diff options
| author | Bryan Drewery <bdrewery@FreeBSD.org> | 2014-04-03 13:00:17 +0000 |
|---|---|---|
| committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2014-04-03 13:00:17 +0000 |
| commit | 97b80d5bd4d08f35cca2fe0486b65b8dee66485a (patch) | |
| tree | ccb7a91f66afbb38f20a7c70d29ebfa1a033365b /Mk/Scripts/qa.sh | |
| parent | New OTRS vulnerability (diff) | |
- Fix fatal checks not exiting with non-zero [1]
This means that files referrencing stagedir or linked to stagedir will
now be fatal errors as intended.
- Stop polluting global namespace with IFS changes
- Speedup find(1) -exec usage by execing far less
- Ignore known false-positive/harmless stagedir files in paths() [2]
Reported by: eadler [1]
Discussed with: antoine [2]
With hat: portmgr
Notes
Notes:
svn path=/head/; revision=350006
Diffstat (limited to 'Mk/Scripts/qa.sh')
| -rw-r--r-- | Mk/Scripts/qa.sh | 62 |
1 files changed, 46 insertions, 16 deletions
diff --git a/Mk/Scripts/qa.sh b/Mk/Scripts/qa.sh index b41e0ea620ff..590d037415c5 100644 --- a/Mk/Scripts/qa.sh +++ b/Mk/Scripts/qa.sh @@ -19,8 +19,12 @@ err() { } shebang() { + local IFS rc + rc=0 - IFS="$LF" ; for f in `find ${STAGEDIR} -type f -perm +111`; do + IFS="$LF" + + for f in `find ${STAGEDIR} -type f -perm +111`; do interp=$(sed -n -e '1s/^#![[:space:]]*\([^[:space:]]*\).*/\1/p;2q' $f) case "$interp" in "") ;; @@ -38,38 +42,62 @@ shebang() { ;; esac done + + return ${rc} } symlinks() { + local rc + rc=0 - IFS="$LF" ; for l in `find ${STAGEDIR} -type l`; do - link=$(readlink ${l}) + + while read l link; do + [ -z "${l}" ] && continue case "${link}" in - ${STAGEDIR}*) err "Bad symlinks ${l} pointing inside the stage directory" - rc=1 - ;; + ${STAGEDIR}*) + err "Bad symlinks ${l} pointing inside the stage directory" + rc=1 + ;; esac - done + # Use heredoc to avoid losing rc from find|while subshell + done << EOF +$(find ${STAGEDIR} -type l -exec stat -f "%N %R" {} +) +EOF + + return ${rc} } paths() { + local rc + rc=0 - IFS="$LF" ; for f in `find ${STAGEDIR} -type f`;do - if grep -q ${STAGEDIR} ${f} ; then - err "${f} is referring to ${STAGEDIR}" - rc=1 - fi - done + + while read f; do + [ -z "${f}" ] && continue + # Ignore false-positive/harmless files + case "${f}" in + */lib/ruby/gems/*/Makefile) continue ;; + */lib/ruby/gems/*/Makefile.html) continue ;; + */lib/ruby/gems/*/mkmf.log) continue ;; + esac + err "${f} is referring to ${STAGEDIR}" + rc=1 + # Use heredoc to avoid losing rc from find|while subshell + done << EOF +$(find ${STAGEDIR} -type f -exec grep -l "${STAGEDIR}" {} +) +EOF + + return ${rc} } # For now do not raise an error, just warnings stripped() { [ -x /usr/bin/file ] || return # this is fatal [ -n "${STRIP}" ] || return 0 - IFS="$LF" ; for f in `find ${STAGEDIR} -type f`; do - output=`/usr/bin/file ${f}` + find ${STAGEDIR} -type f -exec /usr/bin/file -nNF '' {} + | while + read f output; do case "${output}" in - *:*\ ELF\ *,\ not\ stripped*) warn "${f} is not stripped consider using \${STRIP_CMD}";; + ELF\ *,\ not\ stripped*) warn "${f} is not stripped consider using \${STRIP_CMD}" ;; esac done } @@ -97,6 +125,8 @@ sharedmimeinfo() { } suidfiles() { + local filelist + filelist=`find ${STAGEDIR} -type f \ \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ \( -perm -u+s -or -perm -g+s \)` |