summaryrefslogtreecommitdiffstats
path: root/t/recipes/checks/binaries/hardening/wrong-binary-architecture
diff options
context:
space:
mode:
Diffstat (limited to 't/recipes/checks/binaries/hardening/wrong-binary-architecture')
-rw-r--r--t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/install1
-rwxr-xr-xt/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/rules22
-rw-r--r--t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/fill-values6
-rw-r--r--t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/Makefile37
-rw-r--r--t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/hello.c8
-rw-r--r--t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/desc2
-rw-r--r--t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/hints1
7 files changed, 77 insertions, 0 deletions
diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/install b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/install
new file mode 100644
index 0000000..c10e578
--- /dev/null
+++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/install
@@ -0,0 +1 @@
+foreign-binary usr/bin
diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/rules b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/rules
new file mode 100755
index 0000000..2ce6f53
--- /dev/null
+++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/rules
@@ -0,0 +1,22 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+%:
+ dh $@
+
+override_dh_strip:
+ # do not try to strip cross-compiled binaries with native tooling
+
+override_dh_shlibdeps:
+ # do not try to include missing libraries
+
+override_dh_dwz:
+ # cross-compiled binaries do not always seem to have a debug section
+
+# In Ubuntu, dh does not catch this file by default.
+# They have diffed it to reduce the size of packages.
+ifneq (,$(strip $(wildcard Changes)))
+override_dh_installchangelogs:
+ dh_installchangelogs Changes
+endif
diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/fill-values b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/fill-values
new file mode 100644
index 0000000..24f607a
--- /dev/null
+++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/fill-values
@@ -0,0 +1,6 @@
+Skeleton: upload-native
+Testname: wrong-binary-architecture
+Description: Binary architecture does not match package declaration
+Package-Architecture: any
+Extra-Build-Depends:
+ gcc-arm-linux-gnueabihf [amd64 i386], gcc-x86-64-linux-gnu [!amd64 !i386]
diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/Makefile b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/Makefile
new file mode 100644
index 0000000..bf92eaf
--- /dev/null
+++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/Makefile
@@ -0,0 +1,37 @@
+# This test works on amd64 when the cross-compiler for armhf is installed.
+#
+# The build prerequisite was not added to Lintian, however, since it was
+# not clear how the architecture would be enabled in the Gitlab CI
+# runner.
+#
+# On amd64 or i386, please follow these steps to run the test:
+#
+# dpkg --add-architecture armhf
+# apt update
+# apt install gcc-arm-linux-gnueabihf
+#
+# On all other architectures this may work, but was not tested:
+#
+# dpkg --add-architecture amd64
+# apt update
+# apt install gcc-x86-64-linux-gnu
+#
+# (Taken from: https://wiki.debian.org/CrossToolchains)
+
+ARCH := $(shell dpkg-architecture -qDEB_HOST_ARCH)
+
+ifeq ($(ARCH),amd64)
+CC := arm-linux-gnueabihf-gcc
+else
+CC := x86_64-linux-gnu-gcc
+endif
+
+foreign-binary: hello.c
+ $(CC) $^ -o $@
+
+.PHONY: clean
+clean:
+ rm -f foreign-binary
+
+.PHONY: clean
+distclean: clean
diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/hello.c b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/hello.c
new file mode 100644
index 0000000..2fb04e1
--- /dev/null
+++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/hello.c
@@ -0,0 +1,8 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[]) {
+
+ printf("Hello, World!\n");
+ exit(0);
+}
diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/desc b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/desc
new file mode 100644
index 0000000..b5d2db5
--- /dev/null
+++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/desc
@@ -0,0 +1,2 @@
+Testname: wrong-binary-architecture
+Check: binaries/hardening
diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/hints b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/hints
new file mode 100644
index 0000000..68d4010
--- /dev/null
+++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/hints
@@ -0,0 +1 @@
+wrong-binary-architecture (binary): hardening-no-bindnow [usr/bin/foreign-binary]
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-04 06:10:26 +0000