bitcoin/contrib/devtools
Wladimir J. van der Laan 634f6ec4eb contrib: Parse ELF directly for symbol and security checks
Instead of the ever-messier text parsing of the output of the readelf
tool (which is clearly meant for human consumption not to be machine
parseable), parse the ELF binaries directly.

Add a small dependency-less ELF parser specific to the checks.

This is slightly more secure, too, because it removes potential
ambiguity due to misparsing and changes in the output format of `elfread`. It
also allows for stricter and more specific ELF format checks in the future.

This removes the build-time dependency for `readelf`.

It passes the test-security-check for me locally, though I haven't
checked on all platforms.
2020-11-22 11:11:32 +01:00
..
circular-dependencies.py scripted-diff: Bump copyright headers 2020-04-16 13:33:09 -04:00
clang-format-diff.py test/contrib: Fix invalid escapes in regex strings 2019-09-03 14:38:38 -04:00
copyright_header.py Replace current benchmarking framework with nanobench 2020-06-13 12:24:18 +02:00
gen-manpages.sh scripted-diff: Add missed copyright headers 2020-01-04 20:18:28 +02:00
pixie.py contrib: Parse ELF directly for symbol and security checks 2020-11-22 11:11:32 +01:00
README.md contrib: Remove optimize-pngs.py script, which lives in the maintainer repo 2020-05-05 07:25:58 -04:00
security-check.py contrib: Parse ELF directly for symbol and security checks 2020-11-22 11:11:32 +01:00
split-debug.sh.in gitian: Improve error handling 2019-03-07 17:21:46 +01:00
symbol-check.py contrib: Parse ELF directly for symbol and security checks 2020-11-22 11:11:32 +01:00
test-security-check.py devtools: Add security check for separate_code 2020-07-28 12:57:35 +08:00
test_deterministic_coverage.sh Make test DoS_mapOrphans deterministic 2020-07-21 09:18:57 +03:00
utxo_snapshot.sh devtools: add utxo_snapshot.sh 2019-11-05 13:36:04 -05:00

Contents

This directory contains tools for developers working on this repository.

clang-format-diff.py

A script to format unified git diffs according to .clang-format.

Requires clang-format, installed e.g. via brew install clang-format on macOS.

For instance, to format the last commit with 0 lines of context, the script should be called from the git root folder as follows.

git diff -U0 HEAD~1.. | ./contrib/devtools/clang-format-diff.py -p1 -i -v

copyright_header.py

Provides utilities for managing copyright headers of The Bitcoin Core developers in repository source files. It has three subcommands:

$ ./copyright_header.py report <base_directory> [verbose]
$ ./copyright_header.py update <base_directory>
$ ./copyright_header.py insert <file>

Running these subcommands without arguments displays a usage string.

Produces a report of all copyright header notices found inside the source files of a repository. Useful to quickly visualize the state of the headers. Specifying verbose will list the full filenames of files of each category.

Updates all the copyright headers of The Bitcoin Core developers which were changed in a year more recent than is listed. For example:

// Copyright (c) <firstYear>-<lastYear> The Bitcoin Core developers

will be updated to:

// Copyright (c) <firstYear>-<lastModifiedYear> The Bitcoin Core developers

where <lastModifiedYear> is obtained from the git log history.

This subcommand also handles copyright headers that have only a single year. In those cases:

// Copyright (c) <year> The Bitcoin Core developers

will be updated to:

// Copyright (c) <year>-<lastModifiedYear> The Bitcoin Core developers

where the update is appropriate.

Inserts a copyright header for The Bitcoin Core developers at the top of the file in either Python or C++ style as determined by the file extension. If the file is a Python file and it has #! starting the first line, the header is inserted in the line below it.

The copyright dates will be set to be <year_introduced>-<current_year> where <year_introduced> is according to the git log history. If <year_introduced> is equal to <current_year>, it will be set as a single year rather than two hyphenated years.

If the file already has a copyright for The Bitcoin Core developers, the script will exit.

gen-manpages.sh

A small script to automatically create manpages in ../../doc/man by running the release binaries with the -help option. This requires help2man which can be found at: https://www.gnu.org/software/help2man/

With in-tree builds this tool can be run from any directory within the repostitory. To use this tool with out-of-tree builds set BUILDDIR. For example:

BUILDDIR=$PWD/build contrib/devtools/gen-manpages.sh

security-check.py and test-security-check.py

Perform basic security checks on a series of executables.

symbol-check.py

A script to check that the executables produced by gitian only contain certain symbols and are only linked against allowed libraries.

For Linux this means checking for allowed gcc, glibc and libstdc++ version symbols. This makes sure they are still compatible with the minimum supported distribution versions.

For macOS and Windows we check that the executables are only linked against libraries we allow.

Example usage after a gitian build:

find ../gitian-builder/build -type f -executable | xargs python3 contrib/devtools/symbol-check.py

If no errors occur the return value will be 0 and the output will be empty.

If there are any errors the return value will be 1 and output like this will be printed:

.../64/test_bitcoin: symbol memcpy from unsupported version GLIBC_2.14
.../64/test_bitcoin: symbol __fdelt_chk from unsupported version GLIBC_2.15
.../64/test_bitcoin: symbol std::out_of_range::~out_of_range() from unsupported version GLIBCXX_3.4.15
.../64/test_bitcoin: symbol _ZNSt8__detail15_List_nod from unsupported version GLIBCXX_3.4.15

circular-dependencies.py

Run this script from the root of the source tree (src/) to find circular dependencies in the source code. This looks only at which files include other files, treating the .cpp and .h file as one unit.

Example usage:

cd .../src
../contrib/devtools/circular-dependencies.py {*,*/*,*/*/*}.{h,cpp}