rpmlint/rpmlint-pie.diff

From 6eedb2e510533cb196f37803b78ca64c0d0a77d4 Mon Sep 17 00:00:00 2001
From: scop <scop@9bc8b190-ac0f-0410-8968-dc7d1f502856>
Date: Sun, 15 May 2011 09:05:04 +0000
Subject: [PATCH] Check for position independent executables (based on patch by Ludwig Nussel).

git-svn-id: http://rpmlint.zarb.org/svn/trunk@1865 9bc8b190-ac0f-0410-8968-dc7d1f502856
---
 BinariesCheck.py |   10 ++++++++++
 config           |    4 ++++
 2 files changed, 14 insertions(+), 0 deletions(-)

Index: rpmlint-1.1/BinariesCheck.py
===================================================================
--- rpmlint-1.1.orig/BinariesCheck.py
+++ rpmlint-1.1/BinariesCheck.py
@@ -189,6 +189,8 @@ so_regex = re.compile('/lib(64)?/[^/]+\.
 validso_regex = re.compile('(\.so\.\d+(\.\d+)*|\d\.so)$')
 sparc_regex = re.compile('SPARC32PLUS|SPARC V9|UltraSPARC')
 system_lib_paths = Config.getOption('SystemLibPaths', DEFAULT_SYSTEM_LIB_PATHS)
+pie_exec_re = Config.getOption('PieExecutables')
+if pie_exec_re: pie_exec_re = re.compile(pie_exec_re)
 usr_lib_regex = re.compile('^/usr/lib(64)?/')
 bin_regex = re.compile('^(/usr(/X11R6)?)?/s?bin/')
 soversion_regex = re.compile('.*?([0-9][.0-9]*)\\.so|.*\\.so\\.([0-9][.0-9]*).*')
@@ -377,6 +379,11 @@ class BinariesCheck(AbstractCheck.Abstra
             if not is_exec and not is_shobj:
                 continue
 
+            if is_shobj and not is_exec and '.so' not in fname and \
+                    bin_regex.search(fname):
+                # pkgfile.magic does not contain "executable" for PIEs
+                is_exec = True
+
             if is_exec:
 
                 if bin_regex.search(fname):
@@ -385,6 +392,10 @@ class BinariesCheck(AbstractCheck.Abstra
                 if ocaml_mixed_regex.search(bin_info.tail):
                     printWarning(pkg, 'ocaml-mixed-executable', fname)
 
+                if not is_shobj and pie_exec_re and pie_exec_re.search(fname):
+                    printError(pkg, 'non-position-independent-executable',
+                               fname)
+
             if bin_info.readelf_error:
                 continue
 
@@ -603,6 +614,10 @@ http://bugs.debian.org/cgi-bin/bugreport
 project settings. So there's normally no need to manually strip binaries.
 Left over unstripped binaries could therefore indicate a bug in the automatic
 stripping process.''',
+
+'non-position-independent-executable',
+'''This executable must be position independent.  Check that it is built with
+-fPIE/-fpie in compiler flags and -pie in linker flags.''',
 )
 
 # BinariesCheck.py ends here
Index: rpmlint-1.1/config
===================================================================
--- rpmlint-1.1.orig/config
+++ rpmlint-1.1/config
@@ -130,6 +130,10 @@ from Config import *
 # Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck
 #setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))
 
+# Executables that must be compiled as position independent.
+# Type: regex, default: None
+#setOption("PieExecutables", '^/bin/(ping6?|su)$')
+
 # Whether to want default start/stop runlevels specified in init scripts.
 # Type: boolean, default: True
 #setOption("UseDefaultRunlevels", True)
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`From 6eedb2e510533cb196f37803b78ca64c0d0a77d4 Mon Sep 17 00:00:00 2001`
			`From: scop <scop@9bc8b190-ac0f-0410-8968-dc7d1f502856>`
			`Date: Sun, 15 May 2011 09:05:04 +0000`
			`Subject: [PATCH] Check for position independent executables (based on patch by Ludwig Nussel).`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`git-svn-id: http://rpmlint.zarb.org/svn/trunk@1865 9bc8b190-ac0f-0410-8968-dc7d1f502856`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`---`
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`BinariesCheck.py \| 10 ++++++++++`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`config \| 4 ++++`
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`2 files changed, 14 insertions(+), 0 deletions(-)`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00
			`Index: rpmlint-1.1/BinariesCheck.py`
			`===================================================================`
			`--- rpmlint-1.1.orig/BinariesCheck.py`
			`+++ rpmlint-1.1/BinariesCheck.py`
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`@@ -189,6 +189,8 @@ so_regex = re.compile('/lib(64)?/[^/]+\.`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`validso_regex = re.compile('(\.so\.\d+(\.\d+)*\|\d\.so)$')`
			`sparc_regex = re.compile('SPARC32PLUS\|SPARC V9\|UltraSPARC')`
			`system_lib_paths = Config.getOption('SystemLibPaths', DEFAULT_SYSTEM_LIB_PATHS)`
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`+pie_exec_re = Config.getOption('PieExecutables')`
			`+if pie_exec_re: pie_exec_re = re.compile(pie_exec_re)`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`usr_lib_regex = re.compile('^/usr/lib(64)?/')`
			`bin_regex = re.compile('^(/usr(/X11R6)?)?/s?bin/')`
			`soversion_regex = re.compile('.?([0-9][.0-9])\\.so\|.\\.so\\.([0-9][.0-9]).*')`
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`@@ -377,6 +379,11 @@ class BinariesCheck(AbstractCheck.Abstra`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`if not is_exec and not is_shobj:`
			`continue`

- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`+ if is_shobj and not is_exec and '.so' not in fname and \`
			`+ bin_regex.search(fname):`
			`+ # pkgfile.magic does not contain "executable" for PIEs`
			`+ is_exec = True`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`+`
			`if is_exec:`

			`if bin_regex.search(fname):`
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`@@ -385,6 +392,10 @@ class BinariesCheck(AbstractCheck.Abstra`
			`if ocaml_mixed_regex.search(bin_info.tail):`
			`printWarning(pkg, 'ocaml-mixed-executable', fname)`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`+ if not is_shobj and pie_exec_re and pie_exec_re.search(fname):`
			`+ printError(pkg, 'non-position-independent-executable',`
			`+ fname)`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`+`
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`if bin_info.readelf_error:`
			`continue`

			`@@ -603,6 +614,10 @@ http://bugs.debian.org/cgi-bin/bugreport`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`project settings. So there's normally no need to manually strip binaries.`
- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`Left over unstripped binaries could therefore indicate a bug in the automatic`
			`stripping process.''',`
			`+`
			`+'non-position-independent-executable',`
			`+'''This executable must be position independent. Check that it is built with`
			`+-fPIE/-fpie in compiler flags and -pie in linker flags.''',`
			`)`

			`# BinariesCheck.py ends here`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`Index: rpmlint-1.1/config`
			`===================================================================`
			`--- rpmlint-1.1.orig/config`
			`+++ rpmlint-1.1/config`
			`@@ -130,6 +130,10 @@ from Config import *`
			`# Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck`
			`#setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))`

- update rpmlint-pie.diff and suse-file-var-run.diff with upstream accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18 2011-05-17 12:42:54 +02:00			`+# Executables that must be compiled as position independent.`
			`+# Type: regex, default: None`
			`+#setOption("PieExecutables", '^/bin/(ping6?\|su)$')`
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`+`
			`# Whether to want default start/stop runlevels specified in init scripts.`
			`# Type: boolean, default: True`
			`#setOption("UseDefaultRunlevels", True)`