pipelines: test: ldd-check: factory out test for dynamic objects

Error out if ldd was not able to actually reason about whether or not a file is a dynamic object by checking it's error message. Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
wolfi-dev · Jan 8, 2025 · 24c6e58 · 24c6e58
1 parent 0a5a235
commit 24c6e58
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/pipelines/test/ldd-check.yaml b/pipelines/test/ldd-check.yaml
@@ -62,6 +62,19 @@ pipeline:
         fail "$f: missing ${missing# }"
       }
 
+      is_dyn_obj() {
+        errf="$tmpd/ldd.stderr.$$"
+        # ldd has this code already, let's not NIH it
+        # note: the actual ldd check happens in test_file()
+        if ldd "$1" > /dev/null 2> "$errf"; then
+          return 0
+        fi
+        if grep -q 'not a dynamic executable' "$errf"; then
+          return 1
+        fi
+        error "$1: failed to determine if file is a dynamic object: $(< "$errf")"
+      }
+
       test_files_in() {
         echo "[ldd-check] Testing binaries in package $pkg"
         apk info -eq "$pkg" > /dev/null || \
@@ -71,7 +84,7 @@ pipeline:
           [ -n "$f" ] || continue
           f="/$f"
           [ -f "$f" ] || continue
-          ldd "$f" > /dev/null 2>&1 || continue
+          is_dyn_obj "$f" || continue
           test_file "$f"
         done < "$tmpd/$pkg.list"
       }