diff options
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/devtools/circular-dependencies.py | 2 | ||||
-rwxr-xr-x | contrib/devtools/copyright_header.py | 2 | ||||
-rwxr-xr-x | contrib/devtools/previous_release.sh | 2 | ||||
-rwxr-xr-x | contrib/devtools/security-check.py | 17 | ||||
-rwxr-xr-x | contrib/devtools/test-security-check.py | 18 | ||||
-rwxr-xr-x | contrib/devtools/test_deterministic_coverage.sh | 2 | ||||
-rwxr-xr-x | contrib/filter-lcov.py | 2 | ||||
-rw-r--r-- | contrib/gitian-descriptors/gitian-win-signer.yml | 1 | ||||
-rwxr-xr-x | contrib/linearize/linearize-data.py | 2 | ||||
-rw-r--r-- | contrib/macdeploy/README.md | 8 | ||||
-rwxr-xr-x | contrib/macdeploy/extract-osx-sdk.sh | 2 | ||||
-rwxr-xr-x | contrib/seeds/makeseeds.py | 2 | ||||
-rwxr-xr-x | contrib/verify-commits/pre-push-hook.sh | 2 |
13 files changed, 43 insertions, 19 deletions
diff --git a/contrib/devtools/circular-dependencies.py b/contrib/devtools/circular-dependencies.py index 6afa4351e7..bc5f09a3e2 100755 --- a/contrib/devtools/circular-dependencies.py +++ b/contrib/devtools/circular-dependencies.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright (c) 2018 The Bitcoin Core developers +# Copyright (c) 2018-2019 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. diff --git a/contrib/devtools/copyright_header.py b/contrib/devtools/copyright_header.py index 92120eaff7..084914f11a 100755 --- a/contrib/devtools/copyright_header.py +++ b/contrib/devtools/copyright_header.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright (c) 2016-2019 The Bitcoin Core developers +# Copyright (c) 2016-2020 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. diff --git a/contrib/devtools/previous_release.sh b/contrib/devtools/previous_release.sh index 5ddfdb4e73..b2ecc274fb 100755 --- a/contrib/devtools/previous_release.sh +++ b/contrib/devtools/previous_release.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # -# Copyright (c) 2018-2019 The Bitcoin Core developers +# Copyright (c) 2018-2020 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. # diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index b924698e56..65a80b4102 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -223,6 +223,20 @@ def check_MACHO_LAZY_BINDINGS(executable) -> bool: return False return True +def check_MACHO_Canary(executable) -> bool: + ''' + Check for use of stack canary + ''' + p = subprocess.Popen([OTOOL_CMD, '-Iv', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) + (stdout, stderr) = p.communicate() + if p.returncode: + raise IOError('Error opening file') + ok = False + for line in stdout.splitlines(): + if '___stack_chk_fail' in line: + ok = True + return ok + CHECKS = { 'ELF': [ ('PIE', check_ELF_PIE), @@ -239,7 +253,8 @@ CHECKS = { ('PIE', check_MACHO_PIE), ('NOUNDEFS', check_MACHO_NOUNDEFS), ('NX', check_MACHO_NX), - ('LAZY_BINDINGS', check_MACHO_LAZY_BINDINGS) + ('LAZY_BINDINGS', check_MACHO_LAZY_BINDINGS), + ('Canary', check_MACHO_Canary) ] } diff --git a/contrib/devtools/test-security-check.py b/contrib/devtools/test-security-check.py index e2a8154f16..d09f1d0064 100755 --- a/contrib/devtools/test-security-check.py +++ b/contrib/devtools/test-security-check.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright (c) 2015-2019 The Bitcoin Core developers +# Copyright (c) 2015-2020 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. ''' @@ -64,13 +64,17 @@ class TestSecurityChecks(unittest.TestCase): cc = 'clang' write_testcode(source) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace', '-Wl,-allow_stack_execute']), - (1, executable+': failed PIE NOUNDEFS NX')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace']), - (1, executable+': failed PIE NOUNDEFS')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fno-stack-protector']), + (1, executable+': failed PIE NOUNDEFS NX LAZY_BINDINGS Canary')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fstack-protector-all']), + (1, executable+': failed PIE NOUNDEFS NX LAZY_BINDINGS')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fstack-protector-all']), + (1, executable+': failed PIE NOUNDEFS LAZY_BINDINGS')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-fstack-protector-all']), + (1, executable+': failed PIE LAZY_BINDINGS')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all']), (1, executable+': failed PIE')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-pie']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-pie','-Wl,-bind_at_load','-fstack-protector-all']), (0, '')) if __name__ == '__main__': diff --git a/contrib/devtools/test_deterministic_coverage.sh b/contrib/devtools/test_deterministic_coverage.sh index f5cd05a2c3..95b1553215 100755 --- a/contrib/devtools/test_deterministic_coverage.sh +++ b/contrib/devtools/test_deterministic_coverage.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # -# Copyright (c) 2019 The Bitcoin Core developers +# Copyright (c) 2019-2020 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. # diff --git a/contrib/filter-lcov.py b/contrib/filter-lcov.py index 75034616f7..e005cb96da 100755 --- a/contrib/filter-lcov.py +++ b/contrib/filter-lcov.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright (c) 2017-2018 The Bitcoin Core developers +# Copyright (c) 2017-2019 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. diff --git a/contrib/gitian-descriptors/gitian-win-signer.yml b/contrib/gitian-descriptors/gitian-win-signer.yml index 9d96465742..6bcd126662 100644 --- a/contrib/gitian-descriptors/gitian-win-signer.yml +++ b/contrib/gitian-descriptors/gitian-win-signer.yml @@ -8,6 +8,7 @@ architectures: packages: - "libssl-dev" - "autoconf" +- "automake" - "libtool" - "pkg-config" remotes: diff --git a/contrib/linearize/linearize-data.py b/contrib/linearize/linearize-data.py index bcca3b7cea..73f54cd488 100755 --- a/contrib/linearize/linearize-data.py +++ b/contrib/linearize/linearize-data.py @@ -2,7 +2,7 @@ # # linearize-data.py: Construct a linear, no-fork version of the chain. # -# Copyright (c) 2013-2019 The Bitcoin Core developers +# Copyright (c) 2013-2020 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. # diff --git a/contrib/macdeploy/README.md b/contrib/macdeploy/README.md index f78bebf114..68ebb5def1 100644 --- a/contrib/macdeploy/README.md +++ b/contrib/macdeploy/README.md @@ -14,6 +14,10 @@ When complete, it will have produced `Bitcoin-Qt.dmg`. ## SDK Extraction +Our current macOS SDK (`macOSX10.14.sdk`) can be extracted from +[Xcode_10.2.1.xip](https://download.developer.apple.com/Developer_Tools/Xcode_10.2.1/Xcode_10.2.1.xip). +An Apple ID is needed to download this. + `Xcode.app` is packaged in a `.xip` archive. This makes the SDK less-trivial to extract on non-macOS machines. One approach (tested on Debian Buster) is outlined below: @@ -38,14 +42,14 @@ xar -xf Xcode_10.2.1.xip -C . ./pbzx/pbzx -n Content | cpio -i -find Xcode.app -type d -name MacOSX.sdk -execdir sh -c 'tar -c MacOSX.sdk/ | gzip -9n > /MacOSX10.14.sdk.tar.gz' \; +find Xcode.app -type d -name MacOSX.sdk -exec sh -c 'tar --transform="s/MacOSX.sdk/MacOSX10.14.sdk/" -c -C$(dirname {}) MacOSX.sdk/ | gzip -9n > MacOSX10.14.sdk.tar.gz' \; ``` on macOS the process is more straightforward: ```bash xip -x Xcode_10.2.1.xip -tar -C Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/ -czf MacOSX10.14.sdk.tar.gz MacOSX.sdk +tar -s "/MacOSX.sdk/MacOSX10.14.sdk/" -C Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/ -czf MacOSX10.14.sdk.tar.gz MacOSX.sdk ``` Our previously used macOS SDK (`MacOSX10.11.sdk`) can be extracted from diff --git a/contrib/macdeploy/extract-osx-sdk.sh b/contrib/macdeploy/extract-osx-sdk.sh index 21243ada04..3c7bdf4217 100755 --- a/contrib/macdeploy/extract-osx-sdk.sh +++ b/contrib/macdeploy/extract-osx-sdk.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# Copyright (c) 2016-2019 The Bitcoin Core developers +# Copyright (c) 2016-2020 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. diff --git a/contrib/seeds/makeseeds.py b/contrib/seeds/makeseeds.py index c623d5b5e4..e8698994f1 100755 --- a/contrib/seeds/makeseeds.py +++ b/contrib/seeds/makeseeds.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright (c) 2013-2019 The Bitcoin Core developers +# Copyright (c) 2013-2020 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. # diff --git a/contrib/verify-commits/pre-push-hook.sh b/contrib/verify-commits/pre-push-hook.sh index a26791f0d1..78873dc0c3 100755 --- a/contrib/verify-commits/pre-push-hook.sh +++ b/contrib/verify-commits/pre-push-hook.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# Copyright (c) 2014-2019 The Bitcoin Core developers +# Copyright (c) 2014-2020 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. |