scripts/check-rpaths-worker


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

#! /bin/bash

# Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
#  
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#  
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#  
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA


fail=
already_shown=0

# effect of this expression is obviously:
# * match paths beginning with:
#   - $SOMETHING/<something>/..
#   - /<something>/..
# * but not paths beginning with
#   - $SOMETHING/..
#   - $SOMETHING/../../../.....
BADNESS_EXPR_32='\(\(\$[^/]\+\)\?\(/.*\)\?/\(\([^.][^/]*\)\|\(\.[^./][^/]*\)\|\(\.\.[^/]\+\)\)\)/\.\.\(/.*\)\?$'

function showHint()
{
    test "$already_shown" -eq 0 || return
    already_shown=1
    
    cat <<EOF >&2
*******************************************************************************
*
* WARNING: 'check-rpaths' detected a broken RPATH and will cause 'rpmbuild'
*          to fail. To ignore these errors, you can set the '\$QA_RPATHS'
*          environment variable which is a bitmask allowing the values
*          below. The current value of QA_RPATHS is $(printf '0x%04x' $QA_RPATHS).
*
*    0x0001 ... standard RPATHs (e.g. /usr/lib); such RPATHs are a minor
*               issue but are introducing redundant searchpaths without
*               providing a benefit. They can also cause errors in multilib
*               environments.
*    0x0002 ... invalid RPATHs; these are RPATHs which are neither absolute
*               nor relative filenames and can therefore be a SECURITY risk
*    0x0004 ... insecure RPATHs; these are relative RPATHs which are a
*               SECURITY risk
*    0x0008 ... the special '\$ORIGIN' RPATHs are appearing after other
*               RPATHs; this is just a minor issue but usually unwanted
*    0x0010 ... the RPATH is empty; there is no reason for such RPATHs
*               and they cause unneeded work while loading libraries
*    0x0020 ... an RPATH references '..' of an absolute path; this will break
*               the functionality when the path before '..' is a symlink
*          
*
* Examples:
* - to ignore standard and empty RPATHs, execute 'rpmbuild' like
*   \$ QA_RPATHS=\$[ 0x0001|0x0010 ] rpmbuild my-package.src.rpm
* - to check existing files, set \$RPM_BUILD_ROOT and execute check-rpaths like
*   \$ RPM_BUILD_ROOT=<top-dir> /usr/lib/rpm/check-rpaths
*  
*******************************************************************************
EOF
}

function msg()
{
    local val=$1
    local cmp=$2
    local msg=
    local fail=
    local code

    test $[ $val & $cmp ] -ne 0 || return 0

    code=$(printf '%04x' $cmp)
    if test $[ $val & ~$QA_RPATHS ] -eq 0; then
	msg="WARNING"
    else
	showHint
	msg="ERROR  "
	fail=1
    fi

    shift 2
    echo "$msg $code: $@" >&2

    test -z "$fail"
}

: ${QA_RPATHS:=0}
old_IFS=$IFS

for i; do
    pos=0
    rpath=$(readelf -d "$i" 2>/dev/null | LANG=C grep '(RPATH).*:') || continue
    rpath=$(echo "$rpath" | LANG=C sed -e 's!.*(RPATH).*: \[\(.*\)\]!\1!p;d')
    tmp=aux:$rpath:/lib/aux || :
    IFS=:
    set -- $tmp
    IFS=$old_IFS
    shift

    allow_ORIGIN=1
    for j; do
	new_allow_ORIGIN=0

	if test -z "$j"; then
	    badness=16
	elif expr match "$j" "$BADNESS_EXPR_32" >/dev/null; then
	    badness=32
	else
	    case "$j" in
	        (/lib/*|/usr/lib/*|/usr/X11R6/lib/*|/usr/local/lib/*)
		    badness=0;;
	        (/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
		    badness=0;;

		(\$ORIGIN|\${ORIGINX}|\$ORIGIN/*|\${ORIGINX}/*)
		    test $allow_ORIGIN -eq 0 && badness=8 || {
			badness=0
			new_allow_ORIGIN=1
		    }
		    ;;
		(/*\$PLATFORM*|/*\${PLATFORM}*|/*\$LIB*|/*\${LIB}*)
		    badness=0;;
	    	
	        (/lib|/usr/lib|/usr/X11R6/lib)
		    badness=1;;
	        (/lib64|/usr/lib64|/usr/X11R6/lib64)
		    badness=1;;
	    	
	        (.*)
		    badness=4;;
	        (*) badness=2;;
	    esac
	fi

	allow_ORIGIN=$new_allow_ORIGIN

	base=${i##$RPM_BUILD_ROOT}
	msg "$badness"  1 "file '$base' contains a standard rpath '$j' in [$rpath]"  || fail=1
	msg "$badness"  2 "file '$base' contains an invalid rpath '$j' in [$rpath]"  || fail=1
	msg "$badness"  4 "file '$base' contains an insecure rpath '$j' in [$rpath]" || fail=1
	msg "$badness"  8 "file '$base' contains the \$ORIGIN rpath specifier at the wrong position in [$rpath]" || fail=1
	msg "$badness" 16 "file '$base' contains an empty rpath in [$rpath]"         || fail=1
	msg "$badness" 32 "file '$base' contains an rpath referencing '..' of an absolute path [$rpath]" || fail=2
	let ++pos
    done
done

test -z "$fail"