From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v2 6/6] support/testing/tests/core: SSP & hardening flags
Date: Fri, 10 Aug 2018 23:18:52 +0200 [thread overview]
Message-ID: <20180810231852.70f9a004@windsurf> (raw)
In-Reply-To: <20180717030420.12009-1-matthew.weber@rockwellcollins.com>
Hello,
On Mon, 16 Jul 2018 22:04:20 -0500, Matt Weber wrote:
> diff --git a/support/testing/tests/core/test_hardening.py b/support/testing/tests/core/test_hardening.py
> new file mode 100644
> index 0000000000..d3eb0941d3
> --- /dev/null
> +++ b/support/testing/tests/core/test_hardening.py
> @@ -0,0 +1,112 @@
> +import os
> +import subprocess
> +import json
> +
> +import infra.basetest
> +
> +HARD_DEFCONFIG = \
> + """
> + BR2_powerpc64=y
> + BR2_powerpc_e5500=y
> + BR2_TOOLCHAIN_EXTERNAL=y
> + BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
> + BR2_TOOLCHAIN_EXTERNAL_URL="https://toolchains.bootlin.com/downloads/releases/toolchains/powerpc64-e5500/tarballs/powerpc64-e5500--glibc--stable-2018.02-2.tar.bz2"
> + BR2_TOOLCHAIN_EXTERNAL_GCC_6=y
> + BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_1=y
> + BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y
> + BR2_TOOLCHAIN_EXTERNAL_CXX=y
> + BR2_PACKAGE_LIGHTTPD=y
> + BR2_PACKAGE_HOST_CHECKSEC=y
> + # BR2_TARGET_ROOTFS_TAR is not set
> + """
> +
> +
> +def checksec_run(builddir, target_file):
> + cmd = ["host/bin/checksec", "--output", "json", "--file", target_file]
I'm even more confused now. I thought checksec didn't work in a
cross-compiled situation. Could you clarify ?
> + ret = subprocess.check_output(cmd,
> + stderr=open(os.devnull, "w"),
> + cwd=builddir,
> + env={"LANG": "C"})
> + return ret
Perhaps this function should also do the json.loads and return only
out["file"] to avoid duplicating this everywhere in the below classes ?
Also, using inheritance would be better here:
class TestHardeningBase(infra.basetest.BRTest):
config = """
... the base defconfig ...
"""
checksec_files = ["usr/sbin/lighttpd", "bin/busybox"]
def checksec_run(self, target_file):
filepath = os.path.join(self.builddir, "target", target_file)
...
class TestHardeningRelRo(TestHardeningBase):
config = TestHardeningBase.config +
"""
...
"""
def test_run():
for f in checksec_files:
out = self.checksec_run(f)
self.assertEqual(out["relro"], "full")
self.assertEqual(out["pie"], "yes")
and ditto for the other tests.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2018-08-10 21:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-17 3:04 [Buildroot] [PATCH v2 6/6] support/testing/tests/core: SSP & hardening flags Matt Weber
2018-07-17 8:06 ` Thomas Petazzoni
2018-07-17 11:25 ` Matthew Weber
2018-07-17 11:28 ` Thomas Petazzoni
2018-07-18 0:20 ` Ricardo Martincoski
2018-08-10 21:18 ` Thomas Petazzoni [this message]
2018-08-11 0:49 ` Matthew Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180810231852.70f9a004@windsurf \
--to=thomas.petazzoni@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.