* [gentoo-commits] proj/portage:master commit in: bin/, bin/install-qa-check.d/
@ 2014-09-26 2:17 Brian Dolbec
0 siblings, 0 replies; 3+ messages in thread
From: Brian Dolbec @ 2014-09-26 2:17 UTC (permalink / raw
To: gentoo-commits
commit: 9d507ee28c526662fc6ad3895a808df1814bfe01
Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 3 21:01:34 2014 +0000
Commit: Brian Dolbec <brian.dolbec <AT> gmail <DOT> com>
CommitDate: Fri Sep 26 01:22:13 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=9d507ee2
Split install_qa_check() into install-qa-check.d scripts
Convert the horrendous install_qa_check() function into a plug-in system
that calls separate QA checking scripts from install-qa-check.d.
---
bin/install-qa-check.d/05double-D | 17 +
bin/install-qa-check.d/05prefix | 117 +++
bin/install-qa-check.d/10executable-issues | 140 ++++
bin/install-qa-check.d/10ignored-flags | 99 +++
bin/install-qa-check.d/20deprecated-directories | 18 +
bin/install-qa-check.d/20runtime-directories | 26 +
bin/install-qa-check.d/60bash-completion | 130 ++++
bin/install-qa-check.d/60openrc | 41 ++
bin/install-qa-check.d/60pkgconfig | 15 +
bin/install-qa-check.d/60pngfix | 35 +
bin/install-qa-check.d/60systemd | 25 +
bin/install-qa-check.d/60udev | 21 +
bin/install-qa-check.d/80libraries | 158 ++++
bin/install-qa-check.d/80multilib-strict | 50 ++
bin/install-qa-check.d/90gcc-warnings | 145 ++++
bin/install-qa-check.d/90world-writable | 25 +
bin/misc-functions.sh | 939 +-----------------------
17 files changed, 1073 insertions(+), 928 deletions(-)
diff --git a/bin/install-qa-check.d/05double-D b/bin/install-qa-check.d/05double-D
new file mode 100644
index 0000000..1634afd
--- /dev/null
+++ b/bin/install-qa-check.d/05double-D
@@ -0,0 +1,17 @@
+# Check for accidential install into ${D}/${D}
+
+DD_check() {
+ if [[ -d ${D%/}${D} ]] ; then
+ local -i INSTALLTOD=0
+ while read -r -d $'\0' i ; do
+ eqawarn "QA Notice: /${i##${D%/}${D}} installed in \${D}/\${D}"
+ ((INSTALLTOD++))
+ done < <(find "${D%/}${D}" -print0)
+ die "Aborting due to QA concerns: ${INSTALLTOD} files installed in ${D%/}${D}"
+ fi
+}
+
+DD_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/05prefix b/bin/install-qa-check.d/05prefix
new file mode 100644
index 0000000..e1fc2bd
--- /dev/null
+++ b/bin/install-qa-check.d/05prefix
@@ -0,0 +1,117 @@
+# Prefix specific QA checks
+
+install_qa_check_prefix() {
+ [[ ${ED} == ${D} ]] && return
+
+ if [[ -d ${ED}/${D} ]] ; then
+ find "${ED}/${D}" | \
+ while read i ; do
+ eqawarn "QA Notice: /${i##${ED}/${D}} installed in \${ED}/\${D}"
+ done
+ die "Aborting due to QA concerns: files installed in ${ED}/${D}"
+ fi
+
+ if [[ -d ${ED}/${EPREFIX} ]] ; then
+ find "${ED}/${EPREFIX}/" | \
+ while read i ; do
+ eqawarn "QA Notice: ${i#${D}} double prefix"
+ done
+ die "Aborting due to QA concerns: double prefix files installed"
+ fi
+
+ if [[ -d ${D} ]] ; then
+ INSTALLTOD=$(find ${D%/} | egrep -v "^${ED}" | sed -e "s|^${D%/}||" | awk '{if (length($0) <= length("'"${EPREFIX}"'")) { if (substr("'"${EPREFIX}"'", 1, length($0)) != $0) {print $0;} } else if (substr($0, 1, length("'"${EPREFIX}"'")) != "'"${EPREFIX}"'") {print $0;} }')
+ if [[ -n ${INSTALLTOD} ]] ; then
+ eqawarn "QA Notice: the following files are outside of the prefix:"
+ eqawarn "${INSTALLTOD}"
+ die "Aborting due to QA concerns: there are files installed outside the prefix"
+ fi
+ fi
+
+ # all further checks rely on ${ED} existing
+ [[ -d ${ED} ]] || return
+
+ # check shebangs, bug #282539
+ rm -f "${T}"/non-prefix-shebangs-errs
+ local WHITELIST=" /usr/bin/env "
+ # this is hell expensive, but how else?
+ find "${ED}" -executable \! -type d -print0 \
+ | xargs -0 grep -H -n -m1 "^#!" \
+ | while read f ;
+ do
+ local fn=${f%%:*}
+ local pos=${f#*:} ; pos=${pos%:*}
+ local line=${f##*:}
+ # shebang always appears on the first line ;)
+ [[ ${pos} != 1 ]] && continue
+ local oldIFS=${IFS}
+ IFS=$'\r'$'\n'$'\t'" "
+ line=( ${line#"#!"} )
+ IFS=${oldIFS}
+ [[ ${WHITELIST} == *" ${line[0]} "* ]] && continue
+ local fp=${fn#${D}} ; fp=/${fp%/*}
+ # line[0] can be an absolutised path, bug #342929
+ local eprefix=$(canonicalize ${EPREFIX})
+ local rf=${fn}
+ # in case we deal with a symlink, make sure we don't replace it
+ # with a real file (sed -i does that)
+ if [[ -L ${fn} ]] ; then
+ rf=$(readlink ${fn})
+ [[ ${rf} != /* ]] && rf=${fn%/*}/${rf}
+ # ignore symlinks pointing to outside prefix
+ # as seen in sys-devel/native-cctools
+ [[ $(canonicalize "/${rf#${D}}") != ${eprefix}/* ]] && continue
+ fi
+ # does the shebang start with ${EPREFIX}, and does it exist?
+ if [[ ${line[0]} == ${EPREFIX}/* || ${line[0]} == ${eprefix}/* ]] ; then
+ if [[ ! -e ${ROOT%/}${line[0]} && ! -e ${D%/}${line[0]} ]] ; then
+ # hmm, refers explicitly to $EPREFIX, but doesn't exist,
+ # if it's in PATH that's wrong in any case
+ if [[ ":${PATH}:" == *":${fp}:"* ]] ; then
+ echo "${fn#${D}}:${line[0]} (explicit EPREFIX but target not found)" \
+ >> "${T}"/non-prefix-shebangs-errs
+ else
+ eqawarn "${fn#${D}} has explicit EPREFIX in shebang but target not found (${line[0]})"
+ fi
+ fi
+ continue
+ fi
+ # unprefixed shebang, is the script directly in $PATH?
+ if [[ ":${PATH}:" == *":${fp}:"* ]] ; then
+ if [[ -e ${EROOT}${line[0]} || -e ${ED}${line[0]} ]] ; then
+ # is it unprefixed, but we can just fix it because a
+ # prefixed variant exists
+ eqawarn "prefixing shebang of ${fn#${D}}"
+ # statement is made idempotent on purpose, because
+ # symlinks may point to the same target, and hence the
+ # same real file may be sedded multiple times since we
+ # read the shebangs in one go upfront for performance
+ # reasons
+ sed -i -e '1s:^#! \?'"${line[0]}"':#!'"${EPREFIX}"${line[0]}':' "${rf}"
+ continue
+ else
+ # this is definitely wrong: script in $PATH and invalid shebang
+ echo "${fn#${D}}:${line[0]} (script ${fn##*/} installed in PATH but interpreter ${line[0]} not found)" \
+ >> "${T}"/non-prefix-shebangs-errs
+ fi
+ else
+ # unprefixed/invalid shebang, but outside $PATH, this may be
+ # intended (e.g. config.guess) so remain silent by default
+ has stricter ${FEATURES} && \
+ eqawarn "invalid shebang in ${fn#${D}}: ${line[0]}"
+ fi
+ done
+ if [[ -e "${T}"/non-prefix-shebangs-errs ]] ; then
+ eqawarn "QA Notice: the following files use invalid (possible non-prefixed) shebangs:"
+ while read line ; do
+ eqawarn " ${line}"
+ done < "${T}"/non-prefix-shebangs-errs
+ rm -f "${T}"/non-prefix-shebangs-errs
+ die "Aborting due to QA concerns: invalid shebangs found"
+ fi
+}
+
+install_qa_check_prefix
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/10executable-issues b/bin/install-qa-check.d/10executable-issues
new file mode 100644
index 0000000..f765749
--- /dev/null
+++ b/bin/install-qa-check.d/10executable-issues
@@ -0,0 +1,140 @@
+# Check for major issues with built executables: insecure RPATHs,
+# text relocations, executable stacks
+
+elf_check() {
+ if type -P scanelf > /dev/null && ! has binchecks ${RESTRICT}; then
+ local insecure_rpath=0 tmp_quiet=${PORTAGE_QUIET}
+ local f x
+
+ # display warnings when using stricter because we die afterwards
+ if has stricter ${FEATURES} ; then
+ local PORTAGE_QUIET
+ fi
+
+ # Make sure we disallow insecure RUNPATH/RPATHs.
+ # 1) References to PORTAGE_BUILDDIR are banned because it's a
+ # security risk. We don't want to load files from a
+ # temporary directory.
+ # 2) If ROOT != "/", references to ROOT are banned because
+ # that directory won't exist on the target system.
+ # 3) Null paths are banned because the loader will search $PWD when
+ # it finds null paths.
+ local forbidden_dirs="${PORTAGE_BUILDDIR}"
+ if [[ -n "${ROOT}" && "${ROOT}" != "/" ]]; then
+ forbidden_dirs+=" ${ROOT}"
+ fi
+ local dir l rpath_files=$(scanelf -F '%F:%r' -qBR "${ED}")
+ f=""
+ for dir in ${forbidden_dirs}; do
+ for l in $(echo "${rpath_files}" | grep -E ":${dir}|::|: "); do
+ f+=" ${l%%:*}\n"
+ if ! has stricter ${FEATURES}; then
+ __vecho "Auto fixing rpaths for ${l%%:*}"
+ TMPDIR="${dir}" scanelf -BXr "${l%%:*}" -o /dev/null
+ fi
+ done
+ done
+
+ # Reject set*id binaries with $ORIGIN in RPATH #260331
+ x=$(
+ find "${ED}" -type f \( -perm -u+s -o -perm -g+s \) -print0 | \
+ xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN'
+ )
+
+ # Print QA notice.
+ if [[ -n ${f}${x} ]] ; then
+ __vecho -ne '\n'
+ eqawarn "QA Notice: The following files contain insecure RUNPATHs"
+ eqawarn " Please file a bug about this at http://bugs.gentoo.org/"
+ eqawarn " with the maintaining herd of the package."
+ eqawarn "${f}${f:+${x:+\n}}${x}"
+ __vecho -ne '\n'
+ if [[ -n ${x} ]] || has stricter ${FEATURES} ; then
+ insecure_rpath=1
+ fi
+ fi
+
+ # TEXTRELs are baaaaaaaad
+ # Allow devs to mark things as ignorable ... e.g. things that are
+ # binary-only and upstream isn't cooperating (nvidia-glx) ... we
+ # allow ebuild authors to set QA_TEXTRELS_arch and QA_TEXTRELS ...
+ # the former overrides the latter ... regexes allowed ! :)
+ local qa_var="QA_TEXTRELS_${ARCH/-/_}"
+ [[ -n ${!qa_var} ]] && QA_TEXTRELS=${!qa_var}
+ [[ -n ${QA_STRICT_TEXTRELS} ]] && QA_TEXTRELS=""
+ export QA_TEXTRELS="${QA_TEXTRELS} lib*/modules/*.ko"
+ f=$(scanelf -qyRF '%t %p' "${ED}" | grep -v 'usr/lib/debug/')
+ if [[ -n ${f} ]] ; then
+ scanelf -qyRAF '%T %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-textrel.log
+ __vecho -ne '\n'
+ eqawarn "QA Notice: The following files contain runtime text relocations"
+ eqawarn " Text relocations force the dynamic linker to perform extra"
+ eqawarn " work at startup, waste system resources, and may pose a security"
+ eqawarn " risk. On some architectures, the code may not even function"
+ eqawarn " properly, if at all."
+ eqawarn " For more information, see http://hardened.gentoo.org/pic-fix-guide.xml"
+ eqawarn " Please include the following list of files in your report:"
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ die_msg="${die_msg} textrels,"
+ sleep 1
+ fi
+
+ # Also, executable stacks only matter on linux (and just glibc atm ...)
+ f=""
+ case ${CTARGET:-${CHOST}} in
+ *-linux-gnu*)
+ # Check for files with executable stacks, but only on arches which
+ # are supported at the moment. Keep this list in sync with
+ # http://www.gentoo.org/proj/en/hardened/gnu-stack.xml (Arch Status)
+ case ${CTARGET:-${CHOST}} in
+ arm*|i?86*|ia64*|m68k*|s390*|sh*|x86_64*)
+ # Allow devs to mark things as ignorable ... e.g. things
+ # that are binary-only and upstream isn't cooperating ...
+ # we allow ebuild authors to set QA_EXECSTACK_arch and
+ # QA_EXECSTACK ... the former overrides the latter ...
+ # regexes allowed ! :)
+
+ qa_var="QA_EXECSTACK_${ARCH/-/_}"
+ [[ -n ${!qa_var} ]] && QA_EXECSTACK=${!qa_var}
+ [[ -n ${QA_STRICT_EXECSTACK} ]] && QA_EXECSTACK=""
+ qa_var="QA_WX_LOAD_${ARCH/-/_}"
+ [[ -n ${!qa_var} ]] && QA_WX_LOAD=${!qa_var}
+ [[ -n ${QA_STRICT_WX_LOAD} ]] && QA_WX_LOAD=""
+ export QA_EXECSTACK="${QA_EXECSTACK} lib*/modules/*.ko"
+ export QA_WX_LOAD="${QA_WX_LOAD} lib*/modules/*.ko"
+ f=$(scanelf -qyRAF '%e %p' "${ED}" | grep -v 'usr/lib/debug/')
+ ;;
+ esac
+ ;;
+ esac
+ if [[ -n ${f} ]] ; then
+ # One more pass to help devs track down the source
+ scanelf -qyRAF '%e %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-execstack.log
+ __vecho -ne '\n'
+ eqawarn "QA Notice: The following files contain writable and executable sections"
+ eqawarn " Files with such sections will not work properly (or at all!) on some"
+ eqawarn " architectures/operating systems. A bug should be filed at"
+ eqawarn " http://bugs.gentoo.org/ to make sure the issue is fixed."
+ eqawarn " For more information, see http://hardened.gentoo.org/gnu-stack.xml"
+ eqawarn " Please include the following list of files in your report:"
+ eqawarn " Note: Bugs should be filed for the respective maintainers"
+ eqawarn " of the package in question and not hardened@g.o."
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ die_msg="${die_msg} execstacks"
+ sleep 1
+ fi
+
+ if [[ ${insecure_rpath} -eq 1 ]] ; then
+ die "Aborting due to serious QA concerns with RUNPATH/RPATH"
+ elif [[ -n ${die_msg} ]] && has stricter ${FEATURES} ; then
+ die "Aborting due to QA concerns: ${die_msg}"
+ fi
+ fi
+}
+
+elf_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags
new file mode 100644
index 0000000..7aa9eb6
--- /dev/null
+++ b/bin/install-qa-check.d/10ignored-flags
@@ -0,0 +1,99 @@
+# QA checks for ignored *FLAGS.
+
+ignored_flag_check() {
+ type -P scanelf > /dev/null || return
+ has binchecks ${RESTRICT} && return
+
+ local qa_var="QA_FLAGS_IGNORED_${ARCH/-/_}"
+ eval "[[ -n \${!qa_var} ]] && QA_FLAGS_IGNORED=(\"\${${qa_var}[@]}\")"
+ if [[ ${#QA_FLAGS_IGNORED[@]} -eq 1 ]] ; then
+ local shopts=$-
+ set -o noglob
+ QA_FLAGS_IGNORED=(${QA_FLAGS_IGNORED})
+ set +o noglob
+ set -${shopts}
+ fi
+
+ local f x
+
+ # Check for files built without respecting *FLAGS. Note that
+ # -frecord-gcc-switches must be in all *FLAGS variables, in
+ # order to avoid false positive results here.
+ # NOTE: This check must execute before prepall/prepstrip, since
+ # prepstrip strips the .GCC.command.line sections.
+ if [[ "${CFLAGS}" == *-frecord-gcc-switches* ]] && \
+ [[ "${CXXFLAGS}" == *-frecord-gcc-switches* ]] && \
+ [[ "${FFLAGS}" == *-frecord-gcc-switches* ]] && \
+ [[ "${FCFLAGS}" == *-frecord-gcc-switches* ]] ; then
+ rm -f "${T}"/scanelf-ignored-CFLAGS.log
+ for x in $(scanelf -qyRF '#k%p' -k '!.GCC.command.line' "${ED}") ; do
+ # Separate out file types that are known to support
+ # .GCC.command.line sections, using the `file` command
+ # similar to how prepstrip uses it.
+ f=$(file "${x}") || continue
+ [[ -z ${f} ]] && continue
+ if [[ ${f} == *"SB executable"* ||
+ ${f} == *"SB shared object"* ]] ; then
+ echo "${x}" >> "${T}"/scanelf-ignored-CFLAGS.log
+ fi
+ done
+
+ if [[ -f "${T}"/scanelf-ignored-CFLAGS.log ]] ; then
+
+ if [ "${QA_STRICT_FLAGS_IGNORED-unset}" = unset ] ; then
+ for x in "${QA_FLAGS_IGNORED[@]}" ; do
+ sed -e "s#^${x#/}\$##" -i "${T}"/scanelf-ignored-CFLAGS.log
+ done
+ fi
+ # Filter anything under /usr/lib/debug/ in order to avoid
+ # duplicate warnings for splitdebug files.
+ sed -e "s#^usr/lib/debug/.*##" -e "/^\$/d" -e "s#^#/#" \
+ -i "${T}"/scanelf-ignored-CFLAGS.log
+ f=$(<"${T}"/scanelf-ignored-CFLAGS.log)
+ if [[ -n ${f} ]] ; then
+ __vecho -ne '\n'
+ eqawarn "${BAD}QA Notice: Files built without respecting CFLAGS have been detected${NORMAL}"
+ eqawarn " Please include the following list of files in your report:"
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ sleep 1
+ else
+ rm -f "${T}"/scanelf-ignored-CFLAGS.log
+ fi
+ fi
+ fi
+
+ # Check for files built without respecting LDFLAGS
+ if [[ "${LDFLAGS}" == *,--hash-style=gnu* ]] && \
+ ! has binchecks ${RESTRICT} ; then
+ f=$(scanelf -qyRF '#k%p' -k .hash "${ED}")
+ if [[ -n ${f} ]] ; then
+ echo "${f}" > "${T}"/scanelf-ignored-LDFLAGS.log
+ if [ "${QA_STRICT_FLAGS_IGNORED-unset}" = unset ] ; then
+ for x in "${QA_FLAGS_IGNORED[@]}" ; do
+ sed -e "s#^${x#/}\$##" -i "${T}"/scanelf-ignored-LDFLAGS.log
+ done
+ fi
+ # Filter anything under /usr/lib/debug/ in order to avoid
+ # duplicate warnings for splitdebug files.
+ sed -e "s#^usr/lib/debug/.*##" -e "/^\$/d" -e "s#^#/#" \
+ -i "${T}"/scanelf-ignored-LDFLAGS.log
+ f=$(<"${T}"/scanelf-ignored-LDFLAGS.log)
+ if [[ -n ${f} ]] ; then
+ __vecho -ne '\n'
+ eqawarn "${BAD}QA Notice: Files built without respecting LDFLAGS have been detected${NORMAL}"
+ eqawarn " Please include the following list of files in your report:"
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ sleep 1
+ else
+ rm -f "${T}"/scanelf-ignored-LDFLAGS.log
+ fi
+ fi
+ fi
+}
+
+ignored_flag_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/20deprecated-directories b/bin/install-qa-check.d/20deprecated-directories
new file mode 100644
index 0000000..fb82bfe
--- /dev/null
+++ b/bin/install-qa-check.d/20deprecated-directories
@@ -0,0 +1,18 @@
+# Check for deprecated directories
+
+deprecated_dir_check() {
+ local x f=
+ for x in etc/app-defaults usr/man usr/info usr/X11R6 usr/doc usr/locale ; do
+ [[ -d ${ED}/$x ]] && f+=" $x\n"
+ done
+ if [[ -n $f ]] ; then
+ eqawarn "QA Notice: This ebuild installs into the following deprecated directories:"
+ eqawarn
+ eqawarn "$f"
+ fi
+}
+
+deprecated_dir_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/20runtime-directories b/bin/install-qa-check.d/20runtime-directories
new file mode 100644
index 0000000..2e21d6d
--- /dev/null
+++ b/bin/install-qa-check.d/20runtime-directories
@@ -0,0 +1,26 @@
+# Check for directories that need to be created at runtime
+
+runtime_dir_check() {
+ # It's ok create these directories, but not to install into them. #493154
+ # TODO: We should add var/lib to this list.
+ local x f=
+ for x in var/cache var/lock var/run run ; do
+ if [[ ! -L ${ED}/${x} && -d ${ED}/${x} ]] ; then
+ if [[ -z $(find "${ED}/${x}" -prune -empty) ]] ; then
+ f+=$(cd "${ED}"; find "${x}" -printf ' %p\n')
+ fi
+ fi
+ done
+ if [[ -n ${f} ]] ; then
+ eqawarn "QA Notice: This ebuild installs into paths that should be created at runtime."
+ eqawarn " To fix, simply do not install into these directories. Instead, your package"
+ eqawarn " should create dirs on the fly at runtime as needed via init scripts/etc..."
+ eqawarn
+ eqawarn "${f}"
+ fi
+}
+
+runtime_dir_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/60bash-completion b/bin/install-qa-check.d/60bash-completion
new file mode 100644
index 0000000..c154761
--- /dev/null
+++ b/bin/install-qa-check.d/60bash-completion
@@ -0,0 +1,130 @@
+# QA checks for bash-completion files
+
+bashcomp_check() {
+ # Check for correct bash-completion install path.
+ local syscompdir=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null)
+ : ${syscompdir:=${EPREFIX}/usr/share/bash-completion/completions}
+
+ local instcompdir
+ if [[ -d ${ED}/usr/share/bash-completion/completions ]]; then
+ instcompdir=${ED}/usr/share/bash-completion/completions
+ elif [[ -d ${ED}/usr/share/bash-completion ]]; then
+ if [[ ${syscompdir} != ${EPREFIX}/usr/share/bash-completion ]]; then
+ eqawarn "Bash completions were installed in legacy location. Please update"
+ eqawarn "the ebuild to get the install paths using bash-completion-r1.eclass."
+ eqawarn
+ fi
+
+ instcompdir=${ED}/usr/share/bash-completion
+ fi
+
+ # Do a few QA tests on bash completions.
+ if [[ -n ${instcompdir} && -f ${EROOT}/usr/share/bash-completion/bash_completion ]]; then
+ _get_completions() {
+ # source the file
+ source "${1}" &>/dev/null
+
+ [[ ${USED_HAVE} == yes ]] && echo '__HAVE_USED__'
+
+ # print the completed commands
+ while read -a args; do
+ [[ ${args[0]} == complete ]] || continue
+ # command always comes last, one per line
+ echo "${args[$(( ${#args[@]} - 1))]}"
+ done < <(complete -p)
+ }
+
+ # load the global helpers
+ source "${EROOT}"/usr/share/bash-completion/bash_completion
+
+ # clean up predefined completions
+ complete -r
+
+ # force all completions on
+ _have() {
+ return 0
+ }
+
+ local USED_HAVE=no
+ # add a replacement for have()
+ have() {
+ USED_HAVE=yes
+
+ unset -v have
+ _have ${1} && have=yes
+ }
+
+ local f c completions
+ local all_compls=()
+ local all_files=()
+ local qa_warnings=()
+
+ for f in "${instcompdir}"/*; do
+ # ignore directories and other non-files
+ [[ ! -f ${f} ]] && continue
+
+ # skip the common code file
+ # (in case we're run in /usr/share/bash-completion)
+ [[ ${f##*/} == bash_completion ]] && continue
+
+ completions=( $(_get_completions "${f}") )
+
+ if [[ ${completions[0]} == __HAVE_USED__ ]]; then
+ qa_warnings+=(
+ "${f##*/}: 'have' command is deprecated and must not be used."
+ )
+ unset 'completions[0]'
+ fi
+
+ if [[ -z ${completions[@]} ]]; then
+ qa_warnings+=(
+ "${f##*/}: does not define any completions (failed to source?)."
+ )
+ continue
+ fi
+
+ for c in "${completions[@]}"; do
+ if [[ ${c} == /* ]]; then
+ qa_warnings+=(
+ "${f##*/}: absolute paths can not be used for completions (on '${c}')."
+ )
+ else
+ all_compls+=( "${c}" )
+ fi
+ done
+
+ if ! has "${f##*/}" "${all_compls[@]}"; then
+ qa_warnings+=(
+ "${f##*/}: incorrect name, no completions for '${f##*/}' command defined."
+ )
+ fi
+
+ all_files+=( "${f##*/}" )
+ done
+
+ for c in "${all_compls[@]}"; do
+ if ! has "${c}" "${all_files[@]}"; then
+ qa_warnings+=(
+ "${c}: missing alias (symlink) for completed command."
+ )
+ fi
+ done
+
+ if [[ -n ${qa_warnings[@]} ]]; then
+ eqawarn "Problems with installed bash completions were found:"
+ eqawarn
+ for c in "${qa_warnings[@]}"; do
+ eqawarn " ${c}"
+ done
+ eqawarn
+ eqawarn "For more details on installing bash-completions, please see:"
+ eqawarn "https://wiki.gentoo.org/wiki/Bash/Installing_completion_files"
+ eqawarn
+ fi
+ fi
+}
+
+bashcomp_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/60openrc b/bin/install-qa-check.d/60openrc
new file mode 100644
index 0000000..9b7fc6d
--- /dev/null
+++ b/bin/install-qa-check.d/60openrc
@@ -0,0 +1,41 @@
+# QA checks for OpenRC init.d files.
+
+openrc_check() {
+ # Sanity check syntax errors in init.d scripts
+ local d i
+ for d in /etc/conf.d /etc/init.d ; do
+ [[ -d ${ED}/${d} ]] || continue
+ for i in "${ED}"/${d}/* ; do
+ [[ -L ${i} ]] && continue
+ # if empty conf.d/init.d dir exists (baselayout), then i will be "/etc/conf.d/*" and not exist
+ [[ ! -e ${i} ]] && continue
+ if [[ ${d} == /etc/init.d && ${i} != *.sh ]] ; then
+ # skip non-shell-script for bug #451386
+ [[ $(head -n1 "${i}") =~ ^#!.*[[:space:]/](runscript|sh)$ ]] || continue
+ fi
+ bash -n "${i}" || die "The init.d file has syntax errors: ${i}"
+ done
+ done
+
+ local checkbashisms=$(type -P checkbashisms)
+ if [[ -n ${checkbashisms} ]] ; then
+ for d in /etc/init.d ; do
+ [[ -d ${ED}${d} ]] || continue
+ for i in "${ED}${d}"/* ; do
+ [[ -e ${i} ]] || continue
+ [[ -L ${i} ]] && continue
+ f=$("${checkbashisms}" -f "${i}" 2>&1)
+ [[ $? != 0 && -n ${f} ]] || continue
+ eqawarn "QA Notice: shell script appears to use non-POSIX feature(s):"
+ while read -r ;
+ do eqawarn " ${REPLY}"
+ done <<< "${f//${ED}}"
+ done
+ done
+ fi
+}
+
+openrc_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig
new file mode 100644
index 0000000..1b34c04
--- /dev/null
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -0,0 +1,15 @@
+# Check for pkg-config file issues
+
+pkgconfig_check() {
+ # Look for leaking LDFLAGS into pkg-config files
+ local f=$(egrep -sH '^Libs.*-Wl,(-O[012]|--hash-style)' "${ED}"/usr/*/pkgconfig/*.pc)
+ if [[ -n ${f} ]] ; then
+ eqawarn "QA Notice: pkg-config files with wrong LDFLAGS detected:"
+ eqawarn "${f//${D}}"
+ fi
+}
+
+pkgconfig_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/60pngfix b/bin/install-qa-check.d/60pngfix
new file mode 100644
index 0000000..8d53040
--- /dev/null
+++ b/bin/install-qa-check.d/60pngfix
@@ -0,0 +1,35 @@
+# Check for issues with PNG files
+
+pngfix_check() {
+ local pngfix=$(type -P pngfix)
+ if [[ -n ${pngfix} ]] ; then
+ local pngout=()
+ local next
+
+ while read -r -a pngout ; do
+ local error=""
+
+ case "${pngout[1]}" in
+ CHK)
+ error='invalid checksum'
+ ;;
+ TFB)
+ error='broken IDAT window length'
+ ;;
+ esac
+
+ if [[ -n ${error} ]] ; then
+ if [[ -z ${next} ]] ; then
+ eqawarn "QA Notice: broken .png files found:"
+ next=1
+ fi
+ eqawarn " ${pngout[@]:7}: ${error}"
+ fi
+ done < <(find "${ED}" -type f -name '*.png' -exec "${pngfix}" {} +)
+ fi
+}
+
+pngfix_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/60systemd b/bin/install-qa-check.d/60systemd
new file mode 100644
index 0000000..f134a30
--- /dev/null
+++ b/bin/install-qa-check.d/60systemd
@@ -0,0 +1,25 @@
+# QA checks for systemd units.
+
+systemd_check() {
+ local systemddir f
+
+ # Common mistakes in systemd service files.
+ if type -P pkg-config >/dev/null && pkg-config --exists systemd; then
+ systemddir=$(pkg-config --variable=systemdsystemunitdir systemd)
+ else
+ systemddir=/usr/lib/systemd/system
+ fi
+ if [[ -d ${ED%/}${systemddir} ]]; then
+ f=$(grep -sH '^EnvironmentFile.*=.*/etc/conf\.d' "${ED%/}${systemddir}"/*.service)
+ if [[ -n ${f} ]] ; then
+ eqawarn "QA Notice: systemd units using /etc/conf.d detected:"
+ eqawarn "${f//${D}}"
+ eqawarn "See: https://wiki.gentoo.org/wiki/Project:Systemd/conf.d_files"
+ fi
+ fi
+}
+
+systemd_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/60udev b/bin/install-qa-check.d/60udev
new file mode 100644
index 0000000..4327d06
--- /dev/null
+++ b/bin/install-qa-check.d/60udev
@@ -0,0 +1,21 @@
+# Check udev rule installs
+
+udev_check() {
+ set +f
+ local x f=
+ for x in "${ED}etc/udev/rules.d/"* "${ED}lib"*"/udev/rules.d/"* ; do
+ [[ -e ${x} ]] || continue
+ [[ ${x} == ${ED}lib/udev/rules.d/* ]] && continue
+ f+=" ${x#${ED}}\n"
+ done
+ if [[ -n $f ]] ; then
+ eqawarn "QA Notice: udev rules should be installed in /lib/udev/rules.d:"
+ eqawarn
+ eqawarn "$f"
+ fi
+}
+
+udev_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/80libraries b/bin/install-qa-check.d/80libraries
new file mode 100644
index 0000000..3977bae
--- /dev/null
+++ b/bin/install-qa-check.d/80libraries
@@ -0,0 +1,158 @@
+# Check for issues with installed libraries
+
+lib_check() {
+ local f x i j
+
+ if type -P scanelf > /dev/null && ! has binchecks ${RESTRICT}; then
+ # Check for shared libraries lacking SONAMEs
+ local qa_var="QA_SONAME_${ARCH/-/_}"
+ eval "[[ -n \${!qa_var} ]] && QA_SONAME=(\"\${${qa_var}[@]}\")"
+ f=$(scanelf -ByF '%S %p' "${ED}"{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]${ED}:/:")
+ if [[ -n ${f} ]] ; then
+ echo "${f}" > "${T}"/scanelf-missing-SONAME.log
+ if [[ "${QA_STRICT_SONAME-unset}" == unset ]] ; then
+ if [[ ${#QA_SONAME[@]} -gt 1 ]] ; then
+ for x in "${QA_SONAME[@]}" ; do
+ sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-SONAME.log
+ done
+ else
+ local shopts=$-
+ set -o noglob
+ for x in ${QA_SONAME} ; do
+ sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-SONAME.log
+ done
+ set +o noglob
+ set -${shopts}
+ fi
+ fi
+ sed -e "/^\$/d" -i "${T}"/scanelf-missing-SONAME.log
+ f=$(<"${T}"/scanelf-missing-SONAME.log)
+ if [[ -n ${f} ]] ; then
+ __vecho -ne '\n'
+ eqawarn "QA Notice: The following shared libraries lack a SONAME"
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ sleep 1
+ else
+ rm -f "${T}"/scanelf-missing-SONAME.log
+ fi
+ fi
+
+ # Check for shared libraries lacking NEEDED entries
+ qa_var="QA_DT_NEEDED_${ARCH/-/_}"
+ eval "[[ -n \${!qa_var} ]] && QA_DT_NEEDED=(\"\${${qa_var}[@]}\")"
+ f=$(scanelf -ByF '%n %p' "${ED}"{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]${ED}:/:")
+ if [[ -n ${f} ]] ; then
+ echo "${f}" > "${T}"/scanelf-missing-NEEDED.log
+ if [[ "${QA_STRICT_DT_NEEDED-unset}" == unset ]] ; then
+ if [[ ${#QA_DT_NEEDED[@]} -gt 1 ]] ; then
+ for x in "${QA_DT_NEEDED[@]}" ; do
+ sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-NEEDED.log
+ done
+ else
+ local shopts=$-
+ set -o noglob
+ for x in ${QA_DT_NEEDED} ; do
+ sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-NEEDED.log
+ done
+ set +o noglob
+ set -${shopts}
+ fi
+ fi
+ sed -e "/^\$/d" -i "${T}"/scanelf-missing-NEEDED.log
+ f=$(<"${T}"/scanelf-missing-NEEDED.log)
+ if [[ -n ${f} ]] ; then
+ __vecho -ne '\n'
+ eqawarn "QA Notice: The following shared libraries lack NEEDED entries"
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ sleep 1
+ else
+ rm -f "${T}"/scanelf-missing-NEEDED.log
+ fi
+ fi
+ fi
+
+ # this should help to ensure that all (most?) shared libraries are executable
+ # and that all libtool scripts / static libraries are not executable
+ for i in "${ED}"opt/*/lib* \
+ "${ED}"lib* \
+ "${ED}"usr/lib* ; do
+ [[ ! -d ${i} ]] && continue
+
+ for j in "${i}"/*.so.* "${i}"/*.so ; do
+ [[ ! -e ${j} ]] && continue
+ [[ -L ${j} ]] && continue
+ [[ -x ${j} ]] && continue
+ __vecho "making executable: ${j#${ED}}"
+ chmod +x "${j}"
+ done
+
+ for j in "${i}"/*.a "${i}"/*.la ; do
+ [[ ! -e ${j} ]] && continue
+ [[ -L ${j} ]] && continue
+ [[ ! -x ${j} ]] && continue
+ __vecho "removing executable bit: ${j#${ED}}"
+ chmod -x "${j}"
+ done
+
+ for j in "${i}"/*.{a,dll,dylib,sl,so}.* "${i}"/*.{a,dll,dylib,sl,so} ; do
+ [[ ! -e ${j} ]] && continue
+ [[ ! -L ${j} ]] && continue
+ linkdest=$(readlink "${j}")
+ if [[ ${linkdest} == /* ]] ; then
+ __vecho -ne '\n'
+ eqawarn "QA Notice: Found an absolute symlink in a library directory:"
+ eqawarn " ${j#${D}} -> ${linkdest}"
+ eqawarn " It should be a relative symlink if in the same directory"
+ eqawarn " or a linker script if it crosses the /usr boundary."
+ fi
+ done
+ done
+
+ # When installing static libraries into /usr/lib and shared libraries into
+ # /lib, we have to make sure we have a linker script in /usr/lib along side
+ # the static library, or gcc will utilize the static lib when linking :(.
+ # http://bugs.gentoo.org/4411
+ local abort="no"
+ local a s
+ for a in "${ED}"usr/lib*/*.a ; do
+ s=${a%.a}.so
+ if [[ ! -e ${s} ]] ; then
+ s=${s%usr/*}${s##*/usr/}
+ if [[ -e ${s} ]] ; then
+ __vecho -ne '\n'
+ eqawarn "QA Notice: Missing gen_usr_ldscript for ${s##*/}"
+ abort="yes"
+ fi
+ fi
+ done
+ [[ ${abort} == "yes" ]] && die "add those ldscripts"
+
+ # Make sure people don't store libtool files or static libs in /lib
+ f=$(ls "${ED}"lib*/*.{a,la} 2>/dev/null)
+ if [[ -n ${f} ]] ; then
+ __vecho -ne '\n'
+ eqawarn "QA Notice: Excessive files found in the / partition"
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ die "static archives (*.a) and libtool library files (*.la) belong in /usr/lib*, not /lib*"
+ fi
+
+ # Verify that the libtool files don't contain bogus $D entries.
+ local abort=no gentoo_bug=no always_overflow=no
+ for a in "${ED}"usr/lib*/*.la ; do
+ s=${a##*/}
+ if grep -qs "${ED}" "${a}" ; then
+ __vecho -ne '\n'
+ eqawarn "QA Notice: ${s} appears to contain PORTAGE_TMPDIR paths"
+ abort="yes"
+ fi
+ done
+ [[ ${abort} == "yes" ]] && die "soiled libtool library files found"
+}
+
+lib_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/80multilib-strict b/bin/install-qa-check.d/80multilib-strict
new file mode 100644
index 0000000..f944be9
--- /dev/null
+++ b/bin/install-qa-check.d/80multilib-strict
@@ -0,0 +1,50 @@
+# Strict multilib directory checks
+multilib_strict_check() {
+ if has multilib-strict ${FEATURES} && \
+ [[ -x /usr/bin/file && -x /usr/bin/find ]] && \
+ [[ -n ${MULTILIB_STRICT_DIRS} && -n ${MULTILIB_STRICT_DENY} ]]
+ then
+ rm -f "${T}/multilib-strict.log"
+ local abort=no dir file
+ MULTILIB_STRICT_EXEMPT=$(echo ${MULTILIB_STRICT_EXEMPT} | sed -e 's:\([(|)]\):\\\1:g')
+ for dir in ${MULTILIB_STRICT_DIRS} ; do
+ [[ -d ${ED}/${dir} ]] || continue
+ for file in $(find ${ED}/${dir} -type f | grep -v "^${ED}/${dir}/${MULTILIB_STRICT_EXEMPT}"); do
+ if file ${file} | egrep -q "${MULTILIB_STRICT_DENY}" ; then
+ echo "${file#${ED}//}" >> "${T}/multilib-strict.log"
+ fi
+ done
+ done
+
+ if [[ -s ${T}/multilib-strict.log ]] ; then
+ if [[ ${#QA_MULTILIB_PATHS[@]} -eq 1 ]] ; then
+ local shopts=$-
+ set -o noglob
+ QA_MULTILIB_PATHS=(${QA_MULTILIB_PATHS})
+ set +o noglob
+ set -${shopts}
+ fi
+ if [ "${QA_STRICT_MULTILIB_PATHS-unset}" = unset ] ; then
+ local x
+ for x in "${QA_MULTILIB_PATHS[@]}" ; do
+ sed -e "s#^${x#/}\$##" -i "${T}/multilib-strict.log"
+ done
+ sed -e "/^\$/d" -i "${T}/multilib-strict.log"
+ fi
+ if [[ -s ${T}/multilib-strict.log ]] ; then
+ abort=yes
+ echo "Files matching a file type that is not allowed:"
+ while read -r ; do
+ echo " ${REPLY}"
+ done < "${T}/multilib-strict.log"
+ fi
+ fi
+
+ [[ ${abort} == yes ]] && die "multilib-strict check failed!"
+ fi
+}
+
+multilib_strict_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings
new file mode 100644
index 0000000..ae39485
--- /dev/null
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -0,0 +1,145 @@
+# Check for important gcc warning
+
+gcc_warn_check() {
+ local f
+
+ # Evaluate misc gcc warnings
+ if [[ -n ${PORTAGE_LOG_FILE} && -r ${PORTAGE_LOG_FILE} ]] ; then
+ # In debug mode, this variable definition and corresponding grep calls
+ # will produce false positives if they're shown in the trace.
+ local reset_debug=0
+ if [[ ${-/x/} != $- ]] ; then
+ set +x
+ reset_debug=1
+ fi
+ local m msgs=(
+ ": warning: dereferencing type-punned pointer will break strict-aliasing rules"
+ ": warning: dereferencing pointer .* does break strict-aliasing rules"
+ ": warning: implicit declaration of function"
+ ": warning: incompatible implicit declaration of built-in function"
+ ": warning: is used uninitialized in this function" # we'll ignore "may" and "might"
+ ": warning: comparisons like X<=Y<=Z do not have their mathematical meaning"
+ ": warning: null argument where non-null required"
+ ": warning: array subscript is below array bounds"
+ ": warning: array subscript is above array bounds"
+ ": warning: attempt to free a non-heap object"
+ ": warning: .* called with .*bigger.* than .* destination buffer"
+ ": warning: call to .* will always overflow destination buffer"
+ ": warning: assuming pointer wraparound does not occur when comparing"
+ ": warning: hex escape sequence out of range"
+ ": warning: [^ ]*-hand operand of comma .*has no effect"
+ ": warning: converting to non-pointer type .* from NULL"
+ ": warning: NULL used in arithmetic"
+ ": warning: passing NULL to non-pointer argument"
+ ": warning: the address of [^ ]* will always evaluate as"
+ ": warning: the address of [^ ]* will never be NULL"
+ ": warning: too few arguments for format"
+ ": warning: reference to local variable .* returned"
+ ": warning: returning reference to temporary"
+ ": warning: function returns address of local variable"
+ ": warning: .*\\[-Wsizeof-pointer-memaccess\\]"
+ ": warning: .*\\[-Waggressive-loop-optimizations\\]"
+ # this may be valid code :/
+ #": warning: multi-character character constant"
+ # need to check these two ...
+ #": warning: assuming signed overflow does not occur when"
+ #": warning: comparison with string literal results in unspecified behav"
+ # yacc/lex likes to trigger this one
+ #": warning: extra tokens at end of .* directive"
+ # only gcc itself triggers this ?
+ #": warning: .*noreturn.* function does return"
+ # these throw false positives when 0 is used instead of NULL
+ #": warning: missing sentinel in function call"
+ #": warning: not enough variable arguments to fit a sentinel"
+ )
+ local abort="no"
+ local i=0
+ local grep_cmd=grep
+ [[ $PORTAGE_LOG_FILE = *.gz ]] && grep_cmd=zgrep
+ while [[ -n ${msgs[${i}]} ]] ; do
+ m=${msgs[$((i++))]}
+ # force C locale to work around slow unicode locales #160234
+ f=$(LC_ALL=C $grep_cmd "${m}" "${PORTAGE_LOG_FILE}")
+ if [[ -n ${f} ]] ; then
+ abort="yes"
+ # for now, don't make this fatal (see bug #337031)
+ #case "$m" in
+ # ": warning: call to .* will always overflow destination buffer") always_overflow=yes ;;
+ #esac
+ if [[ $always_overflow = yes ]] ; then
+ eerror
+ eerror "QA Notice: Package triggers severe warnings which indicate that it"
+ eerror " may exhibit random runtime failures."
+ eerror
+ eerror "${f}"
+ eerror
+ eerror " Please file a bug about this at http://bugs.gentoo.org/"
+ eerror " with the maintaining herd of the package."
+ eerror
+ else
+ __vecho -ne '\n'
+ eqawarn "QA Notice: Package triggers severe warnings which indicate that it"
+ eqawarn " may exhibit random runtime failures."
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ fi
+ fi
+ done
+ local cat_cmd=cat
+ [[ $PORTAGE_LOG_FILE = *.gz ]] && cat_cmd=zcat
+ [[ $reset_debug = 1 ]] && set -x
+ # Use safe cwd, avoiding unsafe import for bug #469338.
+ f=$(cd "${PORTAGE_PYM_PATH}" ; $cat_cmd "${PORTAGE_LOG_FILE}" | \
+ "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH"/check-implicit-pointer-usage.py || die "check-implicit-pointer-usage.py failed")
+ if [[ -n ${f} ]] ; then
+
+ # In the future this will be a forced "die". In preparation,
+ # increase the log level from "qa" to "eerror" so that people
+ # are aware this is a problem that must be fixed asap.
+
+ # just warn on 32bit hosts but bail on 64bit hosts
+ case ${CHOST} in
+ alpha*|hppa64*|ia64*|powerpc64*|mips64*|sparc64*|sparcv9*|x86_64*) gentoo_bug=yes ;;
+ esac
+
+ abort=yes
+
+ if [[ $gentoo_bug = yes ]] ; then
+ eerror
+ eerror "QA Notice: Package triggers severe warnings which indicate that it"
+ eerror " will almost certainly crash on 64bit architectures."
+ eerror
+ eerror "${f}"
+ eerror
+ eerror " Please file a bug about this at http://bugs.gentoo.org/"
+ eerror " with the maintaining herd of the package."
+ eerror
+ else
+ __vecho -ne '\n'
+ eqawarn "QA Notice: Package triggers severe warnings which indicate that it"
+ eqawarn " will almost certainly crash on 64bit architectures."
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ fi
+
+ fi
+ if [[ ${abort} == "yes" ]] ; then
+ if [[ $gentoo_bug = yes || $always_overflow = yes ]] ; then
+ die "install aborted due to severe warnings shown above"
+ else
+ echo "Please do not file a Gentoo bug and instead" \
+ "report the above QA issues directly to the upstream" \
+ "developers of this software." | fmt -w 70 | \
+ while read -r line ; do eqawarn "${line}" ; done
+ eqawarn "Homepage: ${HOMEPAGE}"
+ has stricter ${FEATURES} && \
+ die "install aborted due to severe warnings shown above"
+ fi
+ fi
+ fi
+}
+
+gcc_warn_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/install-qa-check.d/90world-writable b/bin/install-qa-check.d/90world-writable
new file mode 100644
index 0000000..771027e
--- /dev/null
+++ b/bin/install-qa-check.d/90world-writable
@@ -0,0 +1,25 @@
+# Check for world-writable files
+
+world_writable_check() {
+ # Now we look for all world writable files.
+ local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e "s:^${ED}:- :")
+ if [[ -n ${unsafe_files} ]] ; then
+ __vecho "QA Security Notice: world writable file(s):"
+ __vecho "${unsafe_files}"
+ __vecho "- This may or may not be a security problem, most of the time it is one."
+ __vecho "- Please double check that $PF really needs a world writeable bit and file bugs accordingly."
+ sleep 1
+ fi
+
+ local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm -4002 ')' | sed -e "s:^${ED}:/:")
+ if [[ -n ${unsafe_files} ]] ; then
+ eqawarn "QA Notice: Unsafe files detected (set*id and world writable)"
+ eqawarn "${unsafe_files}"
+ die "Unsafe files found in \${D}. Portage will not install them."
+ fi
+}
+
+world_writable_check
+: # guarantee successful exit
+
+# vim:ft=sh
diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh
index f6c3c1c..d701ba6 100755
--- a/bin/misc-functions.sh
+++ b/bin/misc-functions.sh
@@ -170,63 +170,17 @@ install_qa_check() {
cd "${ED}" || die "cd failed"
- qa_var="QA_FLAGS_IGNORED_${ARCH/-/_}"
- eval "[[ -n \${!qa_var} ]] && QA_FLAGS_IGNORED=(\"\${${qa_var}[@]}\")"
- if [[ ${#QA_FLAGS_IGNORED[@]} -eq 1 ]] ; then
- local shopts=$-
- set -o noglob
- QA_FLAGS_IGNORED=(${QA_FLAGS_IGNORED})
- set +o noglob
- set -${shopts}
- fi
-
- # Check for files built without respecting *FLAGS. Note that
- # -frecord-gcc-switches must be in all *FLAGS variables, in
- # order to avoid false positive results here.
- # NOTE: This check must execute before prepall/prepstrip, since
- # prepstrip strips the .GCC.command.line sections.
- if type -P scanelf > /dev/null && ! has binchecks ${RESTRICT} && \
- [[ "${CFLAGS}" == *-frecord-gcc-switches* ]] && \
- [[ "${CXXFLAGS}" == *-frecord-gcc-switches* ]] && \
- [[ "${FFLAGS}" == *-frecord-gcc-switches* ]] && \
- [[ "${FCFLAGS}" == *-frecord-gcc-switches* ]] ; then
- rm -f "${T}"/scanelf-ignored-CFLAGS.log
- for x in $(scanelf -qyRF '#k%p' -k '!.GCC.command.line' "${ED}") ; do
- # Separate out file types that are known to support
- # .GCC.command.line sections, using the `file` command
- # similar to how prepstrip uses it.
- f=$(file "${x}") || continue
- [[ -z ${f} ]] && continue
- if [[ ${f} == *"SB executable"* ||
- ${f} == *"SB shared object"* ]] ; then
- echo "${x}" >> "${T}"/scanelf-ignored-CFLAGS.log
- fi
- done
-
- if [[ -f "${T}"/scanelf-ignored-CFLAGS.log ]] ; then
-
- if [ "${QA_STRICT_FLAGS_IGNORED-unset}" = unset ] ; then
- for x in "${QA_FLAGS_IGNORED[@]}" ; do
- sed -e "s#^${x#/}\$##" -i "${T}"/scanelf-ignored-CFLAGS.log
- done
- fi
- # Filter anything under /usr/lib/debug/ in order to avoid
- # duplicate warnings for splitdebug files.
- sed -e "s#^usr/lib/debug/.*##" -e "/^\$/d" -e "s#^#/#" \
- -i "${T}"/scanelf-ignored-CFLAGS.log
- f=$(<"${T}"/scanelf-ignored-CFLAGS.log)
- if [[ -n ${f} ]] ; then
- __vecho -ne '\n'
- eqawarn "${BAD}QA Notice: Files built without respecting CFLAGS have been detected${NORMAL}"
- eqawarn " Please include the following list of files in your report:"
- eqawarn "${f}"
- __vecho -ne '\n'
- sleep 1
- else
- rm -f "${T}"/scanelf-ignored-CFLAGS.log
- fi
- fi
- fi
+ # Run QA checks from install-qa-check.d.
+ # Note: checks need to be run *before* stripping.
+ local f
+ # TODO: handle nullglob-like
+ for f in "${PORTAGE_BIN_PATH}"/install-qa-check.d/*; do
+ # Run in a subshell to treat it like external script,
+ # but use 'source' to pass all variables through.
+ (
+ source "${f}" || eerror "Post-install QA check ${f##*/} failed to run"
+ )
+ done
export STRIP_MASK
prepall
@@ -234,290 +188,6 @@ install_qa_check() {
ecompressdir --dequeue
ecompress --dequeue
- # Prefix specific checks
- [[ ${ED} != ${D} ]] && install_qa_check_prefix
-
- f=
- for x in etc/app-defaults usr/man usr/info usr/X11R6 usr/doc usr/locale ; do
- [[ -d ${ED}/$x ]] && f+=" $x\n"
- done
- if [[ -n $f ]] ; then
- eqawarn "QA Notice: This ebuild installs into the following deprecated directories:"
- eqawarn
- eqawarn "$f"
- fi
-
- # It's ok create these directories, but not to install into them. #493154
- # TODO: We should add var/lib to this list.
- f=
- for x in var/cache var/lock var/run run ; do
- if [[ ! -L ${ED}/${x} && -d ${ED}/${x} ]] ; then
- if [[ -z $(find "${ED}/${x}" -prune -empty) ]] ; then
- f+=$(cd "${ED}"; find "${x}" -printf ' %p\n')
- fi
- fi
- done
- if [[ -n ${f} ]] ; then
- eqawarn "QA Notice: This ebuild installs into paths that should be created at runtime."
- eqawarn " To fix, simply do not install into these directories. Instead, your package"
- eqawarn " should create dirs on the fly at runtime as needed via init scripts/etc..."
- eqawarn
- eqawarn "${f}"
- fi
-
- set +f
- f=
- for x in "${ED}etc/udev/rules.d/"* "${ED}lib"*"/udev/rules.d/"* ; do
- [[ -e ${x} ]] || continue
- [[ ${x} == ${ED}lib/udev/rules.d/* ]] && continue
- f+=" ${x#${ED}}\n"
- done
- if [[ -n $f ]] ; then
- eqawarn "QA Notice: udev rules should be installed in /lib/udev/rules.d:"
- eqawarn
- eqawarn "$f"
- fi
-
- # Now we look for all world writable files.
- local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e "s:^${ED}:- :")
- if [[ -n ${unsafe_files} ]] ; then
- __vecho "QA Security Notice: world writable file(s):"
- __vecho "${unsafe_files}"
- __vecho "- This may or may not be a security problem, most of the time it is one."
- __vecho "- Please double check that $PF really needs a world writeable bit and file bugs accordingly."
- sleep 1
- fi
-
- if type -P scanelf > /dev/null && ! has binchecks ${RESTRICT}; then
- local insecure_rpath=0 tmp_quiet=${PORTAGE_QUIET}
- local x
-
- # display warnings when using stricter because we die afterwards
- if has stricter ${FEATURES} ; then
- unset PORTAGE_QUIET
- fi
-
- # Make sure we disallow insecure RUNPATH/RPATHs.
- # 1) References to PORTAGE_BUILDDIR are banned because it's a
- # security risk. We don't want to load files from a
- # temporary directory.
- # 2) If ROOT != "/", references to ROOT are banned because
- # that directory won't exist on the target system.
- # 3) Null paths are banned because the loader will search $PWD when
- # it finds null paths.
- local forbidden_dirs="${PORTAGE_BUILDDIR}"
- if [[ -n "${ROOT}" && "${ROOT}" != "/" ]]; then
- forbidden_dirs+=" ${ROOT}"
- fi
- local dir l rpath_files=$(scanelf -F '%F:%r' -qBR "${ED}")
- f=""
- for dir in ${forbidden_dirs}; do
- for l in $(echo "${rpath_files}" | grep -E ":${dir}|::|: "); do
- f+=" ${l%%:*}\n"
- if ! has stricter ${FEATURES}; then
- __vecho "Auto fixing rpaths for ${l%%:*}"
- TMPDIR="${dir}" scanelf -BXr "${l%%:*}" -o /dev/null
- fi
- done
- done
-
- # Reject set*id binaries with $ORIGIN in RPATH #260331
- x=$(
- find "${ED}" -type f \( -perm -u+s -o -perm -g+s \) -print0 | \
- xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN'
- )
-
- # Print QA notice.
- if [[ -n ${f}${x} ]] ; then
- __vecho -ne '\n'
- eqawarn "QA Notice: The following files contain insecure RUNPATHs"
- eqawarn " Please file a bug about this at http://bugs.gentoo.org/"
- eqawarn " with the maintaining herd of the package."
- eqawarn "${f}${f:+${x:+\n}}${x}"
- __vecho -ne '\n'
- if [[ -n ${x} ]] || has stricter ${FEATURES} ; then
- insecure_rpath=1
- fi
- fi
-
- # TEXTRELs are baaaaaaaad
- # Allow devs to mark things as ignorable ... e.g. things that are
- # binary-only and upstream isn't cooperating (nvidia-glx) ... we
- # allow ebuild authors to set QA_TEXTRELS_arch and QA_TEXTRELS ...
- # the former overrides the latter ... regexes allowed ! :)
- qa_var="QA_TEXTRELS_${ARCH/-/_}"
- [[ -n ${!qa_var} ]] && QA_TEXTRELS=${!qa_var}
- [[ -n ${QA_STRICT_TEXTRELS} ]] && QA_TEXTRELS=""
- export QA_TEXTRELS="${QA_TEXTRELS} lib*/modules/*.ko"
- f=$(scanelf -qyRF '%t %p' "${ED}" | grep -v 'usr/lib/debug/')
- if [[ -n ${f} ]] ; then
- scanelf -qyRAF '%T %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-textrel.log
- __vecho -ne '\n'
- eqawarn "QA Notice: The following files contain runtime text relocations"
- eqawarn " Text relocations force the dynamic linker to perform extra"
- eqawarn " work at startup, waste system resources, and may pose a security"
- eqawarn " risk. On some architectures, the code may not even function"
- eqawarn " properly, if at all."
- eqawarn " For more information, see http://hardened.gentoo.org/pic-fix-guide.xml"
- eqawarn " Please include the following list of files in your report:"
- eqawarn "${f}"
- __vecho -ne '\n'
- die_msg="${die_msg} textrels,"
- sleep 1
- fi
-
- # Also, executable stacks only matter on linux (and just glibc atm ...)
- f=""
- case ${CTARGET:-${CHOST}} in
- *-linux-gnu*)
- # Check for files with executable stacks, but only on arches which
- # are supported at the moment. Keep this list in sync with
- # http://www.gentoo.org/proj/en/hardened/gnu-stack.xml (Arch Status)
- case ${CTARGET:-${CHOST}} in
- arm*|i?86*|ia64*|m68k*|s390*|sh*|x86_64*)
- # Allow devs to mark things as ignorable ... e.g. things
- # that are binary-only and upstream isn't cooperating ...
- # we allow ebuild authors to set QA_EXECSTACK_arch and
- # QA_EXECSTACK ... the former overrides the latter ...
- # regexes allowed ! :)
-
- qa_var="QA_EXECSTACK_${ARCH/-/_}"
- [[ -n ${!qa_var} ]] && QA_EXECSTACK=${!qa_var}
- [[ -n ${QA_STRICT_EXECSTACK} ]] && QA_EXECSTACK=""
- qa_var="QA_WX_LOAD_${ARCH/-/_}"
- [[ -n ${!qa_var} ]] && QA_WX_LOAD=${!qa_var}
- [[ -n ${QA_STRICT_WX_LOAD} ]] && QA_WX_LOAD=""
- export QA_EXECSTACK="${QA_EXECSTACK} lib*/modules/*.ko"
- export QA_WX_LOAD="${QA_WX_LOAD} lib*/modules/*.ko"
- f=$(scanelf -qyRAF '%e %p' "${ED}" | grep -v 'usr/lib/debug/')
- ;;
- esac
- ;;
- esac
- if [[ -n ${f} ]] ; then
- # One more pass to help devs track down the source
- scanelf -qyRAF '%e %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-execstack.log
- __vecho -ne '\n'
- eqawarn "QA Notice: The following files contain writable and executable sections"
- eqawarn " Files with such sections will not work properly (or at all!) on some"
- eqawarn " architectures/operating systems. A bug should be filed at"
- eqawarn " http://bugs.gentoo.org/ to make sure the issue is fixed."
- eqawarn " For more information, see http://hardened.gentoo.org/gnu-stack.xml"
- eqawarn " Please include the following list of files in your report:"
- eqawarn " Note: Bugs should be filed for the respective maintainers"
- eqawarn " of the package in question and not hardened@g.o."
- eqawarn "${f}"
- __vecho -ne '\n'
- die_msg="${die_msg} execstacks"
- sleep 1
- fi
-
- # Check for files built without respecting LDFLAGS
- if [[ "${LDFLAGS}" == *,--hash-style=gnu* ]] && \
- ! has binchecks ${RESTRICT} ; then
- f=$(scanelf -qyRF '#k%p' -k .hash "${ED}")
- if [[ -n ${f} ]] ; then
- echo "${f}" > "${T}"/scanelf-ignored-LDFLAGS.log
- if [ "${QA_STRICT_FLAGS_IGNORED-unset}" = unset ] ; then
- for x in "${QA_FLAGS_IGNORED[@]}" ; do
- sed -e "s#^${x#/}\$##" -i "${T}"/scanelf-ignored-LDFLAGS.log
- done
- fi
- # Filter anything under /usr/lib/debug/ in order to avoid
- # duplicate warnings for splitdebug files.
- sed -e "s#^usr/lib/debug/.*##" -e "/^\$/d" -e "s#^#/#" \
- -i "${T}"/scanelf-ignored-LDFLAGS.log
- f=$(<"${T}"/scanelf-ignored-LDFLAGS.log)
- if [[ -n ${f} ]] ; then
- __vecho -ne '\n'
- eqawarn "${BAD}QA Notice: Files built without respecting LDFLAGS have been detected${NORMAL}"
- eqawarn " Please include the following list of files in your report:"
- eqawarn "${f}"
- __vecho -ne '\n'
- sleep 1
- else
- rm -f "${T}"/scanelf-ignored-LDFLAGS.log
- fi
- fi
- fi
-
- if [[ ${insecure_rpath} -eq 1 ]] ; then
- die "Aborting due to serious QA concerns with RUNPATH/RPATH"
- elif [[ -n ${die_msg} ]] && has stricter ${FEATURES} ; then
- die "Aborting due to QA concerns: ${die_msg}"
- fi
-
- # Check for shared libraries lacking SONAMEs
- qa_var="QA_SONAME_${ARCH/-/_}"
- eval "[[ -n \${!qa_var} ]] && QA_SONAME=(\"\${${qa_var}[@]}\")"
- f=$(scanelf -ByF '%S %p' "${ED}"{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]${ED}:/:")
- if [[ -n ${f} ]] ; then
- echo "${f}" > "${T}"/scanelf-missing-SONAME.log
- if [[ "${QA_STRICT_SONAME-unset}" == unset ]] ; then
- if [[ ${#QA_SONAME[@]} -gt 1 ]] ; then
- for x in "${QA_SONAME[@]}" ; do
- sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-SONAME.log
- done
- else
- local shopts=$-
- set -o noglob
- for x in ${QA_SONAME} ; do
- sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-SONAME.log
- done
- set +o noglob
- set -${shopts}
- fi
- fi
- sed -e "/^\$/d" -i "${T}"/scanelf-missing-SONAME.log
- f=$(<"${T}"/scanelf-missing-SONAME.log)
- if [[ -n ${f} ]] ; then
- __vecho -ne '\n'
- eqawarn "QA Notice: The following shared libraries lack a SONAME"
- eqawarn "${f}"
- __vecho -ne '\n'
- sleep 1
- else
- rm -f "${T}"/scanelf-missing-SONAME.log
- fi
- fi
-
- # Check for shared libraries lacking NEEDED entries
- qa_var="QA_DT_NEEDED_${ARCH/-/_}"
- eval "[[ -n \${!qa_var} ]] && QA_DT_NEEDED=(\"\${${qa_var}[@]}\")"
- f=$(scanelf -ByF '%n %p' "${ED}"{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]${ED}:/:")
- if [[ -n ${f} ]] ; then
- echo "${f}" > "${T}"/scanelf-missing-NEEDED.log
- if [[ "${QA_STRICT_DT_NEEDED-unset}" == unset ]] ; then
- if [[ ${#QA_DT_NEEDED[@]} -gt 1 ]] ; then
- for x in "${QA_DT_NEEDED[@]}" ; do
- sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-NEEDED.log
- done
- else
- local shopts=$-
- set -o noglob
- for x in ${QA_DT_NEEDED} ; do
- sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-NEEDED.log
- done
- set +o noglob
- set -${shopts}
- fi
- fi
- sed -e "/^\$/d" -i "${T}"/scanelf-missing-NEEDED.log
- f=$(<"${T}"/scanelf-missing-NEEDED.log)
- if [[ -n ${f} ]] ; then
- __vecho -ne '\n'
- eqawarn "QA Notice: The following shared libraries lack NEEDED entries"
- eqawarn "${f}"
- __vecho -ne '\n'
- sleep 1
- else
- rm -f "${T}"/scanelf-missing-NEEDED.log
- fi
- fi
-
- PORTAGE_QUIET=${tmp_quiet}
- fi
-
# Create NEEDED.ELF.2 regardless of RESTRICT=binchecks, since this info is
# too useful not to have (it's required for things like preserve-libs), and
# it's tempting for ebuild authors to set RESTRICT=binchecks for packages
@@ -546,595 +216,8 @@ install_qa_check() {
fi
fi
- local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm -4002 ')' | sed -e "s:^${ED}:/:")
- if [[ -n ${unsafe_files} ]] ; then
- eqawarn "QA Notice: Unsafe files detected (set*id and world writable)"
- eqawarn "${unsafe_files}"
- die "Unsafe files found in \${D}. Portage will not install them."
- fi
-
- if [[ -d ${D%/}${D} ]] ; then
- local -i INSTALLTOD=0
- while read -r -d $'\0' i ; do
- eqawarn "QA Notice: /${i##${D%/}${D}} installed in \${D}/\${D}"
- ((INSTALLTOD++))
- done < <(find "${D%/}${D}" -print0)
- die "Aborting due to QA concerns: ${INSTALLTOD} files installed in ${D%/}${D}"
- fi
-
- # Sanity check syntax errors in init.d scripts
- local d
- for d in /etc/conf.d /etc/init.d ; do
- [[ -d ${ED}/${d} ]] || continue
- for i in "${ED}"/${d}/* ; do
- [[ -L ${i} ]] && continue
- # if empty conf.d/init.d dir exists (baselayout), then i will be "/etc/conf.d/*" and not exist
- [[ ! -e ${i} ]] && continue
- if [[ ${d} == /etc/init.d && ${i} != *.sh ]] ; then
- # skip non-shell-script for bug #451386
- [[ $(head -n1 "${i}") =~ ^#!.*[[:space:]/](runscript|sh)$ ]] || continue
- fi
- bash -n "${i}" || die "The init.d file has syntax errors: ${i}"
- done
- done
-
- local checkbashisms=$(type -P checkbashisms)
- if [[ -n ${checkbashisms} ]] ; then
- for d in /etc/init.d ; do
- [[ -d ${ED}${d} ]] || continue
- for i in "${ED}${d}"/* ; do
- [[ -e ${i} ]] || continue
- [[ -L ${i} ]] && continue
- f=$("${checkbashisms}" -f "${i}" 2>&1)
- [[ $? != 0 && -n ${f} ]] || continue
- eqawarn "QA Notice: shell script appears to use non-POSIX feature(s):"
- while read -r ;
- do eqawarn " ${REPLY}"
- done <<< "${f//${ED}}"
- done
- done
- fi
-
- # Common mistakes in systemd service files.
- if type -P pkg-config >/dev/null && pkg-config --exists systemd; then
- systemddir=$(pkg-config --variable=systemdsystemunitdir systemd)
- else
- systemddir=/usr/lib/systemd/system
- fi
- if [[ -d ${ED%/}${systemddir} ]]; then
- f=$(grep -sH '^EnvironmentFile.*=.*/etc/conf\.d' "${ED%/}${systemddir}"/*.service)
- if [[ -n ${f} ]] ; then
- eqawarn "QA Notice: systemd units using /etc/conf.d detected:"
- eqawarn "${f//${D}}"
- eqawarn "See: https://wiki.gentoo.org/wiki/Project:Systemd/conf.d_files"
- fi
- fi
-
- # Check for correct bash-completion install path.
- local syscompdir=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null)
- : ${syscompdir:=${EPREFIX}/usr/share/bash-completion/completions}
-
- local instcompdir
- if [[ -d ${ED}/usr/share/bash-completion/completions ]]; then
- instcompdir=${ED}/usr/share/bash-completion/completions
- elif [[ -d ${ED}/usr/share/bash-completion ]]; then
- if [[ ${syscompdir} != ${EPREFIX}/usr/share/bash-completion ]]; then
- eqawarn "Bash completions were installed in legacy location. Please update"
- eqawarn "the ebuild to get the install paths using bash-completion-r1.eclass."
- eqawarn
- fi
-
- instcompdir=${ED}/usr/share/bash-completion
- fi
-
- # Do a few QA tests on bash completions.
- if [[ -n ${instcompdir} && -f ${EROOT}/usr/share/bash-completion/bash_completion ]]; then
- (
- _get_completions() {
- # source the file
- source "${1}" &>/dev/null
-
- [[ ${USED_HAVE} == yes ]] && echo '__HAVE_USED__'
-
- # print the completed commands
- while read -a args; do
- [[ ${args[0]} == complete ]] || continue
- # command always comes last, one per line
- echo "${args[$(( ${#args[@]} - 1))]}"
- done < <(complete -p)
- }
-
- # load the global helpers
- source "${EROOT}"/usr/share/bash-completion/bash_completion
-
- # clean up predefined completions
- complete -r
-
- # force all completions on
- _have() {
- return 0
- }
-
- local USED_HAVE=no
- # add a replacement for have()
- have() {
- USED_HAVE=yes
-
- unset -v have
- _have ${1} && have=yes
- }
-
- local f c completions
- local all_compls=()
- local all_files=()
- local qa_warnings=()
-
- for f in "${instcompdir}"/*; do
- # ignore directories and other non-files
- [[ ! -f ${f} ]] && continue
-
- # skip the common code file
- # (in case we're run in /usr/share/bash-completion)
- [[ ${f##*/} == bash_completion ]] && continue
-
- completions=( $(_get_completions "${f}") )
-
- if [[ ${completions[0]} == __HAVE_USED__ ]]; then
- qa_warnings+=(
- "${f##*/}: 'have' command is deprecated and must not be used."
- )
- unset 'completions[0]'
- fi
-
- if [[ -z ${completions[@]} ]]; then
- qa_warnings+=(
- "${f##*/}: does not define any completions (failed to source?)."
- )
- continue
- fi
-
- for c in "${completions[@]}"; do
- if [[ ${c} == /* ]]; then
- qa_warnings+=(
- "${f##*/}: absolute paths can not be used for completions (on '${c}')."
- )
- else
- all_compls+=( "${c}" )
- fi
- done
-
- if ! has "${f##*/}" "${all_compls[@]}"; then
- qa_warnings+=(
- "${f##*/}: incorrect name, no completions for '${f##*/}' command defined."
- )
- fi
-
- all_files+=( "${f##*/}" )
- done
-
- for c in "${all_compls[@]}"; do
- if ! has "${c}" "${all_files[@]}"; then
- qa_warnings+=(
- "${c}: missing alias (symlink) for completed command."
- )
- fi
- done
-
- if [[ -n ${qa_warnings[@]} ]]; then
- eqawarn "Problems with installed bash completions were found:"
- eqawarn
- for c in "${qa_warnings[@]}"; do
- eqawarn " ${c}"
- done
- eqawarn
- eqawarn "For more details on installing bash-completions, please see:"
- eqawarn "https://wiki.gentoo.org/wiki/Bash/Installing_completion_files"
- eqawarn
- fi
- )
- fi
-
- # Look for leaking LDFLAGS into pkg-config files
- f=$(egrep -sH '^Libs.*-Wl,(-O[012]|--hash-style)' "${ED}"/usr/*/pkgconfig/*.pc)
- if [[ -n ${f} ]] ; then
- eqawarn "QA Notice: pkg-config files with wrong LDFLAGS detected:"
- eqawarn "${f//${D}}"
- fi
-
- # this should help to ensure that all (most?) shared libraries are executable
- # and that all libtool scripts / static libraries are not executable
- local j
- for i in "${ED}"opt/*/lib* \
- "${ED}"lib* \
- "${ED}"usr/lib* ; do
- [[ ! -d ${i} ]] && continue
-
- for j in "${i}"/*.so.* "${i}"/*.so ; do
- [[ ! -e ${j} ]] && continue
- [[ -L ${j} ]] && continue
- [[ -x ${j} ]] && continue
- __vecho "making executable: ${j#${ED}}"
- chmod +x "${j}"
- done
-
- for j in "${i}"/*.a "${i}"/*.la ; do
- [[ ! -e ${j} ]] && continue
- [[ -L ${j} ]] && continue
- [[ ! -x ${j} ]] && continue
- __vecho "removing executable bit: ${j#${ED}}"
- chmod -x "${j}"
- done
-
- for j in "${i}"/*.{a,dll,dylib,sl,so}.* "${i}"/*.{a,dll,dylib,sl,so} ; do
- [[ ! -e ${j} ]] && continue
- [[ ! -L ${j} ]] && continue
- linkdest=$(readlink "${j}")
- if [[ ${linkdest} == /* ]] ; then
- __vecho -ne '\n'
- eqawarn "QA Notice: Found an absolute symlink in a library directory:"
- eqawarn " ${j#${D}} -> ${linkdest}"
- eqawarn " It should be a relative symlink if in the same directory"
- eqawarn " or a linker script if it crosses the /usr boundary."
- fi
- done
- done
-
- # When installing static libraries into /usr/lib and shared libraries into
- # /lib, we have to make sure we have a linker script in /usr/lib along side
- # the static library, or gcc will utilize the static lib when linking :(.
- # http://bugs.gentoo.org/4411
- abort="no"
- local a s
- for a in "${ED}"usr/lib*/*.a ; do
- s=${a%.a}.so
- if [[ ! -e ${s} ]] ; then
- s=${s%usr/*}${s##*/usr/}
- if [[ -e ${s} ]] ; then
- __vecho -ne '\n'
- eqawarn "QA Notice: Missing gen_usr_ldscript for ${s##*/}"
- abort="yes"
- fi
- fi
- done
- [[ ${abort} == "yes" ]] && die "add those ldscripts"
-
- # Make sure people don't store libtool files or static libs in /lib
- f=$(ls "${ED}"lib*/*.{a,la} 2>/dev/null)
- if [[ -n ${f} ]] ; then
- __vecho -ne '\n'
- eqawarn "QA Notice: Excessive files found in the / partition"
- eqawarn "${f}"
- __vecho -ne '\n'
- die "static archives (*.a) and libtool library files (*.la) belong in /usr/lib*, not /lib*"
- fi
-
- # Verify that the libtool files don't contain bogus $D entries.
- local abort=no gentoo_bug=no always_overflow=no
- for a in "${ED}"usr/lib*/*.la ; do
- s=${a##*/}
- if grep -qs "${ED}" "${a}" ; then
- __vecho -ne '\n'
- eqawarn "QA Notice: ${s} appears to contain PORTAGE_TMPDIR paths"
- abort="yes"
- fi
- done
- [[ ${abort} == "yes" ]] && die "soiled libtool library files found"
-
- # Evaluate misc gcc warnings
- if [[ -n ${PORTAGE_LOG_FILE} && -r ${PORTAGE_LOG_FILE} ]] ; then
- # In debug mode, this variable definition and corresponding grep calls
- # will produce false positives if they're shown in the trace.
- local reset_debug=0
- if [[ ${-/x/} != $- ]] ; then
- set +x
- reset_debug=1
- fi
- local m msgs=(
- ": warning: dereferencing type-punned pointer will break strict-aliasing rules"
- ": warning: dereferencing pointer .* does break strict-aliasing rules"
- ": warning: implicit declaration of function"
- ": warning: incompatible implicit declaration of built-in function"
- ": warning: is used uninitialized in this function" # we'll ignore "may" and "might"
- ": warning: comparisons like X<=Y<=Z do not have their mathematical meaning"
- ": warning: null argument where non-null required"
- ": warning: array subscript is below array bounds"
- ": warning: array subscript is above array bounds"
- ": warning: attempt to free a non-heap object"
- ": warning: .* called with .*bigger.* than .* destination buffer"
- ": warning: call to .* will always overflow destination buffer"
- ": warning: assuming pointer wraparound does not occur when comparing"
- ": warning: hex escape sequence out of range"
- ": warning: [^ ]*-hand operand of comma .*has no effect"
- ": warning: converting to non-pointer type .* from NULL"
- ": warning: NULL used in arithmetic"
- ": warning: passing NULL to non-pointer argument"
- ": warning: the address of [^ ]* will always evaluate as"
- ": warning: the address of [^ ]* will never be NULL"
- ": warning: too few arguments for format"
- ": warning: reference to local variable .* returned"
- ": warning: returning reference to temporary"
- ": warning: function returns address of local variable"
- ": warning: .*\\[-Wsizeof-pointer-memaccess\\]"
- ": warning: .*\\[-Waggressive-loop-optimizations\\]"
- # this may be valid code :/
- #": warning: multi-character character constant"
- # need to check these two ...
- #": warning: assuming signed overflow does not occur when"
- #": warning: comparison with string literal results in unspecified behav"
- # yacc/lex likes to trigger this one
- #": warning: extra tokens at end of .* directive"
- # only gcc itself triggers this ?
- #": warning: .*noreturn.* function does return"
- # these throw false positives when 0 is used instead of NULL
- #": warning: missing sentinel in function call"
- #": warning: not enough variable arguments to fit a sentinel"
- )
- abort="no"
- i=0
- local grep_cmd=grep
- [[ $PORTAGE_LOG_FILE = *.gz ]] && grep_cmd=zgrep
- while [[ -n ${msgs[${i}]} ]] ; do
- m=${msgs[$((i++))]}
- # force C locale to work around slow unicode locales #160234
- f=$(LC_ALL=C $grep_cmd "${m}" "${PORTAGE_LOG_FILE}")
- if [[ -n ${f} ]] ; then
- abort="yes"
- # for now, don't make this fatal (see bug #337031)
- #case "$m" in
- # ": warning: call to .* will always overflow destination buffer") always_overflow=yes ;;
- #esac
- if [[ $always_overflow = yes ]] ; then
- eerror
- eerror "QA Notice: Package triggers severe warnings which indicate that it"
- eerror " may exhibit random runtime failures."
- eerror
- eerror "${f}"
- eerror
- eerror " Please file a bug about this at http://bugs.gentoo.org/"
- eerror " with the maintaining herd of the package."
- eerror
- else
- __vecho -ne '\n'
- eqawarn "QA Notice: Package triggers severe warnings which indicate that it"
- eqawarn " may exhibit random runtime failures."
- eqawarn "${f}"
- __vecho -ne '\n'
- fi
- fi
- done
- local cat_cmd=cat
- [[ $PORTAGE_LOG_FILE = *.gz ]] && cat_cmd=zcat
- [[ $reset_debug = 1 ]] && set -x
- # Use safe cwd, avoiding unsafe import for bug #469338.
- f=$(cd "${PORTAGE_PYM_PATH}" ; $cat_cmd "${PORTAGE_LOG_FILE}" | \
- "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH"/check-implicit-pointer-usage.py || die "check-implicit-pointer-usage.py failed")
- if [[ -n ${f} ]] ; then
-
- # In the future this will be a forced "die". In preparation,
- # increase the log level from "qa" to "eerror" so that people
- # are aware this is a problem that must be fixed asap.
-
- # just warn on 32bit hosts but bail on 64bit hosts
- case ${CHOST} in
- alpha*|hppa64*|ia64*|powerpc64*|mips64*|sparc64*|sparcv9*|x86_64*) gentoo_bug=yes ;;
- esac
-
- abort=yes
-
- if [[ $gentoo_bug = yes ]] ; then
- eerror
- eerror "QA Notice: Package triggers severe warnings which indicate that it"
- eerror " will almost certainly crash on 64bit architectures."
- eerror
- eerror "${f}"
- eerror
- eerror " Please file a bug about this at http://bugs.gentoo.org/"
- eerror " with the maintaining herd of the package."
- eerror
- else
- __vecho -ne '\n'
- eqawarn "QA Notice: Package triggers severe warnings which indicate that it"
- eqawarn " will almost certainly crash on 64bit architectures."
- eqawarn "${f}"
- __vecho -ne '\n'
- fi
-
- fi
- if [[ ${abort} == "yes" ]] ; then
- if [[ $gentoo_bug = yes || $always_overflow = yes ]] ; then
- die "install aborted due to severe warnings shown above"
- else
- echo "Please do not file a Gentoo bug and instead" \
- "report the above QA issues directly to the upstream" \
- "developers of this software." | fmt -w 70 | \
- while read -r line ; do eqawarn "${line}" ; done
- eqawarn "Homepage: ${HOMEPAGE}"
- has stricter ${FEATURES} && \
- die "install aborted due to severe warnings shown above"
- fi
- fi
- fi
-
# Portage regenerates this on the installed system.
rm -f "${ED}"/usr/share/info/dir{,.gz,.bz2} || die "rm failed!"
-
- if has multilib-strict ${FEATURES} && \
- [[ -x /usr/bin/file && -x /usr/bin/find ]] && \
- [[ -n ${MULTILIB_STRICT_DIRS} && -n ${MULTILIB_STRICT_DENY} ]]
- then
- rm -f "${T}/multilib-strict.log"
- local abort=no dir file
- MULTILIB_STRICT_EXEMPT=$(echo ${MULTILIB_STRICT_EXEMPT} | sed -e 's:\([(|)]\):\\\1:g')
- for dir in ${MULTILIB_STRICT_DIRS} ; do
- [[ -d ${ED}/${dir} ]] || continue
- for file in $(find ${ED}/${dir} -type f | grep -v "^${ED}/${dir}/${MULTILIB_STRICT_EXEMPT}"); do
- if file ${file} | egrep -q "${MULTILIB_STRICT_DENY}" ; then
- echo "${file#${ED}//}" >> "${T}/multilib-strict.log"
- fi
- done
- done
-
- if [[ -s ${T}/multilib-strict.log ]] ; then
- if [[ ${#QA_MULTILIB_PATHS[@]} -eq 1 ]] ; then
- local shopts=$-
- set -o noglob
- QA_MULTILIB_PATHS=(${QA_MULTILIB_PATHS})
- set +o noglob
- set -${shopts}
- fi
- if [ "${QA_STRICT_MULTILIB_PATHS-unset}" = unset ] ; then
- for x in "${QA_MULTILIB_PATHS[@]}" ; do
- sed -e "s#^${x#/}\$##" -i "${T}/multilib-strict.log"
- done
- sed -e "/^\$/d" -i "${T}/multilib-strict.log"
- fi
- if [[ -s ${T}/multilib-strict.log ]] ; then
- abort=yes
- echo "Files matching a file type that is not allowed:"
- while read -r ; do
- echo " ${REPLY}"
- done < "${T}/multilib-strict.log"
- fi
- fi
-
- [[ ${abort} == yes ]] && die "multilib-strict check failed!"
- fi
-
- local pngfix=$(type -P pngfix)
- if [[ -n ${pngfix} ]] ; then
- local pngout=()
- local next
-
- while read -r -a pngout ; do
- local error=""
-
- case "${pngout[1]}" in
- CHK)
- error='invalid checksum'
- ;;
- TFB)
- error='broken IDAT window length'
- ;;
- esac
-
- if [[ -n ${error} ]] ; then
- if [[ -z ${next} ]] ; then
- eqawarn "QA Notice: broken .png files found:"
- next=1
- fi
- eqawarn " ${pngout[@]:7}: ${error}"
- fi
- done < <(find "${ED}" -type f -name '*.png' -exec "${pngfix}" {} +)
- fi
-}
-
-install_qa_check_prefix() {
- if [[ -d ${ED}/${D} ]] ; then
- find "${ED}/${D}" | \
- while read i ; do
- eqawarn "QA Notice: /${i##${ED}/${D}} installed in \${ED}/\${D}"
- done
- die "Aborting due to QA concerns: files installed in ${ED}/${D}"
- fi
-
- if [[ -d ${ED}/${EPREFIX} ]] ; then
- find "${ED}/${EPREFIX}/" | \
- while read i ; do
- eqawarn "QA Notice: ${i#${D}} double prefix"
- done
- die "Aborting due to QA concerns: double prefix files installed"
- fi
-
- if [[ -d ${D} ]] ; then
- INSTALLTOD=$(find ${D%/} | egrep -v "^${ED}" | sed -e "s|^${D%/}||" | awk '{if (length($0) <= length("'"${EPREFIX}"'")) { if (substr("'"${EPREFIX}"'", 1, length($0)) != $0) {print $0;} } else if (substr($0, 1, length("'"${EPREFIX}"'")) != "'"${EPREFIX}"'") {print $0;} }')
- if [[ -n ${INSTALLTOD} ]] ; then
- eqawarn "QA Notice: the following files are outside of the prefix:"
- eqawarn "${INSTALLTOD}"
- die "Aborting due to QA concerns: there are files installed outside the prefix"
- fi
- fi
-
- # all further checks rely on ${ED} existing
- [[ -d ${ED} ]] || return
-
- # check shebangs, bug #282539
- rm -f "${T}"/non-prefix-shebangs-errs
- local WHITELIST=" /usr/bin/env "
- # this is hell expensive, but how else?
- find "${ED}" -executable \! -type d -print0 \
- | xargs -0 grep -H -n -m1 "^#!" \
- | while read f ;
- do
- local fn=${f%%:*}
- local pos=${f#*:} ; pos=${pos%:*}
- local line=${f##*:}
- # shebang always appears on the first line ;)
- [[ ${pos} != 1 ]] && continue
- local oldIFS=${IFS}
- IFS=$'\r'$'\n'$'\t'" "
- line=( ${line#"#!"} )
- IFS=${oldIFS}
- [[ ${WHITELIST} == *" ${line[0]} "* ]] && continue
- local fp=${fn#${D}} ; fp=/${fp%/*}
- # line[0] can be an absolutised path, bug #342929
- local eprefix=$(canonicalize ${EPREFIX})
- local rf=${fn}
- # in case we deal with a symlink, make sure we don't replace it
- # with a real file (sed -i does that)
- if [[ -L ${fn} ]] ; then
- rf=$(readlink ${fn})
- [[ ${rf} != /* ]] && rf=${fn%/*}/${rf}
- # ignore symlinks pointing to outside prefix
- # as seen in sys-devel/native-cctools
- [[ $(canonicalize "/${rf#${D}}") != ${eprefix}/* ]] && continue
- fi
- # does the shebang start with ${EPREFIX}, and does it exist?
- if [[ ${line[0]} == ${EPREFIX}/* || ${line[0]} == ${eprefix}/* ]] ; then
- if [[ ! -e ${ROOT%/}${line[0]} && ! -e ${D%/}${line[0]} ]] ; then
- # hmm, refers explicitly to $EPREFIX, but doesn't exist,
- # if it's in PATH that's wrong in any case
- if [[ ":${PATH}:" == *":${fp}:"* ]] ; then
- echo "${fn#${D}}:${line[0]} (explicit EPREFIX but target not found)" \
- >> "${T}"/non-prefix-shebangs-errs
- else
- eqawarn "${fn#${D}} has explicit EPREFIX in shebang but target not found (${line[0]})"
- fi
- fi
- continue
- fi
- # unprefixed shebang, is the script directly in $PATH?
- if [[ ":${PATH}:" == *":${fp}:"* ]] ; then
- if [[ -e ${EROOT}${line[0]} || -e ${ED}${line[0]} ]] ; then
- # is it unprefixed, but we can just fix it because a
- # prefixed variant exists
- eqawarn "prefixing shebang of ${fn#${D}}"
- # statement is made idempotent on purpose, because
- # symlinks may point to the same target, and hence the
- # same real file may be sedded multiple times since we
- # read the shebangs in one go upfront for performance
- # reasons
- sed -i -e '1s:^#! \?'"${line[0]}"':#!'"${EPREFIX}"${line[0]}':' "${rf}"
- continue
- else
- # this is definitely wrong: script in $PATH and invalid shebang
- echo "${fn#${D}}:${line[0]} (script ${fn##*/} installed in PATH but interpreter ${line[0]} not found)" \
- >> "${T}"/non-prefix-shebangs-errs
- fi
- else
- # unprefixed/invalid shebang, but outside $PATH, this may be
- # intended (e.g. config.guess) so remain silent by default
- has stricter ${FEATURES} && \
- eqawarn "invalid shebang in ${fn#${D}}: ${line[0]}"
- fi
- done
- if [[ -e "${T}"/non-prefix-shebangs-errs ]] ; then
- eqawarn "QA Notice: the following files use invalid (possible non-prefixed) shebangs:"
- while read line ; do
- eqawarn " ${line}"
- done < "${T}"/non-prefix-shebangs-errs
- rm -f "${T}"/non-prefix-shebangs-errs
- die "Aborting due to QA concerns: invalid shebangs found"
- fi
}
install_mask() {
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/portage:master commit in: bin/, bin/install-qa-check.d/
@ 2018-06-27 4:30 Zac Medico
0 siblings, 0 replies; 3+ messages in thread
From: Zac Medico @ 2018-06-27 4:30 UTC (permalink / raw
To: gentoo-commits
commit: b7852258f4366d1da16859bbfe3ca78ceabb53c7
Author: Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 27 02:37:43 2018 +0000
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Wed Jun 27 04:26:28 2018 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=b7852258
scanelf: fix %p format string for EAPI 7 (bug 659228)
For all scanelf path arguments that are used in processing of
the %p format string, normalize the argument to have a trailing
slash, so that the leading slash is consistently stripped in
the expansion of the %p format string.
Bug: https://bugs.gentoo.org/659228
bin/install-qa-check.d/10executable-issues | 4 ++--
bin/install-qa-check.d/10ignored-flags | 6 +++---
bin/misc-functions.sh | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/bin/install-qa-check.d/10executable-issues b/bin/install-qa-check.d/10executable-issues
index 24973fe0d..8a2c8e875 100644
--- a/bin/install-qa-check.d/10executable-issues
+++ b/bin/install-qa-check.d/10executable-issues
@@ -66,7 +66,7 @@ elf_check() {
[[ -n ${!qa_var} ]] && QA_TEXTRELS=${!qa_var}
[[ -n ${QA_STRICT_TEXTRELS} ]] && QA_TEXTRELS=""
export QA_TEXTRELS="${QA_TEXTRELS} lib*/modules/*.ko"
- f=$(scanelf -qyRF '%t %p' "${ED}" | grep -v 'usr/lib/debug/')
+ f=$(scanelf -qyRF '%t %p' "${ED%/}/" | grep -v 'usr/lib/debug/')
if [[ -n ${f} ]] ; then
scanelf -qyRAF '%T %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-textrel.log
__vecho -ne '\n'
@@ -109,7 +109,7 @@ elf_check() {
[[ -n ${QA_STRICT_WX_LOAD} ]] && QA_WX_LOAD=""
export QA_EXECSTACK="${QA_EXECSTACK} lib*/modules/*.ko"
export QA_WX_LOAD="${QA_WX_LOAD} lib*/modules/*.ko"
- f=$(scanelf -qyRAF '%e %p' "${ED}" | grep -v 'usr/lib/debug/')
+ f=$(scanelf -qyRAF '%e %p' "${ED%/}/" | grep -v 'usr/lib/debug/')
;;
esac
;;
diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags
index dc160e182..09bcb57fc 100644
--- a/bin/install-qa-check.d/10ignored-flags
+++ b/bin/install-qa-check.d/10ignored-flags
@@ -26,7 +26,7 @@ ignored_flag_check() {
[[ "${FFLAGS}" == *-frecord-gcc-switches* ]] && \
[[ "${FCFLAGS}" == *-frecord-gcc-switches* ]] ; then
rm -f "${T}"/scanelf-ignored-CFLAGS.log
- for x in $(scanelf -qyRF '#k%p' -k '!.GCC.command.line' "${ED}") ; do
+ for x in $(scanelf -qyRF '#k%p' -k '!.GCC.command.line' "${ED%/}/") ; do
# Separate out file types that are known to support
# .GCC.command.line sections, using the `file` command
# similar to how prepstrip uses it.
@@ -66,8 +66,8 @@ ignored_flag_check() {
# Check for files built without respecting LDFLAGS
if [[ "${LDFLAGS}" == *,--defsym=__gentoo_check_ldflags__* ]] && \
! has binchecks ${RESTRICT} ; then
- f=$(LC_ALL=C comm -3 <(scanelf -qyRF '#k%p' -k .dynsym "${ED}" | LC_ALL=C sort) \
- <(scanelf -qyRF '#s%p' -s __gentoo_check_ldflags__ "${ED}" | LC_ALL=C sort))
+ f=$(LC_ALL=C comm -3 <(scanelf -qyRF '#k%p' -k .dynsym "${ED%/}/" | LC_ALL=C sort) \
+ <(scanelf -qyRF '#s%p' -s __gentoo_check_ldflags__ "${ED%/}/" | LC_ALL=C sort))
if [[ -n ${f} ]] ; then
echo "${f}" > "${T}"/scanelf-ignored-LDFLAGS.log
if [ "${QA_STRICT_FLAGS_IGNORED-unset}" = unset ] ; then
diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh
index de8af955d..34492e086 100755
--- a/bin/misc-functions.sh
+++ b/bin/misc-functions.sh
@@ -237,7 +237,7 @@ install_qa_check() {
if type -P scanelf > /dev/null ; then
# Save NEEDED information after removing self-contained providers
rm -f "$PORTAGE_BUILDDIR"/build-info/NEEDED{,.ELF.2}
- scanelf -qyRF '%a;%p;%S;%r;%n' "${D}" | { while IFS= read -r l; do
+ scanelf -qyRF '%a;%p;%S;%r;%n' "${D%/}/" | { while IFS= read -r l; do
arch=${l%%;*}; l=${l#*;}
obj="/${l%%;*}"; l=${l#*;}
soname=${l%%;*}; l=${l#*;}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/portage:master commit in: bin/, bin/install-qa-check.d/
@ 2021-06-20 21:46 Michał Górny
0 siblings, 0 replies; 3+ messages in thread
From: Michał Górny @ 2021-06-20 21:46 UTC (permalink / raw
To: gentoo-commits
commit: c3e4919fd004ce0f5c91c67ea377bbda83558ca9
Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 20 20:54:36 2021 +0000
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sun Jun 20 21:46:05 2021 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=c3e4919f
Use PORTAGE_PROPERTIES and PORTAGE_RESTRICT internally
Use PORTAGE_PROPERTIES and PORTAGE_RESTRICT directly for internal
purposes rather than relying on PROPERTIES and RESTRICT having
the flattened values.
Reviewed-by: Zac Medico <zmedico <AT> gentoo.org>
Closes: https://github.com/gentoo/portage/pull/734
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>
bin/ebuild.sh | 2 +-
bin/estrip | 14 +++++++-------
bin/install-qa-check.d/10executable-issues | 2 +-
bin/install-qa-check.d/10ignored-flags | 4 ++--
bin/install-qa-check.d/80libraries | 2 +-
bin/misc-functions.sh | 2 +-
bin/phase-functions.sh | 8 ++++----
bin/phase-helpers.sh | 2 +-
8 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index 904fdf54e..5916bedfc 100755
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -737,7 +737,7 @@ if ! has "$EBUILD_PHASE" clean cleanrm ; then
fi
fi
-if has nostrip ${FEATURES} ${RESTRICT} || has strip ${RESTRICT}
+if has nostrip ${FEATURES} ${PORTAGE_RESTRICT} || has strip ${PORTAGE_RESTRICT}
then
export DEBUGBUILD=1
fi
diff --git a/bin/estrip b/bin/estrip
index 81f78e847..7ef1ec35c 100755
--- a/bin/estrip
+++ b/bin/estrip
@@ -16,7 +16,7 @@ exp_tf() {
done
}
exp_tf FEATURES compressdebug installsources nostrip splitdebug xattr
-exp_tf RESTRICT binchecks installsources splitdebug strip
+exp_tf PORTAGE_RESTRICT binchecks installsources splitdebug strip
if ! ___eapi_has_prefix_variables; then
EPREFIX= ED=${D}
@@ -24,7 +24,7 @@ fi
banner=false
SKIP_STRIP=false
-if ${RESTRICT_strip} || ${FEATURES_nostrip} ; then
+if ${PORTAGE_RESTRICT_strip} || ${FEATURES_nostrip} ; then
SKIP_STRIP=true
banner=true
${FEATURES_installsources} || exit 0
@@ -167,7 +167,7 @@ mkdir -p "${tmpdir}"/{inodes,splitdebug,sources}
# Usage: save_elf_sources <elf>
save_elf_sources() {
${FEATURES_installsources} || return 0
- ${RESTRICT_installsources} && return 0
+ ${PORTAGE_RESTRICT_installsources} && return 0
if ! ${debugedit_found} ; then
if ! ${debugedit_warned} ; then
debugedit_warned=true
@@ -192,7 +192,7 @@ save_elf_sources() {
# Usage: save_elf_debug <elf> [splitdebug file]
save_elf_debug() {
${FEATURES_splitdebug} || return 0
- ${RESTRICT_splitdebug} && return 0
+ ${PORTAGE_RESTRICT_splitdebug} && return 0
# NOTE: Debug files must be installed in
# ${EPREFIX}/usr/lib/debug/${EPREFIX} (note that ${EPREFIX} occurs
@@ -318,7 +318,7 @@ process_ar() {
# There is no concept of splitdebug for objects not yet
# linked in (only for finally linked ELFs), so we have to
# retain the debug info in the archive itself.
- if ! ${FEATURES_splitdebug} || ${RESTRICT_splitdebug} ; then
+ if ! ${FEATURES_splitdebug} || ${PORTAGE_RESTRICT_splitdebug} ; then
${STRIP} -g "${x}" && ${RANLIB} "${x}"
fi
fi
@@ -327,7 +327,7 @@ process_ar() {
# The existance of the section .symtab tells us that a binary is stripped.
# We want to log already stripped binaries, as this may be a QA violation.
# They prevent us from getting the splitdebug data.
-if ! ${RESTRICT_binchecks} ; then
+if ! ${PORTAGE_RESTRICT_binchecks} ; then
# We need to do the non-stripped scan serially first before we turn around
# and start stripping the files ourselves. The log parsing can be done in
# parallel though.
@@ -459,7 +459,7 @@ __multijob_finish
cd "${tmpdir}"/sources/ && cat * > "${tmpdir}/debug.sources" 2>/dev/null
if [[ -s ${tmpdir}/debug.sources ]] && \
${FEATURES_installsources} && \
- ! ${RESTRICT_installsources} && \
+ ! ${PORTAGE_RESTRICT_installsources} && \
${debugedit_found}
then
__vecho "installsources: rsyncing source files"
diff --git a/bin/install-qa-check.d/10executable-issues b/bin/install-qa-check.d/10executable-issues
index 6b33d281d..c2355ab8f 100644
--- a/bin/install-qa-check.d/10executable-issues
+++ b/bin/install-qa-check.d/10executable-issues
@@ -2,7 +2,7 @@
# text relocations, executable stacks
elf_check() {
- if ! type -P scanelf >/dev/null || has binchecks ${RESTRICT}; then
+ if ! type -P scanelf >/dev/null || has binchecks ${PORTAGE_RESTRICT}; then
return
fi
diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags
index 062f51325..89706cd4c 100644
--- a/bin/install-qa-check.d/10ignored-flags
+++ b/bin/install-qa-check.d/10ignored-flags
@@ -2,7 +2,7 @@
ignored_flag_check() {
type -P scanelf > /dev/null || return
- has binchecks ${RESTRICT} && return
+ has binchecks ${PORTAGE_RESTRICT} && return
local qa_var="QA_FLAGS_IGNORED_${ARCH/-/_}"
eval "[[ -n \${!qa_var} ]] && QA_FLAGS_IGNORED=(\"\${${qa_var}[@]}\")"
@@ -65,7 +65,7 @@ ignored_flag_check() {
# Check for files built without respecting LDFLAGS
if [[ "${LDFLAGS}" == *,--defsym=__gentoo_check_ldflags__* ]] && \
- ! has binchecks ${RESTRICT} ; then
+ ! has binchecks ${PORTAGE_RESTRICT} ; then
f=$(LC_ALL=C comm -2 -3 <(scanelf -qyRF '#k%p' -k .dynsym "${ED%/}/" | LC_ALL=C sort) \
<(scanelf -qyRF '#s%p' -s __gentoo_check_ldflags__ "${ED%/}/" | LC_ALL=C sort))
if [[ -n ${f} ]] ; then
diff --git a/bin/install-qa-check.d/80libraries b/bin/install-qa-check.d/80libraries
index d1d2c4fdd..8dc35bb87 100644
--- a/bin/install-qa-check.d/80libraries
+++ b/bin/install-qa-check.d/80libraries
@@ -92,7 +92,7 @@ scanelf_lib_check() {
lib_check() {
local f x i j
- if type -P scanelf >/dev/null && ! has binchecks ${RESTRICT}; then
+ if type -P scanelf >/dev/null && ! has binchecks ${PORTAGE_RESTRICT}; then
scanelf_lib_check
fi
diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh
index 97bd78ec8..bd1fb7553 100755
--- a/bin/misc-functions.sh
+++ b/bin/misc-functions.sh
@@ -206,7 +206,7 @@ install_qa_check() {
eqawarn "QA Notice: <stabilize-allarches/> found on package installing ELF files"
fi
- if has binchecks ${RESTRICT}; then
+ if has binchecks ${PORTAGE_RESTRICT}; then
eqawarn "QA Notice: RESTRICT=binchecks prevented checks on these ELF files:"
eqawarn "$(while read -r x; do x=${x#*;} ; x=${x%%;*} ; echo "${x#${EPREFIX}}" ; done < "${PORTAGE_BUILDDIR}"/build-info/NEEDED.ELF.2)"
fi
diff --git a/bin/phase-functions.sh b/bin/phase-functions.sh
index 71411d414..0bb5d86e1 100644
--- a/bin/phase-functions.sh
+++ b/bin/phase-functions.sh
@@ -490,8 +490,8 @@ __dyn_test() {
die "The source directory '${S}' doesn't exist"
fi
- if has test ${RESTRICT} && ! has all ${ALLOW_TEST} &&
- ! { has test_network ${PROPERTIES} && has network ${ALLOW_TEST}; }
+ if has test ${PORTAGE_RESTRICT} && ! has all ${ALLOW_TEST} &&
+ ! { has test_network ${PORTAGE_PROPERTIES} && has network ${ALLOW_TEST}; }
then
einfo "Skipping make test/check due to ebuild restriction."
__vecho ">>> Test phase [disabled because of RESTRICT=test]: ${CATEGORY}/${PF}"
@@ -704,7 +704,7 @@ __dyn_install() {
cp "${EBUILD}" "${PF}.ebuild"
[ -n "${PORTAGE_REPO_NAME}" ] && echo "${PORTAGE_REPO_NAME}" > repository
- if has nostrip ${FEATURES} ${RESTRICT} || has strip ${RESTRICT}
+ if has nostrip ${FEATURES} ${PORTAGE_RESTRICT} || has strip ${PORTAGE_RESTRICT}
then
>> DEBUGBUILD
fi
@@ -759,7 +759,7 @@ __dyn_help() {
echo " c++ flags : ${CXXFLAGS}"
echo " make flags : ${MAKEOPTS}"
echo -n " build mode : "
- if has nostrip ${FEATURES} ${RESTRICT} || has strip ${RESTRICT} ;
+ if has nostrip ${FEATURES} ${PORTAGE_RESTRICT} || has strip ${PORTAGE_RESTRICT}
then
echo "debug (large)"
else
diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh
index 3f53e6c57..94f4f24f2 100644
--- a/bin/phase-helpers.sh
+++ b/bin/phase-helpers.sh
@@ -21,7 +21,7 @@ export PORTAGE_DOCOMPRESS_SIZE_LIMIT="128"
declare -a PORTAGE_DOCOMPRESS=( /usr/share/{doc,info,man} )
declare -a PORTAGE_DOCOMPRESS_SKIP=( /usr/share/doc/${PF}/html )
declare -a PORTAGE_DOSTRIP=( / )
-has strip ${RESTRICT} && PORTAGE_DOSTRIP=()
+has strip ${PORTAGE_RESTRICT} && PORTAGE_DOSTRIP=()
declare -a PORTAGE_DOSTRIP_SKIP=()
into() {
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-20 21:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-06-20 21:46 [gentoo-commits] proj/portage:master commit in: bin/, bin/install-qa-check.d/ Michał Górny
-- strict thread matches above, loose matches on Subject: below --
2018-06-27 4:30 Zac Medico
2014-09-26 2:17 Brian Dolbec
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox