3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/build-support/setup-hooks
aszlig c64624b843
autoPatchelfHook: Correctly detect PIE binaries
I originally thought it would just be enough to just check for an INTERP
section in isExecutable, however this would mean that we don't detect
statically linked ELF files, which would break our recent improvement to
gracefully handle those.

In theory, we are only interested in ELF files that have an INTERP
section, so checking for INTERP would be enough. Unfortunately the
isExecutable function is already used outside of autoPatchelfHook, so we
can't easily get rid of it now, so let's actually strive for more
correctness and make isExecutable actually match ELF files that are
executable.

So what we're doing instead now is to check whether either the ELF type
is EXEC *or* we have an INTERP section and if one of them is true we
should have an ELF executable, even if it's statically linked.

Along the way I also set LANG=C for the invocations of readelf, just to
be sure we don't get locale-dependent output.

Tested this with the following command (which contains almost[1] all the
packages using autoPatchelfHook), checking whether we run into any
library-related errors:

  nix-build -E 'with import ./. { config.allowUnfree = true; };
    runCommand "test-executables" {
      drvs = [
        anydesk cups-kyodialog3 elasticsearch franz gurobi
        masterpdfeditor oracle-instantclient powershell reaper
        sourcetrail teamviewer unixODBCDrivers.msodbcsql17 virtlyst
        vk-messenger wavebox zoom-us
      ];
    } ("for i in $drvs; do for b in $i/bin/*; do " +
       "[ -x \"$b\" ] && timeout 10 \"$b\" || :; done; done")
  '

Apart from testing against library-related errors I also compared the
resulting store paths against the ones prior to this commit. Only
anydesk and virtlyst had the same as they didn't have self-references,
everything else differed only because of self-references, except
elasticsearch, which had the following PIE binaries:

  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autoconfig
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autodetect
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/categorize
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/normalize

These binaries were now patched, which is what this commit is all about.

[1]: I didn't include the "maxx" package (MaXX Interactive Desktop)
     because the upstream URLs are no longer existing and I couldn't
     find them elsewhere on the web.

Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/48330
Cc: @gnidorah (for MaXX Interactive Desktop)
2018-11-03 08:07:42 +01:00
..
audit-tmpdir.sh audit-tmpdir: fix processing of files with spaces, quote variables 2018-08-20 13:08:32 -05:00
auto-patchelf.sh autoPatchelfHook: Correctly detect PIE binaries 2018-11-03 08:07:42 +01:00
autoreconf.sh autoreconfHook: Simplify by avoiding findInputs 2017-09-14 13:16:12 -04:00
breakpoint-hook.sh breakpointHook: add for debugging failing builds 2018-10-25 10:19:41 +01:00
compress-man-pages.sh compress-man-pages: skip compressed manpages 2017-02-27 20:03:45 +01:00
die.sh dieHook: Add die utility function 2017-08-08 00:17:56 -05:00
enable-coverage-instrumentation.sh Move generation of coverage reports from nixos/lib/testing to releaseTools 2014-03-03 13:57:08 +01:00
find-xml-catalogs.sh treewide: Don't use envHook anymore 2017-12-30 22:04:22 -05:00
fix-darwin-dylib-names.sh replace "Mac OS X" and "OS X" with "macOS" 2017-08-07 21:41:30 +02:00
gog-unpack.sh build-support gogUnpackHook: support for unpacking games from gog.com 2018-02-12 22:28:06 +08:00
keep-build-tree.sh Move generation of coverage reports from nixos/lib/testing to releaseTools 2014-03-03 13:57:08 +01:00
ld-is-cc-hook.sh ld-is-cc-hook: init 2017-12-19 01:45:42 +00:00
make-coverage-analysis-report.sh releaseTools.coverageAnalysis: Emit hydra-metrics 2015-07-30 18:06:33 +02:00
make-wrapper.sh makeWrapper: document --set-default 2018-08-24 19:46:16 +02:00
move-docs.sh move-docs.sh: Handle share/gtk-doc 2015-07-26 13:35:49 +02:00
move-lib64.sh stdenv lib64-moving: fail instead of overwriting 2014-11-17 11:27:38 +01:00
move-sbin.sh Automatically move stuff in lib64 to lib 2014-10-07 15:04:13 +02:00
multiple-outputs.sh Merge pull request #31987 from jtojnar/devhelp-devdoc 2017-11-25 23:14:47 +00:00
patch-shebangs.sh patch-shebangs.sh: use more robust 'for each file' loop, check for dir 2018-09-28 11:21:51 -05:00
prune-libtool-files.sh pruneLibtoolFiles: init setup hook (#41819) 2018-06-11 18:11:02 +00:00
role.bash treewide: Use pkgs/build-support/roles.bash to remove copy pasta 2018-05-07 15:10:37 -04:00
separate-debug-info.sh misc setup-hooks: Use env vars to refer to binutils programs 2017-12-13 16:08:18 -05:00
set-java-classpath.sh treewide: Don't use envHook anymore 2017-12-30 22:04:22 -05:00
set-source-date-epoch-to-latest.sh set-source-date-epoch-to-latest.sh: shut up a warning 2017-09-17 10:35:44 +02:00
setup-debug-info-dirs.sh treewide: Don't use envHook anymore 2017-12-30 22:04:22 -05:00
strip.sh strip setup hook: Learn about only stripping host/target binaries alone 2017-12-30 22:04:22 -05:00
update-autotools-gnu-config-scripts.sh updateAutotoolsGnuConfigScriptsHook: Only fix files 2017-02-11 12:24:49 +02:00
use-old-cxx-abi.sh useOldCXXAbi: Change into a setup hook 2016-04-01 13:36:59 +02:00
win-dll-link.sh misc setup-hooks: Use env vars to refer to binutils programs 2017-12-13 16:08:18 -05:00
wrap-gapps-hook.sh treewide: Don't use envHook anymore 2017-12-30 22:04:22 -05:00