From: Alexey Tourbin <at@altlinux.ru>
To: ALT Devel discussion list <devel@lists.altlinux.org>
Subject: Re: [devel] verify-elf
Date: Fri, 15 Sep 2006 02:04:16 +0400
Message-ID: <20060914220416.GL17693@localhost.localdomain> (raw)
In-Reply-To: <20060914191144.GA17069@basalt.office.altlinux.org>
[-- Attachment #1.1: Type: text/plain, Size: 629 bytes --]
On Thu, Sep 14, 2006 at 11:11:44PM +0400, Dmitry V. Levin wrote:
> On Thu, Sep 14, 2006 at 10:08:25PM +0300, Michael Shigorin wrote:
> > On Thu, Sep 14, 2006 at 04:25:12PM +0400, Dmitry V. Levin wrote:
> > > А я добавлю параметр --inhibit-rpath в команду вызова ld.so.
> >
> > А этот антикомар сильно кусается, по предварительным оценкам? :)
>
> Если правильно составить --library-path, то не кусается.
> Мне, очевидно, недостаточно просто --inhibit-rpath добавить,
> придётся адаптировать алгоритм вычисления --library-path.
Я ещё год назад говорил что --inhibit-rpath придется делать и даже
алгоритм предлагал!
[-- Attachment #1.2: verify_elfsym --]
[-- Type: text/plain, Size: 3172 bytes --]
#!/bin/sh -ef
. /usr/lib/rpm/functions
[ -z "$RPM_BUILD_ROOT" ] || ValidateBuildRoot
RTLD=/lib/ld-linux.so.2
RTLD_libpath=/lib:/usr/lib:/usr/X11R6/lib
elf1_libpath()
{
local elf="$1" libpath="$RTLD_libpath"
[ -z "$LD_LIBRARY_PATH" ] ||
libpath="$LD_LIBRARY_PATH:$libpath"
[ -z "$RPM_FINDPROV_LIB_PATH" ] ||
libpath="$RPM_FINDPROV_LIB_PATH:$libpath"
local info= rpath=
info="$(objdump -p "$elf")" || return
rpath="$(echo "$info" |awk '($1=="RPATH"){printf "%s:", $2}')"
[ -z "$rpath" ] ||
libpath="$rpath$libpath"
if [ -n "$RPM_BUILD_ROOT" ]; then
local BR_libpath= path= IFS=:
for path in $libpath; do
BR_libpath="$BR_libpath:$RPM_BUILD_ROOT$path"
done
libpath="${BR_libpath#:}:$libpath"
fi
echo "$libpath"
}
elf1_ldd()
{
local elf="$1" libpath=
libpath="$(elf1_libpath "$elf")" || return
LD_TRACE_LOADED_OBJECTS=1 LD_WARN=1 LD_BIND_NOW=1 LD_VERBOSE= \
"$RTLD" --library-path "$libpath" --inhibit-rpath "$elf" "$elf"
}
elf1_undefined_symbols()
{
local elf="$1" out=
if ! out="$(elf1_ldd "$elf" 2>&1)"; then
echo "$PROG: $elf: ldd failed:" >&2
echo "$out" >&2
return 2
fi
if [ -n "$out" -a -z "${out##* not found*}" ]; then
echo "$PROG: $elf: unresolved dependencies:" >&2
echo "$out" |grep -F ' not found' >&2
return 1
fi
if [ -n "$out" -a -z "${out##*undefined symbol:*}" ]; then
echo "$out" |awk '/^undefined symbol:/ {
gsub("^[(]|[)]$", "", $NF)
print $3 "\t" $NF }'
fi
}
elf1_verify_strict()
{
local elf="$1" err=
err="$(elf1_undefined_symbols "$elf")" || return 2
[ -n "$err" ] || return 0
local sym= obj=
while IFS=$'\t' read -r sym obj; do
[ "$obj" = "$elf" ] &&
echo "$PROG: $elf: undefined symbol: $sym" >&2 ||
echo "$PROG: $elf: undefined symbol: $sym ($obj)" >&2
done <<<"$err"
return 1
}
elf1_verify_relaxed()
{
local elf="$1" symtab="$2" err=
err="$(elf1_undefined_symbols "$elf")" || return 2
[ -n "$err" ] || return 0
local rc=0 sym= obj=
while IFS=$'\t' read -r sym obj; do
if [ "$obj" != "$elf" ]; then
echo "$PROG: $elf: undefined symbol: $sym ($obj)" >&2
rc=1
elif ! bloom -e "$sym" "$symtab"; then
echo "$PROG: $elf: undefined symbol: $sym" >&2
rc=1
fi
done <<<"$err"
return $rc
}
: ${VERIFY_ELF_SYM:=normal}
case "$VERIFY_ELF_SYM" in
strict|normal|relaxed) : ;;
no|none|skip) exit 0 ;;
*) Fatal "Unrecognized $PROG method: $VERIFY_ELF_SYM" ;;
esac
rc=0 symtab="$1"
shift
for elf; do
if ! type="$(file -bL "$elf")"; then
echo "$PROG: $elf: $type" >&2
rc=1
continue
fi
[ -n "$type" ] || continue
[ -z "${type##*ELF*dynamic*}" -o -z "${type##*ELF*shared*}" ] || continue
if [ "$VERIFY_ELF_SYM" = strict ]; then
elf1_verify_strict "$elf" || rc=1
elif [ "$VERIFY_ELF_SYM" = relaxed ]; then
elf1_verify_relaxed "$elf" "$symtab" || rc=1
elif [ -z "${type##*ELF*executable*}" ]; then
elf1_verify_strict "$elf" || rc=1
elif [ -z "${type##*ELF*shared*}" -a -z "${elf##*/lib/lib*.so*}" ]; then
elf1_verify_strict "$elf" || rc=1
else
elf1_verify_relaxed "$elf" "$symtab" || rc=1
fi
done
exit $rc
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2006-09-14 22:04 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-13 12:46 [devel] gear и hasher: ошибка Anton Farygin
2006-09-13 12:57 ` Dmitry V. Levin
2006-09-13 13:06 ` Anton Farygin
2006-09-13 13:17 ` Dmitry V. Levin
2006-09-13 13:21 ` Anton Farygin
2006-09-13 13:40 ` [devel] verify-elf Dmitry V. Levin
2006-09-13 14:24 ` Anton Farygin
2006-09-13 14:44 ` Dmitry V. Levin
2006-09-13 15:11 ` Anton Farygin
2006-09-13 16:20 ` Dmitry V. Levin
2006-09-14 5:49 ` Anton Farygin
2006-09-14 12:25 ` Dmitry V. Levin
2006-09-14 19:11 ` Dmitry V. Levin
2006-09-14 22:04 ` Alexey Tourbin [this message]
2006-09-14 22:36 ` Dmitry V. Levin
2006-09-21 16:13 ` Dmitry V. Levin
2006-09-22 6:42 ` Alexey Tourbin
2007-11-23 13:06 ` Alexey Tourbin
2006-09-21 6:09 ` Anton Farygin
2006-09-21 9:06 ` Dmitry V. Levin
2006-09-21 9:29 ` Anton Farygin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060914220416.GL17693@localhost.localdomain \
--to=at@altlinux.ru \
--cc=devel@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git