Gentoo Archives: gentoo-portage-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-portage-dev@l.g.o
Cc: "Michał Górny" <mgorny@g.o>
Subject: [gentoo-portage-dev] [PATCH v2] install-qa-check.d: Add a QA check for installing xattrs
Date: Tue, 28 Sep 2021 08:49:40
Message-Id: 20210928084933.207232-1-mgorny@gentoo.org
1 Warn the developers if ebuilds install files with xattrs to ${ED}.
2 The xattrs may or may not be preserved when installing the package,
3 making them unreliable on one hand, and somewhat suprising in other
4 cases (e.g. when they unintentionally leak from developer's system).
5
6 This is the first step towards restoring PMS compliance and *not*
7 preserving extended metadata.
8
9 Signed-off-by: Michał Górny <mgorny@g.o>
10 ---
11 bin/install-qa-check.d/95xattr | 54 ++++++++++++++++++++++++++++++++++
12 1 file changed, 54 insertions(+)
13 create mode 100644 bin/install-qa-check.d/95xattr
14
15 Changes in v2:
16 - added a link to the tracker in place of in-place explanation
17
18
19 diff --git a/bin/install-qa-check.d/95xattr b/bin/install-qa-check.d/95xattr
20 new file mode 100644
21 index 000000000..4bf6631d3
22 --- /dev/null
23 +++ b/bin/install-qa-check.d/95xattr
24 @@ -0,0 +1,54 @@
25 +# Check for xattrs. See https://bugs.gentoo.org/815220.
26 +
27 +xattr_check() {
28 + type -P getfattr >/dev/null || return
29 +
30 + pushd "${ED}" >/dev/null || die
31 + local x file= keys
32 + local -A data=()
33 + while read -r x; do
34 + case ${x} in
35 + "# file: "*)
36 + file=${x#*: }
37 + file=/${file#.}
38 + ;;
39 + btrfs.*)
40 + # ignore btrfs xattrs, they're implicit fs metadata
41 + ;;
42 + security.capability)
43 + # don't report caps if we have fcaps.eclass inherited
44 + if ! has fcaps ${INHERITED}; then
45 + data[${file}]+=" ${x}"
46 + fi
47 + ;;
48 + ?*)
49 + data[${file}]+=" ${x}"
50 + ;;
51 + esac
52 + done < <(getfattr -R -h -m - . 2>/dev/null)
53 + popd >/dev/null || die
54 +
55 + if [[ ${data[@]} ]]; then
56 + eqawarn "One or more files in \${ED} include extended attributes."
57 + eqawarn
58 +
59 + for file in "${!data[@]}"; do
60 + keys=( ${data[${file}]} )
61 + for x in "${keys[@]}"; do
62 + eqatag xattr "key=${x}" "${file}"
63 + done
64 + eqawarn " ${file} (${keys[*]})"
65 + done
66 +
67 + eqawarn
68 + eqawarn "It is impossible to reliably guarantee that the extended attributes"
69 + eqawarn "will be reliably preserved while merging. Please file a bug"
70 + eqawarn "and make it block the tracker https://bugs.gentoo.org/815220."
71 + eqawarn "More information about the problem can also be found on the tracker."
72 + fi
73 +}
74 +
75 +xattr_check
76 +: # guarantee successful exit
77 +
78 +# vim:ft=sh
79 --
80 2.33.0