From 465967b5ef4b4f02e9d6783a94eca012d4ebcdab Mon Sep 17 00:00:00 2001 From: fanquake Date: Fri, 9 Apr 2021 10:11:47 +0800 Subject: gitian: install LIEF in gitian container --- contrib/gitian-descriptors/gitian-linux.yml | 3 +++ contrib/gitian-descriptors/gitian-osx.yml | 3 +++ contrib/gitian-descriptors/gitian-win.yml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 9b5f5d7e07..103e249e33 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -23,6 +23,7 @@ packages: - "patch" - "pkg-config" - "python3" +- "python3-pip" # Cross compilation HOSTS: # - arm-linux-gnueabihf - "binutils-arm-linux-gnueabihf" @@ -99,6 +100,8 @@ script: | done } + pip3 install lief==0.11.4 + # Faketime for depends so intermediate results are comparable export PATH_orig=${PATH} create_global_faketime_wrappers "2000-01-01 12:00:00" diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml index 5bc8a37bdc..d6c41b2c43 100644 --- a/contrib/gitian-descriptors/gitian-osx.yml +++ b/contrib/gitian-descriptors/gitian-osx.yml @@ -23,6 +23,7 @@ packages: - "imagemagick" - "libz-dev" - "python3" +- "python3-pip" - "python3-setuptools" - "fonts-tuffy" - "xorriso" @@ -78,6 +79,8 @@ script: | done } + pip3 install lief==0.11.4 + # Faketime for depends so intermediate results are comparable export PATH_orig=${PATH} create_global_faketime_wrappers "2000-01-01 12:00:00" diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index dbf1e8cc67..eabcdaa79d 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -22,6 +22,7 @@ packages: - "zip" - "ca-certificates" - "python3" +- "python3-pip" remotes: - "url": "https://github.com/bitcoin/bitcoin.git" "dir": "bitcoin" @@ -86,6 +87,8 @@ script: | done } + pip3 install lief==0.11.4 + # Faketime for depends so intermediate results are comparable export PATH_orig=${PATH} create_global_faketime_wrappers "2000-01-01 12:00:00" -- cgit v1.2.3 From 2e7a9f7ade0c7b31e762c0ddb9e0944a0d9c798e Mon Sep 17 00:00:00 2001 From: fanquake Date: Fri, 9 Apr 2021 10:12:14 +0800 Subject: guix: install LIEF in Guix container Co-authored-by: Carl Dong --- contrib/guix/manifest.scm | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index d493eab14a..c85aa0ebc9 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -27,9 +27,11 @@ (gnu packages version-control) (guix build-system font) (guix build-system gnu) + (guix build-system python) (guix build-system trivial) (guix download) (guix gexp) + (guix git-download) ((guix licenses) #:prefix license:) (guix packages) (guix profiles) @@ -192,6 +194,29 @@ chain for " target " development.")) "Thatcher Ulrich's first outline font design. He started with the goal of producing a neutral, readable sans-serif text font. There are lots of \"expressive\" fonts out there, but he wanted to start with something very plain and clean, something he might want to actually use. ") (license license:public-domain))) +(define-public lief + (package + (name "python-lief") + (version "0.11.4") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/lief-project/LIEF.git") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0h4kcwr9z478almjqhmils8imfpflzk0r7d05g4xbkdyknn162qf")))) + (build-system python-build-system) + (native-inputs + `(("cmake" ,cmake))) + (home-page "https://github.com/lief-project/LIEF") + (synopsis "Library to Instrument Executable Formats") + (description "Python library to to provide a cross platform library which can +parse, modify and abstract ELF, PE and MachO formats.") + (license license:asl2.0))) + (packages->manifest (append (list ;; The Basics @@ -227,6 +252,8 @@ chain for " target " development.")) python-3 ;; Git git + ;; Tests + lief ;; Native gcc 7 toolchain gcc-toolchain-7 (list gcc-toolchain-7 "static")) -- cgit v1.2.3 From 7e7eae7aa86ab95c44eed601f8c993285a256bbc Mon Sep 17 00:00:00 2001 From: fanquake Date: Wed, 7 Apr 2021 09:37:16 +0800 Subject: contrib: use f strings in security-check.py --- contrib/devtools/security-check.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index 7b09c42fde..7a0761ad15 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -285,24 +285,24 @@ def identify_executable(executable) -> Optional[str]: return None if __name__ == '__main__': - retval = 0 + retval: int = 0 for filename in sys.argv[1:]: try: etype = identify_executable(filename) if etype is None: - print('%s: unknown format' % filename) + print(f'{filename}: unknown format') retval = 1 continue - failed = [] + failed: List[str] = [] for (name, func) in CHECKS[etype]: if not func(filename): failed.append(name) if failed: - print('%s: failed %s' % (filename, ' '.join(failed))) + print(f'{filename}: failed {" ".join(failed)}') retval = 1 except IOError: - print('%s: cannot open' % filename) + print(f'{filename}: cannot open') retval = 1 sys.exit(retval) -- cgit v1.2.3 From a25b2e965c93fe2a46a2f8f1e7bdf5642d453511 Mon Sep 17 00:00:00 2001 From: fanquake Date: Wed, 7 Apr 2021 09:38:00 +0800 Subject: contrib: use LIEF for macOS security checks --- contrib/devtools/security-check.py | 54 +++++++++----------------------------- 1 file changed, 12 insertions(+), 42 deletions(-) diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index 7a0761ad15..bc65d9a9be 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -6,17 +6,17 @@ Perform basic security checks on a series of executables. Exit status will be 0 if successful, and the program will be silent. Otherwise the exit status will be 1 and it will log which executables failed which checks. -Needs `objdump` (for PE) and `otool` (for MACHO). +Needs `objdump` (for PE). ''' import subprocess import sys import os from typing import List, Optional +import lief import pixie OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') -OTOOL_CMD = os.getenv('OTOOL', '/usr/bin/otool') def run_command(command) -> str: p = subprocess.run(command, stdout=subprocess.PIPE, check=True, universal_newlines=True) @@ -184,71 +184,41 @@ def check_PE_NX(executable) -> bool: bits = get_PE_dll_characteristics(executable) return (bits & IMAGE_DLL_CHARACTERISTICS_NX_COMPAT) == IMAGE_DLL_CHARACTERISTICS_NX_COMPAT -def get_MACHO_executable_flags(executable) -> List[str]: - stdout = run_command([OTOOL_CMD, '-vh', executable]) - - flags: List[str] = [] - for line in stdout.splitlines(): - tokens = line.split() - # filter first two header lines - if 'magic' in tokens or 'Mach' in tokens: - continue - # filter ncmds and sizeofcmds values - flags += [t for t in tokens if not t.isdigit()] - return flags - def check_MACHO_PIE(executable) -> bool: ''' Check for position independent executable (PIE), allowing for address space randomization. ''' - flags = get_MACHO_executable_flags(executable) - if 'PIE' in flags: - return True - return False + binary = lief.parse(executable) + return binary.is_pie def check_MACHO_NOUNDEFS(executable) -> bool: ''' Check for no undefined references. ''' - flags = get_MACHO_executable_flags(executable) - if 'NOUNDEFS' in flags: - return True - return False + binary = lief.parse(executable) + return binary.header.has(lief.MachO.HEADER_FLAGS.NOUNDEFS) def check_MACHO_NX(executable) -> bool: ''' Check for no stack execution ''' - flags = get_MACHO_executable_flags(executable) - if 'ALLOW_STACK_EXECUTION' in flags: - return False - return True + binary = lief.parse(executable) + return binary.has_nx def check_MACHO_LAZY_BINDINGS(executable) -> bool: ''' Check for no lazy bindings. We don't use or check for MH_BINDATLOAD. See #18295. ''' - stdout = run_command([OTOOL_CMD, '-l', executable]) - - for line in stdout.splitlines(): - tokens = line.split() - if 'lazy_bind_off' in tokens or 'lazy_bind_size' in tokens: - if tokens[1] != '0': - return False - return True + binary = lief.parse(executable) + return binary.dyld_info.lazy_bind == (0,0) def check_MACHO_Canary(executable) -> bool: ''' Check for use of stack canary ''' - stdout = run_command([OTOOL_CMD, '-Iv', executable]) - - ok = False - for line in stdout.splitlines(): - if '___stack_chk_fail' in line: - ok = True - return ok + binary = lief.parse(executable) + return binary.has_symbol('___stack_chk_fail') CHECKS = { 'ELF': [ -- cgit v1.2.3 From 8e1f40dd9a5135dbdec2c25961fbd0729a42254c Mon Sep 17 00:00:00 2001 From: fanquake Date: Tue, 6 Apr 2021 10:03:03 +0800 Subject: contrib: use LIEF for PE security checks --- contrib/devtools/security-check.py | 44 +++++++------------------------------- 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index bc65d9a9be..2c44d67d33 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -6,22 +6,13 @@ Perform basic security checks on a series of executables. Exit status will be 0 if successful, and the program will be silent. Otherwise the exit status will be 1 and it will log which executables failed which checks. -Needs `objdump` (for PE). ''' -import subprocess import sys -import os from typing import List, Optional import lief import pixie -OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') - -def run_command(command) -> str: - p = subprocess.run(command, stdout=subprocess.PIPE, check=True, universal_newlines=True) - return p.stdout - def check_ELF_PIE(executable) -> bool: ''' Check for position independent executable (PIE), allowing for address space randomization. @@ -143,46 +134,27 @@ def check_ELF_separate_code(executable): return False return True -def get_PE_dll_characteristics(executable) -> int: - '''Get PE DllCharacteristics bits''' - stdout = run_command([OBJDUMP_CMD, '-x', executable]) - - bits = 0 - for line in stdout.splitlines(): - tokens = line.split() - if len(tokens)>=2 and tokens[0] == 'DllCharacteristics': - bits = int(tokens[1],16) - return bits - -IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020 -IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040 -IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100 - def check_PE_DYNAMIC_BASE(executable) -> bool: '''PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)''' - bits = get_PE_dll_characteristics(executable) - return (bits & IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE) == IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE + binary = lief.parse(executable) + return lief.PE.DLL_CHARACTERISTICS.DYNAMIC_BASE in binary.optional_header.dll_characteristics_lists # Must support high-entropy 64-bit address space layout randomization # in addition to DYNAMIC_BASE to have secure ASLR. def check_PE_HIGH_ENTROPY_VA(executable) -> bool: '''PIE: DllCharacteristics bit 0x20 signifies high-entropy ASLR''' - bits = get_PE_dll_characteristics(executable) - return (bits & IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA) == IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA + binary = lief.parse(executable) + return lief.PE.DLL_CHARACTERISTICS.HIGH_ENTROPY_VA in binary.optional_header.dll_characteristics_lists def check_PE_RELOC_SECTION(executable) -> bool: '''Check for a reloc section. This is required for functional ASLR.''' - stdout = run_command([OBJDUMP_CMD, '-h', executable]) - - for line in stdout.splitlines(): - if '.reloc' in line: - return True - return False + binary = lief.parse(executable) + return binary.has_relocations def check_PE_NX(executable) -> bool: '''NX: DllCharacteristics bit 0x100 signifies nxcompat (DEP)''' - bits = get_PE_dll_characteristics(executable) - return (bits & IMAGE_DLL_CHARACTERISTICS_NX_COMPAT) == IMAGE_DLL_CHARACTERISTICS_NX_COMPAT + binary = lief.parse(executable) + return binary.has_nx def check_MACHO_PIE(executable) -> bool: ''' -- cgit v1.2.3 From 0f5d77c8e4db691733edb455dd9e31dabe933b8d Mon Sep 17 00:00:00 2001 From: fanquake Date: Tue, 6 Apr 2021 10:13:06 +0800 Subject: contrib: add PE PIE check to security checks --- contrib/devtools/security-check.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index 2c44d67d33..4f4c9565fa 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -134,6 +134,14 @@ def check_ELF_separate_code(executable): return False return True +def check_PE_PIE(executable) -> bool: + ''' + Check for position independent executable (PIE), + allowing for address space randomization. + ''' + binary = lief.parse(executable) + return binary.is_pie + def check_PE_DYNAMIC_BASE(executable) -> bool: '''PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)''' binary = lief.parse(executable) @@ -201,6 +209,7 @@ CHECKS = { ('separate_code', check_ELF_separate_code), ], 'PE': [ + ('PIE', check_PE_PIE), ('DYNAMIC_BASE', check_PE_DYNAMIC_BASE), ('HIGH_ENTROPY_VA', check_PE_HIGH_ENTROPY_VA), ('NX', check_PE_NX), -- cgit v1.2.3 From a632cbcee5ae982f50aba625713b7686aef29168 Mon Sep 17 00:00:00 2001 From: fanquake Date: Wed, 7 Apr 2021 09:41:43 +0800 Subject: contrib: use f strings in symbol-check.py --- contrib/devtools/symbol-check.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py index 436f179d61..19eb4eaf9f 100755 --- a/contrib/devtools/symbol-check.py +++ b/contrib/devtools/symbol-check.py @@ -275,7 +275,7 @@ if __name__ == '__main__': try: etype = identify_executable(filename) if etype is None: - print('{}: unknown format'.format(filename)) + print(f'{filename}: unknown format') retval = 1 continue @@ -284,9 +284,9 @@ if __name__ == '__main__': if not func(filename): failed.append(name) if failed: - print('{}: failed {}'.format(filename, ' '.join(failed))) + print(f'{filename}: failed {" ".join(failed)}') retval = 1 except IOError: - print('{}: cannot open'.format(filename)) + print(f'{filename}: cannot open') retval = 1 sys.exit(retval) -- cgit v1.2.3 From e93ac26b8563576345c13e83c777dd39e7616b1e Mon Sep 17 00:00:00 2001 From: fanquake Date: Wed, 7 Apr 2021 09:42:08 +0800 Subject: contrib: use LIEF in macOS symbol checks --- contrib/devtools/symbol-check.py | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py index 19eb4eaf9f..a4ada73573 100755 --- a/contrib/devtools/symbol-check.py +++ b/contrib/devtools/symbol-check.py @@ -15,6 +15,7 @@ import sys import os from typing import List, Optional +import lief import pixie # Debian 8 (Jessie) EOL: 2020. https://wiki.debian.org/DebianReleases#Production_Releases @@ -53,7 +54,6 @@ IGNORE_EXPORTS = { } CPPFILT_CMD = os.getenv('CPPFILT', '/usr/bin/c++filt') OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') -OTOOL_CMD = os.getenv('OTOOL', '/usr/bin/otool') # Allowed NEEDED libraries ELF_ALLOWED_LIBRARIES = { @@ -203,24 +203,13 @@ def check_ELF_libraries(filename) -> bool: ok = False return ok -def macho_read_libraries(filename) -> List[str]: - p = subprocess.Popen([OTOOL_CMD, '-L', filename], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') - libraries = [] - for line in stdout.splitlines(): - tokens = line.split() - if len(tokens) == 1: # skip executable name - continue - libraries.append(tokens[0].split('/')[-1]) - return libraries - def check_MACHO_libraries(filename) -> bool: ok: bool = True - for dylib in macho_read_libraries(filename): - if dylib not in MACHO_ALLOWED_LIBRARIES: - print('{} is not in ALLOWED_LIBRARIES!'.format(dylib)) + binary = lief.parse(filename) + for dylib in binary.libraries: + split = dylib.name.split('/') + if split[-1] not in MACHO_ALLOWED_LIBRARIES: + print(f'{split[-1]} is not in ALLOWED_LIBRARIES!') ok = False return ok -- cgit v1.2.3 From 2aa1631822b2fdbc6cf7a3dcd99adaf4d2745ed4 Mon Sep 17 00:00:00 2001 From: fanquake Date: Tue, 6 Apr 2021 10:18:07 +0800 Subject: contrib: use LIEF in PE symbol checks --- contrib/devtools/symbol-check.py | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py index a4ada73573..d740a94560 100755 --- a/contrib/devtools/symbol-check.py +++ b/contrib/devtools/symbol-check.py @@ -53,7 +53,6 @@ IGNORE_EXPORTS = { 'environ', '_environ', '__environ', } CPPFILT_CMD = os.getenv('CPPFILT', '/usr/bin/c++filt') -OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') # Allowed NEEDED libraries ELF_ALLOWED_LIBRARIES = { @@ -213,23 +212,12 @@ def check_MACHO_libraries(filename) -> bool: ok = False return ok -def pe_read_libraries(filename) -> List[str]: - p = subprocess.Popen([OBJDUMP_CMD, '-x', filename], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') - libraries = [] - for line in stdout.splitlines(): - if 'DLL Name:' in line: - tokens = line.split(': ') - libraries.append(tokens[1]) - return libraries - def check_PE_libraries(filename) -> bool: ok: bool = True - for dylib in pe_read_libraries(filename): + binary = lief.parse(filename) + for dylib in binary.libraries: if dylib not in PE_ALLOWED_LIBRARIES: - print('{} is not in ALLOWED_LIBRARIES!'.format(dylib)) + print(f'{dylib} is not in ALLOWED_LIBRARIES!') ok = False return ok -- cgit v1.2.3 From 955140b3265d3bcb9504c61d73fbfdadfff8a2b2 Mon Sep 17 00:00:00 2001 From: fanquake Date: Mon, 12 Apr 2021 11:19:44 +0800 Subject: contrib: consolidate PIE and NX security checks --- contrib/devtools/security-check.py | 50 +++++++++++++++----------------------- 1 file changed, 19 insertions(+), 31 deletions(-) diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index 4f4c9565fa..b6628c2ad5 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -134,14 +134,6 @@ def check_ELF_separate_code(executable): return False return True -def check_PE_PIE(executable) -> bool: - ''' - Check for position independent executable (PIE), - allowing for address space randomization. - ''' - binary = lief.parse(executable) - return binary.is_pie - def check_PE_DYNAMIC_BASE(executable) -> bool: '''PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)''' binary = lief.parse(executable) @@ -159,18 +151,6 @@ def check_PE_RELOC_SECTION(executable) -> bool: binary = lief.parse(executable) return binary.has_relocations -def check_PE_NX(executable) -> bool: - '''NX: DllCharacteristics bit 0x100 signifies nxcompat (DEP)''' - binary = lief.parse(executable) - return binary.has_nx - -def check_MACHO_PIE(executable) -> bool: - ''' - Check for position independent executable (PIE), allowing for address space randomization. - ''' - binary = lief.parse(executable) - return binary.is_pie - def check_MACHO_NOUNDEFS(executable) -> bool: ''' Check for no undefined references. @@ -178,13 +158,6 @@ def check_MACHO_NOUNDEFS(executable) -> bool: binary = lief.parse(executable) return binary.header.has(lief.MachO.HEADER_FLAGS.NOUNDEFS) -def check_MACHO_NX(executable) -> bool: - ''' - Check for no stack execution - ''' - binary = lief.parse(executable) - return binary.has_nx - def check_MACHO_LAZY_BINDINGS(executable) -> bool: ''' Check for no lazy bindings. @@ -200,6 +173,21 @@ def check_MACHO_Canary(executable) -> bool: binary = lief.parse(executable) return binary.has_symbol('___stack_chk_fail') +def check_PIE(executable) -> bool: + ''' + Check for position independent executable (PIE), + allowing for address space randomization. + ''' + binary = lief.parse(executable) + return binary.is_pie + +def check_NX(executable) -> bool: + ''' + Check for no stack execution + ''' + binary = lief.parse(executable) + return binary.has_nx + CHECKS = { 'ELF': [ ('PIE', check_ELF_PIE), @@ -209,16 +197,16 @@ CHECKS = { ('separate_code', check_ELF_separate_code), ], 'PE': [ - ('PIE', check_PE_PIE), + ('PIE', check_PIE), ('DYNAMIC_BASE', check_PE_DYNAMIC_BASE), ('HIGH_ENTROPY_VA', check_PE_HIGH_ENTROPY_VA), - ('NX', check_PE_NX), + ('NX', check_NX), ('RELOC_SECTION', check_PE_RELOC_SECTION) ], 'MACHO': [ - ('PIE', check_MACHO_PIE), + ('PIE', check_PIE), ('NOUNDEFS', check_MACHO_NOUNDEFS), - ('NX', check_MACHO_NX), + ('NX', check_NX), ('LAZY_BINDINGS', check_MACHO_LAZY_BINDINGS), ('Canary', check_MACHO_Canary) ] -- cgit v1.2.3 From 7fc5e865b93af59364e9c8bf75ec68b4decc7e5d Mon Sep 17 00:00:00 2001 From: fanquake Date: Tue, 13 Apr 2021 12:40:15 +0800 Subject: test: install lief in CI --- ci/test/00_setup_env_mac_host.sh | 3 +-- ci/test/00_setup_env_native_multiprocess.sh | 3 ++- ci/test/04_install.sh | 3 +++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ci/test/00_setup_env_mac_host.sh b/ci/test/00_setup_env_mac_host.sh index e54e78add4..898c1530a1 100644 --- a/ci/test/00_setup_env_mac_host.sh +++ b/ci/test/00_setup_env_mac_host.sh @@ -7,12 +7,11 @@ export LC_ALL=C.UTF-8 export HOST=x86_64-apple-darwin18 -export PIP_PACKAGES="zmq" +export PIP_PACKAGES="zmq lief" export GOAL="install" export BITCOIN_CONFIG="--with-gui --enable-reduce-exports --enable-external-signer" export CI_OS_NAME="macos" export NO_DEPENDS=1 export OSX_SDK="" export CCACHE_SIZE=300M - export RUN_SECURITY_TESTS="true" diff --git a/ci/test/00_setup_env_native_multiprocess.sh b/ci/test/00_setup_env_native_multiprocess.sh index b8fa5c8854..37d714400b 100644 --- a/ci/test/00_setup_env_native_multiprocess.sh +++ b/ci/test/00_setup_env_native_multiprocess.sh @@ -8,9 +8,10 @@ export LC_ALL=C.UTF-8 export CONTAINER_NAME=ci_native_multiprocess export DOCKER_NAME_TAG=ubuntu:20.04 -export PACKAGES="cmake python3 llvm clang" +export PACKAGES="cmake python3 python3-pip llvm clang" export DEP_OPTS="DEBUG=1 MULTIPROCESS=1" export GOAL="install" export BITCOIN_CONFIG="--enable-external-signer --enable-debug CC=clang CXX=clang++" # Use clang to avoid OOM export TEST_RUNNER_ENV="BITCOIND=bitcoin-node" export RUN_SECURITY_TESTS="true" +export PIP_PACKAGES="lief" diff --git a/ci/test/04_install.sh b/ci/test/04_install.sh index 608acfc2cf..c3d83c84e3 100755 --- a/ci/test/04_install.sh +++ b/ci/test/04_install.sh @@ -67,6 +67,9 @@ if [[ $DOCKER_NAME_TAG == centos* ]]; then elif [ "$CI_USE_APT_INSTALL" != "no" ]; then ${CI_RETRY_EXE} DOCKER_EXEC apt-get update ${CI_RETRY_EXE} DOCKER_EXEC apt-get install --no-install-recommends --no-upgrade -y $PACKAGES $DOCKER_PACKAGES + if [ -n "$PIP_PACKAGES" ]; then + ${CI_RETRY_EXE} pip3 install --user $PIP_PACKAGES + fi fi if [ "$CI_OS_NAME" == "macos" ]; then -- cgit v1.2.3