[reprotest] 02/02: build: add aslr variation

Ximin Luo infinity0 at debian.org
Fri Nov 24 18:19:26 UTC 2017 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository reprotest.

commit f0182b0f813a137c358c794efa553f024d5577ad
Author: Ximin Luo <infinity0 at debian.org>
Date:   Fri Nov 24 19:18:07 2017 +0100

    build: add aslr variation
---
 debian/changelog    |  2 +-
 reprotest/build.py  | 27 +++++++++++++++++++--------
 tests/mock_build.py |  2 ++
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 268bddb..af0b9b1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,7 @@
 reprotest (0.7.4) UNRELEASED; urgency=medium
 
   * Hopefully fix the autopkgtest tests.
-  * Add a domain_host variation.
+  * Add aslr and domain_host variations.
   * Add a --print-sudoers feature.
   * Properly drop privs when running the build. (Closes: #877813)
 
diff --git a/reprotest/build.py b/reprotest/build.py
index 8a1006c..4c9eba8 100644
--- a/reprotest/build.py
+++ b/reprotest/build.py
@@ -104,8 +104,11 @@ class Build(collections.namedtuple('_Build', 'build_command setup cleanup env tr
 
     def prepend_to_build_command(self, *prefix):
         '''Prepend a wrapper command onto the build_command.'''
+        return self.prepend_to_build_command_raw(*map(shlex.quote, prefix))
+
+    def prepend_to_build_command_raw(self, *prefix):
         new_command = shell_syn.Command(
-            cmd_prefix=shell_syn.CmdPrefix(map(shlex.quote, prefix)),
+            cmd_prefix=shell_syn.CmdPrefix(prefix),
             cmd_suffix=self.build_command)
         return self._replace(build_command=new_command)
 
@@ -283,14 +286,19 @@ def home(ctx, build, vary):
 # reference to a setname command on another Unix variant:
 # https://en.wikipedia.org/wiki/Uname
 def kernel(ctx, build, vary):
-    # set these two explicitly different. otherwise, when reprotest is
-    # reprotesting itself, then one of the builds will fail its tests, because
-    # its two child reprotests will see the same value for "uname" but the
-    # tests expect different values.
+    _ = build
     if not vary:
-        return build.prepend_to_build_command('linux64', '--uname-2.6')
+        _ = _.append_setup_exec_raw('SETARCH_ARCH=$(arch)')
     else:
-        return build.prepend_to_build_command('linux32')
+        _ = _.append_setup_exec_raw('SETARCH_ARCH=$(setarch --list | grep -vF "$(arch)" | shuf | head -n1)')
+        _ = _.append_setup_exec_raw('KERNEL_VERSION=$(uname -r)')
+        _ = _.append_setup_exec_raw('if [ ${KERNEL_VERSION#2.6} = $KERNEL_VERSION ]; then SETARCH_OPTS=--uname-2.6; fi')
+    return _.prepend_to_build_command_raw('setarch', '$SETARCH_ARCH', '$SETARCH_OPTS')
+
+def aslr(ctx, build, vary):
+    if vary:
+        return build
+    return build.append_setup_exec_raw('SETARCH_OPTS="$SETARCH_OPTS -R"')
 
 # TODO: if this locale doesn't exist on the system, Python's
 # locales.getlocale() will return (None, None) rather than this
@@ -440,12 +448,15 @@ def user_group(ctx, build, vary):
 VARIATIONS = collections.OrderedDict([
     ('environment', environment),
     ('build_path', build_path),
+    ('kernel', kernel),
+    ('aslr', aslr), # needs to run after kernel which runs "setarch"
+                    # but also as close to the build command as possible, (i.e. earlier in this list)
+                    # otherwise other variations below can affect the address layout
     ('user_group', user_group),
     # ('cpu', cpu),
     ('fileordering', fileordering),
     ('domain_host', domain_host), # needs to run after all other mounts have been set
     ('home', home),
-    ('kernel', kernel),
     ('locales', locales),
     # ('namespace', namespace),
     ('exec_path', exec_path),
diff --git a/tests/mock_build.py b/tests/mock_build.py
index d0ab4a3..5b2ea74 100755
--- a/tests/mock_build.py
+++ b/tests/mock_build.py
@@ -29,6 +29,8 @@ if __name__ == '__main__':
     # Like the above test, this test can theoretically fail by
     # producing the same file order, but this is unlikely, if not
     # as unlikely as in the above test.
+    if 'aslr' in captures:
+        output.append(id(__name__))
     if 'environment' in captures:
         output.extend("%s=%s" % pair for pair in os.environ.items())
     if 'build_path' in captures:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/reprotest.git

More information about the Reproducible-commits mailing list