From 1cb2cea4c334146e2da878b9a667a58d39b638b6 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Thu, 16 Feb 2023 13:15:18 +0200 Subject: [PATCH] Dependency generation sanity Disable debuginfod lookups in rpmbuild scripts, there's no circumstance where rpmbuild should look up symbols from the internet. Exclude kernel modules from ELF dependency generation, kernel modules do not have DT_NEEDED style dependencies. --- ...odules-from-ELF-dependency-generatio.patch | 28 ++++++++++++ ...od-server-lookups-in-build-and-depen.patch | 44 +++++++++++++++++++ rpm.spec | 8 +++- 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 0001-Exclude-kernel-modules-from-ELF-dependency-generatio.patch create mode 100644 0002-Disable-debuginfod-server-lookups-in-build-and-depen.patch diff --git a/0001-Exclude-kernel-modules-from-ELF-dependency-generatio.patch b/0001-Exclude-kernel-modules-from-ELF-dependency-generatio.patch new file mode 100644 index 0000000..e13a92f --- /dev/null +++ b/0001-Exclude-kernel-modules-from-ELF-dependency-generatio.patch @@ -0,0 +1,28 @@ +From 3103d307063c71ff7791c2a59aacd41cfa05285c Mon Sep 17 00:00:00 2001 +Message-Id: <3103d307063c71ff7791c2a59aacd41cfa05285c.1676544357.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Thu, 16 Feb 2023 12:18:02 +0200 +Subject: [PATCH 1/2] Exclude kernel modules from ELF dependency generation + +The kernel modules are technically ELF DSO's but we only care about +library level dependencies which the kernel modules will never have, so +processing them is just waste of time. + +This "regressed" when we dropped the "exeonly" flag from ELF in +commit 8901a6be1652519c4875436e29e0a663be0790b7. +--- + fileattrs/elf.attr | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fileattrs/elf.attr b/fileattrs/elf.attr +index 58322d3cd..21bc471b0 100644 +--- a/fileattrs/elf.attr ++++ b/fileattrs/elf.attr +@@ -1,3 +1,4 @@ + %__elf_provides %{_rpmconfigdir}/elfdeps --provides + %__elf_requires %{_rpmconfigdir}/elfdeps --requires + %__elf_magic ^(setuid,? )?(setgid,? )?(sticky )?ELF (32|64)-bit.*$ ++%__elf_exclude_path ^/lib/modules/.*\.ko?(\.[[:alnum:]]*)$ +-- +2.39.1 + diff --git a/0002-Disable-debuginfod-server-lookups-in-build-and-depen.patch b/0002-Disable-debuginfod-server-lookups-in-build-and-depen.patch new file mode 100644 index 0000000..726798e --- /dev/null +++ b/0002-Disable-debuginfod-server-lookups-in-build-and-depen.patch @@ -0,0 +1,44 @@ +From 31356bf81c247871d6e4461565f4b33c1e6a145a Mon Sep 17 00:00:00 2001 +Message-Id: <31356bf81c247871d6e4461565f4b33c1e6a145a.1676544357.git.pmatilai@redhat.com> +In-Reply-To: <3103d307063c71ff7791c2a59aacd41cfa05285c.1676544357.git.pmatilai@redhat.com> +References: <3103d307063c71ff7791c2a59aacd41cfa05285c.1676544357.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Thu, 16 Feb 2023 12:25:24 +0200 +Subject: [PATCH 2/2] Disable debuginfod server lookups in build and dependency + generator scripts + +With recent elfutils (0.182 or so) various seemingly innocuous tools +such as `readelf` like to do network lookups for ELF symbol information. +There's no circumstance where we'd want that to happen during rpmbuild, +so disable these lookups during all spec build scriptlets and also +dependency generator children. +--- + build/rpmfc.c | 1 + + macros.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/build/rpmfc.c b/build/rpmfc.c +index 06205469c..a69e81f44 100644 +--- a/build/rpmfc.c ++++ b/build/rpmfc.c +@@ -316,6 +316,7 @@ static int getOutputFrom(ARGV_t argv, + rpmlog(RPMLOG_DEBUG, "\texecv(%s) pid %d\n", + argv[0], (unsigned)getpid()); + ++ unsetenv("DEBUGINFOD_URLS"); + if (buildRoot) + setenv("RPM_BUILD_ROOT", buildRoot, 1); + +diff --git a/macros.in b/macros.in +index 7398a0496..307086a2b 100644 +--- a/macros.in +@@ -724,6 +724,7 @@ package or when debugging this package.\ + LANG=C\ + export LANG\ + unset CDPATH DISPLAY ||:\ ++ unset DEBUGINFOD_URLS ||:\ + %{?buildroot:RPM_BUILD_ROOT=\"%{u2p:%{buildroot}}\"\ + export RPM_BUILD_ROOT}\ + %{?_javaclasspath:CLASSPATH=\"%{_javaclasspath}\"\ ++++ b/macros.in +-- diff --git a/rpm.spec b/rpm.spec index 72f3652..7eb524d 100644 --- a/rpm.spec +++ b/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.18.0 #global snapver rc1 -%global baserelease 10 +%global baserelease 11 %global sover 9 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -137,6 +137,8 @@ rpm-4.9.90-no-man-dirs.patch # ... 0001-Fix-potential-uninitialized-variable-use-in-rpmtsImp.patch 0001-Generate-Python-egg-info-from-automake-builds.patch +0001-Exclude-kernel-modules-from-ELF-dependency-generatio.patch +0002-Disable-debuginfod-server-lookups-in-build-and-depen.patch # These are not yet upstream rpm-4.7.1-geode-i686.patch @@ -617,6 +619,10 @@ fi %doc docs/librpm/html/* %changelog +* Thu Feb 16 2023 Panu Matilainen - 4.18.0-11 +- Disable debuginfod lookups in rpmbuild scripts +- Exclude kernel modules from ELF dependency generation + * Fri Jan 20 2023 Fedora Release Engineering - 4.18.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild