|
|
@ -1,6 +1,8 @@ |
|
|
|
#!/usr/bin/env python2 |
|
|
|
# Copyright (c) 2019-2020 Hush developers |
|
|
|
# Released under the GPLv3 |
|
|
|
# |
|
|
|
# Execute all of the automated tests related to Zcash. |
|
|
|
# Execute all of the automated tests related to Hush |
|
|
|
# |
|
|
|
|
|
|
|
import argparse |
|
|
@ -32,7 +34,7 @@ RE_FORTIFY_USED = re.compile('Binary compiled with FORTIFY_SOURCE support.*Yes') |
|
|
|
|
|
|
|
def test_rpath_runpath(filename): |
|
|
|
output = subprocess.check_output( |
|
|
|
[repofile('qa/zcash/checksec.sh'), '--file', repofile(filename)] |
|
|
|
[repofile('qa/hush/checksec.sh'), '--file', repofile(filename)] |
|
|
|
) |
|
|
|
if RE_RPATH_RUNPATH.search(output): |
|
|
|
print('PASS: %s has no RPATH or RUNPATH.' % filename) |
|
|
@ -44,7 +46,7 @@ def test_rpath_runpath(filename): |
|
|
|
|
|
|
|
def test_fortify_source(filename): |
|
|
|
proc = subprocess.Popen( |
|
|
|
[repofile('qa/zcash/checksec.sh'), '--fortify-file', repofile(filename)], |
|
|
|
[repofile('qa/hush/checksec.sh'), '--fortify-file', repofile(filename)], |
|
|
|
stdout=subprocess.PIPE, |
|
|
|
) |
|
|
|
line1 = proc.stdout.readline() |
|
|
@ -64,24 +66,24 @@ def check_security_hardening(): |
|
|
|
ret &= subprocess.call(['make', '-C', repofile('src'), 'check-security']) == 0 |
|
|
|
|
|
|
|
# The remaining checks are only for ELF binaries |
|
|
|
# Assume that if zcashd is an ELF binary, they all are |
|
|
|
with open(repofile('src/zcashd'), 'rb') as f: |
|
|
|
# Assume that if hushd is an ELF binary, they all are |
|
|
|
with open(repofile('src/hushd'), 'rb') as f: |
|
|
|
magic = f.read(4) |
|
|
|
if not magic.startswith(b'\x7fELF'): |
|
|
|
return ret |
|
|
|
|
|
|
|
ret &= test_rpath_runpath('src/zcashd') |
|
|
|
ret &= test_rpath_runpath('src/zcash-cli') |
|
|
|
ret &= test_rpath_runpath('src/zcash-gtest') |
|
|
|
ret &= test_rpath_runpath('src/zcash-tx') |
|
|
|
ret &= test_rpath_runpath('src/hushd') |
|
|
|
ret &= test_rpath_runpath('src/hush-cli') |
|
|
|
ret &= test_rpath_runpath('src/hush-gtest') |
|
|
|
ret &= test_rpath_runpath('src/hush-tx') |
|
|
|
ret &= test_rpath_runpath('src/test/test_bitcoin') |
|
|
|
|
|
|
|
# NOTE: checksec.sh does not reliably determine whether FORTIFY_SOURCE |
|
|
|
# is enabled for the entire binary. See issue #915. |
|
|
|
ret &= test_fortify_source('src/zcashd') |
|
|
|
ret &= test_fortify_source('src/zcash-cli') |
|
|
|
ret &= test_fortify_source('src/zcash-gtest') |
|
|
|
ret &= test_fortify_source('src/zcash-tx') |
|
|
|
ret &= test_fortify_source('src/hushd') |
|
|
|
ret &= test_fortify_source('src/hush-cli') |
|
|
|
ret &= test_fortify_source('src/hush-gtest') |
|
|
|
ret &= test_fortify_source('src/hush-tx') |
|
|
|
ret &= test_fortify_source('src/test/test_bitcoin') |
|
|
|
|
|
|
|
return ret |
|
|
@ -144,7 +146,7 @@ STAGES = [ |
|
|
|
|
|
|
|
STAGE_COMMANDS = { |
|
|
|
'btest': [repofile('src/test/test_bitcoin'), '-p'], |
|
|
|
'gtest': [repofile('src/zcash-gtest')], |
|
|
|
'gtest': [repofile('src/komodo-gtest')], |
|
|
|
'sec-hard': check_security_hardening, |
|
|
|
'no-dot-so': ensure_no_dot_so_in_depends, |
|
|
|
'util-test': util_test, |
|
|
|