aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2016-01-27 11:30:42 +0100
committerWladimir J. van der Laan <laanwj@gmail.com>2016-01-27 11:31:00 +0100
commit42ecea48fd25d8430e8c98c040228b9e9322abc9 (patch)
treef39087b1289796a0c295833ba097ab51486a0766 /contrib
parent473ad1bb026986db2569fff278d8957363f758f8 (diff)
parenta81c87fafce43e49cc2307947e3951b84be7ca9a (diff)
Merge #7424: Add security/export checks to gitian and fix current failures
a81c87f release: add security/symbol checks to gitian (Cory Fields) a8ce872 release: always link librt for glibc back-compat builds (Cory Fields) f3d3eaf release: add check-symbols and check-security make targets (Cory Fields) 475813b release: add _IO_stdin_used to ignored exports (Cory Fields) cd27bf5 release: fix parsing of BIND_NOW with older readelf (Cory Fields)
Diffstat (limited to 'contrib')
-rwxr-xr-xcontrib/devtools/security-check.py2
-rwxr-xr-xcontrib/devtools/symbol-check.py5
-rw-r--r--contrib/gitian-descriptors/gitian-linux.yml2
-rw-r--r--contrib/gitian-descriptors/gitian-win.yml1
4 files changed, 8 insertions, 2 deletions
diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py
index fe5dc9ad89..0319f739c4 100755
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@@ -94,7 +94,7 @@ def check_ELF_RELRO(executable):
raise IOError('Error opening file')
for line in stdout.split('\n'):
tokens = line.split()
- if len(tokens)>1 and tokens[1] == '(BIND_NOW)':
+ if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2]):
have_bindnow = True
return have_gnu_relro and have_bindnow
diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py
index 93acfcdda4..4ad5136f79 100755
--- a/contrib/devtools/symbol-check.py
+++ b/contrib/devtools/symbol-check.py
@@ -42,9 +42,12 @@ MAX_VERSIONS = {
'GLIBCXX': (3,4,13),
'GLIBC': (2,11)
}
+# See here for a description of _IO_stdin_used:
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109
+
# Ignore symbols that are exported as part of every executable
IGNORE_EXPORTS = {
-'_edata', '_end', '_init', '__bss_start', '_fini'
+'_edata', '_end', '_init', '__bss_start', '_fini', '_IO_stdin_used'
}
READELF_CMD = os.getenv('READELF', '/usr/bin/readelf')
CPPFILT_CMD = os.getenv('CPPFILT', '/usr/bin/c++filt')
diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml
index 04b9b0177c..b4b6ed2909 100644
--- a/contrib/gitian-descriptors/gitian-linux.yml
+++ b/contrib/gitian-descriptors/gitian-linux.yml
@@ -96,6 +96,8 @@ script: |
./configure --prefix=${BASEPREFIX}/${i} --bindir=${INSTALLPATH}/bin --includedir=${INSTALLPATH}/include --libdir=${INSTALLPATH}/lib --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS}
make ${MAKEOPTS}
+ make ${MAKEOPTS} -C src check-security
+ make ${MAKEOPTS} -C src check-symbols
make install-strip
cd installed
find . -name "lib*.la" -delete
diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml
index 361842920d..233f5c5498 100644
--- a/contrib/gitian-descriptors/gitian-win.yml
+++ b/contrib/gitian-descriptors/gitian-win.yml
@@ -126,6 +126,7 @@ script: |
./configure --prefix=${BASEPREFIX}/${i} --bindir=${INSTALLPATH}/bin --includedir=${INSTALLPATH}/include --libdir=${INSTALLPATH}/lib --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS}
make ${MAKEOPTS}
+ make ${MAKEOPTS} -C src check-security
make deploy
make install-strip
cp -f bitcoin-*setup*.exe $OUTDIR/