| 1 |
On 01/30/2018 11:02 AM, Michał Górny wrote: |
| 2 |
> Warn about empty directories installed to /var in install-qa-check phase |
| 3 |
> (that were not "filled" using keepdir), to help developers stop relying |
| 4 |
> upon Portage preserving them. Those directories are rather unlikely to |
| 5 |
> be false positives. |
| 6 |
> |
| 7 |
> Furthermore, remove all the empty directories if FEATURES=strict-keepdir |
| 8 |
> is used to catch even more problems (intended for developers). Here |
| 9 |
> warnings are not really suitable since there will be a high number |
| 10 |
> of false positives. |
| 11 |
> |
| 12 |
> The PMS specifies the behavior upon merging empty directories |
| 13 |
> as undefined, and specifically prohibits ebuilds from attempting |
| 14 |
> to install empty directories. However, ebuilds occasionally still fall |
| 15 |
> into the trap of relying on 'dodir' preserving the directory. Make |
| 16 |
> the Portage behavior more strict in order to prevent that. |
| 17 |
> |
| 18 |
> [v4: now with LC_COLLATE=C for sorting] |
| 19 |
> --- |
| 20 |
> bin/install-qa-check.d/95empty-dirs | 42 +++++++++++++++++++++++++++++++++++++ |
| 21 |
> man/make.conf.5 | 4 ++++ |
| 22 |
> pym/portage/const.py | 1 + |
| 23 |
> 3 files changed, 47 insertions(+) |
| 24 |
> create mode 100644 bin/install-qa-check.d/95empty-dirs |
| 25 |
> |
| 26 |
> diff --git a/bin/install-qa-check.d/95empty-dirs b/bin/install-qa-check.d/95empty-dirs |
| 27 |
> new file mode 100644 |
| 28 |
> index 000000000..8599db395 |
| 29 |
> --- /dev/null |
| 30 |
> +++ b/bin/install-qa-check.d/95empty-dirs |
| 31 |
> @@ -0,0 +1,42 @@ |
| 32 |
> +# Warn about and/or remove empty directories installed by ebuild. |
| 33 |
> + |
| 34 |
> +# Rationale: PMS prohibits ebuilds from installing empty directories. |
| 35 |
> +# Cleaning them up from the installation image provides an easy way |
| 36 |
> +# to make sure that ebuilds are not relying on it while making it easy |
| 37 |
> +# for users to override this if they need to. |
| 38 |
> +# |
| 39 |
> +# The ebuilds that need to preserve empty directories should use keepdir |
| 40 |
> +# as documented e.g.: |
| 41 |
> +# https://devmanual.gentoo.org/function-reference/install-functions/index.html |
| 42 |
> +# |
| 43 |
> +# For now, we emit QA warnings for empty directories in /var. |
| 44 |
> +# Additionally, if FEATURES=strict-keepdir is enabled we explicitly |
| 45 |
> +# remove *all* empty directories to trigger breakage. |
| 46 |
> + |
| 47 |
> +find_empty_dirs() { |
| 48 |
> + local warn_dirs=() |
| 49 |
> + local d striparg= |
| 50 |
> + |
| 51 |
> + [[ ${FEATURES} == *strict-keepdir* ]] && striparg=-delete |
| 52 |
> + |
| 53 |
> + while IFS= read -r -d $'\0' d; do |
| 54 |
> + [[ ${d} == ${ED%/}/var/* ]] && warn_dirs+=( "${d}" ) |
| 55 |
> + done < <(find "${ED}" -depth -mindepth 1 -type d -empty -print0 ${striparg} | LC_COLLATE=C sort -z) |
| 56 |
> + |
| 57 |
> + if [[ ${warn_dirs[@]} ]]; then |
| 58 |
> + eqawarn "One or more empty directories installed to /var:" |
| 59 |
> + eqawarn |
| 60 |
> + for d in "${warn_dirs[@]}"; do |
| 61 |
> + eqawarn " ${d#${ED%/}}" |
| 62 |
> + done |
| 63 |
> + eqawarn |
| 64 |
> + eqawarn "If those directories need to be preserved, please make sure to create" |
| 65 |
> + eqawarn "or mark them for keeping using 'keepdir'. Future versions of Portage" |
| 66 |
> + eqawarn "will strip empty directories from installation image." |
| 67 |
> + fi |
| 68 |
> +} |
| 69 |
> + |
| 70 |
> +find_empty_dirs |
| 71 |
> +: # guarantee successful exit |
| 72 |
> + |
| 73 |
> +# vim:ft=sh |
| 74 |
> diff --git a/man/make.conf.5 b/man/make.conf.5 |
| 75 |
> index a81b497bd..cb0f00237 100644 |
| 76 |
> --- a/man/make.conf.5 |
| 77 |
> +++ b/man/make.conf.5 |
| 78 |
> @@ -623,6 +623,10 @@ see \fBinstallsources\fR. |
| 79 |
> Have portage react strongly to conditions that have the potential to be |
| 80 |
> dangerous (like missing or incorrect digests for ebuilds). |
| 81 |
> .TP |
| 82 |
> +.B strict-keepdir |
| 83 |
> +Have portage strictly require keepdir calls in ebuilds. Empty |
| 84 |
> +directories installed without explicit keepdir will be removed. |
| 85 |
> +.TP |
| 86 |
> .B stricter |
| 87 |
> Have portage react strongly to conditions that may conflict with system |
| 88 |
> security provisions (for example textrels, executable stack). Read about |
| 89 |
> diff --git a/pym/portage/const.py b/pym/portage/const.py |
| 90 |
> index e5fa4b67c..655be82b1 100644 |
| 91 |
> --- a/pym/portage/const.py |
| 92 |
> +++ b/pym/portage/const.py |
| 93 |
> @@ -184,6 +184,7 @@ SUPPORTED_FEATURES = frozenset([ |
| 94 |
> "split-elog", |
| 95 |
> "split-log", |
| 96 |
> "strict", |
| 97 |
> + "strict-keepdir", |
| 98 |
> "stricter", |
| 99 |
> "suidctl", |
| 100 |
> "test", |
| 101 |
> |
| 102 |
|
| 103 |
Looks good, please merge. |
| 104 |
-- |
| 105 |
Thanks, |
| 106 |
Zac |
Archives