# # spec file for package post-build-checks (Version 1.0) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: post-build-checks License: GPL v2 or later Group: Development/Tools/Building AutoReqProv: on Summary: post checks for build after rpms have been created Version: 1.0 Release: 55 PreReq: aaa_base permissions sed Source0: %{name}-%{version}.tar.bz2 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description some scripts to check for problems like test-installing the newly created rpms and checking the logfile for errors. This package will also set/change the following sysconfig variables, so it may not be a good idea to install this to a running system: /etc/sysconfig/security:PERMISSION_SECURITY="secure" /etc/sysconfig/clock:TIMEZONE="UTC" %prep %setup -q %build # nothing to do %install install -d $RPM_BUILD_ROOT/usr/lib/build/checks install -d $RPM_BUILD_ROOT/usr/lib/build/checks-data install -d $RPM_BUILD_ROOT/usr/lib/build/helper install -m 755 checks/* $RPM_BUILD_ROOT/usr/lib/build/checks install -m 644 checks-data/* $RPM_BUILD_ROOT/usr/lib/build/checks-data install -m 755 helper/* $RPM_BUILD_ROOT/usr/lib/build/helper chmod 755 $RPM_BUILD_ROOT/usr/lib/build/checks-data/check* %check for i in tests/xx*.c do (echo "Executing(%%build)" ; gcc $RPM_OPT_FLAGS -c $i 2>&1)| checks-data/check_gcc_output 2>&1|grep "^[WE]" done %clean rm -rf $RPM_BUILD_ROOT %post sed -i -e "s@^PERMISSION_SECURITY=.*@PERMISSION_SECURITY=\"secure\"@" /etc/sysconfig/security sed -i -e "s@^TIMEZONE=.*@TIMEZONE=\"UTC\"@" /etc/sysconfig/clock if test -f /bin/uname -a ! -L /bin/uname ; then mv /bin/uname /bin/uname.bin ln -s /usr/lib/build/helper/uname.sh /bin/uname fi %files %defattr(-, root, root) %doc COPYING /usr/lib/build %changelog * Fri Feb 20 2009 coolo@suse.de - don't make the sequence point gcc warnings fatal, but let security team review them case by case * Tue Oct 28 2008 lnussel@suse.de - remove suid check. replaced by rpmlint script * Mon Oct 27 2008 meissner@suse.de - added warning checks for: array subscript over/underflow, void return not expected warnings. bnc#240922,bnc#439283 * Thu Oct 23 2008 lnussel@suse.de - suid check: tetex -> texlive * Wed Oct 22 2008 lnussel@suse.de - don't fail for setuid/setgid directories (bnc#437721) - some cleanups * Wed Oct 22 2008 lnussel@suse.de - failed setuid check is fatal (bnc#431592) * Tue Oct 14 2008 dmueller@suse.de - remove extra whitespace in warning output that confuses people * Mon Oct 13 2008 ro@suse.de - allow /opt/IBMJava2-* * Tue Oct 07 2008 meissner@suse.de - testsuite for check_gcc_output. marked the currently non working tests as "BROKEN.C" (not built). - fixed implicit fortify function check to work with newer gccs. * Mon Oct 06 2008 meissner@suse.de - added checks for newer glibcs destination buffer overflow warning. * Tue Sep 30 2008 ro@suse.de - make uname.sh more robust * Tue Sep 23 2008 dmueller@suse.de - remove uses-function-address debug statement, confuses more people than it helps * Mon Sep 15 2008 ro@suse.de - allow /opt/IBMJava2-142 * Fri Sep 05 2008 ro@suse.de - next hack for uname.sh: if /.kernelversion does not exist use a readlink on /usr/src/linux to find out and then get the flavor by the same hack as kernel-source * Thu Sep 04 2008 ro@suse.de - added COPYING file * Wed Sep 03 2008 ro@suse.de - try not to remove library packages during initial build (when updating soname bnc#421981) * Wed Aug 20 2008 ro@suse.de - allow /var/crash for crash-dumps (FHS-2.3) - allow /branding (installation-images) * Fri Aug 15 2008 ro@suse.de - make sure LOGFILE is set for gcc warning check * Mon Aug 11 2008 ro@suse.de - eliminate use of BUILD_IS_RUNNING * Mon Aug 11 2008 ro@suse.de - eliminate use of BUILD_BASENAME and package_name * Sun Aug 10 2008 ro@suse.de - add uname hack: let "uname -r" return the version of the installed kernel-sources, not the one of the running kernel * Fri Aug 08 2008 ro@suse.de - some sysconfig hacks: sysconfig/security:PERMISSION_SECURITY to secure sysconfig/clock:TIMEZONE to UTC - add PreReq "aaa_base permissions sed" to make this work * Mon Aug 04 2008 ro@suse.de - change debuginfo dependency checker: only fail on dependencies not referring to debuginfo packages * Tue Jul 29 2008 ro@suse.de - fail if a debuginfo or debugsource package has an unresolvable dependency * Tue Jul 15 2008 ro@suse.de - replace last cleanup_and_exit by exit - make sure proc is mounted before uninstalling rpms - export YAST_IS_RUNNING during all install/uninstall tests * Mon Jul 14 2008 ro@suse.de - added 00-install and 99-remove as next part of main build script * Mon Jul 14 2008 ro@suse.de - created package