diff options
Diffstat (limited to 'pkgs/test/cc-wrapper')
| -rw-r--r-- | pkgs/test/cc-wrapper/atomics.cc | 8 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/cc-main.c | 7 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/cflags-main.c | 10 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/core-foundation-main.c | 7 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/cxx-main.cc | 7 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/default.nix | 135 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/foo.c | 4 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/fortify1-example.c | 16 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/fortify2-example.c | 16 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/fortify3-example.c | 13 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/hardening.nix | 396 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/include-cxxabi.cc | 8 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/ldflags-main.c | 12 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/multilib.nix | 37 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/nostdinc-main.c | 8 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/sanitizers.c | 8 | ||||
| -rw-r--r-- | pkgs/test/cc-wrapper/stdio.h | 1 |
17 files changed, 0 insertions, 693 deletions
diff --git a/pkgs/test/cc-wrapper/atomics.cc b/pkgs/test/cc-wrapper/atomics.cc deleted file mode 100644 index 23601ae92f0b..000000000000 --- a/pkgs/test/cc-wrapper/atomics.cc +++ /dev/null @@ -1,8 +0,0 @@ -#include <atomic> -#include <cstdint> - -int main() -{ - std::atomic_int x = {0}; - return !std::atomic_is_lock_free(&x); -} diff --git a/pkgs/test/cc-wrapper/cc-main.c b/pkgs/test/cc-wrapper/cc-main.c deleted file mode 100644 index 06f28bc33c69..000000000000 --- a/pkgs/test/cc-wrapper/cc-main.c +++ /dev/null @@ -1,7 +0,0 @@ -#include <stdio.h> - -int main(int argc, char **argv) -{ - fprintf(stderr, "ok\n"); - return 0; -} diff --git a/pkgs/test/cc-wrapper/cflags-main.c b/pkgs/test/cc-wrapper/cflags-main.c deleted file mode 100644 index 9491232b5387..000000000000 --- a/pkgs/test/cc-wrapper/cflags-main.c +++ /dev/null @@ -1,10 +0,0 @@ -#include <stdio.h> -#include <foo.h> - -int main(int argc, char **argv) -{ - if (foo() != 42) - return 1; - fprintf(stderr, "ok\n"); - return 0; -} diff --git a/pkgs/test/cc-wrapper/core-foundation-main.c b/pkgs/test/cc-wrapper/core-foundation-main.c deleted file mode 100644 index fb3bd3126191..000000000000 --- a/pkgs/test/cc-wrapper/core-foundation-main.c +++ /dev/null @@ -1,7 +0,0 @@ -#include <CoreFoundation/CoreFoundation.h> - -int main(int argc, char** argv) -{ - CFShow(CFSTR("ok")); - return 0; -} diff --git a/pkgs/test/cc-wrapper/cxx-main.cc b/pkgs/test/cc-wrapper/cxx-main.cc deleted file mode 100644 index 83f704617a46..000000000000 --- a/pkgs/test/cc-wrapper/cxx-main.cc +++ /dev/null @@ -1,7 +0,0 @@ -#include <iostream> - -int main(int argc, char **argv) -{ - std::cerr << "ok" << std::endl; - return 0; -} diff --git a/pkgs/test/cc-wrapper/default.nix b/pkgs/test/cc-wrapper/default.nix deleted file mode 100644 index 6a0b11a6cc97..000000000000 --- a/pkgs/test/cc-wrapper/default.nix +++ /dev/null @@ -1,135 +0,0 @@ -{ lib, stdenv, glibc, buildPackages }: - -let - # Sanitizers are not supported on Darwin. - # Sanitizer headers aren't available in older libc++ stdenvs due to a bug - sanitizersWorking = (stdenv.buildPlatform == stdenv.hostPlatform) && !stdenv.isDarwin && !stdenv.hostPlatform.isMusl && ( - (stdenv.cc.isClang && lib.versionAtLeast (lib.getVersion stdenv.cc.name) "5.0.0") - || (stdenv.cc.isGNU && stdenv.isLinux) - ); - staticLibc = lib.optionalString (stdenv.hostPlatform.libc == "glibc") "-L ${glibc.static}/lib"; - emulator = stdenv.hostPlatform.emulator buildPackages; - isCxx = stdenv.cc.libcxx != null; - libcxxStdenvSuffix = lib.optionalString isCxx "-libcxx"; -in stdenv.mkDerivation { - pname = "cc-wrapper-test-${stdenv.cc.cc.pname}${libcxxStdenvSuffix}"; - version = stdenv.cc.version; - - buildCommand = '' - echo "Testing: ${stdenv.cc.name}" >&2 - echo "With libc: ${stdenv.cc.libc.name}" >&2 - set -o pipefail - - NIX_DEBUG=1 $CC -v - NIX_DEBUG=1 $CXX -v - - echo "checking whether compiler builds valid C binaries... " >&2 - $CC -o cc-check ${./cc-main.c} - ${emulator} ./cc-check - - echo "checking whether compiler builds valid C++ binaries... " >&2 - $CXX -o cxx-check ${./cxx-main.cc} - ${emulator} ./cxx-check - - # test for https://github.com/NixOS/nixpkgs/issues/214524#issuecomment-1431745905 - # .../include/cxxabi.h:20:10: fatal error: '__cxxabi_config.h' file not found - # in libcxxStdenv - echo "checking whether cxxabi.h can be included... " >&2 - $CXX -o include-cxxabi ${./include-cxxabi.cc} - ${emulator} ./include-cxxabi - - # cxx doesn't have libatomic.so - ${lib.optionalString (!isCxx) '' - # https://github.com/NixOS/nixpkgs/issues/91285 - echo "checking whether libatomic.so can be linked... " >&2 - $CXX -shared -o atomics.so ${./atomics.cc} -latomic ${lib.optionalString (stdenv.cc.isClang && lib.versionOlder stdenv.cc.version "6.0.0" ) "-std=c++17"} - $READELF -d ./atomics.so | grep libatomic.so && echo "ok" >&2 || echo "failed" >&2 - ''} - - # Test that linking libc++ works, and statically. - ${lib.optionalString isCxx '' - echo "checking whether can link with libc++... " >&2 - NIX_DEBUG=1 $CXX ${./cxx-main.cc} -c -o cxx-main.o - NIX_DEBUG=1 $CC cxx-main.o -lc++ -o cxx-main - NIX_DEBUG=1 $CC cxx-main.o ${lib.getLib stdenv.cc.libcxx}/lib/libc++.a -o cxx-main-static - ${emulator} ./cxx-main - ${emulator} ./cxx-main-static - rm cxx-main{,-static,.o} - ''} - - ${lib.optionalString (stdenv.isDarwin && stdenv.cc.isClang) '' - echo "checking whether compiler can build with CoreFoundation.framework... " >&2 - mkdir -p foo/lib - $CC -framework CoreFoundation -o core-foundation-check ${./core-foundation-main.c} - ${emulator} ./core-foundation-check - ''} - - - ${lib.optionalString (!stdenv.isDarwin) '' - echo "checking whether compiler builds valid static C binaries... " >&2 - $CC ${staticLibc} -static -o cc-static ${./cc-main.c} - ${emulator} ./cc-static - ${lib.optionalString (stdenv.cc.isGNU && lib.versionAtLeast (lib.getVersion stdenv.cc.name) "8.0.0") '' - echo "checking whether compiler builds valid static pie C binaries... " >&2 - $CC ${staticLibc} -static-pie -o cc-static-pie ${./cc-main.c} - ${emulator} ./cc-static-pie - ''} - ''} - - ${# See: https://github.com/llvm/llvm-project/commit/ed1d07282cc9d8e4c25d585e03e5c8a1b6f63a74 - # `gcc` does not support this so we gate the test on `clang` - lib.optionalString stdenv.cc.isClang '' - echo "checking whether cc-wrapper accepts -- followed by positional (file) args..." >&2 - mkdir -p positional - - # Make sure `--` is not parsed as a "non flag arg"; we should get an - # input file error here and *not* a linker error. - { ! $CC --; } |& grep -q "no input files" - - # And that positional file args _must_ be files (this is just testing - # that we remembered to put the `--` back in the args to the compiler): - { ! $CC -c -- -o foo ${./foo.c}; } \ - |& grep -q "no such file or directory: '-o'" - - # Now check that we accept single and multiple positional file args: - $CC -c -DVALUE=42 -o positional/foo.o -- ${./foo.c} - $CC -o positional/main -- positional/foo.o ${./ldflags-main.c} - ${emulator} ./positional/main - ''} - - echo "checking whether compiler uses NIX_CFLAGS_COMPILE... " >&2 - mkdir -p foo/include - cp ${./foo.c} foo/include/foo.h - NIX_CFLAGS_COMPILE="-Ifoo/include -DVALUE=42" $CC -o cflags-check ${./cflags-main.c} - ${emulator} ./cflags-check - - echo "checking whether compiler uses NIX_LDFLAGS... " >&2 - mkdir -p foo/lib - $CC -shared \ - ${lib.optionalString stdenv.isDarwin "-Wl,-install_name,@rpath/libfoo.dylib"} \ - -DVALUE=42 \ - -o foo/lib/libfoo${stdenv.hostPlatform.extensions.sharedLibrary} \ - ${./foo.c} - - NIX_LDFLAGS="-L$NIX_BUILD_TOP/foo/lib -rpath $NIX_BUILD_TOP/foo/lib" $CC -lfoo -o ldflags-check ${./ldflags-main.c} - ${emulator} ./ldflags-check - - echo "Check whether -nostdinc and -nostdinc++ is handled correctly" >&2 - mkdir -p std-include - cp ${./stdio.h} std-include/stdio.h - NIX_DEBUG=1 $CC -I std-include -nostdinc -o nostdinc-main ${./nostdinc-main.c} - ${emulator} ./nostdinc-main - $CXX -I std-include -nostdinc++ -o nostdinc-main++ ${./nostdinc-main.c} - ${emulator} ./nostdinc-main++ - - ${lib.optionalString sanitizersWorking '' - echo "checking whether sanitizers are fully functional... ">&2 - $CC -o sanitizers -fsanitize=address,undefined ${./sanitizers.c} - ASAN_OPTIONS=use_sigaltstack=0 ${emulator} ./sanitizers - ''} - - touch $out - ''; - - meta.platforms = lib.platforms.all; -} diff --git a/pkgs/test/cc-wrapper/foo.c b/pkgs/test/cc-wrapper/foo.c deleted file mode 100644 index 8be674be3103..000000000000 --- a/pkgs/test/cc-wrapper/foo.c +++ /dev/null @@ -1,4 +0,0 @@ -unsigned int foo(void) -{ - return VALUE; -} diff --git a/pkgs/test/cc-wrapper/fortify1-example.c b/pkgs/test/cc-wrapper/fortify1-example.c deleted file mode 100644 index 48b9c268e728..000000000000 --- a/pkgs/test/cc-wrapper/fortify1-example.c +++ /dev/null @@ -1,16 +0,0 @@ -/* an example that should be protected by FORTIFY_SOURCE=1 */ -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - - -int main(int argc, char *argv[]) { - /* allocate on the heap so we're likely to get an - * over-allocation and can be more sure that a - * failure is because of fortify protection rather - * than a genuine segfault */ - char* buffer = malloc(sizeof(char) * 7); - strcpy(buffer, argv[1]); - puts(buffer); - return 0; -} diff --git a/pkgs/test/cc-wrapper/fortify2-example.c b/pkgs/test/cc-wrapper/fortify2-example.c deleted file mode 100644 index dfb5a8e87294..000000000000 --- a/pkgs/test/cc-wrapper/fortify2-example.c +++ /dev/null @@ -1,16 +0,0 @@ -/* an example that should be protected by FORTIFY_SOURCE=2 but - * not FORTIFY_SOURCE=1 */ -#include <stdio.h> -#include <string.h> - -struct buffer_with_pad { - char buffer[7]; - char pad[25]; -}; - -int main(int argc, char *argv[]) { - struct buffer_with_pad b; - strcpy(b.buffer, argv[1]); - puts(b.buffer); - return 0; -} diff --git a/pkgs/test/cc-wrapper/fortify3-example.c b/pkgs/test/cc-wrapper/fortify3-example.c deleted file mode 100644 index 9a0a5f4792c3..000000000000 --- a/pkgs/test/cc-wrapper/fortify3-example.c +++ /dev/null @@ -1,13 +0,0 @@ -/* an example that should be protected by FORTIFY_SOURCE=3 but - * not FORTIFY_SOURCE=2 */ -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - - -int main(int argc, char *argv[]) { - char* buffer = malloc(atoi(argv[2])); - strcpy(buffer, argv[1]); - puts(buffer); - return 0; -} diff --git a/pkgs/test/cc-wrapper/hardening.nix b/pkgs/test/cc-wrapper/hardening.nix deleted file mode 100644 index 41ddaefdfea8..000000000000 --- a/pkgs/test/cc-wrapper/hardening.nix +++ /dev/null @@ -1,396 +0,0 @@ -{ lib -, stdenv -, runCommand -, runCommandWith -, runCommandCC -, debian-devscripts -}: - -let - # writeCBin from trivial-builders won't let us choose - # our own stdenv - writeCBinWithStdenv = codePath: stdenv': env: runCommandWith { - name = "test-bin"; - stdenv = stdenv'; - derivationArgs = { - inherit codePath; - preferLocalBuild = true; - allowSubstitutes = false; - } // env; - } '' - [ -n "$preBuild" ] && eval "$preBuild" - n=$out/bin/test-bin - mkdir -p "$(dirname "$n")" - cp "$codePath" code.c - NIX_DEBUG=1 $CC -x c code.c -O1 $TEST_EXTRA_FLAGS -o "$n" - ''; - - f1exampleWithStdEnv = writeCBinWithStdenv ./fortify1-example.c; - f2exampleWithStdEnv = writeCBinWithStdenv ./fortify2-example.c; - f3exampleWithStdEnv = writeCBinWithStdenv ./fortify3-example.c; - - stdenvUnsupport = additionalUnsupported: stdenv.override { - cc = stdenv.cc.override { - cc = (lib.extendDerivation true { - hardeningUnsupportedFlags = (stdenv.cc.cc.hardeningUnsupportedFlags or []) ++ additionalUnsupported; - } stdenv.cc.cc); - }; - allowedRequisites = null; - }; - - checkTestBin = testBin: { - # can only test flags that are detectable by hardening-check - ignoreBindNow ? true, - ignoreFortify ? true, - ignorePie ? true, - ignoreRelRO ? true, - ignoreStackProtector ? true, - expectFailure ? false, - }: let - expectFailureClause = lib.optionalString expectFailure - " && echo 'ERROR: Expected hardening-check to fail, but it passed!' >&2 && exit 1"; - in runCommandCC "check-test-bin" { - nativeBuildInputs = [ debian-devscripts ]; - buildInputs = [ testBin ]; - meta.platforms = lib.platforms.linux; # ELF-reliant - } '' - hardening-check --nocfprotection \ - ${lib.optionalString ignoreBindNow "--nobindnow"} \ - ${lib.optionalString ignoreFortify "--nofortify"} \ - ${lib.optionalString ignorePie "--nopie"} \ - ${lib.optionalString ignoreRelRO "--norelro"} \ - ${lib.optionalString ignoreStackProtector "--nostackprotector"} \ - $(PATH=$HOST_PATH type -P test-bin) ${expectFailureClause} - touch $out - ''; - - nameDrvAfterAttrName = builtins.mapAttrs (name: drv: - drv.overrideAttrs (_: { name = "test-${name}"; }) - ); - - # returning a specific exit code when aborting due to a fortify - # check isn't mandated. so it's better to just ensure that a - # nonzero exit code is returned when we go a single byte beyond - # the buffer, with the example programs being designed to be - # unlikely to genuinely segfault for such a small overflow. - fortifyExecTest = testBin: runCommand "exec-test" { - buildInputs = [ - testBin - ]; - meta.broken = !(stdenv.buildPlatform.canExecute stdenv.hostPlatform); - } '' - ( - export PATH=$HOST_PATH - echo "Saturated buffer:" # check program isn't completly broken - test-bin 012345 7 - echo "One byte too far:" # eighth byte being the null terminator - (! test-bin 0123456 7) || (echo 'Expected failure, but succeeded!' && exit 1) - ) - echo "Expected behaviour observed" - touch $out - ''; - - brokenIf = cond: drv: if cond then drv.overrideAttrs (old: { meta = old.meta or {} // { broken = true; }; }) else drv; - -in nameDrvAfterAttrName ({ - bindNowExplicitEnabled = brokenIf stdenv.hostPlatform.isStatic (checkTestBin (f2exampleWithStdEnv stdenv { - hardeningEnable = [ "bindnow" ]; - }) { - ignoreBindNow = false; - }); - - # musl implementation undetectable by this means even if present - fortifyExplicitEnabled = brokenIf stdenv.hostPlatform.isMusl (checkTestBin (f2exampleWithStdEnv stdenv { - hardeningEnable = [ "fortify" ]; - }) { - ignoreFortify = false; - }); - - fortify1ExplicitEnabledExecTest = fortifyExecTest (f1exampleWithStdEnv stdenv { - hardeningEnable = [ "fortify" ]; - }); - - # musl implementation is effectively FORTIFY_SOURCE=1-only, - # clang-on-glibc also only appears to support FORTIFY_SOURCE=1 (!) - fortifyExplicitEnabledExecTest = brokenIf ( - stdenv.hostPlatform.isMusl || (stdenv.cc.isClang && stdenv.hostPlatform.libc == "glibc") - ) (fortifyExecTest (f2exampleWithStdEnv stdenv { - hardeningEnable = [ "fortify" ]; - })); - - fortify3ExplicitEnabled = brokenIf ( - stdenv.hostPlatform.isMusl || !stdenv.cc.isGNU || lib.versionOlder stdenv.cc.version "12" - ) (checkTestBin (f3exampleWithStdEnv stdenv { - hardeningEnable = [ "fortify3" ]; - }) { - ignoreFortify = false; - }); - - # musl implementation is effectively FORTIFY_SOURCE=1-only - fortify3ExplicitEnabledExecTest = brokenIf ( - stdenv.hostPlatform.isMusl || !stdenv.cc.isGNU || lib.versionOlder stdenv.cc.version "12" - ) (fortifyExecTest (f3exampleWithStdEnv stdenv { - hardeningEnable = [ "fortify3" ]; - })); - - pieExplicitEnabled = brokenIf stdenv.hostPlatform.isStatic (checkTestBin (f2exampleWithStdEnv stdenv { - hardeningEnable = [ "pie" ]; - }) { - ignorePie = false; - }); - - relROExplicitEnabled = checkTestBin (f2exampleWithStdEnv stdenv { - hardeningEnable = [ "relro" ]; - }) { - ignoreRelRO = false; - }; - - stackProtectorExplicitEnabled = brokenIf stdenv.hostPlatform.isStatic (checkTestBin (f2exampleWithStdEnv stdenv { - hardeningEnable = [ "stackprotector" ]; - }) { - ignoreStackProtector = false; - }); - - bindNowExplicitDisabled = checkTestBin (f2exampleWithStdEnv stdenv { - hardeningDisable = [ "bindnow" ]; - }) { - ignoreBindNow = false; - expectFailure = true; - }; - - fortifyExplicitDisabled = checkTestBin (f2exampleWithStdEnv stdenv { - hardeningDisable = [ "fortify" ]; - }) { - ignoreFortify = false; - expectFailure = true; - }; - - fortify3ExplicitDisabled = checkTestBin (f3exampleWithStdEnv stdenv { - hardeningDisable = [ "fortify3" ]; - }) { - ignoreFortify = false; - expectFailure = true; - }; - - fortifyExplicitDisabledDisablesFortify3 = checkTestBin (f3exampleWithStdEnv stdenv { - hardeningEnable = [ "fortify3" ]; - hardeningDisable = [ "fortify" ]; - }) { - ignoreFortify = false; - expectFailure = true; - }; - - fortify3ExplicitDisabledDoesntDisableFortify = checkTestBin (f2exampleWithStdEnv stdenv { - hardeningEnable = [ "fortify" ]; - hardeningDisable = [ "fortify3" ]; - }) { - ignoreFortify = false; - }; - - pieExplicitDisabled = brokenIf ( - stdenv.hostPlatform.isMusl && stdenv.cc.isClang - ) (checkTestBin (f2exampleWithStdEnv stdenv { - hardeningDisable = [ "pie" ]; - }) { - ignorePie = false; - expectFailure = true; - }); - - # can't force-disable ("partial"?) relro - relROExplicitDisabled = brokenIf true (checkTestBin (f2exampleWithStdEnv stdenv { - hardeningDisable = [ "pie" ]; - }) { - ignoreRelRO = false; - expectFailure = true; - }); - - stackProtectorExplicitDisabled = checkTestBin (f2exampleWithStdEnv stdenv { - hardeningDisable = [ "stackprotector" ]; - }) { - ignoreStackProtector = false; - expectFailure = true; - }; - - # most flags can't be "unsupported" by compiler alone and - # binutils doesn't have an accessible hardeningUnsupportedFlags - # mechanism, so can only test a couple of flags through altered - # stdenv trickery - - fortifyStdenvUnsupp = checkTestBin (f2exampleWithStdEnv (stdenvUnsupport ["fortify"]) { - hardeningEnable = [ "fortify" ]; - }) { - ignoreFortify = false; - expectFailure = true; - }; - - fortify3StdenvUnsupp = checkTestBin (f3exampleWithStdEnv (stdenvUnsupport ["fortify3"]) { - hardeningEnable = [ "fortify3" ]; - }) { - ignoreFortify = false; - expectFailure = true; - }; - - fortifyStdenvUnsuppUnsupportsFortify3 = checkTestBin (f3exampleWithStdEnv (stdenvUnsupport ["fortify"]) { - hardeningEnable = [ "fortify3" ]; - }) { - ignoreFortify = false; - expectFailure = true; - }; - - fortify3StdenvUnsuppDoesntUnsuppFortify = brokenIf stdenv.hostPlatform.isMusl (checkTestBin (f2exampleWithStdEnv (stdenvUnsupport ["fortify3"]) { - hardeningEnable = [ "fortify" ]; - }) { - ignoreFortify = false; - }); - - fortify3StdenvUnsuppDoesntUnsuppFortifyExecTest = fortifyExecTest (f2exampleWithStdEnv (stdenvUnsupport ["fortify3"]) { - hardeningEnable = [ "fortify" ]; - }); - - stackProtectorStdenvUnsupp = checkTestBin (f2exampleWithStdEnv (stdenvUnsupport ["stackprotector"]) { - hardeningEnable = [ "stackprotector" ]; - }) { - ignoreStackProtector = false; - expectFailure = true; - }; - - # NIX_HARDENING_ENABLE set in the shell overrides hardeningDisable - # and hardeningEnable - - stackProtectorReenabledEnv = checkTestBin (f2exampleWithStdEnv stdenv { - hardeningDisable = [ "stackprotector" ]; - preBuild = '' - export NIX_HARDENING_ENABLE="stackprotector" - ''; - }) { - ignoreStackProtector = false; - }; - - stackProtectorReenabledFromAllEnv = checkTestBin (f2exampleWithStdEnv stdenv { - hardeningDisable = [ "all" ]; - preBuild = '' - export NIX_HARDENING_ENABLE="stackprotector" - ''; - }) { - ignoreStackProtector = false; - }; - - stackProtectorRedisabledEnv = checkTestBin (f2exampleWithStdEnv stdenv { - hardeningEnable = [ "stackprotector" ]; - preBuild = '' - export NIX_HARDENING_ENABLE="" - ''; - }) { - ignoreStackProtector = false; - expectFailure = true; - }; - - fortify3EnabledEnvEnablesFortify = brokenIf stdenv.hostPlatform.isMusl (checkTestBin (f2exampleWithStdEnv stdenv { - hardeningDisable = [ "fortify" "fortify3" ]; - preBuild = '' - export NIX_HARDENING_ENABLE="fortify3" - ''; - }) { - ignoreFortify = false; - }); - - fortify3EnabledEnvEnablesFortifyExecTest = fortifyExecTest (f2exampleWithStdEnv stdenv { - hardeningDisable = [ "fortify" "fortify3" ]; - preBuild = '' - export NIX_HARDENING_ENABLE="fortify3" - ''; - }); - - fortifyEnabledEnvDoesntEnableFortify3 = checkTestBin (f3exampleWithStdEnv stdenv { - hardeningDisable = [ "fortify" "fortify3" ]; - preBuild = '' - export NIX_HARDENING_ENABLE="fortify" - ''; - }) { - ignoreFortify = false; - expectFailure = true; - }; - - # NIX_HARDENING_ENABLE can't enable an unsupported feature - - stackProtectorUnsupportedEnabledEnv = checkTestBin (f2exampleWithStdEnv (stdenvUnsupport ["stackprotector"]) { - preBuild = '' - export NIX_HARDENING_ENABLE="stackprotector" - ''; - }) { - ignoreStackProtector = false; - expectFailure = true; - }; - - # undetectable by this means on static even if present - fortify1ExplicitEnabledCmdlineDisabled = brokenIf stdenv.hostPlatform.isStatic (checkTestBin (f1exampleWithStdEnv stdenv { - hardeningEnable = [ "fortify" ]; - preBuild = '' - export TEST_EXTRA_FLAGS='-D_FORTIFY_SOURCE=0' - ''; - }) { - ignoreFortify = false; - expectFailure = true; - }); - - # musl implementation undetectable by this means even if present - fortify1ExplicitDisabledCmdlineEnabled = brokenIf ( - stdenv.hostPlatform.isMusl || stdenv.hostPlatform.isStatic - ) (checkTestBin (f1exampleWithStdEnv stdenv { - hardeningDisable = [ "fortify" ]; - preBuild = '' - export TEST_EXTRA_FLAGS='-D_FORTIFY_SOURCE=1' - ''; - }) { - ignoreFortify = false; - }); - - fortify1ExplicitDisabledCmdlineEnabledExecTest = fortifyExecTest (f1exampleWithStdEnv stdenv { - hardeningDisable = [ "fortify" ]; - preBuild = '' - export TEST_EXTRA_FLAGS='-D_FORTIFY_SOURCE=1' - ''; - }); - - fortify1ExplicitEnabledCmdlineDisabledNoWarn = f1exampleWithStdEnv stdenv { - hardeningEnable = [ "fortify" ]; - preBuild = '' - export TEST_EXTRA_FLAGS='-D_FORTIFY_SOURCE=0 -Werror' - ''; - }; - -} // (let - tb = f2exampleWithStdEnv stdenv { - hardeningDisable = [ "all" ]; - hardeningEnable = [ "fortify" "pie" ]; - }; -in { - - allExplicitDisabledBindNow = checkTestBin tb { - ignoreBindNow = false; - expectFailure = true; - }; - - allExplicitDisabledFortify = checkTestBin tb { - ignoreFortify = false; - expectFailure = true; - }; - - allExplicitDisabledPie = brokenIf ( - stdenv.hostPlatform.isMusl && stdenv.cc.isClang - ) (checkTestBin tb { - ignorePie = false; - expectFailure = true; - }); - - # can't force-disable ("partial"?) relro - allExplicitDisabledRelRO = brokenIf true (checkTestBin tb { - ignoreRelRO = false; - expectFailure = true; - }); - - allExplicitDisabledStackProtector = checkTestBin tb { - ignoreStackProtector = false; - expectFailure = true; - }; -})) diff --git a/pkgs/test/cc-wrapper/include-cxxabi.cc b/pkgs/test/cc-wrapper/include-cxxabi.cc deleted file mode 100644 index 6ffc97e414a5..000000000000 --- a/pkgs/test/cc-wrapper/include-cxxabi.cc +++ /dev/null @@ -1,8 +0,0 @@ -#include <cxxabi.h> -#include <iostream> - -int main(int argc, char **argv) -{ - std::cerr << "ok" << std::endl; - return 0; -} diff --git a/pkgs/test/cc-wrapper/ldflags-main.c b/pkgs/test/cc-wrapper/ldflags-main.c deleted file mode 100644 index 89832b3bbad2..000000000000 --- a/pkgs/test/cc-wrapper/ldflags-main.c +++ /dev/null @@ -1,12 +0,0 @@ -#include <stdio.h> - -extern unsigned int foo(void); - -int main(int argc, char **argv) -{ - if (foo() != 42) { - return 1; - } - fprintf(stderr, "ok\n"); - return 0; -} diff --git a/pkgs/test/cc-wrapper/multilib.nix b/pkgs/test/cc-wrapper/multilib.nix deleted file mode 100644 index a26880681f22..000000000000 --- a/pkgs/test/cc-wrapper/multilib.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib, stdenv }: - -stdenv.mkDerivation { - name = "cc-multilib-test"; - - # XXX: "depend" on cc-wrapper test? - - # TODO: Have tests report pointer size or something; ensure they are what we asked for - buildCommand = '' - NIX_DEBUG=1 $CC -v - NIX_DEBUG=1 $CXX -v - - printf "checking whether compiler builds valid C binaries...\n " >&2 - $CC -o cc-check ${./cc-main.c} - ./cc-check - - printf "checking whether compiler builds valid 32bit C binaries...\n " >&2 - $CC -m32 -o c32-check ${./cc-main.c} - ./c32-check - - printf "checking whether compiler builds valid 64bit C binaries...\n " >&2 - $CC -m64 -o c64-check ${./cc-main.c} - ./c64-check - - printf "checking whether compiler builds valid 32bit C++ binaries...\n " >&2 - $CXX -m32 -o cxx32-check ${./cxx-main.cc} - ./cxx32-check - - printf "checking whether compiler builds valid 64bit C++ binaries...\n " >&2 - $CXX -m64 -o cxx64-check ${./cxx-main.cc} - ./cxx64-check - - touch $out - ''; - - meta.platforms = lib.platforms.x86_64; -} diff --git a/pkgs/test/cc-wrapper/nostdinc-main.c b/pkgs/test/cc-wrapper/nostdinc-main.c deleted file mode 100644 index f71d155b1b27..000000000000 --- a/pkgs/test/cc-wrapper/nostdinc-main.c +++ /dev/null @@ -1,8 +0,0 @@ -// This one should not come from libc because of -nostdinc -#include <stdio.h> - -int main(int argc, char *argv[]) { - // provided by our own stdio.h - foo(); - return 0; -} diff --git a/pkgs/test/cc-wrapper/sanitizers.c b/pkgs/test/cc-wrapper/sanitizers.c deleted file mode 100644 index 93dd78a903ce..000000000000 --- a/pkgs/test/cc-wrapper/sanitizers.c +++ /dev/null @@ -1,8 +0,0 @@ -#include <sanitizer/asan_interface.h> -#include <stdio.h> - -int main(int argc, char **argv) -{ - fprintf(stderr, "ok\n"); - return 0; -} diff --git a/pkgs/test/cc-wrapper/stdio.h b/pkgs/test/cc-wrapper/stdio.h deleted file mode 100644 index 4bddf1d9d486..000000000000 --- a/pkgs/test/cc-wrapper/stdio.h +++ /dev/null @@ -1 +0,0 @@ -static void foo(void) {} |