Merge pull request #109112 from KAction/audit-static

audit: fix static linking
2024-09-25 14:48:25 +03:00 · 2021-01-23 20:46:39 +00:00 · 2021-01-23 20:46:39 +00:00 · 7310abaab5
commit 7310abaab5
parent 963286d5b6 264abb7c7e
2 changed files with 156 additions and 1 deletions
--- a/pkgs/os-specific/linux/audit/default.nix
+++ b/pkgs/os-specific/linux/audit/default.nix
@ -36,7 +36,8 @@ stdenv.mkDerivation rec {
  # TODO: Remove the musl patches when
  #         https://github.com/linux-audit/audit-userspace/pull/25
  #       is available with the next release.
-  patches = lib.optional stdenv.hostPlatform.isMusl [
+  patches = [ ./patches/weak-symbols.patch ]
+  ++ lib.optional stdenv.hostPlatform.isMusl [
    (
      let patch = fetchpatch {
            url = "https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e.patch";
@ -55,6 +56,13 @@ stdenv.mkDerivation rec {

  prePatch = ''
    sed -i 's,#include <sys/poll.h>,#include <poll.h>\n#include <limits.h>,' audisp/audispd.c
+  ''
+  # According to https://stackoverflow.com/questions/13089166
+  # --whole-archive linker flag is required to be sure that linker
+  # correctly chooses strong version of symbol regardless of order of
+  # object files at command line.
+  + stdenv.lib.optionalString stdenv.targetPlatform.isStatic ''
+    export LDFLAGS=-Wl,--whole-archive
  '';
  meta = {
    description = "Audit Library";
--- a/pkgs/os-specific/linux/audit/patches/weak-symbols.patch
+++ b/pkgs/os-specific/linux/audit/patches/weak-symbols.patch
@ -0,0 +1,147 @@
+Executables in src/ directory are built from source files in src/
+and are linked to libauparse, with both src/auditd-config.c and
+auparse/auditd-config.c defining "free_config" function.
+
+It is known (although obscure) behaviour of shared libraries that
+symbol defined in binary itself overrides symbol in shared library;
+with static linkage it expectedly results in multiple definition
+error.
+
+This set of fixes explicitly marks libauparse versions of
+conflicting functions as weak to have behaviour coherent with
+dynamic linkage version -- definitions in src/ overriding definition
+in auparse/.
+
+Still, this architecture is very strange and confusing.
+
+diff -r -U5 audit-2.8.5-orig/auparse/auditd-config.c audit-2.8.5/auparse/auditd-config.c
+--- audit-2.8.5-orig/auparse/auditd-config.c	2019-03-01 20:19:13.000000000 +0000
+++ audit-2.8.5/auparse/auditd-config.c	2021-01-13 11:36:12.716226498 +0000
+@@ -68,10 +68,11 @@
+ };
+ 
+ /*
+  * Set everything to its default value
+ */
+#pragma weak clear_config
+ void clear_config(struct daemon_conf *config)
+ {
+ 	config->local_events = 1;
+ 	config->qos = QOS_NON_BLOCKING;
+ 	config->sender_uid = 0;
+@@ -322,10 +323,11 @@
+ 	if (config->log_file == NULL)
+ 		return 1;
+ 	return 0;
+ }
+ 
+#pragma weak free_config
+ void free_config(struct daemon_conf *config)
+ {
+ 	free((void*)config->log_file);
+ }
+ 
+diff -r -U5 audit-2.8.5-orig/auparse/interpret.c audit-2.8.5/auparse/interpret.c
+--- audit-2.8.5-orig/auparse/interpret.c	2019-03-01 20:19:13.000000000 +0000
+++ audit-2.8.5/auparse/interpret.c	2021-01-13 11:39:42.107217224 +0000
+@@ -545,10 +545,11 @@
+ 	else
+ 		snprintf(buf, size, "unknown(%d)", uid);
+ 	return buf;
+ }
+ 
+#pragma weak aulookup_destroy_uid_list
+ void aulookup_destroy_uid_list(void)
+ {
+ 	if (uid_cache_created == 0)
+ 		return;
+ 
+@@ -2810,10 +2811,11 @@
+ 
+ /*
+  * This is the main entry point for the auparse library. Call chain is:
+  * auparse_interpret_field -> nvlist_interp_cur_val -> interpret
+  */
+#pragma weak interpret
+ const char *interpret(const rnode *r, auparse_esc_t escape_mode)
+ {
+ 	const nvlist *nv = &r->nv;
+ 	int type;
+ 	idata id;
+diff -r -U5 audit-2.8.5-orig/auparse/nvlist.c audit-2.8.5/auparse/nvlist.c
+--- audit-2.8.5-orig/auparse/nvlist.c	2019-02-04 14:26:52.000000000 +0000
+++ audit-2.8.5/auparse/nvlist.c	2021-01-13 11:37:37.190222757 +0000
+@@ -27,10 +27,11 @@
+ #include "nvlist.h"
+ #include "interpret.h"
+ #include "auparse-idata.h"
+ 
+ 
+#pragma weak nvlist_create
+ void nvlist_create(nvlist *l)
+ {
+ 	l->head = NULL;
+ 	l->cur = NULL;
+ 	l->cnt = 0;
+@@ -47,17 +48,19 @@
+ 	while (node->next)
+ 		node = node->next;
+ 	l->cur = node;
+ }
+ 
+#pragma weak nvlist_next
+ nvnode *nvlist_next(nvlist *l)
+ {
+ 	if (l->cur)
+ 		l->cur = l->cur->next;
+ 	return l->cur;
+ }
+ 
+#pragma weak nvlist_append
+ void nvlist_append(nvlist *l, nvnode *node)
+ {
+ 	nvnode* newnode = malloc(sizeof(nvnode));
+ 
+ 	newnode->name = node->name;
+@@ -141,10 +144,11 @@
+ 	if (l->cur->interp_val)
+ 		return l->cur->interp_val;
+ 	return interpret(r, escape_mode);
+ }
+ 
+#pragma weak nvlist_clear
+ void nvlist_clear(nvlist* l)
+ {
+ 	nvnode* nextnode;
+ 	register nvnode* current;
+ 
+diff -r -U5 audit-2.8.5-orig/auparse/strsplit.c audit-2.8.5/auparse/strsplit.c
+--- audit-2.8.5-orig/auparse/strsplit.c	2019-03-01 21:15:30.000000000 +0000
+++ audit-2.8.5/auparse/strsplit.c	2021-01-13 11:38:04.306221556 +0000
+@@ -54,10 +54,11 @@
+ 			return NULL;
+ 		return s;
+ 	}
+ }
+ 
+#pragma weak audit_strsplit
+ char *audit_strsplit(char *s)
+ {
+ 	static char *str = NULL;
+ 	char *ptr;
+ 
+diff -r -U5 audit-2.8.5-orig/lib/strsplit.c audit-2.8.5/lib/strsplit.c
+--- audit-2.8.5-orig/lib/strsplit.c	2019-03-01 20:19:13.000000000 +0000
+++ audit-2.8.5/lib/strsplit.c	2021-01-13 11:38:29.444220443 +0000
+@@ -23,10 +23,11 @@
+ 
+ #include <string.h>
+ #include "libaudit.h"
+ #include "private.h"
+ 
+#pragma weak audit_strsplit_r
+ char *audit_strsplit_r(char *s, char **savedpp)
+ {
+ 	char *ptr;
+ 
+ 	if (s)