795828 – sci-libs/flann-1.9.1-r3 QA Notice: The following files contain insecure RUNPATHs

Bug 795828 - sci-libs/flann-1.9.1-r3 QA Notice: The following files contain insecure RUNPATHs

Summary: sci-libs/flann-1.9.1-r3 QA Notice: The following files contain insecure RUNPATHs

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Science Related Packages

URL:
Whiteboard:
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2021-06-13 23:08 UTC by Alessandro Barbieri
Modified:	2022-12-18 10:38 UTC (History)
CC List:	3 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/24221
Package list:
Runtime testing required:	---

Attachments
emerge_info (emerge_info,36.02 KB, text/plain) 2021-06-13 23:09 UTC, Alessandro Barbieri	Details
flann-1.9.1-r3:20210522-130902.logx (flann-1.9.1-r3:20210522-130902.logx,37.86 KB, text/plain) 2021-06-13 23:09 UTC, Alessandro Barbieri	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alessandro Barbieri 2021-06-13 23:08:57 UTC

This package has QA issues. Attached relevant logs and emerge --info

Comment 1 Alessandro Barbieri 2021-06-13 23:09:09 UTC

Created attachment 715836 [details]
emerge_info

emerge --info

Comment 2 Alessandro Barbieri 2021-06-13 23:09:11 UTC

Created attachment 715839 [details]
flann-1.9.1-r3:20210522-130902.logx

build log

Comment 3 Alessandro Barbieri 2021-06-13 23:09:35 UTC

scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in /var/tmp/portage/sci-libs/flann-1.9.1-r3/image/usr/bin/flann_mpi_server                                                                                               
scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in /var/tmp/portage/sci-libs/flann-1.9.1-r3/image/usr/bin/flann_mpi_client                                                                                               
Auto fixing rpaths for /var/tmp/portage/sci-libs/flann-1.9.1-r3/image/usr/bin/flann_mpi_server
Auto fixing rpaths for /var/tmp/portage/sci-libs/flann-1.9.1-r3/image/usr/bin/flann_mpi_client
                                                           
 * QA Notice: The following files contain insecure RUNPATHs 
 *  Please file a bug about this at https://bugs.gentoo.org/           
 *  with the maintainer of the package.    
 *   /var/tmp/portage/sci-libs/flann-1.9.1-r3/image/usr/bin/flann_mpi_server
 *     RPATH: :/usr/lib64                
 *   /var/tmp/portage/sci-libs/flann-1.9.1-r3/image/usr/bin/flann_mpi_client
 *     RPATH: :/usr/lib64

Comment 4 Fat-Zer 2022-02-16 02:30:14 UTC

Note, this QA Notice is caused by USE=mpi

The rpath is introduced by mpicxx compiler wraper. I see no way to prevent mpicxx from doing such. Though rpath could be easily removed via `chrpath` or `patchelf` utilities:
   
   patchelf --remove-rpath bin/flann_mpi_{client,server}

or
 
   chrpath -d bin/flann_mpi_{client,server}

Comment 5 Larry the Git Cow gentoo-dev

2022-02-18 03:06:58 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01f352b1649fc560c6cea09b91e72e56b49f6f68

commit 01f352b1649fc560c6cea09b91e72e56b49f6f68
Author:     Alexander Golubev <fatzer2@gmail.com>
AuthorDate: 2022-02-16 22:13:25 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-18 03:05:53 +0000

    sci-libs/flann: fix RUNPATH with MPI
    
    Bug: https://bugs.gentoo.org/795828
    Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/24221
    Signed-off-by: Sam James <sam@gentoo.org>

 sci-libs/flann/flann-1.9.1-r5.ebuild | 6 ++++++
 1 file changed, 6 insertions(+)

Comment 6 Andreas Sturmlechner gentoo-dev

2022-12-18 10:38:54 UTC

So, this is fixed then?