fedora-rpmdevtools check-rpaths-worker, 1.5, 1.6 fedora-rpmdevtools.spec, 1.71, 1.72

Ville Skytta (scop) fedora-extras-commits at redhat.com
Mon Oct 3 05:35:42 UTC 2005 

Author: scop

Update of /cvs/fedora/fedora-rpmdevtools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28062

Modified Files:
	check-rpaths-worker fedora-rpmdevtools.spec 
Log Message:
check-rpaths* fixes from Enrico.


Index: check-rpaths-worker
===================================================================
RCS file: /cvs/fedora/fedora-rpmdevtools/check-rpaths-worker,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- check-rpaths-worker	18 Aug 2005 05:49:16 -0000	1.5
+++ check-rpaths-worker	3 Oct 2005 05:35:40 -0000	1.6
@@ -19,6 +19,47 @@
 
 fail=
 IFS=:
+already_shown=0
+
+function showHint()
+{
+    test "$already_shown" -eq 0 || return
+    already_shown=1
+    
+    cat <<EOF >&2
+*******************************************************************************
+*
+* WARNING: 'check-rpaths' detected a broken RPATH and will cause 'rpmbuild'
+*          to fail. To ignore these errors, you can set the '\$QA_RPATHS'
+*          environment variable which is a bitmask allowing the values
+*          below. The current value of QA_RPATHS is $(printf '0x%04x' $QA_RPATHS).
+*
+*    0x0001 ... standard RPATHs (e.g. /usr/lib); such RPATHs are a minor
+*               issue but are introducing redundant searchpaths without
+*               providing a benefit. They can also cause errors in multilib
+*               environments.
+*    0x0002 ... invalid RPATHs; these are RPATHs which are neither absolute
+*               nor relative filenames and can therefore be a SECURITY risk
+*    0x0004 ... insecure RPATHs; these are relative RPATHs which are a
+*               SECURITY risk
+*    0x0008 ... the special '\$ORIGIN' RPATHs are appearing after other
+*               RPATHs; this is just a minor issue but usually unwanted
+*    0x0010 ... the RPATH is empty; there is no reason for such RPATHs
+*               and they cause unneeded work while loading libraries
+*
+*          
+*
+* Examples:
+* - to ignore standard and empty RPATHs, execute 'rpmbuild' like
+*   \$ QA_RPATHS=\$[ 0x0001|0x0010 ] rpmbuild my-package.src.rpm
+* - to check existing files, set \$RPM_BUILD_ROOT and execute check-rpaths like
+*   \$ RPM_BUILD_ROOT=<top-dir> /usr/lib/rpm/check-rpaths
+*  
+* 'check-rpaths' is part of 'fedora-rpmdevtools'.
+*
+*******************************************************************************
+EOF
+}
 
 function msg()
 {
@@ -32,6 +73,7 @@
     if test $[ $val & ~$QA_RPATHS ] -eq 0; then
 	msg=WARNING
     else
+	showHint
 	msg=ERROR
 	fail=1
     fi
@@ -51,7 +93,11 @@
     tmp=aux:$rpath:/lib/aux || :
     set -- $tmp
     shift
+
+    allow_ORIGIN=1
     for j; do
+	new_allow_ORIGIN=0
+
 	if test -z "$j"; then
 	    badness=16
 	else
@@ -61,8 +107,12 @@
 	        (/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
 		    badness=0;;
 
-		(\$ORIGIN|\${ORIGINX})
-		    test $pos -ne 0 && badness=8 || badness=0 ;;
+		(\$ORIGIN|\${ORIGINX}|\$ORIGIN/*|\${ORIGINX}/*)
+		    test $allow_ORIGIN -eq 0 && badness=8 || {
+			badness=0
+			new_allow_ORIGIN=1
+		    }
+		    ;;
 		(/*\$PLATFORM*|/*\${PLATFORM}*|/*\$LIB*|/*\${LIB}*)
 		    badness=0;;
 	    	
@@ -73,10 +123,12 @@
 	    	
 	        (.*)
 		    badness=4;;
-	        *)  badness=2;;
+	        (*) badness=2;;
 	    esac
 	fi
 
+	allow_ORIGIN=$new_allow_ORIGIN
+
 	base=${i##$RPM_BUILD_ROOT}
 	msg "$badness"  1 "file '$base' contains a standard rpath '$j' in [$rpath]"  || fail=1
 	msg "$badness"  2 "file '$base' contains an invalid rpath '$j' in [$rpath]"  || fail=1


Index: fedora-rpmdevtools.spec
===================================================================
RCS file: /cvs/fedora/fedora-rpmdevtools/fedora-rpmdevtools.spec,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- fedora-rpmdevtools.spec	18 Aug 2005 06:04:06 -0000	1.71
+++ fedora-rpmdevtools.spec	3 Oct 2005 05:35:40 -0000	1.72
@@ -126,9 +126,13 @@
 
 
 %changelog
-* Thu Aug 18 2005 Ville Skyttä <ville.skytta at iki.fi>
+* Mon Oct  3 2005 Ville Skyttä <ville.skytta at iki.fi>
 - check-buildroot: grep for buildroot as a fixed string, not a regexp.
 - Update FSF's address in copyright notices.
+- check-rpaths-worker: allow multiple $ORIGIN paths in an RPATH and allow
+  RPATHs which are relative to $ORIGIN (#169298, Enrico Scholz).
+- check-rpaths-worker: give out an hint about usage and the detected issues
+  at the first detected error (Enrico Scholz).
 
 * Fri Jul  8 2005 Ville Skyttä <ville.skytta at iki.fi> - 1.1-1
 - Drop more pre-FC2 compat stuff from Perl spec template.

More information about the fedora-extras-commits mailing list