[openssh-commits] [openssh] 01/01: Add test against Graphene hardened malloc.

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Jan 9 00:45:57 AEDT 2021


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit b744914fcb76d70761f1b667de95841b3fc80a56
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Sat Jan 9 00:36:05 2021 +1100

    Add test against Graphene hardened malloc.
---
 .github/setup_ci.sh         | 12 +++++++++++-
 .github/workflows/c-cpp.yml |  1 +
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index 61349be1..2d489b7e 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -40,7 +40,10 @@ for TARGET in $TARGETS; do
     "--with-selinux")
         PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
         ;;
-    *) echo "Invalid option"
+    "--with-ldflags=-lhardened_malloc")
+        INSTALL_HARDENED_MALLOC=yes
+       ;;
+    *) echo "Invalid option '${TARGET}'"
         exit 1
         ;;
     esac
@@ -56,3 +59,10 @@ if [ "x" != "x$PACKAGES" ]; then
     sudo apt update -qq
     sudo apt install -qy $PACKAGES
 fi
+
+if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
+    (cd ${HOME} &&
+     git clone https://github.com/GrapheneOS/hardened_malloc.git &&
+     cd ${HOME}/hardened_malloc &&
+     make && sudo cp libhardened_malloc.so /usr/lib/)
+fi
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
index 5c5dd6bd..c019d96e 100644
--- a/.github/workflows/c-cpp.yml
+++ b/.github/workflows/c-cpp.yml
@@ -16,6 +16,7 @@ jobs:
         configs:
         - ""
         - "--with-kerberos5 --with-libedit --with-pam --with-security-key-builtin --with-selinux"
+        - "--with-ldflags=-lhardened_malloc"
 
     steps:
     - uses: actions/checkout at v2

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list