From ce11c7402d6d7ca6e31f4f24183dcde20d0c164c Mon Sep 17 00:00:00 2001 From: Jonathon Reinhart Date: Tue, 11 Jul 2023 02:21:19 -0400 Subject: [PATCH 1/4] nssfix: Link against libnss_*.so.2 SONAME This fixes #245 --- libnssfix/SConscript | 19 +++++++++++++------ site_scons/site_tools/nsswitchconf.py | 17 ++++++++++++++++- 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/libnssfix/SConscript b/libnssfix/SConscript index 08f2fa6..f0555e9 100644 --- a/libnssfix/SConscript +++ b/libnssfix/SConscript @@ -22,6 +22,18 @@ env.NsswitchConfH( source = nsswitch_conf, ) +def ld_lib_filename(libname): + # From ld(1): + # If namespec is of the form `:filename`, ld will search + # the library path for a file called `filename`. + return ":" + libname + +# Link against the configured NSS module libraries. +# These aren't needed directly for the library itself, but this ensures +# that they will be available for nss at runtime (via dlopen), and +# allows their paths to be easily discovered via ldd(1). +nss_libs = [ld_lib_filename(libname) for libname in env.GetNsswitchLibs(nsswitch_conf)] + # Build libnssfix.so libnssfix = env.SharedLibrary( target = 'nssfix', @@ -50,12 +62,7 @@ libnssfix = env.SharedLibrary( ], LIBS = [ libc_stub, - - # These aren't needed directly for the library itself, but this ensures - # that they will be available for nss at runtime (via dlopen), and - # allows their paths to be easily discovered via ldd(1). - env.GetNsswitchLibs(nsswitch_conf), - ], + ] + nss_libs, ) Return('libnssfix') diff --git a/site_scons/site_tools/nsswitchconf.py b/site_scons/site_tools/nsswitchconf.py index a770a51..8b4f20e 100644 --- a/site_scons/site_tools/nsswitchconf.py +++ b/site_scons/site_tools/nsswitchconf.py @@ -29,12 +29,27 @@ def NsswitchConfH(env, target, source): source = source, ) +# https://www.gnu.org/software/libc/manual/html_node/Adding-another-Service-to-NSS.html +# https://www.gnu.org/software/libc/manual/html_node/NSS-Module-Names.html +def _nss_module_name(service): + NSS_INTERFACE_VERSION = 2 + return f"libnss_{service}.so.{NSS_INTERFACE_VERSION}" + def GetNsswitchLibs(env, source): + """Gets a list of NSS module names for the given nsswitch.conf + + Args: + env: Construction environment + source: nsswitch.conf configuration file + Returns: + A list of module names for the services configured in nsswitch.conf. + Example: ["libnss_files.so.2", "libnss_dns.so.2"] + """ source = env.File(source) libs = set() conf = read_nsswitch_conf(source.srcnode().abspath) for dbname, svcs in conf: - libs.update('libnss_'+s for s in svcs) + libs.update(_nss_module_name(svc) for svc in svcs) return list(libs) def generate(env): From c41f54aded87d3c79c395367f87ab79b5f72895a Mon Sep 17 00:00:00 2001 From: Jonathon Reinhart Date: Sun, 6 Aug 2023 00:45:07 -0400 Subject: [PATCH 2/4] ci: Re-enable building on Ubuntu 22.04 --- .github/workflows/build-test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index b493d52..311fcf1 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -14,6 +14,8 @@ jobs: os: - version: "ubuntu-20.04" native-python: "3.8" + - version: "ubuntu-22.04" + native-python: "3.10" python-version: - "3.7" - "3.8" From 8c4f61ef23e17860b3c5c706353265b5337fca24 Mon Sep 17 00:00:00 2001 From: Jonathon Reinhart Date: Mon, 7 Aug 2023 00:09:47 -0400 Subject: [PATCH 3/4] test: Use alternate method of verifying target lib in docker We can't run a new dynamic executable in an old OS; that's the point of staticx. --- test/no-default-lib/run_test.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/no-default-lib/run_test.sh b/test/no-default-lib/run_test.sh index 12a136e..ecfa24b 100755 --- a/test/no-default-lib/run_test.sh +++ b/test/no-default-lib/run_test.sh @@ -29,10 +29,9 @@ $outfile $libname 1 || exit $? ### Docker libname="libcrack.so" -# Run the original app under docker if [ -n "$TEST_DOCKER_IMAGE" ]; then - echo -e "\nRunning original app under $TEST_DOCKER_IMAGE" - scuba --image $TEST_DOCKER_IMAGE $app $libname 0 + echo -e "\nVerifying target library is loadable under $TEST_DOCKER_IMAGE" + scuba --image $TEST_DOCKER_IMAGE /bin/bash -c "ldd /usr/sbin/cracklib-check | grep libcrack.so" echo -e "\nRunning staticx executable under $TEST_DOCKER_IMAGE" scuba --image $TEST_DOCKER_IMAGE $outfile $libname 1 From abce43b0bf7f0dc9b071dc015c809f0c9841a025 Mon Sep 17 00:00:00 2001 From: Jonathon Reinhart Date: Mon, 7 Aug 2023 00:12:41 -0400 Subject: [PATCH 4/4] Update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03e76da..6b390cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ This project adheres to [Semantic Versioning](https://semver.org/). ## [Unreleased] ### Fixed - Reverted invalid fix ([#255]) for libnssfix link failure ([#262]) +- Fixed issue causing libnssfix link failure when building on GLIBC 2.34 again, + by linking against versioned SONAME (.2) ([#259]) ## [0.14.0] - 2023-07-10 @@ -344,4 +346,5 @@ Initial release [#238]: https://github.com/JonathonReinhart/staticx/pull/238 [#247]: https://github.com/JonathonReinhart/staticx/pull/247 [#255]: https://github.com/JonathonReinhart/staticx/pull/255 +[#259]: https://github.com/JonathonReinhart/staticx/pull/259 [#262]: https://github.com/JonathonReinhart/staticx/pull/262