Add option to make the rpath relative under a specified root directory

NixOS/patchelf#118

Author: milahu

README.md

@@ -35,6 +35,24 @@ libraries.  In particular, it can do the following:
   $ patchelf --shrink-rpath --allowed-rpath-prefixes /usr/lib:/foo/lib my-program
   ```
 
+* Sanitize and make the RPATH relative to a specified root directory:
+
+  ```console
+  $ patchelf --make-rpath-relative rootdir my-program
+  ```
+
+  This removes from the RPATH all directories, which are not under the
+  specified rootdir. `$ORIGIN` and directories already relative to
+  rootdir will be resolved first. If the option `--no-standard-lib` is
+  given, `rootdir/lib` and `rootdir/usr/lib` directories are discarded
+  as well. If the option `--relative-to-file` is given, the RPATH will
+  start with `$ORIGIN` making it relative to the ELF file, otherwise
+  an absolute path relative to ROOTDIR will be used. Furthermore, all
+  directories that do not contain a library referenced by DT_NEEDED
+  fields of the executable or library will be removed. Finally, the
+  directory path is converted to a path relative to rootdir starting
+  with `$ORIGIN`.
+
 * Remove declared dependencies on dynamic libraries (`DT_NEEDED`
   entries):
 

src/patchelf.cc

@@ -60,6 +60,10 @@ static bool debugMode = false;
 static bool forceRPath = false;
 static bool clobberOldSections = true;
 
+static bool noStandardLibDirs = false;
+
+static bool relativeToFile = false;
+
 static std::vector<std::string> fileNames;
 static std::string outputFileName;
 static bool alwaysWrite = false;
@@ -264,6 +268,49 @@ static std::string extractString(const FileContents & contents, size_t offset, s
     return { reinterpret_cast<const char *>(contents->data()) + offset, size };
 }
 
+static bool absolutePathExists(const std::string & path, std::string & canonicalPath)
+{
+    char *cpath = realpath(path.c_str(), NULL);
+    if (cpath) {
+        canonicalPath = cpath;
+        free(cpath);
+        return true;
+    } else {
+        return false;
+    }
+}
+
+static std::string makePathRelative(const std::string & path,
+    const std::string & refPath)
+{
+    std::string relPath = "$ORIGIN";
+    std::string p = path, refP = refPath;
+    std::size_t pos;
+
+    /* Strip the common part of path and refPath */
+    while (true) {
+        pos = p.find_first_of('/', 1);
+	if (refP.find_first_of('/', 1) != pos)
+	    break;
+	if (p.substr(0, pos) != refP.substr(0, pos))
+            break;
+	if (pos == std::string::npos)
+	    break;
+	p = p.substr(pos);
+	refP = refP.substr(pos);
+    }
+    /* Check if both pathes are equal */
+    if (p != refP) {
+	pos = 0;
+	while (pos != std::string::npos) {
+	    pos =refP.find_first_of('/', pos + 1);
+	    relPath.append("/..");
+	}
+	relPath.append(p);
+    }
+
+    return relPath;
+}
 
 template<ElfFileParams>
 ElfFile<ElfFileParamNames>::ElfFile(FileContents fContents)
@@ -1524,6 +1571,30 @@ static void appendRPath(std::string & rpath, const std::string & path)
     rpath += path;
 }
 
+template<ElfFileParams>
+bool ElfFile<ElfFileParamNames>::libFoundInRPath(const std::string & dirName,
+     const std::vector<std::string> neededLibs, std::vector<bool> & neededLibFound)
+{
+    /* For each library that we haven't found yet, see if it
+       exists in this directory. */
+    bool libFound = false;
+    for (unsigned int j = 0; j < neededLibs.size(); ++j)
+        if (!neededLibFound.at(j)) {
+            std::string libName = dirName + "/" + neededLibs.at(j);
+            try {
+                Elf32_Half library_e_machine = getElfType(readFile(libName, sizeof(Elf32_Ehdr))).machine;
+                if (rdi(library_e_machine) == rdi(hdr()->e_machine)) {
+                    neededLibFound.at(j) = true;
+                    libFound = true;
+                } else
+                    debug("ignoring library '%s' because its machine type differs\n", libName.c_str());
+            } catch (SysError & e) {
+                if (e.errNo != ENOENT) throw;
+            }
+        }
+    return libFound;
+}
+
 /* For each directory in the RPATH, check if it contains any
    needed library. */
 template<ElfFileParams>
@@ -1548,25 +1619,7 @@ std::string ElfFile<ElfFileParamNames>::shrinkRPath(char* rpath, std::vector<std
             continue;
         }
 
-        /* For each library that we haven't found yet, see if it
-           exists in this directory. */
-        bool libFound = false;
-        for (unsigned int j = 0; j < neededLibs.size(); ++j)
-            if (!neededLibFound.at(j)) {
-                std::string libName = dirName + "/" + neededLibs.at(j);
-                try {
-                    Elf32_Half library_e_machine = getElfType(readFile(libName, sizeof(Elf32_Ehdr))).machine;
-                    if (rdi(library_e_machine) == rdi(hdr()->e_machine)) {
-                        neededLibFound.at(j) = true;
-                        libFound = true;
-                    } else
-                        debug("ignoring library '%s' because its machine type differs\n", libName.c_str());
-                } catch (SysError & e) {
-                    if (e.errNo != ENOENT) throw;
-                }
-            }
-
-        if (!libFound)
+        if (!libFoundInRPath(dirName, neededLibs, neededLibFound))
             debug("removing directory '%s' from RPATH\n", dirName.c_str());
         else
             appendRPath(newRPath, dirName);
@@ -1575,6 +1628,86 @@ std::string ElfFile<ElfFileParamNames>::shrinkRPath(char* rpath, std::vector<std
     return newRPath;
 }
 
+/* Make the the RPATH relative to the specified path */
+template<ElfFileParams>
+std::string ElfFile<ElfFileParamNames>::makeRelativeRPath(char* rpath, std::vector<std::string> &neededLibs, const std::string & rootDir, const std::string & fileName) {
+    std::vector<bool> neededLibFound(neededLibs.size(), false);
+    std::string fileDir = fileName.substr(0, fileName.find_last_of("/"));
+    std::string newRPath = "";
+
+    debug("makeRelativeRPath: fileName = '%s'\n", fileName.c_str());
+
+    for (auto & dirName : splitColonDelimitedString(rpath)) {
+        std::string canonicalPath;
+        std::string path;
+
+        debug("makeRelativeRPath: dirName = '%s'\n", dirName.c_str());
+
+        /* Figure out if we should keep or discard the path; there are several
+            cases to handle:
+            "dirName" starts with "$ORIGIN":
+                The original build-system already took care of setting a relative
+                RPATH, resolve it and test if it is worthwhile to keep it.
+            "dirName" start with "rootDir":
+                The original build-system added some absolute RPATH (absolute on
+                the build machine). While this is wrong, it can still be fixed; so
+                test if it is worthwhile to keep it.
+            "rootDir"/"dirName" exists:
+                The original build-system already took care of setting an absolute
+                RPATH (absolute in the final rootfs), resolve it and test if it is
+                worthwhile to keep it;
+            "dirName" points somewhere else:
+                (can be anywhere: build trees, staging tree, host location,
+                non-existing location, etc.). Just discard such a path. */
+        if (!dirName.compare(0, 7, "$ORIGIN")) {
+            path = fileDir + dirName.substr(7);
+            if (!absolutePathExists(path, canonicalPath)) {
+                debug("removing directory '%s' from RPATH because it doesn't exist\n", dirName.c_str());
+                continue;
+            }
+        } else if (!dirName.compare(0, rootDir.length(), rootDir)) {
+            if (!absolutePathExists(dirName, canonicalPath)) {
+                debug("removing directory '%s' from RPATH because it doesn't exist\n", dirName.c_str());
+                continue;
+            }
+        } else {
+            path = rootDir + dirName;
+            if (!absolutePathExists(path, canonicalPath)) {
+                debug("removing directory '%s' from RPATH because it's not under the root directory\n",
+                        dirName.c_str());
+                continue;
+            }
+        }
+
+        if (noStandardLibDirs) {
+            if (!canonicalPath.compare(rootDir + "/lib") ||
+                !canonicalPath.compare(rootDir + "/usr/lib")) {
+                debug("removing directory '%s' from RPATH because it's a standard library directory\n",
+                        dirName.c_str());
+                continue;
+            }
+        }
+
+        if (!libFoundInRPath(canonicalPath, neededLibs, neededLibFound)) {
+            debug("removing directory '%s' from RPATH\n", dirName.c_str());
+            continue;
+        }
+
+        /* Finally make "canonicalPath" relative to "filedir" in "rootDir" */
+        if (relativeToFile) {
+            debug("making RPATH relative to FILE\n");
+            appendRPath(newRPath, makePathRelative(canonicalPath, fileDir));
+        }
+        else {
+            debug("not making RPATH relative to FILE\n");
+            appendRPath(newRPath, canonicalPath.substr(rootDir.length()));
+        }
+        debug("keeping relative path of %s\n", canonicalPath.c_str());
+    }
+
+    return newRPath;
+}
+
 template<ElfFileParams>
 void ElfFile<ElfFileParamNames>::removeRPath(Elf_Shdr & shdrDynamic) {
     auto dyn = (Elf_Dyn *)(fileContents->data() + rdi(shdrDynamic.sh_offset));
@@ -1596,7 +1729,7 @@ void ElfFile<ElfFileParamNames>::removeRPath(Elf_Shdr & shdrDynamic) {
 
 template<ElfFileParams>
 void ElfFile<ElfFileParamNames>::modifyRPath(RPathOp op,
-    const std::vector<std::string> & allowedRpathPrefixes, std::string newRPath)
+    const std::vector<std::string> & allowedRpathPrefixes, std::string newRPath, const std::string & rootDir, const std::string & fileName)
 {
     auto shdrDynamic = findSectionHeader(".dynamic");
 
@@ -1643,6 +1776,8 @@ void ElfFile<ElfFileParamNames>::modifyRPath(RPathOp op,
             neededLibs.push_back(std::string(strTab + rdi(dyn->d_un.d_val)));
     }
 
+    printf("modifyRPath: op = %d\n", op);
+
     switch (op) {
         case rpPrint: {
             printf("%s\n", rpath ? rpath : "");
@@ -1671,6 +1806,15 @@ void ElfFile<ElfFileParamNames>::modifyRPath(RPathOp op,
             break;
         }
         case rpSet: { break; } /* new rpath was provied as input to this function */
+        case rpMakeRelative: {
+            if (!rpath) {
+                debug("no RPATH to make relative\n");
+                return;
+            }
+            debug("making RPATH relative\n");
+            newRPath = makeRelativeRPath(rpath, neededLibs, rootDir, fileName);
+            break;
+        }
     }
 
     if (!forceRPath && dynRPath && !dynRunPath) { /* convert DT_RPATH to DT_RUNPATH */
@@ -2429,7 +2573,9 @@ static bool addRPath = false;
 static bool addDebugTag = false;
 static bool renameDynamicSymbols = false;
 static bool printRPath = false;
+static bool makeRPathRelative = false;
 static std::string newRPath;
+static std::string rootDir;
 static std::set<std::string> neededLibsToRemove;
 static std::map<std::string, std::string> neededLibsToReplace;
 static std::set<std::string> neededLibsToAdd;
@@ -2464,23 +2610,31 @@ static void patchElf2(ElfFile && elfFile, const FileContents & fileContents, con
         elfFile.setInterpreter(newInterpreter);
 
     if (printRPath)
-        elfFile.modifyRPath(elfFile.rpPrint, {}, "");
+        elfFile.modifyRPath(elfFile.rpPrint, {}, "", rootDir, fileName);
 
     if (printExecstack)
         elfFile.modifyExecstack(ElfFile::ExecstackMode::print);
     else if (clearExecstack)
         elfFile.modifyExecstack(ElfFile::ExecstackMode::clear);
     else if (setExecstack)
         elfFile.modifyExecstack(ElfFile::ExecstackMode::set);
+        else
+            printf("patchElf2: nothing done 1\n");
+
+    printf("patchElf2: makeRPathRelativeop = %d\n", makeRPathRelative);
 
     if (shrinkRPath)
-        elfFile.modifyRPath(elfFile.rpShrink, allowedRpathPrefixes, "");
+        elfFile.modifyRPath(elfFile.rpShrink, allowedRpathPrefixes, "", rootDir, fileName);
     else if (removeRPath)
-        elfFile.modifyRPath(elfFile.rpRemove, {}, "");
+        elfFile.modifyRPath(elfFile.rpRemove, {}, "", rootDir, fileName);
     else if (setRPath)
-        elfFile.modifyRPath(elfFile.rpSet, {}, newRPath);
+        elfFile.modifyRPath(elfFile.rpSet, {}, newRPath, rootDir, fileName);
     else if (addRPath)
-        elfFile.modifyRPath(elfFile.rpAdd, {}, newRPath);
+        elfFile.modifyRPath(elfFile.rpAdd, {}, newRPath, rootDir, fileName);
+    else if (makeRPathRelative)
+        elfFile.modifyRPath(elfFile.rpMakeRelative, {}, "", rootDir, fileName);
+    else
+        printf("patchElf2: nothing done 2\n");
 
     if (printNeeded) elfFile.printNeededLibs();
 
@@ -2548,6 +2702,9 @@ static void showHelp(const std::string & progName)
   [--remove-rpath]\n\
   [--shrink-rpath]\n\
   [--allowed-rpath-prefixes PREFIXES]\t\tWith '--shrink-rpath', reject rpath entries not starting with the allowed prefix\n\
+  [--make-rpath-relative ROOTDIR]\n\
+  [--no-standard-lib-dirs]\n\
+  [--relative-to-file]\n\
   [--print-rpath]\n\
   [--force-rpath]\n\
   [--add-needed LIBRARY]\n\
@@ -2583,6 +2740,7 @@ static int mainWrapped(int argc, char * * argv)
     int i;
     for (i = 1; i < argc; ++i) {
         std::string arg(argv[i]);
+        debug("mainWrapped: arg = '%s'\n", argv[i]);
         if (arg == "--set-interpreter" || arg == "--interpreter") {
             if (++i == argc) error("missing argument");
             newInterpreter = resolveArgument(argv[i]);
@@ -2631,6 +2789,19 @@ static int mainWrapped(int argc, char * * argv)
             addRPath = true;
             newRPath = resolveArgument(argv[i]);
         }
+        else if (arg == "--make-rpath-relative") {
+            if (++i == argc) error("missing argument to --make-rpath-relative");
+            debug("mainWrapped: makeRPathRelative = true\n");
+            makeRPathRelative = true;
+            rootDir = argv[i];
+        }
+        else if (arg == "--no-standard-lib-dirs") {
+            noStandardLibDirs = true;
+        }
+        else if (arg == "--relative-to-file") {
+            debug("mainWrapped: relativeToFile = true\n");
+            relativeToFile = true;
+        }
         else if (arg == "--print-rpath") {
             printRPath = true;
         }

src/patchelf.h

@@ -150,10 +150,15 @@ class ElfFile
 
     void setInterpreter(const std::string & newInterpreter);
 
-    typedef enum { rpPrint, rpShrink, rpSet, rpAdd, rpRemove } RPathOp;
+    typedef enum { rpPrint, rpShrink, rpSet, rpAdd, rpRemove, rpMakeRelative} RPathOp;
 
-    void modifyRPath(RPathOp op, const std::vector<std::string> & allowedRpathPrefixes, std::string newRPath);
+    bool libFoundInRPath(const std::string & dirName,
+        const std::vector<std::string> neededLibs,
+        std::vector<bool> & neededLibFound);
+
+    void modifyRPath(RPathOp op, const std::vector<std::string> & allowedRpathPrefixes, std::string newRPath, const std::string & rootDir, const std::string & fileName);
     std::string shrinkRPath(char* rpath, std::vector<std::string> &neededLibs, const std::vector<std::string> & allowedRpathPrefixes);
+    std::string makeRelativeRPath(char* rpath, std::vector<std::string> &neededLibs, const std::string & rootDir, const std::string & fileName);
     void removeRPath(Elf_Shdr & shdrDynamic);
 
     void addNeeded(const std::set<std::string> & libs);