build: Check if ELF files contain debug information

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/libpakfire/build.c b/src/libpakfire/build.c
index b2bfcfafc6aafe2f1f980678260158d107a7b13c..5e28e5c4ec0d001f1564a6e80ab0e16ee5735a94 100644 (file)
--- a/src/libpakfire/build.c
+++ b/src/libpakfire/build.c
@@ -1083,6 +1083,35 @@ static int pakfire_build_post_remove_static_libraries(
                PAKFIRE_BUILD_CLEANUP_FILES);
 }
 
+static int __pakfire_build_post_check_stripped(
+               struct pakfire* pakfire, struct pakfire_file* file, void* data) {
+       struct pakfire_filelist* filelist = (struct pakfire_filelist*)data;
+       int r;
+
+       // Skip anything that isn't an ELF file
+       if (!pakfire_file_matches_class(file, PAKFIRE_FILE_ELF))
+               return 0;
+
+       // Collect all stripped files
+       if (pakfire_file_is_stripped(file)) {
+               r = pakfire_filelist_add(filelist, file);
+               if (r) {
+                       ERROR(pakfire, "Could not add file to filelist: %m\n");
+                       return r;
+               }
+       }
+
+       return 0;
+}
+
+static int pakfire_build_post_check_stripped(
+               struct pakfire_build* build, struct pakfire_filelist* filelist) {
+       return pakfire_build_post_process_files(build, filelist,
+               "Files lacking debugging information:",
+               __pakfire_build_post_check_stripped,
+               PAKFIRE_BUILD_ERROR_IF_NOT_EMPTY);
+}
+
 static int __pakfire_build_remove_libtool_archives(
                struct pakfire* pakfire, struct pakfire_file* file, void* data) {
        struct pakfire_filelist* removees = (struct pakfire_filelist*)data;
@@ -1199,6 +1228,11 @@ static int pakfire_build_run_post_build_checks(struct pakfire_build* build) {
                goto ERROR;
        }
 
+       // Check if binaries have been stripped
+       r = pakfire_build_post_check_stripped(build, filelist);
+       if (r)
+               goto ERROR;
+
        // Remove any static libraries
        r = pakfire_build_post_remove_static_libraries(build, filelist);
        if (r)
@@ -1696,8 +1730,10 @@ static int pakfire_build_perform(struct pakfire_build* build,
 
        // Run post build checks
        r = pakfire_build_run_post_build_checks(build);
-       if (r)
+       if (r) {
+               ERROR(build->pakfire, "Post build checks failed\n");
                goto ERROR;
+       }
 
        // Run post build scripts
        r = pakfire_build_run_post_build_scripts(build);

diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c
index ef54fa5699ee18530619fe55acd52bf3a0d320e8..a43ad616148ac08205aef3e0194bd5865ba8e3b5 100644 (file)
--- a/src/libpakfire/file.c
+++ b/src/libpakfire/file.c
@@ -1513,6 +1513,42 @@ ERROR:
        return r;
 }
 
+static int __pakfire_file_is_stripped(struct pakfire_file* file, Elf* elf, void* data) {
+       Elf_Scn* section = NULL;
+       GElf_Shdr shdr;
+
+       // Walk through all sections
+       for (;;) {
+               section = elf_nextscn(elf, section);
+               if (!section)
+                       break;
+
+               // Fetch the section header
+               gelf_getshdr(section, &shdr);
+
+               switch (shdr.sh_type) {
+                       // Break if we found the symbol table
+                       case SHT_SYMTAB:
+                               return 0;
+               }
+       }
+
+       // Not found
+       DEBUG(file->pakfire, "%s has no debug sections\n", file->path);
+
+       return 1;
+}
+
+int pakfire_file_is_stripped(struct pakfire_file* file) {
+       // Don't run this for non-ELF files
+       if (!pakfire_file_matches_class(file, PAKFIRE_FILE_ELF)) {
+               errno = EINVAL;
+               return -1;
+       }
+
+       return pakfire_file_open_elf(file, __pakfire_file_is_stripped, NULL);
+}
+
 static int __pakfire_file_hardening_check_ssp(
                struct pakfire_file* file, Elf* elf, void* data) {
        Elf_Scn* section = NULL;

diff --git a/src/libpakfire/include/pakfire/file.h b/src/libpakfire/include/pakfire/file.h
index dd69abb86cd6c8697f174bcc9bea0795e0e69a33..801ecb2f28e290195a74690564b0099eeb9210eb 100644 (file)
--- a/src/libpakfire/include/pakfire/file.h
+++ b/src/libpakfire/include/pakfire/file.h
@@ -161,6 +161,7 @@ enum pakfire_file_hardening_flags {
        PAKFIRE_FILE_NO_PARTIALLY_RELRO = (1 << 3),
 };
 
+int pakfire_file_is_stripped(struct pakfire_file* file);
 int pakfire_file_check_hardening(struct pakfire_file* file, int* issues);
 
 #endif