* Charalampos Stratakis:
> On Mon, May 10, 2021 at 5:08 PM Florian Weimer <fweimer@redhat.com> wrote:
>
> * Charalampos Stratakis:
>
> > I think these rules make sense for RUNPATH, and we should outright ban
> > RPATH.
> >
> > I'd agree here as well, however this could be a future fedora change
> > as I would deem it too disruptive to outright ban RPATH for now.
>
> I don't agree because of this:
>
> > I think we also should binutils with --enable-new-tags at configure
> > time.
>
> We wouldn't have RPATH after that anymore.
>
> So to understand it better, do you mean globally enabling the
> --enable-new-dtags?
Correct, we have infrastructure for that already.
That is an interesting proposition. --enable-new-dtags would in essence move the RPATH entries to DT_RUNPATH instead of DT_RPATH and then a new BRP policy script could be written applying the aforementioned rules for RUNPATH.
Could be simpler, but I'll have to approach this from a different POV. I'll ponder on it for a bit.
So to summarize, you're proposing:
Banning RPATH through using --enable-new-dtags (with hopefully no intervention required from packagers).
Apply the check-rpath rules (excluding the $ORIGIN one) for RUNPATH instead.
Thanks,
Florian