Update buildroot 2020.02.01 (#622)

* Update buildroot 2020.02.01 Signed-off-by: Pascal Vizeli <pvizeli@syshack.ch> * Fix LN * Fix wpa Signed-off-by: Pascal Vizeli <pvizeli@syshack.ch> * Fix lint Signed-off-by: Pascal Vizeli <pvizeli@syshack.ch> * fix-network Signed-off-by: Pascal Vizeli <pvizeli@syshack.ch> * Fix script Signed-off-by: Pascal Vizeli <pvizeli@syshack.ch>
2020-04-16 20:03:01 +02:00
parent 0c2b5aff65
commit 5a6678147e
6201 changed files with 73436 additions and 70757 deletions
--- a/buildroot/support/testing/tests/core/test_hardening.py
+++ b/buildroot/support/testing/tests/core/test_hardening.py
@@ -1,5 +1,4 @@
 import os
-import subprocess
 import json

 import infra.basetest
@@ -26,13 +25,11 @@ class TestHardeningBase(infra.basetest.BRTest):

    def checksec_run(self, target_file):
        filepath = os.path.join(self.builddir, "target", target_file)
-        cmd = ["host/bin/checksec", "--output", "json", "--file", filepath]
+        cmd = ["host/bin/checksec", "--format=json",
+               "--file={}".format(filepath)]
        # Checksec is being used for elf file analysis only.  There are no
        # assumptions of target/run-time checks as part of this testing.
-        ret = subprocess.check_output(cmd,
-                                      stderr=open(os.devnull, "w"),
-                                      cwd=self.builddir,
-                                      env={"LANG": "C"})
+        ret = infra.run_cmd_on_host(self.builddir, cmd)
        return json.loads(ret)


@@ -45,8 +42,9 @@ class TestRelro(TestHardeningBase):
    def test_run(self):
        for f in self.checksec_files:
            out = self.checksec_run(f)
-            self.assertEqual(out["file"]["relro"], "full")
-            self.assertEqual(out["file"]["pie"], "yes")
+            filepath = os.path.join(self.builddir, "target", f)
+            self.assertEqual(out[filepath]["relro"], "full")
+            self.assertEqual(out[filepath]["pie"], "yes")


 class TestRelroPartial(TestHardeningBase):
@@ -58,8 +56,9 @@ class TestRelroPartial(TestHardeningBase):
    def test_run(self):
        for f in self.checksec_files:
            out = self.checksec_run(f)
-            self.assertEqual(out["file"]["relro"], "partial")
-            self.assertEqual(out["file"]["pie"], "no")
+            filepath = os.path.join(self.builddir, "target", f)
+            self.assertEqual(out[filepath]["relro"], "partial")
+            self.assertEqual(out[filepath]["pie"], "no")


 class TestSspNone(TestHardeningBase):
@@ -71,7 +70,8 @@ class TestSspNone(TestHardeningBase):
    def test_run(self):
        for f in self.checksec_files:
            out = self.checksec_run(f)
-            self.assertEqual(out["file"]["canary"], "no")
+            filepath = os.path.join(self.builddir, "target", f)
+            self.assertEqual(out[filepath]["canary"], "no")


 class TestSspStrong(TestHardeningBase):
@@ -83,7 +83,8 @@ class TestSspStrong(TestHardeningBase):
    def test_run(self):
        for f in self.checksec_files:
            out = self.checksec_run(f)
-            self.assertEqual(out["file"]["canary"], "yes")
+            filepath = os.path.join(self.builddir, "target", f)
+            self.assertEqual(out[filepath]["canary"], "yes")


 class TestFortifyNone(TestHardeningBase):
@@ -95,7 +96,8 @@ class TestFortifyNone(TestHardeningBase):
    def test_run(self):
        for f in self.checksec_files:
            out = self.checksec_run(f)
-            self.assertEqual(out["file"]["fortified"], "0")
+            filepath = os.path.join(self.builddir, "target", f)
+            self.assertEqual(out[filepath]["fortified"], "0")


 class TestFortifyConserv(TestHardeningBase):
@@ -107,4 +109,5 @@ class TestFortifyConserv(TestHardeningBase):
    def test_run(self):
        for f in self.checksec_files:
            out = self.checksec_run(f)
-            self.assertNotEqual(out["file"]["fortified"], "0")
+            filepath = os.path.join(self.builddir, "target", f)
+            self.assertNotEqual(out[filepath]["fortified"], "0")
--- a/buildroot/support/testing/tests/core/test_post_scripts.py
+++ b/buildroot/support/testing/tests/core/test_post_scripts.py
@@ -20,7 +20,7 @@ class TestPostScripts(infra.basetest.BRTest):

    def check_post_log_file(self, f, what, target_dir):
        lines = {}
-        with open(os.path.join(self.builddir, "build", f), 'rb') as csvfile:
+        with open(os.path.join(self.builddir, "build", f), newline='') as csvfile:
            r = csv.reader(csvfile, delimiter=',')
            for row in r:
                lines[row[0]] = row[1]
--- a/buildroot/support/testing/tests/core/test_root_password.py
+++ b/buildroot/support/testing/tests/core/test_root_password.py
@@ -0,0 +1,36 @@
+import os
+import infra.basetest
+from crypt import crypt
+
+
+class TestRootPassword(infra.basetest.BRTest):
+    password = "foo"
+    config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
+        """
+        BR2_TARGET_ROOTFS_CPIO=y
+        BR2_TARGET_ENABLE_ROOT_LOGIN=y
+        BR2_TARGET_GENERIC_ROOT_PASSWD="{}"
+        """.format(password)
+
+    def test_run(self):
+        # 1. Test by looking hash in the /etc/shadow
+        shadow = os.path.join(self.builddir, "target", "etc", "shadow")
+        with open(shadow, "r") as f:
+            users = f.readlines()
+            for user in users:
+                s = user.split(":")
+                n, h = s[0], s[1]
+                if n == "root":
+                    # Fail if the account is disabled or no password is required
+                    self.assertTrue(h not in ["", "*"])
+                    # Fail if the hash isn't right
+                    self.assertEqual(crypt(self.password, h), h)
+
+        # 2. Test by attempting to login
+        cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+        try:
+            self.emulator.boot(arch="armv7", kernel="builtin",
+                               options=["-initrd", cpio_file])
+            self.emulator.login(self.password)
+        except SystemError:
+            self.fail("Unable to login with the password")