From 9768162c5ba7c362d07748d8f0fcbb8b95a39cb9 Mon Sep 17 00:00:00 2001 From: James Cuzella Date: Sun, 15 Sep 2024 10:08:38 -0600 Subject: [PATCH] Fix #574 - Revert "Improve compatibility of binfmt-bypass with really old Docker images" This reverts commit c810e7070e70e735edbd4be3e8e932e4e3f1a666. Notes: - [CentOS 7 reached End of Life][1] on June 30, 2024 - [RedHat moved CentOS Stream 8 & 9 upstream of RHEL][2] - Arch Linux & Manjaro unstable channel have GlibC with symbol version `2.14`: U memcpy@GLIBC_2.14 [1]: https://www.redhat.com/en/topics/linux/centos-linux-eol [2]: https://www.theregister.com/2023/06/23/red_hat_centos_move/ --- src/binfmt-bypass/CMakeLists.txt | 33 +++++++++------------- src/binfmt-bypass/fix-preload-library.sh | 35 ------------------------ 2 files changed, 13 insertions(+), 55 deletions(-) delete mode 100644 src/binfmt-bypass/fix-preload-library.sh diff --git a/src/binfmt-bypass/CMakeLists.txt b/src/binfmt-bypass/CMakeLists.txt index 87773fdd..c3376d22 100644 --- a/src/binfmt-bypass/CMakeLists.txt +++ b/src/binfmt-bypass/CMakeLists.txt @@ -56,15 +56,6 @@ function(make_preload_lib_target target_name) # hide all symbols by default -fvisibility=hidden ) - - # a bit of a hack, but it seems to make binfmt bypass work in really old Docker images (e.g., CentOS <= 7) - add_custom_command( - TARGET ${target_name} - POST_BUILD - COMMAND bash ${CMAKE_CURRENT_SOURCE_DIR}/fix-preload-library.sh $ - WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} - VERBATIM - ) endfunction() make_preload_lib_target(${preload_lib}) @@ -95,21 +86,23 @@ endif() # this is a workaround to existing issues using AppImages in Docker with AppImageLauncher installed on the host system check_program(NAME xxd) -function(generate_preload_lib_header target_name) +add_custom_command( + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${preload_lib}.h + COMMAND xxd -i $ ${preload_lib}.h + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + DEPENDS ${preload_lib} + VERBATIM +) + +# same story for 32-bit lib +if (build_32bit_preload_library) add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${target_name}.h - COMMAND xxd -i $ ${target_name}.h + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${preload_lib_32bit}.h + COMMAND xxd -i $ ${preload_lib_32bit}.h WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} - DEPENDS ${target_name} + DEPENDS ${preload_lib_32bit} VERBATIM ) -endfunction() - -generate_preload_lib_header(${preload_lib}) - -# same story for 32-bit lib -if (build_32bit_preload_library) - generate_preload_lib_header(${preload_lib_32bit}) endif() # the lib provides an algorithm to extract the runtime, patch it and launch it, preloading our preload lib to make the diff --git a/src/binfmt-bypass/fix-preload-library.sh b/src/binfmt-bypass/fix-preload-library.sh deleted file mode 100644 index e3258f34..00000000 --- a/src/binfmt-bypass/fix-preload-library.sh +++ /dev/null @@ -1,35 +0,0 @@ -#! /bin/bash - -set -euo pipefail - -glibc_ok_version="2.4" - -find_too_new_symbols() { - glibc_symbols=( "$(nm --dynamic --undefined-only --with-symbol-versions "$1" | grep "GLIBC_")" ) - - for glibc_symbol in "${glibc_symbols[@]}"; do - # shellcheck disable=SC2001 - glibc_symbol_version="$(sed 's|.*GLIBC_\([\.0-9]\+\)$|\1|' <<< "$glibc_symbol")" - newest_glibc_symbol_version="$(echo -e "$glibc_ok_version\\n$glibc_symbol_version" | sort -V | tail -n1)" - - # make sure the newest version found is <= the one we define as ok - if [[ "$newest_glibc_symbol_version" == "$glibc_ok_version" ]]; then - return 1 - fi - done - - return 0 -} - -for file in "$@"; do - # obviously, this is a hack, but it should work well enough since we just need to do it for one single symbol from libdl - patchelf --debug --clear-symbol-version dlsym "$file" - - nm_data="$(nm --dynamic --undefined-only --with-symbol-versions "$file")" - - if find_too_new_symbols "$file"; then - echo "Error: found symbol version markers newer than $glibc_ok_version:" - echo "$nm_data" - exit 1 - fi -done