From: Michael Tremer Date: Sat, 18 Mar 2023 12:20:44 +0000 (+0000) Subject: Drop old hardening check script X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=35e86620586db82a76a7563e459d3c3db33021a8;p=people%2Fstevee%2Fpakfire.git Drop old hardening check script Signed-off-by: Michael Tremer --- diff --git a/Makefile.am b/Makefile.am index a083c804..1c0b2063 100644 --- a/Makefile.am +++ b/Makefile.am @@ -720,7 +720,6 @@ tests_parser_test_LDADD = \ # ------------------------------------------------------------------------------ dist_scripts_SCRIPTS = \ - src/scripts/check-hardening \ src/scripts/check-interpreters \ src/scripts/compress-man-pages \ src/scripts/find-prerequires \ diff --git a/src/libpakfire/build.c b/src/libpakfire/build.c index 4c46a114..deae2609 100644 --- a/src/libpakfire/build.c +++ b/src/libpakfire/build.c @@ -1292,7 +1292,6 @@ ERROR: } static const char* post_build_scripts[] = { - "check-hardening", "check-interpreters", "compress-man-pages", "strip", diff --git a/src/scripts/check-hardening b/src/scripts/check-hardening deleted file mode 100644 index b37d62c2..00000000 --- a/src/scripts/check-hardening +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# Pakfire - The IPFire package management system # -# Copyright (C) 2021 Pakfire development team # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -error() { - echo "$@" >&2 -} - -main() { - local buildroot="${1}" - shift - - # Check if BUILDROOT exists - if [ ! -d "${buildroot}" ]; then - error "BUILDROOT does not exist" - return 1 - fi - - local not_relro=() - local partly_relro=() - - local file - for file in $(find "${buildroot}" -type f | sort); do - case "${file}" in - # Filter out startfiles - */crt[1in].o) - continue - ;; - - # Filter out kernel modules - *.ko) - continue - ;; - esac - - # Skip anything that isn't an ELF file - if ! file "${file}" | grep -q "ELF"; then - continue - fi - - # Perform more checks for shared objects (i.e. libraries) - if file "${file}" | grep -q "shared object"; then - # Is this file partly RELRO? - if ! readelf -l "${file}" 2>/dev/null | grep -q "GNU_RELRO"; then - not_relro+=( "${file}" ) - continue - fi - - # Is this file fully RELRO? - if ! readelf -d "${file}" 2>/dev/null | grep -q "BIND_NOW"; then - partly_relro+=( "${file}" ) - fi - fi - done - - local r=0 - - # Log files which are not RELRO - if [ "${#not_relro[@]}" -gt 0 ]; then - error "The following files are not fully RELRO:" - for file in ${not_relro[@]}; do - error " ${file/${buildroot}/}" - done - - r=1 - fi - - # Log files which are only partially RELRO - if [ "${#partly_relro[@]}" -gt 0 ]; then - error "The following files are only partially RELRO:" - for file in ${partly_relro[@]}; do - error " ${file/${buildroot}/}" - done - - r=1 - fi - - return "${r}" -} - -main "$@" || exit $?