scripts/revdep-paxmark: tool to find mismatched pax markings

This tool will search for binaries which have different pax
markings than the libraries they link against.  Since running
processes run with the pax enforcings of the binary, not the
libraries they link against, this utility can be used to locate
such binaries and mark them with the same flags as their libraries.

This code is derived from revdep-rebuild.

1 files changed, 639 insertions, 0 deletions

diff --git a/scripts/revdep-paxmark b/scripts/revdep-paxmark
new file mode 100755
index 0000000..fd07c3c
--- /dev/null
+++ b/scripts/revdep-paxmark
@@ -0,0 +1,639 @@
+#!/bin/bash
+# Copyright 1999-2011 Gentoo Foundation
+
+#
+# This utility will look for any binaries which do not have
+# the same pax markings as the corresponding libraries which
+# they link against.
+#
+# This code is mostly derived from revdep-rebuild.
+#
+
+# Readonly variables:
+declare -r APP_NAME="${0##*/}" # The name of this application
+declare -r VERSION="0.1.0.0"
+declare -r OIFS="$IFS"         # Save the IFS
+declare -r     ENV_FILE=0_env.rr     # Contains environment variables
+declare -r   FILES_FILE=1_files.rr   # Contains a list of files to search
+declare -r  LDPATH_FILE=2_ldpath.rr  # Contains the LDPATH
+declare -r  BROKEN_FILE=3_broken.rr  # Contains the list of broken files
+declare -r  ERRORS_FILE=3_errors.rr  # Contains the ldd error output
+declare -ra FILES=(
+	"$ENV_FILE"
+	"$FILES_FILE"
+	"$LDPATH_FILE"
+	"$BROKEN_FILE"
+	"$ERRORS_FILE"
+)
+
+# "Boolean" variables: Considered "true" if it has any value at all
+# "True" indicates we should...
+declare FULL_LD_PATH           # ...search across the COMPLETE_LD_LIBRARY_PATH
+declare ORDER_PKGS             # ...sort the atoms in deep dependency order
+declare RM_OLD_TEMPFILES       # ...remove tempfiles from prior runs
+declare SEARCH_BROKEN          # ...search for broken libraries and binaries
+
+# Globals that impact portage directly:
+declare EMERGE_DEFAULT_OPTS    # String of options portage assumes to be set
+declare PORTAGE_NICENESS       # Renice to this value
+declare PORTAGE_ROOT           # The root path for portage
+
+# Customizable incremental variables:
+# These variables can be prepended to either by setting the variable in
+# your environment prior to execution, or by placing an entry in
+# /etc/make.conf.
+#
+# An entry of "-*" means to clear the variable from that point forward.
+# Example: env SEARCH_DIRS="/usr/bin -*" revdep-rebuild will set SEARCH_DIRS
+# to contain only /usr/bin
+declare LD_LIBRARY_MASK  # Mask of specially evaluated libraries
+declare SEARCH_DIRS      # List of dirs to search for executables and libraries
+declare SEARCH_DIRS_MASK # List of dirs not to search
+
+# Other globals:
+declare OLDPROG                # Previous pass through the progress meter
+declare EXACT_PKG              # Versionated atom to emerge
+declare HEAD_TEXT              # Feedback string about the search
+declare OK_TEXT                # Feedback about a search which found no errors
+declare REBUILD_LIST           # Array of atoms to emerge
+declare SONAME                 # Soname/soname path pattern given on commandline
+declare SONAME_SEARCH          # Value of SONAME modified to match ldd's output
+declare WORKING_TEXT           # Feedback about the search
+declare WORKING_DIR            # Working directory where cache files are kept
+
+main() {
+	portage_settings
+	get_opts "$@"
+	setup_search_paths_and_masks
+	get_search_env
+	get_files
+	get_ldpath
+	main_checks
+	cleanup
+}
+##
+# GNU find has -executable, but if our users' finds do not have that flag
+# we emulate it with this function. Also emulates -writable and -readable.
+# Usage: find PATH ARGS -- use find like normal, except use -executable instead
+# of various versions of -perm /+ blah blah and hacks
+find() {
+	hash find || { die 1 'find not found!'; }
+	# We can be pretty sure find itself should be executable.
+	local testsubject="$(type -P find)"
+	if [[ $(command find "$testsubject" -executable 2> /dev/null) ]]; then
+		unset -f find # We can just use the command find
+	elif [[ $(command find "$testsubject" -perm /u+x 2> /dev/null) ]]; then
+		find() {
+			a=(${@//-executable/-perm \/u+x})
+			a=(${a[@]//-writable/-perm \/u+w})
+			a=(${a[@]//-readable/-perm \/r+w})
+			command find "${a[@]}"
+		}
+	elif [[ $(command find "$testsubject" -perm +u+x 2> /dev/null) ]]; then
+		find() {
+			a=(${@//-executable/-perm +u+x})
+			a=(${a[@]//-writable/-perm +u+w})
+			a=(${a[@]//-readable/-perm +r+w})
+			command find "${a[@]}"
+		}
+	else # Last resort
+		find() {
+			a=(${@//-executable/-exec test -x '{}' \; -print})
+			a=(${a[@]//-writable/-exec test -w '{}' \; -print})
+			a=(${a[@]//-readable/-exec test -r '{}' \; -print})
+			command find "${a[@]}"
+		}
+	fi
+	find "$@"
+}
+
+print_usage() {
+cat << EOF
+${APP_NAME}: (${VERSION})
+
+Copyright (C) 2003-2010 Gentoo Foundation, Inc.
+This is free software; see the source for copying conditions.
+
+Usage: $APP_NAME [OPTIONS] [--]
+
+Broken reverse dependency rebuilder.
+
+  -C, --nocolor        Turn off colored output
+  -d, --debug          Print way too much information (uses bash's set -xv)
+  -h, --help           Print this usage
+  -i, --ignore         Ignore temporary files from previous runs
+  -k, --keep-temp      Do not delete temporary files on exit
+  -L, --library NAME   Emerge existing packages that use the library with NAME
+      --library=NAME   NAME can be a full path to the library or a basic
+                       regular expression (man grep)
+  -l, --no-ld-path     Do not set LD_LIBRARY_PATH
+  -P, --no-progress    Turn off the progress meter
+  -q, --quiet          Be less verbose (also passed to emerge command)
+  -v, --verbose        Be more verbose (also passed to emerge command)
+
+Calls emerge, options after -- are ignored by $APP_NAME
+and passed directly to emerge.
+
+Report bugs to <http://bugs.gentoo.org>
+
+EOF
+}
+##
+# Usage: progress i n
+#        i: current item
+#        n: total number of items to process
+progress() {
+	if [[ -t 1 ]]; then
+		progress() {
+			local curProg=$(( $1 * 100 / $2 ))
+			(( curProg == OLDPROG )) && return # no change, output nothing
+			OLDPROG="$curProg" # must be a global variable
+			(( $1 == $2 )) && local lb=$'\n'
+			echo -ne '\r                         \r'"[ $curProg% ] $lb"
+		}
+		progress $@
+	else # STDOUT is not a tty. Disable progress meter.
+		progress() { :; }
+	fi
+}
+##
+# Replace whitespace with linebreaks, normalize repeated '/' chars, and sort -u
+# (If any libs have whitespace in their filenames, someone needs punishment.)
+clean_var() {
+	gawk 'BEGIN         {RS="[[:space:]]"}
+	     /-\*/         {exit}
+	     /[^[:space:]]/ {gsub(/\/\/+/, "/"); print}' | sort -u
+}
+##
+# Exit and optionally output to sterr
+die() {
+	local status=$1
+	shift
+
+	type eerror &> /dev/null
+
+	if [[ $? -eq 0 ]];
+	then
+		eerror "$@"
+	else
+		echo " * ${@}" >> /dev/stderr
+	fi
+	exit $status
+}
+##
+# What to do when dynamic linking is consistent
+clean_exit() {
+	echo
+	einfo "$OK_TEXT... All done. "
+	exit 0
+}
+##
+# Get the name of the package that owns a file or list of files given as args.
+# NOTE: depends on app-misc/realpath!
+get_file_owner() {
+	local IFS=$'\n'
+
+	rpath=$(realpath "${*}" 2>/dev/null)
+	# To ensure we always have something in rpath...
+	[[ -z $rpath ]] && rpath=${*}
+
+	# Workaround for bug 280341
+	mlib=$(echo ${*}|sed 's:/lib/:/lib64/:')
+	[[ "${*}" == "${mlib}" ]] && mlib=$(echo ${*}|sed 's:/lib64/:/lib/:')
+
+	# Add a space to the end of each object name to prevent false
+	# matches, for example /usr/bin/dia matching /usr/bin/dialog (bug #196460).
+	# The same for "${rpath} ".
+	# Don't match an entry with a '-' at the start of the package name. This
+	# prevents us from matching invalid -MERGING entries. (bug #338031)
+	find -L /var/db/pkg -type f -name CONTENTS -print0 |
+		xargs -0 grep -m 1 -Fl -e "${*} " -e "${rpath} " -e "${mlib} " |
+		sed 's:/var/db/pkg/\(.*\)/\([^-].*\)/CONTENTS:\1/\2:'
+}
+##
+# Die if an argument is missing.
+die_if_missing_arg() {
+	[[ ! $2 || $2 = -* ]] && die 1 "Missing expected argument to $1"
+}
+##
+# Die because an option is not recognized.
+die_invalid_option() {
+	# Can't use eerror and einfo because this gets called before function.sh
+	# is sourced
+	echo
+	echo  "Encountered unrecognized option $1." >&2
+	echo
+	echo  "$APP_NAME no longer automatically passes unrecognized options to portage."
+	echo  "Separate emerge-only options from revdep-rebuild options with the -- flag."
+	echo
+	echo  "For example, $APP_NAME -v -- --ask"
+	echo
+	echo  "See the man page or $APP_NAME -h for more detail."
+	echo
+	exit 1
+}
+##
+# Get whole-word commandline options preceded by two dashes.
+get_longopts() {
+	case $1 in
+		                                 --debug) set -xv;;
+		                                  --help) print_usage
+		                                          exit 0;;
+		                                --ignore) RM_OLD_TEMPFILES=1;;
+		                             --library=*) SONAME="${1#*=}"
+		                                          unset SEARCH_BROKEN;;
+		                               --library) die_if_missing_arg $1 $2
+		                                          shift
+		                                          SONAME="$1"
+		                                          unset SEARCH_BROKEN;;
+		                            --no-ld-path) unset FULL_LD_PATH;;
+		                           --no-progress) progress() { :; };;
+		                                       *) die_invalid_option $1;;
+	esac
+}
+
+##
+# Get single-letter commandline options preceded by a single dash.
+get_shortopts() {
+	local OPT OPTSTRING OPTARG OPTIND
+	while getopts ":CdehikL:loPpqu:vX" OPT; do
+		case "$OPT" in
+			d) set -xv;;
+			h) print_usage
+			   exit 0;;
+			i) RM_OLD_TEMPFILES=1;;
+			L) SONAME="${OPTARG#*=}"
+			   unset SEARCH_BROKEN;;
+			l) unset FULL_LD_PATH;;
+			P) progress() { :; };;
+			*) die_invalid_option "-$OPTARG";;
+		esac
+	done
+}
+##
+# Get command-line options.
+get_opts() {
+	local avoid_utils
+	local -a args
+	echo_v() { ewarn "$@"; }
+	unset RM_OLD_TEMPFILES
+	ORDER_PKGS=1
+	SONAME="not found"
+	SEARCH_BROKEN=1
+	FULL_LD_PATH=1
+	while [[ $1 ]]; do
+		case $1 in
+			-*) while true; do
+			      args+=("$1")
+			      shift
+			      [[ ${1:--} = -* ]] && break
+			    done
+			    if [[ ${args[0]} = --* ]]; then
+			      get_longopts  "${args[@]}"
+			    else
+			      get_shortopts "${args[@]}"
+			    fi;;
+			 *) die_invalid_option "$1";;
+		esac
+		unset args
+	done
+
+	. /etc/init.d/functions.sh
+}
+##
+# Clean up temporary files and exit
+cleanup_and_die() {
+	rm -f "$@"
+	die 1 "  ...terminated. Removing incomplete $@."
+}
+##
+# Clean trap
+clean_trap() {
+	trap "cleanup_and_die $*" SIGHUP SIGINT SIGQUIT SIGABRT SIGTERM
+	rm -f "$@"
+}
+
+get_search_env() {
+	local new_env
+	WORKING_DIR="$(mktemp -d -t revdep-paxmark.XXXXXXXXXX)"
+	cd ${WORKING_DIR}
+
+	# From here on all work is done inside the temporary directory
+
+	rm -f "${FILES[@]}"
+
+	if [[ $SEARCH_BROKEN ]]; then
+		SONAME_SEARCH="$SONAME"
+		HEAD_TEXT="broken by a package update"
+		OK_TEXT="Dynamic linking on your system is consistent"
+		WORKING_TEXT="consistency"
+	else
+		# first case is needed to test against /path/to/foo.so
+		if [[ $SONAME = /* ]]; then
+			# Set to "<space>$SONAME<space>"
+			SONAME_SEARCH=" $SONAME "
+			# Escape the "/" characters
+			SONAME_SEARCH="${SONAME_SEARCH//\//\\/}"
+		else
+			# Set to "<tab>$SONAME<space>"
+			SONAME_SEARCH=$'\t'"$SONAME "
+		fi
+		HEAD_TEXT="using $SONAME"
+		OK_TEXT="There are no dynamic links to $SONAME"
+		unset WORKING_TEXT
+	fi
+
+	new_env=$(
+		cat <<- EOF
+			SEARCH_DIRS="$SEARCH_DIRS"
+			SEARCH_DIRS_MASK="$SEARCH_DIRS_MASK"
+			LD_LIBRARY_MASK="$LD_LIBRARY_MASK"
+			PORTAGE_ROOT="$PORTAGE_ROOT"
+			ORDER_PKGS="$ORDER_PKGS"
+			FULL_LD_PATH="$FULL_LD_PATH"
+		EOF
+	)
+
+
+	echo "$new_env" > "$ENV_FILE"
+
+	echo
+	einfo "Checking reverse dependencies"
+	einfo "Packages containing binaries and libraries $HEAD_TEXT"
+	einfo "will be emerged."
+}
+
+get_files() {
+	einfo "Collecting system binaries and libraries"
+
+	clean_trap "$FILES_FILE"
+
+	if [[ $SEARCH_DIRS_MASK ]]; then
+		findMask=($SEARCH_DIRS_MASK)
+		findMask="${findMask[@]/#/-o -path }"
+		findMask="( ${findMask#-o } ) -prune -o"
+	fi
+	# TODO: Check this -- afaict SEARCH_DIRS isn't an array, so this should just be $SEARCH_DIRS?
+	find ${SEARCH_DIRS[@]} $findMask -type f \( -perm -u+x -o -perm -g+x -o -perm -o+x -o \
+		-name '*.so' -o -name '*.so.*' -o -name '*.la' \) -print 2> /dev/null |
+		sort -u > "$FILES_FILE" ||
+		die $? "find failed to list binary files (This is a bug.)"
+	einfo "Generated new $FILES_FILE"
+}
+
+parse_ld_so_conf() {
+	# FIXME: not safe for paths with spaces
+	local include
+	for path in $(sed '/^#/d;s/#.*$//' < /etc/ld.so.conf); do
+		if [[ $include = true ]]; then
+			for include_path in $(sed '/^#/d;s/#.*$//' /etc/${path} 2>/dev/null); do
+				echo $include_path
+			done
+			include=""
+			continue
+		fi
+		if [[ $path != include ]]; then
+			echo $path
+		else
+			include="true"
+			continue
+		fi
+	done
+}
+
+get_ldpath() {
+	local COMPLETE_LD_LIBRARY_PATH
+	[[ $SEARCH_BROKEN && $FULL_LD_PATH ]] || return
+	einfo 'Collecting complete LD_LIBRARY_PATH'
+
+	clean_trap "$LDPATH_FILE"
+	# Ensure that the "trusted" lib directories are at the start of the path
+	COMPLETE_LD_LIBRARY_PATH=(
+		/lib*
+		/usr/lib*
+		$(parse_ld_so_conf)
+		$(sed 's:/[^/]*$::' < "$FILES_FILE" | sort -ru)
+	)
+	IFS=':'
+	COMPLETE_LD_LIBRARY_PATH="${COMPLETE_LD_LIBRARY_PATH[*]}"
+	IFS="$OIFS"
+	echo "$COMPLETE_LD_LIBRARY_PATH" > "$LDPATH_FILE"
+	einfo "Generated new $LDPATH_FILE"
+}
+
+main_checks() {
+	local target_file
+	local -a files
+	local i=0
+	local ldd_output
+	local ldd_status
+	local numFiles
+	local COMPLETE_LD_LIBRARY_PATH
+
+	if [[ $SEARCH_BROKEN && $FULL_LD_PATH ]]; then
+		[[ -r "$LDPATH_FILE" && -s "$LDPATH_FILE" ]] ||
+			die 1 "Unable to find $LDPATH_FILE"
+		COMPLETE_LD_LIBRARY_PATH=$(<"$LDPATH_FILE")
+	fi
+
+	einfo "Checking dynamic linking $WORKING_TEXT"
+
+	clean_trap "$BROKEN_FILE" "$ERRORS_FILE"
+	files=($(<"$FILES_FILE"))
+	numFiles="${#files[@]}"
+	for target_file in "${files[@]}"; do
+		if [[ $target_file != *.la ]]; then
+			# Note: double checking seems to be faster than single with complete path
+			# (special add ons are rare).
+			ldd_output=$(ldd "$target_file" 2>> "$ERRORS_FILE" | sort -u)
+			ldd_status=$? # TODO: Check this for problems with sort
+			# HACK: if LD_LIBRARY_MASK is null or undefined grep -vF doesn't work
+			if grep -vF "${LD_LIBRARY_MASK:=$'\a'}" <<< "$ldd_output" |
+				grep -q -E "$SONAME_SEARCH"; then
+				if [[ $SEARCH_BROKEN && $FULL_LD_PATH ]]; then
+					if LD_LIBRARY_PATH="$COMPLETE_LD_LIBRARY_PATH" ldd "$target_file" 2>/dev/null |
+						grep -vF "$LD_LIBRARY_MASK" | grep -q -E "$SONAME_SEARCH"; then
+						# FIXME: I hate duplicating code
+						# Only build missing direct dependencies
+						MISSING_LIBS=$(
+							expr='s/[[:space:]]*\([^[:space:]]*\) => not found/\1/p'
+							sed -n "$expr" <<< "$ldd_output"
+						)
+						REQUIRED_LIBS=$(
+							expr='s/^[[:space:]]*NEEDED[[:space:]]*\([^[:space:]]*\).*/\1/p';
+							objdump -x "$target_file" | grep NEEDED | sed "$expr" | sort -u
+						)
+						MISSING_LIBS=$(grep -F "$REQUIRED_LIBS" <<< "$MISSING_LIBS")
+						if [[ $MISSING_LIBS ]]; then
+							echo "obj $target_file" >> "$BROKEN_FILE"
+							echo_v "  broken $target_file (requires $MISSING_LIBS)"
+						fi
+					fi
+				else
+					# FIXME: I hate duplicating code
+					# Only rebuild for direct dependencies
+					MISSING_LIBS=$(
+						expr="s/^[[:space:]]*\([^[:space:]]*\).*$/\1/p"
+						sort -u <<< "$ldd_output" | grep -E "$SONAME" | sed -n "$expr"
+					)
+					REQUIRED_LIBS=$(
+						expr='s/^[[:space:]]*NEEDED[[:space:]]*\([^[:space:]]*\).*/\1/p';
+						objdump -x "$target_file" | grep NEEDED | sed "$expr" | sort -u
+					)
+					MISSING_LIBS=$(grep -F "$REQUIRED_LIBS" <<< "$MISSING_LIBS")
+					if [[ $MISSING_LIBS ]]; then
+						echo "obj $target_file" >> "$BROKEN_FILE"
+						if [[ $SEARCH_BROKEN ]]; then
+							echo_v "  broken $target_file (requires $MISSING_LIBS)"
+						else
+							echo_v "  found $target_file"
+						fi
+					fi
+				fi
+			fi
+		elif [[ $SEARCH_BROKEN ]]; then
+			# Look for broken .la files
+			la_SEARCH_DIRS="$SEARCH_DIRS"
+			la_search_dir=""
+			la_broken=""
+			la_lib=""
+			for depend in $(
+				gawk -F"[=']" '/^dependency_libs/{
+					print $3
+				}' "$target_file"
+			); do
+				if [[ $depend = /* && ! -e $depend ]]; then
+					echo "obj $target_file" >> "$BROKEN_FILE"
+					echo_v "  broken $target_file (requires $depend)"
+				elif [[ $depend = -[LR]/* ]]; then
+					if ! [[ $'\n'${la_SEARCH_DIRS}$'\n' == *$'\n'${depend#-?}$'\n'* ]]; then
+						la_SEARCH_DIRS+=$'\n'"${depend#-?}"
+					fi
+				elif [[ $depend = "-l"* ]]; then
+					la_lib="lib${depend#-l}"
+					la_broken="yes"
+					IFS=$'\n'
+					for la_search_dir in $la_SEARCH_DIRS; do
+						if [[ -e ${la_search_dir}/${la_lib}.so || -e ${la_search_dir}/${la_lib}.a ]]; then
+							la_broken="no"
+						fi
+					done
+					IFS="$OIFS"
+					if [[ $la_broken = yes ]]; then
+						echo "obj $target_file" >> "$BROKEN_FILE"
+						echo_v "  broken $target_file (requires $depend)"
+					fi
+				fi
+			done
+			unset la_SEARCH_DIRS la_search_dir la_broken la_lib
+		fi
+		progress $((++i)) $numFiles
+	done
+
+	if [[ $SEARCH_BROKEN && -f $ERRORS_FILE ]]; then
+		# Look for missing version
+		while read target_file; do
+			echo "obj $target_file" >> "$BROKEN_FILE"
+			echo_v "  broken $target_file (no version information available)"
+		done < <(
+			# Regexify LD_LIBRARY_MASK. Exclude it from the search.
+			LD_LIBRARY_MASK="${LD_LIBRARY_MASK//$'\n'/|}"
+			gawk -v ldmask="(${LD_LIBRARY_MASK//./\\\.})" '
+				/no version information available/ && $0 !~ ldmask {
+					gsub(/[()]/, "", $NF)
+					if (seen[$NF]++)  next
+					print $NF
+				}' "$ERRORS_FILE"
+		)
+	fi
+
+	[[ -r "$BROKEN_FILE" && -s "$BROKEN_FILE" ]] || clean_exit
+	sort -u "$BROKEN_FILE" -o "$BROKEN_FILE"
+
+	einfo "Generated new $BROKEN_FILE"
+}
+
+
+# Get multiple portage variables at once to speedup revdep-rebuild.
+portage_settings() {
+	local ORIG_SEARCH_DIRS="$SEARCH_DIRS"
+	local ORIG_SEARCH_DIRS_MASK="$SEARCH_DIRS_MASK"
+	local ORIG_LD_LIBRARY_MASK="$LD_LIBRARY_MASK"
+	unset SEARCH_DIRS
+	unset SEARCH_DIRS_MASK
+	unset LD_LIBRARY_MASK
+
+	eval $(portageq envvar -v PORTAGE_ROOT PORTAGE_NICENESS EMERGE_DEFAULT_OPTS SEARCH_DIRS SEARCH_DIRS_MASK LD_LIBRARY_MASK)
+
+	SEARCH_DIRS="$ORIG_SEARCH_DIRS $SEARCH_DIRS"
+	SEARCH_DIRS_MASK="$ORIG_SEARCH_DIRS_MASK $SEARCH_DIRS_MASK"
+	LD_LIBRARY_MASK="$ORIG_LD_LIBRARY_MASK $LD_LIBRARY_MASK"
+}
+
+##
+# Setup the paths to search (and filter the ones to avoid)
+setup_search_paths_and_masks() {
+	local configfile sdir mdir skip_me filter_SEARCH_DIRS
+
+	einfo "Configuring search environment for $APP_NAME"
+
+	# Update the incremental variables using /etc/profile.env, /etc/ld.so.conf,
+	# portage, and the environment
+
+	# Read the incremental variables from environment and portage
+	# Until such time as portage supports these variables as incrementals
+	# The value will be what is in /etc/make.conf
+#	SEARCH_DIRS+=" "$(unset SEARCH_DIRS; portageq envvar SEARCH_DIRS)
+#	SEARCH_DIRS_MASK+=" "$(unset SEARCH_DIRS_MASK; portageq envvar SEARCH_DIRS_MASK)
+#	LD_LIBRARY_MASK+=" "$(unset LD_LIBRARY_MASK; portageq envvar LD_LIBRARY_MASK)
+
+	# Add the defaults
+	if [[ -d /etc/revdep-rebuild ]]; then
+		for configfile in /etc/revdep-rebuild/*; do
+			SEARCH_DIRS+=" "$(. $configfile; echo $SEARCH_DIRS)
+			SEARCH_DIRS_MASK+=" "$(. $configfile; echo $SEARCH_DIRS_MASK)
+			LD_LIBRARY_MASK+=" "$(. $configfile; echo $LD_LIBRARY_MASK)
+		done
+	else
+		SEARCH_DIRS+=" /bin /sbin /usr/bin /usr/sbin /lib* /usr/lib*"
+		SEARCH_DIRS_MASK+=" /opt/OpenOffice /usr/lib/openoffice"
+		LD_LIBRARY_MASK+=" libodbcinst.so libodbc.so libjava.so libjvm.so"
+	fi
+
+	# Get the ROOTPATH and PATH from /etc/profile.env
+	if [[ -r "/etc/profile.env" && -s "/etc/profile.env" ]]; then
+		SEARCH_DIRS+=" "$(. /etc/profile.env; /usr/bin/tr ':' ' ' <<< "$ROOTPATH $PATH")
+	fi
+
+	# Get the directories from /etc/ld.so.conf
+	if [[ -r /etc/ld.so.conf && -s /etc/ld.so.conf ]]; then
+		SEARCH_DIRS+=" "$(parse_ld_so_conf)
+	fi
+
+	# Set the final variables
+	SEARCH_DIRS=$(clean_var <<< "$SEARCH_DIRS")
+	SEARCH_DIRS_MASK=$(clean_var <<< "$SEARCH_DIRS_MASK")
+	LD_LIBRARY_MASK=$(clean_var <<< "$LD_LIBRARY_MASK")
+	# Filter masked paths from SEARCH_DIRS
+	for sdir in ${SEARCH_DIRS} ; do
+		skip_me=
+		for mdir in ${SEARCH_DIRS_MASK}; do
+			[[ ${sdir} == ${mdir}/* ]] && skip_me=1 && break
+		done
+		[[ -n ${skip_me} ]] || filter_SEARCH_DIRS+=" ${sdir}"
+	done
+	SEARCH_DIRS=$(clean_var <<< "${filter_SEARCH_DIRS}")
+	[[ $SEARCH_DIRS ]] || die 1 "No search defined -- this is a bug."
+}
+##
+# Finish up
+cleanup() {
+		trap_cmd() {
+			eerror "terminated. Please remove the temporary files manually:"
+			eerror "rm ${WORKING_DIR}/*.rr"
+			exit 1
+		}
+		trap trap_cmd SIGHUP SIGINT SIGQUIT SIGABRT SIGTERM
+}
+
+main "$@"