wip

Author: gcurtis

internal/patchpkg/elf.go

@@ -0,0 +1,396 @@
+package patchpkg
+
+import (
+	"bytes"
+	"context"
+	"debug/elf"
+	"errors"
+	"fmt"
+	"io"
+	"io/fs"
+	"iter"
+	"log/slog"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"slices"
+	"strings"
+)
+
+// libPatcher patches ELF binaries to use an alternative version of glibc.
+type libPatcher struct {
+	// ld is the absolute path to the new dynamic linker (ld.so).
+	ld string
+
+	// rpath is the new RPATH with the directories containing the new libc
+	// shared objects (libc.so) and other libraries.
+	rpath []string
+
+	// needed are shared libraries to add as dependencies (DT_NEEDED).
+	needed []string
+}
+
+// setGlibc configures the patcher to use the dynamic linker and libc libraries
+// in pkg.
+func (p *libPatcher) setGlibc(pkg *packageFS) error {
+	// Verify that we can find a directory with libc in it.
+	glob := "lib*/libc.so*"
+	matches, _ := fs.Glob(pkg, glob)
+	if len(matches) == 0 {
+		return fmt.Errorf("cannot find libc.so file matching %q", glob)
+	}
+	for i := range matches {
+		matches[i] = path.Dir(matches[i])
+	}
+	// Pick the shortest name: lib < lib32 < lib64 < libx32
+	//
+	// - lib is usually a symlink to the correct arch (e.g., lib -> lib64)
+	// - *.so is usually a symlink to the correct version (e.g., foo.so -> foo.so.2)
+	slices.Sort(matches)
+
+	lib, err := pkg.OSPath(matches[0])
+	if err != nil {
+		return err
+	}
+	p.rpath = append(p.rpath, lib)
+	slog.Debug("found new libc directory", "path", lib)
+
+	// Verify that we can find the new dynamic linker.
+	glob = "lib*/ld-linux*.so*"
+	matches, _ = fs.Glob(pkg, glob)
+	if len(matches) == 0 {
+		return fmt.Errorf("cannot find ld.so file matching %q", glob)
+	}
+	slices.Sort(matches)
+	p.ld, err = pkg.OSPath(matches[0])
+	if err != nil {
+		return err
+	}
+	slog.Debug("found new dynamic linker", "path", p.ld)
+	return nil
+}
+
+// setGlibc configures the patcher to use the standard C++ and gcc libraries in
+// pkg.
+func (p *libPatcher) setGcc(pkg *packageFS) error {
+	// Verify that we can find a directory with libstdc++.so in it.
+	glob := "lib*/libstdc++.so*"
+	matches, _ := fs.Glob(pkg, glob)
+	if len(matches) == 0 {
+		return fmt.Errorf("cannot find libstdc++.so file matching %q", glob)
+	}
+	for i := range matches {
+		matches[i] = path.Dir(matches[i])
+	}
+	// Pick the shortest name: lib < lib32 < lib64 < libx32
+	//
+	// - lib is usually a symlink to the correct arch (e.g., lib -> lib64)
+	// - *.so is usually a symlink to the correct version (e.g., foo.so -> foo.so.2)
+	slices.Sort(matches)
+
+	lib, err := pkg.OSPath(matches[0])
+	if err != nil {
+		return err
+	}
+	p.rpath = append(p.rpath, lib)
+	p.needed = append(p.needed, "libstdc++.so")
+	slog.Debug("found new libstdc++ directory", "path", lib)
+	return nil
+}
+
+func (p *libPatcher) prependRPATH(libPkg *packageFS) {
+	glob := "lib*/*.so*"
+	matches, _ := fs.Glob(libPkg, glob)
+	if len(matches) == 0 {
+		slog.Debug("not prepending package to RPATH because no shared libraries were found", "pkg", libPkg.storePath)
+		return
+	}
+	for i := range matches {
+		matches[i] = path.Dir(matches[i])
+	}
+	slices.Sort(matches)
+	matches = slices.Compact(matches)
+	for i := range matches {
+		var err error
+		matches[i], err = libPkg.OSPath(matches[i])
+		if err != nil {
+			continue
+		}
+	}
+	p.rpath = append(p.rpath, matches...)
+	slog.Debug("prepended package lib dirs to RPATH", "pkg", libPkg.storePath, "dirs", matches)
+}
+
+// patch applies glibc patches to a binary and writes the patched result to
+// outPath. It does not modify the original binary in-place.
+func (p *libPatcher) patch(ctx context.Context, path, outPath string) error {
+	cmd := &patchelf{PrintInterpreter: true}
+	out, err := cmd.run(ctx, path)
+	if err != nil {
+		return err
+	}
+	oldInterp := string(out)
+
+	cmd = &patchelf{PrintRPATH: true}
+	out, err = cmd.run(ctx, path)
+	if err != nil {
+		return err
+	}
+	oldRpath := strings.Split(string(out), ":")
+
+	cmd = &patchelf{
+		SetInterpreter: p.ld,
+		SetRPATH:       append(p.rpath, oldRpath...),
+		AddNeeded:      p.needed,
+		Output:         outPath,
+	}
+	slog.Debug("patching glibc on binary",
+		"path", path, "outPath", cmd.Output,
+		"old_interp", oldInterp, "new_interp", cmd.SetInterpreter,
+		"old_rpath", oldRpath, "new_rpath", cmd.SetRPATH,
+	)
+	_, err = cmd.run(ctx, path)
+	return err
+}
+
+// patchelf runs the patchelf command.
+type patchelf struct {
+	SetRPATH   []string
+	PrintRPATH bool
+
+	SetInterpreter   string
+	PrintInterpreter bool
+
+	AddNeeded []string
+
+	Output string
+}
+
+// run runs patchelf on an ELF binary and returns its output.
+func (p *patchelf) run(ctx context.Context, elf string) ([]byte, error) {
+	cmd := exec.CommandContext(ctx, lookPath("patchelf"))
+	if len(p.SetRPATH) != 0 {
+		cmd.Args = append(cmd.Args, "--force-rpath", "--set-rpath", strings.Join(p.SetRPATH, ":"))
+	}
+	if p.PrintRPATH {
+		cmd.Args = append(cmd.Args, "--print-rpath")
+	}
+	if p.SetInterpreter != "" {
+		cmd.Args = append(cmd.Args, "--set-interpreter", p.SetInterpreter)
+	}
+	if p.PrintInterpreter {
+		cmd.Args = append(cmd.Args, "--print-interpreter")
+	}
+	for _, needed := range p.AddNeeded {
+		cmd.Args = append(cmd.Args, "--add-needed", needed)
+	}
+	if p.Output != "" {
+		cmd.Args = append(cmd.Args, "--output", p.Output)
+	}
+	cmd.Args = append(cmd.Args, elf)
+	out, err := cmd.Output()
+	return bytes.TrimSpace(out), err
+}
+
+var (
+	// SystemLibSearchPaths match the system library paths for common Linux
+	// distributions.
+	SystemLibSearchPaths = []string{
+		"/lib*/*-linux-gnu", // Debian
+		"/lib*",             // Red Hat
+		"/var/lib*/*/lib*",  // Docker
+	}
+
+	// EnvLibrarySearchPath matches the paths in the LIBRARY_PATH
+	// environment variable.
+	EnvLibrarySearchPath = filepath.SplitList(os.Getenv("LIBRARY_PATH"))
+
+	// EnvLDLibrarySearchPath matches the paths in the LD_LIBRARY_PATH
+	// environment variable.
+	EnvLDLibrarySearchPath = filepath.SplitList(os.Getenv("LD_LIBRARY_PATH"))
+
+	// CUDALibSearchPaths match the common installation directories for CUDA
+	// libraries.
+	CUDALibSearchPaths = []string{
+		// Common non-package manager locations.
+		"/opt/cuda/lib*",
+		"/opt/nvidia/lib*",
+		"/usr/local/cuda/lib*",
+		"/usr/local/nvidia/lib*",
+
+		// Unlikely, but might as well try.
+		"/lib*/nvidia",
+		"/lib*/cuda",
+		"/usr/lib*/nvidia",
+		"/usr/lib*/cuda",
+		"/usr/local/lib*",
+		"/usr/local/lib*/nvidia",
+		"/usr/local/lib*/cuda",
+	}
+)
+
+// SharedLibrary describes an ELF shared library (object).
+//
+// Note that the various name fields document the common naming and versioning
+// conventions, but it is possible for a library to deviate from them.
+//
+// For an introduction to Linux shared libraries, see
+// https://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html
+type SharedLibrary struct {
+	*os.File
+
+	// LinkerName is the soname without any version suffix (libfoo.so). It
+	// is typically a symlink pointing to Soname. The build-time linker
+	// looks for this name by default.
+	LinkerName string
+
+	// Soname is the shared object name from the library's DT_SONAME field.
+	// It usually includes a version number suffix (libfoo.so.1). Other ELF
+	// binaries that depend on this library typically specify this name in
+	// the DT_NEEDED field.
+	Soname string
+
+	// RealName is the absolute path to the file that actually contains the
+	// library code. It is typically the soname plus a minor version and
+	// release number (libfoo.so.1.0.0).
+	RealName string
+}
+
+// OpenSharedLibrary opens a shared library file. Unlike with ld, name must be
+// an exact path. To search for a library in the usual locations, use
+// [FindSharedLibrary] instead.
+func OpenSharedLibrary(name string) (SharedLibrary, error) {
+	lib := SharedLibrary{}
+	var err error
+	lib.File, err = os.Open(name)
+	if err != nil {
+		return lib, err
+	}
+
+	dir, file := filepath.Split(name)
+	i := strings.Index(file, ".so")
+	if i != -1 {
+		lib.LinkerName = dir + file[:i+3]
+	}
+
+	elfFile, err := elf.NewFile(lib)
+	if err == nil {
+		soname, _ := elfFile.DynString(elf.DT_SONAME)
+		if len(soname) != 0 {
+			lib.Soname = soname[0]
+		}
+	}
+
+	real, err := filepath.EvalSymlinks(name)
+	if err == nil {
+		lib.RealName, _ = filepath.Abs(real)
+	}
+	return lib, nil
+}
+
+// FindSharedLibrary searches the directories in searchPath for a shared
+// library. It yields any libraries in the search path directories that have
+// name as a prefix. For example, "libcuda.so" will match "libcuda.so",
+// "libcuda.so.1", and "libcuda.so.550.107.02". The underlying file is only
+// valid for a single iteration, after which it is closed.
+//
+// The search path may contain [filepath.Glob] patterns. See
+// [SystemLibSearchPaths] for some predefined search paths. If name is an
+// absolute path, then FindSharedLibrary opens it directly and doesn't perform
+// any searching.
+func FindSharedLibrary(name string, searchPath ...string) iter.Seq[SharedLibrary] {
+	return func(yield func(SharedLibrary) bool) {
+		if filepath.IsAbs(name) {
+			lib, err := OpenSharedLibrary(name)
+			if err == nil {
+				yield(lib)
+			}
+			return
+		}
+
+		if libPath := os.Getenv("LD_LIBRARY_PATH"); libPath != "" {
+			searchPath = append(searchPath, filepath.SplitList(os.Getenv("LD_LIBRARY_PATH"))...)
+		}
+		if libPath := os.Getenv("LIBRARY_PATH"); libPath != "" {
+			searchPath = append(searchPath, filepath.SplitList(libPath)...)
+		}
+		searchPath = append(searchPath,
+			"/lib*/*-linux-gnu", // Debian
+			"/lib*",             // Red Hat
+		)
+
+		suffix := globEscape(name) + "*"
+		patterns := make([]string, len(searchPath))
+		for i := range searchPath {
+			patterns[i] = filepath.Join(searchPath[i], suffix)
+		}
+		for match := range searchGlobs(patterns) {
+			lib, err := OpenSharedLibrary(match)
+			if err != nil {
+				continue
+			}
+			ok := yield(lib)
+			_ = lib.Close()
+			if !ok {
+				return
+			}
+		}
+	}
+}
+
+// CopyAndLink copies the shared library to dir and creates the LinkerName and
+// Soname symlinks for it. It creates dir if it doesn't already exist.
+func (lib SharedLibrary) CopyAndLink(dir string) error {
+	err := os.MkdirAll(dir, 0o755)
+	if err != nil {
+		return err
+	}
+
+	dstPath := filepath.Join(dir, filepath.Base(lib.RealName))
+	dst, err := os.OpenFile(dstPath, os.O_CREATE|os.O_WRONLY|os.O_EXCL, 0o666)
+	if err != nil {
+		return err
+	}
+	defer dst.Close()
+
+	_, err = io.Copy(dst, lib)
+	if err != nil {
+		return err
+	}
+	err = dst.Close()
+	if err != nil {
+		return err
+	}
+
+	sonameLink := filepath.Join(dir, lib.Soname)
+	var sonameErr error
+	if lib.Soname != "" {
+		sonameErr = os.Symlink(dstPath, sonameLink)
+	}
+
+	linkerNameLink := filepath.Join(dir, lib.LinkerName)
+	var linkerNameErr error
+	if lib.LinkerName != "" {
+		if sonameErr == nil {
+			linkerNameErr = os.Symlink(sonameLink, linkerNameLink)
+		} else {
+			linkerNameErr = os.Symlink(dstPath, linkerNameLink)
+		}
+	}
+
+	err = errors.Join(sonameErr, linkerNameErr)
+	if err != nil {
+		return fmt.Errorf("patchpkg: create symlinks for shared library: %w", err)
+	}
+	return nil
+}
+
+func (lib SharedLibrary) LogValue() slog.Value {
+	return slog.GroupValue(
+		slog.String("lib.path", lib.Name()),
+		slog.String("lib.linkername", lib.LinkerName),
+		slog.String("lib.soname", lib.Soname),
+		slog.String("lib.realname", lib.RealName),
+	)
+}