Commit Graph

7 Commits

Author SHA1 Message Date
Cory Fields
aa26ee0101
release: Add security/export checks to gitian and fix current failures
- fix parsing of BIND_NOW with older readelf
- add _IO_stdin_used to ignored exports

For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109

- add check-symbols and check-security make targets

These are not added to the default checks because some of them depend on
release-build configs.

- always link librt for glibc back-compat builds

glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.

Fixes #7420

- add security/symbol checks to gitian

Github-Pull: #7424
Rebased-From: cd27bf51e06a8d79790a631696355bd05751b0aa 475813ba5b208eb9a5d027eb628a717cc123ef4f f3d3eaf78eb51238d799d8f20a585550d1567719 a8ce872118c4807465629aecb9e4f3d72d999ccb a81c87fafce43e49cc2307947e3951b84be7ca9a
2016-01-27 11:33:33 +01:00
Wladimir J. van der Laan
9f251b7a9d devtools: add libraries for bitcoin-qt to symbol check
Forgot to add these.
Also add a short description for each required library.
2015-11-16 16:39:23 +01:00
Wladimir J. van der Laan
579b863cd7 devtools: Add security-check.py
Perform the following ELF security checks:

- PIE: Check for position independent executable (PIE), allowing for address space randomization
- NX: Check that no sections are writable and executable (including the stack)
- RELRO: Check for read-only relocations, binding at startup
- Canary: Check for use of stack canary

Also add a check to symbol-check.py that checks that only the subset of
allowed libraries is imported (to avoid incompatibilities).
2015-10-22 03:35:38 +02:00
Michael Ford
78253fcbad Remove references to X11 licence 2014-12-16 15:56:50 +08:00
Wladimir J. van der Laan
27116e87cc
devtools: Exclude default exports from symbol-checker script
See discussion in #4663.
2014-08-17 10:07:46 +02:00
Wladimir J. van der Laan
202c95c216 devtools: have symbol check script check for exported symbols
After last commit, our executables should export no symbols anymore.  To
make sure that this stays the case, verify this in the symbol checker
script.
2014-04-30 15:30:39 +02:00
Wladimir J. van der Laan
74fc254c2b devtools: add script to check symbols from Linux gitian executables
Add a script to check that the (Linux) executables produced by gitian
only contain allowed gcc, glibc and libstdc++ version symbols.  This
makes sure they are still compatible with the minimum supported Linux
distribution versions.
2014-04-25 12:19:37 +02:00