[DistroKit] [PATCH 1/5] scripts: add helper to run PTXdist on all platformconfigs

[DistroKit] [PATCH 1/5] scripts: add helper to run PTXdist on all platformconfigs

[Roland Hieber]

This makes it easier not to forget some platforms e.g. when doing a
ptxdist migrate.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 scripts/p-all | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100755 scripts/p-all

diff --git a/scripts/p-all b/scripts/p-all
new file mode 100755
index 0000000..238a6a7
--- /dev/null
+++ b/scripts/p-all
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Run ptxdist on all platformconfigs
+PLATFORMS="v7a v8a rpi"
+for p in $PLATFORMS; do
+	ptxdist --platformconfig=configs/platform-${p}/platformconfig "$@"
+done
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

[DistroKit] [PATCH 2/5] ptxdist: version bump 2019.02.0 → 2019.03.0

[Roland Hieber]

Use default config values.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 configs/platform-rpi/platformconfig |  5 +++--
 configs/platform-v7a/platformconfig |  5 +++--
 configs/platform-v8a/platformconfig |  5 +++--
 configs/ptxconfig                   | 13 ++++---------
 4 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/configs/platform-rpi/platformconfig b/configs/platform-rpi/platformconfig
index 57e4fd9..97196e0 100644
--- a/configs/platform-rpi/platformconfig
+++ b/configs/platform-rpi/platformconfig
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# PTXdist 2019.02.0
+# PTXdist 2019.03.0
 #
 PTXCONF__platformconfig_MAGIC__=y
 
@@ -19,7 +19,7 @@ PTXCONF_PLATFORM="rpi"
 PTXCONF_PLATFORM_VERSION="-${PTXDIST_BSP_AUTOVERSION}"
 PTXCONF_RUNTIME=y
 PTXCONF_BUILDTIME=y
-PTXCONF_PLATFORMCONFIG_VERSION="2019.02.0"
+PTXCONF_PLATFORMCONFIG_VERSION="2019.03.0"
 
 #
 # architecture                  
@@ -80,6 +80,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}"
 # PTXCONF_TARGET_HARDEN_STACK is not set
 PTXCONF_TARGET_HARDEN_STACK_STRONG=y
 # PTXCONF_TARGET_HARDEN_STACK_ALL is not set
+# PTXCONF_TARGET_HARDEN_STACKCLASH is not set
 PTXCONF_TARGET_HARDEN_FORTIFY=y
 PTXCONF_TARGET_HARDEN_RELRO=y
 PTXCONF_TARGET_HARDEN_BINDNOW=y
diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
index 85b24bf..afb7c7b 100644
--- a/configs/platform-v7a/platformconfig
+++ b/configs/platform-v7a/platformconfig
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# PTXdist 2019.02.0
+# PTXdist 2019.03.0
 #
 PTXCONF__platformconfig_MAGIC__=y
 
@@ -19,7 +19,7 @@ PTXCONF_PLATFORM="v7a"
 PTXCONF_PLATFORM_VERSION="-${PTXDIST_BSP_AUTOVERSION}"
 PTXCONF_RUNTIME=y
 PTXCONF_BUILDTIME=y
-PTXCONF_PLATFORMCONFIG_VERSION="2019.02.0"
+PTXCONF_PLATFORMCONFIG_VERSION="2019.03.0"
 
 #
 # architecture                  
@@ -80,6 +80,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}"
 PTXCONF_TARGET_HARDEN_STACK=y
 # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
 # PTXCONF_TARGET_HARDEN_STACK_ALL is not set
+# PTXCONF_TARGET_HARDEN_STACKCLASH is not set
 PTXCONF_TARGET_HARDEN_FORTIFY=y
 PTXCONF_TARGET_HARDEN_RELRO=y
 PTXCONF_TARGET_HARDEN_BINDNOW=y
diff --git a/configs/platform-v8a/platformconfig b/configs/platform-v8a/platformconfig
index 92bfbed..4d128f3 100644
--- a/configs/platform-v8a/platformconfig
+++ b/configs/platform-v8a/platformconfig
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# PTXdist 2019.02.0
+# PTXdist 2019.03.0
 #
 PTXCONF__platformconfig_MAGIC__=y
 
@@ -19,7 +19,7 @@ PTXCONF_PLATFORM="v8a"
 PTXCONF_PLATFORM_VERSION="-${PTXDIST_BSP_AUTOVERSION}"
 PTXCONF_RUNTIME=y
 PTXCONF_BUILDTIME=y
-PTXCONF_PLATFORMCONFIG_VERSION="2019.02.0"
+PTXCONF_PLATFORMCONFIG_VERSION="2019.03.0"
 
 #
 # architecture                  
@@ -78,6 +78,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}"
 PTXCONF_TARGET_HARDEN_STACK=y
 # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
 # PTXCONF_TARGET_HARDEN_STACK_ALL is not set
+# PTXCONF_TARGET_HARDEN_STACKCLASH is not set
 PTXCONF_TARGET_HARDEN_FORTIFY=y
 PTXCONF_TARGET_HARDEN_RELRO=y
 PTXCONF_TARGET_HARDEN_BINDNOW=y
diff --git a/configs/ptxconfig b/configs/ptxconfig
index 1909d44..c738939 100644
--- a/configs/ptxconfig
+++ b/configs/ptxconfig
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# PTXdist 2019.02.0
+# PTXdist 2019.03.0
 #
 PTXCONF_DATAPARTITION=y
 
@@ -48,7 +48,7 @@ PTXCONF_PROJECT_CHECK_LICENSES=y
 PTXCONF_RUNTIME=y
 PTXCONF_BUILDTIME=y
 PTXCONF_VIRTUAL=y
-PTXCONF_CONFIGFILE_VERSION="2019.02.0"
+PTXCONF_CONFIGFILE_VERSION="2019.03.0"
 PTXCONF__ptxconfig_MAGIC__=y
 
 #
@@ -1366,7 +1366,6 @@ PTXCONF_SYSTEMD_UDEV_DRIVERS_RULES=y
 #
 # misc helper                   
 #
-# PTXCONF_SYSTEMD_UDEV_COLLECT is not set
 # PTXCONF_SYSTEMD_UDEV_MTD_PROBE is not set
 
 #
@@ -1656,6 +1655,7 @@ PTXCONF_NETWORKMANAGER_NMCLI=y
 # PTXCONF_NETWORKMANAGER_PPP is not set
 # PTXCONF_NETWORKMANAGER_CONCHECK is not set
 # PTXCONF_NETWORKMANAGER_EXAMPLES is not set
+# PTXCONF_NETWORKMANAGER_POLKIT is not set
 
 #
 # networkmanager plugins        
@@ -1701,7 +1701,6 @@ PTXCONF_OPENSSL=y
 # PTXCONF_SOCAT is not set
 # PTXCONF_STRONGSWAN is not set
 # PTXCONF_STUNNEL is not set
-# PTXCONF_SYSLOGNG is not set
 # PTXCONF_TCPDUMP is not set
 # PTXCONF_TCPWRAPPER is not set
 # PTXCONF_THTTPD is not set
@@ -1717,11 +1716,6 @@ PTXCONF_OPENSSL=y
 # PTXCONF_WPAN_TOOLS is not set
 # PTXCONF_ZSYNC is not set
 
-#
-# IPv4 -> IPv6 Transition Tools 
-#
-# PTXCONF_PTRTD is not set
-
 #
 # Disk and File Utilities       
 #
@@ -1873,6 +1867,7 @@ PTXCONF_LIBBLKID=y
 PTXCONF_LIBCAP=y
 # PTXCONF_LIBCAP_SETCAP is not set
 # PTXCONF_LIBCGROUP is not set
+# PTXCONF_LIBCONFIG is not set
 # PTXCONF_LIBCONFUSE is not set
 # PTXCONF_LIBDAEMON is not set
 # PTXCONF_LIBEDIT is not set
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

[DistroKit] [PATCH 3/5] v7a: enable stack clash protection

[Roland Hieber]

This setting was introduced in PTXdist 2019.03.0:

    Generate code to prevent stack clash style attacks. When this
    option is enabled, the compiler will only allocate one page of
    stack space at a time and each page is accessed immediately after
    allocation. Thus, it prevents allocations from jumping over any
    stack guard page provided by the operating system.

Make use of it to get more secure binaries.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 configs/platform-v7a/platformconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
index afb7c7b..6e44290 100644
--- a/configs/platform-v7a/platformconfig
+++ b/configs/platform-v7a/platformconfig
@@ -80,7 +80,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}"
 PTXCONF_TARGET_HARDEN_STACK=y
 # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
 # PTXCONF_TARGET_HARDEN_STACK_ALL is not set
-# PTXCONF_TARGET_HARDEN_STACKCLASH is not set
+PTXCONF_TARGET_HARDEN_STACKCLASH=y
 PTXCONF_TARGET_HARDEN_FORTIFY=y
 PTXCONF_TARGET_HARDEN_RELRO=y
 PTXCONF_TARGET_HARDEN_BINDNOW=y
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

[DistroKit] [PATCH 4/5] rpi: enable stack clash protection

[Roland Hieber]

This setting was introduced in PTXdist 2019.03.0:

    Generate code to prevent stack clash style attacks. When this
    option is enabled, the compiler will only allocate one page of
    stack space at a time and each page is accessed immediately after
    allocation. Thus, it prevents allocations from jumping over any
    stack guard page provided by the operating system.

Make use of it to get more secure binaries.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 configs/platform-rpi/platformconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/platform-rpi/platformconfig b/configs/platform-rpi/platformconfig
index 97196e0..c3a64cb 100644
--- a/configs/platform-rpi/platformconfig
+++ b/configs/platform-rpi/platformconfig
@@ -80,7 +80,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}"
 # PTXCONF_TARGET_HARDEN_STACK is not set
 PTXCONF_TARGET_HARDEN_STACK_STRONG=y
 # PTXCONF_TARGET_HARDEN_STACK_ALL is not set
-# PTXCONF_TARGET_HARDEN_STACKCLASH is not set
+PTXCONF_TARGET_HARDEN_STACKCLASH=y
 PTXCONF_TARGET_HARDEN_FORTIFY=y
 PTXCONF_TARGET_HARDEN_RELRO=y
 PTXCONF_TARGET_HARDEN_BINDNOW=y
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

[DistroKit] [PATCH 5/5] v8a: enable stack clash protection

[Roland Hieber]

This setting was introduced in PTXdist 2019.03.0:

    Generate code to prevent stack clash style attacks. When this
    option is enabled, the compiler will only allocate one page of
    stack space at a time and each page is accessed immediately after
    allocation. Thus, it prevents allocations from jumping over any
    stack guard page provided by the operating system.

Make use of it to get more secure binaries.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 configs/platform-v8a/platformconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/platform-v8a/platformconfig b/configs/platform-v8a/platformconfig
index 4d128f3..c8e4212 100644
--- a/configs/platform-v8a/platformconfig
+++ b/configs/platform-v8a/platformconfig
@@ -78,7 +78,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}"
 PTXCONF_TARGET_HARDEN_STACK=y
 # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
 # PTXCONF_TARGET_HARDEN_STACK_ALL is not set
-# PTXCONF_TARGET_HARDEN_STACKCLASH is not set
+PTXCONF_TARGET_HARDEN_STACKCLASH=y
 PTXCONF_TARGET_HARDEN_FORTIFY=y
 PTXCONF_TARGET_HARDEN_RELRO=y
 PTXCONF_TARGET_HARDEN_BINDNOW=y
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

Re: [DistroKit] [PATCH 3/5] v7a: enable stack clash protection

[Roland Hieber]

Nooo, these need a toolchain version bump because
-fstack-clash-protection is not known to gcc-7. Will send a v2 shortly.

 - Roland

On Fri, Mar 08, 2019 at 11:53:26AM +0100, Roland Hieber wrote:
> This setting was introduced in PTXdist 2019.03.0:
> 
>     Generate code to prevent stack clash style attacks. When this
>     option is enabled, the compiler will only allocate one page of
>     stack space at a time and each page is accessed immediately after
>     allocation. Thus, it prevents allocations from jumping over any
>     stack guard page provided by the operating system.
> 
> Make use of it to get more secure binaries.
> 
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> ---
>  configs/platform-v7a/platformconfig | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
> index afb7c7b..6e44290 100644
> --- a/configs/platform-v7a/platformconfig
> +++ b/configs/platform-v7a/platformconfig
> @@ -80,7 +80,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}"
>  PTXCONF_TARGET_HARDEN_STACK=y
>  # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
>  # PTXCONF_TARGET_HARDEN_STACK_ALL is not set
> -# PTXCONF_TARGET_HARDEN_STACKCLASH is not set
> +PTXCONF_TARGET_HARDEN_STACKCLASH=y
>  PTXCONF_TARGET_HARDEN_FORTIFY=y
>  PTXCONF_TARGET_HARDEN_RELRO=y
>  PTXCONF_TARGET_HARDEN_BINDNOW=y
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> DistroKit mailing list
> DistroKit@pengutronix.de

-- 
Roland Hieber                     | r.hieber@pengutronix.de     |
Pengutronix e.K.                  | https://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim | Phone: +49-5121-206917-5086 |
Amtsgericht Hildesheim, HRA 2686  | Fax:   +49-5121-206917-5555 |

_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de