21/11/2019 18:12, Ferruh Yigit:
> On 11/18/2019 3:14 PM, Thomas Monjalon wrote:
> > 12/11/2019 14:15, Ferruh Yigit:
> >> This patch functionally reverts the patch in fixes line to not have any
> >> hardcoded library path in the final binary for the security reasons, in
> >> case this binary distributed to production environment.
> >
> > What about meson?
> > There are these rpaths:
> > $ORIGIN/../lib
> > $ORIGIN/../drivers
> >
> >
> >> RPATH only added in RTE_DEVEL_BUILD case and this binary shouldn't
> >> distributed, but still removing it to be cautious.
> >
> > For convenience, we could keep adding rpath for internal apps.
>
> This was the main intention, but the concern is someone unaware of this
> capability and distributes a binary that we think it will be internal.
Internal apps are only for developers.
I don't see how there could be a security issue.
> >> --- a/devtools/test-null.sh
> >> +++ b/devtools/test-null.sh
> >
> >> if ldd $testpmd | grep -q librte_ ; then
> >> + export LD_LIBRARY_PATH=$build/lib:$LD_LIBRARY_PATH
> >> libs='-d librte_mempool_ring.so -d librte_pmd_null.so'
> >
> >
> > There is an issue in this change, because $build may be undefined.
> > It can be fixed with adding this line:
> >
> > +[ -f "$testpmd" ] && build=$(dirname $(dirname $testpmd))
> > [ -f "$testpmd" ] || testpmd=$build/app/dpdk-testpmd
> > [ -f "$testpmd" ] || testpmd=$build/app/testpmd
>
> 'build' is already defined as following at the beginning of the script
> build=${1:-build}
Yes, but $1 can be the testpmd path as well, so $build is meaningless.
> And if 'build' is wrong/missing, script can't reach to this line at all,
> because
> 'testpmd' path found based on 'build' and if 'testpmd' not found, script will
> exit.
No, $testpmd can be defined from $1, not based on $build.
You missed this comment:
build=${1:-build} # first argument can be the build directory
testpmd=$1 # or first argument can be the testpmd path
> Can you please give more detail what is problem with 'build'?
If the testpmd path is directly passed as first parameter,
build directory is not known.
That's why I suggest getting it with $(dirname $(dirname $testpmd)).
