| 1 |
W dniu wto, 30.01.2018 o godzinie 14∶10 -0800, użytkownik Zac Medico |
| 2 |
napisał: |
| 3 |
> On 01/30/2018 11:02 AM, Michał Górny wrote: |
| 4 |
> > Warn about empty directories installed to /var in install-qa-check phase |
| 5 |
> > (that were not "filled" using keepdir), to help developers stop relying |
| 6 |
> > upon Portage preserving them. Those directories are rather unlikely to |
| 7 |
> > be false positives. |
| 8 |
> > |
| 9 |
> > Furthermore, remove all the empty directories if FEATURES=strict-keepdir |
| 10 |
> > is used to catch even more problems (intended for developers). Here |
| 11 |
> > warnings are not really suitable since there will be a high number |
| 12 |
> > of false positives. |
| 13 |
> > |
| 14 |
> > The PMS specifies the behavior upon merging empty directories |
| 15 |
> > as undefined, and specifically prohibits ebuilds from attempting |
| 16 |
> > to install empty directories. However, ebuilds occasionally still fall |
| 17 |
> > into the trap of relying on 'dodir' preserving the directory. Make |
| 18 |
> > the Portage behavior more strict in order to prevent that. |
| 19 |
> > |
| 20 |
> > [v4: now with LC_COLLATE=C for sorting] |
| 21 |
> > --- |
| 22 |
> > bin/install-qa-check.d/95empty-dirs | 42 +++++++++++++++++++++++++++++++++++++ |
| 23 |
> > man/make.conf.5 | 4 ++++ |
| 24 |
> > pym/portage/const.py | 1 + |
| 25 |
> > 3 files changed, 47 insertions(+) |
| 26 |
> > create mode 100644 bin/install-qa-check.d/95empty-dirs |
| 27 |
> > |
| 28 |
> > diff --git a/bin/install-qa-check.d/95empty-dirs b/bin/install-qa-check.d/95empty-dirs |
| 29 |
> > new file mode 100644 |
| 30 |
> > index 000000000..8599db395 |
| 31 |
> > --- /dev/null |
| 32 |
> > +++ b/bin/install-qa-check.d/95empty-dirs |
| 33 |
> > @@ -0,0 +1,42 @@ |
| 34 |
> > +# Warn about and/or remove empty directories installed by ebuild. |
| 35 |
> > + |
| 36 |
> > +# Rationale: PMS prohibits ebuilds from installing empty directories. |
| 37 |
> > +# Cleaning them up from the installation image provides an easy way |
| 38 |
> > +# to make sure that ebuilds are not relying on it while making it easy |
| 39 |
> > +# for users to override this if they need to. |
| 40 |
> > +# |
| 41 |
> > +# The ebuilds that need to preserve empty directories should use keepdir |
| 42 |
> > +# as documented e.g.: |
| 43 |
> > +# https://devmanual.gentoo.org/function-reference/install-functions/index.html |
| 44 |
> > +# |
| 45 |
> > +# For now, we emit QA warnings for empty directories in /var. |
| 46 |
> > +# Additionally, if FEATURES=strict-keepdir is enabled we explicitly |
| 47 |
> > +# remove *all* empty directories to trigger breakage. |
| 48 |
> > + |
| 49 |
> > +find_empty_dirs() { |
| 50 |
> > + local warn_dirs=() |
| 51 |
> > + local d striparg= |
| 52 |
> > + |
| 53 |
> > + [[ ${FEATURES} == *strict-keepdir* ]] && striparg=-delete |
| 54 |
> > + |
| 55 |
> > + while IFS= read -r -d $'\0' d; do |
| 56 |
> > + [[ ${d} == ${ED%/}/var/* ]] && warn_dirs+=( "${d}" ) |
| 57 |
> > + done < <(find "${ED}" -depth -mindepth 1 -type d -empty -print0 ${striparg} | LC_COLLATE=C sort -z) |
| 58 |
> > + |
| 59 |
> > + if [[ ${warn_dirs[@]} ]]; then |
| 60 |
> > + eqawarn "One or more empty directories installed to /var:" |
| 61 |
> > + eqawarn |
| 62 |
> > + for d in "${warn_dirs[@]}"; do |
| 63 |
> > + eqawarn " ${d#${ED%/}}" |
| 64 |
> > + done |
| 65 |
> > + eqawarn |
| 66 |
> > + eqawarn "If those directories need to be preserved, please make sure to create" |
| 67 |
> > + eqawarn "or mark them for keeping using 'keepdir'. Future versions of Portage" |
| 68 |
> > + eqawarn "will strip empty directories from installation image." |
| 69 |
> > + fi |
| 70 |
> > +} |
| 71 |
> > + |
| 72 |
> > +find_empty_dirs |
| 73 |
> > +: # guarantee successful exit |
| 74 |
> > + |
| 75 |
> > +# vim:ft=sh |
| 76 |
> > diff --git a/man/make.conf.5 b/man/make.conf.5 |
| 77 |
> > index a81b497bd..cb0f00237 100644 |
| 78 |
> > --- a/man/make.conf.5 |
| 79 |
> > +++ b/man/make.conf.5 |
| 80 |
> > @@ -623,6 +623,10 @@ see \fBinstallsources\fR. |
| 81 |
> > Have portage react strongly to conditions that have the potential to be |
| 82 |
> > dangerous (like missing or incorrect digests for ebuilds). |
| 83 |
> > .TP |
| 84 |
> > +.B strict-keepdir |
| 85 |
> > +Have portage strictly require keepdir calls in ebuilds. Empty |
| 86 |
> > +directories installed without explicit keepdir will be removed. |
| 87 |
> > +.TP |
| 88 |
> > .B stricter |
| 89 |
> > Have portage react strongly to conditions that may conflict with system |
| 90 |
> > security provisions (for example textrels, executable stack). Read about |
| 91 |
> > diff --git a/pym/portage/const.py b/pym/portage/const.py |
| 92 |
> > index e5fa4b67c..655be82b1 100644 |
| 93 |
> > --- a/pym/portage/const.py |
| 94 |
> > +++ b/pym/portage/const.py |
| 95 |
> > @@ -184,6 +184,7 @@ SUPPORTED_FEATURES = frozenset([ |
| 96 |
> > "split-elog", |
| 97 |
> > "split-log", |
| 98 |
> > "strict", |
| 99 |
> > + "strict-keepdir", |
| 100 |
> > "stricter", |
| 101 |
> > "suidctl", |
| 102 |
> > "test", |
| 103 |
> > |
| 104 |
> |
| 105 |
> Looks good, please merge. |
| 106 |
|
| 107 |
Merged, thanks. |
| 108 |
-- |
| 109 |
Best regards, |
| 110 |
Michał Górny |
Archives