1 |
commit: 990c5f4896b309fdcaf1dbbb5779177ecfcf6e74 |
2 |
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Sep 28 17:52:16 2014 +0000 |
4 |
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Sep 28 17:52:16 2014 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=990c5f48 |
7 |
|
8 |
Merge remote-tracking branch 'overlays-gentoo-org/master' into prefix |
9 |
|
10 |
Conflicts: |
11 |
bin/ebuild-helpers/emake |
12 |
bin/misc-functions.sh |
13 |
bin/portageq |
14 |
doc/Makefile |
15 |
pym/_emerge/EbuildBuild.py |
16 |
pym/portage/const.py |
17 |
pym/portage/dbapi/vartree.py |
18 |
pym/portage/package/ebuild/doebuild.py |
19 |
|
20 |
|
21 |
.gitignore | 1 + |
22 |
.travis.yml | 13 + |
23 |
DEVELOPING | 22 +- |
24 |
MANIFEST.in | 18 + |
25 |
Makefile | 215 ------ |
26 |
NEWS | 27 +- |
27 |
RELEASE-NOTES | 65 +- |
28 |
bin/archive-conf | 4 +- |
29 |
bin/binhost-snapshot | 4 +- |
30 |
bin/chpathtool.py | 8 +- |
31 |
bin/clean_locks | 4 +- |
32 |
bin/deprecated-path | 28 + |
33 |
bin/dispatch-conf | 4 +- |
34 |
bin/ebuild | 4 +- |
35 |
bin/ebuild-helpers/emake | 4 +- |
36 |
bin/ebuild-helpers/xattr/install | 27 +- |
37 |
bin/ebuild-ipc.py | 20 +- |
38 |
bin/ebuild.sh | 131 ++-- |
39 |
bin/egencache | 4 +- |
40 |
bin/emaint | 4 +- |
41 |
bin/emerge | 14 +- |
42 |
bin/emerge-webrsync | 4 +- |
43 |
bin/env-update | 4 +- |
44 |
bin/fixpackages | 4 +- |
45 |
bin/glsa-check | 4 +- |
46 |
bin/install-qa-check.d/05double-D | 17 + |
47 |
bin/install-qa-check.d/05prefix | 118 +++ |
48 |
bin/install-qa-check.d/10executable-issues | 140 ++++ |
49 |
bin/install-qa-check.d/10ignored-flags | 99 +++ |
50 |
bin/install-qa-check.d/20deprecated-directories | 18 + |
51 |
bin/install-qa-check.d/20runtime-directories | 26 + |
52 |
bin/install-qa-check.d/60bash-completion | 130 ++++ |
53 |
bin/install-qa-check.d/60openrc | 41 ++ |
54 |
bin/install-qa-check.d/60pkgconfig | 15 + |
55 |
bin/install-qa-check.d/60pngfix | 35 + |
56 |
bin/install-qa-check.d/60systemd | 25 + |
57 |
bin/install-qa-check.d/60udev | 21 + |
58 |
bin/install-qa-check.d/80libraries | 167 +++++ |
59 |
bin/install-qa-check.d/80multilib-strict | 50 ++ |
60 |
bin/install-qa-check.d/90gcc-warnings | 168 +++++ |
61 |
bin/install-qa-check.d/90world-writable | 27 + |
62 |
bin/misc-functions.sh | 800 +-------------------- |
63 |
bin/phase-functions.sh | 153 ++-- |
64 |
bin/phase-helpers.sh | 40 +- |
65 |
bin/portageq | 339 +++++---- |
66 |
bin/quickpkg | 8 +- |
67 |
bin/regenworld | 4 +- |
68 |
bin/repoman | 32 +- |
69 |
bin/save-ebuild-env.sh | 2 +- |
70 |
bin/xattr-helper.py | 6 +- |
71 |
cnf/sets/portage.conf | 5 + |
72 |
doc/Makefile | 13 - |
73 |
doc/fragment/version | 1 - |
74 |
man/emerge.1 | 19 +- |
75 |
man/repoman.1 | 4 + |
76 |
misc/emerge-delta-webrsync | 4 +- |
77 |
mkrelease.sh | 141 ---- |
78 |
pym/_emerge/Binpkg.py | 9 +- |
79 |
pym/_emerge/EbuildBuild.py | 6 +- |
80 |
pym/_emerge/FakeVartree.py | 4 +- |
81 |
pym/_emerge/MiscFunctionsProcess.py | 6 +- |
82 |
pym/_emerge/PackageMerge.py | 5 +- |
83 |
pym/_emerge/Scheduler.py | 2 +- |
84 |
pym/_emerge/UserQuery.py | 71 ++ |
85 |
pym/_emerge/actions.py | 60 +- |
86 |
pym/_emerge/depgraph.py | 380 ++++++++-- |
87 |
pym/_emerge/main.py | 18 +- |
88 |
pym/_emerge/post_emerge.py | 5 +- |
89 |
pym/_emerge/resolver/output_helpers.py | 2 +- |
90 |
pym/_emerge/resolver/package_tracker.py | 2 +- |
91 |
pym/_emerge/sync/old_tree_timestamp.py | 12 +- |
92 |
pym/_emerge/unmerge.py | 8 +- |
93 |
pym/_emerge/userquery.py | 55 -- |
94 |
pym/portage/__init__.py | 16 +- |
95 |
pym/portage/_emirrordist/FetchTask.py | 6 +- |
96 |
pym/portage/_global_updates.py | 4 +- |
97 |
pym/portage/_sets/dbapi.py | 85 ++- |
98 |
pym/portage/cache/sqlite.py | 4 +- |
99 |
pym/portage/const.py | 12 +- |
100 |
pym/portage/dbapi/__init__.py | 6 +- |
101 |
pym/portage/dbapi/vartree.py | 25 +- |
102 |
pym/portage/dep/_slot_operator.py | 27 +- |
103 |
pym/portage/dep/dep_check.py | 20 +- |
104 |
pym/portage/dispatch_conf.py | 3 +- |
105 |
pym/portage/emaint/main.py | 6 +- |
106 |
pym/portage/emaint/module.py | 2 +- |
107 |
pym/portage/emaint/modules/binhost/__init__.py | 8 +- |
108 |
pym/portage/emaint/modules/config/__init__.py | 8 +- |
109 |
pym/portage/emaint/modules/logs/__init__.py | 8 +- |
110 |
pym/portage/emaint/modules/merges/__init__.py | 31 + |
111 |
pym/portage/emaint/modules/merges/merges.py | 290 ++++++++ |
112 |
pym/portage/emaint/modules/move/__init__.py | 8 +- |
113 |
pym/portage/emaint/modules/move/move.py | 5 +- |
114 |
pym/portage/emaint/modules/resume/__init__.py | 6 +- |
115 |
pym/portage/emaint/modules/world/__init__.py | 8 +- |
116 |
pym/portage/exception.py | 4 + |
117 |
pym/portage/localization.py | 7 +- |
118 |
pym/portage/mail.py | 12 +- |
119 |
pym/portage/news.py | 8 +- |
120 |
pym/portage/output.py | 6 +- |
121 |
pym/portage/package/ebuild/config.py | 17 +- |
122 |
pym/portage/package/ebuild/doebuild.py | 9 +- |
123 |
pym/portage/tests/__init__.py | 24 +- |
124 |
.../date => pym/portage/tests/bin/__test__.py | 0 |
125 |
.../tests/{bin/__test__ => dbapi/__test__.py} | 0 |
126 |
pym/portage/tests/dbapi/test_portdb_cache.py | 23 +- |
127 |
.../tests/{dbapi/__test__ => dep/__test__.py} | 0 |
128 |
.../tests/{dep/__test__ => ebuild/__test__.py} | 0 |
129 |
pym/portage/tests/ebuild/test_config.py | 71 +- |
130 |
.../tests/{ebuild/__test__ => emerge/__test__.py} | 0 |
131 |
pym/portage/tests/emerge/test_emerge_slot_abi.py | 7 +- |
132 |
pym/portage/tests/emerge/test_simple.py | 36 +- |
133 |
.../tests/{emerge/__test__ => env/__test__.py} | 0 |
134 |
.../tests/env/{__test__ => config/__test__.py} | 0 |
135 |
.../{env/config/__test__ => glsa/__test__.py} | 0 |
136 |
pym/portage/tests/glsa/test_security_set.py | 3 +- |
137 |
.../{glsa/__test__ => lafilefixer/__test__.py} | 0 |
138 |
.../__test__ => lazyimport/__test__.py} | 0 |
139 |
.../{lazyimport/__test__ => lint/__test__.py} | 0 |
140 |
pym/portage/tests/lint/test_compile_modules.py | 10 +- |
141 |
pym/portage/tests/lint/test_import_modules.py | 8 +- |
142 |
.../tests/{lint/__test__ => locks/__test__.py} | 0 |
143 |
.../tests/{locks/__test__ => news/__test__.py} | 0 |
144 |
.../tests/{news/__test__ => process/__test__.py} | 0 |
145 |
.../{process/__test__ => repoman/__test__.py} | 0 |
146 |
pym/portage/tests/repoman/test_simple.py | 8 +- |
147 |
pym/portage/tests/resolver/ResolverPlayground.py | 59 +- |
148 |
.../{repoman/__test__ => resolver/__test__.py} | 0 |
149 |
.../tests/resolver/test_autounmask_use_breakage.py | 63 ++ |
150 |
pym/portage/tests/resolver/test_or_choices.py | 73 ++ |
151 |
...fied.py => test_slot_conflict_force_rebuild.py} | 56 +- |
152 |
.../test_slot_conflict_unsatisfied_deep_deps.py | 115 +++ |
153 |
...nsatisfied.py => test_slot_operator_rebuild.py} | 52 +- |
154 |
.../resolver/test_slot_operator_required_use.py | 72 ++ |
155 |
...test_solve_non_slot_operator_slot_conflicts.py} | 49 +- |
156 |
pym/portage/tests/{runTests => runTests.py} | 0 |
157 |
.../{resolver/__test__ => sets/base/__test__.py} | 0 |
158 |
.../sets/{base/__test__ => files/__test__.py} | 0 |
159 |
.../sets/{files/__test__ => shell/__test__.py} | 0 |
160 |
.../{sets/shell/__test__ => unicode/__test__.py} | 0 |
161 |
.../tests/{unicode/__test__ => update/__test__.py} | 0 |
162 |
.../tests/{update/__test__ => util/__test__.py} | 0 |
163 |
pym/portage/tests/util/test_getconfig.py | 4 +- |
164 |
.../tests/{util/__test__ => versions/__test__.py} | 0 |
165 |
pym/portage/tests/xpak/__test__ | 0 |
166 |
.../tests/{versions/__test__ => xpak/__test__.py} | 0 |
167 |
pym/portage/util/__init__.py | 3 +- |
168 |
pym/portage/util/_eventloop/EventLoop.py | 8 +- |
169 |
pym/portage/util/_eventloop/PollSelectAdapter.py | 6 +- |
170 |
pym/repoman/checks.py | 16 - |
171 |
runtests.sh | 8 +- |
172 |
setup.py | 652 +++++++++++++++++ |
173 |
testpath | 11 + |
174 |
153 files changed, 4118 insertions(+), 1920 deletions(-) |
175 |
|
176 |
diff --cc bin/ebuild-helpers/emake |
177 |
index 60286ec,4618053..dcb64a3 |
178 |
--- a/bin/ebuild-helpers/emake |
179 |
+++ b/bin/ebuild-helpers/emake |
180 |
@@@ -22,7 -22,7 +22,7 @@@ if [[ $PORTAGE_QUIET != 1 ]] ; the |
181 |
) >&2 |
182 |
fi |
183 |
|
184 |
- ${MAKE:-make} SHELL="${BASH:-/bin/bash}" ${MAKEOPTS} ${EXTRA_EMAKE} "$@" |
185 |
-${MAKE:-make} ${MAKEOPTS} "$@" ${EXTRA_EMAKE} |
186 |
++${MAKE:-make} SHELL="${BASH:-/bin/bash}" ${MAKEOPTS} "$@" ${EXTRA_EMAKE} |
187 |
ret=$? |
188 |
[[ $ret -ne 0 ]] && __helpers_die "${0##*/} failed" |
189 |
exit $ret |
190 |
diff --cc bin/install-qa-check.d/05prefix |
191 |
index 0000000,e1fc2bd..32561e2 |
192 |
mode 000000,100644..100644 |
193 |
--- a/bin/install-qa-check.d/05prefix |
194 |
+++ b/bin/install-qa-check.d/05prefix |
195 |
@@@ -1,0 -1,117 +1,118 @@@ |
196 |
+ # Prefix specific QA checks |
197 |
+ |
198 |
+ install_qa_check_prefix() { |
199 |
+ [[ ${ED} == ${D} ]] && return |
200 |
+ |
201 |
+ if [[ -d ${ED}/${D} ]] ; then |
202 |
+ find "${ED}/${D}" | \ |
203 |
+ while read i ; do |
204 |
+ eqawarn "QA Notice: /${i##${ED}/${D}} installed in \${ED}/\${D}" |
205 |
+ done |
206 |
+ die "Aborting due to QA concerns: files installed in ${ED}/${D}" |
207 |
+ fi |
208 |
+ |
209 |
+ if [[ -d ${ED}/${EPREFIX} ]] ; then |
210 |
+ find "${ED}/${EPREFIX}/" | \ |
211 |
+ while read i ; do |
212 |
+ eqawarn "QA Notice: ${i#${D}} double prefix" |
213 |
+ done |
214 |
+ die "Aborting due to QA concerns: double prefix files installed" |
215 |
+ fi |
216 |
+ |
217 |
+ if [[ -d ${D} ]] ; then |
218 |
+ INSTALLTOD=$(find ${D%/} | egrep -v "^${ED}" | sed -e "s|^${D%/}||" | awk '{if (length($0) <= length("'"${EPREFIX}"'")) { if (substr("'"${EPREFIX}"'", 1, length($0)) != $0) {print $0;} } else if (substr($0, 1, length("'"${EPREFIX}"'")) != "'"${EPREFIX}"'") {print $0;} }') |
219 |
+ if [[ -n ${INSTALLTOD} ]] ; then |
220 |
+ eqawarn "QA Notice: the following files are outside of the prefix:" |
221 |
+ eqawarn "${INSTALLTOD}" |
222 |
+ die "Aborting due to QA concerns: there are files installed outside the prefix" |
223 |
+ fi |
224 |
+ fi |
225 |
+ |
226 |
+ # all further checks rely on ${ED} existing |
227 |
+ [[ -d ${ED} ]] || return |
228 |
+ |
229 |
+ # check shebangs, bug #282539 |
230 |
+ rm -f "${T}"/non-prefix-shebangs-errs |
231 |
+ local WHITELIST=" /usr/bin/env " |
232 |
+ # this is hell expensive, but how else? |
233 |
+ find "${ED}" -executable \! -type d -print0 \ |
234 |
+ | xargs -0 grep -H -n -m1 "^#!" \ |
235 |
+ | while read f ; |
236 |
+ do |
237 |
+ local fn=${f%%:*} |
238 |
+ local pos=${f#*:} ; pos=${pos%:*} |
239 |
+ local line=${f##*:} |
240 |
+ # shebang always appears on the first line ;) |
241 |
+ [[ ${pos} != 1 ]] && continue |
242 |
+ local oldIFS=${IFS} |
243 |
+ IFS=$'\r'$'\n'$'\t'" " |
244 |
+ line=( ${line#"#!"} ) |
245 |
+ IFS=${oldIFS} |
246 |
+ [[ ${WHITELIST} == *" ${line[0]} "* ]] && continue |
247 |
+ local fp=${fn#${D}} ; fp=/${fp%/*} |
248 |
+ # line[0] can be an absolutised path, bug #342929 |
249 |
+ local eprefix=$(canonicalize ${EPREFIX}) |
250 |
+ local rf=${fn} |
251 |
+ # in case we deal with a symlink, make sure we don't replace it |
252 |
+ # with a real file (sed -i does that) |
253 |
+ if [[ -L ${fn} ]] ; then |
254 |
+ rf=$(readlink ${fn}) |
255 |
+ [[ ${rf} != /* ]] && rf=${fn%/*}/${rf} |
256 |
+ # ignore symlinks pointing to outside prefix |
257 |
+ # as seen in sys-devel/native-cctools |
258 |
+ [[ $(canonicalize "/${rf#${D}}") != ${eprefix}/* ]] && continue |
259 |
+ fi |
260 |
+ # does the shebang start with ${EPREFIX}, and does it exist? |
261 |
+ if [[ ${line[0]} == ${EPREFIX}/* || ${line[0]} == ${eprefix}/* ]] ; then |
262 |
+ if [[ ! -e ${ROOT%/}${line[0]} && ! -e ${D%/}${line[0]} ]] ; then |
263 |
+ # hmm, refers explicitly to $EPREFIX, but doesn't exist, |
264 |
+ # if it's in PATH that's wrong in any case |
265 |
+ if [[ ":${PATH}:" == *":${fp}:"* ]] ; then |
266 |
+ echo "${fn#${D}}:${line[0]} (explicit EPREFIX but target not found)" \ |
267 |
+ >> "${T}"/non-prefix-shebangs-errs |
268 |
+ else |
269 |
+ eqawarn "${fn#${D}} has explicit EPREFIX in shebang but target not found (${line[0]})" |
270 |
+ fi |
271 |
+ fi |
272 |
+ continue |
273 |
+ fi |
274 |
- # unprefixed shebang, is the script directly in $PATH? |
275 |
- if [[ ":${PATH}:" == *":${fp}:"* ]] ; then |
276 |
++ # unprefixed shebang, is the script directly in $PATH or an init |
277 |
++ # script? |
278 |
++ if [[ ":${PATH}:${EPREFIX}/etc/init.d:" == *":${fp}:"* ]] ; then |
279 |
+ if [[ -e ${EROOT}${line[0]} || -e ${ED}${line[0]} ]] ; then |
280 |
+ # is it unprefixed, but we can just fix it because a |
281 |
+ # prefixed variant exists |
282 |
+ eqawarn "prefixing shebang of ${fn#${D}}" |
283 |
+ # statement is made idempotent on purpose, because |
284 |
+ # symlinks may point to the same target, and hence the |
285 |
+ # same real file may be sedded multiple times since we |
286 |
+ # read the shebangs in one go upfront for performance |
287 |
+ # reasons |
288 |
+ sed -i -e '1s:^#! \?'"${line[0]}"':#!'"${EPREFIX}"${line[0]}':' "${rf}" |
289 |
+ continue |
290 |
+ else |
291 |
+ # this is definitely wrong: script in $PATH and invalid shebang |
292 |
+ echo "${fn#${D}}:${line[0]} (script ${fn##*/} installed in PATH but interpreter ${line[0]} not found)" \ |
293 |
+ >> "${T}"/non-prefix-shebangs-errs |
294 |
+ fi |
295 |
+ else |
296 |
+ # unprefixed/invalid shebang, but outside $PATH, this may be |
297 |
+ # intended (e.g. config.guess) so remain silent by default |
298 |
+ has stricter ${FEATURES} && \ |
299 |
+ eqawarn "invalid shebang in ${fn#${D}}: ${line[0]}" |
300 |
+ fi |
301 |
+ done |
302 |
+ if [[ -e "${T}"/non-prefix-shebangs-errs ]] ; then |
303 |
+ eqawarn "QA Notice: the following files use invalid (possible non-prefixed) shebangs:" |
304 |
+ while read line ; do |
305 |
+ eqawarn " ${line}" |
306 |
+ done < "${T}"/non-prefix-shebangs-errs |
307 |
+ rm -f "${T}"/non-prefix-shebangs-errs |
308 |
+ die "Aborting due to QA concerns: invalid shebangs found" |
309 |
+ fi |
310 |
+ } |
311 |
+ |
312 |
+ install_qa_check_prefix |
313 |
+ : # guarantee successful exit |
314 |
+ |
315 |
+ # vim:ft=sh |
316 |
diff --cc bin/install-qa-check.d/80libraries |
317 |
index 0000000,3977bae..c83f278 |
318 |
mode 000000,100644..100644 |
319 |
--- a/bin/install-qa-check.d/80libraries |
320 |
+++ b/bin/install-qa-check.d/80libraries |
321 |
@@@ -1,0 -1,158 +1,167 @@@ |
322 |
+ # Check for issues with installed libraries |
323 |
+ |
324 |
+ lib_check() { |
325 |
+ local f x i j |
326 |
+ |
327 |
+ if type -P scanelf > /dev/null && ! has binchecks ${RESTRICT}; then |
328 |
+ # Check for shared libraries lacking SONAMEs |
329 |
+ local qa_var="QA_SONAME_${ARCH/-/_}" |
330 |
+ eval "[[ -n \${!qa_var} ]] && QA_SONAME=(\"\${${qa_var}[@]}\")" |
331 |
+ f=$(scanelf -ByF '%S %p' "${ED}"{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]${ED}:/:") |
332 |
+ if [[ -n ${f} ]] ; then |
333 |
+ echo "${f}" > "${T}"/scanelf-missing-SONAME.log |
334 |
+ if [[ "${QA_STRICT_SONAME-unset}" == unset ]] ; then |
335 |
+ if [[ ${#QA_SONAME[@]} -gt 1 ]] ; then |
336 |
+ for x in "${QA_SONAME[@]}" ; do |
337 |
+ sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-SONAME.log |
338 |
+ done |
339 |
+ else |
340 |
+ local shopts=$- |
341 |
+ set -o noglob |
342 |
+ for x in ${QA_SONAME} ; do |
343 |
+ sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-SONAME.log |
344 |
+ done |
345 |
+ set +o noglob |
346 |
+ set -${shopts} |
347 |
+ fi |
348 |
+ fi |
349 |
+ sed -e "/^\$/d" -i "${T}"/scanelf-missing-SONAME.log |
350 |
+ f=$(<"${T}"/scanelf-missing-SONAME.log) |
351 |
+ if [[ -n ${f} ]] ; then |
352 |
+ __vecho -ne '\n' |
353 |
+ eqawarn "QA Notice: The following shared libraries lack a SONAME" |
354 |
+ eqawarn "${f}" |
355 |
+ __vecho -ne '\n' |
356 |
+ sleep 1 |
357 |
+ else |
358 |
+ rm -f "${T}"/scanelf-missing-SONAME.log |
359 |
+ fi |
360 |
+ fi |
361 |
+ |
362 |
+ # Check for shared libraries lacking NEEDED entries |
363 |
+ qa_var="QA_DT_NEEDED_${ARCH/-/_}" |
364 |
+ eval "[[ -n \${!qa_var} ]] && QA_DT_NEEDED=(\"\${${qa_var}[@]}\")" |
365 |
+ f=$(scanelf -ByF '%n %p' "${ED}"{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]${ED}:/:") |
366 |
+ if [[ -n ${f} ]] ; then |
367 |
+ echo "${f}" > "${T}"/scanelf-missing-NEEDED.log |
368 |
+ if [[ "${QA_STRICT_DT_NEEDED-unset}" == unset ]] ; then |
369 |
+ if [[ ${#QA_DT_NEEDED[@]} -gt 1 ]] ; then |
370 |
+ for x in "${QA_DT_NEEDED[@]}" ; do |
371 |
+ sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-NEEDED.log |
372 |
+ done |
373 |
+ else |
374 |
+ local shopts=$- |
375 |
+ set -o noglob |
376 |
+ for x in ${QA_DT_NEEDED} ; do |
377 |
+ sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-NEEDED.log |
378 |
+ done |
379 |
+ set +o noglob |
380 |
+ set -${shopts} |
381 |
+ fi |
382 |
+ fi |
383 |
+ sed -e "/^\$/d" -i "${T}"/scanelf-missing-NEEDED.log |
384 |
+ f=$(<"${T}"/scanelf-missing-NEEDED.log) |
385 |
+ if [[ -n ${f} ]] ; then |
386 |
+ __vecho -ne '\n' |
387 |
+ eqawarn "QA Notice: The following shared libraries lack NEEDED entries" |
388 |
+ eqawarn "${f}" |
389 |
+ __vecho -ne '\n' |
390 |
+ sleep 1 |
391 |
+ else |
392 |
+ rm -f "${T}"/scanelf-missing-NEEDED.log |
393 |
+ fi |
394 |
+ fi |
395 |
+ fi |
396 |
+ |
397 |
+ # this should help to ensure that all (most?) shared libraries are executable |
398 |
+ # and that all libtool scripts / static libraries are not executable |
399 |
+ for i in "${ED}"opt/*/lib* \ |
400 |
+ "${ED}"lib* \ |
401 |
+ "${ED}"usr/lib* ; do |
402 |
+ [[ ! -d ${i} ]] && continue |
403 |
+ |
404 |
+ for j in "${i}"/*.so.* "${i}"/*.so ; do |
405 |
+ [[ ! -e ${j} ]] && continue |
406 |
+ [[ -L ${j} ]] && continue |
407 |
+ [[ -x ${j} ]] && continue |
408 |
+ __vecho "making executable: ${j#${ED}}" |
409 |
+ chmod +x "${j}" |
410 |
+ done |
411 |
+ |
412 |
+ for j in "${i}"/*.a "${i}"/*.la ; do |
413 |
+ [[ ! -e ${j} ]] && continue |
414 |
+ [[ -L ${j} ]] && continue |
415 |
+ [[ ! -x ${j} ]] && continue |
416 |
+ __vecho "removing executable bit: ${j#${ED}}" |
417 |
+ chmod -x "${j}" |
418 |
+ done |
419 |
+ |
420 |
+ for j in "${i}"/*.{a,dll,dylib,sl,so}.* "${i}"/*.{a,dll,dylib,sl,so} ; do |
421 |
+ [[ ! -e ${j} ]] && continue |
422 |
+ [[ ! -L ${j} ]] && continue |
423 |
+ linkdest=$(readlink "${j}") |
424 |
+ if [[ ${linkdest} == /* ]] ; then |
425 |
+ __vecho -ne '\n' |
426 |
+ eqawarn "QA Notice: Found an absolute symlink in a library directory:" |
427 |
+ eqawarn " ${j#${D}} -> ${linkdest}" |
428 |
+ eqawarn " It should be a relative symlink if in the same directory" |
429 |
+ eqawarn " or a linker script if it crosses the /usr boundary." |
430 |
+ fi |
431 |
+ done |
432 |
+ done |
433 |
+ |
434 |
+ # When installing static libraries into /usr/lib and shared libraries into |
435 |
+ # /lib, we have to make sure we have a linker script in /usr/lib along side |
436 |
+ # the static library, or gcc will utilize the static lib when linking :(. |
437 |
+ # http://bugs.gentoo.org/4411 |
438 |
+ local abort="no" |
439 |
+ local a s |
440 |
+ for a in "${ED}"usr/lib*/*.a ; do |
441 |
- s=${a%.a}.so |
442 |
++ # PREFIX LOCAL: support MachO objects |
443 |
++ [[ ${CHOST} == *-darwin* ]] \ |
444 |
++ && s=${a%.a}.dylib \ |
445 |
++ || s=${a%.a}.so |
446 |
++ # END PREFIX LOCAL |
447 |
+ if [[ ! -e ${s} ]] ; then |
448 |
+ s=${s%usr/*}${s##*/usr/} |
449 |
+ if [[ -e ${s} ]] ; then |
450 |
+ __vecho -ne '\n' |
451 |
+ eqawarn "QA Notice: Missing gen_usr_ldscript for ${s##*/}" |
452 |
+ abort="yes" |
453 |
+ fi |
454 |
+ fi |
455 |
+ done |
456 |
+ [[ ${abort} == "yes" ]] && die "add those ldscripts" |
457 |
+ |
458 |
+ # Make sure people don't store libtool files or static libs in /lib |
459 |
- f=$(ls "${ED}"lib*/*.{a,la} 2>/dev/null) |
460 |
++ # PREFIX LOCAL: on AIX, "dynamic libs" have extension .a, so don't |
461 |
++ # get false positives |
462 |
++ [[ ${CHOST} == *-aix* ]] \ |
463 |
++ && f=$(ls "${ED}"lib*/*.la 2>/dev/null || true) \ |
464 |
++ || f=$(ls "${ED}"lib*/*.{a,la} 2>/dev/null) |
465 |
++ # END PREFIX LOCAL |
466 |
+ if [[ -n ${f} ]] ; then |
467 |
+ __vecho -ne '\n' |
468 |
+ eqawarn "QA Notice: Excessive files found in the / partition" |
469 |
+ eqawarn "${f}" |
470 |
+ __vecho -ne '\n' |
471 |
+ die "static archives (*.a) and libtool library files (*.la) belong in /usr/lib*, not /lib*" |
472 |
+ fi |
473 |
+ |
474 |
+ # Verify that the libtool files don't contain bogus $D entries. |
475 |
+ local abort=no gentoo_bug=no always_overflow=no |
476 |
+ for a in "${ED}"usr/lib*/*.la ; do |
477 |
+ s=${a##*/} |
478 |
+ if grep -qs "${ED}" "${a}" ; then |
479 |
+ __vecho -ne '\n' |
480 |
+ eqawarn "QA Notice: ${s} appears to contain PORTAGE_TMPDIR paths" |
481 |
+ abort="yes" |
482 |
+ fi |
483 |
+ done |
484 |
+ [[ ${abort} == "yes" ]] && die "soiled libtool library files found" |
485 |
+ } |
486 |
+ |
487 |
+ lib_check |
488 |
+ : # guarantee successful exit |
489 |
+ |
490 |
+ # vim:ft=sh |
491 |
diff --cc bin/install-qa-check.d/80multilib-strict |
492 |
index 0000000,f944be9..436932e |
493 |
mode 000000,100644..100644 |
494 |
--- a/bin/install-qa-check.d/80multilib-strict |
495 |
+++ b/bin/install-qa-check.d/80multilib-strict |
496 |
@@@ -1,0 -1,50 +1,50 @@@ |
497 |
+ # Strict multilib directory checks |
498 |
+ multilib_strict_check() { |
499 |
+ if has multilib-strict ${FEATURES} && \ |
500 |
- [[ -x /usr/bin/file && -x /usr/bin/find ]] && \ |
501 |
++ [[ -x ${EPREFIX}/usr/bin/file && -x ${EPREFIX}/usr/bin/find ]] && \ |
502 |
+ [[ -n ${MULTILIB_STRICT_DIRS} && -n ${MULTILIB_STRICT_DENY} ]] |
503 |
+ then |
504 |
+ rm -f "${T}/multilib-strict.log" |
505 |
+ local abort=no dir file |
506 |
+ MULTILIB_STRICT_EXEMPT=$(echo ${MULTILIB_STRICT_EXEMPT} | sed -e 's:\([(|)]\):\\\1:g') |
507 |
+ for dir in ${MULTILIB_STRICT_DIRS} ; do |
508 |
+ [[ -d ${ED}/${dir} ]] || continue |
509 |
+ for file in $(find ${ED}/${dir} -type f | grep -v "^${ED}/${dir}/${MULTILIB_STRICT_EXEMPT}"); do |
510 |
+ if file ${file} | egrep -q "${MULTILIB_STRICT_DENY}" ; then |
511 |
+ echo "${file#${ED}//}" >> "${T}/multilib-strict.log" |
512 |
+ fi |
513 |
+ done |
514 |
+ done |
515 |
+ |
516 |
+ if [[ -s ${T}/multilib-strict.log ]] ; then |
517 |
+ if [[ ${#QA_MULTILIB_PATHS[@]} -eq 1 ]] ; then |
518 |
+ local shopts=$- |
519 |
+ set -o noglob |
520 |
+ QA_MULTILIB_PATHS=(${QA_MULTILIB_PATHS}) |
521 |
+ set +o noglob |
522 |
+ set -${shopts} |
523 |
+ fi |
524 |
+ if [ "${QA_STRICT_MULTILIB_PATHS-unset}" = unset ] ; then |
525 |
+ local x |
526 |
+ for x in "${QA_MULTILIB_PATHS[@]}" ; do |
527 |
+ sed -e "s#^${x#/}\$##" -i "${T}/multilib-strict.log" |
528 |
+ done |
529 |
+ sed -e "/^\$/d" -i "${T}/multilib-strict.log" |
530 |
+ fi |
531 |
+ if [[ -s ${T}/multilib-strict.log ]] ; then |
532 |
+ abort=yes |
533 |
+ echo "Files matching a file type that is not allowed:" |
534 |
+ while read -r ; do |
535 |
+ echo " ${REPLY}" |
536 |
+ done < "${T}/multilib-strict.log" |
537 |
+ fi |
538 |
+ fi |
539 |
+ |
540 |
+ [[ ${abort} == yes ]] && die "multilib-strict check failed!" |
541 |
+ fi |
542 |
+ } |
543 |
+ |
544 |
+ multilib_strict_check |
545 |
+ : # guarantee successful exit |
546 |
+ |
547 |
+ # vim:ft=sh |
548 |
diff --cc bin/install-qa-check.d/90world-writable |
549 |
index 0000000,771027e..635612d |
550 |
mode 000000,100644..100644 |
551 |
--- a/bin/install-qa-check.d/90world-writable |
552 |
+++ b/bin/install-qa-check.d/90world-writable |
553 |
@@@ -1,0 -1,25 +1,27 @@@ |
554 |
+ # Check for world-writable files |
555 |
+ |
556 |
+ world_writable_check() { |
557 |
+ # Now we look for all world writable files. |
558 |
- local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e "s:^${ED}:- :") |
559 |
++ # PREFIX LOCAL: keep offset prefix in the reported files |
560 |
++ local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e "s:^${D}:- :") |
561 |
++ # END PREFIX LOCAL |
562 |
+ if [[ -n ${unsafe_files} ]] ; then |
563 |
+ __vecho "QA Security Notice: world writable file(s):" |
564 |
+ __vecho "${unsafe_files}" |
565 |
+ __vecho "- This may or may not be a security problem, most of the time it is one." |
566 |
+ __vecho "- Please double check that $PF really needs a world writeable bit and file bugs accordingly." |
567 |
+ sleep 1 |
568 |
+ fi |
569 |
+ |
570 |
- local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm -4002 ')' | sed -e "s:^${ED}:/:") |
571 |
++ local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm -4002 ')' | sed -e "s:^${D}:/:") |
572 |
+ if [[ -n ${unsafe_files} ]] ; then |
573 |
+ eqawarn "QA Notice: Unsafe files detected (set*id and world writable)" |
574 |
+ eqawarn "${unsafe_files}" |
575 |
+ die "Unsafe files found in \${D}. Portage will not install them." |
576 |
+ fi |
577 |
+ } |
578 |
+ |
579 |
+ world_writable_check |
580 |
+ : # guarantee successful exit |
581 |
+ |
582 |
+ # vim:ft=sh |
583 |
diff --cc bin/misc-functions.sh |
584 |
index d92103f,cc652a9..1904c25 |
585 |
mode 100644,100755..100644 |
586 |
--- a/bin/misc-functions.sh |
587 |
+++ b/bin/misc-functions.sh |
588 |
@@@ -1,5 -1,5 +1,5 @@@ |
589 |
-#!/bin/bash |
590 |
+#!@PORTAGE_BASH@ |
591 |
- # Copyright 1999-2013 Gentoo Foundation |
592 |
+ # Copyright 1999-2014 Gentoo Foundation |
593 |
# Distributed under the terms of the GNU General Public License v2 |
594 |
# |
595 |
# Miscellaneous shell functions that make use of the ebuild env but don't need |
596 |
@@@ -172,67 -168,34 +172,36 @@@ install_qa_check() |
597 |
local EPREFIX= ED=${D} |
598 |
fi |
599 |
|
600 |
- cd "${ED}" || die "cd failed" |
601 |
+ # PREFIX LOCAL: ED needs not to exist, whereas D does |
602 |
+ cd "${D}" || die "cd failed" |
603 |
+ # END PREFIX LOCAL |
604 |
|
605 |
- qa_var="QA_FLAGS_IGNORED_${ARCH/-/_}" |
606 |
- eval "[[ -n \${!qa_var} ]] && QA_FLAGS_IGNORED=(\"\${${qa_var}[@]}\")" |
607 |
- if [[ ${#QA_FLAGS_IGNORED[@]} -eq 1 ]] ; then |
608 |
- local shopts=$- |
609 |
- set -o noglob |
610 |
- QA_FLAGS_IGNORED=(${QA_FLAGS_IGNORED}) |
611 |
- set +o noglob |
612 |
- set -${shopts} |
613 |
- fi |
614 |
+ # Run QA checks from install-qa-check.d. |
615 |
+ # Note: checks need to be run *before* stripping. |
616 |
+ local f |
617 |
+ # TODO: handle nullglob-like |
618 |
+ for f in "${PORTAGE_BIN_PATH}"/install-qa-check.d/*; do |
619 |
+ # Run in a subshell to treat it like external script, |
620 |
+ # but use 'source' to pass all variables through. |
621 |
+ ( |
622 |
+ source "${f}" || eerror "Post-install QA check ${f##*/} failed to run" |
623 |
+ ) |
624 |
+ done |
625 |
|
626 |
- # Check for files built without respecting *FLAGS. Note that |
627 |
- # -frecord-gcc-switches must be in all *FLAGS variables, in |
628 |
- # order to avoid false positive results here. |
629 |
- # NOTE: This check must execute before prepall/prepstrip, since |
630 |
- # prepstrip strips the .GCC.command.line sections. |
631 |
- if type -P scanelf > /dev/null && ! has binchecks ${RESTRICT} && \ |
632 |
- [[ "${CFLAGS}" == *-frecord-gcc-switches* ]] && \ |
633 |
- [[ "${CXXFLAGS}" == *-frecord-gcc-switches* ]] && \ |
634 |
- [[ "${FFLAGS}" == *-frecord-gcc-switches* ]] && \ |
635 |
- [[ "${FCFLAGS}" == *-frecord-gcc-switches* ]] ; then |
636 |
- rm -f "${T}"/scanelf-ignored-CFLAGS.log |
637 |
- for x in $(scanelf -qyRF '#k%p' -k '!.GCC.command.line' "${ED}") ; do |
638 |
- # Separate out file types that are known to support |
639 |
- # .GCC.command.line sections, using the `file` command |
640 |
- # similar to how prepstrip uses it. |
641 |
- f=$(file "${x}") || continue |
642 |
- [[ -z ${f} ]] && continue |
643 |
- if [[ ${f} == *"SB executable"* || |
644 |
- ${f} == *"SB shared object"* ]] ; then |
645 |
- echo "${x}" >> "${T}"/scanelf-ignored-CFLAGS.log |
646 |
+ # Run QA checks from repositories |
647 |
+ # (yes, PORTAGE_ECLASS_LOCATIONS contains repo paths...) |
648 |
+ local repo_location |
649 |
+ for repo_location in "${PORTAGE_ECLASS_LOCATIONS[@]}"; do |
650 |
+ for f in "${repo_location}"/metadata/install-qa-check.d/*; do |
651 |
+ if [[ -f ${f} ]]; then |
652 |
+ ( |
653 |
+ # allow inheriting eclasses |
654 |
+ _IN_INSTALL_QA_CHECK=1 |
655 |
+ source "${f}" || eerror "Post-install QA check ${f##*/} failed to run" |
656 |
+ ) |
657 |
fi |
658 |
done |
659 |
- |
660 |
- if [[ -f "${T}"/scanelf-ignored-CFLAGS.log ]] ; then |
661 |
- |
662 |
- if [ "${QA_STRICT_FLAGS_IGNORED-unset}" = unset ] ; then |
663 |
- for x in "${QA_FLAGS_IGNORED[@]}" ; do |
664 |
- sed -e "s#^${x#/}\$##" -i "${T}"/scanelf-ignored-CFLAGS.log |
665 |
- done |
666 |
- fi |
667 |
- # Filter anything under /usr/lib/debug/ in order to avoid |
668 |
- # duplicate warnings for splitdebug files. |
669 |
- sed -e "s#^usr/lib/debug/.*##" -e "/^\$/d" -e "s#^#/#" \ |
670 |
- -i "${T}"/scanelf-ignored-CFLAGS.log |
671 |
- f=$(<"${T}"/scanelf-ignored-CFLAGS.log) |
672 |
- if [[ -n ${f} ]] ; then |
673 |
- __vecho -ne '\n' |
674 |
- eqawarn "${BAD}QA Notice: Files built without respecting CFLAGS have been detected${NORMAL}" |
675 |
- eqawarn " Please include the following list of files in your report:" |
676 |
- eqawarn "${f}" |
677 |
- __vecho -ne '\n' |
678 |
- sleep 1 |
679 |
- else |
680 |
- rm -f "${T}"/scanelf-ignored-CFLAGS.log |
681 |
- fi |
682 |
- fi |
683 |
- fi |
684 |
+ done |
685 |
|
686 |
export STRIP_MASK |
687 |
prepall |
688 |
@@@ -240,327 -203,6 +209,39 @@@ |
689 |
ecompressdir --dequeue |
690 |
ecompress --dequeue |
691 |
|
692 |
- # Prefix specific checks |
693 |
- [[ ${ED} != ${D} ]] && install_qa_check_prefix |
694 |
- |
695 |
- f= |
696 |
- for x in etc/app-defaults usr/man usr/info usr/X11R6 usr/doc usr/locale ; do |
697 |
- [[ -d ${ED}/$x ]] && f+=" $x\n" |
698 |
- done |
699 |
- if [[ -n $f ]] ; then |
700 |
- eqawarn "QA Notice: This ebuild installs into the following deprecated directories:" |
701 |
- eqawarn |
702 |
- eqawarn "$f" |
703 |
- fi |
704 |
- |
705 |
- # It's ok create these directories, but not to install into them. #493154 |
706 |
- # TODO: We should add var/lib to this list. |
707 |
- f= |
708 |
- for x in var/cache var/lock var/run run ; do |
709 |
- if [[ ! -L ${ED}/${x} && -d ${ED}/${x} ]] ; then |
710 |
- if [[ -z $(find "${ED}/${x}" -prune -empty) ]] ; then |
711 |
- f+=$(cd "${ED}"; find "${x}" -printf ' %p\n') |
712 |
- fi |
713 |
- fi |
714 |
- done |
715 |
- if [[ -n ${f} ]] ; then |
716 |
- eqawarn "QA Notice: This ebuild installs into paths that should be created at runtime." |
717 |
- eqawarn " To fix, simply do not install into these directories. Instead, your package" |
718 |
- eqawarn " should create dirs on the fly at runtime as needed via init scripts/etc..." |
719 |
- eqawarn |
720 |
- eqawarn "${f}" |
721 |
- fi |
722 |
- |
723 |
- set +f |
724 |
- f= |
725 |
- for x in "${ED}etc/udev/rules.d/"* "${ED}lib"*"/udev/rules.d/"* ; do |
726 |
- [[ -e ${x} ]] || continue |
727 |
- [[ ${x} == ${ED}lib/udev/rules.d/* ]] && continue |
728 |
- f+=" ${x#${ED}}\n" |
729 |
- done |
730 |
- if [[ -n $f ]] ; then |
731 |
- eqawarn "QA Notice: udev rules should be installed in /lib/udev/rules.d:" |
732 |
- eqawarn |
733 |
- eqawarn "$f" |
734 |
- fi |
735 |
- |
736 |
- # Now we look for all world writable files. |
737 |
- # PREFIX LOCAL: keep offset in the paths |
738 |
- local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e "s:^${D}:- :") |
739 |
- # END PREFIX LOCAL |
740 |
- if [[ -n ${unsafe_files} ]] ; then |
741 |
- __vecho "QA Security Notice: world writable file(s):" |
742 |
- __vecho "${unsafe_files}" |
743 |
- __vecho "- This may or may not be a security problem, most of the time it is one." |
744 |
- __vecho "- Please double check that $PF really needs a world writeable bit and file bugs accordingly." |
745 |
- sleep 1 |
746 |
- fi |
747 |
- |
748 |
+ # PREFIX LOCAL: |
749 |
+ # anything outside the prefix should be caught by the Prefix QA |
750 |
+ # check, so if there's nothing in ED, we skip searching for QA |
751 |
+ # checks there, the specific QA funcs can hence rely on ED existing |
752 |
+ if [[ -d ${ED} ]] ; then |
753 |
+ case ${CHOST} in |
754 |
+ *-darwin*) |
755 |
+ # Mach-O platforms (NeXT, Darwin, OSX) |
756 |
+ install_qa_check_macho |
757 |
+ ;; |
758 |
+ *-interix*|*-winnt*) |
759 |
+ # PECOFF platforms (Windows/Interix) |
760 |
+ install_qa_check_pecoff |
761 |
+ ;; |
762 |
+ *-aix*) |
763 |
+ # XCOFF platforms (AIX) |
764 |
+ install_qa_check_xcoff |
765 |
+ ;; |
766 |
+ *) |
767 |
+ # because this is the majority: ELF platforms (Linux, |
768 |
+ # Solaris, *BSD, IRIX, etc.) |
769 |
+ install_qa_check_elf |
770 |
+ ;; |
771 |
+ esac |
772 |
+ fi |
773 |
+ |
774 |
+ # this is basically here such that the diff with trunk remains just |
775 |
+ # offsetted and not out of order |
776 |
+ install_qa_check_misc |
777 |
+ # END PREFIX LOCAL |
778 |
+} |
779 |
+ |
780 |
+install_qa_check_elf() { |
781 |
- if type -P scanelf > /dev/null && ! has binchecks ${RESTRICT}; then |
782 |
- local insecure_rpath=0 tmp_quiet=${PORTAGE_QUIET} |
783 |
- local x |
784 |
- |
785 |
- # display warnings when using stricter because we die afterwards |
786 |
- if has stricter ${FEATURES} ; then |
787 |
- unset PORTAGE_QUIET |
788 |
- fi |
789 |
- |
790 |
- # Make sure we disallow insecure RUNPATH/RPATHs. |
791 |
- # 1) References to PORTAGE_BUILDDIR are banned because it's a |
792 |
- # security risk. We don't want to load files from a |
793 |
- # temporary directory. |
794 |
- # 2) If ROOT != "/", references to ROOT are banned because |
795 |
- # that directory won't exist on the target system. |
796 |
- # 3) Null paths are banned because the loader will search $PWD when |
797 |
- # it finds null paths. |
798 |
- local forbidden_dirs="${PORTAGE_BUILDDIR}" |
799 |
- if [[ -n "${ROOT}" && "${ROOT}" != "/" ]]; then |
800 |
- forbidden_dirs+=" ${ROOT}" |
801 |
- fi |
802 |
- local dir l rpath_files=$(scanelf -F '%F:%r' -qBR "${ED}") |
803 |
- f="" |
804 |
- for dir in ${forbidden_dirs}; do |
805 |
- for l in $(echo "${rpath_files}" | grep -E ":${dir}|::|: "); do |
806 |
- f+=" ${l%%:*}\n" |
807 |
- if ! has stricter ${FEATURES}; then |
808 |
- __vecho "Auto fixing rpaths for ${l%%:*}" |
809 |
- TMPDIR="${dir}" scanelf -BXr "${l%%:*}" -o /dev/null |
810 |
- fi |
811 |
- done |
812 |
- done |
813 |
- |
814 |
- # Reject set*id binaries with $ORIGIN in RPATH #260331 |
815 |
- x=$( |
816 |
- find "${ED}" -type f \( -perm -u+s -o -perm -g+s \) -print0 | \ |
817 |
- xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN' |
818 |
- ) |
819 |
- |
820 |
- # Print QA notice. |
821 |
- if [[ -n ${f}${x} ]] ; then |
822 |
- __vecho -ne '\n' |
823 |
- eqawarn "QA Notice: The following files contain insecure RUNPATHs" |
824 |
- eqawarn " Please file a bug about this at http://bugs.gentoo.org/" |
825 |
- eqawarn " with the maintaining herd of the package." |
826 |
- eqawarn "${f}${f:+${x:+\n}}${x}" |
827 |
- __vecho -ne '\n' |
828 |
- if [[ -n ${x} ]] || has stricter ${FEATURES} ; then |
829 |
- insecure_rpath=1 |
830 |
- fi |
831 |
- fi |
832 |
- |
833 |
- # TEXTRELs are baaaaaaaad |
834 |
- # Allow devs to mark things as ignorable ... e.g. things that are |
835 |
- # binary-only and upstream isn't cooperating (nvidia-glx) ... we |
836 |
- # allow ebuild authors to set QA_TEXTRELS_arch and QA_TEXTRELS ... |
837 |
- # the former overrides the latter ... regexes allowed ! :) |
838 |
- qa_var="QA_TEXTRELS_${ARCH/-/_}" |
839 |
- [[ -n ${!qa_var} ]] && QA_TEXTRELS=${!qa_var} |
840 |
- [[ -n ${QA_STRICT_TEXTRELS} ]] && QA_TEXTRELS="" |
841 |
- export QA_TEXTRELS="${QA_TEXTRELS} lib*/modules/*.ko" |
842 |
- f=$(scanelf -qyRF '%t %p' "${ED}" | grep -v 'usr/lib/debug/') |
843 |
- if [[ -n ${f} ]] ; then |
844 |
- scanelf -qyRAF '%T %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-textrel.log |
845 |
- __vecho -ne '\n' |
846 |
- eqawarn "QA Notice: The following files contain runtime text relocations" |
847 |
- eqawarn " Text relocations force the dynamic linker to perform extra" |
848 |
- eqawarn " work at startup, waste system resources, and may pose a security" |
849 |
- eqawarn " risk. On some architectures, the code may not even function" |
850 |
- eqawarn " properly, if at all." |
851 |
- eqawarn " For more information, see http://hardened.gentoo.org/pic-fix-guide.xml" |
852 |
- eqawarn " Please include the following list of files in your report:" |
853 |
- eqawarn "${f}" |
854 |
- __vecho -ne '\n' |
855 |
- die_msg="${die_msg} textrels," |
856 |
- sleep 1 |
857 |
- fi |
858 |
- |
859 |
- # Also, executable stacks only matter on linux (and just glibc atm ...) |
860 |
- f="" |
861 |
- case ${CTARGET:-${CHOST}} in |
862 |
- *-linux-gnu*) |
863 |
- # Check for files with executable stacks, but only on arches which |
864 |
- # are supported at the moment. Keep this list in sync with |
865 |
- # http://www.gentoo.org/proj/en/hardened/gnu-stack.xml (Arch Status) |
866 |
- case ${CTARGET:-${CHOST}} in |
867 |
- arm*|i?86*|ia64*|m68k*|s390*|sh*|x86_64*) |
868 |
- # Allow devs to mark things as ignorable ... e.g. things |
869 |
- # that are binary-only and upstream isn't cooperating ... |
870 |
- # we allow ebuild authors to set QA_EXECSTACK_arch and |
871 |
- # QA_EXECSTACK ... the former overrides the latter ... |
872 |
- # regexes allowed ! :) |
873 |
- |
874 |
- qa_var="QA_EXECSTACK_${ARCH/-/_}" |
875 |
- [[ -n ${!qa_var} ]] && QA_EXECSTACK=${!qa_var} |
876 |
- [[ -n ${QA_STRICT_EXECSTACK} ]] && QA_EXECSTACK="" |
877 |
- qa_var="QA_WX_LOAD_${ARCH/-/_}" |
878 |
- [[ -n ${!qa_var} ]] && QA_WX_LOAD=${!qa_var} |
879 |
- [[ -n ${QA_STRICT_WX_LOAD} ]] && QA_WX_LOAD="" |
880 |
- export QA_EXECSTACK="${QA_EXECSTACK} lib*/modules/*.ko" |
881 |
- export QA_WX_LOAD="${QA_WX_LOAD} lib*/modules/*.ko" |
882 |
- f=$(scanelf -qyRAF '%e %p' "${ED}" | grep -v 'usr/lib/debug/') |
883 |
- ;; |
884 |
- esac |
885 |
- ;; |
886 |
- esac |
887 |
- if [[ -n ${f} ]] ; then |
888 |
- # One more pass to help devs track down the source |
889 |
- scanelf -qyRAF '%e %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-execstack.log |
890 |
- __vecho -ne '\n' |
891 |
- eqawarn "QA Notice: The following files contain writable and executable sections" |
892 |
- eqawarn " Files with such sections will not work properly (or at all!) on some" |
893 |
- eqawarn " architectures/operating systems. A bug should be filed at" |
894 |
- eqawarn " http://bugs.gentoo.org/ to make sure the issue is fixed." |
895 |
- eqawarn " For more information, see http://hardened.gentoo.org/gnu-stack.xml" |
896 |
- eqawarn " Please include the following list of files in your report:" |
897 |
- eqawarn " Note: Bugs should be filed for the respective maintainers" |
898 |
- eqawarn " of the package in question and not hardened@g.o." |
899 |
- eqawarn "${f}" |
900 |
- __vecho -ne '\n' |
901 |
- die_msg="${die_msg} execstacks" |
902 |
- sleep 1 |
903 |
- fi |
904 |
- |
905 |
- # Check for files built without respecting LDFLAGS |
906 |
- if [[ "${LDFLAGS}" == *,--hash-style=gnu* ]] && \ |
907 |
- ! has binchecks ${RESTRICT} ; then |
908 |
- f=$(scanelf -qyRF '#k%p' -k .hash "${ED}") |
909 |
- if [[ -n ${f} ]] ; then |
910 |
- echo "${f}" > "${T}"/scanelf-ignored-LDFLAGS.log |
911 |
- if [ "${QA_STRICT_FLAGS_IGNORED-unset}" = unset ] ; then |
912 |
- for x in "${QA_FLAGS_IGNORED[@]}" ; do |
913 |
- sed -e "s#^${x#/}\$##" -i "${T}"/scanelf-ignored-LDFLAGS.log |
914 |
- done |
915 |
- fi |
916 |
- # Filter anything under /usr/lib/debug/ in order to avoid |
917 |
- # duplicate warnings for splitdebug files. |
918 |
- sed -e "s#^usr/lib/debug/.*##" -e "/^\$/d" -e "s#^#/#" \ |
919 |
- -i "${T}"/scanelf-ignored-LDFLAGS.log |
920 |
- f=$(<"${T}"/scanelf-ignored-LDFLAGS.log) |
921 |
- if [[ -n ${f} ]] ; then |
922 |
- __vecho -ne '\n' |
923 |
- eqawarn "${BAD}QA Notice: Files built without respecting LDFLAGS have been detected${NORMAL}" |
924 |
- eqawarn " Please include the following list of files in your report:" |
925 |
- eqawarn "${f}" |
926 |
- __vecho -ne '\n' |
927 |
- sleep 1 |
928 |
- else |
929 |
- rm -f "${T}"/scanelf-ignored-LDFLAGS.log |
930 |
- fi |
931 |
- fi |
932 |
- fi |
933 |
- |
934 |
- if [[ ${insecure_rpath} -eq 1 ]] ; then |
935 |
- die "Aborting due to serious QA concerns with RUNPATH/RPATH" |
936 |
- elif [[ -n ${die_msg} ]] && has stricter ${FEATURES} ; then |
937 |
- die "Aborting due to QA concerns: ${die_msg}" |
938 |
- fi |
939 |
- |
940 |
- # Check for shared libraries lacking SONAMEs |
941 |
- qa_var="QA_SONAME_${ARCH/-/_}" |
942 |
- eval "[[ -n \${!qa_var} ]] && QA_SONAME=(\"\${${qa_var}[@]}\")" |
943 |
- f=$(scanelf -ByF '%S %p' "${ED}"{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]${ED}:/:") |
944 |
- if [[ -n ${f} ]] ; then |
945 |
- echo "${f}" > "${T}"/scanelf-missing-SONAME.log |
946 |
- if [[ "${QA_STRICT_SONAME-unset}" == unset ]] ; then |
947 |
- if [[ ${#QA_SONAME[@]} -gt 1 ]] ; then |
948 |
- for x in "${QA_SONAME[@]}" ; do |
949 |
- sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-SONAME.log |
950 |
- done |
951 |
- else |
952 |
- local shopts=$- |
953 |
- set -o noglob |
954 |
- for x in ${QA_SONAME} ; do |
955 |
- sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-SONAME.log |
956 |
- done |
957 |
- set +o noglob |
958 |
- set -${shopts} |
959 |
- fi |
960 |
- fi |
961 |
- sed -e "/^\$/d" -i "${T}"/scanelf-missing-SONAME.log |
962 |
- f=$(<"${T}"/scanelf-missing-SONAME.log) |
963 |
- if [[ -n ${f} ]] ; then |
964 |
- __vecho -ne '\n' |
965 |
- eqawarn "QA Notice: The following shared libraries lack a SONAME" |
966 |
- eqawarn "${f}" |
967 |
- __vecho -ne '\n' |
968 |
- sleep 1 |
969 |
- else |
970 |
- rm -f "${T}"/scanelf-missing-SONAME.log |
971 |
- fi |
972 |
- fi |
973 |
- |
974 |
- # Check for shared libraries lacking NEEDED entries |
975 |
- qa_var="QA_DT_NEEDED_${ARCH/-/_}" |
976 |
- eval "[[ -n \${!qa_var} ]] && QA_DT_NEEDED=(\"\${${qa_var}[@]}\")" |
977 |
- # PREFIX LOCAL: keep offset prefix in the recorded files |
978 |
- f=$(scanelf -ByF '%n %p' "${ED}"{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]${D}:/:") |
979 |
- # END PREFIX LOCAL |
980 |
- if [[ -n ${f} ]] ; then |
981 |
- echo "${f}" > "${T}"/scanelf-missing-NEEDED.log |
982 |
- if [[ "${QA_STRICT_DT_NEEDED-unset}" == unset ]] ; then |
983 |
- if [[ ${#QA_DT_NEEDED[@]} -gt 1 ]] ; then |
984 |
- for x in "${QA_DT_NEEDED[@]}" ; do |
985 |
- sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-NEEDED.log |
986 |
- done |
987 |
- else |
988 |
- local shopts=$- |
989 |
- set -o noglob |
990 |
- for x in ${QA_DT_NEEDED} ; do |
991 |
- sed -e "s#^/${x#/}\$##" -i "${T}"/scanelf-missing-NEEDED.log |
992 |
- done |
993 |
- set +o noglob |
994 |
- set -${shopts} |
995 |
- fi |
996 |
- fi |
997 |
- sed -e "/^\$/d" -i "${T}"/scanelf-missing-NEEDED.log |
998 |
- f=$(<"${T}"/scanelf-missing-NEEDED.log) |
999 |
- if [[ -n ${f} ]] ; then |
1000 |
- __vecho -ne '\n' |
1001 |
- eqawarn "QA Notice: The following shared libraries lack NEEDED entries" |
1002 |
- eqawarn "${f}" |
1003 |
- __vecho -ne '\n' |
1004 |
- sleep 1 |
1005 |
- else |
1006 |
- rm -f "${T}"/scanelf-missing-NEEDED.log |
1007 |
- fi |
1008 |
- fi |
1009 |
- |
1010 |
- PORTAGE_QUIET=${tmp_quiet} |
1011 |
- fi |
1012 |
- |
1013 |
# Create NEEDED.ELF.2 regardless of RESTRICT=binchecks, since this info is |
1014 |
# too useful not to have (it's required for things like preserve-libs), and |
1015 |
# it's tempting for ebuild authors to set RESTRICT=binchecks for packages |
1016 |
@@@ -588,829 -230,11 +269,396 @@@ |
1017 |
eqawarn "$(while read -r x; do x=${x#*;} ; x=${x%%;*} ; echo "${x#${EPREFIX}}" ; done < "${PORTAGE_BUILDDIR}"/build-info/NEEDED.ELF.2)" |
1018 |
fi |
1019 |
fi |
1020 |
+} |
1021 |
|
1022 |
+install_qa_check_misc() { |
1023 |
- # PREFIX LOCAL: keep offset prefix in the reported files |
1024 |
- local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm -4002 ')' | sed -e "s:^${D}:/:") |
1025 |
- # END PREFIX LOCAL |
1026 |
- if [[ -n ${unsafe_files} ]] ; then |
1027 |
- eqawarn "QA Notice: Unsafe files detected (set*id and world writable)" |
1028 |
- eqawarn "${unsafe_files}" |
1029 |
- die "Unsafe files found in \${D}. Portage will not install them." |
1030 |
- fi |
1031 |
- |
1032 |
- if [[ -d ${D%/}${D} ]] ; then |
1033 |
- local -i INSTALLTOD=0 |
1034 |
- while read -r -d $'\0' i ; do |
1035 |
- eqawarn "QA Notice: /${i##${D%/}${D}} installed in \${D}/\${D}" |
1036 |
- ((INSTALLTOD++)) |
1037 |
- done < <(find "${D%/}${D}" -print0) |
1038 |
- die "Aborting due to QA concerns: ${INSTALLTOD} files installed in ${D%/}${D}" |
1039 |
- fi |
1040 |
- |
1041 |
- # Sanity check syntax errors in init.d scripts |
1042 |
- local d |
1043 |
- for d in /etc/conf.d /etc/init.d ; do |
1044 |
- [[ -d ${ED}/${d} ]] || continue |
1045 |
- for i in "${ED}"/${d}/* ; do |
1046 |
- [[ -L ${i} ]] && continue |
1047 |
- # if empty conf.d/init.d dir exists (baselayout), then i will be "/etc/conf.d/*" and not exist |
1048 |
- [[ ! -e ${i} ]] && continue |
1049 |
- if [[ ${d} == /etc/init.d && ${i} != *.sh ]] ; then |
1050 |
- # skip non-shell-script for bug #451386 |
1051 |
- [[ $(head -n1 "${i}") =~ ^#!.*[[:space:]/](runscript|sh)$ ]] || continue |
1052 |
- fi |
1053 |
- bash -n "${i}" || die "The init.d file has syntax errors: ${i}" |
1054 |
- done |
1055 |
- done |
1056 |
- |
1057 |
- local checkbashisms=$(type -P checkbashisms) |
1058 |
- if [[ -n ${checkbashisms} ]] ; then |
1059 |
- for d in /etc/init.d ; do |
1060 |
- [[ -d ${ED}${d} ]] || continue |
1061 |
- for i in "${ED}${d}"/* ; do |
1062 |
- [[ -e ${i} ]] || continue |
1063 |
- [[ -L ${i} ]] && continue |
1064 |
- f=$("${checkbashisms}" -f "${i}" 2>&1) |
1065 |
- [[ $? != 0 && -n ${f} ]] || continue |
1066 |
- eqawarn "QA Notice: shell script appears to use non-POSIX feature(s):" |
1067 |
- while read -r ; |
1068 |
- do eqawarn " ${REPLY}" |
1069 |
- done <<< "${f//${ED}}" |
1070 |
- done |
1071 |
- done |
1072 |
- fi |
1073 |
- |
1074 |
- # Look for leaking LDFLAGS into pkg-config files |
1075 |
- f=$(egrep -sH '^Libs.*-Wl,(-O[012]|--hash-style)' "${ED}"/usr/*/pkgconfig/*.pc) |
1076 |
- if [[ -n ${f} ]] ; then |
1077 |
- eqawarn "QA Notice: pkg-config files with wrong LDFLAGS detected:" |
1078 |
- eqawarn "${f//${D}}" |
1079 |
- fi |
1080 |
- |
1081 |
- # this should help to ensure that all (most?) shared libraries are executable |
1082 |
- # and that all libtool scripts / static libraries are not executable |
1083 |
- local j |
1084 |
- for i in "${ED}"opt/*/lib* \ |
1085 |
- "${ED}"lib* \ |
1086 |
- "${ED}"usr/lib* ; do |
1087 |
- [[ ! -d ${i} ]] && continue |
1088 |
- |
1089 |
- for j in "${i}"/*.so.* "${i}"/*.so "${i}"/*.dylib "${i}"/*.dll ; do |
1090 |
- [[ ! -e ${j} ]] && continue |
1091 |
- [[ -L ${j} ]] && continue |
1092 |
- [[ -x ${j} ]] && continue |
1093 |
- __vecho "making executable: ${j#${ED}}" |
1094 |
- chmod +x "${j}" |
1095 |
- done |
1096 |
- |
1097 |
- for j in "${i}"/*.a "${i}"/*.la ; do |
1098 |
- [[ ! -e ${j} ]] && continue |
1099 |
- [[ -L ${j} ]] && continue |
1100 |
- [[ ! -x ${j} ]] && continue |
1101 |
- __vecho "removing executable bit: ${j#${ED}}" |
1102 |
- chmod -x "${j}" |
1103 |
- done |
1104 |
- |
1105 |
- for j in "${i}"/*.{a,dll,dylib,sl,so}.* "${i}"/*.{a,dll,dylib,sl,so} ; do |
1106 |
- [[ ! -e ${j} ]] && continue |
1107 |
- [[ ! -L ${j} ]] && continue |
1108 |
- linkdest=$(readlink "${j}") |
1109 |
- if [[ ${linkdest} == /* ]] ; then |
1110 |
- __vecho -ne '\n' |
1111 |
- eqawarn "QA Notice: Found an absolute symlink in a library directory:" |
1112 |
- eqawarn " ${j#${D}} -> ${linkdest}" |
1113 |
- eqawarn " It should be a relative symlink if in the same directory" |
1114 |
- eqawarn " or a linker script if it crosses the /usr boundary." |
1115 |
- fi |
1116 |
- done |
1117 |
- done |
1118 |
- |
1119 |
- # When installing static libraries into /usr/lib and shared libraries into |
1120 |
- # /lib, we have to make sure we have a linker script in /usr/lib along side |
1121 |
- # the static library, or gcc will utilize the static lib when linking :(. |
1122 |
- # http://bugs.gentoo.org/4411 |
1123 |
- abort="no" |
1124 |
- local a s |
1125 |
- for a in "${ED}"usr/lib*/*.a ; do |
1126 |
- # PREFIX LOCAL: support MachO objects |
1127 |
- [[ ${CHOST} == *-darwin* ]] \ |
1128 |
- && s=${a%.a}.dylib \ |
1129 |
- || s=${a%.a}.so |
1130 |
- # END PREFIX LOCAL |
1131 |
- if [[ ! -e ${s} ]] ; then |
1132 |
- s=${s%usr/*}${s##*/usr/} |
1133 |
- if [[ -e ${s} ]] ; then |
1134 |
- __vecho -ne '\n' |
1135 |
- eqawarn "QA Notice: Missing gen_usr_ldscript for ${s##*/}" |
1136 |
- abort="yes" |
1137 |
- fi |
1138 |
- fi |
1139 |
- done |
1140 |
- [[ ${abort} == "yes" ]] && die "add those ldscripts" |
1141 |
- |
1142 |
- # Make sure people don't store libtool files or static libs in /lib |
1143 |
- # PREFIX LOCAL: on AIX, "dynamic libs" have extension .a, so don't |
1144 |
- # get false positives |
1145 |
- [[ ${CHOST} == *-aix* ]] \ |
1146 |
- && f=$(ls "${ED}"lib*/*.la 2>/dev/null || true) \ |
1147 |
- || f=$(ls "${ED}"lib*/*.{a,la} 2>/dev/null) |
1148 |
- # END PREFIX LOCAL |
1149 |
- if [[ -n ${f} ]] ; then |
1150 |
- __vecho -ne '\n' |
1151 |
- eqawarn "QA Notice: Excessive files found in the / partition" |
1152 |
- eqawarn "${f}" |
1153 |
- __vecho -ne '\n' |
1154 |
- die "static archives (*.a) and libtool library files (*.la) belong in /usr/lib*, not /lib*" |
1155 |
- fi |
1156 |
- |
1157 |
- # Verify that the libtool files don't contain bogus $D entries. |
1158 |
- local abort=no gentoo_bug=no always_overflow=no |
1159 |
- for a in "${ED}"usr/lib*/*.la ; do |
1160 |
- s=${a##*/} |
1161 |
- if grep -qs "${ED}" "${a}" ; then |
1162 |
- __vecho -ne '\n' |
1163 |
- eqawarn "QA Notice: ${s} appears to contain PORTAGE_TMPDIR paths" |
1164 |
- abort="yes" |
1165 |
- fi |
1166 |
- done |
1167 |
- [[ ${abort} == "yes" ]] && die "soiled libtool library files found" |
1168 |
- |
1169 |
- # Evaluate misc gcc warnings |
1170 |
- if [[ -n ${PORTAGE_LOG_FILE} && -r ${PORTAGE_LOG_FILE} ]] ; then |
1171 |
- # In debug mode, this variable definition and corresponding grep calls |
1172 |
- # will produce false positives if they're shown in the trace. |
1173 |
- local reset_debug=0 |
1174 |
- if [[ ${-/x/} != $- ]] ; then |
1175 |
- set +x |
1176 |
- reset_debug=1 |
1177 |
- fi |
1178 |
- local m msgs=( |
1179 |
- ": warning: dereferencing type-punned pointer will break strict-aliasing rules" |
1180 |
- ": warning: dereferencing pointer .* does break strict-aliasing rules" |
1181 |
- ": warning: implicit declaration of function" |
1182 |
- ": warning: incompatible implicit declaration of built-in function" |
1183 |
- ": warning: is used uninitialized in this function" # we'll ignore "may" and "might" |
1184 |
- ": warning: comparisons like X<=Y<=Z do not have their mathematical meaning" |
1185 |
- ": warning: null argument where non-null required" |
1186 |
- ": warning: array subscript is below array bounds" |
1187 |
- ": warning: array subscript is above array bounds" |
1188 |
- ": warning: attempt to free a non-heap object" |
1189 |
- ": warning: .* called with .*bigger.* than .* destination buffer" |
1190 |
- ": warning: call to .* will always overflow destination buffer" |
1191 |
- ": warning: assuming pointer wraparound does not occur when comparing" |
1192 |
- ": warning: hex escape sequence out of range" |
1193 |
- ": warning: [^ ]*-hand operand of comma .*has no effect" |
1194 |
- ": warning: converting to non-pointer type .* from NULL" |
1195 |
- ": warning: NULL used in arithmetic" |
1196 |
- ": warning: passing NULL to non-pointer argument" |
1197 |
- ": warning: the address of [^ ]* will always evaluate as" |
1198 |
- ": warning: the address of [^ ]* will never be NULL" |
1199 |
- ": warning: too few arguments for format" |
1200 |
- ": warning: reference to local variable .* returned" |
1201 |
- ": warning: returning reference to temporary" |
1202 |
- ": warning: function returns address of local variable" |
1203 |
- ": warning: .*\\[-Wsizeof-pointer-memaccess\\]" |
1204 |
- ": warning: .*\\[-Waggressive-loop-optimizations\\]" |
1205 |
- # this may be valid code :/ |
1206 |
- #": warning: multi-character character constant" |
1207 |
- # need to check these two ... |
1208 |
- #": warning: assuming signed overflow does not occur when" |
1209 |
- #": warning: comparison with string literal results in unspecified behav" |
1210 |
- # yacc/lex likes to trigger this one |
1211 |
- #": warning: extra tokens at end of .* directive" |
1212 |
- # only gcc itself triggers this ? |
1213 |
- #": warning: .*noreturn.* function does return" |
1214 |
- # these throw false positives when 0 is used instead of NULL |
1215 |
- #": warning: missing sentinel in function call" |
1216 |
- #": warning: not enough variable arguments to fit a sentinel" |
1217 |
- ) |
1218 |
- abort="no" |
1219 |
- i=0 |
1220 |
- local grep_cmd=grep |
1221 |
- [[ $PORTAGE_LOG_FILE = *.gz ]] && grep_cmd=zgrep |
1222 |
- while [[ -n ${msgs[${i}]} ]] ; do |
1223 |
- m=${msgs[$((i++))]} |
1224 |
- # force C locale to work around slow unicode locales #160234 |
1225 |
- f=$(LC_ALL=C $grep_cmd "${m}" "${PORTAGE_LOG_FILE}") |
1226 |
- if [[ -n ${f} ]] ; then |
1227 |
- abort="yes" |
1228 |
- # for now, don't make this fatal (see bug #337031) |
1229 |
- #case "$m" in |
1230 |
- # ": warning: call to .* will always overflow destination buffer") always_overflow=yes ;; |
1231 |
- #esac |
1232 |
- if [[ $always_overflow = yes ]] ; then |
1233 |
- eerror |
1234 |
- eerror "QA Notice: Package triggers severe warnings which indicate that it" |
1235 |
- eerror " may exhibit random runtime failures." |
1236 |
- eerror |
1237 |
- eerror "${f}" |
1238 |
- eerror |
1239 |
- eerror " Please file a bug about this at http://bugs.gentoo.org/" |
1240 |
- eerror " with the maintaining herd of the package." |
1241 |
- eerror |
1242 |
- else |
1243 |
- __vecho -ne '\n' |
1244 |
- eqawarn "QA Notice: Package triggers severe warnings which indicate that it" |
1245 |
- eqawarn " may exhibit random runtime failures." |
1246 |
- eqawarn "${f}" |
1247 |
- __vecho -ne '\n' |
1248 |
- fi |
1249 |
- fi |
1250 |
- done |
1251 |
- local cat_cmd=cat |
1252 |
- [[ $PORTAGE_LOG_FILE = *.gz ]] && cat_cmd=zcat |
1253 |
- [[ $reset_debug = 1 ]] && set -x |
1254 |
- # Use safe cwd, avoiding unsafe import for bug #469338. |
1255 |
- f=$(cd "${PORTAGE_PYM_PATH}" ; $cat_cmd "${PORTAGE_LOG_FILE}" | \ |
1256 |
- "${PORTAGE_PYTHON:-@PREFIX_PORTAGE_PYTHON@}" "$PORTAGE_BIN_PATH"/check-implicit-pointer-usage.py || die "check-implicit-pointer-usage.py failed") |
1257 |
- if [[ -n ${f} ]] ; then |
1258 |
- |
1259 |
- # In the future this will be a forced "die". In preparation, |
1260 |
- # increase the log level from "qa" to "eerror" so that people |
1261 |
- # are aware this is a problem that must be fixed asap. |
1262 |
- |
1263 |
- # just warn on 32bit hosts but bail on 64bit hosts |
1264 |
- case ${CHOST} in |
1265 |
- alpha*|hppa64*|ia64*|powerpc64*|mips64*|sparc64*|sparcv9*|x86_64*) gentoo_bug=yes ;; |
1266 |
- esac |
1267 |
- |
1268 |
- abort=yes |
1269 |
- |
1270 |
- if [[ $gentoo_bug = yes ]] ; then |
1271 |
- eerror |
1272 |
- eerror "QA Notice: Package triggers severe warnings which indicate that it" |
1273 |
- eerror " will almost certainly crash on 64bit architectures." |
1274 |
- eerror |
1275 |
- eerror "${f}" |
1276 |
- eerror |
1277 |
- eerror " Please file a bug about this at http://bugs.gentoo.org/" |
1278 |
- eerror " with the maintaining herd of the package." |
1279 |
- eerror |
1280 |
- else |
1281 |
- __vecho -ne '\n' |
1282 |
- eqawarn "QA Notice: Package triggers severe warnings which indicate that it" |
1283 |
- eqawarn " will almost certainly crash on 64bit architectures." |
1284 |
- eqawarn "${f}" |
1285 |
- __vecho -ne '\n' |
1286 |
- fi |
1287 |
- |
1288 |
- fi |
1289 |
- if [[ ${abort} == "yes" ]] ; then |
1290 |
- if [[ $gentoo_bug = yes || $always_overflow = yes ]] ; then |
1291 |
- die "install aborted due to severe warnings shown above" |
1292 |
- else |
1293 |
- echo "Please do not file a Gentoo bug and instead" \ |
1294 |
- "report the above QA issues directly to the upstream" \ |
1295 |
- "developers of this software." | fmt -w 70 | \ |
1296 |
- while read -r line ; do eqawarn "${line}" ; done |
1297 |
- eqawarn "Homepage: ${HOMEPAGE}" |
1298 |
- has stricter ${FEATURES} && \ |
1299 |
- die "install aborted due to severe warnings shown above" |
1300 |
- fi |
1301 |
- fi |
1302 |
- fi |
1303 |
- |
1304 |
# Portage regenerates this on the installed system. |
1305 |
rm -f "${ED}"/usr/share/info/dir{,.gz,.bz2} || die "rm failed!" |
1306 |
- |
1307 |
- if has multilib-strict ${FEATURES} && \ |
1308 |
- [[ -x ${EPREFIX}/usr/bin/file && -x ${EPREFIX}/usr/bin/find ]] && \ |
1309 |
- [[ -n ${MULTILIB_STRICT_DIRS} && -n ${MULTILIB_STRICT_DENY} ]] |
1310 |
- then |
1311 |
- rm -f "${T}/multilib-strict.log" |
1312 |
- local abort=no dir file |
1313 |
- MULTILIB_STRICT_EXEMPT=$(echo ${MULTILIB_STRICT_EXEMPT} | sed -e 's:\([(|)]\):\\\1:g') |
1314 |
- for dir in ${MULTILIB_STRICT_DIRS} ; do |
1315 |
- [[ -d ${ED}/${dir} ]] || continue |
1316 |
- for file in $(find ${ED}/${dir} -type f | grep -v "^${ED}/${dir}/${MULTILIB_STRICT_EXEMPT}"); do |
1317 |
- if file ${file} | egrep -q "${MULTILIB_STRICT_DENY}" ; then |
1318 |
- echo "${file#${ED}//}" >> "${T}/multilib-strict.log" |
1319 |
- fi |
1320 |
- done |
1321 |
- done |
1322 |
- |
1323 |
- if [[ -s ${T}/multilib-strict.log ]] ; then |
1324 |
- if [[ ${#QA_MULTILIB_PATHS[@]} -eq 1 ]] ; then |
1325 |
- local shopts=$- |
1326 |
- set -o noglob |
1327 |
- QA_MULTILIB_PATHS=(${QA_MULTILIB_PATHS}) |
1328 |
- set +o noglob |
1329 |
- set -${shopts} |
1330 |
- fi |
1331 |
- if [ "${QA_STRICT_MULTILIB_PATHS-unset}" = unset ] ; then |
1332 |
- for x in "${QA_MULTILIB_PATHS[@]}" ; do |
1333 |
- sed -e "s#^${x#/}\$##" -i "${T}/multilib-strict.log" |
1334 |
- done |
1335 |
- sed -e "/^\$/d" -i "${T}/multilib-strict.log" |
1336 |
- fi |
1337 |
- if [[ -s ${T}/multilib-strict.log ]] ; then |
1338 |
- abort=yes |
1339 |
- echo "Files matching a file type that is not allowed:" |
1340 |
- while read -r ; do |
1341 |
- echo " ${REPLY}" |
1342 |
- done < "${T}/multilib-strict.log" |
1343 |
- fi |
1344 |
- fi |
1345 |
- |
1346 |
- [[ ${abort} == yes ]] && die "multilib-strict check failed!" |
1347 |
- fi |
1348 |
- } |
1349 |
- |
1350 |
- install_qa_check_prefix() { |
1351 |
- if [[ -d ${ED%/}/${D} ]] ; then |
1352 |
- find "${ED%/}/${D}" | \ |
1353 |
- while read i ; do |
1354 |
- eqawarn "QA Notice: /${i##${ED%/}/${D}} installed in \${ED}/\${D}" |
1355 |
- done |
1356 |
- die "Aborting due to QA concerns: files installed in ${ED}/${D}" |
1357 |
- fi |
1358 |
- |
1359 |
- if [[ -d ${ED%/}/${EPREFIX} ]] ; then |
1360 |
- find "${ED%/}/${EPREFIX}/" | \ |
1361 |
- while read i ; do |
1362 |
- eqawarn "QA Notice: ${i#${D}} double prefix" |
1363 |
- done |
1364 |
- die "Aborting due to QA concerns: double prefix files installed" |
1365 |
- fi |
1366 |
- |
1367 |
- if [[ -d ${D} ]] ; then |
1368 |
- INSTALLTOD=$(find ${D%/} | egrep -v "^${ED}" | sed -e "s|^${D%/}||" | awk '{if (length($0) <= length("'"${EPREFIX}"'")) { if (substr("'"${EPREFIX}"'", 1, length($0)) != $0) {print $0;} } else if (substr($0, 1, length("'"${EPREFIX}"'")) != "'"${EPREFIX}"'") {print $0;} }') |
1369 |
- if [[ -n ${INSTALLTOD} ]] ; then |
1370 |
- eqawarn "QA Notice: the following files are outside of the prefix:" |
1371 |
- eqawarn "${INSTALLTOD}" |
1372 |
- die "Aborting due to QA concerns: there are files installed outside the prefix" |
1373 |
- fi |
1374 |
- fi |
1375 |
- |
1376 |
- # all further checks rely on ${ED} existing |
1377 |
- [[ -d ${ED} ]] || return |
1378 |
- |
1379 |
- # check shebangs, bug #282539 |
1380 |
- rm -f "${T}"/non-prefix-shebangs-errs |
1381 |
- local WHITELIST=" /usr/bin/env " |
1382 |
- # this is hell expensive, but how else? |
1383 |
- find "${ED}" -executable \! -type d -print0 \ |
1384 |
- | xargs -0 grep -H -n -m1 "^#!" \ |
1385 |
- | while read f ; |
1386 |
- do |
1387 |
- local fn=${f%%:*} |
1388 |
- local pos=${f#*:} ; pos=${pos%:*} |
1389 |
- local line=${f##*:} |
1390 |
- # shebang always appears on the first line ;) |
1391 |
- [[ ${pos} != 1 ]] && continue |
1392 |
- local oldIFS=${IFS} |
1393 |
- IFS=$'\r'$'\n'$'\t'" " |
1394 |
- line=( ${line#"#!"} ) |
1395 |
- IFS=${oldIFS} |
1396 |
- [[ ${WHITELIST} == *" ${line[0]} "* ]] && continue |
1397 |
- local fp=${fn#${D}} ; fp=/${fp%/*} |
1398 |
- # line[0] can be an absolutised path, bug #342929 |
1399 |
- local eprefix=$(canonicalize ${EPREFIX}) |
1400 |
- local rf=${fn} |
1401 |
- # in case we deal with a symlink, make sure we don't replace it |
1402 |
- # with a real file (sed -i does that) |
1403 |
- if [[ -L ${fn} ]] ; then |
1404 |
- rf=$(readlink ${fn}) |
1405 |
- [[ ${rf} != /* ]] && rf=${fn%/*}/${rf} |
1406 |
- # ignore symlinks pointing to outside prefix |
1407 |
- # as seen in sys-devel/native-cctools |
1408 |
- [[ $(canonicalize "/${rf#${D}}") != ${eprefix}/* ]] && continue |
1409 |
- fi |
1410 |
- # does the shebang start with ${EPREFIX}, and does it exist? |
1411 |
- if [[ ${line[0]} == ${EPREFIX}/* || ${line[0]} == ${eprefix}/* ]] ; then |
1412 |
- if [[ ! -e ${ROOT%/}${line[0]} && ! -e ${D%/}${line[0]} ]] ; then |
1413 |
- # hmm, refers explicitly to $EPREFIX, but doesn't exist, |
1414 |
- # if it's in PATH that's wrong in any case |
1415 |
- if [[ ":${PATH}:" == *":${fp}:"* ]] ; then |
1416 |
- echo "${fn#${D}}:${line[0]} (explicit EPREFIX but target not found)" \ |
1417 |
- >> "${T}"/non-prefix-shebangs-errs |
1418 |
- else |
1419 |
- eqawarn "${fn#${D}} has explicit EPREFIX in shebang but target not found (${line[0]})" |
1420 |
- fi |
1421 |
- fi |
1422 |
- continue |
1423 |
- fi |
1424 |
- # unprefixed shebang, is the script directly in $PATH or an init |
1425 |
- # script? |
1426 |
- if [[ ":${PATH}:${EPREFIX}/etc/init.d:" == *":${fp}:"* ]] ; then |
1427 |
- if [[ -e ${EROOT}${line[0]} || -e ${ED}${line[0]} ]] ; then |
1428 |
- # is it unprefixed, but we can just fix it because a |
1429 |
- # prefixed variant exists |
1430 |
- eqawarn "prefixing shebang of ${fn#${D}}" |
1431 |
- # statement is made idempotent on purpose, because |
1432 |
- # symlinks may point to the same target, and hence the |
1433 |
- # same real file may be sedded multiple times since we |
1434 |
- # read the shebangs in one go upfront for performance |
1435 |
- # reasons |
1436 |
- sed -i -e '1s:^#! \?'"${line[0]}"':#!'"${EPREFIX}"${line[0]}':' "${rf}" |
1437 |
- continue |
1438 |
- else |
1439 |
- # this is definitely wrong: script in $PATH and invalid shebang |
1440 |
- echo "${fn#${D}}:${line[0]} (script ${fn##*/} installed in PATH but interpreter ${line[0]} not found)" \ |
1441 |
- >> "${T}"/non-prefix-shebangs-errs |
1442 |
- fi |
1443 |
- else |
1444 |
- # unprefixed/invalid shebang, but outside $PATH, this may be |
1445 |
- # intended (e.g. config.guess) so remain silent by default |
1446 |
- has stricter ${FEATURES} && \ |
1447 |
- eqawarn "invalid shebang in ${fn#${D}}: ${line[0]}" |
1448 |
- fi |
1449 |
- done |
1450 |
- if [[ -e "${T}"/non-prefix-shebangs-errs ]] ; then |
1451 |
- eqawarn "QA Notice: the following files use invalid (possible non-prefixed) shebangs:" |
1452 |
- while read line ; do |
1453 |
- eqawarn " ${line}" |
1454 |
- done < "${T}"/non-prefix-shebangs-errs |
1455 |
- rm -f "${T}"/non-prefix-shebangs-errs |
1456 |
- die "Aborting due to QA concerns: invalid shebangs found" |
1457 |
- fi |
1458 |
} |
1459 |
|
1460 |
+install_qa_check_macho() { |
1461 |
+ if ! has binchecks ${RESTRICT} ; then |
1462 |
+ # on Darwin, dynamic libraries are called .dylibs instead of |
1463 |
+ # .sos. In addition the version component is before the |
1464 |
+ # extension, not after it. Check for this, and *only* warn |
1465 |
+ # about it. Some packages do ship .so files on Darwin and make |
1466 |
+ # it work (ugly!). |
1467 |
+ rm -f "${T}/mach-o.check" |
1468 |
+ find ${ED%/} -name "*.so" -or -name "*.so.*" | \ |
1469 |
+ while read i ; do |
1470 |
+ [[ $(file $i) == *"Mach-O"* ]] && \ |
1471 |
+ echo "${i#${D}}" >> "${T}/mach-o.check" |
1472 |
+ done |
1473 |
+ if [[ -f ${T}/mach-o.check ]] ; then |
1474 |
+ f=$(< "${T}/mach-o.check") |
1475 |
+ vecho -ne '\a\n' |
1476 |
+ eqawarn "QA Notice: Found .so dynamic libraries on Darwin:" |
1477 |
+ eqawarn " ${f//$'\n'/\n }" |
1478 |
+ fi |
1479 |
+ rm -f "${T}/mach-o.check" |
1480 |
+ |
1481 |
+ # The naming for dynamic libraries is different on Darwin; the |
1482 |
+ # version component is before the extention, instead of after |
1483 |
+ # it, as with .sos. Again, make this a warning only. |
1484 |
+ rm -f "${T}/mach-o.check" |
1485 |
+ find ${ED%/} -name "*.dylib.*" | \ |
1486 |
+ while read i ; do |
1487 |
+ echo "${i#${D}}" >> "${T}/mach-o.check" |
1488 |
+ done |
1489 |
+ if [[ -f "${T}/mach-o.check" ]] ; then |
1490 |
+ f=$(< "${T}/mach-o.check") |
1491 |
+ vecho -ne '\a\n' |
1492 |
+ eqawarn "QA Notice: Found wrongly named dynamic libraries on Darwin:" |
1493 |
+ eqawarn " ${f// /\n }" |
1494 |
+ fi |
1495 |
+ rm -f "${T}/mach-o.check" |
1496 |
+ fi |
1497 |
+ |
1498 |
+ install_name_is_relative() { |
1499 |
+ case $1 in |
1500 |
+ "@executable_path/"*) return 0 ;; |
1501 |
+ "@loader_path"/*) return 0 ;; |
1502 |
+ "@rpath/"*) return 0 ;; |
1503 |
+ *) return 1 ;; |
1504 |
+ esac |
1505 |
+ } |
1506 |
+ |
1507 |
+ # While we generate the NEEDED files, check that we don't get kernel |
1508 |
+ # traps at runtime because of broken install_names on Darwin. |
1509 |
+ rm -f "${T}"/.install_name_check_failed |
1510 |
+ scanmacho -qyRF '%a;%p;%S;%n' "${D}" | { while IFS= read l ; do |
1511 |
+ arch=${l%%;*}; l=${l#*;} |
1512 |
+ obj="/${l%%;*}"; l=${l#*;} |
1513 |
+ install_name=${l%%;*}; l=${l#*;} |
1514 |
+ needed=${l%%;*}; l=${l#*;} |
1515 |
+ |
1516 |
+ ignore= |
1517 |
+ qa_var="QA_IGNORE_INSTALL_NAME_FILES_${ARCH/-/_}" |
1518 |
+ eval "[[ -n \${!qa_var} ]] && |
1519 |
+ QA_IGNORE_INSTALL_NAME_FILES=(\"\${${qa_var}[@]}\")" |
1520 |
+ |
1521 |
+ if [[ ${#QA_IGNORE_INSTALL_NAME_FILES[@]} -gt 1 ]] ; then |
1522 |
+ for x in "${QA_IGNORE_INSTALL_NAME_FILES[@]}" ; do |
1523 |
+ [[ ${obj##*/} == ${x} ]] && \ |
1524 |
+ ignore=true |
1525 |
+ done |
1526 |
+ else |
1527 |
+ local shopts=$- |
1528 |
+ set -o noglob |
1529 |
+ for x in ${QA_IGNORE_INSTALL_NAME_FILES} ; do |
1530 |
+ [[ ${obj##*/} == ${x} ]] && \ |
1531 |
+ ignore=true |
1532 |
+ done |
1533 |
+ set +o noglob |
1534 |
+ set -${shopts} |
1535 |
+ fi |
1536 |
+ |
1537 |
+ # See if the self-reference install_name points to an existing |
1538 |
+ # and to be installed file. This usually is a symlink for the |
1539 |
+ # major version. |
1540 |
+ if install_name_is_relative ${install_name} ; then |
1541 |
+ # try to locate the library in the installed image |
1542 |
+ local inpath=${install_name#@*/} |
1543 |
+ local libl |
1544 |
+ for libl in $(find "${ED}" -name "${inpath##*/}") ; do |
1545 |
+ if [[ ${libl} == */${inpath} ]] ; then |
1546 |
+ install_name=/${libl#${D}} |
1547 |
+ break |
1548 |
+ fi |
1549 |
+ done |
1550 |
+ fi |
1551 |
+ if [[ ! -e ${D}${install_name} ]] ; then |
1552 |
+ eqawarn "QA Notice: invalid self-reference install_name ${install_name} in ${obj}" |
1553 |
+ # remember we are in an implicit subshell, that's |
1554 |
+ # why we touch a file here ... ideally we should be |
1555 |
+ # able to die correctly/nicely here |
1556 |
+ [[ -z ${ignore} && touch "${T}"/.install_name_check_failed |
1557 |
+ fi |
1558 |
+ |
1559 |
+ # this is ugly, paths with spaces won't work |
1560 |
+ for lib in ${needed//,/ } ; do |
1561 |
+ if [[ ${lib} == ${D}* ]] ; then |
1562 |
+ eqawarn "QA Notice: install_name references \${D}: ${lib} in ${obj}" |
1563 |
+ [[ -z ${ignore} && touch "${T}"/.install_name_check_failed |
1564 |
+ elif [[ ${lib} == ${S}* ]] ; then |
1565 |
+ eqawarn "QA Notice: install_name references \${S}: ${lib} in ${obj}" |
1566 |
+ [[ -z ${ignore} && touch "${T}"/.install_name_check_failed |
1567 |
+ elif ! install_name_is_relative ${lib} && [[ ! -e ${lib} && ! -e ${D}${lib} ]] ; then |
1568 |
+ eqawarn "QA Notice: invalid reference to ${lib} in ${obj}" |
1569 |
+ [[ -z ${ignore} && touch "${T}"/.install_name_check_failed |
1570 |
+ fi |
1571 |
+ done |
1572 |
+ |
1573 |
+ # backwards compatibility |
1574 |
+ echo "${obj} ${needed}" >> "${PORTAGE_BUILDDIR}"/build-info/NEEDED |
1575 |
+ # what we use |
1576 |
+ echo "${arch};${obj};${install_name};${needed}" >> "${PORTAGE_BUILDDIR}"/build-info/NEEDED.MACHO.3 |
1577 |
+ done } |
1578 |
+ if [[ -f ${T}/.install_name_check_failed ]] ; then |
1579 |
+ # secret switch "allow_broken_install_names" to get |
1580 |
+ # around this and install broken crap (not a good idea) |
1581 |
+ has allow_broken_install_names ${FEATURES} || \ |
1582 |
+ die "invalid install_name found, your application or library will crash at runtime" |
1583 |
+ fi |
1584 |
+} |
1585 |
+ |
1586 |
+install_qa_check_pecoff() { |
1587 |
+ local _pfx_scan="readpecoff ${CHOST}" |
1588 |
+ |
1589 |
+ # this one uses readpecoff, which supports multiple prefix platforms! |
1590 |
+ # this is absolutely _not_ optimized for speed, and there may be plenty |
1591 |
+ # of possibilities by introducing one or the other cache! |
1592 |
+ if ! has binchecks ${RESTRICT}; then |
1593 |
+ # copied and adapted from the above scanelf code. |
1594 |
+ local qa_var insecure_rpath=0 tmp_quiet=${PORTAGE_QUIET} |
1595 |
+ local f x |
1596 |
+ |
1597 |
+ # display warnings when using stricter because we die afterwards |
1598 |
+ if has stricter ${FEATURES} ; then |
1599 |
+ unset PORTAGE_QUIET |
1600 |
+ fi |
1601 |
+ |
1602 |
+ local _exec_find_opt="-executable" |
1603 |
+ [[ ${CHOST} == *-winnt* ]] && _exec_find_opt='-name *.dll -o -name *.exe' |
1604 |
+ |
1605 |
+ # Make sure we disallow insecure RUNPATH/RPATH's |
1606 |
+ # Don't want paths that point to the tree where the package was built |
1607 |
+ # (older, broken libtools would do this). Also check for null paths |
1608 |
+ # because the loader will search $PWD when it finds null paths. |
1609 |
+ |
1610 |
+ f=$( |
1611 |
+ find "${ED}" -type f '(' ${_exec_find_opt} ')' -print0 | xargs -0 ${_pfx_scan} | \ |
1612 |
+ while IFS=";" read arch obj soname rpath needed ; do \ |
1613 |
+ echo "${rpath}" | grep -E "(${PORTAGE_BUILDDIR}|: |::|^:|^ )" > /dev/null 2>&1 \ |
1614 |
+ && echo "${obj}"; done; |
1615 |
+ ) |
1616 |
+ # Reject set*id binaries with $ORIGIN in RPATH #260331 |
1617 |
+ x=$( |
1618 |
+ find "${ED}" -type f '(' -perm -u+s -o -perm -g+s ')' -print0 | \ |
1619 |
+ xargs -0 ${_pfx_scan} | while IFS=";" read arch obj soname rpath needed; do \ |
1620 |
+ echo "${rpath}" | grep '$ORIGIN' > /dev/null 2>&1 && echo "${obj}"; done; |
1621 |
+ ) |
1622 |
+ if [[ -n ${f}${x} ]] ; then |
1623 |
+ vecho -ne '\a\n' |
1624 |
+ eqawarn "QA Notice: The following files contain insecure RUNPATH's" |
1625 |
+ eqawarn " Please file a bug about this at http://bugs.gentoo.org/" |
1626 |
+ eqawarn " with the maintaining herd of the package." |
1627 |
+ eqawarn "${f}${f:+${x:+\n}}${x}" |
1628 |
+ vecho -ne '\a\n' |
1629 |
+ if [[ -n ${x} ]] || has stricter ${FEATURES} ; then |
1630 |
+ insecure_rpath=1 |
1631 |
+ else |
1632 |
+ eqawarn "cannot automatically fix runpaths on interix platforms!" |
1633 |
+ fi |
1634 |
+ fi |
1635 |
+ |
1636 |
+ rm -f "${PORTAGE_BUILDDIR}"/build-info/NEEDED |
1637 |
+ rm -f "${PORTAGE_BUILDDIR}"/build-info/NEEDED.PECOFF.1 |
1638 |
+ |
1639 |
+ # Save NEEDED information after removing self-contained providers |
1640 |
+ find "${ED}" -type f '(' ${_exec_find_opt} ')' -print0 | xargs -0 ${_pfx_scan} | { while IFS=';' read arch obj soname rpath needed; do |
1641 |
+ # need to strip image dir from object name. |
1642 |
+ obj="/${obj#${D}}" |
1643 |
+ if [ -z "${rpath}" -o -n "${rpath//*ORIGIN*}" ]; then |
1644 |
+ # object doesn't contain $ORIGIN in its runpath attribute |
1645 |
+ echo "${obj} ${needed}" >> "${PORTAGE_BUILDDIR}"/build-info/NEEDED |
1646 |
+ echo "${arch};${obj};${soname};${rpath};${needed}" >> "${PORTAGE_BUILDDIR}"/build-info/NEEDED.PECOFF.1 |
1647 |
+ else |
1648 |
+ dir=${obj%/*} |
1649 |
+ # replace $ORIGIN with the dirname of the current object for the lookup |
1650 |
+ opath=$(echo :${rpath}: | sed -e "s#.*:\(.*\)\$ORIGIN\(.*\):.*#\1${dir}\2#") |
1651 |
+ sneeded=$(echo ${needed} | tr , ' ') |
1652 |
+ rneeded="" |
1653 |
+ for lib in ${sneeded}; do |
1654 |
+ found=0 |
1655 |
+ for path in ${opath//:/ }; do |
1656 |
+ [ -e "${ED}/${path}/${lib}" ] && found=1 && break |
1657 |
+ done |
1658 |
+ [ "${found}" -eq 0 ] && rneeded="${rneeded},${lib}" |
1659 |
+ done |
1660 |
+ rneeded=${rneeded:1} |
1661 |
+ if [ -n "${rneeded}" ]; then |
1662 |
+ echo "${obj} ${rneeded}" >> "${PORTAGE_BUILDDIR}"/build-info/NEEDED |
1663 |
+ echo "${arch};${obj};${soname};${rpath};${rneeded}" >> "${PORTAGE_BUILDDIR}"/build-info/NEEDED.PECOFF.1 |
1664 |
+ fi |
1665 |
+ fi |
1666 |
+ done } |
1667 |
+ |
1668 |
+ if [[ ${insecure_rpath} -eq 1 ]] ; then |
1669 |
+ die "Aborting due to serious QA concerns with RUNPATH/RPATH" |
1670 |
+ elif [[ -n ${die_msg} ]] && has stricter ${FEATURES} ; then |
1671 |
+ die "Aborting due to QA concerns: ${die_msg}" |
1672 |
+ fi |
1673 |
+ |
1674 |
+ local _so_ext='.so*' |
1675 |
+ |
1676 |
+ case "${CHOST}" in |
1677 |
+ *-winnt*) _so_ext=".dll" ;; # no "*" intentionally! |
1678 |
+ esac |
1679 |
+ |
1680 |
+ # Run some sanity checks on shared libraries |
1681 |
+ for d in "${ED}"lib* "${ED}"usr/lib* ; do |
1682 |
+ [[ -d "${d}" ]] || continue |
1683 |
+ f=$(find "${d}" -name "lib*${_so_ext}" -print0 | \ |
1684 |
+ xargs -0 ${_pfx_scan} | while IFS=";" read arch obj soname rpath needed; \ |
1685 |
+ do [[ -z "${soname}" ]] && echo "${obj}"; done) |
1686 |
+ if [[ -n ${f} ]] ; then |
1687 |
+ vecho -ne '\a\n' |
1688 |
+ eqawarn "QA Notice: The following shared libraries lack a SONAME" |
1689 |
+ eqawarn "${f}" |
1690 |
+ vecho -ne '\a\n' |
1691 |
+ sleep 1 |
1692 |
+ fi |
1693 |
+ |
1694 |
+ f=$(find "${d}" -name "lib*${_so_ext}" -print0 | \ |
1695 |
+ xargs -0 ${_pfx_scan} | while IFS=";" read arch obj soname rpath needed; \ |
1696 |
+ do [[ -z "${needed}" ]] && echo "${obj}"; done) |
1697 |
+ if [[ -n ${f} ]] ; then |
1698 |
+ vecho -ne '\a\n' |
1699 |
+ eqawarn "QA Notice: The following shared libraries lack NEEDED entries" |
1700 |
+ eqawarn "${f}" |
1701 |
+ vecho -ne '\a\n' |
1702 |
+ sleep 1 |
1703 |
+ fi |
1704 |
+ done |
1705 |
+ |
1706 |
+ PORTAGE_QUIET=${tmp_quiet} |
1707 |
+ fi |
1708 |
+} |
1709 |
+ |
1710 |
+install_qa_check_xcoff() { |
1711 |
+ if ! has binchecks ${RESTRICT}; then |
1712 |
+ local tmp_quiet=${PORTAGE_QUIET} |
1713 |
+ local queryline deplib |
1714 |
+ local insecure_rpath_list= undefined_symbols_list= |
1715 |
+ |
1716 |
+ # display warnings when using stricter because we die afterwards |
1717 |
+ if has stricter ${FEATURES} ; then |
1718 |
+ unset PORTAGE_QUIET |
1719 |
+ fi |
1720 |
+ |
1721 |
+ rm -f "${PORTAGE_BUILDDIR}"/build-info/NEEDED.XCOFF.1 |
1722 |
+ |
1723 |
+ local neededfd |
1724 |
+ for neededfd in {3..1024} none; do ( : <&${neededfd} ) 2>/dev/null || break; done |
1725 |
+ [[ ${neededfd} != none ]] || die "cannot find free file descriptor handle" |
1726 |
+ |
1727 |
+ eval "exec ${neededfd}>\"${PORTAGE_BUILDDIR}\"/build-info/NEEDED.XCOFF.1" || die "cannot open ${PORTAGE_BUILDDIR}/build-info/NEEDED.XCOFF.1" |
1728 |
+ |
1729 |
+ ( # work around a problem in /usr/bin/dump (used by aixdll-query) |
1730 |
+ # dumping core when path names get too long. |
1731 |
+ cd "${ED}" >/dev/null && |
1732 |
+ find . -not -type d -exec \ |
1733 |
+ aixdll-query '{}' FILE MEMBER FLAGS FORMAT RUNPATH DEPLIBS ';' |
1734 |
+ ) > "${T}"/needed 2>/dev/null |
1735 |
+ |
1736 |
+ # Symlinking shared archive libraries is not a good idea on aix, |
1737 |
+ # as there is nothing like "soname" on pure filesystem level. |
1738 |
+ # So we create a copy instead of the symlink. |
1739 |
+ local prev_FILE= |
1740 |
+ local FILE MEMBER FLAGS FORMAT RUNPATH DEPLIBS |
1741 |
+ while read queryline |
1742 |
+ do |
1743 |
+ FILE= MEMBER= FLAGS= FORMAT= RUNPATH= DEPLIBS= |
1744 |
+ eval ${queryline} |
1745 |
+ FILE=${FILE#./} |
1746 |
+ |
1747 |
+ if [[ ${prev_FILE} != ${FILE} ]]; then |
1748 |
+ if [[ " ${FLAGS} " == *" SHROBJ "* && -h ${ED}${FILE} ]]; then |
1749 |
+ prev_FILE=${FILE} |
1750 |
+ local target=$(readlink "${ED}${FILE}") |
1751 |
+ if [[ ${target} == /* ]]; then |
1752 |
+ target=${D}${target} |
1753 |
+ else |
1754 |
+ target=${FILE%/*}/${target} |
1755 |
+ fi |
1756 |
+ rm -f "${ED}${FILE}" || die "cannot prune ${FILE}" |
1757 |
+ cp -f "${ED}${target}" "${ED}${FILE}" || die "cannot copy ${target} to ${FILE}" |
1758 |
+ fi |
1759 |
+ fi |
1760 |
+ done <"${T}"/needed |
1761 |
+ |
1762 |
+ prev_FILE= |
1763 |
+ while read queryline |
1764 |
+ do |
1765 |
+ FILE= MEMBER= FLAGS= FORMAT= RUNPATH= DEPLIBS= |
1766 |
+ eval ${queryline} |
1767 |
+ FILE=${FILE#./} |
1768 |
+ |
1769 |
+ if [[ -n ${MEMBER} && ${prev_FILE} != ${FILE} ]]; then |
1770 |
+ # Save NEEDED information for each archive library stub |
1771 |
+ # even if it is static only: the already installed archive |
1772 |
+ # may contain shared objects to be preserved. |
1773 |
+ echo "${FORMAT##* }${FORMAT%%-*};${EPREFIX}/${FILE};${FILE##*/};;" >&${neededfd} |
1774 |
+ fi |
1775 |
+ prev_FILE=${FILE} |
1776 |
+ |
1777 |
+ # shared objects have both EXEC and SHROBJ flags, |
1778 |
+ # while executables have EXEC flag only. |
1779 |
+ [[ " ${FLAGS} " == *" EXEC "* ]] || continue |
1780 |
+ |
1781 |
+ # Make sure we disallow insecure RUNPATH's |
1782 |
+ # Don't want paths that point to the tree where the package was built |
1783 |
+ # (older, broken libtools would do this). Also check for null paths |
1784 |
+ # because the loader will search $PWD when it finds null paths. |
1785 |
+ # And we really want absolute paths only. |
1786 |
+ if [[ -n $(echo ":${RUNPATH}:" | grep -E "(${PORTAGE_BUILDDIR}|::|:[^/])") ]]; then |
1787 |
+ insecure_rpath_list="${insecure_rpath_list}\n${FILE}${MEMBER:+[${MEMBER}]}" |
1788 |
+ fi |
1789 |
+ |
1790 |
+ local needed= |
1791 |
+ [[ -n ${MEMBER} ]] && needed=${FILE##*/} |
1792 |
+ for deplib in ${DEPLIBS}; do |
1793 |
+ eval deplib=${deplib} |
1794 |
+ if [[ ${deplib} == '.' || ${deplib} == '..' ]]; then |
1795 |
+ # Although we do have runtime linking, we don't want undefined symbols. |
1796 |
+ # AIX does indicate this by needing either '.' or '..' |
1797 |
+ undefined_symbols_list="${undefined_symbols_list}\n${FILE}" |
1798 |
+ else |
1799 |
+ needed="${needed}${needed:+,}${deplib}" |
1800 |
+ fi |
1801 |
+ done |
1802 |
+ |
1803 |
+ FILE=${EPREFIX}/${FILE} |
1804 |
+ |
1805 |
+ [[ -n ${MEMBER} ]] && MEMBER="[${MEMBER}]" |
1806 |
+ # Save NEEDED information |
1807 |
+ echo "${FORMAT##* }${FORMAT%%-*};${FILE}${MEMBER};${FILE##*/}${MEMBER};${RUNPATH};${needed}" >&${neededfd} |
1808 |
+ done <"${T}"/needed |
1809 |
+ |
1810 |
+ eval "exec ${neededfd}>&-" || die "cannot close handle to ${PORTAGE_BUILDDIR}/build-info/NEEDED.XCOFF.1" |
1811 |
+ |
1812 |
+ if [[ -n ${undefined_symbols_list} ]]; then |
1813 |
+ vecho -ne '\a\n' |
1814 |
+ eqawarn "QA Notice: The following files contain undefined symbols." |
1815 |
+ eqawarn " Please file a bug about this at http://bugs.gentoo.org/" |
1816 |
+ eqawarn " with 'prefix' as the maintaining herd of the package." |
1817 |
+ eqawarn "${undefined_symbols_list}" |
1818 |
+ vecho -ne '\a\n' |
1819 |
+ fi |
1820 |
+ |
1821 |
+ if [[ -n ${insecure_rpath_list} ]] ; then |
1822 |
+ vecho -ne '\a\n' |
1823 |
+ eqawarn "QA Notice: The following files contain insecure RUNPATH's" |
1824 |
+ eqawarn " Please file a bug about this at http://bugs.gentoo.org/" |
1825 |
+ eqawarn " with 'prefix' as the maintaining herd of the package." |
1826 |
+ eqawarn "${insecure_rpath_list}" |
1827 |
+ vecho -ne '\a\n' |
1828 |
+ if has stricter ${FEATURES} ; then |
1829 |
+ insecure_rpath=1 |
1830 |
+ fi |
1831 |
+ fi |
1832 |
+ |
1833 |
+ if [[ ${insecure_rpath} -eq 1 ]] ; then |
1834 |
+ die "Aborting due to serious QA concerns with RUNPATH/RPATH" |
1835 |
+ elif [[ -n ${die_msg} ]] && has stricter ${FEATURES} ; then |
1836 |
+ die "Aborting due to QA concerns: ${die_msg}" |
1837 |
+ fi |
1838 |
+ |
1839 |
+ PORTAGE_QUIET=${tmp_quiet} |
1840 |
+ fi |
1841 |
+} |
1842 |
+ |
1843 |
install_mask() { |
1844 |
local root="$1" |
1845 |
shift |
1846 |
diff --cc bin/portageq |
1847 |
index ea9dfde,009f116..7b9e177 |
1848 |
--- a/bin/portageq |
1849 |
+++ b/bin/portageq |
1850 |
@@@ -23,22 -23,22 +23,22 @@@ except KeyboardInterrupt |
1851 |
import os |
1852 |
import types |
1853 |
|
1854 |
-if os.path.isfile(os.path.join(os.path.dirname(os.path.dirname(os.path.realpath(__file__))), ".portage_not_installed")): |
1855 |
- pym_paths = [os.path.join(os.path.dirname(os.path.dirname(os.path.realpath(__file__))), "pym")] |
1856 |
- sys.path.insert(0, pym_paths[0]) |
1857 |
+# for an explanation on this logic, see pym/_emerge/__init__.py |
1858 |
+if os.environ.__contains__("PORTAGE_PYTHONPATH"): |
1859 |
+ pym_path = os.environ["PORTAGE_PYTHONPATH"] |
1860 |
else: |
1861 |
- import distutils.sysconfig |
1862 |
- pym_paths = [os.path.join(distutils.sysconfig.get_python_lib(), x) for x in ("_emerge", "portage")] |
1863 |
+ pym_path = os.path.join(os.path.dirname( |
1864 |
+ os.path.dirname(os.path.realpath(__file__))), "pym") |
1865 |
- # Avoid sandbox violations after python upgrade. |
1866 |
+ # Avoid sandbox violations after Python upgrade. |
1867 |
if os.environ.get("SANDBOX_ON") == "1": |
1868 |
sandbox_write = os.environ.get("SANDBOX_WRITE", "").split(":") |
1869 |
- if pym_path not in sandbox_write: |
1870 |
- sandbox_write.append(pym_path) |
1871 |
- os.environ["SANDBOX_WRITE"] = \ |
1872 |
- ":".join(filter(None, sandbox_write)) |
1873 |
- del sandbox_write |
1874 |
+ for pym_path in pym_paths: |
1875 |
+ if pym_path not in sandbox_write: |
1876 |
+ sandbox_write.append(pym_path) |
1877 |
+ os.environ["SANDBOX_WRITE"] = ":".join(filter(None, sandbox_write)) |
1878 |
+ del pym_path, sandbox_write |
1879 |
+ del pym_paths |
1880 |
|
1881 |
- sys.path.insert(0, pym_path) |
1882 |
import portage |
1883 |
portage._internal_caller = True |
1884 |
from portage import os |
1885 |
diff --cc pym/portage/const.py |
1886 |
index 89d7ee2,acb90f9..5f00fab |
1887 |
--- a/pym/portage/const.py |
1888 |
+++ b/pym/portage/const.py |
1889 |
@@@ -65,35 -58,23 +65,36 @@@ DEPCACHE_PATH = "/var/cache/ |
1890 |
GLOBAL_CONFIG_PATH = "/usr/share/portage/config" |
1891 |
|
1892 |
# these variables are not used with target_root or config_root |
1893 |
+PORTAGE_BASE_PATH = PORTAGE_BASE |
1894 |
# NOTE: Use realpath(__file__) so that python module symlinks in site-packages |
1895 |
# are followed back to the real location of the whole portage installation. |
1896 |
+#PREFIX: below should work, but I'm not sure how it it affects other places |
1897 |
- #PORTAGE_BASE_PATH = os.path.join(os.sep, os.sep.join(os.path.realpath( |
1898 |
- # __file__.rstrip("co")).split(os.sep)[:-3])) |
1899 |
+ # NOTE: Please keep PORTAGE_BASE_PATH in one line to help substitutions. |
1900 |
-PORTAGE_BASE_PATH = os.path.join(os.sep, os.sep.join(os.path.realpath(__file__.rstrip("co")).split(os.sep)[:-3])) |
1901 |
++#PORTAGE_BASE_PATH = os.path.join(os.sep, os.sep.join(os.path.realpath(__file__.rstrip("co")).split(os.sep)[:-3])) |
1902 |
PORTAGE_BIN_PATH = PORTAGE_BASE_PATH + "/bin" |
1903 |
- PORTAGE_PYM_PATH = PORTAGE_BASE_PATH + "/pym" |
1904 |
+ PORTAGE_PYM_PATH = os.path.realpath(os.path.join(__file__, '../..')) |
1905 |
LOCALE_DATA_PATH = PORTAGE_BASE_PATH + "/locale" # FIXME: not used |
1906 |
EBUILD_SH_BINARY = PORTAGE_BIN_PATH + "/ebuild.sh" |
1907 |
MISC_SH_BINARY = PORTAGE_BIN_PATH + "/misc-functions.sh" |
1908 |
-SANDBOX_BINARY = "/usr/bin/sandbox" |
1909 |
-FAKEROOT_BINARY = "/usr/bin/fakeroot" |
1910 |
-BASH_BINARY = "/bin/bash" |
1911 |
-MOVE_BINARY = "/bin/mv" |
1912 |
+SANDBOX_BINARY = EPREFIX + "/usr/bin/sandbox" |
1913 |
+FAKEROOT_BINARY = EPREFIX + "/usr/bin/fakeroot" |
1914 |
+BASH_BINARY = PORTAGE_BASH |
1915 |
+MOVE_BINARY = PORTAGE_MV |
1916 |
PRELINK_BINARY = "/usr/sbin/prelink" |
1917 |
+MACOSSANDBOX_BINARY = "/usr/bin/sandbox-exec" |
1918 |
+MACOSSANDBOX_PROFILE = '''(version 1) |
1919 |
+(allow default) |
1920 |
+(deny file-write*) |
1921 |
+(allow file-write* |
1922 |
+@@MACOSSANDBOX_PATHS@@) |
1923 |
+(allow file-write-data |
1924 |
+@@MACOSSANDBOX_PATHS_CONTENT_ONLY@@)''' |
1925 |
+ |
1926 |
+PORTAGE_GROUPNAME = portagegroup |
1927 |
+PORTAGE_USERNAME = portageuser |
1928 |
|
1929 |
INVALID_ENV_FILE = "/etc/spork/is/not/valid/profile.env" |
1930 |
+ MERGING_IDENTIFIER = "-MERGING-" |
1931 |
REPO_NAME_FILE = "repo_name" |
1932 |
REPO_NAME_LOC = "profiles" + "/" + REPO_NAME_FILE |
1933 |
|
1934 |
diff --cc pym/portage/dbapi/vartree.py |
1935 |
index 040b546,b46ba0b..deeb779 |
1936 |
--- a/pym/portage/dbapi/vartree.py |
1937 |
+++ b/pym/portage/dbapi/vartree.py |
1938 |
@@@ -48,7 -46,7 +49,7 @@@ portage.proxy.lazyimport.lazyimport(glo |
1939 |
) |
1940 |
|
1941 |
from portage.const import CACHE_PATH, CONFIG_MEMORY_FILE, \ |
1942 |
- PORTAGE_PACKAGE_ATOM, PRIVATE_PATH, VDB_PATH, EPREFIX, EPREFIX_LSTRIP, BASH_BINARY |
1943 |
- MERGING_IDENTIFIER, PORTAGE_PACKAGE_ATOM, PRIVATE_PATH, VDB_PATH |
1944 |
++ MERGING_IDENTIFIER, PORTAGE_PACKAGE_ATOM, PRIVATE_PATH, VDB_PATH, EPREFIX, EPREFIX_LSTRIP, BASH_BINARY |
1945 |
from portage.dbapi import dbapi |
1946 |
from portage.exception import CommandNotFound, \ |
1947 |
InvalidData, InvalidLocation, InvalidPackageName, \ |
1948 |
diff --cc pym/portage/package/ebuild/config.py |
1949 |
index fb4956d,264ed8e..6e578a9 |
1950 |
--- a/pym/portage/package/ebuild/config.py |
1951 |
+++ b/pym/portage/package/ebuild/config.py |
1952 |
@@@ -37,10 -37,11 +37,11 @@@ from portage.dep import Atom, isvalidat |
1953 |
from portage.eapi import eapi_exports_AA, eapi_exports_merge_type, \ |
1954 |
eapi_supports_prefix, eapi_exports_replace_vars, _get_eapi_attrs |
1955 |
from portage.env.loaders import KeyValuePairFileLoader |
1956 |
- from portage.exception import InvalidDependString, PortageException |
1957 |
+ from portage.exception import InvalidDependString, IsADirectory, \ |
1958 |
+ PortageException |
1959 |
from portage.localization import _ |
1960 |
from portage.output import colorize |
1961 |
-from portage.process import fakeroot_capable, sandbox_capable |
1962 |
+from portage.process import fakeroot_capable, sandbox_capable, macossandbox_capable |
1963 |
from portage.repository.config import load_repository_config |
1964 |
from portage.util import ensure_dirs, getconfig, grabdict, \ |
1965 |
grabdict_package, grabfile, grabfile_package, LazyItemsDict, \ |
1966 |
diff --cc pym/portage/package/ebuild/doebuild.py |
1967 |
index 3c2167a,d3e3f5a..8e55fe2 |
1968 |
--- a/pym/portage/package/ebuild/doebuild.py |
1969 |
+++ b/pym/portage/package/ebuild/doebuild.py |
1970 |
@@@ -46,8 -45,7 +46,7 @@@ from portage import auxdbkeys, bsd_chfl |
1971 |
unmerge, _encodings, _os_merge, \ |
1972 |
_shell_quote, _unicode_decode, _unicode_encode |
1973 |
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \ |
1974 |
- EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \ |
1975 |
- EPREFIX, MACOSSANDBOX_PROFILE |
1976 |
- EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, PORTAGE_PYM_PACKAGES |
1977 |
++ EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, PORTAGE_PYM_PACKAGES, EPREFIX, MACOSSANDBOX_PROFILE |
1978 |
from portage.data import portage_gid, portage_uid, secpass, \ |
1979 |
uid, userpriv_groups |
1980 |
from portage.dbapi.porttree import _parse_uri_map |