Bug#525779: [checks/shared-libs] warn about private libraries/plugins in /usr/lib
Russ Allbery wrote:
> Raphael Geissert writes:
>> So far I've came up with:
>>
>> for f in /usr/lib/*so.*; do
>> nm -DC "$f" | grep -q " virtual thunk" && echo "$f is private"
>> done
>>
>> Which seems to give good results. It is based on the assumption that
>> plugins use/implement virtual functions, although it only works with
>> C++ libs.
>>
>> What do you think? good enough to add it as an
>> experimental/wishlist/possible tag?
>
> I'm really unsure that you're going to be able to find a characteristic
> of plugins that doesn't fit libraries.
That's what I'm worried about :(
> Why wouldn't C++ libraries also implement virtual functions?
Why would they if they are not plugins (unless they implement it by
themselves which leads me to the following check)?
>
> That check turns up:
>
> /usr/lib/libsaml.so.2 is private
> /usr/lib/libsaml.so.2.0.0 is private
> /usr/lib/libsaml.so.3 is private
> /usr/lib/libsaml.so.3.0.0 is private
> /usr/lib/libshibsp-lite.so.2 is private
> /usr/lib/libshibsp-lite.so.2.0.0 is private
> /usr/lib/libshibsp.so.2 is private
> /usr/lib/libshibsp.so.2.0.0 is private
> /usr/lib/libsmbios.so.2 is private
> /usr/lib/libsmbios.so.2.0.0 is private
> /usr/lib/libspgrove.so.1 is private
> /usr/lib/libspgrove.so.1.0.3 is private
> /usr/lib/libstdc++.so.6 is private
> /usr/lib/libstdc++.so.6.0.10 is private
> /usr/lib/libstlport_gcc.so.4.6 is private
> /usr/lib/libxmltooling-lite.so.1 is private
> /usr/lib/libxmltooling-lite.so.1.0.0 is private
> /usr/lib/libxmltooling-lite.so.2 is private
> /usr/lib/libxmltooling-lite.so.2.0.0 is private
> /usr/lib/libxmltooling.so.1 is private
> /usr/lib/libxmltooling.so.1.0.0 is private
> /usr/lib/libxmltooling.so.2 is private
> /usr/lib/libxmltooling.so.2.0.0 is private
>
> on my system. libstdc++ is obviously not a plugin, and neither are the
> libxmltooling, libsaml, or libshibsp libraries. They're all regular
> shared C++ libraries.
If I:
$ nm -DC /usr/lib/libstdc++.so.5 | grep "std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()"
000472e0 W std::basic_iostream<wchar_t, std::char_traits<wchar_t>
>::~basic_iostream()
00047210 W std::basic_iostream<wchar_t, std::char_traits<wchar_t>
>::~basic_iostream()
00049b60 W std::basic_iostream<wchar_t, std::char_traits<wchar_t>
>::~basic_iostream()
000473a0 W non-virtual thunk to std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()
000472c0 W non-virtual thunk to std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()
00047380 W virtual thunk to std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()
000472a0 W virtual thunk to std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()
(virtual and non-virtual thunks are locally implemented)
But if I:
$ nm -DC /usr/lib/libkaffeineaudioencoder.so | grep "KParts::Part::~Part()"
U KParts::Part::~Part()
U KParts::Part::~Part()
U KParts::Part::~Part()
U non-virtual thunk to KParts::Part::~Part()
U non-virtual thunk to KParts::Part::~Part()
U virtual thunk to KParts::Part::~Part()
U virtual thunk to KParts::Part::~Part()
(They are not implemented)
for f in /usr/lib/*so.*;
do nm -DC "$f" | grep -q "U virtual thunk" && echo "$f is private"
done
Yields much better results
>
> http://lintian.debian.org/tags/shlib-without-versioned-soname.html
> already gets a ton of plugins that shouldn't be in /usr/lib.
Sure, but it doesn't detect all the many plugins that I wish it detected?
> (Did we ever talk here about what to do about all those libkdeinit4_*
> libraries?)
Not that I remember, why?
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
Reply to: