diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index bee8f3cc1..43c825bde 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -1,4 +1,4 @@ -#!/usr/bin/python2 +#!/usr/bin/env python ''' Perform basic ELF security checks on a series of executables. Exit status will be 0 if successful, and the program will be silent. @@ -6,6 +6,7 @@ Otherwise the exit status will be 1 and it will log which executables failed whi Needs `readelf` (for ELF) and `objdump` (for PE). ''' from __future__ import division,print_function,unicode_literals +import struct import subprocess import sys import os @@ -171,6 +172,8 @@ CHECKS = { ('DYNAMIC_BASE', check_PE_DYNAMIC_BASE), ('HIGH_ENTROPY_VA', check_PE_HIGH_ENTROPY_VA), ('NX', check_PE_NX) +], +'MachO64': [ ] } @@ -181,6 +184,8 @@ def identify_executable(executable): return 'PE' elif magic.startswith(b'\x7fELF'): return 'ELF' + elif struct.unpack('I', magic)[0] == 0xFEEDFACF: + return 'MachO64' return None if __name__ == '__main__': diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py index 900a80dcf..52b48ef74 100755 --- a/contrib/devtools/symbol-check.py +++ b/contrib/devtools/symbol-check.py @@ -1,4 +1,4 @@ -#!/usr/bin/python2 +#!/usr/bin/env python # Copyright (c) 2014 Wladimir J. van der Laan # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. diff --git a/contrib/devtools/test-security-check.py b/contrib/devtools/test-security-check.py index fed7626aa..324b7bcd8 100755 --- a/contrib/devtools/test-security-check.py +++ b/contrib/devtools/test-security-check.py @@ -1,4 +1,4 @@ -#!/usr/bin/python2 +#!/usr/bin/env python2 ''' Test script for security-check.py ''' diff --git a/contrib/linearize/linearize-data.py b/contrib/linearize/linearize-data.py index 0f6fde2a6..8badb4b31 100755 --- a/contrib/linearize/linearize-data.py +++ b/contrib/linearize/linearize-data.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # # linearize-data.py: Construct a linear, no-fork version of the chain. # diff --git a/contrib/linearize/linearize-hashes.py b/contrib/linearize/linearize-hashes.py index bed9cc307..7e9cf8898 100755 --- a/contrib/linearize/linearize-hashes.py +++ b/contrib/linearize/linearize-hashes.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # # linearize-hashes.py: List blocks in a linear, no-fork version of the chain. # diff --git a/contrib/seeds/generate-seeds.py b/contrib/seeds/generate-seeds.py index 4e23bb111..c6a2ce636 100755 --- a/contrib/seeds/generate-seeds.py +++ b/contrib/seeds/generate-seeds.py @@ -1,5 +1,5 @@ -#!/usr/bin/python -# Copyright (c) 2014 Wladmir J. van der Laan +#!/usr/bin/env python +# Copyright (c) 2014 Wladimir J. van der Laan # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. ''' diff --git a/qa/zcash/full_test_suite.py b/qa/zcash/full_test_suite.py index a2cb768c7..0e8605cc3 100755 --- a/qa/zcash/full_test_suite.py +++ b/qa/zcash/full_test_suite.py @@ -4,6 +4,7 @@ # import argparse +from glob import glob import os import re import subprocess @@ -62,6 +63,13 @@ def check_security_hardening(): # PIE, RELRO, Canary, and NX are tested by make check-security. ret &= subprocess.call(['make', '-C', repofile('src'), 'check-security']) == 0 + # The remaining checks are only for ELF binaries + # Assume that if zcashd is an ELF binary, they all are + with open(repofile('src/zcashd'), 'rb') as f: + magic = f.read(4) + if not magic.startswith(b'\x7fELF'): + return ret + ret &= test_rpath_runpath('src/zcashd') ret &= test_rpath_runpath('src/zcash-cli') ret &= test_rpath_runpath('src/zcash-gtest') @@ -79,11 +87,14 @@ def check_security_hardening(): return ret def ensure_no_dot_so_in_depends(): - arch_dir = os.path.join( - REPOROOT, - 'depends', - 'x86_64-unknown-linux-gnu', - ) + depends_dir = os.path.join(REPOROOT, 'depends') + arch_dir = os.path.join(depends_dir, 'x86_64-unknown-linux-gnu') + if not os.path.isdir(arch_dir): + # Not Linux, try MacOS + arch_dirs = glob(os.path.join(depends_dir, 'x86_64-apple-darwin*')) + if arch_dirs: + # Just try the first one; there will only be on in CI + arch_dir = arch_dirs[0] exit_code = 0 @@ -97,7 +108,7 @@ def ensure_no_dot_so_in_depends(): exit_code = 1 else: exit_code = 2 - print "arch-specific build dir not present: {}".format(arch_dir) + print "arch-specific build dir not present" print "Did you build the ./depends tree?" print "Are you on a currently unsupported architecture?" diff --git a/src/test/bitcoin-util-test.py b/src/test/bitcoin-util-test.py index 20afb16a9..6551eb6f2 100755 --- a/src/test/bitcoin-util-test.py +++ b/src/test/bitcoin-util-test.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # Copyright 2014 BitPay, Inc. # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. diff --git a/src/test/buildenv.py.in b/src/test/buildenv.py.in index 1618bdeb7..153f34a3d 100644 --- a/src/test/buildenv.py.in +++ b/src/test/buildenv.py.in @@ -1,2 +1,2 @@ -#!/usr/bin/python +#!/usr/bin/env python exeext="@EXEEXT@" diff --git a/src/wallet/gtest/test_wallet.cpp b/src/wallet/gtest/test_wallet.cpp index b2987cc17..9e2fdb8fb 100644 --- a/src/wallet/gtest/test_wallet.cpp +++ b/src/wallet/gtest/test_wallet.cpp @@ -581,7 +581,7 @@ TEST(wallet_tests, cached_witnesses_empty_chain) { // Until #1302 is implemented, this should triggger an assertion EXPECT_DEATH(wallet.DecrementNoteWitnesses(&index), - "Assertion `nWitnessCacheSize > 0' failed."); + ".*nWitnessCacheSize > 0.*"); } TEST(wallet_tests, cached_witnesses_chain_tip) {