I'm the maintainer of the ArchLinux "pico-8" AUR package. In short, I wrote a script which installs .zip releases of PICO-8, provided by the user.
When building the package, I found out that the "pico8" binary of both Linux releases (and the Raspberry Pi one too) have an hardcoded RPATH value of "/usr/local/lib".
Here's the first results of the "readelf" command on the "pico8" amd64 binary.
$ readelf -d pico8 Dynamic section at offset 0x1e0dd8 contains 29 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libm.so.6] 0x0000000000000001 (NEEDED) Shared library: [libdl.so.2] 0x0000000000000001 (NEEDED) Shared library: [libpthread.so.0] 0x0000000000000001 (NEEDED) Shared library: [librt.so.1] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000f (RPATH) Library rpath: [/usr/local/lib] [...]
It means the binary looks for lib files in this directory before anywhere else. This is not a huge issue, as ArchLinux do not use this directory normally, but as this directory is meant for system-wide libraries installed by the user, a conflict could occur if the user would install there their own version of glibc (or malicious software there).
A simple fix would be to delete the RPATH from the binary using "chrpath" or "patchelf" commands, after the build, but before the release.
@zep SDL adds the rpath flag by default; itís a really questionable decision (I maintain SDL in Debian and we disabled that feature 14 years ago, lol). If you build your own version of the library, I suggest configuring it with --disable-rpath; otherwise I suggest asking your distro maintainers to consider removing it.
Log in to post a comment