scripts: bundle-libraries: prevent loading host locales (FS#1803)
authorJo-Philipp Wich <jo@mein.io>
Sat, 25 Aug 2018 12:46:57 +0000 (14:46 +0200)
committerJo-Philipp Wich <jo@mein.io>
Thu, 30 Aug 2018 11:11:42 +0000 (13:11 +0200)
Binary patch the bundled glibc library to inhibit loading of host locale
archives in order to avoid triggering internal libc assertions when
invoking shipped, bundled executables.

The problem has been solved with upstream Glibc commit
0062ace229 ("Gracefully handle incompatible locale data") but we still
need to deal with older Glibc binaries for some time to come.

Fixes FS#1803
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 9030a78a716b0a2eeed4510d4a314393262255c2)

scripts/bundle-libraries.sh

index 620ee01..4662b98 100755 (executable)
@@ -113,6 +113,18 @@ _patch_ldso() {
        fi
 }
 
+_patch_glibc() {
+       _cp "$1" "$1.patched"
+       sed -i -e 's,/usr/\(\(lib\|share\)/locale\),/###/\1,g' "$1.patched"
+
+       if "$1.patched" 2>&1 | grep -q -- GNU; then
+               _mv "$1.patched" "$1"
+       else
+               echo "binary patched ${1##*/} not executable, using original" >&2
+               rm -f "$1.patched"
+       fi
+}
+
 for LDD in ${PATH//://ldd }/ldd; do
        "$LDD" --version >/dev/null 2>/dev/null && break
        LDD=""
@@ -141,17 +153,21 @@ for BIN in "$@"; do
        [ -n "$LDD" ] && [ -x "$BIN" ] && file "$BIN" | grep -sqE "ELF.*(executable|interpreter)" && {
                for token in $("$LDD" "$BIN" 2>/dev/null); do
                        case "$token" in */*.so*)
-                               case "$token" in
-                                       *ld-*.so*) LDSO="${token##*/}" ;;
-                               esac
-
                                dest="$DIR/lib/${token##*/}"
                                ddir="${dest%/*}"
 
                                [ -f "$token" -a ! -f "$dest" ] && {
                                        _md "$ddir"
                                        _cp "$token" "$dest"
-                                       [ -n "$LDSO" ] && _patch_ldso "$dest"
+                                       case "$token" in
+                                               *ld-*.so*)
+                                                       LDSO="${token##*/}"
+                                                       _patch_ldso "$dest"
+                                               ;;
+                                               libc.so.6|*/libc.so.6)
+                                                       _patch_glibc "$dest"
+                                               ;;
+                                       esac
                                }
                        ;; esac
                done