From c6c0d5a22c2ee3d7164dab0129b2e4852a4ae76c Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludovic.courtes@inria.fr>
Date: Tue, 28 Jul 2020 10:48:50 +0200
Subject: pack: "fakechroot" execution engine can load its audit module.

Fixes <https://bugs.gnu.org/42558>.

Until now, loading 'pack-audit.so' in a truly non-Guix environment would
usually fail because 'pack-audit.so' depends on 'libgcc_s.so' and
'libc.so', none of which could be found.

Furthermore, the test was not working as expected: the trick

  unshare -mrf sh -c 'mount -t tmpfs none /gnu ; ...'

would allow the fakechroot engine to make its store available as
/gnu/store as a result of another bug.

* gnu/packages/aux-files/run-in-namespace.c (relocated_search_path): New
function.
(exec_with_loader): Pass "--library-path" to the loader.
* guix/scripts/pack.scm (wrapped-package)[build](runpath): New procedure.
(elf-loader-compile-flags): Pass "-DLOADER_AUDIT_RUNPATH".
* tests/guix-pack-relocatable.sh: Remove 'STORE_PARENT'.
(run_without_store): New function.  Erase $NIX_STORE_DIR instead of
$STORE_PARENT.
Use 'run_without_store' throughout.
---
 guix/scripts/pack.scm | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'guix')

diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm
index 5fb6aaae0c..75386deee7 100644
--- a/guix/scripts/pack.scm
+++ b/guix/scripts/pack.scm
@@ -744,11 +744,13 @@ (define build
     (with-imported-modules (source-module-closure
                             '((guix build utils)
                               (guix build union)
+                              (guix build gremlin)
                               (guix elf)))
       #~(begin
           (use-modules (guix build utils)
                        ((guix build union) #:select (relative-file-name))
                        (guix elf)
+                       (guix build gremlin)
                        (ice-9 binary-ports)
                        (ice-9 ftw)
                        (ice-9 match)
@@ -786,6 +788,14 @@ (define (elf-interpreter elf)
                                    bv 0 (bytevector-length bv))
                  (utf8->string bv)))))
 
+          (define (runpath file)
+            ;; Return the RUNPATH of FILE as a list of directories.
+            (let* ((bv      (call-with-input-file file get-bytevector-all))
+                   (elf     (parse-elf bv))
+                   (dyninfo (elf-dynamic-info elf)))
+              (or (and=> dyninfo elf-dynamic-info-runpath)
+                  '())))
+
           (define (elf-loader-compile-flags program)
             ;; Return the cpp flags defining macros for the ld.so/fakechroot
             ;; wrapper of PROGRAM.
@@ -807,6 +817,13 @@ (define (elf-loader-compile-flags program)
 
                             (string-append "-DLOADER_AUDIT_MODULE=\""
                                            #$(audit-module) "\"")
+                            (string-append "-DLOADER_AUDIT_RUNPATH={ "
+                                           (string-join
+                                            (map object->string
+                                                 (runpath
+                                                  #$(audit-module)))
+                                            ", " 'suffix)
+                                           "NULL }")
                             (if gconv
                                 (string-append "-DGCONV_DIRECTORY=\""
                                                gconv "\"")
-- 
cgit v1.2.3