#!/bin/sh -ef # # brp-verify_elf - verify ELF objects. # # Copyright (C) 2002, 2003, 2006 Dmitry V. Levin # Copyright (C) 2009 Alexey Tourbin # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # . @RPMCONFIGDIR@/functions ValidateBuildRoot cd "$RPM_BUILD_ROOT" export VERIFY_ELF_ARCH=normal export VERIFY_ELF_FHS=normal export VERIFY_ELF_LFS=relaxed export VERIFY_ELF_LINT=relaxed export VERIFY_ELF_RPATH=normal export VERIFY_ELF_STACK=normal export VERIFY_ELF_TEXTREL=normal export VERIFY_ELF_UNRESOLVED=normal for t in `printf %s "$RPM_VERIFY_ELF_METHOD" |tr , ' '`; do case "$t" in no|none|skip) Info 'ELF verification disabled' exit 0 ;; arch=?*) VERIFY_ELF_ARCH="${t#arch=}" ;; fhs=?*) VERIFY_ELF_FHS="${t#fhs=}" ;; lfs=?*) VERIFY_ELF_LFS="${t#lfs=}" ;; lint=?*) VERIFY_ELF_LINT="${t#lint=}" ;; rpath=?*) VERIFY_ELF_RPATH="${t#rpath=}" ;; stack=?*) VERIFY_ELF_STACK="${t#stack=}" ;; textrel=?*) VERIFY_ELF_TEXTREL="${t#textrel=}" ;; unresolved=?*) VERIFY_ELF_UNRESOLVED="${t#unresolved=}" ;; default) VERIFY_ELF_ARCH=normal VERIFY_ELF_FHS=normal VERIFY_ELF_LFS=relaxed VERIFY_ELF_LINT=relaxed VERIFY_ELF_RPATH=normal VERIFY_ELF_STACK=normal VERIFY_ELF_TEXTREL=normal VERIFY_ELF_UNRESOLVED=normal ;; normal) VERIFY_ELF_ARCH=normal VERIFY_ELF_FHS=normal VERIFY_ELF_LFS=normal VERIFY_ELF_LINT=normal VERIFY_ELF_RPATH=normal VERIFY_ELF_STACK=normal VERIFY_ELF_TEXTREL=normal VERIFY_ELF_UNRESOLVED=normal ;; strict) VERIFY_ELF_ARCH=strict VERIFY_ELF_FHS=strict VERIFY_ELF_LFS=strict VERIFY_ELF_LINT=strict VERIFY_ELF_RPATH=strict VERIFY_ELF_STACK=strict VERIFY_ELF_TEXTREL=strict VERIFY_ELF_UNRESOLVED=strict ;; relaxed) VERIFY_ELF_ARCH=relaxed VERIFY_ELF_FHS=relaxed VERIFY_ELF_LFS=relaxed VERIFY_ELF_LINT=relaxed VERIFY_ELF_RPATH=relaxed VERIFY_ELF_STACK=relaxed VERIFY_ELF_TEXTREL=relaxed VERIFY_ELF_UNRESOLVED=relaxed ;; *) Fatal "Unrecognized verify_elf method: $t" ;; esac done # No stack verification available on arm*, mips* and riscv* case "$RPM_TARGET_ARCH" in arm*|mips*|riscv*) VERIFY_ELF_LINT=no VERIFY_ELF_STACK=no ;; esac : ${RPM_VERIFY_ELF_TOPDIR:=} : ${RPM_VERIFY_ELF_SKIPLIST:=} [ -d "$RPM_BUILD_ROOT$RPM_VERIFY_ELF_TOPDIR" ] || exit 0 echo "Verifying ELF objects in $RPM_BUILD_ROOT$RPM_VERIFY_ELF_TOPDIR (arch=$VERIFY_ELF_ARCH,fhs=$VERIFY_ELF_FHS,lfs=$VERIFY_ELF_LFS,lint=$VERIFY_ELF_LINT,rpath=$VERIFY_ELF_RPATH,stack=$VERIFY_ELF_STACK,textrel=$VERIFY_ELF_TEXTREL,unresolved=$VERIFY_ELF_UNRESOLVED)" dump_ld_config='@RPMCONFIGDIR@/dump_ld_config' RPM_VERIFY_ELF_LDD_RPATH="$("$dump_ld_config" '' "$RPM_BUILD_ROOT")" RPM_VERIFY_ELF_LDD_RPATH="$RPM_VERIFY_ELF_LDD_RPATH /$RPM_LIB $RPM_LIBDIR $("$dump_ld_config")" export RPM_VERIFY_ELF_LDD_RPATH # just in case set -o pipefail find .$RPM_VERIFY_ELF_TOPDIR -path ./usr/lib/debug -prune -o -type f -print | file -NF$'\t' -f - | while IFS=$'\t' read -r f t; do case " $t" in *' ELF '*' shared object, no machine, '*) continue ;; *' ELF '*) ;; *) continue ;; esac for skip in $RPM_VERIFY_ELF_SKIPLIST; do case "${f#.}" in $skip) continue 2 ;; esac done VERIFY_ELF_LD_PRELOAD= for rule in ${!RPM_LD_PRELOAD_@}; do pats="${rule/#RPM/RPM_FILES_TO}" for pat in ${!pats}; do case "${f#.}" in $pat) VERIFY_ELF_LD_PRELOAD="$VERIFY_ELF_LD_PRELOAD ${!rule}" break ;; esac done done printf '%s\t%s\n' "$f" "$VERIFY_ELF_LD_PRELOAD" done | @RPMCONFIGDIR@/verify-elf