Re: Embedded buildpath via rpath using cmake
On Fri, 04 Feb 2022 at 13:07:53 +0800, Paul Wise wrote:
> Vagrant Cascadian wrote:
> > Over the last several months, I and others have found quite a few
> > packages that embed build paths via rpath when building with cmake.
>
> This seems like the sort of thing that will be an ongoing problem, so
> if it is detectable statically then a lintian warning might be good.
For packages that (intentionally or unintentionally) still have a RPATH
or RUNPATH in their installed files,
https://lintian.debian.org/tags/custom-library-search-path detects it.
You'll see that many of them are overridden as being necessary and
intentional.
For packages where the RPATH or RUNPATH is temporarily set during build
(to be able to run unit tests without setting LD_LIBRARY_PATH) but then
removed before installation with `chrpath -d` or equivalent code in CMake,
I don't think this is going to be detectable statically, because the
only traces left in the final binary are:
- the build-ID will be different, because the RPATH/RUNPATH was part of
the data that gets hashed to create the build-ID
- if the length of the build directory changes, then the block of zero
bytes that previously contained the RPATH/RUNPATH (before it was
overwritten) will have a different length
This is the sort of thing that can probably only be detected by literally
doing two builds (in different directories) and comparing them with
diffoscope, or possibly by screen-scraping build logs like blhc does.
smcv
Reply to: