> Hi,
>
> I wrote a utility that checks all apps in /bin & /sbin to see if they link
> against anything in /usr. Is this a problem that we care about?
>
> /bin/rpm uses something in /usr
> /sbin/arping uses something in /usr
> /sbin/audispd-zos-remote uses something in /usr
> /sbin/audisp-prelude uses something in /usr
> /sbin/audisp-remote uses something in /usr
> /sbin/auditd uses something in /usr
> /sbin/cifs.upcall uses something in /usr
> /sbin/grubby uses something in /usr
> /sbin/lsusb uses something in /usr
> /sbin/nash uses something in /usr
> /sbin/setkey uses something in /usr
> /sbin/umount.hal uses something in /usr
>
> This was not an everything install.

I would think that we would care. I'd be very curious to see the results
of this run on an everything install. And the code.

> -Steve
>
> --
> fedora-devel-list mailing list
> fedora-devel-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>


--
novus ordo absurdum

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Thursday 25 September 2008 13:32:00 Jon Ciesla wrote:
> > This was not an everything install.
>
> I would think that we would care. *I'd be very curious to see the
> results of this run on an everything install. *And the code.

This and about 10-15 other programs are part of a collection
of programs I run as a post install check.

>From ~/.rpmmacros:
%__arch_install_post ~/checks/rpm-checks
/usr/lib/rpm/check-rpaths
/usr/lib/rpm/check-buildroot

this is the new program. Its designed to take a directory
path so it can be pointed to the rpm build install dir. It otherwise
defaults to "/" for everything install testing.

-Steve


#!/bin/sh
if [ $# -ge 2 ] ; then
echo "Usage: check-root-usr [directory]" 1>&2
exit 1
fi
DIR="/"
if [ $# -eq 1 ] ; then
if [ -d "$1" ] ; then
DIR="$1"
else
echo "Option passed in was not a directory" 1>&2
exit 1
fi
fi

rc=0
ROOT="/bin /sbin"
for d in $ROOT
do
# Skip dirs that are not in the package
if [ ! -e $DIR/$d ] ; then
continue
fi
files=`ls $DIR/$d`
for f in $files
do
# Skip apps we can't read
if [ ! -r $DIR$d/$f ] ; then
continue
fi
# Skip static linked apps
ldd $DIR$d/$f 2>/dev/null 1>&2
if [ $? -eq 1 ] ; then
continue
fi
ldd $DIR$d/$f | grep '/usr/' 2>/dev/null 1>&2
if [ $? -eq 0 ] ; then
echo "$d/$f uses something in /usr:"
ldd $DIR$d/$f | grep '/usr/' 2>/dev/null
rc=1
fi
done
done
exit $rc


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On 2008-09-25 12:32:00 PM, Jon Ciesla wrote:
> I would think that we would care. I'd be very curious to see the results
> of this run on an everything install. And the code.
Here's my command and the output:
for file in /bin/* /sbin/*; do ldd $file 2>/dev/null | grep /usr > /dev/null 2>&1 && echo $file; done

/bin/rpm
/sbin/arping
/sbin/cifs.upcall
/sbin/grubby
/sbin/lsusb
/sbin/mkfs.ntfs
/sbin/multipath
/sbin/multipathd
/sbin/nash
/sbin/rpcbind
/sbin/umount.hal
/sbin/ypbind

Note that I did not run as root, so this would not include files that
are only root-readable.

Thanks,
Ricky
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

Steve Grubb (sgrubb@redhat.com) said:
> I wrote a utility that checks all apps in /bin & /sbin to see if they link
> against anything in /usr. Is this a problem that we care about?

For things that actually need run when /usr may not be available (grrr),
it's needed. In the ones you list below, that would include arping,
and audit*. For things like rpm or initrd-related tools, it's not really
an issue. (Of course, they may not actaully need to be in /sbin, but
it may be more trouble to move them.)

Bill

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Thursday 25 September 2008 13:41:42 Bill Nottingham wrote:
> Steve Grubb (sgrubb@redhat.com) said:
> > I wrote a utility that checks all apps in /bin & /sbin to see if they
> > link against anything in /usr. Is this a problem that we care about?
>
> For things that actually need run when /usr may not be available (grrr),
> it's needed. In the ones you list below, that would include arping,
> and audit*.

So, that brings up an interesting point...rsyslog has a gssapi plugin. It
starts about the same time as auditd. If the plugin is installed and
enabled...wouldn't rsyslog have the same problem as auditd? (Both are wanting
the gssapi library.)

-Steve

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list