Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: fix insecure RUNPATH #3212

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build: fix insecure RUNPATH #3212

wants to merge 1 commit into from

Conversation

orbea
Copy link

@orbea orbea commented Dec 2, 2024

In Gentoo -static-libtool-libs causes a QA Notice.

  • QA Notice: The following files contain insecure RUNPATHs
  • Please file a bug about this at https://bugs.gentoo.org/
  • with the maintainer of the package.
  • /var/tmp/portage/app-misc/jq-1.7.1/image/usr/bin/jqn RPATH: /var/tmp/portage/app-misc/jq-1.7.1/work/jq-jq-1.7.1/.libs

Gentoo-Issue: https://bugs.gentoo.org/945698

orbea added a commit to orbea/gentoo that referenced this pull request Dec 2, 2024
@orbea
app-misc/jq: fix insecure RUNPATH
01a280b 
Closes: https://bugs.gentoo.org/945698
Fixes: df24c1f
Upstream-PR: jqlang/jq#3212
Signed-off-by: orbea <[email protected]>
@orbea orbea mentioned this pull request Dec 2, 2024
Closed
4 tasks
@itchyny itchyny added the build label Dec 2, 2024
gentoo-bot pushed a commit to gentoo/gentoo that referenced this pull request Dec 3, 2024
@orbea @thesamesam
app-misc/jq: fix insecure RUNPATH
9feb11c 
[sam: Add revbump.]

Closes: https://bugs.gentoo.org/945698
Fixes: df24c1f
Upstream-PR: jqlang/jq#3212
Signed-off-by: orbea <[email protected]>
Closes: #39565
Signed-off-by: Sam James <[email protected]>
@itchyny
Copy link
Contributor

itchyny commented Jan 28, 2025

@orbea Sorry, I'm trying to catch up the issue but I can't understand well. Could you explain the issue and why we have to remove the flag?

@orbea
build: fix insecure RUNPATH
0b86ffe 
In Gentoo -static-libtool-libs causes a QA Notice.

 * QA Notice: The following files contain insecure RUNPATHs
 *  Please file a bug about this at https://bugs.gentoo.org/
 *  with the maintainer of the package.
 *   /var/tmp/portage/app-misc/jq-1.7.1/image/usr/bin/jqn    RPATH: /var/tmp/portage/app-misc/jq-1.7.1/work/jq-jq-1.7.1/.libs

Gentoo-Issue: https://bugs.gentoo.org/945698
Signed-off-by: orbea <[email protected]>
@orbea
Copy link
Author

orbea commented Jan 28, 2025

The -static-libtool-libs flag causes GNU libtool to add a rpath to the .libs build directory which is intended for internal use by the libtool implementation and is not installed in the resulting package causing Gentoo to print a QA notice. I can't say what the original intent in adding the flag in the first place was, it doesn't seem very useful to me.

@wader
Copy link
Member

wader commented Jan 28, 2025

Was added in 5d9ec83 unclear why. Seem ok to me to remove. I wonder if we should have a CI test that verify that the resulting binary actually is static? inspect the binary or maybe run the binary in a scratch container etc?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
build
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@orbea @itchyny @wader