[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: a1d0123581ede02b54cf2c071507612dde25236c Author: Sam James gentoo org> AuthorDate: Thu Jan 25 12:10:45 2024 + Commit: Sam James gentoo org> CommitDate: Thu Jan 25 12:12:46 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a1d01235 ci: make tests verbose muon doesn't support --print-errorlogs so just use -v which both muon and meson support. Signed-off-by: Sam James gentoo.org> .github/workflows/build-test-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 3d170e3..e4e5857 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -53,7 +53,7 @@ jobs: -Db_sanitize="${SANITIZER}" \ build ninja -C build -( cd build && "$BB" test; ) +( cd build && "$BB" test -v ; ) build-macos: strategy:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 80a83a8f6aebd4c5f0d2a21bfbfe5d7cffd1fc9b Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 06:51:49 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 06:51:49 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=80a83a8f sanitizer: fix feature tests under clang While gcc defines __SANITIZE_ADDRESS__, clang requires more verbose tests. Add them to make the cleanup/security logic work correctly. Signed-off-by: Mike Frysinger gentoo.org> porting.h | 7 +++ 1 file changed, 7 insertions(+) diff --git a/porting.h b/porting.h index 103d268..6c0da01 100644 --- a/porting.h +++ b/porting.h @@ -74,6 +74,13 @@ #endif #undef PAX_UTILS_CLEANUP +#ifndef __SANITIZE_ADDRESS__ +# ifdef __has_feature +# if __has_feature (address_sanitizer) +# define __SANITIZE_ADDRESS__ 1 +# endif +# endif +#endif /* LSAN (Leak Sanitizer) will complain about things we leak. */ #ifdef __SANITIZE_ADDRESS__ # define PAX_UTILS_CLEANUP 1
[gentoo-commits] proj/pax-utils:master commit in: /
commit: af9a4e8e1695fcbaaeb379bec14ccc03b00341fa Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 05:53:39 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 05:53:39 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=af9a4e8e dumpelf: free elf after fuzzing it to avoid leaking Signed-off-by: Mike Frysinger gentoo.org> dumpelf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/dumpelf.c b/dumpelf.c index 5b18326..0afb6c7 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -587,6 +587,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (elf == NULL) return 0; dumpelf(elf, 0); + unreadelf(elf); return 0; } #else
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 0b5d5d35b7b745dfff588579cda1245c5a4d19cb Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 05:50:23 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 05:50:23 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0b5d5d35 paxelf: reject ELFs with incomplete Ehdr structures There's nothing useful we can parse out of these, so skip them. Signed-off-by: Mike Frysinger gentoo.org> paxelf.c | 5 + 1 file changed, 5 insertions(+) diff --git a/paxelf.c b/paxelf.c index 9a34ea4..599d54f 100644 --- a/paxelf.c +++ b/paxelf.c @@ -620,6 +620,11 @@ free_elf_and_return: char invalid; \ const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \ Elf ## B ## _Off size; \ + /* Need enough bytes for all of ehdr. */ \ + if (elf->len < (off_t)sizeof(*ehdr)) { \ + warn("%s: Incomplete ELF header", filename); \ + goto free_elf_and_return; \ + } \ /* verify program header */ \ invalid = 0; \ if (EGET(ehdr->e_phnum) <= 0) \
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 0c6f0ca36748ae97d413aff232ad4fcc6829a582 Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 05:36:05 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 05:36:05 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0c6f0ca3 README: update macOS name Signed-off-by: Mike Frysinger gentoo.org> README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ec4bfe6..845c8de 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ pax-utils is a small set of utilities for performing Q/A (mostly security) checks on systems (most notably, `scanelf`). It is focused on the ELF -format, but does include a Mach-O helper too for OS X systems. +format, but does include a Mach-O helper too for macOS systems. While heavily integrated into Gentoo's build system, it can be used on any distro as it is a generic toolset.
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c1759f9bf28edb910208a7c7fbb4b373fe8b1297 Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 05:19:50 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 05:19:50 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c1759f9b scanelf: fix hashtable overflow checks Make sure we use the right offset, and make sure the numbers to check don't overflow themselves -- if nbuckets & nchains are 32-bit, and if we multiply them by 4, we can easily overflow before we get a chance to see if they will fit within the memory range. Bug: https://bugs.gentoo.org/890028 Signed-off-by: Mike Frysinger gentoo.org> scanelf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scanelf.c b/scanelf.c index 140208b..0ee1bad 100644 --- a/scanelf.c +++ b/scanelf.c @@ -315,9 +315,9 @@ static void scanelf_file_get_symtabs(elfobj *elf, const void **sym, const void * Elf32_Word sym_idx; \ Elf32_Word chained; \ \ - if (!VALID_RANGE(elf, offset, nbuckets * 4)) \ + if (!VALID_RANGE(elf, hash_offset, nbuckets * (uint64_t)4)) \ goto corrupt_hash; \ - if (!VALID_RANGE(elf, offset, nchains * 4)) \ + if (!VALID_RANGE(elf, hash_offset, nchains * (uint64_t)4)) \ goto corrupt_hash; \ \ for (b = 0; b < nbuckets; ++b) { \
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 77bf161b55dbf340f4498ad26eef3fd7a0dfbcdc Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 05:02:51 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 05:02:51 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=77bf161b ar: switch from alloca to malloc If alloca allocates too much stack space, program behavior is undefined, and basically we segfault. There is no way to check whether this will happen ahead of time, so our only choice is to switch to malloc. If we try to allocate too much memory from the heap, we'll get a NULL pointer, and we can diagnose & exit ourselves. Kind of sucks as alloca was a perfect fit here, but since the size is coming directly from user input, we can't trust it is always "reasonable". Bug: https://bugs.gentoo.org/890579 Signed-off-by: Mike Frysinger gentoo.org> meson.build | 1 - paxinc.c| 5 - porting.h | 3 --- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/meson.build b/meson.build index e891d98..319e3de 100644 --- a/meson.build +++ b/meson.build @@ -44,7 +44,6 @@ foreach x : [ 'linux/seccomp.h', 'linux/securebits.h', 'sys/prctl.h', - 'alloca.h', 'elf-hints.h', 'glob.h', ] diff --git a/paxinc.c b/paxinc.c index 21844d8..644c0d6 100644 --- a/paxinc.c +++ b/paxinc.c @@ -89,11 +89,13 @@ static uint64_t ar_read_ascii_number(const char *numstr, size_t ndigits, int bas archive_member *ar_next(archive_handle *ar) { char *s; + char *heap_s = NULL; ssize_t len = 0; static archive_member ret; if (ar->skip && lseek(ar->fd, ar->skip, SEEK_CUR) == -1) { close_and_ret: + free(heap_s); free(ar->extfn); close(ar->fd); ar->extfn = NULL; @@ -146,7 +148,7 @@ close_and_ret: if (read(ar->fd, ret.buf.formatted.name, len) != len) goto close_and_ret; } else { - s = alloca(sizeof(char) * len + 1); + s = heap_s = xmalloc(sizeof(char) * (len + 1)); if (read(ar->fd, s, len) != len) goto close_and_ret; s[len] = '\0'; @@ -167,6 +169,7 @@ close_and_ret: } snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s); + free(heap_s); ret.name[sizeof(ret.name) - 1] = '\0'; if ((s=strchr(ret.name+strlen(ar->filename), '/')) != NULL) *s = '\0'; diff --git a/porting.h b/porting.h index 68e2b6c..103d268 100644 --- a/porting.h +++ b/porting.h @@ -40,9 +40,6 @@ #include #include #include "elf.h" -#ifdef HAVE_ALLOCA_H -# include -#endif #ifdef HAVE_SYS_PRCTL_H # include # ifdef HAVE_LINUX_SECCOMP_H
[gentoo-commits] proj/pax-utils:master commit in: /
commit: f2af478770a5a4a3f69ab64f1b5e17c8f7a17050 Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 04:58:06 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 04:58:06 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f2af4787 ar: handle invalid extended filename offsets Check the extended filename offset doesn't exceed the size of the extended filename section. Bug: https://bugs.gentoo.org/890579 Signed-off-by: Mike Frysinger gentoo.org> paxinc.c | 10 -- paxinc.h | 1 + 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/paxinc.c b/paxinc.c index 5369697..21844d8 100644 --- a/paxinc.c +++ b/paxinc.c @@ -126,7 +126,7 @@ close_and_ret: warn("%s: Duplicate GNU extended filename section", ar->filename); goto close_and_ret; } - len = read_decimal_number_fixed(ret.buf.formatted.size); + len = ar->extfn_len = read_decimal_number_fixed(ret.buf.formatted.size); ar->extfn = xmalloc(sizeof(char) * (len + 1)); if (read(ar->fd, ar->extfn, len) != len) goto close_and_ret; @@ -157,7 +157,13 @@ close_and_ret: warn("%s: GNU extended filename without special data section", ar->filename); goto close_and_ret; } - s = ar->extfn + read_decimal_number(s + 1, sizeof(ret.buf.formatted.name) - 1); + /* NB: We NUL terminated extfn above when reading it. */ + int64_t off = read_decimal_number(s + 1, sizeof(ret.buf.formatted.name) - 1); + if (off >= ar->extfn_len) { + warn("%s: GNU extended filename has invalid offset", ar->filename); + goto close_and_ret; + } + s = ar->extfn + off; } snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s); diff --git a/paxinc.h b/paxinc.h index c8fcf71..b2d2b50 100644 --- a/paxinc.h +++ b/paxinc.h @@ -48,6 +48,7 @@ typedef struct { const char *filename; size_t skip; char *extfn; + off_t extfn_len; bool verbose; } archive_handle; #else
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 5b5556d12b96dd2d420e0d66456f1935668b3984 Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 04:33:40 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 04:33:40 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5b5556d1 ar: handle invalid ascii numbers better The atoi helper handles signed 32-bit integers, and expects the input strings to be NUL terminated. Some of the fields are larger than what signed 32-bit can handle, and none of them are NUL terminated. The code currently works because it stops processing once it reaches text that is not numeric, and the content that follows each field is always non-numeric (e.g. a space). Add a helper function that leverages strtoll as all of the fields can fit into a signed 64-bit number. If the number is invalid, flag it as such, and normalize it to 0 so the rest of the code can continue on. Bug: https://bugs.gentoo.org/890577 Signed-off-by: Mike Frysinger gentoo.org> paxinc.c | 53 + 1 file changed, 45 insertions(+), 8 deletions(-) diff --git a/paxinc.c b/paxinc.c index ff4ab85..5369697 100644 --- a/paxinc.c +++ b/paxinc.c @@ -50,6 +50,42 @@ archive_handle *ar_open(const char *filename, bool verbose) return ret; } +static uint64_t ar_read_ascii_number(const char *numstr, size_t ndigits, int base) +{ + /* Largest field ar headers have is 16 bytes. */ + char buf[17]; + char *endp; + long long ret; + + memcpy(buf, numstr, ndigits); + buf[ndigits] = '\0'; + + ret = strtoll(buf, , base); + /* Numbers are padded with whitespace. */ + if (*endp != '\0' && *endp != ' ') { + warn("ar: invalid number: %s", buf); + ret = 0; + } + + /* +* Unsigned 64-bit numbers use up to 20 digits, and signed 64-bit numbers use +* up to 19 digits, but ndigits is always less than that. So we'd never handle +* a number that requires all 64-bits. If it's negative, it's because the input +* was negative e.g. "-1", and none of these fields should ever be negative. +*/ + if (ret < 0) { + warn("ar: invalid number: %s", buf); + ret = 0; + } + + return ret; +} +#define read_octal_number(s, n) ar_read_ascii_number(s, n, 8) +#define read_decimal_number(s, n) ar_read_ascii_number(s, n, 10) +/* For char[] arrays rather than dynamic pointers. */ +#define read_octal_number_fixed(s) read_octal_number(s, sizeof(s)) +#define read_decimal_number_fixed(s) read_decimal_number(s, sizeof(s)) + archive_member *ar_next(archive_handle *ar) { char *s; @@ -84,12 +120,13 @@ close_and_ret: goto close_and_ret; } + /* System V extended filename section. */ if (ret.buf.formatted.name[0] == '/' && ret.buf.formatted.name[1] == '/') { if (ar->extfn != NULL) { warn("%s: Duplicate GNU extended filename section", ar->filename); goto close_and_ret; } - len = atoi(ret.buf.formatted.size); + len = read_decimal_number_fixed(ret.buf.formatted.size); ar->extfn = xmalloc(sizeof(char) * (len + 1)); if (read(ar->fd, ar->extfn, len) != len) goto close_and_ret; @@ -104,7 +141,7 @@ close_and_ret: s = ret.buf.formatted.name; if (s[0] == '#' && s[1] == '1' && s[2] == '/') { /* BSD extended filename, always in use on Darwin */ - len = atoi(s + 3); + len = read_decimal_number(s + 3, sizeof(ret.buf.formatted.name) - 3); if (len <= (ssize_t)sizeof(ret.buf.formatted.name)) { if (read(ar->fd, ret.buf.formatted.name, len) != len) goto close_and_ret; @@ -120,18 +157,18 @@ close_and_ret: warn("%s: GNU extended filename without special data section", ar->filename); goto close_and_ret; } - s = ar->extfn + atoi(s + 1); + s = ar->extfn + read_decimal_number(s + 1, sizeof(ret.buf.formatted.name) - 1); } snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s); ret.name[sizeof(ret.name) - 1] = '\0'; if ((s=strchr(ret.name+strlen(ar->filename), '/')) != NULL) *s = '\0'; - ret.date = atoi(ret.buf.formatted.date); - ret.uid = atoi(ret.buf.formatted.uid); - ret.gid = atoi(ret.buf.formatted.gid); - ret.mode = strtol(ret.buf.formatted.mode, NULL, 8); - ret.size = atoi(ret.buf.formatted.size); + ret.date = read_decimal_number_fixed(ret.buf.formatted.date); + ret.uid = read_decimal_number_fixed(ret.buf.formatted.uid); + ret.gid = read_decimal_number_fixed(ret.buf.formatted.gid); + ret.mode
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 5243cb017a7847f53caaa7c89b8e7f3abf1e5e40 Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 02:52:41 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 02:52:41 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5243cb01 unify usage() output across all the tools The scanelf --help output is the best & most flexible, so move that to common code so the rest of the tools can benefit from it. Signed-off-by: Mike Frysinger gentoo.org> dumpelf.c | 20 +++- paxinc.c| 50 ++ paxinc.h| 11 +++ pspax.c | 21 +++-- scanelf.c | 45 +++-- scanmacho.c | 24 6 files changed, 90 insertions(+), 81 deletions(-) diff --git a/dumpelf.c b/dumpelf.c index c8f27e4..5b18326 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -507,7 +507,6 @@ static void dump_dyn(const elfobj *elf, const void *dyn_void, size_t dyn_cnt) /* usage / invocation handling functions */ #define PARSE_FLAGS "vhV" -#define a_argument required_argument static struct option const long_opts[] = { {"verbose", no_argument, NULL, 'v'}, {"help", no_argument, NULL, 'h'}, @@ -524,18 +523,13 @@ static const char * const opts_help[] = { /* display usage and exit */ static void usage(int status) { - size_t i; - printf("* Dump internal ELF structure\n\n" - "Usage: %s [file2 fileN ...]\n\n", argv0); - printf("Options:\n"); - for (i = 0; long_opts[i].name; ++i) - if (long_opts[i].has_arg == no_argument) - printf(" -%c, --%-13s* %s\n", long_opts[i].val, - long_opts[i].name, opts_help[i]); - else - printf(" -%c, --%-6s * %s\n", long_opts[i].val, - long_opts[i].name, opts_help[i]); - exit(status); + pax_usage( + "Dump internal ELF structure", + " [file2 fileN ...]", + PARSE_FLAGS, + long_opts, + opts_help, + status); } /* parse command line arguments and perform needed actions */ diff --git a/paxinc.c b/paxinc.c index 589d7ae..ff4ab85 100644 --- a/paxinc.c +++ b/paxinc.c @@ -198,3 +198,53 @@ const char *root_rel_path(const char *path) return path; } + +void pax_usage( + const char *header, + const char *args, + const char *parse_flags, + const struct option long_opts[], + const char * const opts_help[], + int status) +{ + const char a_arg[] = ""; + size_t a_arg_len = strlen(a_arg) + 2; + size_t i; + int optlen; + + printf("* %s\n\n" + "Usage: %s [options] %s\n\n", header, argv0, args); + printf("Options: -[%s]\n", parse_flags); + + /* Prescan the --long opt length to auto-align. */ + optlen = 0; + for (i = 0; long_opts[i].name; ++i) { + int l = strlen(long_opts[i].name); + if (long_opts[i].has_arg == a_argument) + l += a_arg_len; + optlen = max(l, optlen); + } + /* Use some reasonable min width. */ + optlen = max(20, optlen); + + for (i = 0; long_opts[i].name; ++i) { + /* First output the short flag if it has one. */ + if (long_opts[i].val > '~') + printf(" "); + else + printf(" -%c, ", long_opts[i].val); + + /* Then the long flag. */ + if (long_opts[i].has_arg == no_argument) + printf("--%-*s", optlen, long_opts[i].name); + else + printf("--%s %s %*s", long_opts[i].name, a_arg, + (int)(optlen - strlen(long_opts[i].name) - a_arg_len), ""); + + /* Finally the help text. */ + printf("* %s\n", opts_help[i]); + } + + printf("\nFor more information, see the %s(1) manpage.\n", argv0); + exit(status); +} diff --git a/paxinc.h b/paxinc.h index d25cf57..c8fcf71 100644 --- a/paxinc.h +++ b/paxinc.h @@ -124,6 +124,17 @@ void color_init(bool disable); /* constant pointer to a constant buffer ... each program needs to set this */ extern const char argv0[]; +/* Display usage and exit. */ +extern void pax_usage( + const char *header, + const char *args, + const char *parse_flags, + const struct option long_opts[], + const char * const opts_help[], + int status); + +#define a_argument required_argument + /* we need the space before the last comma or we trigger a bug in gcc-2 :( */ #define warn(fmt, args...) \ fprintf(stderr, "%s%s%s: " fmt "\n", RED, argv0, NORM , ## args) diff --git a/pspax.c b/pspax.c index 1cfd72f..4cd09b6 100644 --- a/pspax.c +++
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 76055a7dd0ab434e00df33b3577542bb69172aa8 Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 02:25:39 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 02:25:39 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=76055a7d pspax: switch from fgets to getline This avoids limiting buffers to BUFSIZ which is a stdio.h define for stdio buffers, not for random files, and is not a guaranteed size. Signed-off-by: Mike Frysinger gentoo.org> pspax.c | 35 --- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/pspax.c b/pspax.c index 04cae79..1cfd72f 100644 --- a/pspax.c +++ b/pspax.c @@ -119,12 +119,13 @@ static const char *get_proc_name(int pfd) static int get_proc_maps(int pfd) { FILE *fp; - static char str[BUFSIZ]; + static char *str = NULL; + static size_t len = 0; if ((fp = fopenat_r(pfd, "maps")) == NULL) return -1; - while (fgets(str, sizeof(str), fp)) { + while (getline(, , fp) != -1) { char *p; if ((p = strchr(str, ' ')) != NULL) { if (strlen(p) < 6) @@ -155,12 +156,13 @@ static int get_proc_maps(int pfd) static int print_executable_mappings(int pfd) { FILE *fp; - static char str[BUFSIZ]; + static char *str = NULL; + static size_t len = 0; if ((fp = fopenat_r(pfd, "maps")) == NULL) return -1; - while (fgets(str, sizeof(str), fp)) { + while (getline(, , fp) != -1) { char *p; if ((p = strchr(str, ' ')) != NULL) { if (strlen(p) < 6) @@ -200,20 +202,21 @@ static const struct passwd *get_proc_passwd(int pfd) static const char *get_proc_status(int pfd, const char *name) { FILE *fp; - size_t len; - static char str[BUFSIZ]; + size_t name_len; + static char *str = NULL; + static size_t len = 0; if ((fp = fopenat_r(pfd, "status")) == NULL) return NULL; - len = strlen(name); - while (fgets(str, sizeof(str), fp)) { - if (strncasecmp(str, name, len) != 0) + name_len = strlen(name); + while (getline(, , fp) != -1) { + if (strncasecmp(str, name, name_len) != 0) continue; - if (str[len] == ':') { + if (str[name_len] == ':') { fclose(fp); str[strlen(str) - 1] = 0; - return (str + len + 2); + return (str + name_len + 2); } } fclose(fp); @@ -225,12 +228,13 @@ static const char *get_pid_attr(int pfd) { FILE *fp; char *p; - static char buf[BUFSIZ]; + static char *buf = NULL; + static size_t len = 0; if ((fp = fopenat_r(pfd, "attr/current")) == NULL) return NULL; - if (fgets(buf, sizeof(buf), fp) == NULL) { + if (getline(, , fp) == -1) { fclose(fp); return NULL; } @@ -247,12 +251,13 @@ static const char *get_pid_addr(int pfd) { FILE *fp; char *p; - static char buf[BUFSIZ]; + static char *buf = NULL; + static size_t len = 0; if ((fp = fopenat_r(pfd, "ipaddr")) == NULL) return NULL; - if (fgets(buf, sizeof(buf), fp) == NULL) { + if (getline(, , fp) == -1) { fclose(fp); return NULL; }
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 6be48eb30663e52678a26e303a29842ca15dadca Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 02:19:37 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 02:19:37 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6be48eb3 pspax: fix error handling when reading attr or ipaddr fail If these functions weren't able to read data from the files, they'd return the previous buffer contents which would be pretty confusing. Fix it to return NULL instead like other get helpers in here. Signed-off-by: Mike Frysinger gentoo.org> pspax.c | 22 -- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/pspax.c b/pspax.c index f1644a3..04cae79 100644 --- a/pspax.c +++ b/pspax.c @@ -230,9 +230,14 @@ static const char *get_pid_attr(int pfd) if ((fp = fopenat_r(pfd, "attr/current")) == NULL) return NULL; - if (fgets(buf, sizeof(buf), fp) != NULL) - if ((p = strchr(buf, '\n')) != NULL) - *p = 0; + if (fgets(buf, sizeof(buf), fp) == NULL) { + fclose(fp); + return NULL; + } + + if ((p = strchr(buf, '\n')) != NULL) + *p = 0; + fclose(fp); return buf; @@ -247,9 +252,14 @@ static const char *get_pid_addr(int pfd) if ((fp = fopenat_r(pfd, "ipaddr")) == NULL) return NULL; - if (fgets(buf, sizeof(buf), fp) != NULL) - if ((p = strchr(buf, '\n')) != NULL) - *p = 0; + if (fgets(buf, sizeof(buf), fp) == NULL) { + fclose(fp); + return NULL; + } + + if ((p = strchr(buf, '\n')) != NULL) + *p = 0; + fclose(fp); return buf;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b5d34e577acb271cdc616b47b77569cb5577b9ef Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 01:55:49 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 01:55:49 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b5d34e57 pspax: fix buffer limiting in cmdline reading The current scanf format tries to use "%s.1023" to limit reading to 1023 bytes, but that doesn't actually work -- the maximum field width is between the "%" and the "s", so it should have been "%1023s". This ends up working anyways because the %s stops reading when it hits NUL or a space. Normally cmdline is NUL delimited which means argv[0] would have to be 1024+ bytes inorder to overflow this. Or the process rewrote its cmdline settings such that argv[0] was that long. Certainly possible, but extremely unlikely. Fix the scanf string to properly limit to 1023 bytes (+1 for the NUL). Signed-off-by: Mike Frysinger gentoo.org> pspax.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pspax.c b/pspax.c index 81392b1..f1644a3 100644 --- a/pspax.c +++ b/pspax.c @@ -63,7 +63,7 @@ static const char *get_proc_name_cmdline(int pfd) if (fp == NULL) return NULL; - if (fscanf(fp, "%s.1023", str) != 1) { + if (fscanf(fp, "%1023s", str) != 1) { fclose(fp); return NULL; }
[gentoo-commits] proj/pax-utils:master commit in: /
commit: a8a823e6acf88625fd482e15b2ba69c5f165fe46 Author: Mike Frysinger gentoo org> AuthorDate: Wed Jan 24 22:51:40 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 24 22:51:40 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a8a823e6 pspax: replace proc_fopen with fopenat_r Switch to the common helper we have in paxinc already that does exactly the same thing as this proc_fopen. Signed-off-by: Mike Frysinger gentoo.org> pspax.c | 37 - 1 file changed, 8 insertions(+), 29 deletions(-) diff --git a/pspax.c b/pspax.c index 97d51c6..81392b1 100644 --- a/pspax.c +++ b/pspax.c @@ -40,33 +40,12 @@ static pid_t show_pid = 0; static uid_t show_uid = (uid_t)-1; static gid_t show_gid = (gid_t)-1; -static int proc_open(int pfd, const char *file) -{ - return openat(pfd, file, O_RDONLY|O_CLOEXEC); -} - -static FILE *proc_fopen(int pfd, const char *file) -{ - int fd; - FILE *fp; - - fd = proc_open(pfd, file); - if (fd == -1) - return NULL; - - fp = fdopen(fd, "re"); - if (fp == NULL) - close(fd); - - return fp; -} - static elfobj *proc_readelf(int pfd) { int fd; elfobj *elf; - fd = proc_open(pfd, "exe"); + fd = openat(pfd, "exe", O_RDONLY|O_CLOEXEC); if (fd == -1) return NULL; @@ -80,7 +59,7 @@ static const char *get_proc_name_cmdline(int pfd) FILE *fp; static char str[1024]; - fp = proc_fopen(pfd, "cmdline"); + fp = fopenat_r(pfd, "cmdline"); if (fp == NULL) return NULL; @@ -107,7 +86,7 @@ static const char *get_proc_name(int pfd) if (wide_output) return get_proc_name_cmdline(pfd); - fp = proc_fopen(pfd, "stat"); + fp = fopenat_r(pfd, "stat"); if (fp == NULL) return NULL; @@ -142,7 +121,7 @@ static int get_proc_maps(int pfd) FILE *fp; static char str[BUFSIZ]; - if ((fp = proc_fopen(pfd, "maps")) == NULL) + if ((fp = fopenat_r(pfd, "maps")) == NULL) return -1; while (fgets(str, sizeof(str), fp)) { @@ -178,7 +157,7 @@ static int print_executable_mappings(int pfd) FILE *fp; static char str[BUFSIZ]; - if ((fp = proc_fopen(pfd, "maps")) == NULL) + if ((fp = fopenat_r(pfd, "maps")) == NULL) return -1; while (fgets(str, sizeof(str), fp)) { @@ -224,7 +203,7 @@ static const char *get_proc_status(int pfd, const char *name) size_t len; static char str[BUFSIZ]; - if ((fp = proc_fopen(pfd, "status")) == NULL) + if ((fp = fopenat_r(pfd, "status")) == NULL) return NULL; len = strlen(name); @@ -248,7 +227,7 @@ static const char *get_pid_attr(int pfd) char *p; static char buf[BUFSIZ]; - if ((fp = proc_fopen(pfd, "attr/current")) == NULL) + if ((fp = fopenat_r(pfd, "attr/current")) == NULL) return NULL; if (fgets(buf, sizeof(buf), fp) != NULL) @@ -265,7 +244,7 @@ static const char *get_pid_addr(int pfd) char *p; static char buf[BUFSIZ]; - if ((fp = proc_fopen(pfd, "ipaddr")) == NULL) + if ((fp = fopenat_r(pfd, "ipaddr")) == NULL) return NULL; if (fgets(buf, sizeof(buf), fp) != NULL)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 1cf21243deebbfe3a5655f0ac18cd25e9ba53c48 Author: Mike Frysinger gentoo org> AuthorDate: Wed Jan 24 22:06:41 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 24 22:06:41 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1cf21243 pspax: rework & document get_proc_name The current scanf format tries to use "%s.16" to limit reading to 16 bytes, but that doesn't actually work -- the maximum field width is between the "%" and the "s", so it should have been "%16s". This ends up working anyways because the %s consumes the entire string before it stops, and then scanf stops processing after it can't match ".16". If the size of the field were BUFSIZE or larger, then it'd overflow. In practice, BUFSIZ tends to be "large" (i.e. O(KiB)), and the kernel will truncate this field to 16 bytes for userspace programs. Kernel threads can have longer names, but not that big. At least, on Linux. Fix the scanf string to properly limit to 15 bytes, and change the local buffer to be exactly 16 bytes rather than the unrelated BUFSIZ (which is a stdio.h buffer size, and nothing related to kernel processes). Then add some more comments to explain what the code is actually doing, and simplify the final NUL logic to avoid redundant work. Signed-off-by: Mike Frysinger gentoo.org> pspax.c | 28 +++- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/pspax.c b/pspax.c index 1e3562d..97d51c6 100644 --- a/pspax.c +++ b/pspax.c @@ -96,7 +96,13 @@ static const char *get_proc_name_cmdline(int pfd) static const char *get_proc_name(int pfd) { FILE *fp; - static char str[BUFSIZ]; + /* +* The stat file says process names are truncated to TASK_COMM_LEN (16) bytes. +* That includes the trailing NUL (\0) byte. This is true for userspace, but +* kernel processes seem to be unlimited. We don't care about those in this +* program though, so truncating them all the time is fine. +*/ + static char str[16]; if (wide_output) return get_proc_name_cmdline(pfd); @@ -105,18 +111,30 @@ static const char *get_proc_name(int pfd) if (fp == NULL) return NULL; - if (fscanf(fp, "%*d %s.16", str) != 1) { + /* +* The format is: +*() ...more fields... +* For example: +* 1234 (bash) R ... +* +* Match the leading (, then read 15 bytes (since scanf writes, but doesn't count, +* NUL bytes, so it will write up to 16 bytes to str). Ignore the rest rather than +* look for closing ) since kernel processes can be longer. +*/ + if (fscanf(fp, "%*d (%15s", str) != 1) { fclose(fp); return NULL; } if (*str) { - str[strlen(str) - 1] = '\0'; - str[16] = 0; + /* Discard trailing ) if it exists. */ + size_t len = strlen(str); + if (str[len - 1] == ')') + str[len - 1] = '\0'; } fclose(fp); - return (str+1); + return str; } static int get_proc_maps(int pfd)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 063a90661c0423172e23405c2548e649a1631796 Author: Mike Frysinger chromium org> AuthorDate: Wed Jan 24 15:35:52 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 24 15:35:52 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=063a9066 build: use standard HAVE_xxx define style Use the more standard HAVE_xxx convention, and only define when available. This avoids further confusion with code that is using "#ifdef" already. Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> meson.build | 4 +--- porting.h | 20 ++-- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/meson.build b/meson.build index c91bb64..e891d98 100644 --- a/meson.build +++ b/meson.build @@ -48,11 +48,9 @@ foreach x : [ 'elf-hints.h', 'glob.h', ] - x_exists = 0 if cc.has_header(x) -x_exists = 1 +probe_results.set('HAVE_' + x.to_upper().underscorify(), 1) endif - probe_results.set('HAS_' + x.to_upper().underscorify(), x_exists) endforeach configure_file( diff --git a/porting.h b/porting.h index 1ace55e..68e2b6c 100644 --- a/porting.h +++ b/porting.h @@ -40,36 +40,36 @@ #include #include #include "elf.h" -#if HAS_ALLOCA_H +#ifdef HAVE_ALLOCA_H # include #endif -#if HAS_SYS_PRCTL_H +#ifdef HAVE_SYS_PRCTL_H # include -# if HAS_LINUX_SECCOMP_H +# ifdef HAVE_LINUX_SECCOMP_H # include # endif -# if HAS_LINUX_SECUREBITS_H +# ifdef HAVE_LINUX_SECUREBITS_H # include # endif #endif -#if HAS_ENDIAN_H && HAS_BYTESWAP_H +#if defined(HAVE_ENDIAN_H) && defined(HAVE_BYTESWAP_H) # include # include -#elif HAS_SYS_ENDIAN_H +#elif defined(HAVE_SYS_ENDIAN_H) # include -#elif HAS_ISA_DEFS_H +#elif defined(HAVE_ISA_DEFS_H) # include -#elif HAS_MACHINE_ENDIAN_H +#elif defined(HAVE_MACHINE_ENDIAN_H) # include #endif -#ifdef HAS_GLOB_H +#ifdef HAVE_GLOB_H # include #endif #if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__) # define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG "/etc/ld.so.conf" -#elif HAS_ELF_HINTS_H +#elif defined(HAVE_ELF_HINTS_H) # include # define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG _PATH_ELF_HINTS #else
[gentoo-commits] proj/pax-utils:master commit in: tests/source/, /
commit: e679f9bd82197f0f1831a0a4a282851994aa172c Author: Mike Frysinger chromium org> AuthorDate: Wed Jan 24 15:32:52 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 24 15:32:52 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e679f9bd build: use standard config.h naming Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> meson.build | 2 +- porting.h | 2 +- tests/source/dotest | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build index 255107b..c91bb64 100644 --- a/meson.build +++ b/meson.build @@ -56,7 +56,7 @@ foreach x : [ endforeach configure_file( - output : 'probes.h', + output : 'config.h', configuration : probe_results, ) diff --git a/porting.h b/porting.h index 61018fb..1ace55e 100644 --- a/porting.h +++ b/porting.h @@ -11,7 +11,7 @@ #ifndef _PORTING_H #define _PORTING_H -#include "probes.h" +#include "config.h" #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof(*arr)) diff --git a/tests/source/dotest b/tests/source/dotest index cc278a5..c97e8cb 100755 --- a/tests/source/dotest +++ b/tests/source/dotest @@ -5,7 +5,7 @@ findfiles() { find "${top_srcdir}" \ '(' -type d -a '(' -name .git -o -name autotools ')' -prune ')' \ - -o '(' '(' -name '*.[ch]' -a ! -name 'probes.h' ')' -print0 ')' + -o '(' '(' -name '*.[ch]' -a ! -name 'config.h' ')' -print0 ')' } #
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 857eaddab407db1577076a09206386bc62bfa4eb Author: Mike Frysinger gentoo org> AuthorDate: Tue Jan 16 04:59:57 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 16 04:59:57 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=857eadda fix various typos found w/codespell Signed-off-by: Mike Frysinger gentoo.org> README.md | 2 +- dumpelf.c | 4 ++-- lddtree.sh | 8 macho.h| 4 ++-- paxelf.c | 2 +- paxldso.c | 2 +- porting.h | 2 +- pspax.c| 2 +- pyproject.toml | 10 ++ scanelf.c | 6 +++--- scanmacho.c| 2 +- 11 files changed, 27 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 99bbc3f..ec4bfe6 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ PaX helpers for people interested in that. pax-utils uses a bog-standard meson-based build system. See `meson_options.txt` for configuration options. -You don't need PaX to use the pax-utils. Infact the only thing they +You don't need PaX to use the pax-utils. In fact the only thing they really have in common is that pax-utils was initially written to aid in deploying PaX systems so it includes support for PT_PAX_FLAGS and the deprecated but still in use EI_PAX flags. For more information about PaX diff --git a/dumpelf.c b/dumpelf.c index 1a469ea..c8f27e4 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -114,7 +114,7 @@ static void dumpelf(const elfobj *elf, size_t file_cnt) break_out_shdr: printf("},\n"); - /* finish the namespace struct and start the abitrary ones */ + /* finish the namespace struct and start the arbitrary ones */ printf("\n.dyns = dumpedelf_dyn_%zu,\n", file_cnt); printf("};\n"); @@ -538,7 +538,7 @@ static void usage(int status) exit(status); } -/* parse command line arguments and preform needed actions */ +/* parse command line arguments and perform needed actions */ static void parseargs(int argc, char *argv[]) { int flag; diff --git a/lddtree.sh b/lddtree.sh index dfa8d06..e0185f4 100755 --- a/lddtree.sh +++ b/lddtree.sh @@ -96,8 +96,8 @@ find_elf() { read_ldso_conf() { local line p for p ; do - # if the glob didnt match anything #360041, - # or the files arent readable, skip it + # If the glob didn't match anything #360041, + # or the files aren't readable, skip it. [[ -r ${p} ]] || continue while read line ; do case ${line} in @@ -179,12 +179,12 @@ show_elf() { # No need for leading comma w/my_allhits as we guarantee it always # starts with one due to the way we append the value above. [[ ${my_allhits}, == *,${lib},* ]] && continue - # If the interp is being linked against directly, re-use the existing + # If the interp is being linked against directly, reuse the existing # full path rather than perform a search for it. When systems symlink # the interp to a diff location, we might locate a different path, and # displaying both doesn't make sense as it doesn't match the runtime -- # the ldso won't load another copy of ldso into memory from the search - # path, it'll re-use the existing copy that was loaded from the full + # path, it'll reuse the existing copy that was loaded from the full # hardcoded path. if [[ ${lib} == "${interp}" ]] ; then rlib=${full_interp} diff --git a/macho.h b/macho.h index 76f3697..4a99e8f 100644 --- a/macho.h +++ b/macho.h @@ -73,7 +73,7 @@ struct mach_header incremental link against a base file and cannot be link edited again */ #define MH_DYLDLINK 0x4 /* the object file is input for the dynamic - linker and cannot be staticly link edited + linker and cannot be statically link edited again */ #define MH_TWOLEVEL 0x80/* the image is using two-level namespace bindings */ @@ -107,7 +107,7 @@ struct mach_header they are not used by other
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 16db5db01027f058dcc2315f06f912fa480664f2 Author: Mike Frysinger gentoo org> AuthorDate: Tue Jan 16 05:01:48 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 16 05:01:48 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=16db5db0 github: add codespell checker Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/codespell.yml | 13 + 1 file changed, 13 insertions(+) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml new file mode 100644 index 000..605d2bb --- /dev/null +++ b/.github/workflows/codespell.yml @@ -0,0 +1,13 @@ +# GitHub actions workflow. +# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions + +name: Codespell + +on: [push, pull_request] + +jobs: + codespell: +runs-on: ubuntu-latest +steps: +- uses: actions/checkout@v4 +- uses: codespell-project/actions-codespell@v2
[gentoo-commits] proj/pax-utils:master commit in: /
commit: a285f1f17dccd79968a63e5acc35b5230c236389 Author: Mike Frysinger gentoo org> AuthorDate: Tue Jan 16 04:56:53 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 16 04:56:53 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a285f1f1 drop old __BOUNDS_CHECKING_ON support The out-of-tree patches for -fbounds-checking in GCC were great, but they haven't been updated since the gcc-4.0 days, and the sanitizer options have made it obsolete, so it's unlikely we'll ever use this code again. Signed-off-by: Mike Frysinger gentoo.org> porting.h | 7 --- pspax.c | 10 -- 2 files changed, 17 deletions(-) diff --git a/porting.h b/porting.h index 42c9ba3..3a544fa 100644 --- a/porting.h +++ b/porting.h @@ -77,13 +77,6 @@ #endif #undef PAX_UTILS_CLEANUP -/* bounds checking code will fart on free(NULL) even though that - * is valid usage. So let's wrap it if need be. - */ -#ifdef __BOUNDS_CHECKING_ON -# define free(ptr) do { if (ptr) free(ptr); } while (0) -# define PAX_UTILS_CLEANUP 1 -#endif /* LSAN (Leak Sanitizer) will complain about things we leak. */ #ifdef __SANITIZE_ADDRESS__ # define PAX_UTILS_CLEANUP 1 diff --git a/pspax.c b/pspax.c index 6094882..e79469d 100644 --- a/pspax.c +++ b/pspax.c @@ -189,15 +189,6 @@ static int print_executable_mappings(int pfd) return 0; } -#ifdef __BOUNDS_CHECKING_ON -# define NOTE_TO_SELF warn( \ - "This is bullshit but getpwuid() is leaking memory and I wasted a few hrs 1 day tracking it down in pspax\n" \ - "Later on I forgot I tracked it down before and saw pspax leaking memory so I tracked it down all over again (silly me)\n" \ - "Hopefully the getpwuid()/nis/nss/pam or whatever wont suck later on in the future.") -#else -# define NOTE_TO_SELF -#endif - static const struct passwd *get_proc_passwd(int pfd) { struct stat st; @@ -577,6 +568,5 @@ int main(int argc, char *argv[]) pspax(name); - NOTE_TO_SELF; return EXIT_SUCCESS; }
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 153e0f60ee6b04492b9b6d3cfc69809b0f29d65c Author: Mike Frysinger gentoo org> AuthorDate: Wed Jan 10 08:05:13 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 10 08:05:13 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=153e0f60 requirements: pin(ish) Python deps that we use to check things Signed-off-by: Mike Frysinger gentoo.org> requirements-dev.txt | 12 requirements.txt | 9 + 2 files changed, 21 insertions(+) diff --git a/requirements-dev.txt b/requirements-dev.txt new file mode 100644 index 000..9f4869c --- /dev/null +++ b/requirements-dev.txt @@ -0,0 +1,12 @@ +# Copyright 2024 Gentoo Foundation +# Copyright 2024 Mike Frysinger +# Copyright 2024 The ChromiumOS Authors +# Distributed under the terms of the GNU General Public License v2 + +# Deps needed to run tests/linters/etc... +# https://pip.pypa.io/en/stable/reference/requirements-file-format/ + +black==23.* +isort==5.* +mypy==1.* +pylint==3.0.* diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 000..540976b --- /dev/null +++ b/requirements.txt @@ -0,0 +1,9 @@ +# Copyright 2024 Gentoo Foundation +# Copyright 2024 Mike Frysinger +# Copyright 2024 The ChromiumOS Authors +# Distributed under the terms of the GNU General Public License v2 + +# Deps needed to run Python scripts after installed. +# https://pip.pypa.io/en/stable/reference/requirements-file-format/ + +pyelftools
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 756eda7dbce4261e2d5cd6e38bab49aa457e99c1 Author: Mike Frysinger gentoo org> AuthorDate: Wed Jan 10 07:43:19 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 10 07:43:19 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=756eda7d pylintrc: merge into pyproject.toml The same settings, but we have a single file for all our configs now. Signed-off-by: Mike Frysinger gentoo.org> .pylintrc | 58 pylint | 2 +- pyproject.toml | 69 ++ 3 files changed, 70 insertions(+), 59 deletions(-) diff --git a/.pylintrc b/.pylintrc deleted file mode 100644 index 7bee576..000 --- a/.pylintrc +++ /dev/null @@ -1,58 +0,0 @@ -[MASTER] -# List of plugins (as comma separated values of python modules names) to load, -# usually to register additional checkers. -load-plugins= - pylint.extensions.bad_builtin, - pylint.extensions.check_elif, - pylint.extensions.docstyle, - pylint.extensions.overlapping_exceptions, - pylint.extensions.redefined_variable_type, - -jobs=0 - -[MESSAGES CONTROL] -# Disable the message, report, category or checker with the given id(s). You -# can either give multiple identifier separated by comma (,) or put this option -# multiple times (only on the command line, not in the configuration file where -# it should appear only once). -disable= - too-many-lines, - too-many-branches, - too-many-statements, - too-few-public-methods, - too-many-instance-attributes, - too-many-public-methods, - too-many-locals, - too-many-arguments, - fixme, - invalid-name, - -[REPORTS] -reports=no -score=no - -[FORMAT] -max-line-length = 100 -indent-string = '' - -[BASIC] -bad-functions= - exit, - filter, - input, - map, - quit, - -[SIMILARITIES] -min-similarity-lines=20 - -[VARIABLES] -dummy-variables-rgx=_ - -[DESIGN] -max-parents=10 - -[IMPORTS] -deprecated-modules= - mox, - optparse, diff --git a/pylint b/pylint index 512511e..29e8b5e 100755 --- a/pylint +++ b/pylint @@ -37,7 +37,7 @@ def main(argv): pythonpath = pympath + ":" + pythonpath os.environ["PYTHONPATH"] = pythonpath -pylintrc = os.path.join(source_root, ".pylintrc") +pylintrc = os.path.join(source_root, "pyproject.toml") cmd = ["pylint", "--rcfile", pylintrc] os.execvp(cmd[0], cmd + argv) diff --git a/pyproject.toml b/pyproject.toml index ab0fde0..e633a0a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -40,3 +40,72 @@ single_line_exclusions = [ # https://mypy.readthedocs.io/en/stable/config_file.html [tool.mypy] python_version = "3.8" + + +# https://pylint.pycqa.org/en/latest/user_guide/usage/run.html +[tool.pylint."MASTER"] +py-version = "3.8" + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins = [ + "pylint.extensions.bad_builtin", + "pylint.extensions.check_elif", + "pylint.extensions.docstyle", + "pylint.extensions.overlapping_exceptions", + "pylint.extensions.redefined_variable_type", +] + +# Run everything in parallel. +jobs = 0 + +# https://pylint.pycqa.org/en/latest/user_guide/messages/index.html +[tool.pylint."MESSAGES CONTROL"] +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifier separated by comma (,) or put this option +# multiple times (only on the command line, not in the configuration file where +# it should appear only once). +disable = [ + "too-many-lines", + "too-many-branches", + "too-many-statements", + "too-few-public-methods", + "too-many-instance-attributes", + "too-many-public-methods", + "too-many-locals", + "too-many-arguments", + "fixme", + "invalid-name", +] + +[tool.pylint."REPORTS"] +reports = false +score = false + +[tool.pylint."FORMAT"] +max-line-length = 100 +indent-string = "" + +[tool.pylint."BASIC"] +bad-functions = [ + "exit", + "filter", + "input", + "map", + "quit", +] + +[tool.pylint."SIMILARITIES"] +min-similarity-lines = 20 + +[tool.pylint."VARIABLES"] +dummy-variables-rgx = "_" + +[tool.pylint."DESIGN"] +max-parents = 10 + +[tool.pylint."IMPORTS"] +deprecated-modules = [ + "mox", + "optparse", +]
[gentoo-commits] proj/pax-utils:master commit in: /
commit: a172acf0b81a9a1027f1b28cfae5b2ba4f5a32c6 Author: Mike Frysinger gentoo org> AuthorDate: Wed Jan 10 07:42:23 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 10 07:42:23 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a172acf0 pyproject.toml: add black & isort & mypy settings This should help stabilize the tool behavior for different developers. Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 4 +++- pyproject.toml | 42 ++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index b1fef16..3a41886 100755 --- a/lddtree.py +++ b/lddtree.py @@ -49,7 +49,8 @@ import os import re import shutil import sys -from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast +from typing import Any, cast, Dict, Iterable, List, Optional, Tuple, Union + assert sys.version_info >= (3, 8), f"Python 3.8+ required, but found {sys.version}" @@ -63,6 +64,7 @@ except ImportError: from elftools.common import exceptions # type: ignore from elftools.elf.elffile import ELFFile # type: ignore + # pylint: enable=import-error diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 000..ab0fde0 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,42 @@ +# Copyright 2024 Gentoo Foundation +# Copyright 2024 Mike Frysinger +# Copyright 2024 The ChromiumOS Authors +# Distributed under the terms of the GNU General Public License v2 + +# https://packaging.python.org/en/latest/guides/writing-pyproject-toml/ + + +# https://black.readthedocs.io/en/stable/usage_and_configuration/the_basics.html +[tool.black] +line-length = 88 +target-version = ["py38"] + + +# https://pycqa.github.io/isort/docs/configuration/options +[tool.isort] +py_version = "38" + +# Be compatible with `black` since it also matches what we want. +profile = "black" + +line_length = 88 +length_sort = false +force_single_line = true +lines_after_imports = 2 +from_first = false +case_sensitive = false +force_sort_within_sections = true +order_by_type = false + +# Allow importing multiple classes on a single line from these modules. +# https://google.github.io/styleguide/pyguide#s2.2-imports +single_line_exclusions = [ + "abc", + "collections.abc", + "typing", +] + + +# https://mypy.readthedocs.io/en/stable/config_file.html +[tool.mypy] +python_version = "3.8"
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 81e0200c6068d8c00c2d1f569f8b7b0ea7c1b0d5 Author: Mike Frysinger gentoo org> AuthorDate: Wed Jan 10 07:38:36 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 10 07:38:36 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=81e0200c lddtree: raise min version to Python 3.8 We aren't using Python 3.6 anywhere anymore that I care about, so raise the min version to 3.8. Tools are dropping support for it too which makes it difficult to reasonably support. Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index 8ccd855..b1fef16 100755 --- a/lddtree.py +++ b/lddtree.py @@ -51,7 +51,7 @@ import shutil import sys from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast -assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}" +assert sys.version_info >= (3, 8), f"Python 3.8+ required, but found {sys.version}" # Disable import errors for all 3rd party modules. # pylint: disable=import-error
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: b71d01d6054e270ab87e42df2d4d704e41281724 Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 17:39:34 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 18:03:25 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b71d01d6 github: add python checkers Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/python.yml | 28 1 file changed, 28 insertions(+) diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml new file mode 100644 index 000..7b7dcaf --- /dev/null +++ b/.github/workflows/python.yml @@ -0,0 +1,28 @@ +# GitHub actions workflow. +# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions + +name: Python + +on: [push, pull_request] + +jobs: + python: +runs-on: ubuntu-latest +steps: +- uses: actions/checkout@v4 +# NB: v1.4.0 covers Python 3.8. +- uses: ricardochaves/python-lint@v1.4.0 + with: +python-root-list: lddtree.py pylint +use-pylint: true +use-pycodestyle: false +use-flake8: false +use-black: true +use-mypy: true +use-isort: true +extra-pylint-options: "" +extra-pycodestyle-options: "" +extra-flake8-options: "" +extra-black-options: "" +extra-mypy-options: "" +extra-isort-options: ""
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 259a52c16c02d2cbb041ad33ea66a735652c66cf Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 17:56:56 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 17:56:56 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=259a52c1 lddtree: disable mypy import errors We don't have types for these imports, so ignore errors on them. Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lddtree.py b/lddtree.py index 70d755c..8a42627 100755 --- a/lddtree.py +++ b/lddtree.py @@ -56,12 +56,12 @@ assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.versio # Disable import errors for all 3rd party modules. # pylint: disable=import-error try: -import argcomplete +import argcomplete # type: ignore except ImportError: argcomplete = cast(Any, None) -from elftools.common import exceptions -from elftools.elf.elffile import ELFFile +from elftools.common import exceptions # type: ignore +from elftools.elf.elffile import ELFFile # type: ignore # pylint: enable=import-error
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c899a5a007c28c8b9005d142f8c7b539e097d5b3 Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 17:49:06 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 17:49:06 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c899a5a0 lddtree: disable pyelftools pylint import errors Since pyelftools isn't commonly installed, disable the pylint check by default. Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 4 1 file changed, 4 insertions(+) diff --git a/lddtree.py b/lddtree.py index 247e9db..70d755c 100755 --- a/lddtree.py +++ b/lddtree.py @@ -53,6 +53,8 @@ from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}" +# Disable import errors for all 3rd party modules. +# pylint: disable=import-error try: import argcomplete except ImportError: @@ -61,6 +63,8 @@ except ImportError: from elftools.common import exceptions from elftools.elf.elffile import ELFFile +# pylint: enable=import-error + def warn(msg: Any, prefix: Optional[str] = "warning") -> None: """Write |msg| to stderr with a |prefix| before it"""
[gentoo-commits] proj/pax-utils:master commit in: /
commit: cf84a6c35151b790ec104892883e85010ca252ac Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 17:46:55 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 17:46:55 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=cf84a6c3 lddtree: use older Python typing style Support for list[...] is new to Python 3.9. We still support Python 3.6 (or at least, 3.8) so we need to use List[...] instead. Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 24 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/lddtree.py b/lddtree.py index 89733be..247e9db 100755 --- a/lddtree.py +++ b/lddtree.py @@ -49,7 +49,7 @@ import os import re import shutil import sys -from typing import Any, cast, Iterable, Optional, Union +from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}" @@ -126,9 +126,9 @@ def readlink(path: str, root: str, prefixed: Optional[bool] = False) -> str: return normpath((root + path) if prefixed else path) -def dedupe(items: list[str]) -> list[str]: +def dedupe(items: List[str]) -> List[str]: """Remove all duplicates from |items| (keeping order)""" -seen: dict[str, str] = {} +seen: Dict[str, str] = {} return [seen.setdefault(x, x) for x in items if x not in seen] @@ -229,7 +229,7 @@ def ParseLdPaths( root: str = "", cwd: Optional[str] = None, path: str = "", -) -> list[str]: +) -> List[str]: """Parse the colon-delimited list of paths and apply ldso rules to each Note the special handling as dictated by the ldso: @@ -276,7 +276,7 @@ def ParseLdSoConf( root: str = "/", debug: bool = False, _first: bool = True, -) -> list[str]: +) -> List[str]: """Load all the paths from a given ldso config file This should handle comments, whitespace, and "include" statements. @@ -334,7 +334,7 @@ def LoadLdpaths( cwd: Optional[str] = None, prefix: str = "", debug: bool = False, -) -> dict[str, list[str]]: +) -> Dict[str, List[str]]: """Load linker paths from common locations This parses the ld.so.conf and LD_LIBRARY_PATH env var. @@ -348,7 +348,7 @@ def LoadLdpaths( Returns: dict containing library paths to search """ -ldpaths: dict[str, list[str]] = { +ldpaths: Dict[str, List[str]] = { "conf": [], "env": [], "interp": [], @@ -401,10 +401,10 @@ def CompatibleELFs(elf1: ELFFile, elf2: ELFFile) -> bool: def FindLib( elf: ELFFile, lib: str, -ldpaths: list[str], +ldpaths: List[str], root: str = "/", debug: bool = False, -) -> tuple[Optional[str], Optional[str]]: +) -> Tuple[Optional[str], Optional[str]]: """Try to locate a |lib| that is compatible to |elf| in the given |ldpaths| Args: @@ -451,7 +451,7 @@ def ParseELF( debug: bool = False, _first: bool = True, _all_libs={}, -) -> dict[str, Any]: +) -> Dict[str, Any]: """Parse the ELF dependency tree of the specified file Args: @@ -658,7 +658,7 @@ def _ActionShow(options: argparse.Namespace, elf: dict): shown_libs = set(elf["needed"]) new_libs = elf["needed"][:] -chain_libs: list[str] = [] +chain_libs: List[str] = [] interp = elf["interp"] if interp: lib = os.path.basename(interp) @@ -916,7 +916,7 @@ def GetParser() -> argparse.ArgumentParser: return parser -def main(argv: list[str]) -> Optional[int]: +def main(argv: List[str]) -> Optional[int]: """The main entry point!""" parser = GetParser() options = parser.parse_args(argv)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: cb88e6fce4386ba30d378edfb59964fa2a4cc9c3 Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 18:00:15 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 18:00:15 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=cb88e6fc lddtree: add some more typing info for mypy Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index 8a42627..8ccd855 100755 --- a/lddtree.py +++ b/lddtree.py @@ -491,7 +491,7 @@ def ParseELF( if _first: _all_libs = {} ldpaths = ldpaths.copy() -ret = { +ret: Dict[str, Any] = { "interp": None, "path": path if display is None else display, "realpath": path,
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 26945e75a7802a987ec81d1578aef4629258dc32 Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 16:35:49 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 16:35:49 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=26945e75 github: disable fuzzing on macOS The builder doesn't work with errors like: ld: file not found: /Applications/Xcode_14.2.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/14.0.0/lib/darwin/libclang_rt.fuzzer_osx.a Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/build-test-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index e82f5f9..44aa5c9 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -72,7 +72,7 @@ jobs: -Duse_seccomp=false \ -Dbuild_manpages=disabled \ -Dtests=true \ - -Duse_fuzzing=true \ + -Duse_fuzzing=false \ build ninja -C build # The unittests generally assume a Linux ELF host, so don't bother making
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 81b85a0bf3a6e6988ada582f653449a3217b71be Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 16:46:23 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 16:46:23 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=81b85a0b github: update to checkout@v4 Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/build-test-ci.yml | 4 ++-- .github/workflows/ci-alpine-linux.yml | 2 +- .github/workflows/coverity.yml| 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 44aa5c9..3d170e3 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -36,7 +36,7 @@ jobs: sudo install -Dm755 muon /usr/local/bin/muon ;; esac -- uses: actions/checkout@v3 +- uses: actions/checkout@v4 - run: | export PKG_CONFIG_PATH="/usr/lib/$(uname -m)-linux-gnu/pkgconfig/" case "$BB" in @@ -66,7 +66,7 @@ jobs: steps: - name: Install dependencies run: brew install meson ninja -- uses: actions/checkout@v3 +- uses: actions/checkout@v4 - run: | meson -Duse_libcap=disabled \ -Duse_seccomp=false \ diff --git a/.github/workflows/ci-alpine-linux.yml b/.github/workflows/ci-alpine-linux.yml index a87fdfb..575e959 100644 --- a/.github/workflows/ci-alpine-linux.yml +++ b/.github/workflows/ci-alpine-linux.yml @@ -28,7 +28,7 @@ jobs: libcap-dev \ libseccomp \ libseccomp-dev - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - run: meson setup -Dtests=false -Duse_fuzzing=false builddir/ - run: meson compile -C builddir - run: meson test --verbose -C builddir diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 20a47e5..1cd6c55 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -12,7 +12,7 @@ jobs: coverity: runs-on: ubuntu-latest steps: -- uses: actions/checkout@v3 +- uses: actions/checkout@v4 - uses: vapier/coverity-scan-action@v1 with: email: vap...@gentoo.org
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: da4aab84a127ce5e201b53b08cff42b3181315cc Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 16:35:49 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 16:35:49 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=da4aab84 github: disable fuzzing on macOS The builder doesn't work with errors like: ld: file not found: /Applications/Xcode_14.2.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/14.0.0/lib/darwin/libclang_rt.fuzzer_osx.a Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/build-test-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index e82f5f9..5c43a9c 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -72,7 +72,7 @@ jobs: -Duse_seccomp=false \ -Dbuild_manpages=disabled \ -Dtests=true \ - -Duse_fuzzing=true \ + -Duse_fuzzing=disabled \ build ninja -C build # The unittests generally assume a Linux ELF host, so don't bother making
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b49fe5088ca8f1fa0191a85e933ec213928449bc Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 16:27:50 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 16:27:50 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b49fe508 dumpelf: use explicit 64-bit to display off_t There's no guarantee that %j (uintmax_t) is large enough to handle off_t. Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> dumpelf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dumpelf.c b/dumpelf.c index de9a563..1a469ea 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -40,9 +40,9 @@ static void dumpelf(const elfobj *elf, size_t file_cnt) "\n" "/*\n" " * ELF dump of '%s'\n" - " * %ji (0x%jX) bytes\n" + " * %" PRIi64 " (0x%" PRIX64 ") bytes\n" " */\n\n", - elf->filename, elf->len, elf->len); + elf->filename, (int64_t)elf->len, (uint64_t)elf->len); /* setup the struct to namespace this elf */ #define MAKE_STRUCT(B) \
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b3994055a70d2f87e49c8a9053ae0b1745af3f5c Author: Mike Frysinger gentoo org> AuthorDate: Mon Jan 1 15:42:35 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Jan 1 15:42:35 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b3994055 update copyright headers Signed-off-by: Mike Frysinger gentoo.org> dumpelf.c | 4 ++-- lddtree.py| 6 +++--- lddtree.sh| 4 ++-- macho.h | 2 +- paxelf.c | 4 ++-- paxelf.h | 4 ++-- paxinc.c | 4 ++-- paxinc.h | 4 ++-- paxldso.c | 4 ++-- paxldso.h | 4 ++-- paxmacho.c| 4 ++-- paxmacho.h| 4 ++-- porting.h | 4 ++-- pylint| 2 +- scanelf.c | 4 ++-- scanmacho.c | 4 ++-- seccomp-bpf.c | 4 ++-- security.c| 4 ++-- security.h| 4 ++-- xfuncs.c | 4 ++-- xfuncs.h | 4 ++-- 21 files changed, 41 insertions(+), 41 deletions(-) diff --git a/dumpelf.c b/dumpelf.c index 4742a50..de9a563 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -1,9 +1,9 @@ /* - * Copyright 2005-2012 Gentoo Foundation + * Copyright 2005-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2012 Ned Ludd- - * Copyright 2005-2012 Mike Frysinger - + * Copyright 2005-2024 Mike Frysinger - */ const char argv0[] = "dumpelf"; diff --git a/lddtree.py b/lddtree.py index b26afcf..89733be 100755 --- a/lddtree.py +++ b/lddtree.py @@ -1,8 +1,8 @@ #!/usr/bin/env python # PYTHON_ARGCOMPLETE_OK -# Copyright 2012-2014 Gentoo Foundation -# Copyright 2012-2014 Mike Frysinger -# Copyright 2012-2014 The ChromiumOS Authors +# Copyright 2012-2024 Gentoo Foundation +# Copyright 2012-2024 Mike Frysinger +# Copyright 2012-2024 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license (BSD-3) """Read the ELF dependency tree and show it diff --git a/lddtree.sh b/lddtree.sh index c964ed6..dfa8d06 100755 --- a/lddtree.sh +++ b/lddtree.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2007-2013 Gentoo Foundation -# Copyright 2007-2013 Mike Frysinger +# Copyright 2007-2024 Gentoo Foundation +# Copyright 2007-2024 Mike Frysinger # Distributed under the terms of the GNU General Public License v2 argv0=${0##*/} diff --git a/macho.h b/macho.h index c4929c8..76f3697 100644 --- a/macho.h +++ b/macho.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 Gentoo Foundation + * Copyright 2008-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 */ diff --git a/paxelf.c b/paxelf.c index 331f1b4..fb4160c 100644 --- a/paxelf.c +++ b/paxelf.c @@ -1,9 +1,9 @@ /* - * Copyright 2003-2012 Gentoo Foundation + * Copyright 2003-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2012 Ned Ludd- - * Copyright 2005-2012 Mike Frysinger - + * Copyright 2005-2024 Mike Frysinger - */ #include "paxinc.h" diff --git a/paxelf.h b/paxelf.h index f252969..0c163d5 100644 --- a/paxelf.h +++ b/paxelf.h @@ -1,9 +1,9 @@ /* - * Copyright 2005-2012 Gentoo Foundation + * Copyright 2005-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2012 Ned Ludd- - * Copyright 2005-2012 Mike Frysinger - + * Copyright 2005-2024 Mike Frysinger - * * Make sure all of the common elf stuff is setup as we expect */ diff --git a/paxinc.c b/paxinc.c index 64a3069..589d7ae 100644 --- a/paxinc.c +++ b/paxinc.c @@ -1,9 +1,9 @@ /* - * Copyright 2003-2012 Gentoo Foundation + * Copyright 2003-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2012 Ned Ludd- - * Copyright 2005-2012 Mike Frysinger - + * Copyright 2005-2024 Mike Frysinger - */ /* stick common symbols here that are needed by paxinc.h */ diff --git a/paxinc.h b/paxinc.h index 3dd163a..d25cf57 100644 --- a/paxinc.h +++ b/paxinc.h @@ -1,9 +1,9 @@ /* - * Copyright 2005-2012 Gentoo Foundation + * Copyright 2005-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2012 Ned Ludd- - * Copyright 2005-2012 Mike Frysinger - + * Copyright 2005-2024 Mike Frysinger - * * Make sure all of the common stuff is setup as we expect */ diff --git a/paxldso.c b/paxldso.c index ce7facd..a9bef1e 100644 --- a/paxldso.c +++ b/paxldso.c @@ -1,9 +1,9 @@ /* - * Copyright 2003-2016 Gentoo Foundation + * Copyright 2003-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2003-2012 Ned Ludd- - * Copyright 2004-2016 Mike Frysinger - + * Copyright 2004-2024 Mike Frysinger - */ #include "paxinc.h" diff --git a/paxldso.h b/paxldso.h index 91c7eed..aba58fa 100644 --- a/paxldso.h +++ b/paxldso.h @@ -1,9 +1,9 @@ /* - * Copyright 2003-2016 Gentoo Foundation + * Copyright
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 511617ac43a13e6173f1dcbbd3feaf3be51ada6c Author: Mike Frysinger gentoo org> AuthorDate: Mon Jan 1 15:37:28 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Jan 1 15:37:28 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=511617ac elf.h: pull from latest glibc Signed-off-by: Mike Frysinger gentoo.org> elf.h | 1160 ++--- 1 file changed, 1038 insertions(+), 122 deletions(-) diff --git a/elf.h b/elf.h index e6c8b20..5c1c197 100644 --- a/elf.h +++ b/elf.h @@ -1,5 +1,5 @@ /* This file defines standard ELF types, structures, and macros. - Copyright (C) 1995-2015 Free Software Foundation, Inc. + Copyright (C) 1995-2023 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -168,109 +168,204 @@ typedef struct /* Legal values for e_machine (architecture). */ -#define EM_NONE 0 /* No machine */ -#define EM_M32 1 /* AT WE 32100 */ -#define EM_SPARC2 /* SUN SPARC */ -#define EM_386 3 /* Intel 80386 */ -#define EM_68K 4 /* Motorola m68k family */ -#define EM_88K 5 /* Motorola m88k family */ -#define EM_860 7 /* Intel 80860 */ -#define EM_MIPS 8 /* MIPS R3000 big-endian */ -#define EM_S370 9 /* IBM System/370 */ -#define EM_MIPS_RS3_LE 10 /* MIPS R3000 little-endian */ - -#define EM_PARISC 15 /* HPPA */ -#define EM_VPP500 17 /* Fujitsu VPP500 */ -#define EM_SPARC32PLUS 18 /* Sun's "v8plus" */ -#define EM_960 19 /* Intel 80960 */ -#define EM_PPC 20 /* PowerPC */ -#define EM_PPC64 21 /* PowerPC 64-bit */ -#define EM_S39022 /* IBM S390 */ - -#define EM_V80036 /* NEC V800 series */ -#define EM_FR2037 /* Fujitsu FR20 */ -#define EM_RH3238 /* TRW RH-32 */ -#define EM_RCE 39 /* Motorola RCE */ -#define EM_ARM 40 /* ARM */ -#define EM_FAKE_ALPHA 41 /* Digital Alpha */ -#define EM_SH 42 /* Hitachi SH */ -#define EM_SPARCV9 43 /* SPARC v9 64-bit */ -#define EM_TRICORE 44 /* Siemens Tricore */ -#define EM_ARC 45 /* Argonaut RISC Core */ -#define EM_H8_300 46 /* Hitachi H8/300 */ -#define EM_H8_300H 47 /* Hitachi H8/300H */ -#define EM_H8S 48 /* Hitachi H8S */ -#define EM_H8_500 49 /* Hitachi H8/500 */ -#define EM_IA_64 50 /* Intel Merced */ -#define EM_MIPS_X 51 /* Stanford MIPS-X */ -#define EM_COLDFIRE52 /* Motorola Coldfire */ -#define EM_68HC12 53 /* Motorola M68HC12 */ -#define EM_MMA 54 /* Fujitsu MMA Multimedia Accelerator*/ -#define EM_PCP 55 /* Siemens PCP */ -#define EM_NCPU56 /* Sony nCPU embeeded RISC */ -#define EM_NDR157 /* Denso NDR1 microprocessor */ -#define EM_STARCORE58 /* Motorola Start*Core processor */ -#define EM_ME1659 /* Toyota ME16 processor */ -#define EM_ST100 60 /* STMicroelectronic ST100 processor */ -#define EM_TINYJ 61 /* Advanced Logic Corp. Tinyj emb.fam*/ -#define EM_X86_64 62 /* AMD x86-64 architecture */ -#define EM_PDSP63 /* Sony DSP Processor */ - -#define EM_FX6666 /* Siemens FX66 microcontroller */ -#define EM_ST9PLUS 67 /* STMicroelectronics ST9+ 8/16 mc */ -#define EM_ST7 68 /* STmicroelectronics ST7 8 bit mc */ -#define EM_68HC16 69 /* Motorola MC68HC16 microcontroller */ -#define EM_68HC11 70 /* Motorola MC68HC11 microcontroller */ -#define EM_68HC08 71 /* Motorola MC68HC08 microcontroller */ -#define EM_68HC05 72 /* Motorola MC68HC05 microcontroller */ -#define EM_SVX 73 /* Silicon Graphics SVx */ -#define EM_ST1974 /* STMicroelectronics ST19 8 bit mc */ -#define EM_VAX 75 /* Digital VAX */ -#define EM_CRIS76 /* Axis Communications 32-bit embedded processor */ -#define EM_JAVELIN 77 /* Infineon Technologies 32-bit embedded processor */ -#define EM_FIREPATH78 /* Element 14 64-bit DSP Processor */ -#define EM_ZSP 79
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 00c695d6152bb8f2e7a288a5c019986ed3ee9495 Author: Daniel Verkamp chromium org> AuthorDate: Fri Sep 7 23:28:32 2018 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Dec 22 05:31:16 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=00c695d6 lddtree: use readlink -f for absolute links Commit b97eba7fb2c0a3c5ad9e3831c6f87dca1fde59c5 causes problems when using lddtree with symlinks containing absolute paths, such as the crosvm guest tools, which install these links: /usr/bin/sommelier -> /etc/alternatives/sommelier -> /opt/google/cros-containers/bin/sommelier (where the final sommelier is the lddtree-generated script). In this case, $base resolved by the lddtree script would be '/usr/bin//etc/alternatives/sommelier', which is incorrect. Replace the dirname/readlink combination with readlink -f when the symlink is absolute in order to fully resolve the symlink, while keeping the relative path when the script is invoked through a relative path. Bug: https://crbug.com/882055 Signed-off-by: Daniel Verkamp chromium.org> Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index bbf9df9..8184e8f 100755 --- a/lddtree.py +++ b/lddtree.py @@ -187,7 +187,13 @@ def GenerateLdsoWrapper( # remove absolute paths from build outputs and enables directory independent # cache sharing in distributed build systems. wrapper = """#!/bin/sh -if ! base=$(dirname "$0")/$(readlink "$0" 2>/dev/null); then +if base=$(readlink "$0" 2>/dev/null); then + # If $0 is an abspath symlink, fully resolve the target. + case ${base} in + /*) base=$(readlink -f "$0" 2>/dev/null);; + *) base=$(dirname "$0")/${base};; + esac +else case $0 in /*) base=$0;; *) base=${PWD:-`pwd`}/$0;;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: aadadb863a89af460726163703278b14750591ae Author: George Burgess IV google com> AuthorDate: Tue Sep 22 15:09:47 2020 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Dec 22 05:31:31 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=aadadb86 lddtree: add LD_ARGV0_REL Some binaries use `/proc/self/exe` to get a link to the currently-executing binary. Unfortunately, when `ld.so` is invoked directly, `/proc/self/exe` alawys points to `ld.so`. `LD_ARGV0` can only be used to determine the current executable in programs which haven't changed their working directory from their starting one, so that's difficult to generally use. To solve this, this embeds the path of the current binary _relative to ld.so_ in an env var. Bug: https://crbug.com/1003841 Bug: https://issuetracker.google.com/187793259 Signed-off-by: George Burgess chromium.org> Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lddtree.py b/lddtree.py index 8184e8f..b26afcf 100755 --- a/lddtree.py +++ b/lddtree.py @@ -176,6 +176,7 @@ def GenerateLdsoWrapper( replacements = { "interp": os.path.join(os.path.relpath(interp_dir, basedir), interp_name), +"interp_rel": os.path.relpath(path, interp_dir), "libpaths": ":".join( "${basedir}/" + os.path.relpath(p, basedir) for p in libpaths ), @@ -186,6 +187,10 @@ def GenerateLdsoWrapper( # Keep path relativeness of argv0 (in ${base}.elf). This allows tools to # remove absolute paths from build outputs and enables directory independent # cache sharing in distributed build systems. +# +# NB: LD_ARGV0_REL below is unrelated & non-standard. It's to let tools see +# the original path if they need it and when they know they'll be wrapped up +# by this script. wrapper = """#!/bin/sh if base=$(readlink "$0" 2>/dev/null); then # If $0 is an abspath symlink, fully resolve the target. @@ -200,6 +205,7 @@ else esac fi basedir=${base%%/*} +LD_ARGV0_REL="%(interp_rel)s" \\ exec \\ "${basedir}/%(interp)s" \\ %(argv0_arg)s \\
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 8f404c038705389cefd86e8a1fba1b50074a01ae Author: Takuto Ikuta chromium org> AuthorDate: Wed Aug 29 06:07:30 2018 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Dec 22 05:31:14 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8f404c03 lddtree: keep relativeness of invoked program in elf wrapper This makes clang's resource dir relative when we pass -no-canonical-prefixes flag like below. $ chromium/.cros_cache/chrome-sdk/tarballs/$BOARD+$VERSION+target_toolchain/usr/bin/clang -no-canonical-prefixes -### Chromium OS 7.0_pre328903_p20180425-r5 clang version 7.0.0 (/var/cache/chromeos-cache/distfiles/host/egit-src/clang.git e7408fe366bb18923fa360b069b4e4566203f34f) (/var/cache/chromeos-cache/distfiles/host/egit-src/llvm.git 95561668f063fbcb8195bde05ecede721ece4ba4) (based on LLVM 7.0.0svn) Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: chromium/.cros_cache/chrome-sdk/tarballs/kevin+10750.0.0+target_toolchain/usr/bin Without this patch, -no-canonical-prefixes has no meaning. $ chromium/.cros_cache/chrome-sdk/tarballs/$BOARD+$VERSION+target_toolchain/usr/bin/clang -no-canonical-prefixes -### Chromium OS 7.0_pre328903_p20180425-r5 clang version 7.0.0 (/var/cache/chromeos-cache/distfiles/host/egit-src/clang.git e7408fe366bb18923fa360b069b4e4566203f34f) (/var/cache/chromeos-cache/distfiles/host/egit-src/llvm.git 95561668f063fbcb8195bde05ecede721ece4ba4) (based on LLVM 7.0.0svn) Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: $HOME/chromium/.cros_cache/chrome-sdk/tarballs/kevin+10750.0.0+target_toolchain/usr/bin This is a part of effort for build cache sharing when using goma by removing absolute path from compile result. Instead of enforcing relative path, I keep relativeness of compiler path. I confirmed this works as following with a debug line to show ${base}.elf. (sdk daisy R70-11005.0.0) tikuta tikuta ~/chromium/src $ ln -s build/cros_cache/chrome-sdk/tarballs/daisy+11005.0.0+target_toolchain/usr/bin/clang-7 clang (sdk daisy R70-11005.0.0) tikuta tikuta ~/chromium/src $ ./clang ${base}.elf: './build/cros_cache/chrome-sdk/tarballs/daisy+11005.0.0+target_toolchain/usr/bin/clang-7.elf' clang-7: error: no input files In previous versions of this change, it ran like below: (sdk daisy R70-11005.0.0) tikuta tikuta ~/chromium/src $ ./clang ${base}.elf: '/usr/local/google/home/tikuta/chromium/src/build/cros_cache/chrome-sdk/tarballs/daisy+11005.0.0+target_toolchain/usr/bin/clang-7.elf' clang-7: error: no input files I confirmed this can build base_unittests on daisy and amd64-generic after creating a new CrOS SDK with chromiumos-sdk-tryjob. Bug: https://crbug.com/846610 Bug: https://crbug.com/876604 Signed-off-by: Takuto Ikuta chromium.org> Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index 80808fc..bbf9df9 100755 --- a/lddtree.py +++ b/lddtree.py @@ -182,8 +182,12 @@ def GenerateLdsoWrapper( "argv0_arg": '--argv0 "$0"' if interp_supports_argv0(root + interp) else "", "preload_arg": f'--preload "{preload}"' if preload else "", } + +# Keep path relativeness of argv0 (in ${base}.elf). This allows tools to +# remove absolute paths from build outputs and enables directory independent +# cache sharing in distributed build systems. wrapper = """#!/bin/sh -if ! base=$(realpath "$0" 2>/dev/null); then +if ! base=$(dirname "$0")/$(readlink "$0" 2>/dev/null); then case $0 in /*) base=$0;; *) base=${PWD:-`pwd`}/$0;;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 9ca3f108762c27b557825f5392499498e8a00202 Author: Mike Frysinger chromium org> AuthorDate: Fri Dec 15 20:53:20 2023 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Dec 15 20:53:59 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9ca3f108 lddtree: fix argcomplete typing mypy wants a cast here to avoid warning: lddtree.py:59: error: Incompatible types in assignment (expression has type "None", variable has type Module) [assignment] Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lddtree.py b/lddtree.py index 576d3d3..80808fc 100755 --- a/lddtree.py +++ b/lddtree.py @@ -49,14 +49,14 @@ import os import re import shutil import sys -from typing import Any, Iterable, Optional, Union +from typing import Any, cast, Iterable, Optional, Union assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}" try: import argcomplete except ImportError: -argcomplete = None +argcomplete = cast(Any, None) from elftools.common import exceptions from elftools.elf.elffile import ELFFile
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 5f8628d611c03f77bbcf245c025b85cf60b88431 Author: Mike Frysinger chromium org> AuthorDate: Fri Dec 15 20:41:31 2023 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Dec 15 20:53:59 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5f8628d6 lddtree: use f-string in warn message Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index 2b8b9c4..576d3d3 100755 --- a/lddtree.py +++ b/lddtree.py @@ -64,7 +64,7 @@ from elftools.elf.elffile import ELFFile def warn(msg: Any, prefix: Optional[str] = "warning") -> None: """Write |msg| to stderr with a |prefix| before it""" -print("%s: %s: %s" % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr) +print(f"{os.path.basename(sys.argv[0])}: {prefix}: {msg}", file=sys.stderr) def err(msg: Any, status: Optional[int] = 1) -> None:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c3205676f2bc6cc0ffd01098ce007ba7b5b7d159 Author: David Riley chromium org> AuthorDate: Wed Sep 28 17:16:42 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Dec 15 20:53:59 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c3205676 lddtree: Add --wrapper-preload --wrapper-preload allows the wrapper to be generated always specifying an LD_PRELOAD via the --preload option of the loader. Signed-off-by: David Riley chromium.org> Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 31 +-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/lddtree.py b/lddtree.py index 60f3a7c..2b8b9c4 100755 --- a/lddtree.py +++ b/lddtree.py @@ -46,6 +46,7 @@ import functools import glob import mmap import os +import re import shutil import sys from typing import Any, Iterable, Optional, Union @@ -147,6 +148,7 @@ def GenerateLdsoWrapper( path: str, interp: str, libpaths: Iterable[str] = (), +preload: Optional[str] = None, ) -> None: """Generate a shell script wrapper which uses local ldso to run the ELF @@ -164,12 +166,21 @@ def GenerateLdsoWrapper( interp_dir, interp_name = os.path.split(interp) # Add ldso interpreter dir to end of libpaths as a fallback library path. libpaths = dedupe(list(libpaths) + [interp_dir]) +if preload: +# If preload is an absolute path, calculate it from basedir. +preload_prefix = f'${{basedir}}/{os.path.relpath("/", basedir)}' +preload = ":".join( +f"{preload_prefix}{x}" if os.path.isabs(x) else x +for x in re.split(r"[ :]", preload) +) + replacements = { "interp": os.path.join(os.path.relpath(interp_dir, basedir), interp_name), "libpaths": ":".join( "${basedir}/" + os.path.relpath(p, basedir) for p in libpaths ), "argv0_arg": '--argv0 "$0"' if interp_supports_argv0(root + interp) else "", +"preload_arg": f'--preload "{preload}"' if preload else "", } wrapper = """#!/bin/sh if ! base=$(realpath "$0" 2>/dev/null); then @@ -182,6 +193,7 @@ basedir=${base%%/*} exec \\ "${basedir}/%(interp)s" \\ %(argv0_arg)s \\ + %(preload_arg)s \\ --library-path "%(libpaths)s" \\ --inhibit-cache \\ --inhibit-rpath '' \\ @@ -658,7 +670,15 @@ def _ActionCopy(options: argparse.Namespace, elf: dict): def _StripRoot(path: str) -> str: return path[len(options.root) - 1 :] -def _copy(realsrc, src, striproot=True, wrapit=False, libpaths=(), outdir=None): +def _copy( +realsrc, +src, +striproot=True, +wrapit=False, +libpaths=(), +outdir=None, +preload=None, +): if realsrc is None: return @@ -712,7 +732,7 @@ def _ActionCopy(options: argparse.Namespace, elf: dict): interp = os.path.join(options.libdir, os.path.basename(elf["interp"])) else: interp = _StripRoot(elf["interp"]) -GenerateLdsoWrapper(options.dest, subdst, interp, libpaths) +GenerateLdsoWrapper(options.dest, subdst, interp, libpaths, preload) # XXX: We should automatically import libgcc_s.so whenever libpthread.so # is copied over (since we know it can be dlopen-ed by NPTL at runtime). @@ -750,6 +770,7 @@ def _ActionCopy(options: argparse.Namespace, elf: dict): wrapit=options.generate_wrappers, libpaths=libpaths, outdir=options.bindir, +preload=options.wrapper_preload, ) @@ -867,6 +888,12 @@ def GetParser() -> argparse.ArgumentParser: default=False, help="Copy over plain (non-ELF) files instead of warn+ignore", ) +group.add_argument( +"--wrapper-preload", +default=None, +type=str, +help="Have wrapper add --preload to the ldso invocation", +) if argcomplete is not None: argcomplete.autocomplete(parser)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d51fa4ec5812e38af23ec773b0376d33e2b228ae Author: Mike Frysinger gentoo org> AuthorDate: Thu Mar 26 17:13:07 2020 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Dec 14 20:20:06 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d51fa4ec lddtree: add docstring for all classes Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lddtree.py b/lddtree.py index e851ac1..60f3a7c 100755 --- a/lddtree.py +++ b/lddtree.py @@ -596,6 +596,8 @@ def ParseELF( class _NormalizePathAction(argparse.Action): +"""Argparse action to normalize paths.""" + def __call__(self, parser, namespace, values, option_string=None): setattr(namespace, self.dest, normpath(values))
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c9f62fd60b3d92726bca1e0c56be7aa1eeef83d8 Author: Mike Frysinger chromium org> AuthorDate: Thu Dec 14 21:25:01 2023 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Dec 14 21:27:05 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c9f62fd6 pylintrc: remove old entries Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .pylintrc | 3 --- 1 file changed, 3 deletions(-) diff --git a/.pylintrc b/.pylintrc index b86319b..7bee576 100644 --- a/.pylintrc +++ b/.pylintrc @@ -5,7 +5,6 @@ load-plugins= pylint.extensions.bad_builtin, pylint.extensions.check_elif, pylint.extensions.docstyle, - pylint.extensions.emptystring, pylint.extensions.overlapping_exceptions, pylint.extensions.redefined_variable_type, @@ -25,8 +24,6 @@ disable= too-many-public-methods, too-many-locals, too-many-arguments, - locally-enabled, - locally-disabled, fixme, invalid-name,
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 6bf7ac1211f9d15a0a359e605ddc0ac8bdb39fa7 Author: Mike Frysinger gentoo org> AuthorDate: Thu Dec 14 21:27:37 2023 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Dec 14 21:27:37 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6bf7ac12 github: update to checkout@v3 Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/build-test-ci.yml | 4 ++-- .github/workflows/ci-alpine-linux.yml | 2 +- .github/workflows/coverity.yml| 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 18c13f0..e82f5f9 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -36,7 +36,7 @@ jobs: sudo install -Dm755 muon /usr/local/bin/muon ;; esac -- uses: actions/checkout@v2 +- uses: actions/checkout@v3 - run: | export PKG_CONFIG_PATH="/usr/lib/$(uname -m)-linux-gnu/pkgconfig/" case "$BB" in @@ -66,7 +66,7 @@ jobs: steps: - name: Install dependencies run: brew install meson ninja -- uses: actions/checkout@v2 +- uses: actions/checkout@v3 - run: | meson -Duse_libcap=disabled \ -Duse_seccomp=false \ diff --git a/.github/workflows/ci-alpine-linux.yml b/.github/workflows/ci-alpine-linux.yml index de7157c..a87fdfb 100644 --- a/.github/workflows/ci-alpine-linux.yml +++ b/.github/workflows/ci-alpine-linux.yml @@ -28,7 +28,7 @@ jobs: libcap-dev \ libseccomp \ libseccomp-dev - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - run: meson setup -Dtests=false -Duse_fuzzing=false builddir/ - run: meson compile -C builddir - run: meson test --verbose -C builddir diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 7e729c4..20a47e5 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -12,7 +12,7 @@ jobs: coverity: runs-on: ubuntu-latest steps: -- uses: actions/checkout@v2 +- uses: actions/checkout@v3 - uses: vapier/coverity-scan-action@v1 with: email: vap...@gentoo.org
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 43dc19d632741e9e80f02842684ca57d1277a070 Author: Mike Frysinger chromium org> AuthorDate: Thu Dec 14 19:52:20 2023 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Dec 14 19:53:27 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=43dc19d6 Revert "paxinc: include for alloca" This reverts commit 781a3856ae53df051563645b45d8ff7033aea113. The header is already included in porting.h. We want to keep all system headers centralized in porting.h and not sprinkle across the other modules. Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> paxinc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/paxinc.c b/paxinc.c index c6eab87..64a3069 100644 --- a/paxinc.c +++ b/paxinc.c @@ -9,7 +9,6 @@ /* stick common symbols here that are needed by paxinc.h */ #define IN_paxinc -#include #include "paxinc.h" char do_reverse_endian;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 124f3e448e7a0c4680fbff2306a3e2c9354bde77 Author: Aliaksei Urbanski gmail com> AuthorDate: Wed Nov 8 01:58:52 2023 + Commit: Sam James gentoo org> CommitDate: Thu Nov 23 13:31:19 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=124f3e44 Fix fuzz-dumpelf test Not sure why, but the dumpelf.fuzz fuzzer fails when it's calling prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, ...) at security_init. So I suggest disabling seccomp for fuzzy testing. Also, in order to not run indefinitely, the fuzzer must be executed with some reasonable options. https://releases.llvm.org/14.0.0/docs/LibFuzzer.html#options Signed-off-by: Aliaksei Urbanski gmail.com> Closes: https://github.com/gentoo/pax-utils/pull/13 Signed-off-by: Sam James gentoo.org> meson.build | 8 +++- security.c | 4 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 0cb9a0e..255107b 100644 --- a/meson.build +++ b/meson.build @@ -166,6 +166,12 @@ if do_tests and get_option('use_fuzzing') link_args : fuzz_flags, install : false ) -test('fuzz-dumpelf', dumpelf_fuzzer) +test('fuzz-dumpelf', dumpelf_fuzzer, + args : [ +'-close_fd_mask=3', +'-max_total_time=10', +'-print_final_stats', + ] +) endif endif diff --git a/security.c b/security.c index 19bf78f..7122a7f 100644 --- a/security.c +++ b/security.c @@ -46,6 +46,10 @@ # undef WANT_SECCOMP #endif +#if PAX_UTILS_LIBFUZZ +# undef WANT_SECCOMP +#endif + static int ns_unshare(int flags) { int flag, ret = 0;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 8ed70f98b7299a8433bb22ae4144ead2bb3a83a8 Author: Frederic Cambus statdns com> AuthorDate: Sun Feb 12 10:51:01 2023 + Commit: Sam James gentoo org> CommitDate: Mon Feb 13 05:24:21 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8ed70f98 README: fix typo: s/peforming/performing. Signed-off-by: Sam James gentoo.org> README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 539f3cc..99bbc3f 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ | VIEWVCS | https://gitweb.gentoo.org/proj/pax-utils.git/ | | STATUS | [![Build Status](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml/badge.svg)](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml) [![Coverity Status](https://scan.coverity.com/projects/9213/badge.svg)](https://scan.coverity.com/projects/gentoo-pax-utils) | -pax-utils is a small set of utilities for peforming Q/A (mostly security) +pax-utils is a small set of utilities for performing Q/A (mostly security) checks on systems (most notably, `scanelf`). It is focused on the ELF format, but does include a Mach-O helper too for OS X systems.
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d1a646983084f3c5b82e67ee73e77e17a73dcdd6 Author: Frederic Cambus statdns com> AuthorDate: Sat Feb 11 09:46:33 2023 + Commit: Sam James gentoo org> CommitDate: Mon Feb 13 05:24:05 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d1a64698 lddtree: allow lddtree.sh to find Xenocara libraries on OpenBSD. Signed-off-by: Sam James gentoo.org> lddtree.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lddtree.sh b/lddtree.sh index 5271dae..c964ed6 100755 --- a/lddtree.sh +++ b/lddtree.sh @@ -45,7 +45,7 @@ elf_specs() { sed -E 's: (LINUX|GNU)$: NONE:' } -lib_paths_fallback="${ROOT}lib* ${ROOT}usr/lib* ${ROOT}usr/local/lib*" +lib_paths_fallback="${ROOT}lib* ${ROOT}usr/lib* ${ROOT}usr/local/lib* ${ROOT}usr/X11R6/lib*" c_ldso_paths_loaded='false' find_elf() { _find_elf=''
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 755a512e6a3c2b015b8d54dc98f2f48bb9dd3971 Author: Sam James gentoo org> AuthorDate: Sun Jan 29 05:40:05 2023 + Commit: Sam James gentoo org> CommitDate: Sun Jan 29 05:56:32 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=755a512e Undo IWYU fixes I wasn't paying enough attention, it's better to just fold the needed bits into porting.h. This reverts commit ffedc60fa41d307bda28fd108e6ff1b8da1fc2ee. This reverts commit f8287200aec0ca33ef07fafcdd5aef0aa6eb1306. This reverts commit aa907a42d89ddfd5a7e64d8182a1da35277f2f6e. Bug: https://github.com/gentoo/pax-utils/pull/11#issuecomment-1407566344 Signed-off-by: Sam James gentoo.org> dumpelf.c | 14 -- paxelf.c | 14 -- paxelf.h | 7 --- paxinc.c | 8 paxinc.h | 11 +-- paxldso.c | 17 - paxldso.h | 4 paxmacho.c| 13 - paxmacho.h| 4 pspax.c | 22 +- scanelf.c | 23 --- scanmacho.c | 20 seccomp-bpf.c | 1 - seccomp-bpf.h | 2 -- security.c| 13 - security.h| 2 -- xfuncs.c | 7 --- xfuncs.h | 2 -- 18 files changed, 2 insertions(+), 182 deletions(-) diff --git a/dumpelf.c b/dumpelf.c index 877b0db..4742a50 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -8,21 +8,7 @@ const char argv0[] = "dumpelf"; -#include -#include -#include -#include -#include -#include -#include -#include -#include - #include "paxinc.h" -#include "elf.h" -#include "pax_utils_version.h" -#include "porting.h" -#include "security.h" /* prototypes */ static void dump_ehdr(const elfobj *elf, const void *ehdr); diff --git a/paxelf.c b/paxelf.c index b072ba0..331f1b4 100644 --- a/paxelf.c +++ b/paxelf.c @@ -6,21 +6,7 @@ * Copyright 2005-2012 Mike Frysinger - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include - #include "paxinc.h" -#include "elf.h" -#include "paxelf.h" -#include "porting.h" -#include "xfuncs.h" /* * Setup a bunch of helper functions to translate diff --git a/paxelf.h b/paxelf.h index 31ef298..f252969 100644 --- a/paxelf.h +++ b/paxelf.h @@ -11,13 +11,6 @@ #ifndef _PAX_ELF_H #define _PAX_ELF_H -#include -#include -#include -#include - -#include "elf.h" - typedef struct { const void *phdr; const void *shdr; diff --git a/paxinc.c b/paxinc.c index f87e8a6..64a3069 100644 --- a/paxinc.c +++ b/paxinc.c @@ -11,14 +11,6 @@ #define IN_paxinc #include "paxinc.h" -#include -#include -#include -#include -#include - -#include "xfuncs.h" - char do_reverse_endian; /* some of this ar code was taken from busybox */ diff --git a/paxinc.h b/paxinc.h index 52bbefd..3dd163a 100644 --- a/paxinc.h +++ b/paxinc.h @@ -11,16 +11,6 @@ #ifndef _PAX_INC_H #define _PAX_INC_H -#include -#include -#include -#include -#include -#include -#include -#include -#include - #include "porting.h" #include "xfuncs.h" #include "security.h" @@ -45,6 +35,7 @@ #include "elf.h" #include "paxelf.h" #include "paxldso.h" + /* Mach-O love */ #include "macho.h" #include "paxmacho.h" diff --git a/paxldso.c b/paxldso.c index d40d7ef..ce7facd 100644 --- a/paxldso.c +++ b/paxldso.c @@ -6,24 +6,7 @@ * Copyright 2004-2016 Mike Frysinger - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - #include "paxinc.h" -#include "elf.h" -#include "paxelf.h" -#include "paxldso.h" -#include "xfuncs.h" /* * ld.so.cache logic diff --git a/paxldso.h b/paxldso.h index fd9f344..91c7eed 100644 --- a/paxldso.h +++ b/paxldso.h @@ -9,10 +9,6 @@ #ifndef _PAX_LDSO_H #define _PAX_LDSO_H -#include "paxelf.h" -#include "porting.h" -#include "xfuncs.h" - /* * ld.so.cache logic */ diff --git a/paxmacho.c b/paxmacho.c index 39db1cb..74f02da 100644 --- a/paxmacho.c +++ b/paxmacho.c @@ -7,20 +7,7 @@ * 2008-2021 Fabian Groffen - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include - #include "paxinc.h" -#include "macho.h" -#include "paxmacho.h" -#include "xfuncs.h" /* lil' static string pool */ static const char STR_BE[] = "BE"; diff --git a/paxmacho.h b/paxmacho.h index b109af5..48ac854 100644 --- a/paxmacho.h +++ b/paxmacho.h @@ -12,10 +12,6 @@ #ifndef _PAX_MACHO_H #define _PAX_MACHO_H -#include -#include -#include - #include "macho.h" #define MGET(swapped, value) (swapped ? (__typeof__(value))bswap_32(value) : value) diff --git a/pspax.c b/pspax.c index 369ed37..6094882 100644 --- a/pspax.c +++ b/pspax.c @@ -14,32 +14,12 @@ const char argv0[] = "pspax"; -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 731b5e1798e98694e6afa783065ff996331e8153 Author: Sam James gentoo org> AuthorDate: Sun Jan 29 05:56:03 2023 + Commit: Sam James gentoo org> CommitDate: Sun Jan 29 05:56:33 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=731b5e17 porting.h: include for size_t, sort includes Signed-off-by: Sam James gentoo.org> porting.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/porting.h b/porting.h index 0d43a92..4f34302 100644 --- a/porting.h +++ b/porting.h @@ -29,15 +29,16 @@ #include #include #include +#include #include #include #include #include -#include -#include #include #include #include +#include +#include #include "elf.h" #if HAS_ALLOCA_H # include
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 781a3856ae53df051563645b45d8ff7033aea113 Author: Sam James gentoo org> AuthorDate: Sun Jan 29 05:55:51 2023 + Commit: Sam James gentoo org> CommitDate: Sun Jan 29 05:56:33 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=781a3856 paxinc: include for alloca Signed-off-by: Sam James gentoo.org> paxinc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/paxinc.c b/paxinc.c index 64a3069..c6eab87 100644 --- a/paxinc.c +++ b/paxinc.c @@ -9,6 +9,7 @@ /* stick common symbols here that are needed by paxinc.h */ #define IN_paxinc +#include #include "paxinc.h" char do_reverse_endian;
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 65f4631bdc891fb2a8cfd13f92acaeeba3d9cf2b Author: Sam James gentoo org> AuthorDate: Sun Jan 29 03:44:43 2023 + Commit: Sam James gentoo org> CommitDate: Sun Jan 29 03:47:11 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=65f4631b .github: add Alpine CI Signed-off-by: Sam James gentoo.org> .github/workflows/ci-alpine-linux.yml | 34 ++ 1 file changed, 34 insertions(+) diff --git a/.github/workflows/ci-alpine-linux.yml b/.github/workflows/ci-alpine-linux.yml new file mode 100644 index 000..de7157c --- /dev/null +++ b/.github/workflows/ci-alpine-linux.yml @@ -0,0 +1,34 @@ +name: ci_alpine_linux + +on: [push, pull_request] + +jobs: + + alpine: +name: Alpine Linux +runs-on: ubuntu-latest +container: alpine:latest +strategy: + fail-fast: false + matrix: +compiler: + - gcc + - clang +env: + CC: ${{ matrix.compiler }} +steps: + - run: >- + apk --no-cache add \ +build-base \ +clang \ +meson \ +pkgconf \ +py3-elftools \ +libcap \ +libcap-dev \ +libseccomp \ +libseccomp-dev + - uses: actions/checkout@v2 + - run: meson setup -Dtests=false -Duse_fuzzing=false builddir/ + - run: meson compile -C builddir + - run: meson test --verbose -C builddir
[gentoo-commits] proj/pax-utils:master commit in: /
commit: ffedc60fa41d307bda28fd108e6ff1b8da1fc2ee Author: Sam James gentoo org> AuthorDate: Sun Jan 29 03:41:09 2023 + Commit: Sam James gentoo org> CommitDate: Sun Jan 29 03:41:51 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ffedc60f *: IWYU fixes deux Signed-off-by: Sam James gentoo.org> dumpelf.c | 1 + paxelf.c | 1 + paxinc.c | 1 + paxinc.h | 1 + paxldso.c | 2 +- paxldso.h | 2 -- paxmacho.c| 1 + pspax.c | 1 + scanelf.c | 1 + scanmacho.c | 1 + seccomp-bpf.c | 1 + xfuncs.c | 1 + 12 files changed, 11 insertions(+), 3 deletions(-) diff --git a/dumpelf.c b/dumpelf.c index baa6358..877b0db 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -11,6 +11,7 @@ const char argv0[] = "dumpelf"; #include #include #include +#include #include #include #include diff --git a/paxelf.c b/paxelf.c index 0268fa4..b072ba0 100644 --- a/paxelf.c +++ b/paxelf.c @@ -7,6 +7,7 @@ */ #include +#include #include #include #include diff --git a/paxinc.c b/paxinc.c index 7dfd4ca..f87e8a6 100644 --- a/paxinc.c +++ b/paxinc.c @@ -12,6 +12,7 @@ #include "paxinc.h" #include +#include #include #include #include diff --git a/paxinc.h b/paxinc.h index 7eb6802..52bbefd 100644 --- a/paxinc.h +++ b/paxinc.h @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include diff --git a/paxldso.c b/paxldso.c index acab364..d40d7ef 100644 --- a/paxldso.c +++ b/paxldso.c @@ -8,9 +8,9 @@ #include #include -#include #include #include +#include #include #include #include diff --git a/paxldso.h b/paxldso.h index 1e95851..fd9f344 100644 --- a/paxldso.h +++ b/paxldso.h @@ -9,8 +9,6 @@ #ifndef _PAX_LDSO_H #define _PAX_LDSO_H -#include - #include "paxelf.h" #include "porting.h" #include "xfuncs.h" diff --git a/paxmacho.c b/paxmacho.c index fcdff4b..39db1cb 100644 --- a/paxmacho.c +++ b/paxmacho.c @@ -9,6 +9,7 @@ #include #include +#include #include #include #include diff --git a/pspax.c b/pspax.c index 1e75494..369ed37 100644 --- a/pspax.c +++ b/pspax.c @@ -21,6 +21,7 @@ const char argv0[] = "pspax"; #include #include #include +#include #include #include #include diff --git a/scanelf.c b/scanelf.c index ee990c9..d6bb14b 100644 --- a/scanelf.c +++ b/scanelf.c @@ -17,6 +17,7 @@ const char argv0[] = "scanelf"; #include #include #include +#include #include #include #include diff --git a/scanmacho.c b/scanmacho.c index fa1eee1..c38c5ed 100644 --- a/scanmacho.c +++ b/scanmacho.c @@ -16,6 +16,7 @@ const char argv0[] = "scanmacho"; #include #include #include +#include #include #include #include diff --git a/seccomp-bpf.c b/seccomp-bpf.c index 1d64172..7c3923f 100644 --- a/seccomp-bpf.c +++ b/seccomp-bpf.c @@ -11,6 +11,7 @@ const char argv0[] = "seccomp-bpf"; #include #include +#include #include #include #include diff --git a/xfuncs.c b/xfuncs.c index e912fb0..a68756b 100644 --- a/xfuncs.c +++ b/xfuncs.c @@ -8,6 +8,7 @@ #include #include +#include #include #include
[gentoo-commits] proj/pax-utils:master commit in: /
commit: aa907a42d89ddfd5a7e64d8182a1da35277f2f6e Author: Sam James gentoo org> AuthorDate: Sat Jan 28 10:14:46 2023 + Commit: Sam James gentoo org> CommitDate: Sat Jan 28 10:14:46 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=aa907a42 Make headers standalone (missing includes, prep for clang-tidy) Signed-off-by: Sam James gentoo.org> paxelf.h | 5 + paxldso.h | 4 paxmacho.h| 2 ++ seccomp-bpf.h | 2 ++ security.h| 2 ++ xfuncs.h | 2 ++ 6 files changed, 17 insertions(+) diff --git a/paxelf.h b/paxelf.h index f252969..ac41a64 100644 --- a/paxelf.h +++ b/paxelf.h @@ -11,6 +11,11 @@ #ifndef _PAX_ELF_H #define _PAX_ELF_H +#include +#include +#include +#include + typedef struct { const void *phdr; const void *shdr; diff --git a/paxldso.h b/paxldso.h index 91c7eed..fd9f344 100644 --- a/paxldso.h +++ b/paxldso.h @@ -9,6 +9,10 @@ #ifndef _PAX_LDSO_H #define _PAX_LDSO_H +#include "paxelf.h" +#include "porting.h" +#include "xfuncs.h" + /* * ld.so.cache logic */ diff --git a/paxmacho.h b/paxmacho.h index 48ac854..c32ccbb 100644 --- a/paxmacho.h +++ b/paxmacho.h @@ -12,6 +12,8 @@ #ifndef _PAX_MACHO_H #define _PAX_MACHO_H +#include + #include "macho.h" #define MGET(swapped, value) (swapped ? (__typeof__(value))bswap_32(value) : value) diff --git a/seccomp-bpf.h b/seccomp-bpf.h index 80d6d94..21499f7 100644 --- a/seccomp-bpf.h +++ b/seccomp-bpf.h @@ -4,6 +4,8 @@ * See seccomp-bpf.c for details. */ #undef SECCOMP_BPF_AVAILABLE +#include + #if defined(__aarch64__) /* AARCH64 */ #define SECCOMP_BPF_AVAILABLE diff --git a/security.h b/security.h index 65e1ad5..ef2e82a 100644 --- a/security.h +++ b/security.h @@ -9,6 +9,8 @@ #ifndef _PAX_SECURITY_H #define _PAX_SECURITY_H +#include + /* Whether to enable features that significantly impact speed. */ #ifdef SLOW_SECURITY # define USE_SLOW_SECURITY 1 diff --git a/xfuncs.h b/xfuncs.h index 61577ec..5781d61 100644 --- a/xfuncs.h +++ b/xfuncs.h @@ -9,6 +9,8 @@ #ifndef __XFUNCS_H__ #define __XFUNCS_H__ +#include + char *xstrdup(const char *s); void *xmalloc(size_t size); void *xzalloc(size_t size);
[gentoo-commits] proj/pax-utils:master commit in: /
commit: f8287200aec0ca33ef07fafcdd5aef0aa6eb1306 Author: Sam James gentoo org> AuthorDate: Sat Jan 28 10:15:57 2023 + Commit: Sam James gentoo org> CommitDate: Sat Jan 28 10:18:34 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f8287200 *: IWYU fixes Separate from the first commit as this one was done programmatically with dev-util/include-what-you-use. Signed-off-by: Sam James gentoo.org> dumpelf.c | 13 + paxelf.c| 13 + paxelf.h| 2 ++ paxinc.c| 7 +++ paxinc.h| 10 +- paxldso.c | 17 + paxldso.h | 2 ++ paxmacho.c | 12 paxmacho.h | 2 ++ pspax.c | 21 - scanelf.c | 22 ++ scanmacho.c | 19 +++ security.c | 13 + xfuncs.c| 6 ++ 14 files changed, 157 insertions(+), 2 deletions(-) diff --git a/dumpelf.c b/dumpelf.c index 4742a50..baa6358 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -8,7 +8,20 @@ const char argv0[] = "dumpelf"; +#include +#include +#include +#include +#include +#include +#include +#include + #include "paxinc.h" +#include "elf.h" +#include "pax_utils_version.h" +#include "porting.h" +#include "security.h" /* prototypes */ static void dump_ehdr(const elfobj *elf, const void *ehdr); diff --git a/paxelf.c b/paxelf.c index 331f1b4..0268fa4 100644 --- a/paxelf.c +++ b/paxelf.c @@ -6,7 +6,20 @@ * Copyright 2005-2012 Mike Frysinger - */ +#include +#include +#include +#include +#include +#include +#include +#include + #include "paxinc.h" +#include "elf.h" +#include "paxelf.h" +#include "porting.h" +#include "xfuncs.h" /* * Setup a bunch of helper functions to translate diff --git a/paxelf.h b/paxelf.h index ac41a64..31ef298 100644 --- a/paxelf.h +++ b/paxelf.h @@ -16,6 +16,8 @@ #include #include +#include "elf.h" + typedef struct { const void *phdr; const void *shdr; diff --git a/paxinc.c b/paxinc.c index 64a3069..7dfd4ca 100644 --- a/paxinc.c +++ b/paxinc.c @@ -11,6 +11,13 @@ #define IN_paxinc #include "paxinc.h" +#include +#include +#include +#include + +#include "xfuncs.h" + char do_reverse_endian; /* some of this ar code was taken from busybox */ diff --git a/paxinc.h b/paxinc.h index 3dd163a..7eb6802 100644 --- a/paxinc.h +++ b/paxinc.h @@ -11,6 +11,15 @@ #ifndef _PAX_INC_H #define _PAX_INC_H +#include +#include +#include +#include +#include +#include +#include +#include + #include "porting.h" #include "xfuncs.h" #include "security.h" @@ -35,7 +44,6 @@ #include "elf.h" #include "paxelf.h" #include "paxldso.h" - /* Mach-O love */ #include "macho.h" #include "paxmacho.h" diff --git a/paxldso.c b/paxldso.c index ce7facd..acab364 100644 --- a/paxldso.c +++ b/paxldso.c @@ -6,7 +6,24 @@ * Copyright 2004-2016 Mike Frysinger - */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + #include "paxinc.h" +#include "elf.h" +#include "paxelf.h" +#include "paxldso.h" +#include "xfuncs.h" /* * ld.so.cache logic diff --git a/paxldso.h b/paxldso.h index fd9f344..1e95851 100644 --- a/paxldso.h +++ b/paxldso.h @@ -9,6 +9,8 @@ #ifndef _PAX_LDSO_H #define _PAX_LDSO_H +#include + #include "paxelf.h" #include "porting.h" #include "xfuncs.h" diff --git a/paxmacho.c b/paxmacho.c index 74f02da..fcdff4b 100644 --- a/paxmacho.c +++ b/paxmacho.c @@ -7,7 +7,19 @@ * 2008-2021 Fabian Groffen - */ +#include +#include +#include +#include +#include +#include +#include +#include + #include "paxinc.h" +#include "macho.h" +#include "paxmacho.h" +#include "xfuncs.h" /* lil' static string pool */ static const char STR_BE[] = "BE"; diff --git a/paxmacho.h b/paxmacho.h index c32ccbb..b109af5 100644 --- a/paxmacho.h +++ b/paxmacho.h @@ -13,6 +13,8 @@ #define _PAX_MACHO_H #include +#include +#include #include "macho.h" diff --git a/pspax.c b/pspax.c index 6094882..1e75494 100644 --- a/pspax.c +++ b/pspax.c @@ -14,12 +14,31 @@ const char argv0[] = "pspax"; -#include "paxinc.h" #include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "paxinc.h" +#include "elf.h" +#include "pax_utils_version.h" +#include "paxelf.h" +#include "security.h" #ifdef WANT_SYSCAP # undef _POSIX_SOURCE # include + # define WRAP_SYSCAP(x) x #else # define WRAP_SYSCAP(x) diff --git a/scanelf.c b/scanelf.c index 50497b2..ee990c9 100644 --- a/scanelf.c +++ b/scanelf.c @@ -8,7 +8,29 @@ const char argv0[] = "scanelf"; +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + #include "paxinc.h" +#include "elf.h" +#include "pax_utils_version.h" +#include
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d49fa503588cb9a89eda7eb7141b65507fa126ce Author: Sam James gentoo org> AuthorDate: Thu Jan 26 21:45:48 2023 + Commit: Sam James gentoo org> CommitDate: Thu Jan 26 21:45:48 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d49fa503 meson.build: release 1.3.7 Signed-off-by: Sam James gentoo.org> meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index f39defc..0cb9a0e 100644 --- a/meson.build +++ b/meson.build @@ -1,5 +1,5 @@ project('pax-utils', 'c', - version : '1.3.6', + version : '1.3.7', license : 'GPL-2.0-only', default_options : [ 'warning_level=2',
[gentoo-commits] proj/pax-utils:master commit in: man/
commit: 9fb7fc342f28f8342d8de6ca2d71b1cf2b765ae3 Author: Sam James gentoo org> AuthorDate: Sun Jan 22 04:11:18 2023 + Commit: Sam James gentoo org> CommitDate: Sun Jan 22 04:38:42 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9fb7fc34 meson: fix installation of (pre-generated) man pages w/o xmlto Fixes: 502631b86d63c4604b0ed78ad86a054e9726e897 Signed-off-by: Sam James gentoo.org> man/meson.build | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/man/meson.build b/man/meson.build index 130c8ec..09ac0d5 100644 --- a/man/meson.build +++ b/man/meson.build @@ -1,8 +1,4 @@ -xmlto = find_program('xmlto', required : get_option('build_manpages')) - -if not xmlto.found() - subdir_done() -endif +xmlto = find_program('xmlto', required : get_option('build_manpages'), disabler: true) docbook_conf = configuration_data() docbook_conf.set('version', meson.project_version())
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 0a7d8b69dc1dcb248c5313788e273374acbdfb52 Author: Sam James gentoo org> AuthorDate: Fri Jan 6 07:09:11 2023 + Commit: Sam James gentoo org> CommitDate: Fri Jan 6 07:09:13 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0a7d8b69 meson: release 1.3.6 Signed-off-by: Sam James gentoo.org> meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 0054ba4..f39defc 100644 --- a/meson.build +++ b/meson.build @@ -1,5 +1,5 @@ project('pax-utils', 'c', - version : '1.3.5', + version : '1.3.6', license : 'GPL-2.0-only', default_options : [ 'warning_level=2',
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 654de6dd526dc660faadee393f9de7bfc049c23f Author: Sam James gentoo org> AuthorDate: Fri Jan 6 06:43:34 2023 + Commit: Sam James gentoo org> CommitDate: Fri Jan 6 06:55:04 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=654de6dd CI: Add ASAN, UBSAN to CI Signed-off-by: Sam James gentoo.org> .github/workflows/build-test-ci.yml | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 52c0ee1..18c13f0 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -3,12 +3,7 @@ name: Build+Test CI -on: - push: -branches: [master, gh-actions] -tags: [v*] - pull_request: -types: [created, opened, edited] +on: [pull_request, push] jobs: make: @@ -17,11 +12,13 @@ jobs: os: [ubuntu-latest] cc: [gcc, clang] bb: [meson, muon] +sanitizer: [none, address, undefined] fail-fast: false runs-on: ${{ matrix.os }} env: CC: ${{ matrix.cc }} BB: ${{ matrix.bb }} + SANITIZER: ${{ matrix.sanitizer }} steps: - name: Install dependencies run: | @@ -53,6 +50,7 @@ jobs: -Dbuild_manpages=disabled \ -Dtests=true \ -Duse_fuzzing=true \ +-Db_sanitize="${SANITIZER}" \ build ninja -C build ( cd build && "$BB" test; )
[gentoo-commits] proj/pax-utils:master commit in: travis/
commit: 974b9359c2f89d57e69598572aafcd8f920d79e2 Author: Sam James gentoo org> AuthorDate: Wed Nov 2 02:02:59 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 2 02:02:59 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=974b9359 travis: drop Followup to 22e3de54dee0d4efa6c3d14753f847677f0e8d98. Signed-off-by: Sam James gentoo.org> travis/autotools.tar.xz | Bin 9208 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/travis/autotools.tar.xz b/travis/autotools.tar.xz deleted file mode 100644 index 1c0c854..000 Binary files a/travis/autotools.tar.xz and /dev/null differ
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: fb6a858813afb897d50ecc268eab8f5bf3208490 Author: Sam James gentoo org> AuthorDate: Wed Nov 2 00:40:28 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 2 00:40:46 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=fb6a8588 .github: update muon URL Signed-off-by: Sam James gentoo.org> .github/workflows/build-test-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 98a346d..52c0ee1 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -34,7 +34,7 @@ jobs: sudo pip3 install meson ;; muon) -wget https://muon.build/releases/muon-amd64-linux-static -O muon +wget https://muon.build/releases/edge/muon-edge-amd64-linux-static -O muon chmod +x muon sudo install -Dm755 muon /usr/local/bin/muon ;;
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: b8cea120c83f70d3f9077e41c18b40443cdb8cf0 Author: Sam James gentoo org> AuthorDate: Wed Nov 2 00:37:57 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 2 00:38:55 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b8cea120 .github: run build-test-ci for all branches Signed-off-by: Sam James gentoo.org> Closes: https://github.com/gentoo/pax-utils/pull/8 Signed-off-by: Sam James gentoo.org> .github/workflows/build-test-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index e2b7e0e..98a346d 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -8,8 +8,7 @@ on: branches: [master, gh-actions] tags: [v*] pull_request: -types: [opened] -branches: [master] +types: [created, opened, edited] jobs: make:
[gentoo-commits] proj/pax-utils:master commit in: /, man/
commit: 502631b86d63c4604b0ed78ad86a054e9726e897 Author: Sam James gentoo org> AuthorDate: Wed Nov 2 00:37:57 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 2 00:38:55 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=502631b8 meson: include generated man pages in dist tarballs Meson doesn't have an idiomatic way of doing this (for once!) so we have to (per Eli Schwartz, thanks!) have: 1. a dist script which duplicates the build rule; 2. some meson.build if/else logic with fs.exists() to prefer the built manpage when using tarballs Sadly, still can't easily regenerate man pages if you apply a patch downstream though. We use Michael Stapelberg's example from the linked bug as inspiration. Bug: https://github.com/mesonbuild/meson/issues/2166 Reported-by: psykose ayaya.dev> Thanks-to: Eli Schwartz archlinux.org> Signed-off-by: Sam James gentoo.org> man/meson.build | 37 - meson-build-dist-man.sh | 12 meson.build | 2 ++ 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/man/meson.build b/man/meson.build index 2e346ec..130c8ec 100644 --- a/man/meson.build +++ b/man/meson.build @@ -18,20 +18,31 @@ pages = [ 'dumpelf.docbook', 'pspax.docbook', 'scanelf.docbook', 'scanmacho.docbook' ] +fs = import('fs') + out_pages = [] +generated_man_pages_exist = true foreach page : pages - out_pages += page.replace('.docbook', '.1') + man_page_name = page.replace('.docbook', '.1') + out_pages += man_page_name + if not fs.exists(man_page_name) + generated_man_pages_exist = false + endif endforeach -custom_target('docbook_to_man', - command : [ -xmlto, '-x', files('custom.xsl'), '--skip-validation', -'-o', meson.current_build_dir(), 'man', book - ], - input : [ -'pax-utils.docbook.in', 'custom.xsl', 'fragment/reftail', - ] + pages, - output : out_pages, - install : true, - install_dir : get_option('mandir') / 'man1' -) +if generated_man_pages_exist + install_man(out_pages) +else + custom_target('docbook_to_man', +command : [ + xmlto, '-x', files('custom.xsl'), '--skip-validation', + '-o', meson.current_build_dir(), 'man', book +], +input : [ + 'pax-utils.docbook.in', 'custom.xsl', 'fragment/reftail', +] + pages, +output : out_pages, +install : true, +install_dir : get_option('mandir') / 'man1' + ) +endif diff --git a/meson-build-dist-man.sh b/meson-build-dist-man.sh new file mode 100755 index 000..699a380 --- /dev/null +++ b/meson-build-dist-man.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# This script should be invoked by meson itself (via 'meson dist') +# See https://github.com/mesonbuild/meson/issues/2166 and more specifically, +# https://github.com/mesonbuild/meson/issues/2166#issuecomment-629696911. +set -eu + +cd "${MESON_DIST_ROOT}" +mkdir build +meson setup build -Dbuild_manpages=enabled +meson compile -C build +cp build/man/* man/ +rm -rf build diff --git a/meson.build b/meson.build index 0ee2630..0054ba4 100644 --- a/meson.build +++ b/meson.build @@ -138,6 +138,8 @@ install_data('symtree.sh', subdir('man') +meson.add_dist_script('meson-build-dist-man.sh') + do_tests = get_option('tests') if do_tests subdir('tests/lddtree')
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b07b25dcc8ad0e518d801bc23d01fb59cc6de442 Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 28 06:03:01 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 28 07:42:17 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b07b25dc lddtree: add typing info to more places Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 87 +++--- 1 file changed, 61 insertions(+), 26 deletions(-) diff --git a/lddtree.py b/lddtree.py index ecb353d..6939bb6 100755 --- a/lddtree.py +++ b/lddtree.py @@ -48,6 +48,7 @@ import mmap import os import shutil import sys +from typing import Any, Iterable, Optional, Union assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found {sys.version}' @@ -60,31 +61,31 @@ from elftools.common import exceptions from elftools.elf.elffile import ELFFile -def warn(msg, prefix='warning'): +def warn(msg: Any, prefix: Optional[str] = "warning") -> None: """Write |msg| to stderr with a |prefix| before it""" print('%s: %s: %s' % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr) -def err(msg, status=1): +def err(msg: Any, status: Optional[int] = 1) -> None: """Write |msg| to stderr and exit with |status|""" warn(msg, prefix='error') sys.exit(status) -def dbg(debug, *args, **kwargs): +def dbg(debug: bool, *args, **kwargs) -> None: """Pass |args| and |kwargs| to print() when |debug| is True""" if debug: print(*args, **kwargs) -def bstr(buf): +def bstr(buf: Union[bytes, str]) -> str: """Decode the byte string into a string""" if isinstance(buf, str): return buf return buf.decode('utf-8') -def normpath(path): +def normpath(path: str) -> str: """Normalize a path Python's os.path.normpath() doesn't handle some cases: @@ -96,7 +97,7 @@ def normpath(path): @functools.lru_cache(maxsize=None) -def readlink(path, root, prefixed=False): +def readlink(path: str, root: str, prefixed: Optional[bool] = False) -> str: """Like os.readlink(), but relative to a |root| This does not currently handle the pathological case: @@ -124,14 +125,14 @@ def readlink(path, root, prefixed=False): return normpath((root + path) if prefixed else path) -def dedupe(items): +def dedupe(items: list[str]) -> list[str]: """Remove all duplicates from |items| (keeping order)""" -seen = {} +seen: dict[str, str] = {} return [seen.setdefault(x, x) for x in items if x not in seen] @functools.lru_cache(maxsize=None) -def interp_supports_argv0(interp) -> bool: +def interp_supports_argv0(interp: str) -> bool: """See whether |interp| supports the --argv0 option. Starting with glibc-2.33, the ldso supports --argv0 to override argv[0]. @@ -141,7 +142,12 @@ def interp_supports_argv0(interp) -> bool: return mm.find(b'--argv0') >= 0 -def GenerateLdsoWrapper(root, path, interp, libpaths=()): +def GenerateLdsoWrapper( +root: str, +path: str, +interp: str, +libpaths: Iterable[str] = (), +) -> None: """Generate a shell script wrapper which uses local ldso to run the ELF Since we cannot rely on the host glibc (or other libraries), we need to @@ -190,7 +196,12 @@ exec \\ @functools.lru_cache(maxsize=None) -def ParseLdPaths(str_ldpaths, root='', cwd=None, path=None): +def ParseLdPaths( +str_ldpaths: str, +root: str = "", +cwd: Optional[str] = None, +path: str = "", +) -> list[str]: """Parse the colon-delimited list of paths and apply ldso rules to each Note the special handling as dictated by the ldso: @@ -232,7 +243,12 @@ def ParseLdPaths(str_ldpaths, root='', cwd=None, path=None): return dedupe(ldpaths) -def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True): +def ParseLdSoConf( +ldso_conf: str, +root: str = "/", +debug: bool = False, +_first: bool = True, +) -> list[str]: """Load all the paths from a given ldso config file This should handle comments, whitespace, and "include" statements. @@ -283,7 +299,12 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True): return paths -def LoadLdpaths(root='/', cwd=None, prefix='', debug=False): +def LoadLdpaths( +root: str = "/", +cwd: Optional[str] = None, +prefix: str = "", +debug: bool = False, +) -> dict[str, list[str]]: """Load linker paths from common locations This parses the ld.so.conf and LD_LIBRARY_PATH env var. @@ -297,7 +318,7 @@ def LoadLdpaths(root='/', cwd=None, prefix='', debug=False): Returns: dict containing library paths to search """ -ldpaths = { +ldpaths: dict[str, list[str]] = { 'conf': [], 'env': [], 'interp': [], @@ -321,7 +342,7 @@ def LoadLdpaths(root='/', cwd=None, prefix='', debug=False): return ldpaths -def CompatibleELFs(elf1, elf2):
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 1ddedd87363c65d6b910fe32da0f1764ba1329a9 Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 28 07:39:56 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 28 07:42:17 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1ddedd87 lddtree: reformat with black Largely this is just single quotes -> double quotes. Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 503 - 1 file changed, 294 insertions(+), 209 deletions(-) diff --git a/lddtree.py b/lddtree.py index d894505..e851ac1 100755 --- a/lddtree.py +++ b/lddtree.py @@ -50,7 +50,7 @@ import shutil import sys from typing import Any, Iterable, Optional, Union -assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found {sys.version}' +assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found {sys.version}" try: import argcomplete @@ -63,12 +63,12 @@ from elftools.elf.elffile import ELFFile def warn(msg: Any, prefix: Optional[str] = "warning") -> None: """Write |msg| to stderr with a |prefix| before it""" -print('%s: %s: %s' % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr) +print("%s: %s: %s" % (os.path.basename(sys.argv[0]), prefix, msg), file=sys.stderr) def err(msg: Any, status: Optional[int] = 1) -> None: """Write |msg| to stderr and exit with |status|""" -warn(msg, prefix='error') +warn(msg, prefix="error") sys.exit(status) @@ -82,7 +82,7 @@ def bstr(buf: Union[bytes, str]) -> str: """Decode the byte string into a string""" if isinstance(buf, str): return buf -return buf.decode('utf-8') +return buf.decode("utf-8") def normpath(path: str) -> str: @@ -93,7 +93,7 @@ def normpath(path: str) -> str: //..// -> // //..//..// -> /// """ -return os.path.normpath(path).replace('//', '/') +return os.path.normpath(path).replace("//", "/") @functools.lru_cache(maxsize=None) @@ -115,9 +115,9 @@ def readlink(path: str, root: str, prefixed: Optional[bool] = False) -> str: Returns: A fully resolved symlink path """ -root = root.rstrip('/') +root = root.rstrip("/") if prefixed: -path = path[len(root):] +path = path[len(root) :] while os.path.islink(root + path): path = os.path.join(os.path.dirname(path), os.readlink(root + path)) @@ -137,9 +137,9 @@ def interp_supports_argv0(interp: str) -> bool: Starting with glibc-2.33, the ldso supports --argv0 to override argv[0]. """ -with open(interp, 'rb') as fp: +with open(interp, "rb") as fp: with mmap.mmap(fp.fileno(), 0, prot=mmap.PROT_READ) as mm: -return mm.find(b'--argv0') >= 0 +return mm.find(b"--argv0") >= 0 def GenerateLdsoWrapper( @@ -165,12 +165,11 @@ def GenerateLdsoWrapper( # Add ldso interpreter dir to end of libpaths as a fallback library path. libpaths = dedupe(list(libpaths) + [interp_dir]) replacements = { -'interp': os.path.join(os.path.relpath(interp_dir, basedir), - interp_name), +"interp": os.path.join(os.path.relpath(interp_dir, basedir), interp_name), "libpaths": ":".join( "${basedir}/" + os.path.relpath(p, basedir) for p in libpaths ), -'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(root + interp) else '', +"argv0_arg": '--argv0 "$0"' if interp_supports_argv0(root + interp) else "", } wrapper = """#!/bin/sh if ! base=$(realpath "$0" 2>/dev/null); then @@ -190,8 +189,8 @@ exec \\ "$@" """ wrappath = root + path -os.rename(wrappath, wrappath + '.elf') -with open(wrappath, 'w', encoding='utf-8') as f: +os.rename(wrappath, wrappath + ".elf") +with open(wrappath, "w", encoding="utf-8") as f: f.write(wrapper % replacements) os.chmod(wrappath, 0o0755) @@ -223,17 +222,17 @@ def ParseLdPaths( cwd = os.getcwd() ldpaths = [] -for ldpath in str_ldpaths.split(':'): +for ldpath in str_ldpaths.split(":"): # Expand placeholders first. -if '$ORIGIN' in ldpath: -ldpath = ldpath.replace('$ORIGIN', os.path.dirname(path)) -elif '${ORIGIN}' in ldpath: -ldpath = ldpath.replace('${ORIGIN}', os.path.dirname(path)) +if "$ORIGIN" in ldpath: +ldpath = ldpath.replace("$ORIGIN", os.path.dirname(path)) +elif "${ORIGIN}" in ldpath: +ldpath = ldpath.replace("${ORIGIN}", os.path.dirname(path)) # Expand relative paths if needed. These don't make sense in general, # but that doesn't stop people from using them. As such, root prefix # doesn't make sense with it either. -if not ldpath.startswith('/'): +if not ldpath.startswith("/"): # NB: The ldso treats "" paths as cwd too.
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c8f5de35cfa59ce7620ed646cce9c9715b0ed72e Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 28 05:46:01 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 28 07:42:17 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c8f5de35 lddtree: switch to f-strings in most places These are a bit more readable than % formatting. Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 35 ++- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/lddtree.py b/lddtree.py index 349bace..ecb353d 100755 --- a/lddtree.py +++ b/lddtree.py @@ -250,7 +250,7 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True): dbg_pfx = '' if _first else ' ' try: -dbg(debug, '%sParseLdSoConf(%s)' % (dbg_pfx, ldso_conf)) +dbg(debug, f"{dbg_pfx}ParseLdSoConf({ldso_conf})") with open(ldso_conf, encoding='utf-8') as f: for line in f.readlines(): line = line.split('#', 1)[0].strip() @@ -262,7 +262,7 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True): line = root + line.lstrip('/') else: line = os.path.dirname(ldso_conf) + '/' + line -dbg(debug, '%s glob: %s' % (dbg_pfx, line)) +dbg(debug, dbg_pfx, "glob:", line) # ldconfig in glibc uses glob() which returns entries sorted according # to LC_COLLATE. Further, ldconfig does not reset that but respects # the active env settings (which might be a mistake). Python does not @@ -336,7 +336,7 @@ def CompatibleELFs(elf1, elf2): """ osabis = frozenset([e.header['e_ident']['EI_OSABI'] for e in (elf1, elf2)]) compat_sets = ( -frozenset('ELFOSABI_%s' % x for x in ('NONE', 'SYSV', 'GNU', 'LINUX',)), +frozenset(f"ELFOSABI_{x}" for x in ("NONE", "SYSV", "GNU", "LINUX")), ) return ((len(osabis) == 1 or any(osabis.issubset(x) for x in compat_sets)) and elf1.elfclass == elf2.elfclass and @@ -357,13 +357,13 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False): Returns: Tuple of the full path to the desired library and the real path to it """ -dbg(debug, ' FindLib(%s)' % lib) +dbg(debug, f" FindLib({lib})") for ldpath in ldpaths: path = os.path.join(ldpath, lib) target = readlink(path, root, prefixed=True) if path != target: -dbg(debug, 'checking: %s -> %s' % (path, target)) +dbg(debug, "checking:", path, "->", target) else: dbg(debug, 'checking:', path) @@ -374,7 +374,7 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False): if CompatibleELFs(elf, libelf): return (target, path) except exceptions.ELFError as e: -warn('%s: %s' % (target, e)) +warn(f"{target}: {e}") return (None, None) @@ -429,7 +429,7 @@ def ParseELF(path, root='/', cwd=None, prefix='', 'libs': _all_libs, } -dbg(debug, 'ParseELF(%s)' % path) +dbg(debug, f"ParseELF({path})") with open(path, 'rb') as f: try: @@ -527,7 +527,7 @@ def ParseELF(path, root='/', cwd=None, prefix='', lret = ParseELF(realpath, root, cwd, prefix, ldpaths, display=fullpath, debug=debug, _first=False, _all_libs=_all_libs) except exceptions.ELFError as e: -warn('%s: %s' % (realpath, e)) +warn(f"{realpath}: {e}") _all_libs[lib]['needed'] = lret['needed'] del elf @@ -549,13 +549,14 @@ def _ActionShow(options, elf): if options.list: print(fullpath or lib) else: -print('%s%s => %s' % ('' * depth, lib, fullpath)) +indent = "" * depth +print(f"{indent}{lib}", "=>", fullpath) new_libs = [] for lib in elf['libs'][lib]['needed']: if lib in chain_libs: if not options.list: -print('%s%s => !!! circular loop !!!' % ('' * depth, lib)) +print(f"{indent}{lib} => !!! circular loop !!!") continue if options.all or not lib in shown_libs: shown_libs.add(lib) @@ -584,7 +585,7 @@ def _ActionShow(options, elf): if not interp is None: print(interp) else: -print('%s (interpreter => %s)' % (elf['path'], interp)) +print(elf["path"], f"(interpreter => {interp})") for lib in new_libs: _show(lib, 1) @@ -627,7 +628,7 @@ def _ActionCopy(options, elf): raise if options.verbose: -print('%s -> %s' % (src, dst)) +print(src, "->",
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 30d1f02c1482ea5371ee4e0a36276ae03b186208 Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 28 07:40:48 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 28 07:42:17 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=30d1f02c pylint: reformat with black Also drop a few Python 2 specific things. Signed-off-by: Mike Frysinger gentoo.org> pylint | 19 --- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/pylint b/pylint index 38d77a2..463dc03 100755 --- a/pylint +++ b/pylint @@ -1,12 +1,9 @@ #!/usr/bin/env python -# -*- coding: utf-8 -*- # Copyright 1999-2020 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 """Run pylint with the right settings.""" -from __future__ import print_function - import os import sys @@ -17,10 +14,10 @@ def find_all_modules(source_root): for root, _dirs, files in os.walk(source_root, topdown=False): # Add all of the .py modules in the tree. -ret += [os.path.join(root, x) for x in files if x.endswith('.py')] +ret += [os.path.join(root, x) for x in files if x.endswith(".py")] # Add the main scripts that don't end in .py. -ret += [os.path.join(source_root, x) for x in ('pylint',)] +ret += [os.path.join(source_root, x) for x in ("pylint",)] return ret @@ -33,17 +30,17 @@ def main(argv): argv = find_all_modules(source_root) pympath = source_root -pythonpath = os.environ.get('PYTHONPATH') +pythonpath = os.environ.get("PYTHONPATH") if pythonpath is None: pythonpath = pympath else: -pythonpath = pympath + ':' + pythonpath -os.environ['PYTHONPATH'] = pythonpath +pythonpath = pympath + ":" + pythonpath +os.environ["PYTHONPATH"] = pythonpath -pylintrc = os.path.join(source_root, '.pylintrc') -cmd = ['pylint', '--rcfile', pylintrc] +pylintrc = os.path.join(source_root, ".pylintrc") +cmd = ["pylint", "--rcfile", pylintrc] os.execvp(cmd[0], cmd + argv) -if __name__ == '__main__': +if __name__ == "__main__": sys.exit(main(sys.argv[1:]))
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b74963dd2346fb526382635b7d6317653417256a Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 28 06:57:56 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 28 07:42:17 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b74963dd lddtree: simplify join logic No need to create a list to past to join when we can pass a generator. Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lddtree.py b/lddtree.py index 6939bb6..85dd91f 100755 --- a/lddtree.py +++ b/lddtree.py @@ -167,8 +167,9 @@ def GenerateLdsoWrapper( replacements = { 'interp': os.path.join(os.path.relpath(interp_dir, basedir), interp_name), -'libpaths': ':'.join(['${basedir}/' + os.path.relpath(p, basedir) - for p in libpaths]), +"libpaths": ":".join( +"${basedir}/" + os.path.relpath(p, basedir) for p in libpaths +), 'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(root + interp) else '', } wrapper = """#!/bin/sh
[gentoo-commits] proj/pax-utils:master commit in: /
commit: bbb4e5d73ee1f3df12a1cd467beca3a476c5f054 Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 28 07:03:11 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 28 07:42:17 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=bbb4e5d7 lddtree: avoid shadowing function args pylint warns about redefining |lib| here, and it's right -- the code is a little hard to follow because of it. So give it a diff name. Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lddtree.py b/lddtree.py index 85dd91f..d894505 100755 --- a/lddtree.py +++ b/lddtree.py @@ -589,17 +589,17 @@ def _ActionShow(options: argparse.Namespace, elf: dict): print(f"{indent}{lib}", "=>", fullpath) new_libs = [] -for lib in elf['libs'][lib]['needed']: -if lib in chain_libs: +for nlib in elf["libs"][lib]["needed"]: +if nlib in chain_libs: if not options.list: -print(f"{indent}{lib} => !!! circular loop !!!") +print(f"{indent}{nlib} => !!! circular loop !!!") continue -if options.all or not lib in shown_libs: -shown_libs.add(lib) -new_libs.append(lib) +if options.all or not nlib in shown_libs: +shown_libs.add(nlib) +new_libs.append(nlib) -for lib in new_libs: -_show(lib, depth + 1) +for nlib in new_libs: +_show(nlib, depth + 1) chain_libs.pop() shown_libs = set(elf['needed'])
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 413a60a31daafe60a539fc113dafb1760abb1d20 Author: Manoj Gupta chromium org> AuthorDate: Mon Nov 1 18:23:22 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 28 07:42:14 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=413a60a3 lddtree: Add logging for ELFParseError Add logging inside parseELF to print the bad file if the parser fails with ELFParseError. Bug: https://issuetracker.google.com/issues/203821449 Signed-off-by: Manoj Gupta chromium.org> Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index 3c9d66f..349bace 100755 --- a/lddtree.py +++ b/lddtree.py @@ -432,7 +432,11 @@ def ParseELF(path, root='/', cwd=None, prefix='', dbg(debug, 'ParseELF(%s)' % path) with open(path, 'rb') as f: -elf = ELFFile(f) +try: +elf = ELFFile(f) +except exceptions.ELFParseError: +warn("ELFParser failed to parse", path) +raise # If this is the first ELF, extract the interpreter. if _first:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: a94b2f664714a33eeeb492efe87525fa9947a644 Author: Mike Frysinger gentoo org> AuthorDate: Wed Sep 21 08:28:55 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 21 08:28:55 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a94b2f66 lddtree: specify utf-8 encoding with text files Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lddtree.py b/lddtree.py index 1f66b4d..3c9d66f 100755 --- a/lddtree.py +++ b/lddtree.py @@ -184,7 +184,7 @@ exec \\ """ wrappath = root + path os.rename(wrappath, wrappath + '.elf') -with open(wrappath, 'w') as f: +with open(wrappath, 'w', encoding='utf-8') as f: f.write(wrapper % replacements) os.chmod(wrappath, 0o0755) @@ -251,7 +251,7 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True): dbg_pfx = '' if _first else ' ' try: dbg(debug, '%sParseLdSoConf(%s)' % (dbg_pfx, ldso_conf)) -with open(ldso_conf) as f: +with open(ldso_conf, encoding='utf-8') as f: for line in f.readlines(): line = line.split('#', 1)[0].strip() if not line:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: e165b0bc20911f4727a9a736560ee321fe0c1712 Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 21 08:26:01 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 21 08:26:22 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e165b0bc lddtree: sort imports Should be no functional change. Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lddtree.py b/lddtree.py index 7cb4348..1f66b4d 100755 --- a/lddtree.py +++ b/lddtree.py @@ -41,9 +41,9 @@ they need will be placed into /foo/lib/ only. """ import argparse +import errno import functools import glob -import errno import mmap import os import shutil @@ -56,8 +56,8 @@ try: except ImportError: argcomplete = None -from elftools.elf.elffile import ELFFile from elftools.common import exceptions +from elftools.elf.elffile import ELFFile def warn(msg, prefix='warning'):
[gentoo-commits] proj/pax-utils:master commit in: /
commit: ec9220bb190671152703a837da56148d42f1ff8d Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 21 08:19:18 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 21 08:21:04 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ec9220bb lddtree: update CrOS copyright line Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index 3afcfac..7cb4348 100755 --- a/lddtree.py +++ b/lddtree.py @@ -2,7 +2,7 @@ # PYTHON_ARGCOMPLETE_OK # Copyright 2012-2014 Gentoo Foundation # Copyright 2012-2014 Mike Frysinger -# Copyright 2012-2014 The Chromium OS Authors +# Copyright 2012-2014 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license (BSD-3) """Read the ELF dependency tree and show it
[gentoo-commits] proj/pax-utils:master commit in: man/
commit: 2d981305b117b669c60bede076557c2d765cf198 Author: Mike Gilbert gentoo org> AuthorDate: Thu Sep 8 00:13:00 2022 + Commit: Mike Gilbert gentoo org> CommitDate: Thu Sep 8 00:17:00 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2d981305 man: reorder xmlto arguments Bug: https://bugs.gentoo.org/869110 Thanks-to: Fabian Groffen gentoo.org> Signed-off-by: Mike Gilbert gentoo.org> man/meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/meson.build b/man/meson.build index fc8d183..2e346ec 100644 --- a/man/meson.build +++ b/man/meson.build @@ -25,8 +25,8 @@ endforeach custom_target('docbook_to_man', command : [ -xmlto, 'man', '-x', files('custom.xsl'), '--skip-validation', book, -'-o', meson.current_build_dir() +xmlto, '-x', files('custom.xsl'), '--skip-validation', +'-o', meson.current_build_dir(), 'man', book ], input : [ 'pax-utils.docbook.in', 'custom.xsl', 'fragment/reftail',
[gentoo-commits] proj/pax-utils:master commit in: /
commit: df2f3b5ba0d52dc4e27a832de4b8f468b029e357 Author: Sam James gentoo org> AuthorDate: Sun Jul 31 04:52:25 2022 + Commit: Sam James gentoo org> CommitDate: Sun Jul 31 04:56:14 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=df2f3b5b meson.build: prepare for 1.3.5 Signed-off-by: Sam James gentoo.org> meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 6a5dd66..0ee2630 100644 --- a/meson.build +++ b/meson.build @@ -1,5 +1,5 @@ project('pax-utils', 'c', - version : '1.3.5-pre', + version : '1.3.5', license : 'GPL-2.0-only', default_options : [ 'warning_level=2',
[gentoo-commits] proj/pax-utils:master commit in: /
commit: bac6818bd82acea720a0a961c62321982ec381e7 Author: Arsen Arsenović aarsen me> AuthorDate: Sat Jun 25 17:04:50 2022 + Commit: Sam James gentoo org> CommitDate: Tue Jul 12 06:33:20 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=bac6818b security.h: suppress unused argument warning on allow_forking Signed-off-by: Arsen Arsenović aarsen.me> Signed-off-by: Sam James gentoo.org> security.c | 1 + security.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/security.c b/security.c index 4fecfa3..19bf78f 100644 --- a/security.c +++ b/security.c @@ -94,6 +94,7 @@ void security_init_pid(void) void security_init(bool allow_forking) { + (void) allow_forking; int flags; if (!ALLOW_PIDNS) diff --git a/security.h b/security.h index c93ec3e..65e1ad5 100644 --- a/security.h +++ b/security.h @@ -22,7 +22,7 @@ void security_init(bool allow_forking); /* Disable forking; usable only when allow_forking above was true. */ void security_init_pid(void); #else -static inline void security_init(bool allow_forking) {} +static inline void security_init(bool allow_forking) { (void) allow_forking; } static inline void security_init_pid(void) {} #endif
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/, /
commit: e41af8d4c5cc22a5dd824e3ffe84000e9aef3480 Author: Arsen Arsenović aarsen me> AuthorDate: Tue Jun 28 08:38:45 2022 + Commit: Sam James gentoo org> CommitDate: Tue Jul 12 06:33:20 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e41af8d4 gha: add muon to Linux test matrix Signed-off-by: Arsen Arsenović aarsen.me> Closes: https://github.com/gentoo/pax-utils/pull/7 Signed-off-by: Sam James gentoo.org> .github/workflows/build-test-ci.yml | 38 - meson_options.txt | 6 +++--- 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 04d6fc5..e2b7e0e 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -17,26 +17,46 @@ jobs: matrix: os: [ubuntu-latest] cc: [gcc, clang] +bb: [meson, muon] + fail-fast: false runs-on: ${{ matrix.os }} env: CC: ${{ matrix.cc }} + BB: ${{ matrix.bb }} steps: - name: Install dependencies run: | sudo apt-get update sudo apt-get install -y python3-pyelftools python3-pip \ -libcap-dev libseccomp-dev ninja-build -sudo pip3 install meson +libcap-dev libseccomp-dev ninja-build \ +pkg-config +case "$BB" in + meson) +sudo pip3 install meson +;; + muon) +wget https://muon.build/releases/muon-amd64-linux-static -O muon +chmod +x muon +sudo install -Dm755 muon /usr/local/bin/muon +;; +esac - uses: actions/checkout@v2 - run: | -meson -Duse_libcap=enabled \ - -Duse_seccomp=true \ - -Dbuild_manpages=disabled \ - -Dtests=true \ - -Duse_fuzzing=true \ - build +export PKG_CONFIG_PATH="/usr/lib/$(uname -m)-linux-gnu/pkgconfig/" +case "$BB" in + muon) +alias ninja="muon samu" +;; +esac + +"$BB" setup -Duse_libcap=enabled \ +-Duse_seccomp=true \ +-Dbuild_manpages=disabled \ +-Dtests=true \ +-Duse_fuzzing=true \ +build ninja -C build -ninja -C build test +( cd build && "$BB" test; ) build-macos: strategy: diff --git a/meson_options.txt b/meson_options.txt index c96865d..04b51fe 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -4,14 +4,14 @@ option('lddtree_implementation', type : 'combo', option('use_libcap', type : 'feature', value : 'auto', description : 'Enable listing capabilities in pspax output (requires libcap)' ) -option('use_seccomp', type : 'boolean', value : 'true', +option('use_seccomp', type : 'boolean', value : true, description : 'Enable seccomp filters at runtime (does *not* require libseccomp, but does require kernel support)' ) option('build_manpages', type : 'feature', value : 'auto', description : 'Build manuals via DocBook (requires xmlto)') -option('tests', type : 'boolean', value : 'true' +option('tests', type : 'boolean', value : true, description : 'Enable testing (not guaranteed to work)' ) -option('use_fuzzing', type : 'boolean', value : 'true', +option('use_fuzzing', type : 'boolean', value : true, description : 'Also build LibFuzzer fuzzers as tests' )
[gentoo-commits] proj/pax-utils:master commit in: tests/source/, /
commit: 7b95b1831d71396150c5cb10d4edf899e135d068 Author: Arsen Arsenović aarsen me> AuthorDate: Fri Jun 24 14:03:46 2022 + Commit: Sam James gentoo org> CommitDate: Tue Jul 12 06:33:20 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=7b95b183 Probe the target system for needed headers This prevents new or unconventional systems requiring upstream changes, though, this is not perfect, as it doesn't address some of the other defines related to OSes the preprocessor does (namely, wrt the ldso cache handling). I didn't touch these yet as I took a more conservative approach of (probably) not changing what happens at runtime. Signed-off-by: Arsen Arsenović aarsen.me> Signed-off-by: Sam James gentoo.org> porting.h | 25 +++-- tests/source/dotest | 2 +- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/porting.h b/porting.h index 8e5542d..0d43a92 100644 --- a/porting.h +++ b/porting.h @@ -11,9 +11,7 @@ #ifndef _PORTING_H #define _PORTING_H -#ifdef HAVE_CONFIG_H -# include "config.h" -#endif +#include "probes.h" #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof(*arr)) @@ -41,36 +39,36 @@ #include #include #include "elf.h" -#if !defined(__FreeBSD__) && !defined(__NetBSD__) && !defined(__OpenBSD__) +#if HAS_ALLOCA_H # include #endif -#if defined(__linux__) +#if HAS_SYS_PRCTL_H # include -# if !defined(HAVE_CONFIG_H) || defined(HAVE_LINUX_SECCOMP_H) +# if HAS_LINUX_SECCOMP_H # include # endif -# if !defined(HAVE_CONFIG_H) || defined(HAVE_LINUX_SECUREBITS_H) +# if HAS_LINUX_SECUREBITS_H # include # endif #endif -#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__ANDROID__) +#if HAS_ENDIAN_H && HAS_BYTESWAP_H # include # include -#elif defined(__FreeBSD__) +#elif HAS_SYS_ENDIAN_H # include -#elif defined(__sun__) +#elif HAS_ISA_DEFS_H # include -#elif defined(__MACH__) +#elif HAS_MACHINE_ENDIAN_H # include #endif -#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__) +#ifdef HAS_GLOB_H # include #endif #if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__) # define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG "/etc/ld.so.conf" -#elif defined(__FreeBSD__) || defined(__DragonFly__) +#elif HAS_ELF_HINTS_H # include # define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG _PATH_ELF_HINTS #else @@ -168,7 +166,6 @@ # define __PAX_UTILS_PATH_MAX PATH_MAX #endif -/* fall back case for non-Linux hosts ... so lame */ #if !defined(ELF_DATA) # if defined(BYTE_ORDER) # if BYTE_ORDER == LITTLE_ENDIAN diff --git a/tests/source/dotest b/tests/source/dotest index c97e8cb..cc278a5 100755 --- a/tests/source/dotest +++ b/tests/source/dotest @@ -5,7 +5,7 @@ findfiles() { find "${top_srcdir}" \ '(' -type d -a '(' -name .git -o -name autotools ')' -prune ')' \ - -o '(' '(' -name '*.[ch]' -a ! -name 'config.h' ')' -print0 ')' + -o '(' '(' -name '*.[ch]' -a ! -name 'probes.h' ')' -print0 ')' } #
[gentoo-commits] proj/pax-utils:master commit in: tests/lddtree/, tests/scanelf/, man/, tests/, tests/source/, /, ...
commit: 063fcaeaa05074a9d90acec2f68b25dfb8ecd279 Author: Arsen Arsenović aarsen me> AuthorDate: Fri Jun 24 08:19:20 2022 + Commit: Sam James gentoo org> CommitDate: Tue Jul 12 06:33:20 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=063fcaea Convert build system to meson Some notes about the new build systems: - I don't fully understand the testing system, but I think I understood it well enough to implement an equivalent one. - use_seccomp could be replaced by detecting seccomp support at runtime (without support, Linux returns -EINVAL in include/linux/seccomp.h) - The fuzzing test is broken and seems to have been for a while (see commit 67f3ba64c91b5e1ac9fbbd0bc039fb8ca653cae1, it fails to fuzz on my machine) - make-tarball.sh has been replaced with meson dist - hopefully this works. meson dist should also call seccomp-bpf.c to update seccomp-bpf.h Signed-off-by: Arsen Arsenović aarsen.me> Signed-off-by: Sam James gentoo.org> .depend | 18 -- .github/workflows/build-test-ci.yml | 74 +++- Makefile| 224 Makefile.am | 114 autogen.sh | 94 -- configure.ac| 72 make-seccomp-filters.sh | 13 ++ make-tarball.sh | 91 -- man/Makefile| 13 -- man/custom.xsl | 3 +- man/fragment/date | 0 man/fragment/version| 1 - man/meson.build | 37 man/{pax-utils.docbook => pax-utils.docbook.in} | 15 +- meson.build | 169 ++ meson_options.txt | 9 + paxinc.h| 3 + tests/Makefile | 10 -- tests/lddtree/Makefile | 13 -- tests/lddtree/meson.build | 10 ++ tests/lib.sh| 13 +- tests/scanelf/Makefile | 8 - tests/scanelf/dotest| 6 +- tests/scanelf/meson.build | 8 + tests/source/Makefile | 8 - tests/source/dotest | 29 --- tests/source/meson.build| 8 + version.h.in| 1 + 28 files changed, 295 insertions(+), 769 deletions(-) diff --git a/.depend b/.depend deleted file mode 100644 index aab4f89..000 --- a/.depend +++ /dev/null @@ -1,18 +0,0 @@ -paxelf.o: paxelf.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \ - macho.h paxmacho.h -paxmacho.o: paxmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \ - paxelf.h macho.h paxmacho.h -paxinc.o: paxinc.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \ - macho.h paxmacho.h -security.o: security.c paxinc.h porting.h elf.h xfuncs.h security.h \ - paxelf.h macho.h paxmacho.h seccomp-bpf.h -xfuncs.o: xfuncs.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \ - macho.h paxmacho.h -scanelf.o: scanelf.c paxinc.h porting.h elf.h xfuncs.h security.h \ - paxelf.h macho.h paxmacho.h -dumpelf.o: dumpelf.c paxinc.h porting.h elf.h xfuncs.h security.h \ - paxelf.h macho.h paxmacho.h -pspax.o: pspax.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \ - macho.h paxmacho.h -scanmacho.o: scanmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \ - paxelf.h macho.h paxmacho.h diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 1b69cc6..04d6fc5 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -22,39 +22,23 @@ jobs: CC: ${{ matrix.cc }} steps: - name: Install dependencies - run: sudo apt-get update && sudo apt-get install -y python3-pyelftools + run: | +sudo apt-get update +sudo apt-get install -y python3-pyelftools python3-pip \ +libcap-dev libseccomp-dev ninja-build +sudo pip3 install meson - uses: actions/checkout@v2 -# Hack up the man pages as installing xmlto is very expensive. -# We'll test this in the autotools builder instead. -- name: Hack man pages - run: echo man/*.docbook | sed s:docbook:1:g | xargs touch -- run: make -- run: make check -- run: make install DESTDIR="${PWD}/root/" -- run: make debug -- run: make check - - autotools-distcheck-linux: -strategy: - matrix: -os: [ubuntu-latest] -cc: [gcc, clang] -runs-on: ${{ matrix.os }} -env: - CC: ${{ matrix.cc }} -steps: -- name: Install dependencies -
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 01b19ca9629c02d46af23f97c4afe4903c8b201a Author: Arsen Arsenović aarsen me> AuthorDate: Sat Jun 25 17:15:00 2022 + Commit: Sam James gentoo org> CommitDate: Tue Jul 12 06:33:20 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=01b19ca9 Improve build-related documentation Signed-off-by: Arsen Arsenović aarsen.me> Signed-off-by: Sam James gentoo.org> README.md | 13 +++-- meson_options.txt | 18 +- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 49277e0..539f3cc 100644 --- a/README.md +++ b/README.md @@ -18,16 +18,9 @@ Originally focused only on [PaX](https://pax.grsecurity.net/), it has been expanded to be generally security focused. It still has a good number of PaX helpers for people interested in that. -## Building - -Just run `make`. This should work on any recent POSIX compliant system. - -Note: To rebuild the man-pages, you will need xmlto and the docbook-xml-dtd - packages installed on your system. - -## Installation - -`make install` +## Building and installing +pax-utils uses a bog-standard meson-based build system. See `meson_options.txt` +for configuration options. You don't need PaX to use the pax-utils. Infact the only thing they really have in common is that pax-utils was initially written to aid in diff --git a/meson_options.txt b/meson_options.txt index 62adc35..c96865d 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -1,9 +1,17 @@ -option('lddtree_implementation', type : 'combo', choices : ['python', 'sh', 'none'], value : 'python') -option('use_libcap', type : 'feature', value : 'auto') +option('lddtree_implementation', type : 'combo', + choices : ['python', 'sh', 'none'], value : 'python', + description : 'Which lddtree implementation to install?') +option('use_libcap', type : 'feature', value : 'auto', + description : 'Enable listing capabilities in pspax output (requires libcap)' +) option('use_seccomp', type : 'boolean', value : 'true', - description : 'Enable seccomp filters at runtime (does *not* require libseccomp)' + description : 'Enable seccomp filters at runtime (does *not* require libseccomp, but does require kernel support)' ) option('build_manpages', type : 'feature', value : 'auto', description : 'Build manuals via DocBook (requires xmlto)') -option('tests', type : 'boolean', value : 'true') -option('use_fuzzing', type : 'boolean', description : 'Also build LibFuzzer fuzzers', value : 'true') +option('tests', type : 'boolean', value : 'true' + description : 'Enable testing (not guaranteed to work)' +) +option('use_fuzzing', type : 'boolean', value : 'true', + description : 'Also build LibFuzzer fuzzers as tests' +)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d9f65269d7182ef1d313e3b87bcea37e45958561 Author: WANG Xuerui gentoo org> AuthorDate: Sun Apr 24 18:41:55 2022 + Commit: WANG Xuerui gentoo org> CommitDate: Mon Apr 25 01:19:39 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d9f65269 seccomp: allow madvise() call (glibc 2.35+) Closes: https://bugs.gentoo.org/836735 Reviewed-by: Sam James gentoo.org> Signed-off-by: WANG Xuerui gentoo.org> seccomp-bpf.c | 3 +++ seccomp-bpf.h | 76 +-- 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/seccomp-bpf.c b/seccomp-bpf.c index 6a095a4..1d64172 100644 --- a/seccomp-bpf.c +++ b/seccomp-bpf.c @@ -193,6 +193,9 @@ int main(void) /* glibc-2.34+ uses it as part of mem alloc functions. */ SCMP_SYS(getrandom), + + /* glibc-2.35+ uses it when GLIBC_TUNABLES=glibc.malloc.hugetlb=1. */ + SCMP_SYS(madvise), }; static const int fork_syscalls[] = { SCMP_SYS(clone), diff --git a/seccomp-bpf.h b/seccomp-bpf.h index 9c5e2de..80d6d94 100644 --- a/seccomp-bpf.h +++ b/seccomp-bpf.h @@ -8,10 +8,10 @@ /* AARCH64 */ #define SECCOMP_BPF_AVAILABLE static const unsigned char seccomp_bpf_blks_base[] = { - 32,0,0,0,4,0,0,0,21,0,0,44,183,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0, + 32,0,0,0,4,0,0,0,21,0,0,45,183,0,0,192,32,0,0,0,0,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0, }; static const unsigned char seccomp_bpf_blks_fork[] = { - 32,0,0,0,4,0,0,0,21,0,0,51,183,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,95,0,0,0,21,0,47,0,4,1,0,0,21,0,46,0,97,0,0,0,21,0,45,0,135,0,0,0,21,0,44,0,134,0,0,0,21,0,43,0,221,0,0,0,21,0,42,0,220,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0 ,0,0,0,0,255,127,6,0,0,0,0,0,0,0, +
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: d669505668a9a5ea550841249582589c787f6d38 Author: WANG Xuerui gentoo org> AuthorDate: Thu Mar 24 15:33:26 2022 + Commit: Sam James gentoo org> CommitDate: Thu Mar 24 15:42:29 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d6695056 GH: apt-get update before installing deps Signed-off-by: WANG Xuerui gentoo.org> Closes: https://github.com/gentoo/pax-utils/pull/6 Signed-off-by: Sam James gentoo.org> .github/workflows/build-test-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index e23f0a3..1b69cc6 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -22,7 +22,7 @@ jobs: CC: ${{ matrix.cc }} steps: - name: Install dependencies - run: sudo apt-get install -y python3-pyelftools + run: sudo apt-get update && sudo apt-get install -y python3-pyelftools - uses: actions/checkout@v2 # Hack up the man pages as installing xmlto is very expensive. # We'll test this in the autotools builder instead. @@ -44,7 +44,7 @@ jobs: CC: ${{ matrix.cc }} steps: - name: Install dependencies - run: sudo apt-get install -y python3-pyelftools xmlto + run: sudo apt-get update && sudo apt-get install -y python3-pyelftools xmlto - name: Checkout gnulib uses: actions/checkout@v2 with:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 8ae4575392cef94c1e66197c5c35e7a194f3eb93 Author: WANG Xuerui gentoo org> AuthorDate: Mon Dec 20 08:14:56 2021 + Commit: Sam James gentoo org> CommitDate: Thu Mar 24 15:42:27 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8ae45753 paxelf: add LoongArch to recognized ELF machine types Signed-off-by: WANG Xuerui gentoo.org> Signed-off-by: Sam James gentoo.org> elf.h| 3 ++- paxelf.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/elf.h b/elf.h index 51962c9..e6c8b20 100644 --- a/elf.h +++ b/elf.h @@ -268,7 +268,8 @@ typedef struct #define EM_MICROBLAZE 189 /* Xilinx MicroBlaze */ #define EM_TILEGX 191 /* Tilera TILE-Gx */ #define EM_RISCV 243 /* RISC-V */ -#define EM_NUM 244 +#define EM_LOONGARCH 258 /* LoongArch */ +#define EM_NUM 259 /* If it is necessary to assign new unofficial EM_* values, please pick large random numbers (0x8523, 0xa7f2, etc.) to minimize the diff --git a/paxelf.c b/paxelf.c index bbd38bf..331f1b4 100644 --- a/paxelf.c +++ b/paxelf.c @@ -277,6 +277,7 @@ static pairtype elf_emtypes[] = { QUERY(EM_TILEGX), QUERY(EM_ALPHA), QUERY(EM_RISCV), + QUERY(EM_LOONGARCH), { 0, 0 } };
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 6ba123b5046d9310e0e23050d736e696d2c30b98 Author: Jae Hoon Kim chromium org> AuthorDate: Tue Mar 8 07:20:42 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Mar 9 08:01:25 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6ba123b5 lddtree: add --skip-missing Allow explicitly ignoring missing files. $ lddtree --root=/build/$BOARD --copy-to-tree=. --copy-non-elfs /sbin/lvm /sbin/lvmdump lddtree: warning: /build/brya/sbin/lvm: did not match any paths $ echo $? 1 lddtree --root=/build/$BOARD --copy-to-tree=. --copy-non-elfs --skip-missing /sbin/lvm /sbin/lvmdump lddtree: warning: /build/brya/sbin/lvm: did not match any paths $ echo $? 0 Signed-off-by: Jae Hoon Kim chromium.org> Signed-off-by: Mike Frysinger chromiium.org> lddtree.py | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index ef8a9b2..3afcfac 100755 --- a/lddtree.py +++ b/lddtree.py @@ -702,6 +702,9 @@ def GetParser(): parser.add_argument('--skip-non-elfs', action='store_true', default=False, help='Skip plain (non-ELF) files instead of warning') +parser.add_argument('--skip-missing', +action='store_true', default=False, +help='Skip missing files instead of failing') parser.add_argument('-V', '--version', action='version', version='lddtree by Mike Frysinger ', @@ -844,7 +847,8 @@ def main(argv): _ActionCopy(options, elf) if not matched: -ret = 1 +if not options.skip_missing: +ret = 1 warn('%s: did not match any paths' % (path,)) return ret
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 62cae785a39a8625de789928dbc99c851438 Author: Fabian Groffen gentoo org> AuthorDate: Mon Feb 7 07:18:31 2022 + Commit: Fabian Groffen gentoo org> CommitDate: Mon Feb 7 07:18:31 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=62cae785 README: attempt to fix github build status badge Signed-off-by: Fabian Groffen gentoo.org> README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 35d25db..49277e0 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ | HOMEPAGE | https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities | | GIT | git clone git://anongit.gentoo.org/proj/pax-utils.git | | VIEWVCS | https://gitweb.gentoo.org/proj/pax-utils.git/ | -| STATUS | [![Build Status](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci/badge.svg) [![Coverity Status](https://scan.coverity.com/projects/9213/badge.svg)](https://scan.coverity.com/projects/gentoo-pax-utils) | +| STATUS | [![Build Status](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml/badge.svg)](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml) [![Coverity Status](https://scan.coverity.com/projects/9213/badge.svg)](https://scan.coverity.com/projects/gentoo-pax-utils) | pax-utils is a small set of utilities for peforming Q/A (mostly security) checks on systems (most notably, `scanelf`). It is focused on the ELF
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 47f5c9ddd4d2123babeab152a143a0f28e4b7a99 Author: Mike Frysinger gentoo org> AuthorDate: Sun Feb 6 01:26:30 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Feb 6 01:26:30 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=47f5c9dd GH: simplify coverity GH action Newer version has better defaults. Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/coverity.yml | 11 ++- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index f8ae34b..7e729c4 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -10,17 +10,10 @@ on: jobs: coverity: -strategy: - matrix: -os: [ubuntu-latest] -cc: [gcc] -runs-on: ${{ matrix.os }} -env: - CC: ${{ matrix.cc }} +runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 -- uses: vapier/coverity-scan-action@v0 +- uses: vapier/coverity-scan-action@v1 with: -project: gentoo%2Fpax-utils email: vap...@gentoo.org token: ${{ secrets.COVERITY_SCAN_TOKEN }}
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 0ffdf618844966c177825e7d1b523808582b322c Author: Frederic Cambus statdns com> AuthorDate: Sat Jan 22 22:03:30 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Jan 23 02:42:39 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0ffdf618 porting: don't include alloca.h on NetBSD Signed-off-by: Mike Frysinger gentoo.org> porting.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/porting.h b/porting.h index f1bd74f..8e5542d 100644 --- a/porting.h +++ b/porting.h @@ -41,7 +41,7 @@ #include #include #include "elf.h" -#if !defined(__FreeBSD__) && !defined(__OpenBSD__) +#if !defined(__FreeBSD__) && !defined(__NetBSD__) && !defined(__OpenBSD__) # include #endif #if defined(__linux__)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d0470cd0513f8b28d496a1d04c28951061c86781 Author: Sam James gentoo org> AuthorDate: Fri Dec 24 01:44:19 2021 + Commit: Sam James gentoo org> CommitDate: Fri Dec 24 01:45:17 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d0470cd0 README.md: restore original author (solar@) I should've properly listed this before rather than just dropping him rather unceremoniously without thinking. Fixes: c31c7fef7febeb4606d5b0cd22006c4dc7c11b06 Signed-off-by: Sam James gentoo.org> README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7696374..35d25db 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ If you include pax-utils in your distro, feel free to send an update for this. * https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities * https://gitweb.gentoo.org/proj/pax-utils.git/ * Maintainer: Mike Frysinger , Toolchain Project + * Original author: Ned Ludd # openSUSE * https://build.opensuse.org/package/show?package=pax-utils=openSUSE%3AFactory
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 1f79c681bbaab91133ee9343690ee563099d0bf0 Author: Mike Frysinger gentoo org> AuthorDate: Fri Dec 17 05:19:28 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Dec 17 05:19:28 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1f79c681 lddtree: add argcomplete support if available Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 8 1 file changed, 8 insertions(+) diff --git a/lddtree.py b/lddtree.py index dd17387..ef8a9b2 100755 --- a/lddtree.py +++ b/lddtree.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# PYTHON_ARGCOMPLETE_OK # Copyright 2012-2014 Gentoo Foundation # Copyright 2012-2014 Mike Frysinger # Copyright 2012-2014 The Chromium OS Authors @@ -50,6 +51,11 @@ import sys assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found {sys.version}' +try: +import argcomplete +except ImportError: +argcomplete = None + from elftools.elf.elffile import ELFFile from elftools.common import exceptions @@ -739,6 +745,8 @@ def GetParser(): action='store_true', default=False, help='Copy over plain (non-ELF) files instead of warn+ignore') +if argcomplete is not None: +argcomplete.autocomplete(parser) return parser
[gentoo-commits] proj/pax-utils:master commit in: /
commit: acc9835d8c96451f88b65822f1f6b5b4f27594e0 Author: Mike Frysinger gentoo org> AuthorDate: Sun Oct 17 02:45:44 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Oct 17 02:45:44 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=acc9835d seccomp: mark arrays const+static This generates better code, although it doesn't super matter since this is only used at build time. Signed-off-by: Mike Frysinger gentoo.org> seccomp-bpf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/seccomp-bpf.c b/seccomp-bpf.c index 5279d20..6a095a4 100644 --- a/seccomp-bpf.c +++ b/seccomp-bpf.c @@ -49,7 +49,7 @@ static const struct { }; /* Simple helper to add all of the syscalls in an array. */ -static int gen_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num) +static int gen_seccomp_rules_add(scmp_filter_ctx ctx, const int syscalls[], size_t num) { static uint8_t prio; size_t i; @@ -102,7 +102,7 @@ static void gen_seccomp_program(const char *name) int main(void) { /* Order determines priority (first == lowest prio). */ - int base_syscalls[] = { + static const int base_syscalls[] = { /* We write the most w/scanelf. */ SCMP_SYS(write), SCMP_SYS(writev), @@ -194,7 +194,7 @@ int main(void) /* glibc-2.34+ uses it as part of mem alloc functions. */ SCMP_SYS(getrandom), }; - int fork_syscalls[] = { + static const int fork_syscalls[] = { SCMP_SYS(clone), SCMP_SYS(execve), SCMP_SYS(fork),
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 5480aa80862539562d282742b6fb759aff973df9 Author: Mike Frysinger gentoo org> AuthorDate: Tue Oct 5 03:42:24 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Oct 5 03:43:57 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5480aa80 switch back to my action name Still trying to figure out how custom actions work. Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/coverity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index cc8ff70..f8ae34b 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -19,7 +19,7 @@ jobs: CC: ${{ matrix.cc }} steps: - uses: actions/checkout@v2 -- uses: actions/unofficial-coverity-scan@v0 +- uses: vapier/coverity-scan-action@v0 with: project: gentoo%2Fpax-utils email: vap...@gentoo.org
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: e46bcca15af0b41a59dbd4be3506fd3a6c68edfb Author: Mike Frysinger gentoo org> AuthorDate: Tue Oct 5 03:33:02 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Oct 5 03:33:02 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e46bcca1 switch to published action name Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/coverity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index f8ae34b..cc8ff70 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -19,7 +19,7 @@ jobs: CC: ${{ matrix.cc }} steps: - uses: actions/checkout@v2 -- uses: vapier/coverity-scan-action@v0 +- uses: actions/unofficial-coverity-scan@v0 with: project: gentoo%2Fpax-utils email: vap...@gentoo.org
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 6e4bb601f5b03660a2064b9acb5cbf4965e5189e Author: Mike Frysinger gentoo org> AuthorDate: Tue Oct 5 02:27:23 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Oct 5 03:20:21 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6e4bb601 switch to Coverity Scan GH action Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/coverity.yml | 36 +--- 1 file changed, 5 insertions(+), 31 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 0cdfec2..f8ae34b 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -16,37 +16,11 @@ jobs: cc: [gcc] runs-on: ${{ matrix.os }} env: - COVERITY_EMAIL: vap...@gentoo.org - COVERITY_PROJECT: gentoo%2Fpax-utils CC: ${{ matrix.cc }} steps: - uses: actions/checkout@v2 - -- name: Download Coverity Build Tool - run: | -wget -nv https://scan.coverity.com/download/cxx/linux64 \ - --post-data "token=${TOKEN}=${COVERITY_PROJECT}" \ - -O cov-analysis-linux64.tar.gz -mkdir cov-analysis -tar -xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis - env: -TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} - -- name: Build with cov-build - run: | -export PATH="${PWD}/cov-analysis/bin:${PATH}" -cov-build --dir cov-int make - -- name: Submit the result to Coverity Scan - run: | -tar -czvf cov-int.tgz cov-int -curl \ - --form project="${COVERITY_PROJECT}" \ - --form token="${TOKEN}" \ - --form email="${COVERITY_EMAIL}" \ - --form file=@cov-int.tgz \ - --form version="${GITHUB_SHA}" \ - --form description="pax-utils git" \ - "https://scan.coverity.com/builds?project=${COVERITY_PROJECT}; - env: -TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} +- uses: vapier/coverity-scan-action@v0 + with: +project: gentoo%2Fpax-utils +email: vap...@gentoo.org +token: ${{ secrets.COVERITY_SCAN_TOKEN }}
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 9b9fe5a81bf125690bd4e312b1c6659131b1394a Author: Mike Frysinger gentoo org> AuthorDate: Tue Oct 5 01:04:54 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Oct 5 01:04:54 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9b9fe5a8 build: note that xz -9 is not needed Signed-off-by: Mike Frysinger gentoo.org> make-tarball.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/make-tarball.sh b/make-tarball.sh index 231cb66..8f357b5 100755 --- a/make-tarball.sh +++ b/make-tarball.sh @@ -59,6 +59,7 @@ rm -rf autom4te.cache popd >/dev/null einfo "Generating tarball ..." +# The archive is small enough that -6 & -9 produce the same size. tar cf - "${p}" | xz > "${p}".tar.xz rm -r "${p}"
[gentoo-commits] proj/pax-utils:master commit in: travis/, .github/workflows/, /
commit: 22e3de54dee0d4efa6c3d14753f847677f0e8d98 Author: Mike Frysinger chromium org> AuthorDate: Mon Oct 4 17:31:53 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Oct 4 22:26:21 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=22e3de54 migrate from Travis to GH actions Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/build-test-ci.yml | 85 + .github/workflows/coverity.yml | 52 +++ .travis.yml | 33 -- Makefile| 6 +-- Makefile.am | 1 - README.md | 2 +- autogen.sh | 14 +++--- travis/lib.sh | 38 - travis/main.sh | 75 9 files changed, 147 insertions(+), 159 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml new file mode 100644 index 000..e23f0a3 --- /dev/null +++ b/.github/workflows/build-test-ci.yml @@ -0,0 +1,85 @@ +# GitHub actions workflow. +# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions + +name: Build+Test CI + +on: + push: +branches: [master, gh-actions] +tags: [v*] + pull_request: +types: [opened] +branches: [master] + +jobs: + make: +strategy: + matrix: +os: [ubuntu-latest] +cc: [gcc, clang] +runs-on: ${{ matrix.os }} +env: + CC: ${{ matrix.cc }} +steps: +- name: Install dependencies + run: sudo apt-get install -y python3-pyelftools +- uses: actions/checkout@v2 +# Hack up the man pages as installing xmlto is very expensive. +# We'll test this in the autotools builder instead. +- name: Hack man pages + run: echo man/*.docbook | sed s:docbook:1:g | xargs touch +- run: make +- run: make check +- run: make install DESTDIR="${PWD}/root/" +- run: make debug +- run: make check + + autotools-distcheck-linux: +strategy: + matrix: +os: [ubuntu-latest] +cc: [gcc, clang] +runs-on: ${{ matrix.os }} +env: + CC: ${{ matrix.cc }} +steps: +- name: Install dependencies + run: sudo apt-get install -y python3-pyelftools xmlto +- name: Checkout gnulib + uses: actions/checkout@v2 + with: +repository: coreutils/gnulib +path: gnulib +- run: mv gnulib .. +- uses: actions/checkout@v2 +- run: make distcheck SHELL_TRACE=-x PV=git PATH="${PWD}/../gnulib:${PATH}" + + autotools-build-macos: +strategy: + matrix: +os: [macos-latest] +cc: [clang] +runs-on: ${{ matrix.os }} +env: + CC: ${{ matrix.cc }} +steps: +- name: Install dependencies + run: brew install autoconf automake docbook libtool xmlto xz +- name: Checkout gnulib + uses: actions/checkout@v2 + with: +repository: coreutils/gnulib +path: gnulib +- run: mv gnulib .. +- uses: actions/checkout@v2 +# We don't run the whole distcheck flow because we don't want or need to +# rebuild the tarball, and that flow also runs the basic Linux+make which +# blows up wonderfully everywhere else. +- run: make autotools SHELL_TRACE=-x +- run: ./configure +- run: make +# The unittests generally assume a Linux ELF host, so don't bother making +# sure they pass on macOS. Run them out of morbid curiosity I guess. +- run: | +make -k check || : +- run: make install DESTDIR="${PWD}/root/" diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 000..0cdfec2 --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,52 @@ +# GitHub actions workflow. +# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions + +# https://scan.coverity.com/projects/gentoo-pax-utils +name: Coverity Scan + +on: + push: +branches: [master] + +jobs: + coverity: +strategy: + matrix: +os: [ubuntu-latest] +cc: [gcc] +runs-on: ${{ matrix.os }} +env: + COVERITY_EMAIL: vap...@gentoo.org + COVERITY_PROJECT: gentoo%2Fpax-utils + CC: ${{ matrix.cc }} +steps: +- uses: actions/checkout@v2 + +- name: Download Coverity Build Tool + run: | +wget -nv https://scan.coverity.com/download/cxx/linux64 \ + --post-data "token=${TOKEN}=${COVERITY_PROJECT}" \ + -O cov-analysis-linux64.tar.gz +mkdir cov-analysis +tar -xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis + env: +TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + +- name: Build with cov-build + run: | +export PATH="${PWD}/cov-analysis/bin:${PATH}" +cov-build --dir cov-int make + +- name: Submit the result to Coverity Scan +
[gentoo-commits] proj/pax-utils:master commit in: /
commit: e296d7ac9b45c75499dbfa89cfd4e2341303d2e2 Author: Mike Frysinger chromium org> AuthorDate: Mon Oct 4 21:46:02 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Oct 4 21:46:02 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e296d7ac build: add --debug for easy shell script tracing Improve the CLI parser slightly so we can add a --debug option. This makes it easy to get shell script tracing with a -x option rather than having to override the shebang/shell interpreter. Signed-off-by: Mike Frysinger gentoo.org> autogen.sh | 26 -- make-tarball.sh | 13 ++--- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/autogen.sh b/autogen.sh index 42e8a8c..a21b8e5 100755 --- a/autogen.sh +++ b/autogen.sh @@ -2,11 +2,33 @@ . "${0%/*}"/travis/lib.sh +# NB: This script is normally run in a GNU environment (e.g. Linux), but we also run it on other +# systems (e.g. macOS) as part of our automated CI. So a little care must be taken. + +cd "${0%/*}" || exit 1 + m4dir="autotools/m4" +: ${MAKE:=make} + +FROM_TOOL= +while [[ $# -gt 0 ]] ;do + case $1 in + --from=*) FROM_TOOL=${1#*=};; + -x|--debug) set -x;; + *) break;; + esac + shift +done + +if [[ $# -ne 0 ]] ; then + echo "Usage: $0" >&2 + exit 1 +fi + v rm -rf autotools -if [[ $1 != "--from=make" ]] ; then - v ${MAKE:-make} autotools-update +if [[ ${FROM_TOOL} != "make" ]] ; then + v ${MAKE} autotools-update fi # reload the gnulib code if possible diff --git a/make-tarball.sh b/make-tarball.sh index 04f778d..3cd3219 100755 --- a/make-tarball.sh +++ b/make-tarball.sh @@ -1,5 +1,8 @@ #!/bin/bash +# NB: This script is expected to be run in a GNU environment (e.g. Linux). +# So it is not written to be completely POSIX compliant. + set -e if ! . /etc/init.d/functions.sh 2>/dev/null ; then @@ -13,10 +16,14 @@ v() { printf '\t%s\n' "$*"; "$@"; } : ${MAKE:=make} CHECK=false -if [[ $1 == "--check" ]] ; then - CHECK=true +while [[ $# -gt 0 ]] ;do + case $1 in + --check) CHECK=true;; + -x|--debug) set -x;; + *) break;; + esac shift -fi +done if [[ $# -ne 1 ]] ; then die "Usage: $0 "
[gentoo-commits] proj/pax-utils:master commit in: /, tests/
commit: 75966274a95160cabba4534f47867be90648f066 Author: Mike Frysinger chromium org> AuthorDate: Mon Oct 4 21:51:13 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Oct 4 21:51:13 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=75966274 build: drop external function.sh use We use very little from it anymore, and can easily inline the few things we want. This makes code work on non-Gentoo systems. Signed-off-by: Mike Frysinger gentoo.org> make-tarball.sh | 7 ++- tests/lib.sh| 4 +++- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/make-tarball.sh b/make-tarball.sh index 3cd3219..231cb66 100755 --- a/make-tarball.sh +++ b/make-tarball.sh @@ -5,12 +5,9 @@ set -e -if ! . /etc/init.d/functions.sh 2>/dev/null ; then - einfo() { printf ' * %b\n' "$*"; } - eerror() { einfo "$@" 1>&2; } -fi +einfo() { printf ' * %b\n' "$*"; } +eerror() { einfo "$@" 1>&2; } die() { eerror "$@"; exit 1; } - v() { printf '\t%s\n' "$*"; "$@"; } : ${MAKE:=make} diff --git a/tests/lib.sh b/tests/lib.sh index 927e503..03d9f2a 100644 --- a/tests/lib.sh +++ b/tests/lib.sh @@ -9,7 +9,9 @@ else top_builddir=${abs_top_builddir} fi -[ -e /etc/init.d/functions.sh ] && source /etc/init.d/functions.sh +GOOD=$'\e[32;1m' +BAD=$'\e[31;1m' +NORMAL=$'\e[m' PATH="${top_srcdir}:${top_builddir}:${PATH}" unset ROOT # who knows!
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c31c7fef7febeb4606d5b0cd22006c4dc7c11b06 Author: Sam James gentoo org> AuthorDate: Mon Sep 20 04:51:03 2021 + Commit: Sam James gentoo org> CommitDate: Mon Sep 20 04:51:03 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c31c7fef README.md: solar@ is long-retired Signed-off-by: Sam James gentoo.org> README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7e6dc99..6f2a3e7 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ If you include pax-utils in your distro, feel free to send an update for this. # Gentoo * https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities * https://gitweb.gentoo.org/proj/pax-utils.git/ - * Maintainer: Mike Frysinger , Ned Ludd + * Maintainer: Mike Frysinger , Toolchain Project # openSUSE * https://build.opensuse.org/package/show?package=pax-utils=openSUSE%3AFactory
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 25e4d53c70f2b677dcde1c37cb9c67214b38d611 Author: Sergei Trofimovich gentoo org> AuthorDate: Thu Jul 22 21:15:43 2021 + Commit: Sergei Trofimovich gentoo org> CommitDate: Thu Jul 22 21:23:46 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=25e4d53c seccomp: allow getrandom() call (glibc-2.34+) Reported-by: Andreas K. Hüttel Signed-off-by: Sergei Trofimovich gentoo.org> seccomp-bpf.c | 3 +++ seccomp-bpf.h | 76 +-- 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/seccomp-bpf.c b/seccomp-bpf.c index a72f6ef..5279d20 100644 --- a/seccomp-bpf.c +++ b/seccomp-bpf.c @@ -190,6 +190,9 @@ int main(void) * as ipc() subcalls. #675378 */ SCMP_SYS(ipc), + + /* glibc-2.34+ uses it as part of mem alloc functions. */ + SCMP_SYS(getrandom), }; int fork_syscalls[] = { SCMP_SYS(clone), diff --git a/seccomp-bpf.h b/seccomp-bpf.h index bb2e9cd..9c5e2de 100644 --- a/seccomp-bpf.h +++ b/seccomp-bpf.h @@ -8,10 +8,10 @@ /* AARCH64 */ #define SECCOMP_BPF_AVAILABLE static const unsigned char seccomp_bpf_blks_base[] = { - 32,0,0,0,4,0,0,0,21,0,0,43,183,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0, + 32,0,0,0,4,0,0,0,21,0,0,44,183,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0, }; static const unsigned char seccomp_bpf_blks_fork[] = { - 32,0,0,0,4,0,0,0,21,0,0,50,183,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6, 0,0,0,0,0,0,0, +
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 54aad9134c9c2c3cb01d79d5e81e30623be93d7a Author: Sergei Trofimovich gentoo org> AuthorDate: Thu Jul 22 21:15:43 2021 + Commit: Sergei Trofimovich gentoo org> CommitDate: Thu Jul 22 21:15:43 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=54aad913 seccomp: allow getrandom() call (glibc-2.34+) Reported-by: Andreas K. Hüttel Signed-off-by: Sergei Trofimovich gentoo.org> seccomp-bpf.c | 3 +++ seccomp-bpf.h | 76 +-- 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/seccomp-bpf.c b/seccomp-bpf.c index a72f6ef..4bbded8 100644 --- a/seccomp-bpf.c +++ b/seccomp-bpf.c @@ -190,6 +190,9 @@ int main(void) * as ipc() subcalls. #675378 */ SCMP_SYS(ipc), + + /* glibc-2.34+ uses it as part of malloc() implementation. */ + SCMP_SYS(getrandom), }; int fork_syscalls[] = { SCMP_SYS(clone), diff --git a/seccomp-bpf.h b/seccomp-bpf.h index bb2e9cd..9c5e2de 100644 --- a/seccomp-bpf.h +++ b/seccomp-bpf.h @@ -8,10 +8,10 @@ /* AARCH64 */ #define SECCOMP_BPF_AVAILABLE static const unsigned char seccomp_bpf_blks_base[] = { - 32,0,0,0,4,0,0,0,21,0,0,43,183,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0, + 32,0,0,0,4,0,0,0,21,0,0,44,183,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0, }; static const unsigned char seccomp_bpf_blks_fork[] = { - 32,0,0,0,4,0,0,0,21,0,0,50,183,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6, 0,0,0,0,0,0,0, +