(Created page with "<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name. This keeps all change proposals in the same namespace --> =...") |
No edit summary |
||
| Line 2: | Line 2: | ||
= Change Proposal Name = | = Change Proposal Name = | ||
Enable RPATH detection | Enable RPATH detection during rpmbuild. | ||
== Summary == | == Summary == | ||
Enable | Enable RPATH detection during rpmbuild by using the check-rpaths script. This will make the build fail in case it detected a hard-coded RPATH within a binary or a shared library file. | ||
== Owner == | == Owner == | ||
<!-- | <!-- | ||
| Line 28: | Line 27: | ||
<!-- Select proper category, default is Self Contained Change --> | <!-- Select proper category, default is Self Contained Change --> | ||
[[Category: | [[Category:SystemWideChange]] | ||
<!-- [[Category:SystemWideChange]] --> | <!-- [[Category:SystemWideChange]] --> | ||
| Line 45: | Line 44: | ||
== Detailed Description == | == Detailed Description == | ||
<!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. --> | <!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. --> | ||
The dynamic linker and loader (ld.so) is responsible for resolving runtime dependencies of executables and shared library files through a search hierarchy. However some packages (usually through their upstream buildsystems) contain a hard-coded path within their binaries or .so files, by using the -R or -rpath flag during compilation, which is referred to as RPATH. By utilizing RPATH, ELF files can point to directories to be included in the search path, on runtime, to resolve their dependencies. | |||
While this can be used for non-standard directories, such as private libraries, when RPATH points to a value already provided by the search path of ld.so it changes the hierarchy of the search, by placing the system defaults first. | |||
(a) DT_RPATH -> (b) LD_LIBRARY_PATH -> (c) DT_RUNPATH -> (d) cache (/etc/ld.so.cache) -> (e) system defaults | |||
This could present a variety of issues, such as LD_LIBRARY_PATH overrides not working, incomplete dependency resolution, loading of wrong libraries etc. In general changing the default search hierarchy could lead to unforeseen bugs and issues. And it's the same issue as adding /usr/lib64 to LD_LIBRARY_PATH. | |||
In Fedora the use of RPATH is forbidden, but it was never enforced. This change intends to ratify that by running check-rpaths during rpmbuild and fail the build if an RPATH entry was detected. | |||
== Feedback == | == Feedback == | ||
<!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. --> | <!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. --> | ||
The change has been proposed a long time ago through FPC [0] and the general concencus is that it needs to be done, along with an overhaul of the Fedora documentation in regards to RPATH. | |||
An email was also sent on Fedora devel regarding this change [1]. | |||
There have been multiple requests in the past to enable that check as well. [2] | |||
[0] https://pagure.io/packaging-committee/issue/886 | |||
[1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/7ZKGVM4XJ7QFRFZXTSGUT4K2MPDVV2XY/#W7LXPX4SIB57DDXXI4PQNKCFSOQMOL4S | |||
[2] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/WD6JWMDIORBYNL4C5UHOJQGDR3N7HZY3/#LB63Q2HSLPWRMR7UQVQOYVVTG346TDRZ | |||
[3] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/A5X7ENAITWTVZASJBLCXS5MXQ7BE2RS6/#A5X7ENAITWTVZASJBLCXS5MXQ7BE2RS6 | |||
[4] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/YJUWD2K32CZAGCDYOAJH2ISA2WF5AMGW/#ORK6J2T4PEYDCNA44HLEONFTXI2A6TFC | |||
[5] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/2GITTEQ7SC5T656AXQ3OHKDG4SLINXB6/#NT3W4PYENFF3FPWDOTJ2UNOGVLZA4DHV | |||
== Benefit to Fedora == | == Benefit to Fedora == | ||
| Line 77: | Line 99: | ||
https://fedoraproject.org/wiki/Changes/perl5.26 (major upgrade to a popular software stack, visible to users of that stack) | https://fedoraproject.org/wiki/Changes/perl5.26 (major upgrade to a popular software stack, visible to users of that stack) | ||
--> | --> | ||
== Scope == | == Scope == | ||
| Line 83: | Line 108: | ||
* Other developers: <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | * Other developers: <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
Fix the packages | |||
List of packages | |||
audiofile | |||
abc | |||
binutils | |||
esc | |||
ettercap | |||
freeradius | |||
fortune-mod | |||
fcl | |||
eb | |||
conky-manager | |||
condor | |||
community-mysql | |||
czmq | |||
cfitsio | |||
compat-guile18 | |||
glib2 | |||
gnokii | |||
koffice-kivio | |||
kicad | |||
jq | |||
komparator | |||
k3guitune | |||
laszip | |||
levmar | |||
hdf | |||
gpick | |||
kdepim3 | |||
gpgme | |||
Io-language | |||
kdegames3 | |||
gupnp-dlna | |||
kdebase3 | |||
libcommuni | |||
lutok | |||
libburn | |||
libminc | |||
libisoburn | |||
liboping | |||
librfid | |||
mingw-qt5-qtdeclarative | |||
libkkc | |||
openjade | |||
libdxfrw | |||
libosip2 | |||
libeXosip2 | |||
NLopt | |||
libprelude | |||
mingw-qt5-qt3d | |||
mod_wsgi | |||
libXcm | |||
ncview | |||
libdkimpp | |||
mingw-qt5-qttools | |||
mcpp | |||
mingw-qt5-qtbase | |||
mongo-c-driver | |||
nightview | |||
openscap | |||
plotmm | |||
pam_yubico | |||
perl-SDL | |||
pinentry | |||
pam_mount | |||
rb_libtorrent | |||
rrdtool | |||
rarian | |||
qwtpolar | |||
qucs | |||
scipy | |||
tracker | |||
SDL_image | |||
sofia-sip | |||
scap-workbench | |||
woff2 | |||
xeus | |||
yaz | |||
stp | |||
suitesparse | |||
sqlite2 | |||
vanessa_logger | |||
xbsql | |||
tracker-miners | |||
WindowMaker | |||
xmms | |||
sylfilter | |||
verbiste | |||
zvbi | |||
xdotool | |||
texlive-base | |||
zinnia | |||
<!-- What work do other developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | <!-- What work do other developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | ||
| Line 91: | Line 211: | ||
* Policies and guidelines: N/A (not needed for this Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | * Policies and guidelines: N/A (not needed for this Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
<!-- Do the packaging guidelines or other documents need to be updated for this feature? If so, does it need to happen before or after the implementation is done? If a FPC ticket exists, add a link here. Please submit a pull request with the proposed changes before submitting your Change proposal. --> | <!-- Do the packaging guidelines or other documents need to be updated for this feature? If so, does it need to happen before or after the implementation is done? If a FPC ticket exists, add a link here. Please submit a pull request with the proposed changes before submitting your Change proposal. --> | ||
Guidelines need to change | |||
* Trademark approval: N/A (not needed for this Change) | * Trademark approval: N/A (not needed for this Change) | ||
| Line 120: | Line 242: | ||
<!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
Copr repo | |||
Local changes | |||
| Line 133: | Line 259: | ||
- Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system. | - Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system. | ||
--> | --> | ||
Packagers will have | |||
== Dependencies == | == Dependencies == | ||
| Line 139: | Line 267: | ||
<!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
Merge the PR to redhat-rpm-config | |||
== Contingency Plan == | == Contingency Plan == | ||
| Line 149: | Line 278: | ||
* Blocks release? N/A (not a System Wide Change), Yes/No <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | * Blocks release? N/A (not a System Wide Change), Yes/No <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
Revert the change | |||
== Documentation == | == Documentation == | ||
Revision as of 21:19, 19 April 2021
Change Proposal Name
Enable RPATH detection during rpmbuild.
Summary
Enable RPATH detection during rpmbuild by using the check-rpaths script. This will make the build fail in case it detected a hard-coded RPATH within a binary or a shared library file.
Owner
- Name: Charalampos Stratakis
- Email: cstratak AT redhat.com
Current status
- Targeted release: Fedora Linux 35
- Last updated: 2021-04-19
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
The dynamic linker and loader (ld.so) is responsible for resolving runtime dependencies of executables and shared library files through a search hierarchy. However some packages (usually through their upstream buildsystems) contain a hard-coded path within their binaries or .so files, by using the -R or -rpath flag during compilation, which is referred to as RPATH. By utilizing RPATH, ELF files can point to directories to be included in the search path, on runtime, to resolve their dependencies.
While this can be used for non-standard directories, such as private libraries, when RPATH points to a value already provided by the search path of ld.so it changes the hierarchy of the search, by placing the system defaults first.
(a) DT_RPATH -> (b) LD_LIBRARY_PATH -> (c) DT_RUNPATH -> (d) cache (/etc/ld.so.cache) -> (e) system defaults
This could present a variety of issues, such as LD_LIBRARY_PATH overrides not working, incomplete dependency resolution, loading of wrong libraries etc. In general changing the default search hierarchy could lead to unforeseen bugs and issues. And it's the same issue as adding /usr/lib64 to LD_LIBRARY_PATH.
In Fedora the use of RPATH is forbidden, but it was never enforced. This change intends to ratify that by running check-rpaths during rpmbuild and fail the build if an RPATH entry was detected.
Feedback
The change has been proposed a long time ago through FPC [0] and the general concencus is that it needs to be done, along with an overhaul of the Fedora documentation in regards to RPATH.
An email was also sent on Fedora devel regarding this change [1].
There have been multiple requests in the past to enable that check as well. [2]
[0] https://pagure.io/packaging-committee/issue/886 [1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/7ZKGVM4XJ7QFRFZXTSGUT4K2MPDVV2XY/#W7LXPX4SIB57DDXXI4PQNKCFSOQMOL4S [2] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/WD6JWMDIORBYNL4C5UHOJQGDR3N7HZY3/#LB63Q2HSLPWRMR7UQVQOYVVTG346TDRZ [3] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/A5X7ENAITWTVZASJBLCXS5MXQ7BE2RS6/#A5X7ENAITWTVZASJBLCXS5MXQ7BE2RS6 [4] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/YJUWD2K32CZAGCDYOAJH2ISA2WF5AMGW/#ORK6J2T4PEYDCNA44HLEONFTXI2A6TFC [5] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/2GITTEQ7SC5T656AXQ3OHKDG4SLINXB6/#NT3W4PYENFF3FPWDOTJ2UNOGVLZA4DHV
Benefit to Fedora
Scope
- Proposal owners:
- Other developers:
Fix the packages List of packages
audiofile abc binutils esc ettercap freeradius fortune-mod fcl eb conky-manager condor community-mysql czmq cfitsio compat-guile18 glib2 gnokii koffice-kivio kicad jq komparator k3guitune laszip levmar hdf gpick kdepim3 gpgme Io-language kdegames3 gupnp-dlna kdebase3 libcommuni lutok libburn libminc libisoburn liboping librfid mingw-qt5-qtdeclarative libkkc openjade libdxfrw libosip2 libeXosip2 NLopt libprelude mingw-qt5-qt3d mod_wsgi libXcm ncview libdkimpp mingw-qt5-qttools mcpp mingw-qt5-qtbase mongo-c-driver nightview openscap plotmm pam_yubico perl-SDL pinentry pam_mount rb_libtorrent rrdtool rarian qwtpolar qucs scipy tracker SDL_image sofia-sip scap-workbench woff2 xeus yaz stp suitesparse sqlite2 vanessa_logger xbsql tracker-miners WindowMaker xmms sylfilter verbiste zvbi xdotool texlive-base zinnia
- Release engineering: #Releng issue number
- Policies and guidelines: N/A (not needed for this Change)
Guidelines need to change
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives:
Upgrade/compatibility impact
How To Test
Copr repo Local changes
User Experience
Packagers will have
Dependencies
Merge the PR to redhat-rpm-config
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
Revert the change
Documentation
N/A (not a System Wide Change)