Merge pull request #196 from marxin/lto-bytecode-1.x

Backport d8f423b:
rpm-software-management · Jan 9, 2019 · 67597fc · 67597fc
2 parents 2e77e0b + 790482d
commit 67597fc
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/BinariesCheck.py b/BinariesCheck.py
@@ -68,6 +68,7 @@ class BinaryInfo(object):
 
     chdir_call_regex = create_regexp_call('chdir')
     mktemp_call_regex = create_regexp_call('mktemp')
+    lto_section_name_prefix = '.gnu.lto_.'
 
     def __init__(self, pkg, path, fname, is_ar, is_shlib):
         self.readelf_error = False
@@ -84,6 +85,7 @@ def __init__(self, pkg, path, fname, is_ar, is_shlib):
         self.forbidden_calls = []
         fork_called = False
         self.tail = ''
+        self.lto_sections = False
 
         self.setgid = False
         self.setuid = False
@@ -110,6 +112,9 @@ def __init__(self, pkg, path, fname, is_ar, is_shlib):
         if not res[0]:
             lines = res[1].splitlines()
             for line in lines:
+                if BinaryInfo.lto_section_name_prefix in line:
+                    self.lto_sections = True
+
                 r = BinaryInfo.needed_regex.search(line)
                 if r:
                     self.needed.append(r.group(1))
@@ -484,6 +489,9 @@ def check_binary(self, pkg):
                 for ec in bin_info.exit_calls:
                     printWarning(pkg, 'shared-lib-calls-exit', fname, ec)
 
+            if bin_info.lto_sections:
+                printError(pkg, 'lto-bytecode', fname)
+
             for ec in bin_info.forbidden_calls:
                 printWarning(pkg, ec, fname,
                              BinaryInfo.forbidden_functions[ec]['f_name'])
@@ -773,7 +781,11 @@ def check_binary(self, pkg):
 '''This executable should be stripped from debugging symbols, in order to take
 less space and be loaded faster. This is usually done automatically at
 buildtime by rpm. Check the build logs and the permission on the file (some
-implementations only strip if the permission is 0755).'''
+implementations only strip if the permission is 0755).''',
+
+'lto-bytecode',
+'''This executable contains a LTO section.  LTO bytecode is not portable
+and should not be distributed in static libraries or e.g. Python modules.''',
 )
 
 # BinariesCheck.py ends here
diff --git a/test/binary/libreiserfscore-devel-3.6.27-0.x86_64.rpm b/test/binary/libreiserfscore-devel-3.6.27-0.x86_64.rpm
diff --git a/test/test_binaries.py b/test/test_binaries.py
@@ -19,3 +19,8 @@ def test_waived_forbidden_c_calls(self):
         for package in ['ngircd']:
             out = self._rpm_test_output(os.path.join('binary', package))
             assert 'crypto-policy-non-compliance' not in "\n".join(out)
+
+    def test_lto_bytecode(self):
+        for package in ['libreiserfscore-devel']:
+            out = self._rpm_test_output(os.path.join('binary', package))
+            assert 'lto-bytecode' in "\n".join(out)