diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2015-04-07 10:21:36 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2015-04-07 22:28:35 +0200 |
| commit | 51d0cd9b3852fe4ebf4b4cd9b251e6493624d022 (patch) | |
| tree | edccbe4e17a4427b601dbdd833ec0bd9da6e2481 | |
| parent | 41fc0eb90056c1f0aad41a971bf0c5eff5a72c97 (diff) | |
| download | patches-51d0cd9b3852fe4ebf4b4cd9b251e6493624d022.tar patches-51d0cd9b3852fe4ebf4b4cd9b251e6493624d022.tar.gz | |
gnu: ld-wrapper: Add '-rpath' flag only for libraries that are in the store.
This avoids adding bogus entries to the RUNPATH of installed binaries,
pointing to the build directory or similar.
* gnu/packages/ld-wrapper.scm (store-file-name?): New procedure.
(rpath-arguments): Add "-rpath" flag on when FILE matches
'store-file-name?', not when it matches 'pure-file-name?'.
| -rw-r--r-- | gnu/packages/ld-wrapper.scm | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/gnu/packages/ld-wrapper.scm b/gnu/packages/ld-wrapper.scm index 9d35a7b040..cd2a2c445e 100644 --- a/gnu/packages/ld-wrapper.scm +++ b/gnu/packages/ld-wrapper.scm @@ -122,6 +122,10 @@ exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)) (and %build-directory (string-prefix? %build-directory file))))) +(define (store-file-name? file) + ;; Return #t when FILE is a store file, possibly indirectly. + (string-prefix? %store-directory (dereference-symlinks file))) + (define (shared-library? file) ;; Return #t when FILE denotes a shared library. (or (string-suffix? ".so" file) @@ -168,14 +172,22 @@ exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)) ;; Return the `-rpath' argument list for each of LIBRARY-FILES, a list of ;; absolute file names. (fold-right (lambda (file args) - (if (or %allow-impurities? - (pure-file-name? file)) - (cons* "-rpath" (dirname file) args) - (begin - (format (current-error-port) - "ld-wrapper: error: attempt to use impure library ~s~%" - file) - (exit 1)))) + ;; Add '-rpath' if and only if FILE is in the store; we don't + ;; want to add '-rpath' for files under %BUILD-DIRECTORY or + ;; %TEMPORARY-DIRECTORY because that could leak to installed + ;; files. + (cond ((store-file-name? file) + (cons* "-rpath" (dirname file) args)) + ((or %allow-impurities? + (pure-file-name? file)) + args) + (else + (begin + (format (current-error-port) + "ld-wrapper: error: attempt to use \ +impure library ~s~%" + file) + (exit 1))))) '() library-files)) |