rpm-build/scripts/verify-elf.in

161 lines
4.1 KiB
Bash
Executable File

#!/bin/sh -ef
#
# verify-elf - verify ELF objects.
#
# $Id$
# Copyright (C) 2002, 2003, 2004, 2006 Dmitry V. Levin <ldv@altlinux.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
. @RPMCONFIGDIR@/functions
ValidateBuildRoot
: ${RPM_VERIFY_ELF_SKIPLIST:=}
elf_ldd='@RPMCONFIGDIR@/ldd'
rc=0
for f in "$@"; do
if [ ! -f "$f" ]; then
Info "$f: file unavailable"
rc=1
continue
fi
fname="${f#$RPM_BUILD_ROOT}"
fname="${fname#.}"
if [ -n "$RPM_VERIFY_ELF_SKIPLIST" ]; then
for skip in $RPM_VERIFY_ELF_SKIPLIST; do
if [ -z "${fname##$skip}" ]; then
continue 2
fi
done
fi
t="$(file -b "$f")"
[ -z "${t##ELF *}" -o -z "${t##* ELF *}" ] || continue
info=$(objdump -p "$f") || continue
if [ -n "$VERIFY_ELF_FHS" ]; then
if [ -z "${fname#/usr/share/*}" -o -z "${fname#/etc/*}" ]; then
Info "$f: ELF object out of allowed directory tree"
[ "$VERIFY_ELF_FHS" = relaxed ] || rc=1
fi
fi
if [ -n "$VERIFY_ELF_RPATH" ]; then
rpath=`printf %s "$info" |awk '{if ($1=="RPATH") print $2}'`
while [ -n "$rpath" ]; do
found=
for p in $RPM_BUILD_ROOT $RPM_BUILD_DIR $RPM_SOURCE_DIR; do
if printf %s "$rpath" |fgrep -qs "$p"; then
Info "$f: RPATH entry contains \"$p\": $rpath"
found=1
fi
done
if [ -n "$found" ]; then
rc=1
break
fi
if printf %s "$rpath" |fgrep -qs :; then
Info "$f: RPATH entry contains \":\": $rpath"
[ "$VERIFY_ELF_RPATH" = relaxed ] || rc=1
break
fi
if [ "$VERIFY_ELF_RPATH" = relaxed -o "$VERIFY_ELF_RPATH" = normal ]; then
break
fi
Info "$f: RPATH entry found: $rpath"
rc=1
break
done
fi
if [ -n "$VERIFY_ELF_TEXTREL" ]; then
textrel=`printf %s "$info" |awk '{if ($1=="TEXTREL") print $2}'`
while [ -n "$textrel" ]; do
Info "$f: TEXTREL entry found: $textrel"
[ "$VERIFY_ELF_TEXTREL" != relaxed ] || break
rc=1
break
done
fi
if [ -n "$VERIFY_ELF_UNRESOLVED" ]; then
while [ -z "${t##*ELF* executable*dynamically linked*}" -o -z "${t##*ELF* shared object*}" ]; do
rpath="$(printf %s "$dump" |awk '{if ($1=="RPATH") print $2}' |tr -s : ' ' |sed -e "s|\$ORIGIN|${fname%/*}|g")"
if [ -n "$rpath" ]; then
rpath="$rpath $RPM_VERIFY_ELF_LDD_RPATH"
else
rpath="$RPM_VERIFY_ELF_LDD_RPATH"
fi
rpath="$(printf %s "$rpath" |
tr -s '[:space:]' '\n' |
grep -v '^$' |
LANG=C uniq |
sed -e "s|^|$RPM_BUILD_ROOT&|" |
tr -s '[:space:]' : |
sed -e 's/^:\+//; s/:\+$//')"
if ! ldd_info="$("$elf_ldd" --undefined -- "$f" "$RPM_VERIFY_ELF_LDD_RPATH" 2>&1)"; then
printf >&2 '%s\n' "$ldd_info"
rc=1
break
fi
[ "$VERIFY_ELF_UNRESOLVED" = relaxed ] && ldd_rc=0 || ldd_rc=1
printf '%s\n' "$ldd_info" |
awk -vrc="$ldd_rc" -vprog="$PROG" -vfname="$f" -- '
BEGIN {
if (rc == "0")
prefix="WARNING"
else
prefix="ERROR"
errors=0
}
$2 == "=>" && $3 == "not" && $4 == "found" {
lib=$1
printf ("%s: %s: %s: not found: %s\n", prog, prefix, fname, lib)
errors=1
}
$1 == "undefined" && $2 == "symbol:" {
sym=$3
lib=$4
sub("^[(]", "", lib)
sub("[)]$", "", lib)
if (lib == fname) {
printf ("%s: %s: %s: undefined symbol: %s\n", prog, prefix, fname, sym)
errors=1
}
}
END {
if (rc != "0" && errors != 0)
exit 1
}
' && ldd_rc=0 || ldd_rc=1
[ "$VERIFY_ELF_UNRESOLVED" = relaxed -o "$ldd_rc" = 0 ] || rc=1
break
done
fi
done
exit $rc