diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2016-01-27 11:30:42 +0100 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2016-01-27 11:31:00 +0100 |
commit | 42ecea48fd25d8430e8c98c040228b9e9322abc9 (patch) | |
tree | f39087b1289796a0c295833ba097ab51486a0766 /contrib | |
parent | 473ad1bb026986db2569fff278d8957363f758f8 (diff) | |
parent | a81c87fafce43e49cc2307947e3951b84be7ca9a (diff) |
Merge #7424: Add security/export checks to gitian and fix current failures
a81c87f release: add security/symbol checks to gitian (Cory Fields)
a8ce872 release: always link librt for glibc back-compat builds (Cory Fields)
f3d3eaf release: add check-symbols and check-security make targets (Cory Fields)
475813b release: add _IO_stdin_used to ignored exports (Cory Fields)
cd27bf5 release: fix parsing of BIND_NOW with older readelf (Cory Fields)
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/devtools/security-check.py | 2 | ||||
-rwxr-xr-x | contrib/devtools/symbol-check.py | 5 | ||||
-rw-r--r-- | contrib/gitian-descriptors/gitian-linux.yml | 2 | ||||
-rw-r--r-- | contrib/gitian-descriptors/gitian-win.yml | 1 |
4 files changed, 8 insertions, 2 deletions
diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index fe5dc9ad89..0319f739c4 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -94,7 +94,7 @@ def check_ELF_RELRO(executable): raise IOError('Error opening file') for line in stdout.split('\n'): tokens = line.split() - if len(tokens)>1 and tokens[1] == '(BIND_NOW)': + if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2]): have_bindnow = True return have_gnu_relro and have_bindnow diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py index 93acfcdda4..4ad5136f79 100755 --- a/contrib/devtools/symbol-check.py +++ b/contrib/devtools/symbol-check.py @@ -42,9 +42,12 @@ MAX_VERSIONS = { 'GLIBCXX': (3,4,13), 'GLIBC': (2,11) } +# See here for a description of _IO_stdin_used: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109 + # Ignore symbols that are exported as part of every executable IGNORE_EXPORTS = { -'_edata', '_end', '_init', '__bss_start', '_fini' +'_edata', '_end', '_init', '__bss_start', '_fini', '_IO_stdin_used' } READELF_CMD = os.getenv('READELF', '/usr/bin/readelf') CPPFILT_CMD = os.getenv('CPPFILT', '/usr/bin/c++filt') diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 04b9b0177c..b4b6ed2909 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -96,6 +96,8 @@ script: | ./configure --prefix=${BASEPREFIX}/${i} --bindir=${INSTALLPATH}/bin --includedir=${INSTALLPATH}/include --libdir=${INSTALLPATH}/lib --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} make ${MAKEOPTS} + make ${MAKEOPTS} -C src check-security + make ${MAKEOPTS} -C src check-symbols make install-strip cd installed find . -name "lib*.la" -delete diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index 361842920d..233f5c5498 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -126,6 +126,7 @@ script: | ./configure --prefix=${BASEPREFIX}/${i} --bindir=${INSTALLPATH}/bin --includedir=${INSTALLPATH}/include --libdir=${INSTALLPATH}/lib --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} make ${MAKEOPTS} + make ${MAKEOPTS} -C src check-security make deploy make install-strip cp -f bitcoin-*setup*.exe $OUTDIR/ |