Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a test in our wheel builder that all .so's are noexecstack #3994

Closed
alex opened this issue Oct 23, 2017 · 2 comments
Closed

Add a test in our wheel builder that all .so's are noexecstack #3994

alex opened this issue Oct 23, 2017 · 2 comments
Labels
security-hardening testing
Milestone
Twenty second rel...

Comments

@alex
Copy link
Member

alex commented Oct 23, 2017

Follow up to #3993
@alex alex added this to the Twenty second release milestone Oct 23, 2017
@jlaine
Copy link
Contributor

jlaine commented Feb 24, 2018

How can I test a change to the Jenkins config?

It looks like we need something like:

unzip tmpwheelhouse/*.whl -d execstack.check
(execstack execstack.check/cryptography/hazmat/bindings/*.so | grep '^X') && exit 1

@reaperhulk
Copy link
Member

You can't directly test the change, what you'd need to do is grab the docker image and run the script yourself to see if it works as expected.

docker run --rm -ti pyca/cryptography-manylinux1:x86_64 /bin/bash will get you in.

jlaine added a commit to jlaine/cryptography that referenced this issue Mar 5, 2018
@jlaine
Check all .so's are noexecstack (pyca#3994)
ab8cc06
jlaine added a commit to jlaine/cryptography that referenced this issue Mar 5, 2018
@jlaine
Check all .so's are noexecstack (pyca#3994)
10364d3 
The ouput of execstack -q is one line per file, either:

- starting with a '-' (dash) if the file does not require an executable stack
- start with an 'X' if the file *does* require an executable stack

We check there are no files which require an executable stack.
reaperhulk pushed a commit that referenced this issue Mar 5, 2018
@jlaine @reaperhulk
Check all .so's are noexecstack (#3994) (#4130)
ef8f066 
The ouput of execstack -q is one line per file, either:

- starting with a '-' (dash) if the file does not require an executable stack
- start with an 'X' if the file *does* require an executable stack

We check there are no files which require an executable stack.
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security-hardening testing
Milestone
Twenty second release
Development

No branches or pull requests
3 participants
@alex @reaperhulk @jlaine