+++ /dev/null
-#!/bin/bash
-###############################################################################
-# #
-# Pakfire - The IPFire package management system #
-# Copyright (C) 2021 Pakfire development team #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-error() {
- echo "$@" >&2
-}
-
-main() {
- local buildroot="${1}"
- shift
-
- # Check if BUILDROOT exists
- if [ ! -d "${buildroot}" ]; then
- error "BUILDROOT does not exist"
- return 1
- fi
-
- local not_relro=()
- local partly_relro=()
-
- local file
- for file in $(find "${buildroot}" -type f | sort); do
- case "${file}" in
- # Filter out startfiles
- */crt[1in].o)
- continue
- ;;
-
- # Filter out kernel modules
- *.ko)
- continue
- ;;
- esac
-
- # Skip anything that isn't an ELF file
- if ! file "${file}" | grep -q "ELF"; then
- continue
- fi
-
- # Perform more checks for shared objects (i.e. libraries)
- if file "${file}" | grep -q "shared object"; then
- # Is this file partly RELRO?
- if ! readelf -l "${file}" 2>/dev/null | grep -q "GNU_RELRO"; then
- not_relro+=( "${file}" )
- continue
- fi
-
- # Is this file fully RELRO?
- if ! readelf -d "${file}" 2>/dev/null | grep -q "BIND_NOW"; then
- partly_relro+=( "${file}" )
- fi
- fi
- done
-
- local r=0
-
- # Log files which are not RELRO
- if [ "${#not_relro[@]}" -gt 0 ]; then
- error "The following files are not fully RELRO:"
- for file in ${not_relro[@]}; do
- error " ${file/${buildroot}/}"
- done
-
- r=1
- fi
-
- # Log files which are only partially RELRO
- if [ "${#partly_relro[@]}" -gt 0 ]; then
- error "The following files are only partially RELRO:"
- for file in ${partly_relro[@]}; do
- error " ${file/${buildroot}/}"
- done
-
- r=1
- fi
-
- return "${r}"
-}
-
-main "$@" || exit $?
projects / people / stevee / pakfire.git / commitdiff
