Skip to content

Commit eea343b

Browse files
PastaPastaPastaPastaPastaPasta
committed
8e07d33 merge bitcoin#33494: Update URL for `qrencode` package source tarball (Kittywhiskers Van Gogh) 3dd5c1c merge bitcoin#31500: Fix compiling `libevent` package on NetBSD (Kittywhiskers Van Gogh) be4e492 merge bitcoin#31800: Avoid using the `-ffile-prefix-map` compiler option (Kittywhiskers Van Gogh) 721da49 merge bitcoin#31661: Override default build type for `libevent` (Kittywhiskers Van Gogh) 802232d merge bitcoin#31125: add *FLAGS to gen_id (Kittywhiskers Van Gogh) 29c3c06 merge bitcoin#30774: Qt 5.15.16 (Kittywhiskers Van Gogh) 3dbc289 merge bitcoin#31627: Fix spacing issue (Kittywhiskers Van Gogh) 78ccada merge bitcoin#31552: Update capnproto to 1.1.0 (Kittywhiskers Van Gogh) aac17f3 merge bitcoin#31498: Ignore prefix directory on OpenBSD (Kittywhiskers Van Gogh) aa28a18 merge bitcoin#31484: update capnproto to 1.0.2 (Kittywhiskers Van Gogh) de2dc16 merge bitcoin#31461: add `-g` to *BSD_debug flags (Kittywhiskers Van Gogh) 31881e6 partial bitcoin#30940: Fix build with `MULTIPROCESS=1` in Guix environment (Kittywhiskers Van Gogh) f73021a merge bitcoin#30387: use c++ compiler rather than c compiler for binary checks (Kittywhiskers Van Gogh) 44ec95a merge bitcoin#29895: remove bzip2 from deps (Kittywhiskers Van Gogh) 86004c5 merge bitcoin#29249: add NM output to gen_id (Kittywhiskers Van Gogh) dc24acb refactor: point Qt URL to `archives` subdirectory (Kittywhiskers Van Gogh) 13e1bfe refactor: move `windres` fix to `hosts/mingw32.mk` (Kittywhiskers Van Gogh) b01440d merge bitcoin#28900: remove mingw-w64 install for "older" systems (Kittywhiskers Van Gogh) Pull request description: ## Additional Information * Dependency for #6919 * The current windres fix was introduced by [dash#6294](#6294) to fix mingw32 builds, the problem with the fix is that it assumes the target triple is fixed (i.e. `x86_64-w64-mingw32`), this may not hold true in the long run as Windows for ARM support is currently being tracked upstream (see [bitcoin#31388](bitcoin#31388)). To mitigate this, the fix has been generalised by setting the `WINDRES` variable, which is checked by `configure.ac` ([source](https://github.com/dashpay/dash/blob/f7dad69eab573c179060ff9eb1bbaccb317de6d3/configure.ac#L835)). * This fix had the effect of breaking detection (see error below) as `test -f` cannot traverse through `PATH` ([source](https://pubs.opengroup.org/onlinepubs/9799919799/utilities/test.html)), this has been resolved by using `command -v`, which is a better fit ([source](https://pubs.opengroup.org/onlinepubs/9799919799/utilities/command.html)) ``` make[1]: Entering directory '/distsrc-base/distsrc-23.0.0-rc.3-125-gca749d4d0d58-x86_64-w64-mingw32/src' make[2]: Entering directory '/distsrc-base/distsrc-23.0.0-rc.3-125-gca749d4d0d58-x86_64-w64-mingw32/src' CXX dashd-bitcoind.o windres x86_64-w64-mingw32-windres not found, but is required to compile windows resource files ``` * Versions below Qt 6.5 are considered (as of this writing), archived ([source](https://download.qt.io/official_releases/qt/)), this results in fetch failures that result in more usage of the cache fallback when trying to fetch Qt 5.15, which is now located in the archives ([source](https://download.qt.io/archive/qt/5.15/)). The URL has been updated to reflect the same. * While upstream reverted [bitcoin#33494](bitcoin#33494) with [bitcoin#33577](bitcoin#33577), the reasoning was to do with their cache and its interaction with the release process. As the underlying rationale for the revert doesn't match our case, we can retain the backport. ## Breaking Changes None expected. ## Checklist - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas **(note: N/A)** - [x] I have added or updated relevant unit/integration/functional/e2e tests **(note: N/A)** - [x] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: UdjinM6: utACK 8e07d33 Tree-SHA512: 3356603fb1f74470656f3df233100da8ff722dd95926c25a251fe542afc85876d6517a45bb015863003ffe485d3f17241e1e5e73fbbcc9b5e90729b429272300
2 parents 8863ba2 + 8e07d33 commit eea343b

39 files changed

+193
-256
lines changed

Makefile.am

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -319,14 +319,14 @@ clean-local: clean-docs
319319

320320
test-security-check:
321321
if TARGET_DARWIN
322-
$(AM_V_at) CC='$(CC)' CFLAGS='$(CFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-security-check.py TestSecurityChecks.test_MACHO
323-
$(AM_V_at) CC='$(CC)' CFLAGS='$(CFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-symbol-check.py TestSymbolChecks.test_MACHO
322+
$(AM_V_at) CXX='$(CXX)' CXXFLAGS='$(CXXFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-security-check.py TestSecurityChecks.test_MACHO
323+
$(AM_V_at) CXX='$(CXX)' CXXFLAGS='$(CXXFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-symbol-check.py TestSymbolChecks.test_MACHO
324324
endif
325325
if TARGET_WINDOWS
326-
$(AM_V_at) CC='$(CC)' CFLAGS='$(CFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-security-check.py TestSecurityChecks.test_PE
327-
$(AM_V_at) CC='$(CC)' CFLAGS='$(CFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-symbol-check.py TestSymbolChecks.test_PE
326+
$(AM_V_at) CXX='$(CXX)' CXXFLAGS='$(CXXFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-security-check.py TestSecurityChecks.test_PE
327+
$(AM_V_at) CXX='$(CXX)' CXXFLAGS='$(CXXFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-symbol-check.py TestSymbolChecks.test_PE
328328
endif
329329
if TARGET_LINUX
330-
$(AM_V_at) CC='$(CC)' CFLAGS='$(CFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-security-check.py TestSecurityChecks.test_ELF
331-
$(AM_V_at) CC='$(CC)' CFLAGS='$(CFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-symbol-check.py TestSymbolChecks.test_ELF
330+
$(AM_V_at) CXX='$(CXX)' CXXFLAGS='$(CXXFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-security-check.py TestSecurityChecks.test_ELF
331+
$(AM_V_at) CXX='$(CXX)' CXXFLAGS='$(CXXFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' $(PYTHON) $(top_srcdir)/contrib/devtools/test-symbol-check.py TestSymbolChecks.test_ELF
332332
endif

contrib/containers/guix/Dockerfile

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ SHELL ["/bin/bash", "-c"]
99
RUN apt-get update && \
1010
apt-get install -y --no-install-recommends --no-upgrade \
1111
build-essential \
12-
bzip2 \
1312
ca-certificates \
1413
curl \
1514
git \

contrib/devtools/test-security-check.py

Lines changed: 44 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,10 @@
1616
def write_testcode(filename):
1717
with open(filename, 'w', encoding="utf8") as f:
1818
f.write('''
19-
#include <stdio.h>
19+
#include <cstdio>
2020
int main()
2121
{
22-
printf("the quick brown fox jumps over the lazy god\\n");
22+
std::printf("the quick brown fox jumps over the lazy god\\n");
2323
return 0;
2424
}
2525
''')
@@ -35,111 +35,111 @@ def env_flags() -> List[str]:
3535
# See the definitions for ac_link in autoconf's lib/autoconf/c.m4 file for
3636
# reference.
3737
flags: List[str] = []
38-
for var in ['CFLAGS', 'CPPFLAGS', 'LDFLAGS']:
38+
for var in ['CXXFLAGS', 'CPPFLAGS', 'LDFLAGS']:
3939
flags += filter(None, os.environ.get(var, '').split(' '))
4040
return flags
4141

42-
def call_security_check(cc, source, executable, options):
43-
subprocess.run([*cc,source,'-o',executable] + env_flags() + options, check=True)
42+
def call_security_check(cxx, source, executable, options):
43+
subprocess.run([*cxx,source,'-o',executable] + env_flags() + options, check=True)
4444
p = subprocess.run([os.path.join(os.path.dirname(__file__), 'security-check.py'), executable], stdout=subprocess.PIPE, universal_newlines=True)
4545
return (p.returncode, p.stdout.rstrip())
4646

47-
def get_arch(cc, source, executable):
48-
subprocess.run([*cc, source, '-o', executable] + env_flags(), check=True)
47+
def get_arch(cxx, source, executable):
48+
subprocess.run([*cxx, source, '-o', executable] + env_flags(), check=True)
4949
binary = lief.parse(executable)
5050
arch = binary.abstract.header.architecture
5151
os.remove(executable)
5252
return arch
5353

5454
class TestSecurityChecks(unittest.TestCase):
5555
def test_ELF(self):
56-
source = 'test1.c'
56+
source = 'test1.cpp'
5757
executable = 'test1'
58-
cc = determine_wellknown_cmd('CC', 'gcc')
58+
cxx = determine_wellknown_cmd('CXX', 'g++')
5959
write_testcode(source)
60-
arch = get_arch(cc, source, executable)
60+
arch = get_arch(cxx, source, executable)
6161

6262
if arch == lief.ARCHITECTURES.X86:
63-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
63+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
6464
(1, executable+': failed PIE NX RELRO CONTROL_FLOW'))
65-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
65+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
6666
(1, executable+': failed PIE RELRO CONTROL_FLOW'))
67-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
67+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
6868
(1, executable+': failed PIE RELRO CONTROL_FLOW'))
69-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']),
69+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']),
7070
(1, executable+': failed RELRO CONTROL_FLOW'))
71-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']),
71+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']),
7272
(1, executable+': failed separate_code CONTROL_FLOW'))
73-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']),
73+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']),
7474
(1, executable+': failed CONTROL_FLOW'))
75-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code', '-fcf-protection=full']),
75+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code', '-fcf-protection=full']),
7676
(0, ''))
7777
else:
78-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
78+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
7979
(1, executable+': failed PIE NX RELRO'))
80-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
80+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
8181
(1, executable+': failed PIE RELRO'))
82-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
82+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
8383
(1, executable+': failed PIE RELRO'))
84-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']),
84+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']),
8585
(1, executable+': failed RELRO'))
86-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']),
86+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']),
8787
(1, executable+': failed separate_code'))
88-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']),
88+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']),
8989
(0, ''))
9090

9191
clean_files(source, executable)
9292

9393
def test_PE(self):
94-
source = 'test1.c'
94+
source = 'test1.cpp'
9595
executable = 'test1.exe'
96-
cc = determine_wellknown_cmd('CC', 'x86_64-w64-mingw32-gcc')
96+
cxx = determine_wellknown_cmd('CXX', 'x86_64-w64-mingw32-g++')
9797
write_testcode(source)
9898

99-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--disable-nxcompat','-Wl,--disable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fno-stack-protector']),
99+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--disable-nxcompat','-Wl,--disable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fno-stack-protector']),
100100
(1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA NX RELOC_SECTION CONTROL_FLOW Canary'))
101-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--disable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fstack-protector-all', '-lssp']),
101+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--disable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fstack-protector-all', '-lssp']),
102102
(1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA RELOC_SECTION CONTROL_FLOW'))
103-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fstack-protector-all', '-lssp']),
103+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-no-pie','-fno-PIE','-fstack-protector-all', '-lssp']),
104104
(1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA CONTROL_FLOW'))
105-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
105+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--disable-dynamicbase','-Wl,--disable-high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
106106
(1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA CONTROL_FLOW')) # -pie -fPIE does nothing unless --dynamicbase is also supplied
107-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--disable-high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
107+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--disable-high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
108108
(1, executable+': failed HIGH_ENTROPY_VA CONTROL_FLOW'))
109-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
109+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
110110
(1, executable+': failed CONTROL_FLOW'))
111-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE', '-fcf-protection=full','-fstack-protector-all', '-lssp']),
111+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE', '-fcf-protection=full','-fstack-protector-all', '-lssp']),
112112
(0, ''))
113113

114114
clean_files(source, executable)
115115

116116
def test_MACHO(self):
117-
source = 'test1.c'
117+
source = 'test1.cpp'
118118
executable = 'test1'
119-
cc = determine_wellknown_cmd('CC', 'clang')
119+
cxx = determine_wellknown_cmd('CXX', 'clang++')
120120
write_testcode(source)
121-
arch = get_arch(cc, source, executable)
121+
arch = get_arch(cxx, source, executable)
122122

123123
if arch == lief.ARCHITECTURES.X86:
124-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-no_fixup_chains']),
124+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-no_fixup_chains']),
125125
(1, executable+': failed NOUNDEFS Canary FIXUP_CHAINS PIE CONTROL_FLOW'))
126-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-fixup_chains']),
126+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-fixup_chains']),
127127
(1, executable+': failed NOUNDEFS Canary CONTROL_FLOW'))
128-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains']),
128+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains']),
129129
(1, executable+': failed NOUNDEFS CONTROL_FLOW'))
130-
self.assertEqual(call_security_check(cc, source, executable, ['-fstack-protector-all', '-Wl,-fixup_chains']),
130+
self.assertEqual(call_security_check(cxx, source, executable, ['-fstack-protector-all', '-Wl,-fixup_chains']),
131131
(1, executable+': failed CONTROL_FLOW'))
132-
self.assertEqual(call_security_check(cc, source, executable, ['-fstack-protector-all', '-fcf-protection=full', '-Wl,-fixup_chains']),
132+
self.assertEqual(call_security_check(cxx, source, executable, ['-fstack-protector-all', '-fcf-protection=full', '-Wl,-fixup_chains']),
133133
(0, ''))
134134
else:
135135
# arm64 darwin doesn't support non-PIE binaries, control flow or executable stacks
136-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-no_fixup_chains']),
136+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-no_fixup_chains']),
137137
(1, executable+': failed NOUNDEFS Canary FIXUP_CHAINS BRANCH_PROTECTION'))
138-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
138+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
139139
(1, executable+': failed NOUNDEFS Canary'))
140-
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
140+
self.assertEqual(call_security_check(cxx, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
141141
(1, executable+': failed NOUNDEFS'))
142-
self.assertEqual(call_security_check(cc, source, executable, ['-fstack-protector-all', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
142+
self.assertEqual(call_security_check(cxx, source, executable, ['-fstack-protector-all', '-Wl,-fixup_chains', '-mbranch-protection=bti']),
143143
(0, ''))
144144

145145

0 commit comments

Comments
 (0)