From 75808db17caf8b960b351e3408e74142f4c85aac Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 14 Apr 2024 15:42:30 +0200 Subject: Adding upstream version 2.117.0. Signed-off-by: Daniel Baumann --- .../rpath/relative/build-spec/debian/rules | 12 ++++ .../binaries/rpath/relative/build-spec/fill-values | 4 ++ .../rpath/relative/build-spec/orig/Makefile | 64 ++++++++++++++++++++++ .../rpath/relative/build-spec/orig/basic.c | 12 ++++ .../rpath/relative/build-spec/orig/getbuildid | 30 ++++++++++ .../rpath/relative/build-spec/orig/ocaml.c | 11 ++++ t/recipes/checks/binaries/rpath/relative/eval/desc | 2 + .../checks/binaries/rpath/relative/eval/hints | 5 ++ .../checks/binaries/rpath/relative/eval/post-test | 1 + 9 files changed, 141 insertions(+) create mode 100644 t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules create mode 100644 t/recipes/checks/binaries/rpath/relative/build-spec/fill-values create mode 100644 t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile create mode 100644 t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c create mode 100755 t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid create mode 100644 t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c create mode 100644 t/recipes/checks/binaries/rpath/relative/eval/desc create mode 100644 t/recipes/checks/binaries/rpath/relative/eval/hints create mode 100755 t/recipes/checks/binaries/rpath/relative/eval/post-test (limited to 't/recipes/checks/binaries/rpath/relative') diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules b/t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/fill-values b/t/recipes/checks/binaries/rpath/relative/build-spec/fill-values new file mode 100644 index 0000000..9d8fdc2 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: relative +Description: Relative RPATH +Package-Architecture: any diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile new file mode 100644 index 0000000..b7758c6 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,usr/share/foo + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,usr/lib/binaries-general:usr/lib/binaries-general/bar + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include +#include + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/rpath/relative/eval/desc b/t/recipes/checks/binaries/rpath/relative/eval/desc new file mode 100644 index 0000000..159b77a --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/eval/desc @@ -0,0 +1,2 @@ +Testname: relative +Check: binaries/rpath diff --git a/t/recipes/checks/binaries/rpath/relative/eval/hints b/t/recipes/checks/binaries/rpath/relative/eval/hints new file mode 100644 index 0000000..3151df2 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/eval/hints @@ -0,0 +1,5 @@ +relative (binary): relative-library-search-path RUNPATH usr/share/foo [usr/lib/foo/basicshippedrpath] +relative (binary): relative-library-search-path RUNPATH usr/local/lib [usr/share/foo/basic] +relative (binary): relative-library-search-path RUNPATH usr/lib/binaries-general/bar [usr/lib/foo/basicshippedrpathmore] +relative (binary): relative-library-search-path RUNPATH usr/lib/binaries-general [usr/lib/foo/basicshippedrpathmore] +relative (binary): relative-library-search-path RUNPATH usr/lib [usr/lib/foo/basiclibrpath] diff --git a/t/recipes/checks/binaries/rpath/relative/eval/post-test b/t/recipes/checks/binaries/rpath/relative/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d -- cgit v1.2.3