[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#525779: [checks/shared-libs] warn about private libraries/plugins in /usr/lib

Russ Allbery wrote:

> Raphael Geissert writes:
>> So far I've came up with:
>>
>> for f in /usr/lib/*so.*; do
>>   nm -DC "$f" | grep -q " virtual thunk" && echo "$f is private"
>> done
>>
>> Which seems to give good results. It is based on the assumption that
>> plugins use/implement virtual functions, although it only works with
>> C++ libs.
>>
>> What do you think? good enough to add it as an
>> experimental/wishlist/possible tag?
> 
> I'm really unsure that you're going to be able to find a characteristic
> of plugins that doesn't fit libraries.

That's what I'm worried about :(

> Why wouldn't C++ libraries also implement virtual functions?

Why would they if they are not plugins (unless they implement it by
themselves which leads me to the following check)?

> 
> That check turns up:
> 
> /usr/lib/libsaml.so.2 is private
> /usr/lib/libsaml.so.2.0.0 is private
> /usr/lib/libsaml.so.3 is private
> /usr/lib/libsaml.so.3.0.0 is private
> /usr/lib/libshibsp-lite.so.2 is private
> /usr/lib/libshibsp-lite.so.2.0.0 is private
> /usr/lib/libshibsp.so.2 is private
> /usr/lib/libshibsp.so.2.0.0 is private
> /usr/lib/libsmbios.so.2 is private
> /usr/lib/libsmbios.so.2.0.0 is private
> /usr/lib/libspgrove.so.1 is private
> /usr/lib/libspgrove.so.1.0.3 is private
> /usr/lib/libstdc++.so.6 is private
> /usr/lib/libstdc++.so.6.0.10 is private
> /usr/lib/libstlport_gcc.so.4.6 is private
> /usr/lib/libxmltooling-lite.so.1 is private
> /usr/lib/libxmltooling-lite.so.1.0.0 is private
> /usr/lib/libxmltooling-lite.so.2 is private
> /usr/lib/libxmltooling-lite.so.2.0.0 is private
> /usr/lib/libxmltooling.so.1 is private
> /usr/lib/libxmltooling.so.1.0.0 is private
> /usr/lib/libxmltooling.so.2 is private
> /usr/lib/libxmltooling.so.2.0.0 is private
> 
> on my system.  libstdc++ is obviously not a plugin, and neither are the
> libxmltooling, libsaml, or libshibsp libraries.  They're all regular
> shared C++ libraries.

If I:

$ nm -DC /usr/lib/libstdc++.so.5 | grep "std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()"
000472e0 W std::basic_iostream<wchar_t, std::char_traits<wchar_t>
>::~basic_iostream()
00047210 W std::basic_iostream<wchar_t, std::char_traits<wchar_t>
>::~basic_iostream()
00049b60 W std::basic_iostream<wchar_t, std::char_traits<wchar_t>
>::~basic_iostream()
000473a0 W non-virtual thunk to std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()
000472c0 W non-virtual thunk to std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()
00047380 W virtual thunk to std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()
000472a0 W virtual thunk to std::basic_iostream<wchar_t,
std::char_traits<wchar_t> >::~basic_iostream()

(virtual and non-virtual thunks are locally implemented)
But if I:

$ nm -DC /usr/lib/libkaffeineaudioencoder.so | grep "KParts::Part::~Part()"
         U KParts::Part::~Part()
         U KParts::Part::~Part()
         U KParts::Part::~Part()
         U non-virtual thunk to KParts::Part::~Part()
         U non-virtual thunk to KParts::Part::~Part()
         U virtual thunk to KParts::Part::~Part()
         U virtual thunk to KParts::Part::~Part()

(They are not implemented)

for f in /usr/lib/*so.*;
    do nm -DC "$f" | grep -q "U virtual thunk" && echo "$f is private"
done

Yields much better results

> 
> http://lintian.debian.org/tags/shlib-without-versioned-soname.html
> already gets a ton of plugins that shouldn't be in /usr/lib. 

Sure, but it doesn't detect all the many plugins that I wish it detected?

> (Did we ever talk here about what to do about all those libkdeinit4_*
> libraries?) 

Not that I remember, why?

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
Reply to: