
88 "--follow-links"
89 "-I"
90 "-f"
91 Specifies whether symbolic links should be followed or ignored.
92 The default setting depends upon the file being processed. For rpm
94 files the default is to ignore symbolic links, since these often
95 unresolveable. For other file types, including directories, the
96 default is to follow the links.
97 "--prefix=text"
99 "-p"
100 Include text in the output description.
101 "--quiet"
103 "-q"
104 Do not print anything, just return an exit status.
105 "--verbose"
107 "-v"
108 Produce informational messages whilst working. Repeat for more
109 information.
110 "--version"
112 Report the version of the tool and then exit.
113 "--use-debuginfod"
115 "-u"
116 Enable the use of the debuginfod service to download debuginfo
117 rpms. This feature is enabled by default, but it is only active if
118 support for the debuginfod server has been compiled in to
119 annocheck.
120 "--no-use-debuginfod"
122 "-n"
123 Do not use the debuginfod service, even if it is available.
124 "--enable-tool"
126 Enable tool. Most tools are disabled by default and so need to be
127 enabled via this option before they will act.
128 "--disable-tool"
130 Disable tool. Normally used to disable the hardening checker,
131 which is enabled by default.
132 "--tool-option"
134 Pass option on to tool.
135 Any other command line options will be passed to the tools in turn in
137 order to give them a chance to claim and process them.
138 The built-by tool is disabled by default, but it can be enabled by the
140 command line option --enable-builtby. The tool checks the specified
141 files to see if any information is stored about how the file was built.
142 Since the hardening checker is enabled by default it may also be useful
144 to add the --disable-hardened option to the command line.
145 The tool supports a few command line options to customise its
147 behaviour:
148 "--all"
150 Report all builder identification strings. The tool has several
151 different heuristics for determining the builder. By default it
152 will report the information return by the first successful
153 heuristic. If the --all option is enabled then all successful
154 results will be returned.
155 "--tool=name"
157 This option can be used to restrict the output to only those files
158 which were built by a specific tool. This can be useful when
159 scanning a directory full of files searching for those built by a
160 particular compiler.
161 "--nottool=NAME"
163 This option can be used to restrict the output to only those files
164 which were not built by a specific tool. This can be useful when
165 scanning a directory full of files searching for those that were
166 not built by a particular compiler.
167
170 Copyright (c) 2018 - 2022 Red Hat.
171 Permission is granted to copy, distribute and/or modify this document
173 under the terms of the GNU Free Documentation License, Version 1.3 or
174 any later version published by the Free Software Foundation; with no
175 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
176 Texts. A copy of the license is included in the section entitled "GNU
177 Free Documentation License".
178annobin-1 2022-03-07 ANNOCHECK(1)