bin/check-elf-dynamic-objects

   1 #!/bin/bash
   2 #
   3 # This file is part of the LibreOffice project.
   4 #
   5 # This Source Code Form is subject to the terms of the Mozilla Public
   6 # License, v. 2.0. If a copy of the MPL was not distributed with this
   7 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8 #
   9
  10 # verify that ELF NEEDED entries are known-good so hopefully builds run on
  11 # lots of different GNU/Linux distributions
  12
  13 set -euo pipefail
  14
  15 PARA=1
  16 check_path="${INSTDIR:-.}"
  17
  18 help()
  19 {
  20     cat << "EOF"
  21     -d <dir>  directory to check
  22     -p        run unbound parallel checks
  23     -h        help
  24 EOF
  25     [ -z "${1:-}" ] && exit 0
  26 }
  27
  28 die()
  29 {
  30     echo "$1"
  31     echo
  32     help 1
  33     exit 1
  34 }
  35
  36 while [ "${1:-}" != "" ]; do
  37     parm=${1%%=*}
  38     arg=${1#*=}
  39     has_arg=
  40     if [ "${1}" != "${parm?}" ] ; then
  41         has_arg=1
  42     else
  43         arg=""
  44     fi
  45
  46     case "${parm}" in
  47         --dir|-d)
  48             if [ "$has_arg" ] ; then
  49                 check_path="$arg"
  50             else
  51                 shift
  52                 check_path="$1"
  53             fi
  54             if [ ! -d "$check_path" ]; then
  55                 die "Invalid directory '$check_path'"
  56             fi
  57             ;;
  58         -h)
  59             help
  60             ;;
  61         -p)
  62             # this sounds counter intuitive but the idea
  63             # is to possibly support -p <n>
  64             # in the meantime: 0 = nolimit and -p 1 would mean
  65             # the current default: serialize
  66             PARA=0
  67             ;;
  68         -*)
  69             die "Invalid option $1"
  70             ;;
  71         *)
  72             if [ "$DO_NEW" = 1 ] ; then
  73                 REPO="$1"
  74             else
  75                 die "Invalid argument $1"
  76             fi
  77             ;;
  78     esac
  79     shift
  80 done
  81
  82
  83 files=$(find "${check_path}/program" "${check_path}/sdk/bin" -type f)
  84 # all RPATHs should point to ${INSTDIR}/program so that's the files they find
  85 programfiles=$(echo ${files} | grep -o '/program/[^/]* ' | xargs -n 1 basename)
  86
  87 # allowlists should contain only system libraries that have a good reputation
  88 # of maintaining ABI stability
  89 # allow extending the allowlist using the environment variable to be able to work
  90 # on the installer stuff without the need for a baseline setup
  91 globalallowlist="ld-linux-x86-64.so.2 ld-linux.so.2 libc.so.6 libm.so.6 libdl.so.2 libpthread.so.0 librt.so.1 libutil.so.1 libnsl.so.1 libcrypt.so.1 libgcc_s.so.1 libstdc++.so.6 libz.so.1 libfontconfig.so.1 libfreetype.so.6 libxml2.so.2 libxslt.so.1 libexslt.so.0 ${LO_ELFCHECK_ALLOWLIST-}"
  92 x11allowlist="libX11.so.6 libX11-xcb.so.1 libXext.so.6 libSM.so.6 libICE.so.6 libXinerama.so.1 libXrender.so.1 libXrandr.so.2 libcairo.so.2"
  93 openglallowlist="libGL.so.1"
  94 gioallowlist="libgio-2.0.so.0 libgobject-2.0.so.0 libgmodule-2.0.so.0 libgthread-2.0.so.0 libglib-2.0.so.0 libdbus-glib-1.so.2 libdbus-1.so.3"
  95 gstreamerallowlist="libgstaudio-1.0.so.0 libgstpbutils-1.0.so.0 libgstvideo-1.0.so.0 libgstbase-1.0.so.0 libgstreamer-1.0.so.0"
  96 gtk3allowlist="libgtk-3.so.0 libgdk-3.so.0 libcairo-gobject.so.2 libpangocairo-1.0.so.0 libfribidi.so.0 libatk-1.0.so.0 libcairo.so.2 libgio-2.0.so.0 libpangoft2-1.0.so.0 libpango-1.0.so.0 libfontconfig.so.1 libfreetype.so.6 libgdk_pixbuf-2.0.so.0 libgobject-2.0.so.0 libglib-2.0.so.0 libgmodule-2.0.so.0 libgthread-2.0.so.0 libdbus-glib-1.so.2 libdbus-1.so.3 libharfbuzz.so.0"
  97 qt5allowlist="libQt5Core.so.5 libQt5Gui.so.5 libQt5Network.so.5 libQt5Widgets.so.5 libQt5X11Extras.so.5 libcairo.so.2 libglib-2.0.so.0 libgobject-2.0.so.0 libxcb.so.1 libxcb-icccm.so.4"
  98 kf5allowlist="libKF5ConfigCore.so.5 libKF5CoreAddons.so.5 libKF5I18n.so.5 libKF5KIOCore.so.5 libKF5KIOFileWidgets.so.5 libKF5KIOWidgets.so.5 libKF5WindowSystem.so.5"
  99 avahiallowlist="libdbus-glib-1.so.2 libdbus-1.so.3 libgobject-2.0.so.0 libgmodule-2.0.so.0 libgthread-2.0.so.0 libglib-2.0.so.0 libavahi-common.so.3 libavahi-client.so.3"
 100 kerberosallowlist="libgssapi_krb5.so.2 libcom_err.so.2 libkrb5.so.3"
 101 dconfallowlist="libdconf.so.1 libgio-2.0.so.0 libglib-2.0.so.0 libgobject-2.0.so.0"
 102
 103 check_one_file()
 104 {
 105 local file="$1"
 106
 107     skip=0
 108     allowlist="${globalallowlist}"
 109     case "${file}" in
 110         */sdk/docs/*)
 111             # skip the majority of files, no ELF binaries here
 112             skip=1
 113         ;;
 114         */_uuid.cpython-*.so)
 115             allowlist="${allowlist} libuuid.so.1"
 116         ;;
 117         */libcairo.so.2)
 118             allowlist="${allowlist} ${x11allowlist} libxcb-shm.so.0 libxcb.so.1 libxcb-render.so.0"
 119         ;;
 120         */libcairocanvaslo.so)
 121             allowlist="${allowlist} libcairo.so.2"
 122         ;;
 123         */libucpgio1lo.so|*/liblosessioninstalllo.so|*/libevoablo.so)
 124             allowlist="${allowlist} ${gioallowlist}"
 125         ;;
 126         */libavmediagst.so)
 127             allowlist="${allowlist} ${gtk3allowlist} ${gstreamerallowlist}"
 128         ;;
 129         */libvclplug_kf5lo.so|*/libkf5be1lo.so)
 130             if [ "$ENABLE_KF5" = TRUE ]; then
 131                 allowlist="${allowlist} ${qt5allowlist} ${kf5allowlist}"
 132             fi
 133         ;;
 134         */libvclplug_gtk3lo.so|*/updater)
 135             allowlist="${allowlist} ${x11allowlist} ${gtk3allowlist}"
 136         ;;
 137         */libvclplug_qt5lo.so)
 138             if [ "$ENABLE_QT5" = TRUE ]; then
 139                 allowlist="${allowlist} ${qt5allowlist}"
 140             fi
 141         ;;
 142         */libvclplug_gtk3_kde5lo.so)
 143             if [ "$ENABLE_GTK3_KDE5" = TRUE ]; then
 144                 allowlist="${allowlist} ${x11allowlist} ${gtk3allowlist} ${qt5allowlist} ${kf5allowlist}"
 145             fi
 146         ;;
 147         */lo_kde5filepicker)
 148             if [ "$ENABLE_GTK3_KDE5" = TRUE ]; then
 149                 allowlist="${allowlist} ${x11allowlist} ${gtk3allowlist} ${qt5allowlist} \
 150                     ${kf5allowlist}"
 151             fi
 152         ;;
 153         */libdesktop_detectorlo.so|*/ui-previewer|*/oosplash|*/gengal.bin)
 154             allowlist="${allowlist} ${x11allowlist}"
 155         ;;
 156         */libvclplug_genlo.so|*/libchartcorelo.so|*/libavmediaogl.so|*/libOGLTranslo.so|*/liboglcanvaslo.so)
 157             allowlist="${allowlist} ${x11allowlist} ${openglallowlist}"
 158         ;;
 159         */libvcllo.so)
 160             allowlist="${allowlist} ${x11allowlist} ${openglallowlist} ${gioallowlist} libcups.so.2"
 161         ;;
 162         */libsofficeapp.so)
 163             allowlist="${allowlist} ${x11allowlist} ${openglallowlist} ${gioallowlist} libcups.so.2"
 164         ;;
 165         */liblibreofficekitgtk.so)
 166             allowlist="${allowlist} ${gtk3allowlist}"
 167         ;;
 168         */libsdlo.so)
 169             allowlist="${allowlist} ${avahiallowlist}"
 170         ;;
 171         */libskialo.so)
 172             allowlist="${allowlist} ${openglallowlist} ${x11allowlist}"
 173         ;;
 174         */libofficebean.so)
 175             allowlist="${allowlist} libjawt.so"
 176         ;;
 177         */libpostgresql-sdbc-impllo.so)
 178             allowlist="${allowlist} ${kerberosallowlist}"
 179         ;;
 180         */libconfigmgrlo.so)
 181             if [ "$ENABLE_DCONF" = TRUE ]; then
 182                 allowlist="${allowlist} ${dconfallowlist}"
 183             fi
 184         ;;
 185         */libmergedlo.so)
 186             allowlist="${allowlist} ${x11allowlist} ${openglallowlist} ${gioallowlist} libcups.so.2 libcairo.so.2"
 187         ;;
 188     esac
 189     if test "${skip}" = 0 && readelf -d "${file}" &> /dev/null ; then
 190         rpath=$(readelf -d "${file}" | grep '(\(RPATH\|RUNPATH\))' || true)
 191         neededs=$(readelf -d "${file}" | grep '(NEEDED)' | sed -e 's/.*\[\(.*\)\]$/\1/')
 192         neededsinternal=
 193         for needed in ${neededs}
 194         do
 195             if ! echo ${allowlist} | grep -q -w "${needed}" ; then
 196                 neededsinternal="${neededsinternal} ${needed}"
 197                 if ! echo ${programfiles} | grep -q -w "${needed}" ; then
 198                     echo "${file}" has suspicious NEEDED: "${needed}"
 199                     status=1
 200                 fi
 201             fi
 202         done
 203         if test -z "${rpath}" ; then
 204             case "${file}" in
 205                 */python-core-*/lib/lib-dynload/*)
 206                     # python modules don't have RPATH
 207                 ;;
 208                 */share/extensions/*)
 209                     # extension libraries don't have RPATH
 210                 ;;
 211                 *)
 212                     # no NEEDED from instdir, no RPATH needed
 213                     if test -n "${neededsinternal}" ; then
 214                         echo "${file}" has no RPATH
 215                         status=1
 216                     fi
 217                 ;;
 218             esac
 219         else
 220             case "$file" in
 221                 */sdk/bin/*)
 222                     if echo "${rpath}" | grep -q -v '\[\$ORIGIN/../../program\]$' ; then
 223                         echo "${file}" has unexpected RPATH "${rpath}"
 224                         status=1
 225                     fi
 226                 ;;
 227                 *)
 228                     if echo "${rpath}" | grep -q -v '\[\$ORIGIN\]$' ; then
 229                         echo "${file}" has unexpected RPATH "${rpath}"
 230                         status=1
 231                     fi
 232                 ;;
 233             esac
 234         fi
 235     fi
 236 }
 237 status=0
 238
 239 if [ "$PARA" = "1" ] ; then
 240     for file in ${files}
 241     do
 242         check_one_file $file
 243     done
 244 else
 245     rm -f check_elf.out
 246     for file in ${files}
 247     do
 248         (
 249         check_one_file $file
 250         )>> check_elf.out &
 251     done
 252
 253     wait
 254
 255     if [ -s check_elf.out ] ; then
 256         cat check_elf.out
 257         status=1
 258     fi
 259     rm check_elf.out
 260 fi
 261 exit ${status}
 262