`no-binary` check broken on some packages
FilippoBonazziSUSE opened this issue · comments
The rpmlint output of the policycoreutils package on OBS contains the following error:
policycoreutils-newrole.x86_64: E: no-binary
The package should be of the noarch architecture because it doesn't contain any binaries.
However the package in question actually contains a binary:
$ rpm -ql policycoreutils-newrole-3.5-0.x86_64.rpm
/usr/bin/newrole
...
$ file /usr/bin/newrole
/usr/bin/newrole: setuid ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a025de34dd7dd74d58fd8a84f44df455ad95d4d2, for GNU/Linux 3.2.0, stripped
So in this case the no-binary
error seems to be just plain wrong.
Ok, I've been debugging this problem and looks like it's failing because the file has the following magic:
'setuid ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a025de34dd7dd74d58fd8a84f44df455ad95d4d2, for GNU/Linux 3.2.0, stripped'
And in the BinaryCheck
we're checking if starts with 'ELF'
In this case it has the setuid
at the beginning, that's why it's giving that answer. But if this is correct, we just need to look for ELF
in the magic line, no matter the position. But I'm not really sure if that could be correct, it's correct to have files that are not plain ELF
? For me this looks correct, indeed it's a binary so the no-binary error message shouldn't be shown.
It seems like starting with ELF
is still ok in the general case, and probably there are just some special qualifiers prepended (e.g. setuid
or I imagine setgid
or something else). I can't find an authoritative reference on the format of the magic string however
Okay, I've modified my PR to look for ELF as the first or second word in the magic string. That's more flexible and will fix this issue and it's not as generic as just check if the ELF
word appears in the whole string.