Backport d8f423b:

Come up with lto-bytecode check for ELF files.
rpm-software-management · Jan 8, 2019 · 790482d · 790482d
1 parent 2e77e0b
commit 790482d
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/BinariesCheck.py b/BinariesCheck.py
@@ -68,6 +68,7 @@ class BinaryInfo(object):
 
     chdir_call_regex = create_regexp_call('chdir')
     mktemp_call_regex = create_regexp_call('mktemp')
+    lto_section_name_prefix = '.gnu.lto_.'
 
     def __init__(self, pkg, path, fname, is_ar, is_shlib):
         self.readelf_error = False
@@ -84,6 +85,7 @@ def __init__(self, pkg, path, fname, is_ar, is_shlib):
         self.forbidden_calls = []
         fork_called = False
         self.tail = ''
+        self.lto_sections = False
 
         self.setgid = False
         self.setuid = False
@@ -110,6 +112,9 @@ def __init__(self, pkg, path, fname, is_ar, is_shlib):
         if not res[0]:
             lines = res[1].splitlines()
             for line in lines:
+                if BinaryInfo.lto_section_name_prefix in line:
+                    self.lto_sections = True
+
                 r = BinaryInfo.needed_regex.search(line)
                 if r:
                     self.needed.append(r.group(1))
@@ -484,6 +489,9 @@ def check_binary(self, pkg):
                 for ec in bin_info.exit_calls:
                     printWarning(pkg, 'shared-lib-calls-exit', fname, ec)
 
+            if bin_info.lto_sections:
+                printError(pkg, 'lto-bytecode', fname)
+
             for ec in bin_info.forbidden_calls:
                 printWarning(pkg, ec, fname,
                              BinaryInfo.forbidden_functions[ec]['f_name'])
@@ -773,7 +781,11 @@ def check_binary(self, pkg):
 '''This executable should be stripped from debugging symbols, in order to take
 less space and be loaded faster. This is usually done automatically at
 buildtime by rpm. Check the build logs and the permission on the file (some
-implementations only strip if the permission is 0755).'''
+implementations only strip if the permission is 0755).''',
+
+'lto-bytecode',
+'''This executable contains a LTO section.  LTO bytecode is not portable
+and should not be distributed in static libraries or e.g. Python modules.''',
 )
 
 # BinariesCheck.py ends here
diff --git a/test/binary/libreiserfscore-devel-3.6.27-0.x86_64.rpm b/test/binary/libreiserfscore-devel-3.6.27-0.x86_64.rpm
diff --git a/test/test_binaries.py b/test/test_binaries.py
@@ -19,3 +19,8 @@ def test_waived_forbidden_c_calls(self):
         for package in ['ngircd']:
             out = self._rpm_test_output(os.path.join('binary', package))
             assert 'crypto-policy-non-compliance' not in "\n".join(out)
+
+    def test_lto_bytecode(self):
+        for package in ['libreiserfscore-devel']:
+            out = self._rpm_test_output(os.path.join('binary', package))
+            assert 'lto-bytecode' in "\n".join(out)