diff options
author | Holger Freyther <zecke@selfish.org> | 2006-09-12 08:59:30 +0000 |
---|---|---|
committer | Holger Freyther <zecke@selfish.org> | 2006-09-12 08:59:30 +0000 |
commit | 2794320ec9e9a4fb99a7e20c8bef15a06ed788b2 (patch) | |
tree | 66ad9f91e568c9a58805a316efbca1fd23b3b06f | |
parent | 2fdcfd98504544d0cb1773862acba9a2164e72b9 (diff) |
classes/insanity.bbclass: Check for possible insecure RPATH, make it work with the funy BitBake scope
The def methods are in a different scope that the PACKAGEFUNC and the
result is only the packagefunc is able to use 'd' so we need to make
this a parameter for the other methods.
Use the installed scanelf to check for the RPATH of the files
-rw-r--r-- | classes/insane.bbclass | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/classes/insane.bbclass b/classes/insane.bbclass index c74601aadd..ead718db7f 100644 --- a/classes/insane.bbclass +++ b/classes/insane.bbclass @@ -22,17 +22,32 @@ inherit package PACKAGE_DEPENDS += "pax-utils-native" PACKAGEFUNCS += " do_package_qa " -def package_qa_check_rpath(file,name): +def package_qa_check_rpath(file,name,d): """ Check for dangerous RPATHs """ + import bb, os + scanelf = os.path.join(bb.data.getVar('STAGING_BINDIR',d,True),'scanelf') + bad_dir = bb.data.getVar('TMPDIR', d, True) + "/work" + if not os.path.exists(scanelf): + bb.note("Can not check RPATH scanelf not found") + if not bad_dir in bb.data.getVar('WORKDIR', d, True): + bb.error("This class assumed that WORKDIR is ${TMPDIR}/work... Not doing any check") + + output = os.popen("%s -Byr %s" % (scanelf,file)) + txt = output.readline().rsplit() + if bad_dir in txt: + bb.error("QA Issue package %s contains bad RPATH %s in file %s" % (name, txt, file)) + pass -def package_qa_check_devdbg(path, name): +def package_qa_check_devdbg(path, name,d): """ Check for debug remains inside the binary or non dev packages containing """ + + import bb if not "-dev" in name: if path[-3:] == ".so": bb.error("QA Issue: non dev package contains .so") @@ -41,24 +56,24 @@ def package_qa_check_devdbg(path, name): if path[-4:] == ".dbg": bb.error("QA Issue: non debug package contains .dbg file") -def package_qa_check_perm(path,name): +def package_qa_check_perm(path,name,d): """ Check the permission of files """ pass -def package_qa_check_arch(path,name): +def package_qa_check_arch(path,name,d): """ Check if archs are compatible """ pass -def package_qa_check_pcla(path,name): +def package_qa_check_pcla(path,name,d): """ .pc and .la files should not point """ -def package_qa_check_staged(path): +def package_qa_check_staged(path,d): """ Check staged la and pc files for sanity -e.g. installed being false @@ -66,13 +81,13 @@ def package_qa_check_staged(path): pass # Walk over all files in a directory and call func -def package_qa_walk(path, funcs, package): +def package_qa_walk(path, funcs, package,d): import os for root, dirs, files in os.walk(path): for file in files: path = os.path.join(root,file) for func in funcs: - func(path, package) + func(path, package,d) # The PACKAGE FUNC to scan each package @@ -88,7 +103,7 @@ python do_package_qa () { for package in packages.split(): bb.note("Package: %s" % package) path = "%s/install/%s" % (workdir, package) - package_qa_walk(path, [package_qa_check_rpath, package_qa_check_devdbg, package_qa_check_perm, package_qa_check_arch], package) + package_qa_walk(path, [package_qa_check_rpath, package_qa_check_devdbg, package_qa_check_perm, package_qa_check_arch], package, d) } @@ -97,5 +112,5 @@ addtask qa_staging after do_populate_staging before do_build python do_qa_staging() { bb.note("Staged!") - package_qa_check_staged(bb.data.getVar('STAGING_DIR',d,True)) + package_qa_check_staged(bb.data.getVar('STAGING_DIR',d,True), d) } |