On 04/02/2022 11:58, Simon McVittie wrote:
For packages where the RPATH or RUNPATH is temporarily set during build (to be able to run unit tests without setting LD_LIBRARY_PATH) but then removed before installation with `chrpath -d` or equivalent code in CMake, I don't think this is going to be detectable statically, because the only traces left in the final binary are:- the build-ID will be different, because the RPATH/RUNPATH was part of the data that gets hashed to create the build-ID - if the length of the build directory changes, then the block of zero bytes that previously contained the RPATH/RUNPATH (before it was overwritten) will have a different length
I've written a detection for this build-ID mismatch in diffoscope some time ago. [1]
It does not require two builds to detect a mismatched NT_GNU_BUILD_ID, so perhaps it make sense to migrate this code to lintian (in addition to the already mentioned 'custom-library-search-path'. [2]
With kind regards, Roland Clobus[1] https://sources.debian.org/src/diffoscope/202/diffoscope/comparators/elf.py/?hl=646#L646
[2] https://lintian.debian.org/tags/custom-library-search-path
OpenPGP_signature
Description: OpenPGP digital signature
