fedora-rpmdevtools check-rpaths-worker, 1.5, 1.6 fedora-rpmdevtools.spec, 1.71, 1.72
Ville Skytta (scop)
fedora-extras-commits at redhat.com
Mon Oct 3 05:35:42 UTC 2005
Author: scop
Update of /cvs/fedora/fedora-rpmdevtools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28062
Modified Files:
check-rpaths-worker fedora-rpmdevtools.spec
Log Message:
check-rpaths* fixes from Enrico.
Index: check-rpaths-worker
===================================================================
RCS file: /cvs/fedora/fedora-rpmdevtools/check-rpaths-worker,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- check-rpaths-worker 18 Aug 2005 05:49:16 -0000 1.5
+++ check-rpaths-worker 3 Oct 2005 05:35:40 -0000 1.6
@@ -19,6 +19,47 @@
fail=
IFS=:
+already_shown=0
+
+function showHint()
+{
+ test "$already_shown" -eq 0 || return
+ already_shown=1
+
+ cat <<EOF >&2
+*******************************************************************************
+*
+* WARNING: 'check-rpaths' detected a broken RPATH and will cause 'rpmbuild'
+* to fail. To ignore these errors, you can set the '\$QA_RPATHS'
+* environment variable which is a bitmask allowing the values
+* below. The current value of QA_RPATHS is $(printf '0x%04x' $QA_RPATHS).
+*
+* 0x0001 ... standard RPATHs (e.g. /usr/lib); such RPATHs are a minor
+* issue but are introducing redundant searchpaths without
+* providing a benefit. They can also cause errors in multilib
+* environments.
+* 0x0002 ... invalid RPATHs; these are RPATHs which are neither absolute
+* nor relative filenames and can therefore be a SECURITY risk
+* 0x0004 ... insecure RPATHs; these are relative RPATHs which are a
+* SECURITY risk
+* 0x0008 ... the special '\$ORIGIN' RPATHs are appearing after other
+* RPATHs; this is just a minor issue but usually unwanted
+* 0x0010 ... the RPATH is empty; there is no reason for such RPATHs
+* and they cause unneeded work while loading libraries
+*
+*
+*
+* Examples:
+* - to ignore standard and empty RPATHs, execute 'rpmbuild' like
+* \$ QA_RPATHS=\$[ 0x0001|0x0010 ] rpmbuild my-package.src.rpm
+* - to check existing files, set \$RPM_BUILD_ROOT and execute check-rpaths like
+* \$ RPM_BUILD_ROOT=<top-dir> /usr/lib/rpm/check-rpaths
+*
+* 'check-rpaths' is part of 'fedora-rpmdevtools'.
+*
+*******************************************************************************
+EOF
+}
function msg()
{
@@ -32,6 +73,7 @@
if test $[ $val & ~$QA_RPATHS ] -eq 0; then
msg=WARNING
else
+ showHint
msg=ERROR
fail=1
fi
@@ -51,7 +93,11 @@
tmp=aux:$rpath:/lib/aux || :
set -- $tmp
shift
+
+ allow_ORIGIN=1
for j; do
+ new_allow_ORIGIN=0
+
if test -z "$j"; then
badness=16
else
@@ -61,8 +107,12 @@
(/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
badness=0;;
- (\$ORIGIN|\${ORIGINX})
- test $pos -ne 0 && badness=8 || badness=0 ;;
+ (\$ORIGIN|\${ORIGINX}|\$ORIGIN/*|\${ORIGINX}/*)
+ test $allow_ORIGIN -eq 0 && badness=8 || {
+ badness=0
+ new_allow_ORIGIN=1
+ }
+ ;;
(/*\$PLATFORM*|/*\${PLATFORM}*|/*\$LIB*|/*\${LIB}*)
badness=0;;
@@ -73,10 +123,12 @@
(.*)
badness=4;;
- *) badness=2;;
+ (*) badness=2;;
esac
fi
+ allow_ORIGIN=$new_allow_ORIGIN
+
base=${i##$RPM_BUILD_ROOT}
msg "$badness" 1 "file '$base' contains a standard rpath '$j' in [$rpath]" || fail=1
msg "$badness" 2 "file '$base' contains an invalid rpath '$j' in [$rpath]" || fail=1
Index: fedora-rpmdevtools.spec
===================================================================
RCS file: /cvs/fedora/fedora-rpmdevtools/fedora-rpmdevtools.spec,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- fedora-rpmdevtools.spec 18 Aug 2005 06:04:06 -0000 1.71
+++ fedora-rpmdevtools.spec 3 Oct 2005 05:35:40 -0000 1.72
@@ -126,9 +126,13 @@
%changelog
-* Thu Aug 18 2005 Ville Skyttä <ville.skytta at iki.fi>
+* Mon Oct 3 2005 Ville Skyttä <ville.skytta at iki.fi>
- check-buildroot: grep for buildroot as a fixed string, not a regexp.
- Update FSF's address in copyright notices.
+- check-rpaths-worker: allow multiple $ORIGIN paths in an RPATH and allow
+ RPATHs which are relative to $ORIGIN (#169298, Enrico Scholz).
+- check-rpaths-worker: give out an hint about usage and the detected issues
+ at the first detected error (Enrico Scholz).
* Fri Jul 8 2005 Ville Skyttä <ville.skytta at iki.fi> - 1.1-1
- Drop more pre-FC2 compat stuff from Perl spec template.
More information about the fedora-extras-commits
mailing list