rpmlint/rpmlint-pie.diff

From cdf3d7e6338e8133d9b2b8f19de8e5a3308327bc Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Mon, 9 May 2011 11:54:48 +0200
Subject: [PATCH] check for position independent executables

---
 BinariesCheck.py |   11 +++++++++++
 config           |    4 ++++
 2 files changed, 15 insertions(+), 0 deletions(-)

Index: rpmlint-1.1/BinariesCheck.py
===================================================================
--- rpmlint-1.1.orig/BinariesCheck.py
+++ rpmlint-1.1/BinariesCheck.py
@@ -25,6 +25,9 @@ DEFAULT_SYSTEM_LIB_PATHS = (
     '/lib', '/usr/lib', '/usr/X11R6/lib',
     '/lib64', '/usr/lib64', '/usr/X11R6/lib64')
 
+DEFAULT_PIE_EXECUTABLES = (
+)
+
 class BinaryInfo:
 
     needed_regex = re.compile('\s+\(NEEDED\).*\[(\S+)\]')
@@ -189,6 +192,7 @@ so_regex = re.compile('/lib(64)?/[^/]+\.
 validso_regex = re.compile('(\.so\.\d+(\.\d+)*|\d\.so)$')
 sparc_regex = re.compile('SPARC32PLUS|SPARC V9|UltraSPARC')
 system_lib_paths = Config.getOption('SystemLibPaths', DEFAULT_SYSTEM_LIB_PATHS)
+pie_executables = Config.getOption('PieExecutables', DEFAULT_PIE_EXECUTABLES)
 usr_lib_regex = re.compile('^/usr/lib(64)?/')
 bin_regex = re.compile('^(/usr(/X11R6)?)?/s?bin/')
 soversion_regex = re.compile('.*?([0-9][.0-9]*)\\.so|.*\\.so\\.([0-9][.0-9]*).*')
@@ -377,6 +381,9 @@ class BinariesCheck(AbstractCheck.Abstra
             if not is_exec and not is_shobj:
                 continue
 
+            if fname in pie_executables and not is_shobj:
+                printError(pkg, 'not-a-position-independent-executable', fname)
+
             if is_exec:
 
                 if bin_regex.search(fname):
@@ -598,6 +605,10 @@ that use prelink, make sure that prelink
 placing a blacklist file in /etc/prelink.conf.d.  For more information, see
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49''',
 
+'not-a-position-independent-executable',
+'''As per distribution policy the binary must be position independent. Add
+-fPIE to CFLAGS and -pie to LDFLAGS'''
+
 'unstripped-binary-or-object',
 '''stripping debug info from binaries happens automatically according to global
 project settings. So there's normally no need to manually strip binaries.
Index: rpmlint-1.1/config
===================================================================
--- rpmlint-1.1.orig/config
+++ rpmlint-1.1/config
@@ -130,6 +130,10 @@ from Config import *
 # Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck
 #setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))
 
+# List of binaries that must be position independent executables
+# Type: tuple of strings, default: empty
+#setOption("PieExecutables", ('/bin/ping', '/bin/su'))
+
 # Whether to want default start/stop runlevels specified in init scripts.
 # Type: boolean, default: True
 #setOption("UseDefaultRunlevels", True)
- add not-a-position-independent-executable check OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=14 2011-05-10 13:38:20 +02:00			`From cdf3d7e6338e8133d9b2b8f19de8e5a3308327bc Mon Sep 17 00:00:00 2001`
			`From: Ludwig Nussel <ludwig.nussel@suse.de>`
			`Date: Mon, 9 May 2011 11:54:48 +0200`
			`Subject: [PATCH] check for position independent executables`

			`---`
			`BinariesCheck.py \| 11 +++++++++++`
			`config \| 4 ++++`
			`2 files changed, 15 insertions(+), 0 deletions(-)`

			`Index: rpmlint-1.1/BinariesCheck.py`
			`===================================================================`
			`--- rpmlint-1.1.orig/BinariesCheck.py`
			`+++ rpmlint-1.1/BinariesCheck.py`
			`@@ -25,6 +25,9 @@ DEFAULT_SYSTEM_LIB_PATHS = (`
			`'/lib', '/usr/lib', '/usr/X11R6/lib',`
			`'/lib64', '/usr/lib64', '/usr/X11R6/lib64')`

			`+DEFAULT_PIE_EXECUTABLES = (`
			`+)`
			`+`
			`class BinaryInfo:`

			`needed_regex = re.compile('\s+\(NEEDED\).*\[(\S+)\]')`
			`@@ -189,6 +192,7 @@ so_regex = re.compile('/lib(64)?/[^/]+\.`
			`validso_regex = re.compile('(\.so\.\d+(\.\d+)*\|\d\.so)$')`
			`sparc_regex = re.compile('SPARC32PLUS\|SPARC V9\|UltraSPARC')`
			`system_lib_paths = Config.getOption('SystemLibPaths', DEFAULT_SYSTEM_LIB_PATHS)`
			`+pie_executables = Config.getOption('PieExecutables', DEFAULT_PIE_EXECUTABLES)`
			`usr_lib_regex = re.compile('^/usr/lib(64)?/')`
			`bin_regex = re.compile('^(/usr(/X11R6)?)?/s?bin/')`
			`soversion_regex = re.compile('.?([0-9][.0-9])\\.so\|.\\.so\\.([0-9][.0-9]).*')`
			`@@ -377,6 +381,9 @@ class BinariesCheck(AbstractCheck.Abstra`
			`if not is_exec and not is_shobj:`
			`continue`

			`+ if fname in pie_executables and not is_shobj:`
			`+ printError(pkg, 'not-a-position-independent-executable', fname)`
			`+`
			`if is_exec:`

			`if bin_regex.search(fname):`
			`@@ -598,6 +605,10 @@ that use prelink, make sure that prelink`
			`placing a blacklist file in /etc/prelink.conf.d. For more information, see`
			`http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49''',`

			`+'not-a-position-independent-executable',`
			`+'''As per distribution policy the binary must be position independent. Add`
			`+-fPIE to CFLAGS and -pie to LDFLAGS'''`
			`+`
			`'unstripped-binary-or-object',`
			`'''stripping debug info from binaries happens automatically according to global`
			`project settings. So there's normally no need to manually strip binaries.`
			`Index: rpmlint-1.1/config`
			`===================================================================`
			`--- rpmlint-1.1.orig/config`
			`+++ rpmlint-1.1/config`
			`@@ -130,6 +130,10 @@ from Config import *`
			`# Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck`
			`#setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))`

			`+# List of binaries that must be position independent executables`
			`+# Type: tuple of strings, default: empty`
			`+#setOption("PieExecutables", ('/bin/ping', '/bin/su'))`
			`+`
			`# Whether to want default start/stop runlevels specified in init scripts.`
			`# Type: boolean, default: True`
			`#setOption("UseDefaultRunlevels", True)`