Re: Proposal to fail builds if RPATH is found in Fedora 35

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On pe, 26 maalis 2021, Charalampos Stratakis wrote:
Hi all.

Some time ago there was a discussion from the Fedora Packaging
Committee [0] about automatically disallowing the usage of RPATH in
Fedora to bring it in-line with the packaging guidelines[1].
Essentially a package MUST remove the RPATH entry from its binaries
and/or .so files if it is detected by the check-rpaths script [2]
coming from the rpm-build package.

However, the script was never run during rpmbuild so it was on the
discretion of the packager if they'd check for it or not. The intention
is to enable the check through redhat-rpm-config during the the
invocation of  %__os_install_post. An opt-out mechanism will be
provided for cases where it's absolutely necessary.

After an analysis of all the x86_64 packages, 92 fail to build due to
an RPATH issue detected by the check-rpaths script [3]. Full list is
provided bellow.

Everything will be implemented through a Fedora change and all the
packagers that their package has been affected by the preliminary
analysis will be contacted first.

The logic for banning RPATH in the packaging guidelines operates terms like
"usually smarter than" and "usually do not permit" but has very little
to describe why this should be done.

It also lacks clarity for the most common valid use of Rpath, namely, a
plugin support for an application.

For example, Samba has a number of internal libraries in
/usr/lib64/samba which have to be linked to by any plugin built for
Samba, even when it is provided by a different package. This situation
is not described in the packaging guidelines and practically ignored.
"Alternatives to Rpath" in this cases do not exist because adding custom
configuration file into a system-wide dynamic linker configuration is
the last thing you should do for this use case at all.

It is interesting that the behavior of check-rpaths script also isn't
really outlawing any plugin's Rpath use either so you don't see Samba or
similar plugin-based applications in the list of affected packages.

To me it looks like the packaging guidelines are incomplete and
misleading and better be clarified with regards to Rpath use.



Thoughts and feedback are welcome.

[0] https://pagure.io/packaging-committee/issue/886
[1] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_beware_of_rpath
[2] https://github.com/rpm-software-management/rpm/blob/6b21e736a3e47071b33ff7c34e5cfb5447997e18/scripts/check-rpaths-worker
[3] https://copr.fedorainfracloud.org/coprs/cstratak/rpath/builds/

List of packages affected so far:

Maintainers by package:
Io-language          limb
NLopt                besser82
SDL_image            jwrdegoede limb moezroy
WindowMaker          sham1
abc                  brouhaha jjames somlo
audiofile            ajax alexl caillon caolanm limb rhughes rstrode ssp
binutils             aoliva jakub jankratochvil law mcermak nickc
cfitsio              orion sergiopr
community-mysql      hhorak ljavorsk mmuzila mschorm
compat-guile18       jskarvad limb mlichvar tkorbar
condor               bbockelm bcotton eerlands matt matyas stevetraylen tstclair ttheisen valtri
conky-manager        moceap
czmq                 denisarnaud jpo
eb                   moceap petersen
esc                  jmagne
ettercap             limb
fcl                  rmattes thofmann
fortune-mod          sheltren shlomif
freeradius           cipherboy nkondras rharwood
glib2                alexl caillon caolanm mbarnes mclasen rhughes rstrode rtcm ssp
gnokii               limb robert snirkel
gpgme                fkluknav ignatenkobrain isimluk rdieter
gpick                luya
gupnp-dlna           kalev zeenix
hdf                  orion sagitter
jq                   hguemar lon
k3guitune            dtimms
kdebase3             jreznik kkofler rdieter than
kdegames3            kkofler rdieter than
kdepim3              jreznik ovasik rdieter than
kicad                avigne coremodule lkundrak stevenfalco tnorth
koffice-kivio        kkofler rdieter
komparator           nbecker
laszip               devrim neteler smani
levmar               aalvarez brouhaha
libXcm               cicku kwizart
libburn              cwickert fkluknav hhorak pcahyna robert
libcommuni           atim
libdkimpp            dfateyev
libdxfrw             hobbes1069 spot
libeXosip2           nucleo
libisoburn           fkluknav hhorak robert
libkkc               ueno
libminc              ignatenkobrain
liboping             fab lkundrak
libosip2             nucleo
libprelude           fab totol
librfid              kushal
lutok                jmmv
mcpp                 kmatsui mef
mingw-qt5-qt3d       epienbro smani
mingw-qt5-qtbase     epienbro smani
mingw-qt5-qtdeclarative epienbro smani
mingw-qt5-qttools    epienbro smani
mod_wsgi             jdornak jkaluza jorton lmacken mrunge
mongo-c-driver       remi
ncview               deji orion
nightview            lkundrak
openjade             ovasik
openscap             evgenyz isimluk jcerny matyc mmarhefk pvrabec vpolasek wsato
pam_mount            lupinix steve till
pam_yubico           nb ohaessler wzzrd
perl-SDL             jwrdegoede
pinentry             branto jjelen rdieter
plotmm               orphan
python2.7            churchyard cstratak torsava vstinner
qucs                 avigne jskarvad
qwtpolar             volter
rarian               nonamedotc
rb_libtorrent        fale mooninite
rrdtool              jskarvad
scap-workbench       evgenyz jcerny matyc mbarabas mlysonek mmarhefk pvrabec wsato
scipy                cstratak jspaleta nforro orion tomspur ttomecek
sofia-sip            orphan
sqlite2              spot
stp                  amdunn jjames
suitesparse          deji jkastner mjakubicek nphilipp orion
sylfilter            aarem
texlive-base         spot
tracker              amigadave deji garnacho ignatenkobrain mcrha rishi
tracker-miners       garnacho kalev rishi
usnic-tools          honli
vanessa_logger       hubbitus
verbiste             cicku icon tartare
woff2                erack tpopela
xbsql                spot
xdotool              ohaessler orion slankes
xeus                 qulogic
xmms                 spot
yaz                  cicku guidograzioli
zinnia               liangsuilong pwu
zvbi                 buc jwrdegoede mchehab

Packages by maintainer:
aalvarez   levmar
aarem      sylfilter
ajax       audiofile
alexl      audiofile glib2
amdunn     stp
amigadave  tracker
aoliva     binutils
atim       libcommuni
avigne     kicad qucs
bbockelm   condor
bcotton    condor
besser82   NLopt
branto     pinentry
brouhaha   abc levmar
buc        zvbi
caillon    audiofile glib2
caolanm    audiofile glib2
churchyard python2.7
cicku      libXcm verbiste yaz
cipherboy  freeradius
coremodule kicad
cstratak   python2.7 scipy
cwickert   libburn
deji       ncview suitesparse tracker
denisarnaud czmq
devrim     laszip
dfateyev   libdkimpp
dtimms     k3guitune
eerlands   condor
epienbro   mingw-qt5-qt3d mingw-qt5-qtbase mingw-qt5-qtdeclarative mingw-qt5-qttools
erack      woff2
evgenyz    openscap scap-workbench
fab        liboping libprelude
fale       rb_libtorrent
fkluknav   gpgme libburn libisoburn
garnacho   tracker tracker-miners
guidograzioli yaz
hguemar    jq
hhorak     community-mysql libburn libisoburn
hobbes1069 libdxfrw
honli      usnic-tools
hubbitus   vanessa_logger
icon       verbiste
ignatenkobrain gpgme libminc tracker
isimluk    gpgme openscap
jakub      binutils
jankratochvil binutils
jcerny     openscap scap-workbench
jdornak    mod_wsgi
jjames     abc stp
jjelen     pinentry
jkaluza    mod_wsgi
jkastner   suitesparse
jmagne     esc
jmmv       lutok
jorton     mod_wsgi
jpo        czmq
jreznik    kdebase3 kdepim3
jskarvad   compat-guile18 qucs rrdtool
jspaleta   scipy
jwrdegoede SDL_image perl-SDL zvbi
kalev      gupnp-dlna tracker-miners
kkofler    kdebase3 kdegames3 koffice-kivio
kmatsui    mcpp
kushal     librfid
kwizart    libXcm
law        binutils
liangsuilong zinnia
limb       Io-language SDL_image audiofile compat-guile18 ettercap gnokii
ljavorsk   community-mysql
lkundrak   kicad liboping nightview
lmacken    mod_wsgi
lon        jq
lupinix    pam_mount
luya       gpick
matt       condor
matyas     condor
matyc      openscap scap-workbench
mbarabas   scap-workbench
mbarnes    glib2
mcermak    binutils
mchehab    zvbi
mclasen    glib2
mcrha      tracker
mef        mcpp
mjakubicek suitesparse
mlichvar   compat-guile18
mlysonek   scap-workbench
mmarhefk   openscap scap-workbench
mmuzila    community-mysql
moceap     conky-manager eb
moezroy    SDL_image
mooninite  rb_libtorrent
mrunge     mod_wsgi
mschorm    community-mysql
nb         pam_yubico
nbecker    komparator
neteler    laszip
nforro     scipy
nickc      binutils
nkondras   freeradius
nonamedotc rarian
nphilipp   suitesparse
nucleo     libeXosip2 libosip2
ohaessler  pam_yubico xdotool
orion      cfitsio hdf ncview scipy suitesparse xdotool
orphan     plotmm sofia-sip
ovasik     kdepim3 openjade
pcahyna    libburn
petersen   eb
pvrabec    openscap scap-workbench
pwu        zinnia
qulogic    xeus
rdieter    gpgme kdebase3 kdegames3 kdepim3 koffice-kivio pinentry
remi       mongo-c-driver
rharwood   freeradius
rhughes    audiofile glib2
rishi      tracker tracker-miners
rmattes    fcl
robert     gnokii libburn libisoburn
rstrode    audiofile glib2
rtcm       glib2
sagitter   hdf
sergiopr   cfitsio
sham1      WindowMaker
sheltren   fortune-mod
shlomif    fortune-mod
slankes    xdotool
smani      laszip mingw-qt5-qt3d mingw-qt5-qtbase mingw-qt5-qtdeclarative mingw-qt5-qttools
snirkel    gnokii
somlo      abc
spot       libdxfrw sqlite2 texlive-base xbsql xmms
ssp        audiofile glib2
steve      pam_mount
stevenfalco kicad
stevetraylen condor
tartare    verbiste
than       kdebase3 kdegames3 kdepim3
thofmann   fcl
till       pam_mount
tkorbar    compat-guile18
tnorth     kicad
tomspur    scipy
torsava    python2.7
totol      libprelude
tpopela    woff2
tstclair   condor
ttheisen   condor
ttomecek   scipy
ueno       libkkc
valtri     condor
volter     qwtpolar
vpolasek   openscap
vstinner   python2.7
wsato      openscap scap-workbench
wzzrd      pam_yubico
zeenix     gupnp-dlna


--
Regards,

Charalampos Stratakis
Software Engineer
Python Maintenance Team, Red Hat
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure



--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux