summaryrefslogtreecommitdiffstats
path: root/t/recipes/checks/binaries/rpath
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-14 13:42:30 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-14 13:42:30 +0000
commit75808db17caf8b960b351e3408e74142f4c85aac (patch)
tree7989e9c09a4240248bf4658a22208a0a52d991c4 /t/recipes/checks/binaries/rpath
parentInitial commit. (diff)
downloadlintian-75808db17caf8b960b351e3408e74142f4c85aac.tar.xz
lintian-75808db17caf8b960b351e3408e74142f4c85aac.zip
Adding upstream version 2.117.0.upstream/2.117.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules12
-rw-r--r--t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values4
-rw-r--r--t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile64
-rw-r--r--t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c12
-rwxr-xr-xt/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid30
-rw-r--r--t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c11
-rw-r--r--t/recipes/checks/binaries/rpath/binaries-general/eval/desc2
-rw-r--r--t/recipes/checks/binaries/rpath/binaries-general/eval/hints3
-rwxr-xr-xt/recipes/checks/binaries/rpath/binaries-general/eval/post-test1
-rw-r--r--t/recipes/checks/binaries/rpath/quoted/build-spec/debian/rules12
-rw-r--r--t/recipes/checks/binaries/rpath/quoted/build-spec/fill-values4
-rw-r--r--t/recipes/checks/binaries/rpath/quoted/build-spec/orig/Makefile64
-rw-r--r--t/recipes/checks/binaries/rpath/quoted/build-spec/orig/basic.c12
-rwxr-xr-xt/recipes/checks/binaries/rpath/quoted/build-spec/orig/getbuildid30
-rw-r--r--t/recipes/checks/binaries/rpath/quoted/build-spec/orig/ocaml.c11
-rw-r--r--t/recipes/checks/binaries/rpath/quoted/eval/desc2
-rw-r--r--t/recipes/checks/binaries/rpath/quoted/eval/hints5
-rwxr-xr-xt/recipes/checks/binaries/rpath/quoted/eval/post-test1
-rw-r--r--t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules12
-rw-r--r--t/recipes/checks/binaries/rpath/relative/build-spec/fill-values4
-rw-r--r--t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile64
-rw-r--r--t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c12
-rwxr-xr-xt/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid30
-rw-r--r--t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c11
-rw-r--r--t/recipes/checks/binaries/rpath/relative/eval/desc2
-rw-r--r--t/recipes/checks/binaries/rpath/relative/eval/hints5
-rwxr-xr-xt/recipes/checks/binaries/rpath/relative/eval/post-test1
27 files changed, 421 insertions, 0 deletions
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules
new file mode 100644
index 0000000..3ea7a63
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules
@@ -0,0 +1,12 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+%:
+ dh $@
+
+override_dh_strip:
+ dh_strip -X usr/lib/debug -X unstripped -X ocaml
+
+override_dh_dwz:
+ # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression"
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values
new file mode 100644
index 0000000..a24247d
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values
@@ -0,0 +1,4 @@
+Skeleton: upload-native
+Testname: binaries-general
+Description: Misc errors related to binaries
+Package-Architecture: any
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile
new file mode 100644
index 0000000..cf0f211
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile
@@ -0,0 +1,64 @@
+# turn off PIE in CC in case we have a PIEful toolchain:
+ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),)
+ CC := gcc
+else
+ CC := gcc -fno-pie -no-pie
+endif
+
+NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS))
+NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS))
+COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS)
+COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS)
+# extract from readelf
+GETBUILDID:=./getbuildid
+
+all:
+ # rpath not matching any of the exceptions to the rpath checks
+ # - with profiling enabled.
+ $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,/usr/local/lib
+ # rpath shipped in the package, but one of {/usr}?/lib
+ $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,/usr/lib
+ # non-special rpath shipped in the package
+ $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,/usr/share/foo
+ # special rpath shipped in the package, multiple paths
+ $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,/usr/lib/binaries-general:/usr/lib/binaries-general/bar
+ # static version of basic for debugging checks
+ $(COMPILE_NOPIE) -static -o basic.static basic.c
+ # static executable to trigger ocaml check
+ $(COMPILE_NOPIE) -o ocaml-exec ocaml.c
+ # version with debug
+ $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c
+
+install:
+ # according to local debian rules /usr/lib/debug is unstripped
+ install -d $(DESTDIR)/usr/share/foo/
+ install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/
+ install -d $(DESTDIR)/usr/lib/foo/
+ install -d $(DESTDIR)/usr/bin
+
+ install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic
+ objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic
+ strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic
+ install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath
+ install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath
+ install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec
+ install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore
+ objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic
+ install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`
+ install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug
+ # force fake buildid in order to have tag matching ok (deadbeefdeadbeef)
+ install -d "$(DESTDIR)/usr/lib/debug/.build-id/de"
+ objcopy --compress-debug-sections basicdebug \
+ "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug"
+ install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`
+ objcopy --compress-debug-sections --only-keep-debug basicdebug \
+ "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug
+ install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/
+ # according to local debian rules unstripped in name avoid dh_strip to do the work
+ install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped
+ install -m 755 basic.static $(DESTDIR)/usr/bin/static
+
+clean distclean:
+ rm -f basic
+
+check test:
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c
new file mode 100644
index 0000000..3618004
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c
@@ -0,0 +1,12 @@
+#include <stdio.h>
+#include <string.h>
+
+int
+main(int argc, char *argv[])
+{
+ char t[10];
+ printf("Hello world!\n");
+ /* forces a stack protector */
+ (void) strcpy(t,argv[0]);
+ return (int) t[0];
+}
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid
new file mode 100755
index 0000000..0060d2b
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid
@@ -0,0 +1,30 @@
+#!/bin/sh
+# get build-id of binary
+
+set -e
+
+usage() {
+ echo "Usage: getbuildid [flag] file";
+ echo " print build-id of an object file"
+ echo "flags:"
+ echo " -f : full build-id (default)."
+ echo " -s : short build-id aka the first two characters."
+}
+
+if test $# -lt 1; then usage; exit 77; fi
+if test $# -gt 3; then usage; exit 77; fi
+
+if test $# -eq 1; then
+ LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g'
+else
+ case "x$1" in
+ 'x-f')
+ LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;;
+ 'x-s')
+ LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;;
+ *)
+ exit 2;
+ esac
+fi
+
+exit 0;
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c
new file mode 100644
index 0000000..370d17d
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c
@@ -0,0 +1,11 @@
+#include <stdio.h>
+
+int
+main(int argc, char **argv)
+{
+ if (argc > 2) {
+ puts("Caml1999X000");
+ }
+ puts("\n");
+ return 0;
+}
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/eval/desc b/t/recipes/checks/binaries/rpath/binaries-general/eval/desc
new file mode 100644
index 0000000..6e7e185
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/binaries-general/eval/desc
@@ -0,0 +1,2 @@
+Testname: binaries-general
+Check: binaries/rpath
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/eval/hints b/t/recipes/checks/binaries/rpath/binaries-general/eval/hints
new file mode 100644
index 0000000..367a9a3
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/binaries-general/eval/hints
@@ -0,0 +1,3 @@
+binaries-general (binary): custom-library-search-path RUNPATH /usr/share/foo [usr/lib/foo/basicshippedrpath]
+binaries-general (binary): custom-library-search-path RUNPATH /usr/local/lib [usr/share/foo/basic]
+binaries-general (binary): custom-library-search-path RUNPATH /usr/lib [usr/lib/foo/basiclibrpath]
diff --git a/t/recipes/checks/binaries/rpath/binaries-general/eval/post-test b/t/recipes/checks/binaries/rpath/binaries-general/eval/post-test
new file mode 100755
index 0000000..11ad2c8
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/binaries-general/eval/post-test
@@ -0,0 +1 @@
+/: hardening-.*/ d
diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/debian/rules b/t/recipes/checks/binaries/rpath/quoted/build-spec/debian/rules
new file mode 100644
index 0000000..3ea7a63
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/debian/rules
@@ -0,0 +1,12 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+%:
+ dh $@
+
+override_dh_strip:
+ dh_strip -X usr/lib/debug -X unstripped -X ocaml
+
+override_dh_dwz:
+ # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression"
diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/fill-values b/t/recipes/checks/binaries/rpath/quoted/build-spec/fill-values
new file mode 100644
index 0000000..e5a7a3e
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/fill-values
@@ -0,0 +1,4 @@
+Skeleton: upload-native
+Testname: quoted
+Description: RPATH in double quotes
+Package-Architecture: any
diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/Makefile b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/Makefile
new file mode 100644
index 0000000..f2eed80
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/Makefile
@@ -0,0 +1,64 @@
+# turn off PIE in CC in case we have a PIEful toolchain:
+ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),)
+ CC := gcc
+else
+ CC := gcc -fno-pie -no-pie
+endif
+
+NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS))
+NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS))
+COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS)
+COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS)
+# extract from readelf
+GETBUILDID:=./getbuildid
+
+all:
+ # rpath not matching any of the exceptions to the rpath checks
+ # - with profiling enabled.
+ $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,\"/usr/local/lib\"
+ # rpath shipped in the package, but one of {/usr}?/lib
+ $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,\"/usr/lib\"
+ # non-special rpath shipped in the package
+ $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,\"/usr/share/foo\"
+ # special rpath shipped in the package, multiple paths
+ $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,\"/usr/lib/binaries-general\":\"/usr/lib/binaries-general/bar\"
+ # static version of basic for debugging checks
+ $(COMPILE_NOPIE) -static -o basic.static basic.c
+ # static executable to trigger ocaml check
+ $(COMPILE_NOPIE) -o ocaml-exec ocaml.c
+ # version with debug
+ $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c
+
+install:
+ # according to local debian rules /usr/lib/debug is unstripped
+ install -d $(DESTDIR)/usr/share/foo/
+ install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/
+ install -d $(DESTDIR)/usr/lib/foo/
+ install -d $(DESTDIR)/usr/bin
+
+ install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic
+ objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic
+ strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic
+ install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath
+ install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath
+ install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec
+ install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore
+ objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic
+ install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`
+ install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug
+ # force fake buildid in order to have tag matching ok (deadbeefdeadbeef)
+ install -d "$(DESTDIR)/usr/lib/debug/.build-id/de"
+ objcopy --compress-debug-sections basicdebug \
+ "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug"
+ install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`
+ objcopy --compress-debug-sections --only-keep-debug basicdebug \
+ "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug
+ install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/
+ # according to local debian rules unstripped in name avoid dh_strip to do the work
+ install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped
+ install -m 755 basic.static $(DESTDIR)/usr/bin/static
+
+clean distclean:
+ rm -f basic
+
+check test:
diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/basic.c b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/basic.c
new file mode 100644
index 0000000..3618004
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/basic.c
@@ -0,0 +1,12 @@
+#include <stdio.h>
+#include <string.h>
+
+int
+main(int argc, char *argv[])
+{
+ char t[10];
+ printf("Hello world!\n");
+ /* forces a stack protector */
+ (void) strcpy(t,argv[0]);
+ return (int) t[0];
+}
diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/getbuildid b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/getbuildid
new file mode 100755
index 0000000..0060d2b
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/getbuildid
@@ -0,0 +1,30 @@
+#!/bin/sh
+# get build-id of binary
+
+set -e
+
+usage() {
+ echo "Usage: getbuildid [flag] file";
+ echo " print build-id of an object file"
+ echo "flags:"
+ echo " -f : full build-id (default)."
+ echo " -s : short build-id aka the first two characters."
+}
+
+if test $# -lt 1; then usage; exit 77; fi
+if test $# -gt 3; then usage; exit 77; fi
+
+if test $# -eq 1; then
+ LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g'
+else
+ case "x$1" in
+ 'x-f')
+ LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;;
+ 'x-s')
+ LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;;
+ *)
+ exit 2;
+ esac
+fi
+
+exit 0;
diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/ocaml.c
new file mode 100644
index 0000000..370d17d
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/ocaml.c
@@ -0,0 +1,11 @@
+#include <stdio.h>
+
+int
+main(int argc, char **argv)
+{
+ if (argc > 2) {
+ puts("Caml1999X000");
+ }
+ puts("\n");
+ return 0;
+}
diff --git a/t/recipes/checks/binaries/rpath/quoted/eval/desc b/t/recipes/checks/binaries/rpath/quoted/eval/desc
new file mode 100644
index 0000000..64ca820
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/quoted/eval/desc
@@ -0,0 +1,2 @@
+Testname: quoted
+Check: binaries/rpath
diff --git a/t/recipes/checks/binaries/rpath/quoted/eval/hints b/t/recipes/checks/binaries/rpath/quoted/eval/hints
new file mode 100644
index 0000000..074ceeb
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/quoted/eval/hints
@@ -0,0 +1,5 @@
+quoted (binary): relative-library-search-path RUNPATH "/usr/share/foo" [usr/lib/foo/basicshippedrpath]
+quoted (binary): relative-library-search-path RUNPATH "/usr/local/lib" [usr/share/foo/basic]
+quoted (binary): relative-library-search-path RUNPATH "/usr/lib/binaries-general/bar" [usr/lib/foo/basicshippedrpathmore]
+quoted (binary): relative-library-search-path RUNPATH "/usr/lib/binaries-general" [usr/lib/foo/basicshippedrpathmore]
+quoted (binary): relative-library-search-path RUNPATH "/usr/lib" [usr/lib/foo/basiclibrpath]
diff --git a/t/recipes/checks/binaries/rpath/quoted/eval/post-test b/t/recipes/checks/binaries/rpath/quoted/eval/post-test
new file mode 100755
index 0000000..11ad2c8
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/quoted/eval/post-test
@@ -0,0 +1 @@
+/: hardening-.*/ d
diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules b/t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules
new file mode 100644
index 0000000..3ea7a63
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules
@@ -0,0 +1,12 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+%:
+ dh $@
+
+override_dh_strip:
+ dh_strip -X usr/lib/debug -X unstripped -X ocaml
+
+override_dh_dwz:
+ # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression"
diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/fill-values b/t/recipes/checks/binaries/rpath/relative/build-spec/fill-values
new file mode 100644
index 0000000..9d8fdc2
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/relative/build-spec/fill-values
@@ -0,0 +1,4 @@
+Skeleton: upload-native
+Testname: relative
+Description: Relative RPATH
+Package-Architecture: any
diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile
new file mode 100644
index 0000000..b7758c6
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile
@@ -0,0 +1,64 @@
+# turn off PIE in CC in case we have a PIEful toolchain:
+ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),)
+ CC := gcc
+else
+ CC := gcc -fno-pie -no-pie
+endif
+
+NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS))
+NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS))
+COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS)
+COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS)
+# extract from readelf
+GETBUILDID:=./getbuildid
+
+all:
+ # rpath not matching any of the exceptions to the rpath checks
+ # - with profiling enabled.
+ $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,usr/local/lib
+ # rpath shipped in the package, but one of {/usr}?/lib
+ $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,usr/lib
+ # non-special rpath shipped in the package
+ $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,usr/share/foo
+ # special rpath shipped in the package, multiple paths
+ $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,usr/lib/binaries-general:usr/lib/binaries-general/bar
+ # static version of basic for debugging checks
+ $(COMPILE_NOPIE) -static -o basic.static basic.c
+ # static executable to trigger ocaml check
+ $(COMPILE_NOPIE) -o ocaml-exec ocaml.c
+ # version with debug
+ $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c
+
+install:
+ # according to local debian rules /usr/lib/debug is unstripped
+ install -d $(DESTDIR)/usr/share/foo/
+ install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/
+ install -d $(DESTDIR)/usr/lib/foo/
+ install -d $(DESTDIR)/usr/bin
+
+ install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic
+ objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic
+ strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic
+ install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath
+ install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath
+ install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec
+ install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore
+ objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic
+ install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`
+ install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug
+ # force fake buildid in order to have tag matching ok (deadbeefdeadbeef)
+ install -d "$(DESTDIR)/usr/lib/debug/.build-id/de"
+ objcopy --compress-debug-sections basicdebug \
+ "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug"
+ install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`
+ objcopy --compress-debug-sections --only-keep-debug basicdebug \
+ "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug
+ install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/
+ # according to local debian rules unstripped in name avoid dh_strip to do the work
+ install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped
+ install -m 755 basic.static $(DESTDIR)/usr/bin/static
+
+clean distclean:
+ rm -f basic
+
+check test:
diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c
new file mode 100644
index 0000000..3618004
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c
@@ -0,0 +1,12 @@
+#include <stdio.h>
+#include <string.h>
+
+int
+main(int argc, char *argv[])
+{
+ char t[10];
+ printf("Hello world!\n");
+ /* forces a stack protector */
+ (void) strcpy(t,argv[0]);
+ return (int) t[0];
+}
diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid
new file mode 100755
index 0000000..0060d2b
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid
@@ -0,0 +1,30 @@
+#!/bin/sh
+# get build-id of binary
+
+set -e
+
+usage() {
+ echo "Usage: getbuildid [flag] file";
+ echo " print build-id of an object file"
+ echo "flags:"
+ echo " -f : full build-id (default)."
+ echo " -s : short build-id aka the first two characters."
+}
+
+if test $# -lt 1; then usage; exit 77; fi
+if test $# -gt 3; then usage; exit 77; fi
+
+if test $# -eq 1; then
+ LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g'
+else
+ case "x$1" in
+ 'x-f')
+ LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;;
+ 'x-s')
+ LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;;
+ *)
+ exit 2;
+ esac
+fi
+
+exit 0;
diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c
new file mode 100644
index 0000000..370d17d
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c
@@ -0,0 +1,11 @@
+#include <stdio.h>
+
+int
+main(int argc, char **argv)
+{
+ if (argc > 2) {
+ puts("Caml1999X000");
+ }
+ puts("\n");
+ return 0;
+}
diff --git a/t/recipes/checks/binaries/rpath/relative/eval/desc b/t/recipes/checks/binaries/rpath/relative/eval/desc
new file mode 100644
index 0000000..159b77a
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/relative/eval/desc
@@ -0,0 +1,2 @@
+Testname: relative
+Check: binaries/rpath
diff --git a/t/recipes/checks/binaries/rpath/relative/eval/hints b/t/recipes/checks/binaries/rpath/relative/eval/hints
new file mode 100644
index 0000000..3151df2
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/relative/eval/hints
@@ -0,0 +1,5 @@
+relative (binary): relative-library-search-path RUNPATH usr/share/foo [usr/lib/foo/basicshippedrpath]
+relative (binary): relative-library-search-path RUNPATH usr/local/lib [usr/share/foo/basic]
+relative (binary): relative-library-search-path RUNPATH usr/lib/binaries-general/bar [usr/lib/foo/basicshippedrpathmore]
+relative (binary): relative-library-search-path RUNPATH usr/lib/binaries-general [usr/lib/foo/basicshippedrpathmore]
+relative (binary): relative-library-search-path RUNPATH usr/lib [usr/lib/foo/basiclibrpath]
diff --git a/t/recipes/checks/binaries/rpath/relative/eval/post-test b/t/recipes/checks/binaries/rpath/relative/eval/post-test
new file mode 100755
index 0000000..11ad2c8
--- /dev/null
+++ b/t/recipes/checks/binaries/rpath/relative/eval/post-test
@@ -0,0 +1 @@
+/: hardening-.*/ d