[tbb-commits] [tor-browser-bundle/master] Bug 20683: Integrate Selfrando into alpha Linux builds

gk at torproject.org gk at torproject.org
Mon May 8 18:37:51 UTC 2017


commit 332c5b6c16f1b0915f537a4ad5af48295f80c733
Author: Georg Koppen <gk at torproject.org>
Date:   Tue Apr 25 11:20:53 2017 +0000

    Bug 20683: Integrate Selfrando into alpha Linux builds
    
    Selfrando is a new defense against code reuse attacks developed by the
    Redactor and Readactor++ people. We should give it a wider testing
    audience by including it in the alpha series.
    
    This is currently only available for 64bit Linux builds, though.
    Supporting other platforms and architectures is work in progress.
---
 RelativeLink/start-tor-browser              |   1 +
 gitian/descriptors/linux/gitian-firefox.yml |  17 +++++
 gitian/descriptors/linux/gitian-utils.yml   |  46 +++++++++++++
 gitian/fetch-inputs.sh                      |   4 +-
 gitian/gpg/ELFUTILS.gpg                     | Bin 0 -> 10483 bytes
 gitian/mkbundle-linux.sh                    |  13 ++--
 gitian/patches/binutils-224-gold.patch      |  98 ++++++++++++++++++++++++++++
 gitian/verify-tags.sh                       |   3 +-
 gitian/versions.alpha                       |   4 ++
 gitian/versions.nightly                     |   4 ++
 10 files changed, 183 insertions(+), 7 deletions(-)

diff --git a/RelativeLink/start-tor-browser b/RelativeLink/start-tor-browser
index a78b367..2dd40fc 100755
--- a/RelativeLink/start-tor-browser
+++ b/RelativeLink/start-tor-browser
@@ -270,6 +270,7 @@ fi
 
 LD_LIBRARY_PATH="${HOME}/TorBrowser/Tor/"
 export LD_LIBRARY_PATH
+export SELFRANDO_write_layout_file=
 
 function setControlPortPasswd() {
     local ctrlPasswd=$1
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index c9ced44..db4f232 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -27,6 +27,8 @@ reference_datetime: "2000-01-01 00:00:00"
 remotes:
 - "url": "https://git.torproject.org/tor-browser.git"
   "dir": "tor-browser"
+- "url": "https://github.com/immunant/selfrando.git"
+  "dir": "selfrando"
 files:
 - "binutils-linux32-utils.zip"
 - "binutils-linux64-utils.zip"
@@ -36,6 +38,8 @@ files:
 - "re-dzip.sh"
 - "dzip.sh"
 - "versions"
+# XXX: 64bits only for now :(, see #20683.
+- "selfrando-linux64-utils.zip"
 script: |
   source versions
   INSTDIR="$HOME/install"
@@ -53,6 +57,11 @@ script: |
   export DEB_BUILD_HARDENING_FORMAT=1
   export DEB_BUILD_HARDENING_PIE=1
   #
+  # XXX: 64bits only for now :(, see #20683.
+  if [ $GBUILD_BITS == "64" ];
+  then
+    unzip -d $INSTDIR selfrando-linux64-utils.zip
+  fi
   # Preparing Binutils and GCC for Tor Browser
   unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
   # Make sure gold is used with the hardening wrapper for full RELRO, see
@@ -94,6 +103,14 @@ script: |
   find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
   rm -f configure
   rm -f js/src/configure
+  # XXX: 64bits only for now :(, see #20683.
+  if [ $GBUILD_BITS == "64" ];
+  then
+    # Selfrando wrapper
+    export PATH="$HOME/build/selfrando/Tools/TorBrowser/tc-wrapper/:$PATH"
+    # We need to avoid the shuffling while building as this breaks compilation
+    export SELFRANDO_skip_shuffle=
+  fi
   make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --with-distribution-id=org.torproject --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts"
   find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
   make $MAKEOPTS -f client.mk build
diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index d10422b..eb340b8 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -24,10 +24,14 @@ packages:
 - "libssl-dev"
 # Needed for binutils (64bit) as we are building with PIE enabled.
 - "libstdc++6-4.7-pic"
+# Needed for Selfrando
+- "scons"
 reference_datetime: "2000-01-01 00:00:00"
 remotes:
 - "url": "https://github.com/libevent/libevent.git"
   "dir": "libevent"
+- "url": "https://github.com/immunant/selfrando.git"
+  "dir": "selfrando"
 files:
 - "binutils.tar.bz2"
 - "gcc.tar.bz2"
@@ -37,6 +41,8 @@ files:
 - "go.tar.gz"
 - "versions"
 - "dzip.sh"
+- "elfutils.tar.bz2"
+- "binutils-224-gold.patch"
 script: |
   INSTDIR="$HOME/install"
   source versions
@@ -52,6 +58,12 @@ script: |
   export DEB_BUILD_HARDENING_FORMAT=1
   export DEB_BUILD_HARDENING_PIE=1
 
+  ARCH=""
+  if [ $GBUILD_BITS == "64" ];
+  then
+    ARCH="64"
+  fi
+
   # Building Binutils
   tar xjf binutils.tar.bz2
   # The libstdc++ shipped by default is non-PIC which breaks the binutils build
@@ -63,6 +75,13 @@ script: |
     export LDFLAGS="-L/home/debian -lstdc++"
   fi
   cd binutils*
+  # We need to work around a gold linker bug in 2.24 to get selfrando working,
+  # see bug 20683.
+  # XXX: 64bits only for now :(, see #20683.
+  if [ $GBUILD_BITS == "64" ];
+  then
+    patch -p1 < ../binutils-224-gold.patch
+  fi
   # We want to use gold as the linker in our toolchain mainly as it is way
   # faster when linking Tor Browser code (especially libxul). But apart from
   # that it fixes #12103 and issues with ESR 31 and our Gitian setup as well
@@ -86,6 +105,28 @@ script: |
   cd ..
 
   export DEB_BUILD_HARDENING_FORMAT=1
+  export PATH="$INSTDIR/binutils/bin:$INSTDIR/gcc/bin:$PATH"
+  export LD_LIBRARY_PATH="$INSTDIR/gcc/lib$ARCH"
+
+  # XXX: 64bits only for now :(, see #20683.
+  if [ $GBUILD_BITS == "64" ];
+  then
+    # Building Elfutils
+    tar xjf elfutils.tar.bz2
+    cd elfutils*/
+    ./configure --prefix=$INSTDIR/elfutils
+    make $MAKEOPTS
+    make install
+    cd ..
+
+    # Building Selfrando
+    cd selfrando
+    scons -Q arch=x86_64 LIBELF_PATH="$INSTDIR/elfutils" FORCE_INPLACE=1 DEBUG_LEVEL=env WRITE_LAYOUTS=env LOG=console
+    mkdir -p $INSTDIR/selfrando
+    cp out/x86_64/bin/* $INSTDIR/selfrando/
+    cd ..
+  fi
+
   # Building Libevent
   cd libevent
   ./autogen.sh
@@ -157,4 +198,9 @@ script: |
   ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-linux$GBUILD_BITS-utils.zip libevent
   ~/build/dzip.sh gmp-$GMP_VER-linux$GBUILD_BITS-utils.zip gmp
   ~/build/dzip.sh go-$GO_VER-linux$GBUILD_BITS-utils.zip go
+  # XXX: 64bits only for now :(, see #20683.
+  if [ $GBUILD_BITS == "64" ];
+  then
+    ~/build/dzip.sh selfrando-$SELFRANDO_TAG-linux$GBUILD_BITS-utils.zip selfrando
+  fi
   cp *utils.zip $OUTDIR/
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index b7fcf36..c110eb8 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -113,7 +113,7 @@ update_git() {
 
 ##############################################################################
 # Get+verify sigs that exist
-for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI
+for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS
 do
   PACKAGE="${i}_PACKAGE"
   URL="${i}_URL"
@@ -252,6 +252,7 @@ ln -sf "$GO_PACKAGE" go.tar.gz
 ln -sf "$NSIS_PACKAGE" nsis.tar.bz2
 ln -sf "$NSIS_DEBIAN_PACKAGE" nsis-debian.tar.xz
 ln -sf "$YASM_PACKAGE" yasm.tar.gz
+ln -sf "$ELFUTILS_PACKAGE" elfutils.tar.bz2
 
 # Fetch latest gitian-builder itself
 # XXX - this is broken if a non-standard inputs dir is selected using the command line flag.
@@ -303,6 +304,7 @@ depot_tools           https://chromium.googlesource.com/chromium/tools/depot_too
 go-webrtc             https://github.com/keroserene/go-webrtc $GO_WEBRTC_TAG
 snowflake             https://git.torproject.org/pluggable-transports/snowflake.git $SNOWFLAKE_TAG
 uniuri                https://github.com/dchest/uniuri $UNIURI_TAG
+selfrando             https://github.com/immunant/selfrando.git $SELFRANDO_TAG
 EOF
 
 # HTTPS-Everywhere is special, too. We need to initialize the git submodules and
diff --git a/gitian/gpg/ELFUTILS.gpg b/gitian/gpg/ELFUTILS.gpg
new file mode 100644
index 0000000..f1cd4b3
Binary files /dev/null and b/gitian/gpg/ELFUTILS.gpg differ
diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh
index 6dbbe51..0a1613f 100755
--- a/gitian/mkbundle-linux.sh
+++ b/gitian/mkbundle-linux.sh
@@ -35,7 +35,7 @@ fi
 
 if [ -z "$VM_MEMORY" ];
 then
-  export VM_MEMORY=4000
+  export VM_MEMORY=6000
 fi
 
 ./make-vms.sh
@@ -99,7 +99,7 @@ then
 fi
 
 cd $GITIAN_DIR
-
+# XXX: 64bits selfrando only for now :(, see #20683.
 if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \
      ! -f inputs/binutils-$BINUTILS_VER-linux64-utils.zip -o \
      ! -f inputs/gcc-$GCC_VER-linux32-utils.zip -o \
@@ -111,13 +111,14 @@ if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \
      ! -f inputs/gmp-$GMP_VER-linux32-utils.zip -o \
      ! -f inputs/gmp-$GMP_VER-linux64-utils.zip -o \
      ! -f inputs/go-$GO_VER-linux32-utils.zip -o \
-     ! -f inputs/go-$GO_VER-linux64-utils.zip ];
+     ! -f inputs/go-$GO_VER-linux64-utils.zip -o \
+     ! -f inputs/selfrando-$SELFRANDO_TAG-linux64-utils.zip ];
 then
   echo
   echo "****** Starting Utilities Component of Linux Bundle (1/7 for Linux) ******"
   echo
 
-  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml
+  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml
   if [ $? -ne 0 ];
   then
     #mv var/build.log ./utils-fail-linux.log.`date +%Y%m%d%H%M%S`
@@ -138,6 +139,7 @@ then
   ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip
   ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip
   ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip
+  ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip
   cd ..
   #cp -a result/utils-linux-res.yml inputs/
 else
@@ -159,6 +161,7 @@ else
   ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip
   ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip
   ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip
+  ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip
   cd ..
 fi
 
@@ -193,7 +196,7 @@ then
   echo "****** Starting TorBrowser Component of Linux Bundle (3/7 for Linux) ******"
   echo
 
-  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml
+  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml
   if [ $? -ne 0 ];
   then
     #mv var/build.log ./firefox-fail-linux.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/patches/binutils-224-gold.patch b/gitian/patches/binutils-224-gold.patch
new file mode 100644
index 0000000..a45e49c
--- /dev/null
+++ b/gitian/patches/binutils-224-gold.patch
@@ -0,0 +1,98 @@
+From f984741df04cd68bb116073fdfa9405808810ab4 Mon Sep 17 00:00:00 2001
+From: Cary Coutant <ccoutant at google.com>
+Date: Wed, 5 Feb 2014 22:59:02 -0800
+Subject: [PATCH] Fix issues with gold undefined symbol diagnostics.
+
+PR binutils/15435 complains that gold issues a visibility error for an
+weak undefined symbol with hidden visibility. The message should be
+suppressed if the symbol is a weak undef.
+
+An earlier patch to add an extra note about key functions when a class's
+vtable symbol is undefined missed a case where the reference to the
+vtable came from a shared library. This patch moves the check to a
+lower-level routine that catches both cases.
+
+gold/
+
+2014-02-05  Cary Coutant  <ccoutant at google.com>
+
+	* errors.cc (Errors::undefined_symbol): Move undef vtable symbol
+	check to here.
+	* target-reloc.h (is_strong_undefined): New function.
+	(relocate_section): Move undef vtable symbol check from here.
+	Check for is_strong_undefined.
+
+diff --git a/gold/ChangeLog b/gold/ChangeLog
+index dcf7ed41f8..dd7ef72980 100644
+--- a/gold/ChangeLog
++++ b/gold/ChangeLog
+@@ -1,3 +1,14 @@
++2014-02-05  Cary Coutant  <ccoutant at google.com>
++
++	Fix issues with gold undefined symbol diagnostics.
++
++	PR binutils/15435
++	* errors.cc (Errors::undefined_symbol): Move undef vtable symbol
++	check to here.
++	* target-reloc.h (is_strong_undefined): New function.
++	(relocate_section): Move undef vtable symbol check from here.
++	Check for is_strong_undefined.
++
+ 2013-11-22  Cary Coutant  <ccoutant at google.com>
+ 
+ 	* testsuite/Makefile.am (exception_x86_64_bnd_test): Use in-tree
+diff --git a/gold/errors.cc b/gold/errors.cc
+index b79764bd1d..98db0fdd86 100644
+--- a/gold/errors.cc
++++ b/gold/errors.cc
+@@ -193,6 +193,11 @@ Errors::undefined_symbol(const Symbol* sym, const std::string& location)
+     fprintf(stderr,
+             _("%s: %s: undefined reference to '%s', version '%s'\n"),
+ 	    location.c_str(), zmsg, sym->demangled_name().c_str(), version);
++
++  if (sym->is_cxx_vtable())
++    gold_info(_("%s: the vtable symbol may be undefined because "
++		"the class is missing its key function"),
++	      program_name);
+ }
+ 
+ // Issue a debugging message.
+diff --git a/gold/target-reloc.h b/gold/target-reloc.h
+index b544c78f37..d609bcbaa8 100644
+--- a/gold/target-reloc.h
++++ b/gold/target-reloc.h
+@@ -144,6 +144,12 @@ class Default_comdat_behavior
+   }
+ };
+ 
++inline bool
++is_strong_undefined(const Symbol* sym)
++{
++  return sym->is_undefined() && sym->binding() != elfcpp::STB_WEAK;
++}
++
+ // Give an error for a symbol with non-default visibility which is not
+ // defined locally.
+ 
+@@ -411,16 +417,10 @@ relocate_section(
+ 	}
+ 
+       if (issue_undefined_symbol_error(sym))
+-	{
+-	  gold_undefined_symbol_at_location(sym, relinfo, i, offset);
+-	  if (sym->is_cxx_vtable())
+-	    gold_info(_("%s: the vtable symbol may be undefined because "
+-			"the class is missing its key function"),
+-		      program_name);
+-	}
++	gold_undefined_symbol_at_location(sym, relinfo, i, offset);
+       else if (sym != NULL
+ 	       && sym->visibility() != elfcpp::STV_DEFAULT
+-	       && (sym->is_undefined() || sym->is_from_dynobj()))
++	       && (is_strong_undefined(sym) || sym->is_from_dynobj()))
+ 	visibility_error(sym);
+ 
+       if (sym != NULL && sym->has_warning())
+-- 
+2.11.0
+
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index dc207f5..7d551b8 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -125,10 +125,11 @@ depot_tools             $DEPOT_TOOLS_TAG
 go-webrtc               $GO_WEBRTC_TAG
 snowflake               $SNOWFLAKE_TAG
 uniuri                  $UNIURI_TAG
+selfrando               $SELFRANDO_TAG
 EOF
 
 # Verify signatures on signed packages
-for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI
+for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS
 do
   PACKAGE="${i}_PACKAGE"
   URL="${i}_URL"
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index adb9dbf..33be86d 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -47,6 +47,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou
 GO_WEBRTC_TAG=ab1b64862e0c4b4182010699911c2c5818f0a101
 SNOWFLAKE_TAG=9f2e9a6ecb696149708716ca06ce842df03cf492
 UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
+SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb
 
 GITIAN_TAG=tor-browser-builder-4-4
 
@@ -71,6 +72,7 @@ GO14_VER=1.4.3
 GO_VER=1.8.1
 NSIS_VER=2.51
 YASM_VER=1.2.0
+ELFUTILS_VER=0.160
 
 ## File names for the source packages
 OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
@@ -105,6 +107,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf
 NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf
 NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf
 YASM_PACKAGE=yasm-${YASM_VER}.tar.gz
+ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2
 
 # Hashes for packages with weak sigs or no sigs
 OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
@@ -167,3 +170,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE}
 NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE}
 NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE}
 YASM_URL=https://www.tortall.net/projects/yasm/releases/${YASM_PACKAGE}
+ELFUTILS_URL=https://sourceware.org/elfutils/ftp/${ELFUTILS_VER}/${ELFUTILS_PACKAGE}
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 4e1618c..69ddb47 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -54,6 +54,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou
 GO_WEBRTC_TAG=master
 SNOWFLAKE_TAG=master
 UNIURI_TAG=master
+SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb
 
 GITIAN_TAG=tor-browser-builder-4
 
@@ -78,6 +79,7 @@ GO14_VER=1.4.3
 GO_VER=1.8.1
 NSIS_VER=2.51
 YASM_VER=1.2.0
+ELFUTILS_VER=0.166
 
 ## File names for the source packages
 OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
@@ -112,6 +114,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf
 NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf
 NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf
 YASM_PACKAGE=yasm-${YASM_VER}.tar.gz
+ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2
 
 # Hashes for packages with weak sigs or no sigs
 OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
@@ -174,3 +177,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE}
 NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE}
 NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE}
 YASM_URL=https://www.tortall.net/projects/yasm/releases/${YASM_PACKAGE}
+ELFUTILS_URL=https://sourceware.org/elfutils/ftp/${ELFUTILS_VER}/${ELFUTILS_PACKAGE}



More information about the tbb-commits mailing list