feat: add libz.so.1 to whitelisted libraries (#334)

This also requires to blacklist some symbols from `libz.so.1`.
There was some breakage in ABI compatibility for this library.
It's seems unlikely that those symbols are used in the wild.

auditwheel/elfutils.py

@@ -1,6 +1,6 @@
 import os
 from os.path import basename, realpath, relpath
-from typing import Dict, Iterator, List, Optional, Tuple
+from typing import Dict, Iterator, List, Optional, Set, Tuple
 
 from elftools.common.exceptions import ELFError
 from elftools.elf.elffile import ELFFile
@@ -137,3 +137,30 @@ def is_subdir(path: str, directory: str) -> bool:
     if relative.startswith(os.pardir):
         return False
     return True
+
+
+def get_undefined_symbols(path: str) -> Set[str]:
+    undef_symbols = set()
+    with open(path, "rb") as f:
+        elf = ELFFile(f)
+        section = elf.get_section_by_name(".dynsym")
+        if section is not None:
+            # look for all undef symbols
+            for sym in section.iter_symbols():
+                if sym["st_shndx"] == "SHN_UNDEF":
+                    undef_symbols.add(sym.name)
+    return undef_symbols
+
+
+def filter_undefined_symbols(
+    path: str, symbols: Dict[str, List[str]]
+) -> Dict[str, List[str]]:
+    if not symbols:
+        return {}
+    undef_symbols = set("*") | get_undefined_symbols(path)
+    result = {}
+    for lib, sym_list in symbols.items():
+        intersection = set(sym_list) & undef_symbols
+        if intersection:
+            result[lib] = sorted(intersection)
+    return result

auditwheel/main_repair.py

@@ -135,6 +135,13 @@ def execute(args, p):
         )
         p.error(msg)
 
+    if reqd_tag > get_priority_by_name(wheel_abi.blacklist_tag):
+        msg = (
+            'cannot repair "%s" to "%s" ABI because it depends on '
+            "black-listed symbols." % (args.WHEEL_FILE, args.PLAT)
+        )
+        p.error(msg)
+
     abis = [policy["name"]] + policy["aliases"]
     if not args.ONLY_PLAT:
         if reqd_tag < get_priority_by_name(wheel_abi.overall_tag):

auditwheel/main_show.py

@@ -103,12 +103,26 @@ def execute(args, p):
 
     for p in sorted(load_policies(), key=lambda p: p["priority"]):
         if p["priority"] > get_priority_by_name(winfo.overall_tag):
-            printp(
-                (
-                    'In order to achieve the tag platform tag "%s" '
-                    "the following shared library dependencies "
-                    "will need to be eliminated:"
+            libs = winfo.external_refs[p["name"]]["libs"]
+            if len(libs):
+                printp(
+                    (
+                        'In order to achieve the tag platform tag "%s" '
+                        "the following shared library dependencies "
+                        "will need to be eliminated:"
+                    )
+                    % p["name"]
                 )
-                % p["name"]
-            )
-            printp(", ".join(sorted(winfo.external_refs[p["name"]]["libs"].keys())))
+                printp(", ".join(sorted(libs.keys())))
+            blacklist = winfo.external_refs[p["name"]]["blacklist"]
+            if len(blacklist):
+                printp(
+                    (
+                        'In order to achieve the tag platform tag "%s" '
+                        "the following black-listed symbol dependencies "
+                        "will need to be eliminated:"
+                    )
+                    % p["name"]
+                )
+                for key in sorted(blacklist.keys()):
+                    printp(f"From {key}: " + ", ".join(sorted(blacklist[key])))

auditwheel/policy/external_references.py

@@ -2,7 +2,7 @@
 import re
 from typing import Any, Dict, Generator, Set
 
-from ..elfutils import is_subdir
+from ..elfutils import filter_undefined_symbols, is_subdir
 from . import load_policies
 
 log = logging.getLogger(__name__)
@@ -45,13 +45,17 @@ def get_req_external(libs: Set[str], whitelist: Set[str]) -> Set[str]:
     ret = {}  # type: Dict[str, Dict[str, Any]]
     for p in policies:
         needed_external_libs = set()  # type: Set[str]
+        blacklist = {}
 
         if not (p["name"] == "linux" and p["priority"] == 0):
             # special-case the generic linux platform here, because it
             # doesn't have a whitelist. or, you could say its
             # whitelist is the complete set of all libraries. so nothing
             # is considered "external" that needs to be copied in.
             whitelist = set(p["lib_whitelist"])
+            blacklist_libs = set(p["blacklist"].keys()) & set(lddtree["needed"])
+            blacklist = {k: p["blacklist"][k] for k in blacklist_libs}
+            blacklist = filter_undefined_symbols(lddtree["realpath"], blacklist)
             needed_external_libs = get_req_external(
                 set(filter_libs(lddtree["needed"], whitelist)), whitelist
             )
@@ -66,5 +70,9 @@ def get_req_external(libs: Set[str], whitelist: Set[str]) -> Set[str]:
                 log.debug("RPATH FTW: %s", lib)
                 continue
             pol_ext_deps[lib] = lddtree["libs"][lib]["realpath"]
-        ret[p["name"]] = {"libs": pol_ext_deps, "priority": p["priority"]}
+        ret[p["name"]] = {
+            "libs": pol_ext_deps,
+            "priority": p["priority"],
+            "blacklist": blacklist,
+        }
     return ret