Add stress test to patch all binaries in the machine

NixOS · Mar 11, 2023 · 0f9e307 · 0f9e307
1 parent 27cbc89
commit 0f9e307
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 0 deletions.
diff --git a/.github/workflows/stress.yml b/.github/workflows/stress.yml
@@ -0,0 +1,62 @@
+name: Stress tests
+on: workflow_dispatch
+
+jobs:
+  build_tarballs:
+    name: Build tarballs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v20
+      - name: Build tarballs
+        run: |
+          nix build -L .#hydraJobs.tarball
+          install -D ./result/tarballs/*.tar.bz2 ./dist/patchelf-$(cat version).tar.bz2
+          install -D ./result/tarballs/*.tar.gz ./dist/patchelf-$(cat version).tar.gz
+      - uses: actions/upload-artifact@v3
+        with:
+          name: patchelf
+          path: dist/*
+
+  build_musl:
+    name: Build static musl binaries
+    needs: [build_tarballs]
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: ["amd64", "i386", "ppc64le", "arm64v8", "arm32v7", "s390x", "riscv64"]
+    steps:
+      - name: Set up QEMU
+        if: matrix.platform != 'amd64'
+        uses: docker/setup-qemu-action@v2
+
+      - uses: actions/download-artifact@v3
+        with:
+          name: patchelf
+          path: dist
+      - name: Build binaries
+        env:
+          CXXFLAGS: "-D_FORTIFY_SOURCE=2 -fstack-protector-strong -Wformat -Werror=format-security -O2 -static"
+        run: |
+          cat <<EOF > build.sh
+          set -e
+          set -x
+          apk add build-base
+          tar -xf dist/*.tar.bz2
+          rm -f dist/*
+          cd patchelf-*
+          ./configure --prefix /patchelf
+          make check STRESS=1 || (cat tests/test-suite.log; exit 1)
+          make install-strip
+          cd -
+          tar -czf ./dist/patchelf-\$(cat patchelf-*/version)-\$(uname -m).tar.gz -C /patchelf .
+          EOF
+
+          if [ "${{ matrix.platform }}" == "i386" ]; then
+              ENTRYPOINT=linux32
+          else
+              ENTRYPOINT=
+          fi
+          docker run -e CXXFLAGS -v $(pwd):/gha ${{ matrix.platform }}/alpine:edge ${ENTRYPOINT} sh -ec "cd /gha && sh ./build.sh"
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -49,6 +49,7 @@ src_TESTS = \
   modify-execstack.sh \
   rename-dynamic-symbols.sh \
   overlapping-segments-after-rounding.sh \
+  stress.sh \
   empty-note.sh
 
 build_TESTS = \

diff --git a/tests/stress.sh b/tests/stress.sh
@@ -0,0 +1,45 @@
+#! /bin/sh -e
+
+[ "$STRESS" = "1" ] || exit 0
+
+SCRATCH=scratch/$(basename "$0" .sh)
+PATCHELF=$(readlink -f "../src/patchelf")
+
+rm -rf "${SCRATCH}"
+mkdir -p "${SCRATCH}"
+cd "${SCRATCH}"
+
+for lib in /usr/lib*/*.so* /usr/bin/* /usr/libexec/*
+do
+    if file "$lib" | grep -q -e "ELF.*dynamically"
+    then
+        echo "==============================================================="
+        echo "#### Copying"
+        echo "$lib"
+        echo "$(file $lib)"
+        blib="$(basename "$lib")"
+        cp "$lib" "$blib"
+        echo "#### chmod"
+        chmod +w "$blib"
+
+        echo "#### readelf before"
+        readelf -L "$blib" > /dev/null 2> re_before || echo
+        echo "#### ldd before"
+        ldd "$blib" | sed 's/0x.*//g' > ldd_before
+
+        echo "#### get rpath"
+        new_rpath="$(${PATCHELF} --print-rpath "$blib"):XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+        echo "#### new rpath: $new_rpath"
+        ${PATCHELF} --force-rpath --set-rpath "$new_rpath" "$blib"
+
+        echo "#### readelf after"
+        readelf -L "$blib" > /dev/null 2> re_after || echo
+        echo "#### ldd after"
+        ldd "$blib" | sed 's/0x.*//g' > ldd_after
+
+        diff re_before re_after
+        diff ldd_before ldd_after
+
+        rm "$blib"
+    fi
+done