SCA: Add so:libgcc_s.so.1 dependency whenever pthread functions are encountered

[kaniini]

Without libgcc, if programs attempt to use glibc NPTL functions, they will get the following message:

libgcc_s.so.1 must be installed for pthread_cancel to work

Melange can check the symbol import tables on binaries to see if ^pthread_.*$ functions are being called. If they are, adding a dependency on so:libgcc_s.so.1 seems like a reasonable mitigation -- even if unneeded such as in the musl case, libgcc is an extremely small package anyway.

[jonjohnsonjr]

I think we'd have to do this prior to stripping, so the current mechanism of doing SCA at the end of the build wouldn't work.

That might be sufficient motivation to handle symbols better than we currently do.

[xnox]

Checking symbols tables will not help if they are stripped.

Also libgcc might only be needed when pthreads is dlopened.... Or when one statically links DL calls that call out to pthreads.

I have tried to detect this before when building initrds and ended up with hard coded depends basically.

Can you please point to preexisting (non manufactured) cases where this has happened? Cause I could be inclined to fix those three weird cases with explicit rather than auto detected depends.

[kaniini]

The import table is not stripped, nor could it be stripped, as the ELF interpreter requires it in order to load ELF programs.