merge open MRs and fix pre-commit

add pre-commit hooks setup
slimm609 · May 27, 2022 · 24a81d3 · 24a81d3
1 parent 1235662
commit 24a81d3
Show file tree

Hide file tree

Showing 15 changed files with 124 additions and 38 deletions.
diff --git a/.git-hooks/post-checkout b/.git-hooks/post-checkout
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+# The current repo root
+CURRENT_REPO=$(git rev-parse --show-toplevel)
+if [[ -f $CURRENT_REPO/.gitlfs ]]; then
+  command -v git-lfs > /dev/null 2>&1 || {
+    echo >&2 "\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-commit.\n"
+    exit 2
+  }
+  git lfs post-checkout "$@"
+fi
diff --git a/.git-hooks/post-commit b/.git-hooks/post-commit
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+# The current repo root
+CURRENT_REPO=$(git rev-parse --show-toplevel)
+if [[ -f $CURRENT_REPO/.gitlfs ]]; then
+  command -v git-lfs > /dev/null 2>&1 || {
+    echo >&2 "\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-commit.\n"
+    exit 2
+  }
+  git lfs post-commit "$@"
+fi
+
+"${CURRENT_REPO}"/helpers/enable-git-hooks.sh
diff --git a/.git-hooks/post-merge b/.git-hooks/post-merge
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+# The current repo root
+CURRENT_REPO=$(git rev-parse --show-toplevel)
+if [[ -f $CURRENT_REPO/.gitlfs ]]; then
+  command -v git-lfs > /dev/null 2>&1 || {
+    echo >&2 "\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-commit.\n"
+    exit 2
+  }
+  git lfs post-merge "$@"
+fi
diff --git a/.git-hooks/pre-commit b/.git-hooks/pre-commit
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+#
+# An example hook script to verify what is about to be committed.
+# Called by "git commit" with no arguments.  The hook should
+# exit with non-zero status after issuing an appropriate message if
+# it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-commit".
+
+# The git hooks repo
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)"
+REPO_ROOT=$(cd "${DIR}" && git rev-parse --show-toplevel)
+# The current repo root, in case the repo is different from the hooks (this allows using a single pre-commit across multiple repos)
+CURRENT_REPO=$(git rev-parse --show-toplevel)
+
+# Redirect output to stderr.
+exec 1>&2
+
+# check to ensure all tools exist
+tools=('pre-commit' 'checkov' 'shfmt')
+for tool in "${tools[@]}"; do
+  if ! command -v "${tool}" > /dev/null 2>&1; then
+    cat << EOF
+    Error: ${tool} not found
+    Please install via brew or package manager
+    'brew install ${tool}'
+    or
+    install required tools
+    ${tools[*]}
+EOF
+    exit 2
+  fi
+done
+
+# run pre-commit checks
+pre-commit hook-impl --config="${REPO_ROOT}"/.pre-commit-config.yaml --hook-type=pre-commit --hook-dir "${CURRENT_REPO}" -- "$@"
diff --git a/.git-hooks/pre-push b/.git-hooks/pre-push
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+# The current repo root
+CURRENT_REPO=$(git rev-parse --show-toplevel)
+if [[ -f $CURRENT_REPO/.gitlfs ]]; then
+  command -v git-lfs > /dev/null 2>&1 || {
+    echo >&2 "\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-commit.\n"
+    exit 2
+  }
+  git lfs pre-push "$@"
+fi
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -12,7 +12,6 @@ jobs:
           curl -Lo ${HOME}/bin/shfmt https://github.com/mvdan/sh/releases/download/v3.4.0/shfmt_v3.4.0_linux_amd64
           chmod +x ${HOME}/bin/shfmt
           export PATH=${PATH}:${HOME}/bin
-          ./build.sh
           pre-commit run --all-files
           git status
           if [[ ! -z $(git status --porcelain) ]]; then
@@ -21,7 +20,5 @@ jobs:
           fi
       - name: ubuntu checksec
         run: docker-compose run checksec-ubuntu
-      - name: arch checksec
-        run: docker-compose run checksec-arch
       - name: photon checksec
         run: docker-compose run checksec-photon
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,18 @@
 repos:
+- repo: local
+  hooks:
+  - id: build_checksec
+    name: build checksec script
+    entry: bash ./hack/build.sh
+    language: system
+    pass_filenames: false
+  - id: enable_hooks
+    name: enable git hooks
+    entry: bash ./hack/enable-git-hooks.sh
+    language: system
+    pass_filenames: false
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.0.1
+  rev: v4.2.0
   hooks:
   - id: end-of-file-fixer
   - id: trailing-whitespace
@@ -14,9 +26,9 @@ repos:
   - id: shfmt
     args: ["-sr", "-i", "2", "-ci", "-w"]
   - id: shellcheck
-    args: ["-e", "SC2154,SC2164,SC2129"]
+    args: ["-e", "SC2154,SC2164,SC2129,SC2028"]
 - repo: https://github.com/Lucas-C/pre-commit-hooks
-  rev: v1.1.10
+  rev: v1.2.0
   hooks:
   - id: forbid-crlf
   - id: remove-crlf

diff --git a/Dockerfile.arch b/Dockerfile.arch
diff --git a/LICENSE.txt b/LICENSE.txt
@@ -1,6 +1,6 @@
 The BSD License (http://www.opensource.org/licenses/bsd-license.php)
 specifies the terms and conditions of use for checksec.sh:
-Copyright (c) 2014-2015, Brian Davis
+Copyright (c) 2014-2022, Brian Davis
 Copyright (c) 2013, Robin David
 Copyright (c) 2009-2011, Tobias Klein
 All rights reserved.

diff --git a/checksec b/checksec
@@ -3,7 +3,7 @@
 # in the src directory. Any updates to this file will be overwritten when generated
 
 # sanitize the environment before run
-[ "$(env | /bin/sed -r -e '/^(PWD|SHLVL|_)=/d')" ] && exec -c "$0" "$@"
+[[ "$(env | /bin/sed -r -e '/^(PWD|SHLVL|_)=/d')" ]] && exec -c "$0" "$@"
 
 # --- Modified Version ---
 # Name    : checksec.sh
@@ -29,7 +29,7 @@
 
 # The BSD License (http://www.opensource.org/licenses/bsd-license.php)
 # specifies the terms and conditions of use for checksec.sh:
-# Copyright (c) 2014-2015, Brian Davis
+# Copyright (c) 2014-2022, Brian Davis
 # Copyright (c) 2013, Robin David
 # Copyright (c) 2009-2011, Tobias Klein
 # All rights reserved.
@@ -86,9 +86,7 @@ FS_cnt_checked=0
 FS_cnt_unchecked=0
 FS_libc=0
 
-if [[ $(id -u) != 0 ]]; then
-  export PATH=${PATH}:/sbin/:/usr/sbin/
-fi
+PATH=${PATH}:/sbin/:/usr/sbin/
 
 # check if directory exists
 dir_exists() {
@@ -800,7 +798,7 @@ filecheck() {
   fi
 
   # check for stripped symbols in the binary
-  IFS=" " read -r -a SYM_cnt <<< "$(${readelf} --symbols "${1}" 2> /dev/null | grep '\.symtab' | cut -d' ' -f5 | cut -d: -f1))"
+  IFS=" " read -r -a SYM_cnt <<< "$(${readelf} --symbols "${1}" 2> /dev/null | grep '\.symtab' | cut -d' ' -f5 | cut -d: -f1)"
   if ${readelf} --symbols "${1}" 2> /dev/null | grep -q '\.symtab'; then
     echo_message "\033[31m${SYM_cnt[0]} Symbols\t\033[m  " 'Symbols,' ' symbols="yes"' '"symbols":"yes",'
   else
@@ -826,6 +824,8 @@ filecheck() {
     FS_libc=/lib/aarch64-linux-gnu/libc.so.6
   elif [[ -e /usr/x86_64-gentoo-linux-musl/bin/ld ]]; then
     FS_libc=/usr/x86_64-gentoo-linux-musl/bin/ld
+  elif [[ -e /usr/lib/loongarch64-linux-gnu/libc.so.6 ]]; then
+    FS_libc=/usr/lib/loongarch64-linux-gnu/libc.so.6
   else
     printf "\033[31mError: libc not found.\033[m\n\n"
     exit 1

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -8,13 +8,6 @@ services:
     image: checksec-ubuntu
     command: bash -c "./tests/test-checksec.sh"
 
-  checksec-arch:
-    build:
-      context: ./
-      dockerfile: Dockerfile.arch
-    image: checksec-arch
-    command: bash -c "./tests/test-checksec.sh"
-
   checksec-photon:
     build:
       context: ./

diff --git a/build.sh → hack/build.sh b/build.sh → hack/build.sh
@@ -2,7 +2,12 @@
 # generate the checksec file from the src directory
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)"
-generated_file="${SCRIPT_DIR}/checksec"
+REPO_ROOT="$(cd "${SCRIPT_DIR}" && git rev-parse --show-toplevel)"
+cd "${REPO_ROOT}" || {
+  echo "error: directory does not exist"
+  exit 1
+}
+generated_file="${REPO_ROOT}/checksec"
 
 # add shebang line and edit line
 cat << 'EOF' > "${generated_file}"
@@ -11,28 +16,28 @@ cat << 'EOF' > "${generated_file}"
 # in the src directory. Any updates to this file will be overwritten when generated
 
 # sanitize the environment before run
-[ "$(env | /bin/sed -r -e '/^(PWD|SHLVL|_)=/d')" ] && exec -c "$0" "$@"
+[[ "$(env | /bin/sed -r -e '/^(PWD|SHLVL|_)=/d')" ]] && exec -c "$0" "$@"
 EOF
 
 # add the header
-sed -e '1,3d' "${SCRIPT_DIR}"/src/header.sh >> "${generated_file}"
+sed -e '1,3d' "${REPO_ROOT}"/src/header.sh >> "${generated_file}"
 
 # add the license
 echo -ne "\n" >> "${generated_file}"
-sed 's/^/# /' "${SCRIPT_DIR}"/LICENSE.txt >> "${generated_file}"
+sed 's/^/# /' "${REPO_ROOT}"/LICENSE.txt >> "${generated_file}"
 
 # add the core file
-sed -e '1,3d' "${SCRIPT_DIR}"/src/core.sh >> "${generated_file}"
+sed -e '1,3d' "${REPO_ROOT}"/src/core.sh >> "${generated_file}"
 
 # join all function files together in the middle
 while read -r file; do
   # remove the first 3 lines of each source file
   # shebang line is included to properly shellcheck and format
   sed -e '1,3d' "${file}" >> "${generated_file}"
-done < <(find "${SCRIPT_DIR}"/src/functions -type f -iname "*.sh" | sort)
+done < <(find "${REPO_ROOT}"/src/functions -type f -iname "*.sh" | sort)
 
 # add the footer
-sed -e '1,3d' "${SCRIPT_DIR}"/src/footer.sh >> "${generated_file}"
+sed -e '1,3d' "${REPO_ROOT}"/src/footer.sh >> "${generated_file}"
 
 # make it executable
 chmod 755 "${generated_file}"
diff --git a/hack/enable-git-hooks.sh b/hack/enable-git-hooks.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+# enable git commit hooks
+
+LOCAL_REPO="$(git rev-parse --show-toplevel)"
+if [[ -d ${LOCAL_REPO}/.git-hooks/ ]]; then
+  git config core.hooksPath "${LOCAL_REPO}/.git-hooks/" > /dev/null
+fi
diff --git a/src/core.sh b/src/core.sh
@@ -30,9 +30,7 @@ FS_cnt_checked=0
 FS_cnt_unchecked=0
 FS_libc=0
 
-if [[ $(id -u) != 0 ]]; then
-  export PATH=${PATH}:/sbin/:/usr/sbin/
-fi
+PATH=${PATH}:/sbin/:/usr/sbin/
 
 # check if directory exists
 dir_exists() {

diff --git a/src/functions/filecheck.sh b/src/functions/filecheck.sh
@@ -103,7 +103,7 @@ filecheck() {
   fi
 
   # check for stripped symbols in the binary
-  IFS=" " read -r -a SYM_cnt <<< "$(${readelf} --symbols "${1}" 2> /dev/null | grep '\.symtab' | cut -d' ' -f5 | cut -d: -f1))"
+  IFS=" " read -r -a SYM_cnt <<< "$(${readelf} --symbols "${1}" 2> /dev/null | grep '\.symtab' | cut -d' ' -f5 | cut -d: -f1)"
   if ${readelf} --symbols "${1}" 2> /dev/null | grep -q '\.symtab'; then
     echo_message "\033[31m${SYM_cnt[0]} Symbols\t\033[m  " 'Symbols,' ' symbols="yes"' '"symbols":"yes",'
   else
@@ -129,6 +129,8 @@ filecheck() {
     FS_libc=/lib/aarch64-linux-gnu/libc.so.6
   elif [[ -e /usr/x86_64-gentoo-linux-musl/bin/ld ]]; then
     FS_libc=/usr/x86_64-gentoo-linux-musl/bin/ld
+  elif [[ -e /usr/lib/loongarch64-linux-gnu/libc.so.6 ]]; then
+    FS_libc=/usr/lib/loongarch64-linux-gnu/libc.so.6
   else
     printf "\033[31mError: libc not found.\033[m\n\n"
     exit 1