pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mk/check mk: Add support for SSP checks.
details: https://anonhg.NetBSD.org/pkgsrc/rev/d5676f411085
branches: trunk
changeset: 369702:d5676f411085
user: jperkin <jperkin%pkgsrc.org@localhost>
date: Tue Oct 03 09:43:06 2017 +0000
description:
mk: Add support for SSP checks.
diffstat:
mk/check/bsd.check-vars.mk | 10 ++++-
mk/check/bsd.check.mk | 3 +-
mk/check/check-ssp-elf.awk | 93 ++++++++++++++++++++++++++++++++++++++++++++++
mk/check/check-ssp.mk | 89 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 193 insertions(+), 2 deletions(-)
diffs (238 lines):
diff -r 76e8b8200102 -r d5676f411085 mk/check/bsd.check-vars.mk
--- a/mk/check/bsd.check-vars.mk Tue Oct 03 09:38:16 2017 +0000
+++ b/mk/check/bsd.check-vars.mk Tue Oct 03 09:43:06 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.check-vars.mk,v 1.9 2017/07/04 18:29:24 khorben Exp $
+# $NetBSD: bsd.check-vars.mk,v 1.10 2017/10/03 09:43:06 jperkin Exp $
#
# This Makefile fragment is included separately by bsd.pkg.mk and
# defines some variables which must be defined earlier than where
@@ -8,8 +8,10 @@
CHECK_FILES_SUPPORTED?= yes
CHECK_RELRO_SUPPORTED?= yes
CHECK_SHLIBS_SUPPORTED?= yes
+CHECK_SSP_SUPPORTED?= yes
_OPSYS_CAN_CHECK_RELRO?= ${_OPSYS_CAN_CHECK_SHLIBS}
+_OPSYS_CAN_CHECK_SSP?= ${_OPSYS_CAN_CHECK_SHLIBS}
.if ${_OPSYS_CAN_CHECK_RELRO:tl} == "yes"
_USE_CHECK_RELRO_NATIVE= yes
@@ -23,4 +25,10 @@
_USE_CHECK_SHLIBS_NATIVE= no
.endif
+.if ${_OPSYS_CAN_CHECK_SSP:tl} == "yes"
+_USE_CHECK_SSP_NATIVE= yes
+.else
+_USE_CHECK_SSP_NATIVE= no
+.endif
+
USE_TOOLS+= awk cat cmp diff echo find grep rm sed test touch true
diff -r 76e8b8200102 -r d5676f411085 mk/check/bsd.check.mk
--- a/mk/check/bsd.check.mk Tue Oct 03 09:38:16 2017 +0000
+++ b/mk/check/bsd.check.mk Tue Oct 03 09:43:06 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.check.mk,v 1.9 2017/07/04 18:29:24 khorben Exp $
+# $NetBSD: bsd.check.mk,v 1.10 2017/10/03 09:43:06 jperkin Exp $
#
# This Makefile fragment is included by bsd.pkg.mk and provides all
# variables and targets related to build and install checks.
@@ -32,6 +32,7 @@
.include "check-portability.mk"
.include "check-relro.mk"
.include "check-shlibs.mk"
+.include "check-ssp.mk"
.include "check-stripped.mk"
.include "check-vulnerable.mk"
.include "check-wrkref.mk"
diff -r 76e8b8200102 -r d5676f411085 mk/check/check-ssp-elf.awk
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mk/check/check-ssp-elf.awk Tue Oct 03 09:43:06 2017 +0000
@@ -0,0 +1,93 @@
+# $NetBSD: check-ssp-elf.awk,v 1.1 2017/10/03 09:43:06 jperkin Exp $
+#
+# Copyright (c) 2007 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
+# Copyright (c) 2017 Pierre Pronchery <khorben%NetBSD.org@localhost>.
+# All rights reserved.
+#
+# This code is derived from software contributed to The NetBSD Foundation
+# by Joerg Sonnenberger.
+#
+# Originally developed as part of Google's Summer of Code 2007 program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+#
+# Read a list of potential ELF binaries from stdin.
+# For each, extract the list of program headers.
+# Check that the SSP library is present.
+#
+
+function shquote(IN, out) {
+ out = IN;
+ gsub("\\\\", "\\\\", out);
+ gsub("\\\n", "\\n", out);
+ gsub("\\\t", "\\t", out);
+ gsub(" ", "\\ ", out);
+ gsub("'", "\\'", out);
+ gsub("`", "\\`", out);
+ gsub("\"", "\\\"", out);
+ gsub(";", "\\;", out);
+ gsub("&", "\\&", out);
+ gsub("<", "\\<", out);
+ gsub(">", "\\>", out);
+ gsub("\\(", "\\(", out);
+ gsub("\\)", "\\)", out);
+ gsub("\\|", "\\|", out);
+ gsub("\\*", "\\*", out);
+ gsub("\\?", "\\?", out);
+ gsub("\\{", "\\{", out);
+ gsub("\\}", "\\}", out);
+ gsub("\\[", "\\[", out);
+ gsub("\\]", "\\]", out);
+ gsub("\\$", "\\$", out);
+ gsub("!", "\\!", out);
+ gsub("#", "\\#", out);
+ gsub("\\^", "\\^", out);
+ gsub("~", "\\~", out);
+ return out;
+}
+
+function checkssp(ELF, got_ssp, found) {
+ cmd = readelf " -Wd " shquote(ELF) " 2>/dev/null"
+ while ((cmd | getline) > 0) {
+ found = 1
+ if ($2 == "(NEEDED)" && $5 ~ /libssp/) {
+ got_ssp = 1
+ break
+ }
+ }
+ close(cmd)
+ if (found == 1 && got_ssp != 1) {
+ print ELF ": missing SSP"
+ }
+}
+
+BEGIN {
+ readelf = ENVIRON["READELF"]
+ if (readelf == "")
+ readelf = "readelf"
+}
+
+{ checkssp($0); }
diff -r 76e8b8200102 -r d5676f411085 mk/check/check-ssp.mk
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mk/check/check-ssp.mk Tue Oct 03 09:43:06 2017 +0000
@@ -0,0 +1,89 @@
+# $NetBSD: check-ssp.mk,v 1.1 2017/10/03 09:43:06 jperkin Exp $
+#
+# This file verifies that SSP was applied accordingly at build-time.
+#
+# User-settable variables:
+#
+# CHECK_SSP
+# Whether the check should be enabled or not.
+#
+# Default value: "yes" for PKG_DEVELOPERs, "no" otherwise.
+#
+# Package-settable variables:
+#
+# CHECK_SSP_SKIP
+# A list of shell patterns (like man/*) that should be excluded
+# from the check. Note that a * in a pattern also matches a slash
+# in a pathname.
+#
+# Default value: empty.
+#
+# CHECK_SSP_SUPPORTED
+# Whether the check should be enabled for this package or not.
+#
+# Default value: yes
+#
+
+_VARGROUPS+= check-ssp
+_USER_VARS.check-ssp= CHECK_SSP
+_PKG_VARS.check-ssp= CHECK_SSP_SUPPORTED
+
+.if ${_PKGSRC_USE_SSP:Uno} != "no" && \
+ ${PKG_DEVELOPER:Uno} != "no"
+CHECK_SSP?= yes
+.else
+CHECK_SSP?= no
+.endif
+CHECK_SSP_SUPPORTED?= yes
+CHECK_SSP_SKIP?= # none
+
+# All binaries and shared libraries.
+_CHECK_SSP_ERE= (bin/|sbin/|libexec/|\.so$$|lib/lib.*\.so)
+
+_CHECK_SSP_FILELIST_CMD?= ${SED} -e '/^@/d' ${PLIST} | \
+ (while read file; do \
+ ${TEST} -h "$$file" || ${ECHO} "$$file"; \
+ done)
+
+.if !empty(CHECK_SSP:M[Yy][Ee][Ss]) && \
+ !empty(CHECK_SSP_SUPPORTED:M[Yy][Ee][Ss])
+privileged-install-hook: _check-ssp
+.endif
+
+.if ${_USE_CHECK_SSP_NATIVE} == "yes"
+CHECK_SSP_NATIVE_ENV=
+. if ${OBJECT_FMT} == "ELF"
+USE_TOOLS+= readelf
+CHECK_SSP_NATIVE= ${PKGSRCDIR}/mk/check/check-ssp-elf.awk
+CHECK_SSP_NATIVE_ENV+= PLATFORM_RPATH=${_OPSYS_SYSTEM_RPATH:Q}
+CHECK_SSP_NATIVE_ENV+= READELF=${TOOLS_PATH.readelf:Q}
+. endif
+CHECK_SSP_NATIVE_ENV+= CROSS_DESTDIR=${_CROSS_DESTDIR:Q}
+CHECK_SSP_NATIVE_ENV+= PKG_INFO_CMD=${PKG_INFO:Q}
+CHECK_SSP_NATIVE_ENV+= DEPENDS_FILE=${_RRDEPENDS_FILE:Q}
+CHECK_SSP_NATIVE_ENV+= DESTDIR=${DESTDIR:Q}
+CHECK_SSP_NATIVE_ENV+= WRKDIR=${WRKDIR:Q}
+. if defined(CHECK_WRKREF) && !empty(CHECK_WRKREF:Mextra)
+CHECK_SSP_NATIVE_ENV+= CHECK_WRKREF_EXTRA_DIRS=${CHECK_WRKREF_EXTRA_DIRS:Q}
+. endif
+
+_check-ssp: error-check .PHONY
+ @${STEP_MSG} "Checking for SSP in ${PKGNAME}"
+ ${RUN} rm -f ${ERROR_DIR}/${.TARGET}
+ ${RUN} \
+ cd ${DESTDIR:Q}${PREFIX:Q}; \
+ ${_CHECK_SSP_FILELIST_CMD} | \
+ ${EGREP} -h ${_CHECK_SSP_ERE:Q} | \
+ while read file; do \
+ case "$$file" in \
+ ${CHECK_SSP_SKIP:@p@${p}) continue ;;@} \
+ *) ;; \
+ esac; \
+ ${ECHO} $$file; \
+ done | \
+ ${PKGSRC_SETENV} ${CHECK_SSP_NATIVE_ENV} ${AWK} -f ${CHECK_SSP_NATIVE} > ${ERROR_DIR}/${.TARGET}
+
+.else
+_check-ssp: error-check .PHONY
+ @${WARNING_MSG} "Skipping check for SSP in DESTDIR mode."
+.endif
Home |
Main Index |
Thread Index |
Old Index