-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: complain about LTO bytecode #129
Comments
Yes, definitely. Thanks for the heads up on this. I can work that in to rpminspect. |
Looks like we should just check for the presence of ELF sections named:
Am I missing anything else here? |
I think there's also See e.g. https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/lto-section-names.h |
I've completed code for this today. I've verified it works on example .o and .a files. Right now I am adding test cases before I push the commit, but this should have rpminspect capable of catching any ELF objects that leak through with LTO symbols (.o and .a only). |
OK, pushing the changes for this inspection. It's a seperate inspection named 'LTO' so it can be enabled or disabled independently (also it makes it easier to write test cases when it's separate). It checks symbols to see if they contain any of the LTO symbol name prefixes as noted in rpminspect.conf. I did things this way in case more symbol names show up in the future. All we need to do is edit the config file for what to look for. Simple. Thanks for the RFE. |
Came about from this feature discussion: https://fedoraproject.org/wiki/LTOByDefault We do not want to ship .o and .a ELF files with LTO symbols because they are not compatible across compiler versions. This inspection will report if any .o and .a ELF files carry LTO symbol names as noted by the prefix list in the rpminspect.conf file. The operation of removing the symbols will be handled by the rpmbuild process, but having the check in rpminspect catches any problems there or situations where the package spec does unusual build steps to arrive at the built files. The inspection name is 'LTO'.
Check RPMs, Koji builds, and comparisons between both for the following: * .o and .a files present without LTO symbols (OK) * .o and .a files present with LTO symbols (BAD) All tests pass.
Thanks David. I always meant to reach out and have a rpmdiff/rpminspect step which verified the LTO bits don't leak out. Note that as of F32, we are supposed to be stripping LTO bits from all .a/.o files in the distro via brp-strip-lto (or whatever it's called), so if anything is sneaking past, I'd like to know about it. That stripping may also impact your testing if you don't disable bpr-strip-lto in some way. |
That's my understanding too. If rpminspect raises an issue with LTO symbols in .a/.o files, then it means we have an issue in brp-strip-lto in rpm. Hopefully we'll never hear from rpminspect on this, but it's nice having the check in place. If it raises, QA will know where to focus attention since brp-strip-lto should have done the right thing. |
Came about from this feature discussion: https://fedoraproject.org/wiki/LTOByDefault We do not want to ship .o and .a ELF files with LTO symbols because they are not compatible across compiler versions. This inspection will report if any .o and .a ELF files carry LTO symbol names as noted by the prefix list in the rpminspect.conf file. The operation of removing the symbols will be handled by the rpmbuild process, but having the check in rpminspect catches any problems there or situations where the package spec does unusual build steps to arrive at the built files. The inspection name is 'LTO'.
Check RPMs, Koji builds, and comparisons between both for the following: * .o and .a files present without LTO symbols (OK) * .o and .a files present with LTO symbols (BAD) All tests pass.
See https://fedoraproject.org/wiki/LTOByDefault
In particular:
It struck me that it might be useful from rpminspect to check that this stripping succeeded; hence this RFE.
The text was updated successfully, but these errors were encountered: