qa/zcash/full_test_suite.py: enable `test_rpath_runpath` for Rust binaries, and
reenable `test_fortify_source` for C++ binaries. Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
1d31d4bc7c
commit
6ee6692c83
|
@ -46,6 +46,17 @@ RE_RPATH_RUNPATH = re.compile('No RPATH.*No RUNPATH')
|
|||
RE_FORTIFY_AVAILABLE = re.compile('FORTIFY_SOURCE support available.*Yes')
|
||||
RE_FORTIFY_USED = re.compile('Binary compiled with FORTIFY_SOURCE support.*Yes')
|
||||
|
||||
CXX_BINARIES = [
|
||||
'src/zcashd',
|
||||
'src/zcash-cli',
|
||||
'src/zcash-gtest',
|
||||
'src/zcash-tx',
|
||||
'src/test/test_bitcoin',
|
||||
]
|
||||
RUST_BINARIES = [
|
||||
'src/zcashd-wallet-tool',
|
||||
]
|
||||
|
||||
def test_rpath_runpath(filename):
|
||||
output = subprocess.check_output(
|
||||
[repofile('qa/zcash/checksec.sh'), '--file=' + repofile(filename)]
|
||||
|
@ -86,21 +97,14 @@ def check_security_hardening():
|
|||
if not magic.startswith(b'\x7fELF'):
|
||||
return ret
|
||||
|
||||
ret &= test_rpath_runpath('src/zcashd')
|
||||
ret &= test_rpath_runpath('src/zcash-cli')
|
||||
ret &= test_rpath_runpath('src/zcash-gtest')
|
||||
ret &= test_rpath_runpath('src/zcash-tx')
|
||||
ret &= test_rpath_runpath('src/test/test_bitcoin')
|
||||
for bin in CXX_BINARIES + RUST_BINARIES:
|
||||
ret &= test_rpath_runpath(bin)
|
||||
|
||||
# NOTE: checksec.sh does not reliably determine whether FORTIFY_SOURCE
|
||||
# is enabled for the entire binary. See issue #915.
|
||||
# FORTIFY_SOURCE does mostly nothing for Clang before 10, which we don't
|
||||
# pin yet, so we disable these tests.
|
||||
# ret &= test_fortify_source('src/zcashd')
|
||||
# ret &= test_fortify_source('src/zcash-cli')
|
||||
# ret &= test_fortify_source('src/zcash-gtest')
|
||||
# ret &= test_fortify_source('src/zcash-tx')
|
||||
# ret &= test_fortify_source('src/test/test_bitcoin')
|
||||
# FORTIFY_SOURCE is not applicable to Rust binaries.
|
||||
for bin in CXX_BINARIES:
|
||||
ret &= test_fortify_source(bin)
|
||||
|
||||
return ret
|
||||
|
||||
|
|
Loading…
Reference in New Issue