1 |
On 01/30/2018 11:02 AM, Michał Górny wrote: |
2 |
> Warn about empty directories installed to /var in install-qa-check phase |
3 |
> (that were not "filled" using keepdir), to help developers stop relying |
4 |
> upon Portage preserving them. Those directories are rather unlikely to |
5 |
> be false positives. |
6 |
> |
7 |
> Furthermore, remove all the empty directories if FEATURES=strict-keepdir |
8 |
> is used to catch even more problems (intended for developers). Here |
9 |
> warnings are not really suitable since there will be a high number |
10 |
> of false positives. |
11 |
> |
12 |
> The PMS specifies the behavior upon merging empty directories |
13 |
> as undefined, and specifically prohibits ebuilds from attempting |
14 |
> to install empty directories. However, ebuilds occasionally still fall |
15 |
> into the trap of relying on 'dodir' preserving the directory. Make |
16 |
> the Portage behavior more strict in order to prevent that. |
17 |
> |
18 |
> [v4: now with LC_COLLATE=C for sorting] |
19 |
> --- |
20 |
> bin/install-qa-check.d/95empty-dirs | 42 +++++++++++++++++++++++++++++++++++++ |
21 |
> man/make.conf.5 | 4 ++++ |
22 |
> pym/portage/const.py | 1 + |
23 |
> 3 files changed, 47 insertions(+) |
24 |
> create mode 100644 bin/install-qa-check.d/95empty-dirs |
25 |
> |
26 |
> diff --git a/bin/install-qa-check.d/95empty-dirs b/bin/install-qa-check.d/95empty-dirs |
27 |
> new file mode 100644 |
28 |
> index 000000000..8599db395 |
29 |
> --- /dev/null |
30 |
> +++ b/bin/install-qa-check.d/95empty-dirs |
31 |
> @@ -0,0 +1,42 @@ |
32 |
> +# Warn about and/or remove empty directories installed by ebuild. |
33 |
> + |
34 |
> +# Rationale: PMS prohibits ebuilds from installing empty directories. |
35 |
> +# Cleaning them up from the installation image provides an easy way |
36 |
> +# to make sure that ebuilds are not relying on it while making it easy |
37 |
> +# for users to override this if they need to. |
38 |
> +# |
39 |
> +# The ebuilds that need to preserve empty directories should use keepdir |
40 |
> +# as documented e.g.: |
41 |
> +# https://devmanual.gentoo.org/function-reference/install-functions/index.html |
42 |
> +# |
43 |
> +# For now, we emit QA warnings for empty directories in /var. |
44 |
> +# Additionally, if FEATURES=strict-keepdir is enabled we explicitly |
45 |
> +# remove *all* empty directories to trigger breakage. |
46 |
> + |
47 |
> +find_empty_dirs() { |
48 |
> + local warn_dirs=() |
49 |
> + local d striparg= |
50 |
> + |
51 |
> + [[ ${FEATURES} == *strict-keepdir* ]] && striparg=-delete |
52 |
> + |
53 |
> + while IFS= read -r -d $'\0' d; do |
54 |
> + [[ ${d} == ${ED%/}/var/* ]] && warn_dirs+=( "${d}" ) |
55 |
> + done < <(find "${ED}" -depth -mindepth 1 -type d -empty -print0 ${striparg} | LC_COLLATE=C sort -z) |
56 |
> + |
57 |
> + if [[ ${warn_dirs[@]} ]]; then |
58 |
> + eqawarn "One or more empty directories installed to /var:" |
59 |
> + eqawarn |
60 |
> + for d in "${warn_dirs[@]}"; do |
61 |
> + eqawarn " ${d#${ED%/}}" |
62 |
> + done |
63 |
> + eqawarn |
64 |
> + eqawarn "If those directories need to be preserved, please make sure to create" |
65 |
> + eqawarn "or mark them for keeping using 'keepdir'. Future versions of Portage" |
66 |
> + eqawarn "will strip empty directories from installation image." |
67 |
> + fi |
68 |
> +} |
69 |
> + |
70 |
> +find_empty_dirs |
71 |
> +: # guarantee successful exit |
72 |
> + |
73 |
> +# vim:ft=sh |
74 |
> diff --git a/man/make.conf.5 b/man/make.conf.5 |
75 |
> index a81b497bd..cb0f00237 100644 |
76 |
> --- a/man/make.conf.5 |
77 |
> +++ b/man/make.conf.5 |
78 |
> @@ -623,6 +623,10 @@ see \fBinstallsources\fR. |
79 |
> Have portage react strongly to conditions that have the potential to be |
80 |
> dangerous (like missing or incorrect digests for ebuilds). |
81 |
> .TP |
82 |
> +.B strict-keepdir |
83 |
> +Have portage strictly require keepdir calls in ebuilds. Empty |
84 |
> +directories installed without explicit keepdir will be removed. |
85 |
> +.TP |
86 |
> .B stricter |
87 |
> Have portage react strongly to conditions that may conflict with system |
88 |
> security provisions (for example textrels, executable stack). Read about |
89 |
> diff --git a/pym/portage/const.py b/pym/portage/const.py |
90 |
> index e5fa4b67c..655be82b1 100644 |
91 |
> --- a/pym/portage/const.py |
92 |
> +++ b/pym/portage/const.py |
93 |
> @@ -184,6 +184,7 @@ SUPPORTED_FEATURES = frozenset([ |
94 |
> "split-elog", |
95 |
> "split-log", |
96 |
> "strict", |
97 |
> + "strict-keepdir", |
98 |
> "stricter", |
99 |
> "suidctl", |
100 |
> "test", |
101 |
> |
102 |
|
103 |
Looks good, please merge. |
104 |
-- |
105 |
Thanks, |
106 |
Zac |