checksec: use binutils instead of elfutils

readelf which makes most of checks should come from binutils package instead of elfutils

E.g. the PIE check from checksec, different readelf gives different result:
(elfutils)
$ /nix/store/rgrji20513g19ci0sa6jydm86gpf4j42-elfutils-0.158/bin/readelf -d /nix/store/q1sbn93v4k3166s091s9biygv9srv8qa-nginx-1.6.2/bin/nginx
2>/dev/null |grep -q '(DEBUG)' ; echo $?
1

(binutils)
$ /nix/store/b8qhjrwf8sf9ggkjxqqav7f1m6w83bh0-binutils-2.23.1/bin/readelf -d /nix/store/q1sbn93v4k3166s091s9biygv9srv8qa-nginx-1.6.2/bin/nginx
2>/dev/null | grep -q '(DEBUG)' ; echo $?
0
This commit is contained in:
Andrey Arapov 2015-04-05 21:13:26 +02:00
parent 8300898f98
commit 96063873e2

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, file, findutils, elfutils, glibc }:
{ stdenv, fetchurl, file, findutils, binutils, glibc, procps, coreutils }:
stdenv.mkDerivation rec {
name = "checksec-${version}";
@ -25,9 +25,11 @@ stdenv.mkDerivation rec {
substituteInPlace $out/bin/checksec --replace find ${findutils}/bin/find
substituteInPlace $out/bin/checksec --replace "file $" "${file}/bin/file $"
substituteInPlace $out/bin/checksec --replace "xargs file" "xargs ${file}/bin/file"
substituteInPlace $out/bin/checksec --replace " readelf -" " ${elfutils}/bin/readelf -"
substituteInPlace $out/bin/checksec --replace "(readelf -" "(${elfutils}/bin/readelf -"
substituteInPlace $out/bin/checksec --replace "command_exists readelf" "command_exists ${elfutils}/bin/readelf"
substituteInPlace $out/bin/checksec --replace " readelf -" " ${binutils}/bin/readelf -"
substituteInPlace $out/bin/checksec --replace "(readelf -" "(${binutils}/bin/readelf -"
substituteInPlace $out/bin/checksec --replace "command_exists readelf" "command_exists ${binutils}/bin/readelf"
substituteInPlace $out/bin/checksec --replace "/sbin/sysctl -" "${procps}/sbin/sysctl -"
substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -"
'';
phases = "unpackPhase patchPhase installPhase";