From 99ecba05dff18fdb0f67d2a3babc5ca69acc22c3 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" <ldv@altlinux.org> Date: Mon, 9 Sep 2002 12:35:53 +0000 Subject: [PATCH] new brp method: verify_elf --- README.ALT-ru_RU.KOI8-R | 29 ++++++++++++++--- macros.in | 1 + platform.in | 2 ++ scripts/brp-alt.in | 3 ++ scripts/brp-verify_elf.in | 43 +++++++++++++++++++++++++ scripts/verify-elf | 68 +++++++++++++++++++++++++++++++++++++++ 6 files changed, 142 insertions(+), 4 deletions(-) create mode 100755 scripts/brp-verify_elf.in create mode 100755 scripts/verify-elf diff --git a/README.ALT-ru_RU.KOI8-R b/README.ALT-ru_RU.KOI8-R index 23f2358..285b579 100644 --- a/README.ALT-ru_RU.KOI8-R +++ b/README.ALT-ru_RU.KOI8-R @@ -1,5 +1,5 @@ ALT Linux RPM: - ����������� ������ rpm-4.0.4-alt1 + ����������� ������ rpm-4.0.4-alt4 Dmitry V. Levin <ldv@altlinux.org> ALT Linux Team @@ -226,6 +226,9 @@ BuildRoot. %_compress_method: �����, ������������ ��� ������ ������������ � ������ %install; + %_verify_elf_method: + �����, ������������ ��� �������� ELF-������ � ������ %install; + %_strip_method: �����, ������������ ��� ��������� ELF-������ � ������ %install; @@ -243,6 +246,9 @@ BuildRoot. %set_strip_method: �������� �������� ������� %_strip_method; + %set_verify_elf_method: + �������� �������� ������� %_verify_elf_method. + ����� ��������������� ��������. %find_lang: @@ -464,6 +470,24 @@ BuildRoot. ������������ ������, �������, ��������, ������� ��������� � ����� � ����������� ���� ������ � �������� �� ������. +�������������� �������� ELF-������ � ���������� ��������� ���������. + + ������ � ���������� ������ ������ ���������� ELF-�����, ���������� + �������� �/��� ������������ ���������� � ��������� �������, ����� ��� + RPATH. ������� �� ��������� ������ ������ %install ����������� ��� + ��������� ELF-�����. ����� ����� ������ ������������ ��������� ������� + %_verify_elf_method, ������� ���� ����� �� ��������� ��������� + ��������: + * none, skip: ������ � �������� �� ������������; + * relaxed: �������� ������ �� ������� ������������ ��������� � + RPATH; + * normal: relaxed + �������� �� ������� ����� ��� ������ �������� � + RPATH; + * strict: �������� �� ������� ��������� RPATH. + + �������� �� ��������� ��� ������� %_verify_elf_method � ������ ������ + ����� normal. + �������������� �������� ���������� ���������� �� ELF-������ � ���������� ��������� ��������� ������ ������, ���������� ���������. @@ -578,6 +602,3 @@ Bibliography ������� PostScript �� ������ http://www.rpm.org/maximum-rpm.ps.gz) _________________________________________________________________ - - - 2002-09-01 diff --git a/macros.in b/macros.in index 6b7be68..756283a 100644 --- a/macros.in +++ b/macros.in @@ -600,6 +600,7 @@ %{?_cleanup_method:export RPM_CLEANUP_METHOD=\"%_cleanup_method\"}\ %{?_compress_method:export RPM_COMPRESS_METHOD=\"%_compress_method\"}\ %{?_strip_method:export RPM_STRIP_METHOD=\"%_strip_method\"}\ + %{?_verify_elf_method:export RPM_VERIFY_ELF_METHOD=\"%_verify_elf_method\"}\ %{?_findreq_method:export RPM_FINDREQ_METHOD=\"%_findreq_method\"}\ %{?_findprov_method:export RPM_FINDPROV_METHOD=\"%_findprov_method\"}\ %{?_findreq_default_method:export RPM_FINDREQ_DEFAULT_METHOD=\"%_findreq_default_method\"}\ diff --git a/platform.in b/platform.in index 0b8068d..44ea2a0 100644 --- a/platform.in +++ b/platform.in @@ -355,12 +355,14 @@ @alt@ @alt@%_cleanup_method auto @alt@%_compress_method auto +@alt@%_verify_elf_method normal @alt@%_strip_method %{?_enable_debug:none}%{!?_enable_debug:executable shared} @alt@%_findreq_default_method files lib pam perl shell @alt@%_findprov_default_method pam lib perl @alt@ @alt@%set_compress_method() %global _compress_method %* @alt@%set_strip_method() %global _strip_method %* +@alt@%set_verify_elf_method() %global _verify_elf_method %* @alt@ @alt@%strip_executable RPM_STRIP_METHOD=executable @RPMCONFIGDIR@/brp-strip @alt@%strip_relocatable RPM_STRIP_METHOD=relocatable @RPMCONFIGDIR@/brp-strip diff --git a/scripts/brp-alt.in b/scripts/brp-alt.in index ec9728f..0ce6619 100755 --- a/scripts/brp-alt.in +++ b/scripts/brp-alt.in @@ -40,6 +40,9 @@ cd "$RPM_BUILD_ROOT" # Compress info and man pages. @RPMCONFIGDIR@/brp-compress +# Verify ELF objects. +@RPMCONFIGDIR@/brp-verify_elf + # Strip ELF binaries. @RPMCONFIGDIR@/brp-strip diff --git a/scripts/brp-verify_elf.in b/scripts/brp-verify_elf.in new file mode 100755 index 0000000..831b0f3 --- /dev/null +++ b/scripts/brp-verify_elf.in @@ -0,0 +1,43 @@ +#!/bin/sh -e +# +# brp-verify_elf - verify ELF objects. +# +# Copyright (C) 2002 Dmitry V. Levin <ldv@altlinux.org> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +PROG="${0##*/}" + +# If using normal root, avoid changing anything. +if [ -z "$(echo "$RPM_BUILD_ROOT" |tr -d ' /.')" ]; then + echo "$PROG: non-/ \$RPM_BUILD_ROOT expected" >&2 + exit 1 +fi + +cd "$RPM_BUILD_ROOT" + +RPM_VERIFY_ELF_METHOD="${RPM_VERIFY_ELF_METHOD## }" +RPM_VERIFY_ELF_METHOD="${RPM_VERIFY_ELF_METHOD%% }" + +echo "Verifying ELF objects in $RPM_BUILD_ROOT ($RPM_VERIFY_ELF_METHOD)" + +case "$RPM_VERIFY_ELF_METHOD" in + none|skip) + exit 0 + ;; +esac + +find -type f -print0 |xargs -r0 @RPMCONFIGDIR@/verify-elf diff --git a/scripts/verify-elf b/scripts/verify-elf new file mode 100755 index 0000000..95eb2b3 --- /dev/null +++ b/scripts/verify-elf @@ -0,0 +1,68 @@ +#!/bin/sh -e +# +# verify-elf - verify ELF objects. +# +# Copyright (C) 2002 Dmitry V. Levin <ldv@altlinux.org> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +PROG="${0##*/}" + +rc=0 +for f in "$@"; do + if [ ! -f "$f" ]; then + echo "$PROG: $f: file unavailable" >&2 + rc=1 + continue + fi + + t="$(/usr/bin/file -b "$f")" + + [ -z "${t//*ELF*}" ] || continue + + info=$(objdump -p "$f") || continue + rpath=`echo "$info" |awk '{if ($1=="RPATH") print $2}'` + + if [ -n "$rpath" ]; then + for p in $RPM_BUILD_ROOT $RPM_BUILD_DIR $RPM_SOURCE_DIR; do + if echo "$rpath" |fgrep -qs "$p"; then + echo "$f: RPATH contains \"$p\": $rpath" >&2 + rc=1 + continue 2 + fi + done + if [ "$RPM_VERIFY_ELF_METHOD" = relaxed ]; then + continue + fi + + if echo "$rpath" |fgrep -qs :; then + echo "$f: RPATH contains \":\": $rpath" >&2 + rc=1 + continue + fi + if [ "$RPM_VERIFY_ELF_METHOD" = normal ]; then + continue + fi + + if [ -n "$rpath" ]; then + echo "$f: RPATH defined: $rpath" >&2 + rc=1 + continue + fi + fi +done + +exit $rc