mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-22 14:11:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

setup_board: add ELF qa post_install hooks for all boards.

Browse Source 
BUG=chromium-os:24742
TEST=./setup_board --board=$board
  emerge-$board quipper # no warnings.
  sudo binutils-config <non-gold config>
  emerge-$board quipper # gold warning.
  <edit> # Change sysroot wrapper to not pass in -fstack-protector
  emerge-$board quipper # stack warning.
  etc.

Change-Id: I94ccda99e9ac47c25ff23a7fe45774fb62447e4c
Reviewed-on: https://gerrit.chromium.org/gerrit/34151
Tested-by: asharif <asharif@chromium.org>
Reviewed-by: <jimhebert@google.com>
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: asharif <asharif@chromium.org>
This commit is contained in:
Ahmad Sharif 2012-09-26 16:20:00 -07:00 committed by Gerrit
parent a242b0a7cd
commit e824585f80
2 changed files with 92 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
hooks/install/qa-elf.sh Executable file
View File

@ -0,0 +1,86 @@
#!/bin/bash
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
check_compiler_flags()
{
local binary="$1"
local flags=false
local fortify=true
local stack=true
${readelf} -p .GCC.command.line "${binary}" | \
{
while read flag ; do
flags=true
case "${flag}" in
*"-U_FORTIFY_SOURCE"*)
fortify=false
;;
*"-fno-stack-protector"*)
stack=false
;;
esac
done
if ! ${flags}; then
echo "File not built with -frecord-gcc-switches: ${binary}"
return
fi
${fortify} || echo "File not built with -D_FORTIFY_SOURCE: ${binary}"
${stack} || echo "File not built with -fstack-protector: ${binary}"
}
}
check_linker_flags()
{
local binary="$1"
local pie=false
local relro=false
local now=false
local gold=false
${readelf} -dlSW "${binary}" | \
{
while read line ; do
case "${line}" in
*".note.gnu.gold-version"*)
gold=true
;;
*"Shared object file"*)
pie=true
;;
*"GNU_RELRO"*)
relro=true
;;
*"BIND_NOW"*)
now=true
;;
esac
done
${pie} || echo "File not PIE: ${binary}"
${relro} || echo "File not built with -Wl,-z,relro: ${binary}"
${now} || echo "File not built with -Wl,-z,now: ${binary}"
${gold} || echo "File not built with gold: ${binary}"
}
}
check_binaries()
{
local CTARGET="${CTARGET:-${CHOST}}"
local readelf="${CTARGET}-readelf"
local binary
scanelf -y -B -F '%F' -R "${D}" | \
while read binary ; do
case "${binary}" in
*.ko)
;;
*)
check_compiler_flags "${binary}"
check_linker_flags "${binary}"
;;
esac
done
}
check_binaries

6
setup_board
View File

@ -535,6 +535,12 @@ cmds=(
) )
sudo_multi "${cmds[@]}" sudo_multi "${cmds[@]}"
# Set up post_install hooks that run qa on ELF binaries.
sudo_multi \
"mkdir -p '${BOARD_ROOT}/etc/portage/hooks'" \
"ln -sfT '${SCRIPTS_DIR}/hooks/install' \
'${BOARD_ROOT}/etc/portage/hooks/install'"
# Select the profile to build based on the board and profile passed to # Select the profile to build based on the board and profile passed to
# setup_board. The developer can later change profiles by running # setup_board. The developer can later change profiles by running
# cros_choose_profile manually. # cros_choose_profile manually.