kumquat-buildroot/support/scripts/check-bin-arch

93 lines
2.6 KiB
Plaintext
Raw Normal View History

#!/usr/bin/env bash
Makefile: add check of binaries architecture As shown recently by the firejail example, it is easy to miss that a package builds and installs binaries without actually cross-compiling them: they are built for the host architecture instead of the target architecture. This commit adds a small helper script, check-bin-arch, called as a GLOBAL_INSTRUMENTATION_HOOKS at the end of the target installation of each package, to verify that the files installed by this package have been built for the correct architecture. Being called as a GLOBAL_INSTRUMENTATION_HOOKS allows the build to error out right after the installation of the faulty package, and therefore get autobuilder error detection properly assigned to this specific package. Example output with the firejail package enabled, when building for an ARM target: ERROR: architecture for ./usr/lib/firejail/libconnect.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firejail is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtrace.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtracelog.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/ftee is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/faudit is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firemon is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firecfg is Advanced Micro Devices X86-64, should be ARM Many thanks to Yann E. Morin and Arnout Vandecappelle for their reviews and suggestions. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-19 14:07:52 +01:00
# List of hardcoded paths that should be ignored, as they may
# contain binaries for an architecture different from the
# architecture of the target.
declare -a IGNORES=(
# Skip firmware files, they could be ELF files for other
# architectures
"/lib/firmware"
"/usr/lib/firmware"
# Skip kernel modules
# When building a 32-bit userland on 64-bit architectures, the kernel
# and its modules may still be 64-bit. To keep the basic
# check-bin-arch logic simple, just skip this directory.
"/lib/modules"
"/usr/lib/modules"
# Skip files in /usr/share, several packages (qemu,
# pru-software-support) legitimately install ELF binaries that
# are not for the target architecture
"/usr/share"
# Skip files in /lib/grub, since it is possible to have it
# for a different architecture (e.g. i386 grub on x86_64).
"/lib/grub"
)
while getopts p:l:r:a:i: OPT ; do
Makefile: add check of binaries architecture As shown recently by the firejail example, it is easy to miss that a package builds and installs binaries without actually cross-compiling them: they are built for the host architecture instead of the target architecture. This commit adds a small helper script, check-bin-arch, called as a GLOBAL_INSTRUMENTATION_HOOKS at the end of the target installation of each package, to verify that the files installed by this package have been built for the correct architecture. Being called as a GLOBAL_INSTRUMENTATION_HOOKS allows the build to error out right after the installation of the faulty package, and therefore get autobuilder error detection properly assigned to this specific package. Example output with the firejail package enabled, when building for an ARM target: ERROR: architecture for ./usr/lib/firejail/libconnect.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firejail is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtrace.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtracelog.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/ftee is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/faudit is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firemon is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firecfg is Advanced Micro Devices X86-64, should be ARM Many thanks to Yann E. Morin and Arnout Vandecappelle for their reviews and suggestions. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-19 14:07:52 +01:00
case "${OPT}" in
p) package="${OPTARG}";;
l) pkg_list="${OPTARG}";;
r) readelf="${OPTARG}";;
a) arch_name="${OPTARG}";;
i)
# Ensure we do have single '/' as separators,
# and that we have a leading and a trailing one.
pattern="$(sed -r -e 's:/+:/:g; s:^/*:/:; s:/*$:/:;' <<<"${OPTARG}")"
IGNORES+=("${pattern}")
;;
Makefile: add check of binaries architecture As shown recently by the firejail example, it is easy to miss that a package builds and installs binaries without actually cross-compiling them: they are built for the host architecture instead of the target architecture. This commit adds a small helper script, check-bin-arch, called as a GLOBAL_INSTRUMENTATION_HOOKS at the end of the target installation of each package, to verify that the files installed by this package have been built for the correct architecture. Being called as a GLOBAL_INSTRUMENTATION_HOOKS allows the build to error out right after the installation of the faulty package, and therefore get autobuilder error detection properly assigned to this specific package. Example output with the firejail package enabled, when building for an ARM target: ERROR: architecture for ./usr/lib/firejail/libconnect.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firejail is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtrace.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtracelog.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/ftee is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/faudit is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firemon is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firecfg is Advanced Micro Devices X86-64, should be ARM Many thanks to Yann E. Morin and Arnout Vandecappelle for their reviews and suggestions. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-19 14:07:52 +01:00
:) error "option '%s' expects a mandatory argument\n" "${OPTARG}";;
\?) error "unknown option '%s'\n" "${OPTARG}";;
esac
done
if test -z "${package}" -o -z "${pkg_list}" -o -z "${readelf}" -o -z "${arch_name}" ; then
echo "Usage: $0 -p <pkg> -l <pkg-file-list> -r <readelf> -a <arch name> [-i PATH ...]"
Makefile: add check of binaries architecture As shown recently by the firejail example, it is easy to miss that a package builds and installs binaries without actually cross-compiling them: they are built for the host architecture instead of the target architecture. This commit adds a small helper script, check-bin-arch, called as a GLOBAL_INSTRUMENTATION_HOOKS at the end of the target installation of each package, to verify that the files installed by this package have been built for the correct architecture. Being called as a GLOBAL_INSTRUMENTATION_HOOKS allows the build to error out right after the installation of the faulty package, and therefore get autobuilder error detection properly assigned to this specific package. Example output with the firejail package enabled, when building for an ARM target: ERROR: architecture for ./usr/lib/firejail/libconnect.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firejail is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtrace.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtracelog.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/ftee is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/faudit is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firemon is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firecfg is Advanced Micro Devices X86-64, should be ARM Many thanks to Yann E. Morin and Arnout Vandecappelle for their reviews and suggestions. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-19 14:07:52 +01:00
exit 1
fi
exitcode=0
# Only split on new lines, for filenames-with-spaces
IFS="
"
Makefile: add check of binaries architecture As shown recently by the firejail example, it is easy to miss that a package builds and installs binaries without actually cross-compiling them: they are built for the host architecture instead of the target architecture. This commit adds a small helper script, check-bin-arch, called as a GLOBAL_INSTRUMENTATION_HOOKS at the end of the target installation of each package, to verify that the files installed by this package have been built for the correct architecture. Being called as a GLOBAL_INSTRUMENTATION_HOOKS allows the build to error out right after the installation of the faulty package, and therefore get autobuilder error detection properly assigned to this specific package. Example output with the firejail package enabled, when building for an ARM target: ERROR: architecture for ./usr/lib/firejail/libconnect.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firejail is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtrace.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtracelog.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/ftee is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/faudit is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firemon is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firecfg is Advanced Micro Devices X86-64, should be ARM Many thanks to Yann E. Morin and Arnout Vandecappelle for their reviews and suggestions. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-19 14:07:52 +01:00
while read f; do
for ignore in "${IGNORES[@]}"; do
if [[ "${f}" =~ ^"${ignore}" ]]; then
continue 2
fi
done
support/scripts/check-bin-arch: ignore symbolic links Since commit da32b49f0091ee9dfb613e0f00973bf6893bfa84 ("instrumentation: extend packages-file-list.txt with symlinks and directories"), the packages-file-list.txt also contains symbolic links. Therefore, check-bin-arch is now also checking symbolic links. However, symbolic links in $(TARGET_DIR) can have absolute path as targets, such as: $ ls -l output/target/sbin/ifdown lrwxrwxrwx 1 thomas thomas 10 Sep 3 15:55 output/target/sbin/ifdown -> /sbin/ifup Therefore, we are now potentially checking a host binary, which obviously makes check-bin-arch fail. This commit changes check-bin-arch to ignore symbolic links. Indeed, we have two cases: - The symbolic link really points to something that will in the rootfs (such as /sbin/ifup above). In this case, /sbin/ifup will be checked separately by check-bin-arch. - The symbolic link doesn't point to something that will be in the rootfs, and that is not a problem from the perspective of check-bin-arch, which checks the architecture of target binaries. Fixes: http://autobuild.buildroot.net/results/16d384a0183d477646ac7692feb65f00dde7d068/ (vim) http://autobuild.buildroot.net/results/50429c0f63a8befff9e20899327b9a8d754d99be/ (ifupdown) http://autobuild.buildroot.net/results/1db65973e782bfa61abcbccd3501bfd235f77288/ (gawk) Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-03 16:09:41 +02:00
# Skip symlinks. Some symlinks may have absolute paths as
# target, pointing to host binaries while we're building.
if [[ -L "${TARGET_DIR}/${f}" ]]; then
support/scripts/check-bin-arch: ignore symbolic links Since commit da32b49f0091ee9dfb613e0f00973bf6893bfa84 ("instrumentation: extend packages-file-list.txt with symlinks and directories"), the packages-file-list.txt also contains symbolic links. Therefore, check-bin-arch is now also checking symbolic links. However, symbolic links in $(TARGET_DIR) can have absolute path as targets, such as: $ ls -l output/target/sbin/ifdown lrwxrwxrwx 1 thomas thomas 10 Sep 3 15:55 output/target/sbin/ifdown -> /sbin/ifup Therefore, we are now potentially checking a host binary, which obviously makes check-bin-arch fail. This commit changes check-bin-arch to ignore symbolic links. Indeed, we have two cases: - The symbolic link really points to something that will in the rootfs (such as /sbin/ifup above). In this case, /sbin/ifup will be checked separately by check-bin-arch. - The symbolic link doesn't point to something that will be in the rootfs, and that is not a problem from the perspective of check-bin-arch, which checks the architecture of target binaries. Fixes: http://autobuild.buildroot.net/results/16d384a0183d477646ac7692feb65f00dde7d068/ (vim) http://autobuild.buildroot.net/results/50429c0f63a8befff9e20899327b9a8d754d99be/ (ifupdown) http://autobuild.buildroot.net/results/1db65973e782bfa61abcbccd3501bfd235f77288/ (gawk) Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-03 16:09:41 +02:00
continue
fi
Makefile: add check of binaries architecture As shown recently by the firejail example, it is easy to miss that a package builds and installs binaries without actually cross-compiling them: they are built for the host architecture instead of the target architecture. This commit adds a small helper script, check-bin-arch, called as a GLOBAL_INSTRUMENTATION_HOOKS at the end of the target installation of each package, to verify that the files installed by this package have been built for the correct architecture. Being called as a GLOBAL_INSTRUMENTATION_HOOKS allows the build to error out right after the installation of the faulty package, and therefore get autobuilder error detection properly assigned to this specific package. Example output with the firejail package enabled, when building for an ARM target: ERROR: architecture for ./usr/lib/firejail/libconnect.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firejail is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtrace.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtracelog.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/ftee is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/faudit is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firemon is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firecfg is Advanced Micro Devices X86-64, should be ARM Many thanks to Yann E. Morin and Arnout Vandecappelle for their reviews and suggestions. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-19 14:07:52 +01:00
# Get architecture using readelf. We pipe through 'head -1' so
# that when the file is a static library (.a), we only take
# into account the architecture of the first object file.
arch=$(LC_ALL=C ${readelf} -h "${TARGET_DIR}/${f}" 2>&1 | \
sed -r -e '/^ Machine: +(.+)/!d; s//\1/;' | head -1)
# If no architecture found, assume it was not an ELF file
if test "${arch}" = "" ; then
continue
fi
# Architecture is correct
if test "${arch}" = "${arch_name}" ; then
continue
fi
printf 'ERROR: architecture for "%s" is "%s", should be "%s"\n' \
Makefile: add check of binaries architecture As shown recently by the firejail example, it is easy to miss that a package builds and installs binaries without actually cross-compiling them: they are built for the host architecture instead of the target architecture. This commit adds a small helper script, check-bin-arch, called as a GLOBAL_INSTRUMENTATION_HOOKS at the end of the target installation of each package, to verify that the files installed by this package have been built for the correct architecture. Being called as a GLOBAL_INSTRUMENTATION_HOOKS allows the build to error out right after the installation of the faulty package, and therefore get autobuilder error detection properly assigned to this specific package. Example output with the firejail package enabled, when building for an ARM target: ERROR: architecture for ./usr/lib/firejail/libconnect.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firejail is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtrace.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtracelog.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/ftee is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/faudit is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firemon is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firecfg is Advanced Micro Devices X86-64, should be ARM Many thanks to Yann E. Morin and Arnout Vandecappelle for their reviews and suggestions. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-19 14:07:52 +01:00
"${f}" "${arch}" "${arch_name}"
exitcode=1
done < <( sed -r -e "/^${package},\.(.+)$/!d; s//\1/;" ${pkg_list} )
Makefile: add check of binaries architecture As shown recently by the firejail example, it is easy to miss that a package builds and installs binaries without actually cross-compiling them: they are built for the host architecture instead of the target architecture. This commit adds a small helper script, check-bin-arch, called as a GLOBAL_INSTRUMENTATION_HOOKS at the end of the target installation of each package, to verify that the files installed by this package have been built for the correct architecture. Being called as a GLOBAL_INSTRUMENTATION_HOOKS allows the build to error out right after the installation of the faulty package, and therefore get autobuilder error detection properly assigned to this specific package. Example output with the firejail package enabled, when building for an ARM target: ERROR: architecture for ./usr/lib/firejail/libconnect.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firejail is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtrace.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/libtracelog.so is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/ftee is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/lib/firejail/faudit is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firemon is Advanced Micro Devices X86-64, should be ARM ERROR: architecture for ./usr/bin/firecfg is Advanced Micro Devices X86-64, should be ARM Many thanks to Yann E. Morin and Arnout Vandecappelle for their reviews and suggestions. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-19 14:07:52 +01:00
exit ${exitcode}