From 8c34388fc26fe5a61590fa30f9b20cdc855e67e3 Mon Sep 17 00:00:00 2001
From: Tasnim Kabir Sadik <tksadik92@gmail.com>
Date: Tue, 12 May 2026 23:19:30 +0600
Subject: [PATCH] Changed commands to check if envd is statically linked or not

---
 Makefile                         | 8 ++++++--
 scripts/rootfs-from-container.sh | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 5ac341e..bfa5789 100644
--- a/Makefile
+++ b/Makefile
@@ -27,8 +27,12 @@ build-agent:
 build-envd:
 	cd envd-rs && ENVD_COMMIT=$(COMMIT) cargo build --release --target x86_64-unknown-linux-musl
 	@cp envd-rs/target/x86_64-unknown-linux-musl/release/envd $(BIN_DIR)/envd
-	@file $(BIN_DIR)/envd | grep -q "static-pie linked" || \
-		(echo "ERROR: envd is not statically linked!" && exit 1)
+	@readelf -h $(BIN_DIR)/envd | grep -q 'Type:.*DYN' && \
+	 readelf -d $(BIN_DIR)/envd | grep -q 'FLAGS_1.*PIE' && \
+	 ! readelf -d $(BIN_DIR)/envd | grep -q '(NEEDED)' && \
+	 { ! readelf -lW $(BIN_DIR)/envd | grep -q 'Requesting program interpreter' || \
+	   readelf -lW $(BIN_DIR)/envd | grep -Fq '[Requesting program interpreter: /lib/ld-musl-x86_64.so.1]'; } || \
+		(echo "ERROR: envd must be PIE, have no DT_NEEDED shared libs, and either have no interpreter or use /lib/ld-musl-x86_64.so.1" && exit 1)
 
 # ═══════════════════════════════════════════════════
 #  Development
diff --git a/scripts/rootfs-from-container.sh b/scripts/rootfs-from-container.sh
index 74e309b..f830503 100755
--- a/scripts/rootfs-from-container.sh
+++ b/scripts/rootfs-from-container.sh
@@ -57,7 +57,7 @@ if [ ! -f "${ENVD_BIN}" ]; then
     exit 1
 fi
 
-if ! file "${ENVD_BIN}" | grep -q "statically linked"; then
+if ! ldd "${ENVD_BIN}" | grep -q "statically linked"; then
     echo "ERROR: envd is not statically linked!"
     exit 1
 fi