From 4a3efc07ca6678a9017714ae80574a599d9adc89 Mon Sep 17 00:00:00 2001 From: Robert Kirkman Date: Tue, 4 Mar 2025 18:01:00 -0600 Subject: [PATCH] enhance(scripts/build/termux_step_massage): check for non-position-independent executables - a [`check-pie.sh`](https://github.com/termux/termux-packages/blob/5ed8471923a57fab306148c2cdef88df49550b68/scripts/bin/check-pie.sh) exists, but it is an isolated tool, and is not connected to CI. https://github.com/termux/termux-packages/blob/5ed8471923a57fab306148c2cdef88df49550b68/scripts/bin/check-pie.sh#L1-L12 - https://github.com/termux/termux-packages/issues/23598 could have been prevented, in retrospect, if a long time ago when `simulide` was last built, `check-pie.sh` had been connected to CI. - This is an attempt to try to copy and paste the contents of `check-pie.sh` into the symbol checks block of `termux_step_massage.sh`, in order to possbly enable it - effects: - before https://github.com/termux/termux-packages/commit/e462a5dd1c32bcd5682783c141e04573209a838a: ``` INFO: Running symbol checks on 1 files with nproc=32 INFO: Done ... 0s INFO: Found non-position-independent executables INFO: Showing result ERROR: ./bin/simulide is a non-position-independent executable INFO: Done ... 0s ERROR: Refer above ``` - after https://github.com/termux/termux-packages/commit/e462a5dd1c32bcd5682783c141e04573209a838a: ``` INFO: Running symbol checks on 1 files with nproc=32 INFO: Done ... 1s termux - build of 'simulide' done ``` - **has been tested minimally in both `$TERMUX_ON_DEVICE_BUILD=true` mode and `$TERMUX_ON_DEVICE_BUILD=false` mode, but has not been heavily tested with all packages yet**. Because `check-pie.sh` has never been connected to CI, there is a chance it might produce **false positives** with some unknown packages, in which case a `TERMUX_PKG_NO_PIE_FILES` variable would be necessary to implement, for those packages. This PR serves to float the idea to check whether this is considered worthwhile enough to try. --- scripts/build/termux_step_massage.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/scripts/build/termux_step_massage.sh b/scripts/build/termux_step_massage.sh index 191fa637eaba3a9..8155c20bbe12951 100644 --- a/scripts/build/termux_step_massage.sh +++ b/scripts/build/termux_step_massage.sh @@ -175,7 +175,8 @@ termux_step_massage() { # Check so that package is not affected by # https://github.com/android/ndk/issues/1614, or - # https://github.com/termux/termux-packages/issues/9944 + # https://github.com/termux/termux-packages/issues/9944, or + # https://github.com/termux/termux-packages/issues/23598 if [[ "${TERMUX_PACKAGE_LIBRARY}" == "bionic" ]]; then echo "INFO: READELF=${READELF} ... $(command -v ${READELF})" export pattern_file_undef=$(mktemp) @@ -227,6 +228,7 @@ termux_step_massage() { local undef=$(echo "${valid}" | xargs -P"${nproc}" -i sh -c '${READELF} -s "{}" | grep -Ef "${pattern_file_undef}"') local openmp=$(echo "${valid}" | xargs -P"${nproc}" -i sh -c '${READELF} -s "{}" | grep -Ef "${pattern_file_openmp}"') local depend_libomp_so=$(echo "${valid}" | xargs -P$(nproc) -n1 ${READELF} -d 2>/dev/null | sed -ne "s|.*NEEDED.*\[\(.*\)\].*|\1|p" | grep libomp.so) + local non_pie=$(echo "${valid}" | xargs -P$(nproc) -n1 ${READELF} -h 2>/dev/null | grep 'Type:[[:space:]]*EXEC') local t1=$(get_epoch) echo "INFO: Done ... $((t1-t0))s" @@ -325,12 +327,28 @@ termux_step_massage() { done < <(echo "${valid_s}") } | grep libomp.so >&2 local t1=$(get_epoch) - echo "ERROR: Done ... $((t1-t0))s" >&2 + echo "INFO: Done ... $((t1-t0))s" >&2 termux_error_exit "Refer above" fi rm -f "${pattern_file_undef}" "${pattern_file_openmp}" unset pattern_file_undef pattern_file_openmp + + if [[ -n "${non_pie}" ]]; then + echo "INFO: Found non-position-independent executables" >&2 + echo "INFO: Showing result" >&2 + local t0=$(get_epoch) + local valid_s=$(echo "${valid}" | sort) + local f + while IFS= read -r f; do + if ${READELF} -h "${f}" 2>/dev/null | grep -q 'Type:[[:space:]]*EXEC'; then + echo "ERROR: ${f} is a non-position-independent executable" + fi + done < <(echo "${valid_s}") + local t1=$(get_epoch) + echo "INFO: Done ... $((t1-t0))s" >&2 + termux_error_exit "Refer above" + fi fi if [ "$TERMUX_PACKAGE_FORMAT" = "debian" ]; then