Commit Graph

53 Commits

Author SHA1 Message Date
Konstantin A. Lepikhov
169f3ece9a verify-elf: bypass lint checks by request
lld linked binaries differ by structure from GNU ld, so eu-lint will
always complaint about.  Allow to skip those checks by passing
%set_verify_elf_method lint=(skip|no)

Signed-off-by: Konstantin A. Lepikhov <lakostis@altlinux.ru>
2019-01-13 22:39:58 +00:00
Ivan Zakharyaschev
ea7ca90347 verify-elf(get_verify_policy): fix whitespace 2018-05-23 17:02:10 +03:00
Ivan Zakharyaschev
67ec541700 verify_rpath(): distinguish grep's failure and a normal valid case
Previously (according to the exit statuses):

0. if something strange was found in $rpath, an error was reported;
1. if nothing strange was found, no error was reported;
2. if grep failed, it looked like the previous case and no error was
reported (as if $rpath was valid).

Now, the pipe (and the whole script) would abort on grep's failure.
2018-05-23 17:00:54 +03:00
Ivan Zakharyaschev
b491c783f6 verify_stack(): distinguish failures and a normal status of grep
Now, if something fails, the pipe (and the function, and the whole
script) will fail.

If the exit codes are normal, they are handled according to our logic.

Previously, a failure (which is an exceptional rare case) would lead to:

1. skipping the further exe_stack check and error_strict STACK "$f" 'STACK entry not found'
2. silently skipping the exe_stack check (which was impossible anyway because of the failure)
2018-05-23 17:00:54 +03:00
Ivan Zakharyaschev
cdefa4ab34 verify-elf(verify_unresolved): correctly treat grep's status, allow standalone use
The pipe (and the function, and the whole script) would fail when the
resulting constructed rpath was empty. But usually at least
$RPM_VERIFY_ELF_LDD_RPATH is not empty, so the bad behavior has not
been observed.

However, when verify-elf is used standalone, $RPM_VERIFY_ELF_LDD_RPATH
is empty indeed, and this improvement becomes important.

Before this improvement:

$ RPM_BUILD_ROOT=/home /usr/lib/rpm/verify-elf /bin/pwd; echo $?
1

After this improvement:

$ VERIFY_ELF_UNRESOLVED=strict RPM_BUILD_ROOT=/home /usr/lib/rpm/verify-elf /bin/pwd; echo $?
0
$ VERIFY_ELF_UNRESOLVED=strict RPM_BUILD_ROOT=/home /usr/lib/rpm/verify-elf /usr/lib64/python3/site-packages/_cffi_backend.cpython-35m.so; echo $?
verify-elf: ERROR: /usr/lib64/python3/site-packages/_cffi_backend.cpython-35m.so: undefined symbol: PyExc_SystemError
....
1
2018-05-23 17:00:54 +03:00
a95f23ef1a verify-elf: fix passing of LD_PRELOAD in verify_unresolved
In verify_unresolved(), do not preload requested objects to $elf_ldd
directly because the latter is not an ELF interpreter but a shell
script.  Instead, pass the list of objects that have to be preloaded
to $elf_ldd script which in turn assigns it to LD_PRELOAD variable
in the ELF interpreter invocation.
2017-01-14 13:42:53 +00:00
Gleb Fotengauer-Malinovskiy
cec71f3fbf verify-elf: make verify_lfs check libraries too
Previously, verify_lfs checked if object has valid interpreter, but it
doesn't make sense in case of shared objects.  verify_lfs check is valid
for all ELFs linked with libraries supporting both LFS and non-LFS API
(libc.so and libz.so in our case).
2016-12-20 15:31:10 +03:00
a4fb4d42e7 verify-elf (verify_unresolved): treat PIEs as executables 2016-12-07 11:30:44 +00:00
Ivan Zakharyaschev
d362bae600 verify-elf made a bit safer: pipes or command substitutions make it fail
1. set -o pipefail
2. don't use command substitutions inside other complex expressions; just assign to a var -- then it would make the script fail
2016-11-30 17:49:59 +03:00
Ivan Zakharyaschev
00b00565ea verify-elf: don't call verify_rpath() under a pipe because the errors are saved in a var
(A pipe makes a subshell and the var is modified there.)
2016-11-30 17:48:24 +03:00
Ivan Zakharyaschev
c0f11587a5 verify-elf: don't confuse verify_rpath() in case of two RUNPATH/RPATHs (ALT#32826) 2016-11-30 17:30:49 +03:00
Ivan Zakharyaschev
91c923f251 verify-elf: tiny cleanup: unify the awk expression for RPATH extraction
Rewritten equivalently, like in lib.req.
2016-11-30 17:09:09 +03:00
Ivan Zakharyaschev
70369c1a8e verify-elf: tiny cleanup: local var declaration moved to the place of use
The other occurence of "rpath" is in the second part of a pipe and is
local to that subshell anyway.
2016-11-30 17:08:09 +03:00
Ivan Zakharyaschev
66f1a4cb8d verify-elf: RUNPATH overrides RPATH for verify_unresolved
From ld.so's documentation about the search order:

Using the directories specified in the DT_RPATH dynamic section
attribute of the binary if present and DT_RUNPATH attribute does not
exist. Use of DT_RPATH is deprecated.
2016-11-29 15:11:46 +03:00
Ivan Zakharyaschev
65509e2763 verify-elf: honor RUNPATH, too (like in lib.req.in:95 and debuginfo.req.in:76)
in addition to RPATH
2016-11-28 22:37:18 +03:00
Ivan Zakharyaschev
e2810bda5c added me to "Copyright (C)" 2016-11-28 22:37:13 +03:00
Ivan Zakharyaschev
9d2611ea44 verify-elf: substitute LD_PRELOAD before ldd (with what is passed on stdin after \t)
Of course, this will clean any externally set LD_PRELOAD.
2016-03-31 21:23:22 +03:00
6ad3a37cb9 verify-elf: fix regression in verify_lfs 2015-01-28 13:41:37 +00:00
a44f6ae523 verify-elf: make verify_stack work again 2015-01-23 14:56:29 +00:00
d92c009d2d verify-elf: implement LFS check (ALT#28290) 2013-01-10 23:15:07 +00:00
820414df17 verify-elf: move check for rpath, stack and unresolved symbols to separate functions 2011-12-12 16:27:52 +00:00
c66e9c38e4 verify-elf: more RPATH checks
Check RPATH for non-ascii symbols, invalid absolute and relative paths,
and standard library directories.
2011-12-10 21:51:42 +00:00
6eea0604ad verify-elf: Rewrite error reporting code 2011-12-10 17:50:11 +00:00
caad5da212 verify-elf: Add /lib/../lib64 to the list of prohibited RPATH elements 2011-09-07 21:44:34 +00:00
77c93a9c97 verify-elf: Omit duplicate lines from eu-findtextrel's output 2009-12-20 15:25:02 +00:00
Alexey Tourbin
e845c7f14b verify-elf: fixed typos in VERIFY_ELF_RPATH test
Since "RPATH containts :" test never worked, I downgrade it
to a warning.
2009-12-20 01:45:23 +03:00
Alexey Tourbin
cb4fcda459 brp-verify_elf, verify-elf: updated copyright statement 2009-12-19 03:25:52 +03:00
Alexey Tourbin
51f460bb75 verify-elf: simplifed prefix/rc expressions 2009-12-19 03:25:51 +03:00
Alexey Tourbin
e8e60796bb verify-elf: use eu-findtextrel to provide better TEXTREL diagnostics 2009-12-19 03:25:51 +03:00
Alexey Tourbin
7d83e49285 verify-elf: implemented new "lint" method using "eu-elflint --gnu-ld" 2009-12-19 03:25:23 +03:00
Alexey Tourbin
e6683d0de4 brp-verify_elf, verify-elf: simplify VERIFY_ELF_* parameter passing 2009-12-18 22:55:46 +03:00
Alexey Tourbin
f82116d5f9 brp-verify_elf: select ELF files with signle file(1) invocation
Also, move RPM_VERIFY_ELF_SKIPLIST logic from verify-elf to
brp-verify_elf, since RPM_VERIFY_ELF_TOPDIR is already there.
Normally, verify-elf should be a standalone program (available
for users).  It's just not quite ready yet.
2009-12-18 22:52:34 +03:00
1a9569d6ec Revert "verify-elf.in: PIE executables on ARM always has TEXTREL, do not check them"
PIE support without TEXTRELs on ARM was implemented in glibc-2.8.90-alt3,
for details see http://lists.altlinux.org/pipermail/devel/2008-November/162638.html

This reverts commit 816b34cd86.
2008-11-13 01:48:58 +03:00
816b34cd86 verify-elf.in: PIE executables on ARM always has TEXTREL, do not check them 2008-02-24 23:10:38 +00:00
5416277102 Removed cvsid tags. 2006-05-14 17:05:34 +04:00
03ad765c9c VERIFY_ELF_STACK: check for statically linked ELF executables too 2006-04-04 21:14:07 +00:00
f2cdd50995 Implemented VERIFY_ELF_STACK 2006-04-04 16:42:49 +00:00
d4a4544c9a extended VERIFY_ELF_UNRESOLVED=normal to executables. 2006-03-09 16:59:07 +00:00
104b1a8c13 VERIFY_ELF_UNRESOLVED=normal 2006-03-07 16:16:17 +00:00
6ea4d923f5 quote $RPM_TARGET_ARCH 2006-02-24 01:46:22 +00:00
b95c6582c3 Cleaned up VERIFY_ELF_RPATH handling even more 2006-02-24 01:11:48 +00:00
bf3687275e Fixed recent changes to VERIFY_ELF_RPATH handling 2006-02-24 01:09:32 +00:00
d3f7193ec5 Added VERIFY_ELF_ARCH support, enhanced VERIFY_ELF_RPATH support. 2006-02-24 00:52:09 +00:00
7770fa3c41 VERIFY_ELF_RPATH: prohibit rpaths starting/anding with : or containing :: 2006-02-21 15:40:09 +00:00
64e6debda9 fixed typo in VERIFY_ELF_UNRESOLVED support 2006-02-21 15:27:02 +00:00
9d1118aaf6 make fhs check really work; redirect output of unresolved check to stderr; prefix all messages with WARNING or ERROR depending on check mode 2006-01-16 15:39:50 +00:00
f4a8163e44 Fixed RPM_VERIFY_ELF_LDD_RPATH handling [2]. 2006-01-14 23:57:02 +00:00
49ad8c323f Fixed RPM_VERIFY_ELF_LDD_RPATH handling. 2006-01-14 23:33:42 +00:00
7e5f0d44b2 Handle $VERIFY_ELF_FHS and $VERIFY_ELF_UNRESOLVED 2006-01-14 20:44:54 +00:00
42b3a949e9 eliminated unneeded pattern substitutions 2004-01-25 17:19:42 +00:00