sinjuginas/rpm-build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handle $VERIFY_ELF_FHS and $VERIFY_ELF_UNRESOLVED

Browse Source
This commit is contained in:
Дмитрий Левин 2006-01-14 20:44:54 +00:00
parent 824fa6f480
commit 7e5f0d44b2
1 changed files with 55 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
scripts/verify-elf.in
View File

@ -3,7 +3,7 @@
# verify-elf - verify ELF objects. # verify-elf - verify ELF objects.
# #
# $Id$ # $Id$
# Copyright (C) 2002, 2003, 2004 Dmitry V. Levin <ldv@altlinux.org> # Copyright (C) 2002, 2003, 2004, 2006 Dmitry V. Levin <ldv@altlinux.org>
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -25,6 +25,8 @@ ValidateBuildRoot
: ${RPM_VERIFY_ELF_SKIPLIST:=} : ${RPM_VERIFY_ELF_SKIPLIST:=}
elf_ldd='@RPMCONFIGDIR@/ldd'
rc=0 rc=0
for f in "$@"; do for f in "$@"; do
if [ ! -f "$f" ]; then if [ ! -f "$f" ]; then
@ -44,12 +46,18 @@ for f in "$@"; do
done done
fi fi
t="$(/usr/bin/file -b "$f")" t="$(file -b "$f")"
[ -z "${t##ELF *}" -o -z "${t##* ELF *}" ] || continue [ -z "${t##ELF *}" -o -z "${t##* ELF *}" ] || continue
info=$(objdump -p "$f") || continue info=$(objdump -p "$f") || continue
if [ -n "$VERIFY_ELF_FHS" ]; then
if [ -z "${fname#/usr/share/*}" -o -z "${fname#/etc/*}" ]; then
Info "$f: ELF object out of allowed directory tree"
[ "$VERIFY_ELF_FHS" = relaxed ] || rc=1
fi
fi
if [ -n "$VERIFY_ELF_RPATH" ]; then if [ -n "$VERIFY_ELF_RPATH" ]; then
rpath=`printf %s "$info" |awk '{if ($1=="RPATH") print $2}'` rpath=`printf %s "$info" |awk '{if ($1=="RPATH") print $2}'`
while [ -n "$rpath" ]; do while [ -n "$rpath" ]; do
@ -85,13 +93,54 @@ for f in "$@"; do
textrel=`printf %s "$info" |awk '{if ($1=="TEXTREL") print $2}'` textrel=`printf %s "$info" |awk '{if ($1=="TEXTREL") print $2}'`
while [ -n "$textrel" ]; do while [ -n "$textrel" ]; do
Info "$f: TEXTREL entry found: $textrel" Info "$f: TEXTREL entry found: $textrel"
if [ "$VERIFY_ELF_TEXTREL" = relaxed ]; then [ "$VERIFY_ELF_TEXTREL" != relaxed ] || break
break
fi
rc=1 rc=1
break break
done done
fi fi
if [ -n "$VERIFY_ELF_UNRESOLVED" ]; then
while [ -z "${t##*ELF* executable*dynamically linked*}" -o -z "${t##*ELF* shared object*}" ]; do
if ! ldd_info="$("$elf_ldd" --undefined -- "$f" "$RPM_VERIFY_ELF_LDD_RPATH" 2>&1)"; then
printf >&2 '%s\n' "$ldd_info"
rc=1
break
fi
[ "$VERIFY_ELF_UNRESOLVED" = relaxed ] && ldd_rc=0 || ldd_rc=1
printf '%s\n' "$ldd_info" |
awk -vrc="$ldd_rc" -vprog="$PROG" -vfname="$f" -- '
BEGIN {
if (rc == "0")
prefix="WARNING"
else
prefix="ERROR"
errors=0
}
$2 == "=>" && $3 == "not" && $4 == "found" {
lib=$1
printf ("%s: %s: %s: not found: %s\n", prog, prefix, fname, lib)
errors=1
}
$1 == "undefined" && $2 == "symbol:" {
sym=$3
lib=$4
sub("^[(]", "", lib)
sub("[)]$", "", lib)
if (lib == fname) {
printf ("%s: %s: %s: undefined symbol: %s\n", prog, prefix, fname, sym)
errors=1
}
}
END {
if (rc != "0" && errors != 0)
exit 1
}
' && ldd_rc=0 || ldd_rc=1
[ "$VERIFY_ELF_UNRESOLVED" = relaxed -o "$ldd_rc" = 0 ] || rc=1
break
done
fi
done done
exit $rc exit $rc