diff options
Diffstat (limited to 't/recipes/checks/binaries/rpath/binaries-general')
9 files changed, 139 insertions, 0 deletions
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values new file mode 100644 index 0000000..a24247d --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-general +Description: Misc errors related to binaries +Package-Architecture: any diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile new file mode 100644 index 0000000..cf0f211 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,/usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,/usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,/usr/share/foo + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,/usr/lib/binaries-general:/usr/lib/binaries-general/bar + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> +#include <string.h> + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include <stdio.h> + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/rpath/binaries-general/eval/desc b/t/recipes/checks/binaries/rpath/binaries-general/eval/desc new file mode 100644 index 0000000..6e7e185 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-general +Check: binaries/rpath diff --git a/t/recipes/checks/binaries/rpath/binaries-general/eval/hints b/t/recipes/checks/binaries/rpath/binaries-general/eval/hints new file mode 100644 index 0000000..367a9a3 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/eval/hints @@ -0,0 +1,3 @@ +binaries-general (binary): custom-library-search-path RUNPATH /usr/share/foo [usr/lib/foo/basicshippedrpath] +binaries-general (binary): custom-library-search-path RUNPATH /usr/local/lib [usr/share/foo/basic] +binaries-general (binary): custom-library-search-path RUNPATH /usr/lib [usr/lib/foo/basiclibrpath] diff --git a/t/recipes/checks/binaries/rpath/binaries-general/eval/post-test b/t/recipes/checks/binaries/rpath/binaries-general/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d |