[Mageia-dev] executable libraries
Per Øyvind Karlsen
peroyvind at mandriva.org
Sat Mar 10 22:29:50 CET 2012
Den 13:45 3. mars 2012 skrev Guillaume Rousse
<guillomovitch at gmail.com> følgende:
> Le 02/03/2012 22:01, Per Øyvind Karlsen a écrit :
>
>> Den 21:51 2. mars 2012 skrev Maarten Vanraes<alien at rmail.be> følgende:
>>>
>>> Op vrijdag 02 maart 2012 21:29:05 schreef Anssi Hannula:
>>>>
>>>> 02.03.2012 21:57, Maarten Vanraes kirjoitti:
>>>>>
>>>>> Op vrijdag 02 maart 2012 15:22:23 schreef Anssi Hannula:
>>>>>>
>>>>>> 02.03.2012 00:17, Maarten Vanraes kirjoitti:
>>>>>>>
>>>>>>> Op donderdag 01 maart 2012 23:05:35 schreef Anssi Hannula:
>>>>>>> [...]
>>>>>>>
>>>>>>>>> does this mean debug info fails for these?
>>>>>>>>
>>>>>>>>
>>>>>>>> I'm not immediately sure (I never remember how the debug/stripping
>>>>>>>> stuff works exactly), but I think either a) debug symbols extraction
>>>>>>>> and thus -debug packaging, b) stripping, or c) both will fail with
>>>>>>>> non-executable shared libs.
>>>>>>>
>>>>>>>
>>>>>>> in that case i guess we would need a policy or bs check to make sure
>>>>>>> we
>>>>>>> don't fail some libraries debug and strip
>>>>>>
>>>>>>
>>>>>> Possibly.
>>>>>>
>>>>>> Interestingly, Debian policy disallows executable permission on shared
>>>>>> libs:
>>>>>>
>>>>>> http://www.debian.org/doc/debian-policy/ch-sharedlibs.html#s-sharedlibs-
>>>>>> ru ntime
>>>>>>
>>>>>> "Shared libraries should not be installed executable, since the
>>>>>> dynamic
>>>>>> linker does not require this and trying to execute a shared library
>>>>>> usually results in a core dump."
>>>>>
>>>>>
>>>>> which is sort of strange, since libc is actually executable by design.
>>>>>
>>>>> i see where they are coming from
>>>>>
>>>>> but i guess the first part of this is, why is there a find with
>>>>> executable restrictions for the code relating to stripped binaries and
>>>>> debug?
>>>>>
>>>>> is it because it's also used for real executables?
>>>>
>>>>
>>>> I guess it is there just to speed up the process, otherwise it would
>>>> have to run 'file' for every file in the package (and many packages have
>>>> lots of files).
>>>
>>>
>>> still, it seems kind of weird, there are rpmlint checks for unstripped
>>> libraries, but i do have 34 libraries not marked as executable, while the
>>> stripping+ debug seems to target only executables?
>>>
>>> i wonder if we should make another check library unset as executable or
>>> even
>>> check what happened with these libraries not marked as executable?
>>
>> I posted a link to a rpmlint patch implementing such a check to this
>> thread two
>> hours ago.. :p
>
> I don't much point to a check, when a rpm-helper scriptlet would be able to
> automatically enforce any given permission set.
I eventually reached that conclusion as well, especially as I ran into
same issues with mono
libraries as well..
I've just pushed a new spec-helper to cooker with the following script:
http://svn.mandriva.com/viewvc/soft/rpm/spec-helper/trunk/fix_file_permissions?view=markup
--
Regards,
Per Øyvind
More information about the Mageia-dev
mailing list