Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

Matr1x-101 · 2022-10-02 17:22:19

When I try and install onedrive-abraunegg, and check namcap, I get this error:

onedrive-abraunegg W: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

The PKGBUILD is here

Is this an upstream issue, or a problem with my PKGBUILD

loqs · 2022-10-02 20:14:43

The W indicates a warning rather than an error.
The only variable I could find that would be passed by the upstream Makefile during linking was DCFLAGS which I believe is intended for compile flags but placing the following before configure produced a binary with FULL RELRO

export DCFLAGS='-L-zrelro -L-znow'

See also https://wiki.gentoo.org/wiki/Dlang

yochananmarqos · 2022-10-02 20:20:44

@loqs

I tried that with my drill-search AUR package, but namcap still complains the binary lacks FULL RELRO.

loqs · 2022-10-02 20:38:03

@yochananmarqos if you apply the diff below to the PKGBUILD linked in the original post does namcap still warn of missing RELRO?

git diff
diff --git a/PKGBUILD b/PKGBUILD
index 2607b4d..47456e7 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -17,6 +17,7 @@ md5sums=('51c9b0946da6fa3373fe6505cf2387ea')
 
 build() {
        cd "$_pkgname-$pkgver"
+        export DCFLAGS='-L-zrelro -L-znow'
         ./configure --sysconfdir=/etc \
                     --prefix=/usr \
                     --with-systemdsystemunitdir=/usr/lib/systemd/system \

I checked the produced binary /usr/bin/onedrive with checksec and it detects FULL RELRO.

yochananmarqos · 2022-10-02 21:23:16

@loqs: No, namcap does not complain. However, onedrive-abraunegg neither uses dmd nor dub to build.

loqs · 2022-10-02 21:29:36

yochananmarqos wrote:

@loqs: No, namcap does not complain. However, onedrive-abraunegg neither uses dmd nor dub to build.

It does use dmd

==> Starting build()...
checking for a BSD-compatible install... /usr/bin/install -c
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for dmd... dmd
checking version of D compiler... 2.100.2
checking for curl... yes
checking for sqlite... yes
checking for notify... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating contrib/pacman/PKGBUILD
config.status: creating contrib/spec/onedrive.spec
config.status: creating onedrive.1
config.status: creating contrib/systemd/onedrive.service
config.status: creating contrib/systemd/onedrive@.service
if [ -f .git/HEAD ] ; then \
	git describe --tags > version ; \
else \
	echo v2.4.21 > version ; \
fi
dmd -L-zrelro -L-znow -w -g -O -J. -version=NoPragma -version=NoGdk -version=Notifications -L-lcurl -L-lsqlite3 -L-lnotify -L-lgdk_pixbuf-2.0 -L-lgio-2.0 -L-lgobject-2.0 -L-lglib-2.0 -L-ldl src/config.d src/itemdb.d src/log.d src/main.d src/monitor.d src/onedrive.d src/qxor.d src/selective.d src/sqlite.d src/sync.d src/upload.d src/util.d src/progress.d src/arsd/cgi.d src/notifications/notify.d src/notifications/dnotify.d -ofonedrive

yochananmarqos · 2022-10-02 21:41:38

loqs wrote:

yochananmarqos wrote:
@loqs: No, namcap does not complain. However, onedrive-abraunegg neither uses dmd nor dub to build.
It does use dmd

Oh, duh. Apparently I'm blind (and/or was distracted).

loqs · 2022-10-02 22:11:29

for drill-search this patch worked for me

diff --git a/src/dub.json b/src/dub.json
index 8ce3171f..4991658a 100644
--- a/src/dub.json
+++ b/src/dub.json
@@ -42,7 +42,8 @@
                 "noBoundsCheck",
                 "releaseMode"
             ],
-            "versions": ["StdLoggerDisableTrace","StdLoggerDisableInfo","StdLoggerDisableWarning","StdLoggerDisableError"]
+            "versions": ["StdLoggerDisableTrace","StdLoggerDisableInfo","StdLoggerDisableWarning","StdLoggerDisableError"],
+            "lflags": ["-zrelro","-znow"]
         }
     },
     "configurations": [

yochananmarqos · 2022-10-02 22:34:14

@loqs: Not sure why this is happening:

prepare() {
  cd "$srcdir/Drill"
  patch -Np1 -i ../RELRO.patch
}

==> Starting prepare()...
patching file src/dub.json
Hunk #1 FAILED at 42 (different line endings).
1 out of 1 hunk FAILED -- saving rejects to file src/dub.json.rej

It rejects the entire patch. I even tried creating the patch myself and got the same thing.

EDIT: It turns out it's: DFLAGS, not DCFLAGS. This works:

export DFLAGS='-L-zrelro -L-znow'

Last edited by yochananmarqos (2022-10-02 22:38:20)

loqs · 2022-10-02 22:40:51

http://0x0.st/oJik.diff sha256sum of 9e105b2407578c6b6f9372bfd9e05452a4736b2e7f300e1baa96e54ec26a7328
If that still fails add -l to the options passed to patch to ignore the different line endings.

Arch Linux

#1 2022-10-02 17:22:19

Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

#2 2022-10-02 20:14:43

Re: Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

#3 2022-10-02 20:20:44

Re: Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

#4 2022-10-02 20:38:03

Re: Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

#5 2022-10-02 21:23:16

Re: Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

#6 2022-10-02 21:29:36

Re: Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

#7 2022-10-02 21:41:38

Re: Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

#8 2022-10-02 22:11:29

Re: Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

#9 2022-10-02 22:34:14

Re: Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

#10 2022-10-02 22:40:51

Re: Error: ELF file ('usr/bin/onedrive') lacks FULL RELRO, check LDFLAGS.

Board footer