From aa26ee010198a1cc4d3e7e62cd0ab80807ba66a4 Mon Sep 17 00:00:00 2001 From: Cory Fields Date: Tue, 26 Jan 2016 14:50:50 -0500 Subject: release: Add security/export checks to gitian and fix current failures - fix parsing of BIND_NOW with older readelf - add _IO_stdin_used to ignored exports For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109 - add check-symbols and check-security make targets These are not added to the default checks because some of them depend on release-build configs. - always link librt for glibc back-compat builds glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to link in anyway for back-compat. Fixes #7420 - add security/symbol checks to gitian Github-Pull: #7424 Rebased-From: cd27bf51e06a8d79790a631696355bd05751b0aa 475813ba5b208eb9a5d027eb628a717cc123ef4f f3d3eaf78eb51238d799d8f20a585550d1567719 a8ce872118c4807465629aecb9e4f3d72d999ccb a81c87fafce43e49cc2307947e3951b84be7ca9a --- contrib/gitian-descriptors/gitian-linux.yml | 2 ++ contrib/gitian-descriptors/gitian-win.yml | 1 + 2 files changed, 3 insertions(+) (limited to 'contrib/gitian-descriptors') diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index d13ae8b10c..d034a91303 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -96,6 +96,8 @@ script: | ./configure --prefix=${BASEPREFIX}/${i} --bindir=${INSTALLPATH}/bin --includedir=${INSTALLPATH}/include --libdir=${INSTALLPATH}/lib --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} make ${MAKEOPTS} + make ${MAKEOPTS} -C src check-security + make ${MAKEOPTS} -C src check-symbols make install-strip cd installed find . -name "lib*.la" -delete diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index 66077e0d5b..bcc6c4629e 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -126,6 +126,7 @@ script: | ./configure --prefix=${BASEPREFIX}/${i} --bindir=${INSTALLPATH}/bin --includedir=${INSTALLPATH}/include --libdir=${INSTALLPATH}/lib --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} make ${MAKEOPTS} + make ${MAKEOPTS} -C src check-security make deploy make install-strip cp -f bitcoin-*setup*.exe $OUTDIR/ -- cgit v1.2.3