This patch functionally reverts the patch in fixes line to not have any hardcoded library path in the final binary for the security reasons, in case this binary distributed to production environment. RPATH only added in RTE_DEVEL_BUILD case and this binary shouldn't distributed, but still removing it to be cautious. Fixes: 8919f73bcbaa ("mk: add build directory to library search path") Cc: stable@dpdk.org Suggested-by: Bruce Richardson <bruce.richardson@intel.com> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com> --- devtools/test-null.sh | 1 + mk/rte.app.mk | 4 ---- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/devtools/test-null.sh b/devtools/test-null.sh index 9f9a459f7..0fbb403e2 100755 --- a/devtools/test-null.sh +++ b/devtools/test-null.sh @@ -19,6 +19,7 @@ if [ ! -f "$testpmd" ] ; then fi if ldd $testpmd | grep -q librte_ ; then + export LD_LIBRARY_PATH=$build/lib:$LD_LIBRARY_PATH libs='-d librte_mempool_ring.so -d librte_pmd_null.so' else libs= diff --git a/mk/rte.app.mk b/mk/rte.app.mk index 683e3a4e3..077eaee06 100644 --- a/mk/rte.app.mk +++ b/mk/rte.app.mk @@ -379,10 +379,6 @@ filter-libs = \ LDLIBS := $(call filter-libs,$(LDLIBS)) -ifeq ($(RTE_DEVEL_BUILD)$(CONFIG_RTE_BUILD_SHARED_LIB),yy) -LDFLAGS += -rpath=$(RTE_SDK_BIN)/lib -endif - MAPFLAGS = -Map=$@.map --cref .PHONY: all -- 2.21.0
This patch functionally reverts the patch in fixes line to not have any hardcoded library path in the final binary for the security reasons, in case this binary distributed to production environment. RPATH only added in RTE_DEVEL_BUILD case and this binary shouldn't distributed, but still removing it to be cautious. Fixes: 8919f73bcbaa ("mk: add build directory to library search path") Cc: stable@dpdk.org Suggested-by: Bruce Richardson <bruce.richardson@intel.com> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com> --- v2: * set 'build' if provided argument is testpmd path --- devtools/test-null.sh | 2 ++ mk/rte.app.mk | 4 ---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/devtools/test-null.sh b/devtools/test-null.sh index 9f9a459f7..afcd8bb29 100755 --- a/devtools/test-null.sh +++ b/devtools/test-null.sh @@ -11,6 +11,7 @@ coremask=${2:-3} # default using cores 0 and 1 eal_options=$3 testpmd_options=$4 +[ -f "$testpmd" ] && build=$(dirname $(dirname $testpmd)) [ -f "$testpmd" ] || testpmd=$build/app/dpdk-testpmd [ -f "$testpmd" ] || testpmd=$build/app/testpmd if [ ! -f "$testpmd" ] ; then @@ -19,6 +20,7 @@ if [ ! -f "$testpmd" ] ; then fi if ldd $testpmd | grep -q librte_ ; then + export LD_LIBRARY_PATH=$build/lib:$LD_LIBRARY_PATH libs='-d librte_mempool_ring.so -d librte_pmd_null.so' else libs= diff --git a/mk/rte.app.mk b/mk/rte.app.mk index a278552c6..05ea034b9 100644 --- a/mk/rte.app.mk +++ b/mk/rte.app.mk @@ -379,10 +379,6 @@ filter-libs = \ LDLIBS := $(call filter-libs,$(LDLIBS)) -ifeq ($(RTE_DEVEL_BUILD)$(CONFIG_RTE_BUILD_SHARED_LIB),yy) -LDFLAGS += -rpath=$(RTE_SDK_BIN)/lib -endif - MAPFLAGS = -Map=$@.map --cref .PHONY: all -- 2.21.0
22/11/2019 12:30, Ferruh Yigit:
> This patch functionally reverts the patch in fixes line to not have any
> hardcoded library path in the final binary for the security reasons, in
> case this binary distributed to production environment.
>
> RPATH only added in RTE_DEVEL_BUILD case and this binary shouldn't
> distributed, but still removing it to be cautious.
>
> Fixes: 8919f73bcbaa ("mk: add build directory to library search path")
> Cc: stable@dpdk.org
>
> Suggested-by: Bruce Richardson <bruce.richardson@intel.com>
> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Applied, thanks