From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-portage-dev@lists.gentoo.org
Cc: "Michał Górny" <mgorny@gentoo.org>
Subject: [gentoo-portage-dev] [PATCH v2] install-qa-check.d: Add a QA check for installing xattrs
Date: Tue, 28 Sep 2021 10:49:33 +0200 [thread overview]
Message-ID: <20210928084933.207232-1-mgorny@gentoo.org> (raw)
Warn the developers if ebuilds install files with xattrs to ${ED}.
The xattrs may or may not be preserved when installing the package,
making them unreliable on one hand, and somewhat suprising in other
cases (e.g. when they unintentionally leak from developer's system).
This is the first step towards restoring PMS compliance and *not*
preserving extended metadata.
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
bin/install-qa-check.d/95xattr | 54 ++++++++++++++++++++++++++++++++++
1 file changed, 54 insertions(+)
create mode 100644 bin/install-qa-check.d/95xattr
Changes in v2:
- added a link to the tracker in place of in-place explanation
diff --git a/bin/install-qa-check.d/95xattr b/bin/install-qa-check.d/95xattr
new file mode 100644
index 000000000..4bf6631d3
--- /dev/null
+++ b/bin/install-qa-check.d/95xattr
@@ -0,0 +1,54 @@
+# Check for xattrs. See https://bugs.gentoo.org/815220.
+
+xattr_check() {
+ type -P getfattr >/dev/null || return
+
+ pushd "${ED}" >/dev/null || die
+ local x file= keys
+ local -A data=()
+ while read -r x; do
+ case ${x} in
+ "# file: "*)
+ file=${x#*: }
+ file=/${file#.}
+ ;;
+ btrfs.*)
+ # ignore btrfs xattrs, they're implicit fs metadata
+ ;;
+ security.capability)
+ # don't report caps if we have fcaps.eclass inherited
+ if ! has fcaps ${INHERITED}; then
+ data[${file}]+=" ${x}"
+ fi
+ ;;
+ ?*)
+ data[${file}]+=" ${x}"
+ ;;
+ esac
+ done < <(getfattr -R -h -m - . 2>/dev/null)
+ popd >/dev/null || die
+
+ if [[ ${data[@]} ]]; then
+ eqawarn "One or more files in \${ED} include extended attributes."
+ eqawarn
+
+ for file in "${!data[@]}"; do
+ keys=( ${data[${file}]} )
+ for x in "${keys[@]}"; do
+ eqatag xattr "key=${x}" "${file}"
+ done
+ eqawarn " ${file} (${keys[*]})"
+ done
+
+ eqawarn
+ eqawarn "It is impossible to reliably guarantee that the extended attributes"
+ eqawarn "will be reliably preserved while merging. Please file a bug"
+ eqawarn "and make it block the tracker https://bugs.gentoo.org/815220."
+ eqawarn "More information about the problem can also be found on the tracker."
+ fi
+}
+
+xattr_check
+: # guarantee successful exit
+
+# vim:ft=sh
--
2.33.0
reply other threads:[~2021-09-28 8:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210928084933.207232-1-mgorny@gentoo.org \
--to=mgorny@gentoo.org \
--cc=gentoo-portage-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox