Regarding Armins question:
If the config file you've used (e.g. th eon ein the selftest)
enables all the tests, then it should be fine indeed. I'm not
completely sure what the core-mage-minimal includes though. It
if it contains systemd the build should be failing if the rpath
check is enabled (you would have to whitelist the binaries in
the config file)
Currently there is no test for failing. Should i add one?
Sure i can remove the ".py", i just want to avoid confusion of
"checksec.sh" and "checksec.py" (which are completely different
Regarding Roberts question:
In case the tooling finds a violation it fails the build and
outputs an error message containing the buildsystem paths to the
binaries and the actual check it is failing. The message also
contains some reasoning on why the used feature shouldn't be
used. The bitbake class basically take the output you pasted
(there is a json mode) and checks it against the whitelist (and
some other unreasonable things, such as usage of relro in
statically linked applications)
On 21.08.21 18:59, Robert Berger
On 21/08/2021 18:35, Armin Kuster wrote:
Regarding the selftest, is there test for failure?
I ran this against core-image-minimal and nothing was printed
that mean its fine?
You may want to remove the ".py" from
python3-checksec.py-native_0.6.1.bb, its not needed.
If you run checksec manually against some binary e.g.
ls.coreutils it outputs something like this: