From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1391513-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id E67A215808E
	for <garchives@archives.gentoo.org>; Sat, 30 Apr 2022 19:13:53 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DCB1EE09FE;
	Sat, 30 Apr 2022 19:13:52 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 96C83E09FE
	for <gentoo-commits@lists.gentoo.org>; Sat, 30 Apr 2022 19:13:52 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 799C1341614
	for <gentoo-commits@lists.gentoo.org>; Sat, 30 Apr 2022 19:13:51 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id D32BB344
	for <gentoo-commits@lists.gentoo.org>; Sat, 30 Apr 2022 19:13:49 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1651345998.fe2c69be92364e912384cd07c0b122b0e80168f0.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: metadata/install-qa-check.d/
X-VCS-Repository: repo/gentoo
X-VCS-Files: metadata/install-qa-check.d/60udev-eclass
X-VCS-Directories: metadata/install-qa-check.d/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: fe2c69be92364e912384cd07c0b122b0e80168f0
X-VCS-Branch: master
Date: Sat, 30 Apr 2022 19:13:49 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: f6db6d25-2ae4-4c1f-a0a4-1c84f912030f
X-Archives-Hash: 02f48076bbaefc51faf26d5929d8ef4e

commit:     fe2c69be92364e912384cd07c0b122b0e80168f0
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 28 03:06:40 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Apr 30 19:13:18 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe2c69be

metadata/install-qa-check.d: add new QA check for udev rules

Very similar to tmpfiles.eclass check (60tmpfiles-paths).

Three checks:
1) Verify packages don't install udev rules to /etc/udev/rules.d, which
is a forbidden (user-configuration) location;

2) Check whether packages inherit udev.eclass if they're
installing files to /lib/udev/rules.d/..

(This helps to catch packages not calling udev_reload
in pkg_postinst).

3) Check for missing udev_process calls in pkg_postinst.

Bug: https://bugs.gentoo.org/433916
See: c7fe1066a8fcd35f965de4ea16c9cd1001830642
Signed-off-by: Sam James <sam <AT> gentoo.org>

 metadata/install-qa-check.d/60udev-eclass | 63 +++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/metadata/install-qa-check.d/60udev-eclass b/metadata/install-qa-check.d/60udev-eclass
new file mode 100644
index 000000000000..cf8e08e9971e
--- /dev/null
+++ b/metadata/install-qa-check.d/60udev-eclass
@@ -0,0 +1,63 @@
+# Copyright 2021-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# QA check: ensure that packages installing udev rules inherit the eclass
+# Maintainer: Sam James <sam@gentoo.org>
+
+# Implements three checks:
+# 1) Installation to /etc/udev/rules.d (which is a user-customization location);
+# 2) Installation of any udev rules to /lib/udev/rules.d without inheriting the eclass
+#    (needed for udev_reload in pkg_postinst);
+# 3) Check for installation of udev rules without calling udev_reload in
+#    pkg_postinst.
+udev_rules_check() {
+	# Check 1
+	# Scan image for files in /etc/udev/rules.d which is a forbidden location
+	# (We use this glob to avoid triggering on keepdir)
+	shopt -s nullglob
+	local files=( "${ED}"/etc/udev/rules.d/* )
+	shopt -u nullglob
+
+	if [[ ${#files[@]} -gt 0 ]]; then
+		eqawarn "QA Notice: files installed to /etc/udev/rules.d found"
+		eqawarn "udev rules files supplied by ebuilds must be installed to /lib/udev/rules.d/"
+	fi
+
+	# Check 2
+	# We're now going to check for whether we install files to /lib/udev/rules.d/ without
+	# inheriting the eclass (weak catch for ebuilds not calling udev_reload in pkg_postinst)
+
+	if [[ -n ${UDEV_OPTIONAL} ]] ; then
+		# While imperfect, using ${UDEV_OPTIONAL} is good enough to allow opting out
+		# for e.g. sys-apps/portage, sys-apps/systemd, sys-libs/pam, etc. We may want
+		# a better/more standardised way to opt out from QA checks in future.
+		# It's okay for some packages to do this because of circular dependencies and such
+		# See: https://archives.gentoo.org/gentoo-dev/message/0a96793036a4fdd9ac311a46950d7e7b
+		return
+	fi
+
+	if [[ -d "${ED}"/lib/udev/rules.d/ ]] ; then
+		if ! has udev ${INHERITED} ; then
+			eqawarn "QA Notice: package is installing udev ruleswithout inheriting udev.eclass!"
+			eqawarn "Packages must inherit udev.eclass then call udev_reload in pkg_postinst."
+			return
+		fi
+
+		# Check 3
+		# Check whether we're installing udev rules without explicitly
+		# calling udev_reload in pkg_postinst, but we have inherited
+		# the eclass.
+		# Small risk of false positives if called indirectly.
+		# See: https://archives.gentoo.org/gentoo-dev/message/7bdfdc9a7560fd07436defd0253af0b8
+		local pkg_postinst_body="$(declare -fp pkg_postinst 2>&1)"
+		if [[ ! ${pkg_postinst_body} == *udev_reload* ]] ; then
+			eqawarn "QA Notice: package is installing udev rules without calling"
+			eqawarn "udev_reload in pkg_postinst phase"
+		fi
+	fi
+}
+
+udev_rules_check
+: # guarantee successful exit
+
+# vim:ft=sh