[Buildroot] [PATCH 1/1] paxtest: new package

[Buildroot] [PATCH 1/1] paxtest: new package

[Matt Weber]

PaX regression test suite

Signed-off-by: David Graziano <david.graziano@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
 package/Config.in                                  |  1 +
 .../0001-genpaxtest-move-log-location.patch        | 54 ++++++++++++++++++++++
 package/paxtest/Config.in                          |  5 ++
 package/paxtest/paxtest.hash                       |  2 +
 package/paxtest/paxtest.mk                         | 30 ++++++++++++
 5 files changed, 92 insertions(+)
 create mode 100644 package/paxtest/0001-genpaxtest-move-log-location.patch
 create mode 100644 package/paxtest/Config.in
 create mode 100644 package/paxtest/paxtest.hash
 create mode 100644 package/paxtest/paxtest.mk

diff --git a/package/Config.in b/package/Config.in
index c997e2a..b9d5f9b 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1774,6 +1774,7 @@ endmenu
 
 menu "Security"
 	source "package/checkpolicy/Config.in"
+	source "package/paxtest/Config.in"
 	source "package/policycoreutils/Config.in"
 	source "package/refpolicy/Config.in"
 	source "package/sepolgen/Config.in"
diff --git a/package/paxtest/0001-genpaxtest-move-log-location.patch b/package/paxtest/0001-genpaxtest-move-log-location.patch
new file mode 100644
index 0000000..9fc898d
--- /dev/null
+++ b/package/paxtest/0001-genpaxtest-move-log-location.patch
@@ -0,0 +1,54 @@
+From 623d99e4f557ef9cd771006e4f916c12d22a07a8 Mon Sep 17 00:00:00 2001
+From: David Graziano <david.graziano@rockwellcollins.com>
+Date: Mon, 12 Jun 2017 10:41:45 -0500
+Subject: [PATCH] genpaxtest: move log location
+
+Move log location to /tmp instead of local directory.
+(For read-only filesystems)
+
+Signed-off-by: David Graziano <david.graziano@rockwellcollins.com>
+---
+ genpaxtest | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/genpaxtest b/genpaxtest
+index 5a22e15..d62b15e 100644
+--- a/genpaxtest
++++ b/genpaxtest
+@@ -43,26 +43,26 @@ else
+ fi
+ export LD_LIBRARY_PATH
+ 
+-cat <<__end__ | tee paxtest.log
++cat <<__end__ | tee /tmp/paxtest.log
+ PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
+ Released under the GNU Public Licence version 2 or later
+ 
+ __end__
+ 
+-echo "Mode: \$1" >>paxtest.log
+-uname -a >>paxtest.log
+-echo >>paxtest.log
++echo "Mode: \$1" >>/tmp/paxtest.log
++uname -a >>/tmp/paxtest.log
++echo >>/tmp/paxtest.log
+ 
+-echo 'Writing output to paxtest.log'
++echo 'Writing output to /tmp/paxtest.log'
+ echo 'It may take a while for the tests to complete'
+ 
+ for i in $*
+ do
+ 	${RUNDIR}/\$i
+-done >>paxtest.log 2>&1
++done >>/tmp/paxtest.log 2>&1
+ 
+ echo "Test results:"
+-cat paxtest.log
++cat /tmp/paxtest.log
+ 
+ echo
+ 
+-- 
+1.9.1
+
diff --git a/package/paxtest/Config.in b/package/paxtest/Config.in
new file mode 100644
index 0000000..f5ed60d
--- /dev/null
+++ b/package/paxtest/Config.in
@@ -0,0 +1,5 @@
+config BR2_PACKAGE_PAXTEST
+	bool "paxtest"
+	depends on BR2_TOOLCHAIN_USES_GLIBC
+	help
+	  PaX regression test suite
diff --git a/package/paxtest/paxtest.hash b/package/paxtest/paxtest.hash
new file mode 100644
index 0000000..3fe4ee5
--- /dev/null
+++ b/package/paxtest/paxtest.hash
@@ -0,0 +1,2 @@
+# Locally computed:
+sha256	c36fbc1c95d11b2c8c92ae8a9a1a40dbe98c7f6725621c7a46807a022a18a54c  paxtest_0.9.11.orig.tar.gz
diff --git a/package/paxtest/paxtest.mk b/package/paxtest/paxtest.mk
new file mode 100644
index 0000000..bc4b9e5
--- /dev/null
+++ b/package/paxtest/paxtest.mk
@@ -0,0 +1,30 @@
+################################################################################
+#
+# paxtest
+#
+################################################################################
+
+PAXTEST_VERSION = 0.9.11
+PAXTEST_SOURCE = paxtest_$(PAXTEST_VERSION).orig.tar.gz
+PAXTEST_SITE = http://http.debian.net/debian/pool/main/p/paxtest
+PAXTEST_LICENSE = GPL-2.0+
+PAXTEST_LICENSE_FILES = README
+
+PAXTEST_MAKE_OPTS = \
+	CC=$(TARGET_CC) \
+	LD=$(TARGET_LD)
+
+PAXTEST_INSTALL_TARGET_OPTS = \
+	DESTDIR=$(TARGET_DIR) \
+	BINDIR="usr/bin" \
+	RUNDIR="usr/lib"
+
+define PAXTEST_BUILD_CMDS
+	$(MAKE) -C $(@D) $(PAXTEST_MAKE_OPTS) linux
+endef
+
+define PAXTEST_INSTALL_TARGET_CMDS
+	$(MAKE) -C $(@D) -f Makefile.psm install $(PAXTEST_INSTALL_TARGET_OPTS)
+endef
+
+$(eval $(generic-package))
-- 
1.9.1

[Buildroot] [PATCH 1/1] paxtest: new package

[Thomas Petazzoni]

Hello,

Thanks for this contribution. A few comments below. Could you address
them, and send an updated version? Thanks!

On Mon, 19 Jun 2017 16:14:36 -0500, Matt Weber wrote:

>  package/Config.in                                  |  1 +
>  .../0001-genpaxtest-move-log-location.patch        | 54 ++++++++++++++++++++++
>  package/paxtest/Config.in                          |  5 ++
>  package/paxtest/paxtest.hash                       |  2 +
>  package/paxtest/paxtest.mk                         | 30 ++++++++++++

Missing entry in DEVELOPERS file.


> diff --git a/package/paxtest/0001-genpaxtest-move-log-location.patch b/package/paxtest/0001-genpaxtest-move-log-location.patch
> new file mode 100644
> index 0000000..9fc898d
> --- /dev/null
> +++ b/package/paxtest/0001-genpaxtest-move-log-location.patch
> @@ -0,0 +1,54 @@
> +From 623d99e4f557ef9cd771006e4f916c12d22a07a8 Mon Sep 17 00:00:00 2001
> +From: David Graziano <david.graziano@rockwellcollins.com>
> +Date: Mon, 12 Jun 2017 10:41:45 -0500
> +Subject: [PATCH] genpaxtest: move log location
> +
> +Move log location to /tmp instead of local directory.
> +(For read-only filesystems)

Is /tmp really the right place? What about /var/log instead?


> diff --git a/package/paxtest/Config.in b/package/paxtest/Config.in
> new file mode 100644
> index 0000000..f5ed60d
> --- /dev/null
> +++ b/package/paxtest/Config.in
> @@ -0,0 +1,5 @@
> +config BR2_PACKAGE_PAXTEST
> +	bool "paxtest"
> +	depends on BR2_TOOLCHAIN_USES_GLIBC

Could you please add a comment about why we have this glibc dependency?

> +	help
> +	  PaX regression test suite

Please add a blank line, followed by the upstream URL of the project.

And also a Config.in comment about the glibc dependency.

> +PAXTEST_VERSION = 0.9.11
> +PAXTEST_SOURCE = paxtest_$(PAXTEST_VERSION).orig.tar.gz
> +PAXTEST_SITE = http://http.debian.net/debian/pool/main/p/paxtest

What about using the latest version, 0.9.15, available at
https://www.grsecurity.net/~spender/paxtest-0.9.15.tar.gz. It is the
one used by Gentoo, for example.

> +PAXTEST_LICENSE = GPL-2.0+
> +PAXTEST_LICENSE_FILES = README
> +
> +PAXTEST_MAKE_OPTS = \
> +	CC=$(TARGET_CC) \
> +	LD=$(TARGET_LD)

Is it possible to use $(TARGET_CONFIGURE_OPTS) instead?

> +
> +PAXTEST_INSTALL_TARGET_OPTS = \
> +	DESTDIR=$(TARGET_DIR) \
> +	BINDIR="usr/bin" \
> +	RUNDIR="usr/lib"

Both PAXTEST_MAKE_OPTS and PAXTEST_INSTALL_TARGET_OPTS are used only
once, so don't define variable: just use them directly where needed.

> +
> +define PAXTEST_BUILD_CMDS
> +	$(MAKE) -C $(@D) $(PAXTEST_MAKE_OPTS) linux

Please pass $(TARGET_MAKE_ENV) before $(MAKE).

> +endef
> +
> +define PAXTEST_INSTALL_TARGET_CMDS
> +	$(MAKE) -C $(@D) -f Makefile.psm install $(PAXTEST_INSTALL_TARGET_OPTS)

Ditto.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

[Buildroot] [PATCH 1/1] paxtest: new package

[Matthew Weber]

Thomas,

On Wed, Jun 21, 2017 at 3:29 PM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> Thanks for this contribution. A few comments below. Could you address
> them, and send an updated version? Thanks!
>
> On Mon, 19 Jun 2017 16:14:36 -0500, Matt Weber wrote:
>
<snip>

We'll take a look!

Matt

[Buildroot] [PATCH 1/1] paxtest: new package

[Matthew Weber]

Thomas, All.

On Wed, Jun 21, 2017 at 3:29 PM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>

<snip>

>> +config BR2_PACKAGE_PAXTEST
>> +     bool "paxtest"
>> +     depends on BR2_TOOLCHAIN_USES_GLIBC
>
> Could you please add a comment about why we have this glibc dependency?
>

I started to look into this and I've found a few changes so far.....
1) It will require the "depends on BR2_TOOLCHAIN_USES_GLIBC" but I'll
add the following justification
        # No UCLIBC or MUSL because __NO_A_OUT_SUPPORT

2) Still looking into these assembler errors.  They don't seem to be
dependent on GCC version. (armv5-ctng-linux-gnueabi GCC4.8 /
sourcery-arm-armv4t GCC4.8  / sourcery-arm GCC4.8  /br-nios2-glibc
GCC6.0 )
    /home/buildroot/paxtest_gcc_GLIBC/armv5-ctng-linux-gnueabi/host/usr/bin/armv5-ctng-linux-gnueabi-gcc
 -o chpax chpax-0.7/aout.o chpax-0.7/chpax.o chpax-0.7/elf32.o
chpax-0.7/elf64.o chpax-0.7/flags.o chpax-0.7/io.o
    /home/buildroot/paxtest_gcc_GLIBC/armv5-ctng-linux-gnueabi/host/usr/bin/armv5-ctng-linux-gnueabi-gcc
-O2 -Wa,--noexecstack -U_FORTIFY_SOURCE -DRUNDIR=\".\"
-fno-stack-protector   -fPIC -o shlibtest.o -c shlibtest.c
    /tmp/ccoq8vb7.s: Assembler messages:
    /tmp/ccoq8vb7.s:27: Error: alignment too large: 15 assumed
    make[3]: *** [shlibtest.o] Error 1

Matt