1ANNOCHECK(1) RPM Development Tools ANNOCHECK(1)
2
6 annocheck - Analysing binary files.
7
9 annocheck
10 [-h | --help]
11 [--help-tool]
12 [--version]
13 [-v | --verbose]
14 [-q | --quiet]
15 [-i | --ignore-unknown]
16 [-r | --report-unknown]
17 [-f | --follow-links]
18 [-I | --ignore-links]
19 [--debug-rpm=file]
20 [--dwarf-dir=dir]
21 [-p text | --prefix=text]
22 [-t dir | --tmpdir=dir]
23 [-u | --use-debuginfod]
24 [-n | --no-use-debuginfod]
25 [--enable-tool]
26 [--disable-tool]
27 [--tool-option]
28 file...
29 annocheck
31 --enable-builtby
32 [--all]
33 [--tool=name]
34 [--nottool=name]
35 file...
36
38 The annocheck program can analyse binary files and report information
39 about them. It is designed to be modular, with a set of self-contained
40 tools providing the checking functionality. Currently the following
41 tools are implemented:
42 The annocheck program is able to scan inside rpm files and libraries.
44 It will automatically recurse into any directories that are specified
45 on the command line. In addition annocheck knows how to find debug
46 information held in separate debug files, and it will search for these
47 whenever it needs the resources that they contain.
48 New tools can be added to the annocheck framework by creating a new
50 source file and including it in the Makefile used to build annocheck.
51 The modular nature of annocheck means that nothing else needs to be
52 updated.
53 New tools must fill out a "struct checker" structure (defined in
55 annocheck.h) and they must define a constructor function that calls
56 "annocheck_add_checker" to register their presence at program start-up.
57 The annocheck program supports some generic command line options that
59 are used regardless of which tools are enabled.
60 "--debug-rpm=file"
62 Look in file for separate dwarf debug information.
63 "--dwarf-dir=dir"
65 Look in dir for separate dwarf debug information files.
66 "--help"
68 "-h"
69 Displays the generic annobin usage information and then exits.
70 "--help-tool"
72 Display the usage information for tool and then exits.
73 "--report-unknown"
75 "--ignore-unknown"
76 "-r"
77 "-i"
78 If enabled, unknown file types are reported when they are
79 encountered. This includes non-ELF format files, block devices and
80 so on. Directories are not considered to be unknown and are
81 automatically descended.
82 The default setting depends upon the file being processed. For rpm
84 files the default is to ignore unknowns, since these often contain
85 non-executable files. For other file types, including directories,
86 the default is to report unknown files.
87 "--ignore-links"
89 "--follow-links"
90 "-I"
91 "-f"
92 Specifies whether symbolic links should be followed or ignored.
93 The default setting depends upon the file being processed. For rpm
95 files the default is to ignore symbolic links, since these often
96 unresolveable. For other file types, including directories, the
97 default is to follow the links.
98 "--prefix=text"
100 "-p text"
101 Include text in the output description.
102 "--quiet"
104 "-q"
105 Do not print anything, just return an exit status.
106 "--tmpdir=dir"
108 "-t dir"
109 Use dir as a directory for holding temporary files.
110 "--verbose"
112 "-v"
113 Produce informational messages whilst working. Repeat for more
114 information.
115 "--version"
117 Report the version of the tool and then exit.
118 "--use-debuginfod"
120 "-u"
121 Enable the use of the debuginfod service to download debuginfo
122 rpms. This feature is enabled by default, but it is only active if
123 support for the debuginfod server has been compiled in to
124 annocheck.
125 "--no-use-debuginfod"
127 "-n"
128 Do not use the debuginfod service, even if it is available.
129 "--enable-tool"
131 Enable tool. Most tools are disabled by default and so need to be
132 enabled via this option before they will act.
133 "--disable-tool"
135 Disable tool. Normally used to disable the hardening checker,
136 which is enabled by default.
137 "--tool-option"
139 Pass option on to tool.
140 Any other command line options will be passed to the tools in turn in
142 order to give them a chance to claim and process them.
143 The built-by tool is disabled by default, but it can be enabled by the
145 command line option --enable-builtby. The tool checks the specified
146 files to see if any information is stored about how the file was built.
147 Since the hardening checker is enabled by default it may also be useful
149 to add the --disable-hardened option to the command line.
150 The tool supports a few command line options to customise its
152 behaviour:
153 "--all"
155 Report all builder identification strings. The tool has several
156 different heuristics for determining the builder. By default it
157 will report the information return by the first successful
158 heuristic. If the --all option is enabled then all successful
159 results will be returned.
160 "--tool=name"
162 This option can be used to restrict the output to only those files
163 which were built by a specific tool. This can be useful when
164 scanning a directory full of files searching for those built by a
165 particular compiler.
166 "--nottool=NAME"
168 This option can be used to restrict the output to only those files
169 which were not built by a specific tool. This can be useful when
170 scanning a directory full of files searching for those that were
171 not built by a particular compiler.
172
175 Copyright (c) 2018 - 2023 Red Hat.
176 Permission is granted to copy, distribute and/or modify this document
178 under the terms of the GNU Free Documentation License, Version 1.3 or
179 any later version published by the Free Software Foundation; with no
180 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
181 Texts. A copy of the license is included in the section entitled "GNU
182 Free Documentation License".
183annobin-1 2023-01-04 ANNOCHECK(1)