summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-04-07 10:21:36 +0200
committerLudovic Courtès <ludo@gnu.org>2015-04-07 22:28:35 +0200
commit51d0cd9b3852fe4ebf4b4cd9b251e6493624d022 (patch)
treeedccbe4e17a4427b601dbdd833ec0bd9da6e2481
parent41fc0eb90056c1f0aad41a971bf0c5eff5a72c97 (diff)
downloadguix-51d0cd9b3852fe4ebf4b4cd9b251e6493624d022.tar.gz
gnu: ld-wrapper: Add '-rpath' flag only for libraries that are in the store.
This avoids adding bogus entries to the RUNPATH of installed binaries,
pointing to the build directory or similar.

* gnu/packages/ld-wrapper.scm (store-file-name?): New procedure.
  (rpath-arguments): Add "-rpath" flag on when FILE matches
  'store-file-name?', not when it matches 'pure-file-name?'.
Diffstat
-rw-r--r--gnu/packages/ld-wrapper.scm28
1 files changed, 20 insertions, 8 deletions
diff --git a/gnu/packages/ld-wrapper.scm b/gnu/packages/ld-wrapper.scm
index 9d35a7b040..cd2a2c445e 100644
--- a/gnu/packages/ld-wrapper.scm
+++ b/gnu/packages/ld-wrapper.scm
@@ -122,6 +122,10 @@ exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line))
         (and %build-directory
              (string-prefix? %build-directory file)))))
 
+(define (store-file-name? file)
+  ;; Return #t when FILE is a store file, possibly indirectly.
+  (string-prefix? %store-directory (dereference-symlinks file)))
+
 (define (shared-library? file)
   ;; Return #t when FILE denotes a shared library.
   (or (string-suffix? ".so" file)
@@ -168,14 +172,22 @@ exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line))
   ;; Return the `-rpath' argument list for each of LIBRARY-FILES, a list of
   ;; absolute file names.
   (fold-right (lambda (file args)
-                (if (or %allow-impurities?
-                        (pure-file-name? file))
-                    (cons* "-rpath" (dirname file) args)
-                    (begin
-                      (format (current-error-port)
-                              "ld-wrapper: error: attempt to use impure library ~s~%"
-                              file)
-                      (exit 1))))
+                ;; Add '-rpath' if and only if FILE is in the store; we don't
+                ;; want to add '-rpath' for files under %BUILD-DIRECTORY or
+                ;; %TEMPORARY-DIRECTORY because that could leak to installed
+                ;; files.
+                (cond ((store-file-name? file)
+                       (cons* "-rpath" (dirname file) args))
+                      ((or %allow-impurities?
+                           (pure-file-name? file))
+                       args)
+                      (else
+                       (begin
+                         (format (current-error-port)
+                                 "ld-wrapper: error: attempt to use \
+impure library ~s~%"
+                                 file)
+                         (exit 1)))))
               '()
               library-files))
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-21 15:33:28 +0000