-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Repair ELF executables in the "scripts" directory #443
Conversation
9defa10
to
e123dd7
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #443 +/- ##
==========================================
+ Coverage 92.17% 92.27% +0.09%
==========================================
Files 20 20
Lines 1252 1268 +16
Branches 304 306 +2
==========================================
+ Hits 1154 1170 +16
Misses 56 56
Partials 42 42 ☔ View full report in Codecov by Sentry. |
Thanks @chriskuehl, this looks good. Could you add 2 tests for this:
|
I have the same issue. Any chance to complete this PR? |
podman was failing with this error due to (apparently) lacking support for abbreviated sha256 references: docker.errors.APIError: 500 Server Error for http+docker://localhost/v1.41/containers/create: Internal Server Error ("normalizing image: normalizing name for compat API: sha256:a455ef9d0843: invalid format: no 64-byte hexadecimal value") Using the full SHA256 hash works under podman (and presumably works under Docker too?).
e123dd7
to
ac46754
Compare
for more information, see https://pre-commit.ci
I've added tests that cover this under the existing For reference, the updated test fails on
Let me know if you'd like me to move these assertions to an entirely new test case or to rearrange things in some other way. |
|
||
if __name__ == "__main__": | ||
os.execv( | ||
os.path.join(sysconfig.get_path("platlib"), {binary_path!r}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if this works for any possible deployment scenarios.
Maybe using importlib.metadata on python >= 3.8 would be a more robust way to get the real path.
Maybe this could be an improvement left for a later PR if an issue is reported.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @chriskuehl !
This looks good. I left a comment but I don't think it's a blocker (unless @lkollar disagrees).
Fixes #340
This is an early draft and request for feedback. I'm happy to add tests but wanted to request an initial review first to see if this approach is workable.
Summary
Some packages contain ELF executables in their "scripts" directory which link to shared libraries embedded in the wheel. Currently auditwheel can't correctly repair the RPATH of these executables, and repaired wheels will have broken executables when installed.
The approach here is to:
{package}.scripts
directory in platlib, similar to the{package}.scripts
directory.scripts
directory with a shim that execs the relocated executable when called.This works because the relocated executables can have a consistent RPATH (
$ORIGIN/../{package}.libs
). This is required since installed executables inscripts
don't have a consistent relative path to platlib (it varies based on how the wheel is installed).This is roughly following the approach suggested in #340 (comment).
Demonstration
I'm testing using a wheel I built for
uwsgi==2.0.22
:Installing the wheel produces a working
uwsgi
binary:The
uwsgi
binary on my PATH was replaced with a wrapper script:The real executable was relocated into site-packages:
...and it has an RPATH to the libs directory:
Comparison to current auditwheel
Running the same repair on the
main
branch produces a repaired wheel but theuwsgi
binary doesn't work after installation:...and the rewritten RPATH points to an invalid location: