mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-08 05:26:58 +02:00
e824585f80
BUG=chromium-os:24742 TEST=./setup_board --board=$board emerge-$board quipper # no warnings. sudo binutils-config <non-gold config> emerge-$board quipper # gold warning. <edit> # Change sysroot wrapper to not pass in -fstack-protector emerge-$board quipper # stack warning. etc. Change-Id: I94ccda99e9ac47c25ff23a7fe45774fb62447e4c Reviewed-on: https://gerrit.chromium.org/gerrit/34151 Tested-by: asharif <asharif@chromium.org> Reviewed-by: <jimhebert@google.com> Reviewed-by: David James <davidjames@chromium.org> Commit-Ready: asharif <asharif@chromium.org>
87 lines
1.9 KiB
Bash
Executable File
87 lines
1.9 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
check_compiler_flags()
|
|
{
|
|
local binary="$1"
|
|
local flags=false
|
|
local fortify=true
|
|
local stack=true
|
|
${readelf} -p .GCC.command.line "${binary}" | \
|
|
{
|
|
while read flag ; do
|
|
flags=true
|
|
case "${flag}" in
|
|
*"-U_FORTIFY_SOURCE"*)
|
|
fortify=false
|
|
;;
|
|
*"-fno-stack-protector"*)
|
|
stack=false
|
|
;;
|
|
esac
|
|
done
|
|
if ! ${flags}; then
|
|
echo "File not built with -frecord-gcc-switches: ${binary}"
|
|
return
|
|
fi
|
|
${fortify} || echo "File not built with -D_FORTIFY_SOURCE: ${binary}"
|
|
${stack} || echo "File not built with -fstack-protector: ${binary}"
|
|
}
|
|
}
|
|
|
|
check_linker_flags()
|
|
{
|
|
local binary="$1"
|
|
local pie=false
|
|
local relro=false
|
|
local now=false
|
|
local gold=false
|
|
${readelf} -dlSW "${binary}" | \
|
|
{
|
|
while read line ; do
|
|
case "${line}" in
|
|
*".note.gnu.gold-version"*)
|
|
gold=true
|
|
;;
|
|
*"Shared object file"*)
|
|
pie=true
|
|
;;
|
|
*"GNU_RELRO"*)
|
|
relro=true
|
|
;;
|
|
*"BIND_NOW"*)
|
|
now=true
|
|
;;
|
|
esac
|
|
done
|
|
|
|
${pie} || echo "File not PIE: ${binary}"
|
|
${relro} || echo "File not built with -Wl,-z,relro: ${binary}"
|
|
${now} || echo "File not built with -Wl,-z,now: ${binary}"
|
|
${gold} || echo "File not built with gold: ${binary}"
|
|
}
|
|
}
|
|
|
|
check_binaries()
|
|
{
|
|
local CTARGET="${CTARGET:-${CHOST}}"
|
|
local readelf="${CTARGET}-readelf"
|
|
local binary
|
|
scanelf -y -B -F '%F' -R "${D}" | \
|
|
while read binary ; do
|
|
case "${binary}" in
|
|
*.ko)
|
|
;;
|
|
*)
|
|
check_compiler_flags "${binary}"
|
|
check_linker_flags "${binary}"
|
|
;;
|
|
esac
|
|
done
|
|
}
|
|
|
|
check_binaries
|