pool/rpmlint
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1cdbc13b57
rpmlint/suse-binarieschecks.diff
Dirk Mueller 1cdbc13b57 - update to 1.10: 
* test: Skip fedoradev GPG checks at least for now
 * test: Refresh fedora* packages on image build
 * test: Use assertEqual where appropriate, thanks to flake8/hacking
 * test: Update fedora24 config to fedora26, run it on Travis
 * Add a new test for tmpfiles.d snippets in the /etc/ tree.
 * Add new tests for systemd units and udev rules in /etc/ tree
 * test: Disable hacking for now until it's flake8 3.4+ compatible
 * test: Set up flake8-bugbear, enable it in fedoradev container
 * rpmlint: Avoid unused loop control variable
 * ZipCheck: Add TODO
 * *: Avoid mutable argument defaults
 * Be aware of -debugsource packages
 * rpmdiff: Fix unused variable from previous commit
 * rpmdiff: Support soft dependencies
 * BinariesCheck, FilesCheck: Ignore various .build-id dirs
 * Add python3-devel and rpm-build to fedoradev container to provoke some issues
 * BinariesCheck: Popen env consistency fix
 * Pkg.getstatusoutput: Set LC_ALL for all Popens, defaulting to C
 * rpmlint: Fix checking specfile from stdin
 * test.sh: Extract rpmlint command to run_rpmlint
 * Revert "Remove unused spec_lines check_spec argument"
 * BinariesCheck: Trivial cleanups
 * travis: Run make install too
 * FilesCheck: Allow multiple bytecode magic values per Python version
 * tests: Make output test tools easier to reuse
 * FilesCheck: hg.python.org -> github.com/python
 * Pkg: Return vendor and distribution as unicode strings
 * FilesCheck: Add Python 3.7 bytecode magic value
 * Pkg.b2s: Add some more test cases

OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=482
2017-09-28 11:35:09 +00:00

150 lines
5.9 KiB
Diff
Raw Blame History

From: Some One <nobody@opensuse.org>
Date: Thu, 9 Apr 2015 14:55:38 +0200
Subject: [PATCH] suse-binarieschecks.diff
===================================================================
---
BinariesCheck.py | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 56 insertions(+), 2 deletions(-)
Index: rpmlint-rpmlint-1.10/BinariesCheck.py
===================================================================
--- rpmlint-rpmlint-1.10.orig/BinariesCheck.py
+++ rpmlint-rpmlint-1.10/BinariesCheck.py
@@ -16,7 +16,7 @@ import rpm
import AbstractCheck
import Config
-from Filter import addDetails, printError, printWarning
+from Filter import addDetails, printError, printWarning, printInfo
import Pkg
@@ -56,6 +56,10 @@ class BinaryInfo(object):
chroot_call_regex = create_regexp_call('chroot')
# 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
objdump_call_regex = re.compile(br'callq?\s(.*)')
+ debuginfo_regex=re.compile('^\s+\[\s*\d+\]\s+\.debug_.*\s+')
+ symtab_regex=re.compile('^\s+\[\s*\d+\]\s+\.symtab\s+')
+ gethostbyname_call_regex = create_regexp_call(['gethostbyname', 'gethostbyname2',
+ 'gethostbyaddr', 'gethostbyname_r', 'gethostbyname2_r', 'gethostbyaddr_r'])
forbidden_functions = Config.getOption("WarnOnFunction")
if forbidden_functions:
@@ -84,7 +88,10 @@ class BinaryInfo(object):
self.exec_stack = False
self.exit_calls = []
self.forbidden_calls = []
+ self.calls_gethostbyname = False
fork_called = False
+ self.debuginfo = 0
+ self.symtab=0
self.tail = ''
self.setgid = False
@@ -167,6 +174,11 @@ class BinaryInfo(object):
if ret:
self.forbidden_calls.append(r_name)
+ r = BinaryInfo.gethostbyname_call_regex.search(l)
+ if r:
+ self.calls_gethostbyname = True
+ continue
+
if is_shlib:
r = BinaryInfo.exit_call_regex.search(l)
if r:
@@ -177,6 +189,14 @@ class BinaryInfo(object):
fork_called = True
continue
+ if BinaryInfo.debuginfo_regex.search(l):
+ self.debuginfo=1
+ continue
+
+ if BinaryInfo.symtab_regex.search(l):
+ self.symtab=1
+ continue
+
# check if we don't have a string that will automatically
# waive the presence of a forbidden call
if self.forbidden_calls:
@@ -392,13 +412,26 @@ class BinariesCheck(AbstractCheck.Abstra
continue
# stripped ?
- if 'not stripped' in pkgfile.magic:
+ if 'not stripped' in pkgfile.magic and \
+ (os.environ.get('BUILD_DIR', '') == '' or
+ os.environ.get('BUILD_DEBUG', '') != ''):
printWarning(pkg, 'unstripped-binary-or-object', fname)
# inspect binary file
is_shlib = so_regex.search(fname)
bin_info = BinaryInfo(pkg, pkgfile.path, fname, is_ar, is_shlib)
+ # stripped static library
+ if is_ar:
+ if bin_info.readelf_error:
+ pass
+ elif not bin_info.symtab:
+ printError(pkg, 'static-library-without-symtab', fname)
+ elif not bin_info.debuginfo and \
+ (os.environ.get('BUILD_DIR', '') == '' or \
+ os.environ.get('BUILD_DEBUG','') != ''):
+ printWarning(pkg, 'static-library-without-debuginfo', fname)
+
if is_shlib:
has_lib = True
@@ -453,6 +486,10 @@ class BinariesCheck(AbstractCheck.Abstra
printWarning(pkg, ec, fname,
BinaryInfo.forbidden_functions[ec]['f_name'])
+ # gethostbyname ?
+ if bin_info.calls_gethostbyname:
+ printInfo(pkg, 'binary-or-shlib-calls-gethostbyname', fname)
+
# rpath ?
if bin_info.rpath:
for p in bin_info.rpath:
@@ -666,6 +703,14 @@ with the intended shared libraries only.
'ldd-failed',
'''Executing ldd on this file failed, all checks could not be run.''',
+'static-library-without-symtab',
+'''The static library doesn't contain any symbols and therefore can't be linked
+against. This may indicated that it was strip.''',
+
+'static-library-without-debuginfo',
+'''The static library doesn't contain any debuginfo. Binaries linking against
+this static library can't be properly debugged.''',
+
'executable-stack',
'''The binary declares the stack as executable. Executable stack is usually an
error as it is only needed if the code contains GCC trampolines or similar
@@ -678,6 +723,10 @@ don\'t define a proper .note.GNU-stack s
make the stack executable. Usual suspects include use of a non-GNU linker or
an old GNU linker version.''',
+'binary-or-shlib-calls-gethostbyname',
+'''The binary calls gethostbyname(). Please port the code to use
+getaddrinfo().''',
+
'shared-lib-calls-exit',
'''This library package calls exit() or _exit(), probably in a non-fork()
context. Doing so from a library is strongly discouraged - when a library
@@ -696,6 +745,12 @@ that use prelink, make sure that prelink
placing a blacklist file in /etc/prelink.conf.d. For more information, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49''',
+'unstripped-binary-or-object',
+'''stripping debug info from binaries happens automatically according to global
+project settings. So there's normally no need to manually strip binaries.
+Left over unstripped binaries could therefore indicate a bug in the automatic
+stripping process.''',
+
'non-position-independent-executable',
'''This executable must be position independent. Check that it is built with
-fPIE/-fpie in compiler flags and -pie in linker flags.''',
Reference in New Issue View Git Blame Copy Permalink