summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHolger Freyther <zecke@selfish.org>2006-09-12 08:59:30 +0000
committerHolger Freyther <zecke@selfish.org>2006-09-12 08:59:30 +0000
commit2794320ec9e9a4fb99a7e20c8bef15a06ed788b2 (patch)
tree66ad9f91e568c9a58805a316efbca1fd23b3b06f
parent2fdcfd98504544d0cb1773862acba9a2164e72b9 (diff)
classes/insanity.bbclass: Check for possible insecure RPATH, make it work with the funy BitBake scope
The def methods are in a different scope that the PACKAGEFUNC and the result is only the packagefunc is able to use 'd' so we need to make this a parameter for the other methods. Use the installed scanelf to check for the RPATH of the files
-rw-r--r--classes/insane.bbclass35
1 files changed, 25 insertions, 10 deletions
diff --git a/classes/insane.bbclass b/classes/insane.bbclass
index c74601aadd..ead718db7f 100644
--- a/classes/insane.bbclass
+++ b/classes/insane.bbclass
@@ -22,17 +22,32 @@ inherit package
PACKAGE_DEPENDS += "pax-utils-native"
PACKAGEFUNCS += " do_package_qa "
-def package_qa_check_rpath(file,name):
+def package_qa_check_rpath(file,name,d):
"""
Check for dangerous RPATHs
"""
+ import bb, os
+ scanelf = os.path.join(bb.data.getVar('STAGING_BINDIR',d,True),'scanelf')
+ bad_dir = bb.data.getVar('TMPDIR', d, True) + "/work"
+ if not os.path.exists(scanelf):
+ bb.note("Can not check RPATH scanelf not found")
+ if not bad_dir in bb.data.getVar('WORKDIR', d, True):
+ bb.error("This class assumed that WORKDIR is ${TMPDIR}/work... Not doing any check")
+
+ output = os.popen("%s -Byr %s" % (scanelf,file))
+ txt = output.readline().rsplit()
+ if bad_dir in txt:
+ bb.error("QA Issue package %s contains bad RPATH %s in file %s" % (name, txt, file))
+
pass
-def package_qa_check_devdbg(path, name):
+def package_qa_check_devdbg(path, name,d):
"""
Check for debug remains inside the binary or
non dev packages containing
"""
+
+ import bb
if not "-dev" in name:
if path[-3:] == ".so":
bb.error("QA Issue: non dev package contains .so")
@@ -41,24 +56,24 @@ def package_qa_check_devdbg(path, name):
if path[-4:] == ".dbg":
bb.error("QA Issue: non debug package contains .dbg file")
-def package_qa_check_perm(path,name):
+def package_qa_check_perm(path,name,d):
"""
Check the permission of files
"""
pass
-def package_qa_check_arch(path,name):
+def package_qa_check_arch(path,name,d):
"""
Check if archs are compatible
"""
pass
-def package_qa_check_pcla(path,name):
+def package_qa_check_pcla(path,name,d):
"""
.pc and .la files should not point
"""
-def package_qa_check_staged(path):
+def package_qa_check_staged(path,d):
"""
Check staged la and pc files for sanity
-e.g. installed being false
@@ -66,13 +81,13 @@ def package_qa_check_staged(path):
pass
# Walk over all files in a directory and call func
-def package_qa_walk(path, funcs, package):
+def package_qa_walk(path, funcs, package,d):
import os
for root, dirs, files in os.walk(path):
for file in files:
path = os.path.join(root,file)
for func in funcs:
- func(path, package)
+ func(path, package,d)
# The PACKAGE FUNC to scan each package
@@ -88,7 +103,7 @@ python do_package_qa () {
for package in packages.split():
bb.note("Package: %s" % package)
path = "%s/install/%s" % (workdir, package)
- package_qa_walk(path, [package_qa_check_rpath, package_qa_check_devdbg, package_qa_check_perm, package_qa_check_arch], package)
+ package_qa_walk(path, [package_qa_check_rpath, package_qa_check_devdbg, package_qa_check_perm, package_qa_check_arch], package, d)
}
@@ -97,5 +112,5 @@ addtask qa_staging after do_populate_staging before do_build
python do_qa_staging() {
bb.note("Staged!")
- package_qa_check_staged(bb.data.getVar('STAGING_DIR',d,True))
+ package_qa_check_staged(bb.data.getVar('STAGING_DIR',d,True), d)
}