RFE: complain about LTO bytecode #129
Comments
|
Yes, definitely. Thanks for the heads up on this. I can work that in to rpminspect. |
|
Looks like we should just check for the presence of ELF sections named: Am I missing anything else here? |
|
I think there's also See e.g. https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/lto-section-names.h |
|
I've completed code for this today. I've verified it works on example .o and .a files. Right now I am adding test cases before I push the commit, but this should have rpminspect capable of catching any ELF objects that leak through with LTO symbols (.o and .a only). |
|
OK, pushing the changes for this inspection. It's a seperate inspection named 'LTO' so it can be enabled or disabled independently (also it makes it easier to write test cases when it's separate). It checks symbols to see if they contain any of the LTO symbol name prefixes as noted in rpminspect.conf. I did things this way in case more symbol names show up in the future. All we need to do is edit the config file for what to look for. Simple. Thanks for the RFE. |
Came about from this feature discussion:
https://fedoraproject.org/wiki/LTOByDefault
We do not want to ship .o and .a ELF files with LTO symbols because
they are not compatible across compiler versions. This inspection
will report if any .o and .a ELF files carry LTO symbol names as noted
by the prefix list in the rpminspect.conf file. The operation of
removing the symbols will be handled by the rpmbuild process, but
having the check in rpminspect catches any problems there or
situations where the package spec does unusual build steps to arrive
at the built files.
The inspection name is 'LTO'.
Check RPMs, Koji builds, and comparisons between both for the
following:
* .o and .a files present without LTO symbols (OK)
* .o and .a files present with LTO symbols (BAD)
All tests pass.
|
Thanks David. I always meant to reach out and have a rpmdiff/rpminspect step which verified the LTO bits don't leak out. Note that as of F32, we are supposed to be stripping LTO bits from all .a/.o files in the distro via brp-strip-lto (or whatever it's called), so if anything is sneaking past, I'd like to know about it. That stripping may also impact your testing if you don't disable bpr-strip-lto in some way. |
|
That's my understanding too. If rpminspect raises an issue with LTO symbols in .a/.o files, then it means we have an issue in brp-strip-lto in rpm. Hopefully we'll never hear from rpminspect on this, but it's nice having the check in place. If it raises, QA will know where to focus attention since brp-strip-lto should have done the right thing. |
Came about from this feature discussion:
https://fedoraproject.org/wiki/LTOByDefault
We do not want to ship .o and .a ELF files with LTO symbols because
they are not compatible across compiler versions. This inspection
will report if any .o and .a ELF files carry LTO symbol names as noted
by the prefix list in the rpminspect.conf file. The operation of
removing the symbols will be handled by the rpmbuild process, but
having the check in rpminspect catches any problems there or
situations where the package spec does unusual build steps to arrive
at the built files.
The inspection name is 'LTO'.
Check RPMs, Koji builds, and comparisons between both for the
following:
* .o and .a files present without LTO symbols (OK)
* .o and .a files present with LTO symbols (BAD)
All tests pass.
See https://fedoraproject.org/wiki/LTOByDefault
In particular:
It struck me that it might be useful from rpminspect to check that this stripping succeeded; hence this RFE.
The text was updated successfully, but these errors were encountered: