- update rpmlint-pie.diff and suse-file-var-run.diff with upstream

accepted variant OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=18
2011-05-17 10:42:54 +00:00 · 2011-05-17 10:42:54 +00:00 · 571a987409
commit 571a987409
parent 61554a7841
6 changed files with 102 additions and 64 deletions
--- a/pie.config
+++ b/pie.config
@ -3,8 +3,7 @@ from Config import *
 # This file should list daemons and programs that are likely to be set setuid
 # by users. Files listed in permissions.eays are automatically checked.

-setOption("PieExecutables",
-(
+pie_execs = (
 "/bin/ping",
 "/bin/ping6",
 "/bin/su",
@ -231,4 +230,5 @@ setOption("PieExecutables",
 "/usr/sbin/ypserv",
 "/usr/bin/zone2ldap",
 )
-)
+
+setOption('PieExecutables', '^(?:%s)$' % '|'.join(pie_execs))
--- a/rpmlint-pie.diff
+++ b/rpmlint-pie.diff
@ -1,56 +1,61 @@
-From cdf3d7e6338e8133d9b2b8f19de8e5a3308327bc Mon Sep 17 00:00:00 2001
-From: Ludwig Nussel <ludwig.nussel@suse.de>
-Date: Mon, 9 May 2011 11:54:48 +0200
-Subject: [PATCH] check for position independent executables
+From 6eedb2e510533cb196f37803b78ca64c0d0a77d4 Mon Sep 17 00:00:00 2001
+From: scop <scop@9bc8b190-ac0f-0410-8968-dc7d1f502856>
+Date: Sun, 15 May 2011 09:05:04 +0000
+Subject: [PATCH] Check for position independent executables (based on patch by Ludwig Nussel).

+git-svn-id: http://rpmlint.zarb.org/svn/trunk@1865 9bc8b190-ac0f-0410-8968-dc7d1f502856
 ---
- BinariesCheck.py |   11 +++++++++++
+ BinariesCheck.py |   10 ++++++++++
 config           |    4 ++++
- 2 files changed, 15 insertions(+), 0 deletions(-)
+ 2 files changed, 14 insertions(+), 0 deletions(-)

 Index: rpmlint-1.1/BinariesCheck.py
 ===================================================================
 --- rpmlint-1.1.orig/BinariesCheck.py
 +++ rpmlint-1.1/BinariesCheck.py
-@@ -25,6 +25,9 @@ DEFAULT_SYSTEM_LIB_PATHS = (
-     '/lib', '/usr/lib', '/usr/X11R6/lib',
-     '/lib64', '/usr/lib64', '/usr/X11R6/lib64')
- 
-+DEFAULT_PIE_EXECUTABLES = (
-+)
-+
- class BinaryInfo:
- 
-     needed_regex = re.compile('\s+\(NEEDED\).*\[(\S+)\]')
-@@ -189,6 +192,7 @@ so_regex = re.compile('/lib(64)?/[^/]+\.
+@@ -189,6 +189,8 @@ so_regex = re.compile('/lib(64)?/[^/]+\.
 validso_regex = re.compile('(\.so\.\d+(\.\d+)*|\d\.so)$')
 sparc_regex = re.compile('SPARC32PLUS|SPARC V9|UltraSPARC')
 system_lib_paths = Config.getOption('SystemLibPaths', DEFAULT_SYSTEM_LIB_PATHS)
-+pie_executables = Config.getOption('PieExecutables', DEFAULT_PIE_EXECUTABLES)
+pie_exec_re = Config.getOption('PieExecutables')
+if pie_exec_re: pie_exec_re = re.compile(pie_exec_re)
 usr_lib_regex = re.compile('^/usr/lib(64)?/')
 bin_regex = re.compile('^(/usr(/X11R6)?)?/s?bin/')
 soversion_regex = re.compile('.*?([0-9][.0-9]*)\\.so|.*\\.so\\.([0-9][.0-9]*).*')
-@@ -377,6 +381,9 @@ class BinariesCheck(AbstractCheck.Abstra
+@@ -377,6 +379,11 @@ class BinariesCheck(AbstractCheck.Abstra
             if not is_exec and not is_shobj:
                 continue
 
-+            if fname in pie_executables and not is_shobj:
-+                printError(pkg, 'not-a-position-independent-executable', fname)
+            if is_shobj and not is_exec and '.so' not in fname and \
+                    bin_regex.search(fname):
+                # pkgfile.magic does not contain "executable" for PIEs
+                is_exec = True
 +
             if is_exec:
 
                 if bin_regex.search(fname):
-@@ -598,6 +605,10 @@ that use prelink, make sure that prelink
- placing a blacklist file in /etc/prelink.conf.d.  For more information, see
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49''',
+@@ -385,6 +392,10 @@ class BinariesCheck(AbstractCheck.Abstra
+                 if ocaml_mixed_regex.search(bin_info.tail):
+                     printWarning(pkg, 'ocaml-mixed-executable', fname)
 
-+'not-a-position-independent-executable',
-+'''As per distribution policy the binary must be position independent. Add
-+-fPIE to CFLAGS and -pie to LDFLAGS'''
+                if not is_shobj and pie_exec_re and pie_exec_re.search(fname):
+                    printError(pkg, 'non-position-independent-executable',
+                               fname)
 +
- 'unstripped-binary-or-object',
- '''stripping debug info from binaries happens automatically according to global
+             if bin_info.readelf_error:
+                 continue
+ 
+@@ -603,6 +614,10 @@ http://bugs.debian.org/cgi-bin/bugreport
 project settings. So there's normally no need to manually strip binaries.
+ Left over unstripped binaries could therefore indicate a bug in the automatic
+ stripping process.''',
+
+'non-position-independent-executable',
+'''This executable must be position independent.  Check that it is built with
+-fPIE/-fpie in compiler flags and -pie in linker flags.''',
+ )
+ 
+ # BinariesCheck.py ends here
 Index: rpmlint-1.1/config
 ===================================================================
 --- rpmlint-1.1.orig/config
@ -59,9 +64,9 @@ Index: rpmlint-1.1/config
 # Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck
 #setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))
 
-+# List of binaries that must be position independent executables
-+# Type: tuple of strings, default: empty
-+#setOption("PieExecutables", ('/bin/ping', '/bin/su'))
+# Executables that must be compiled as position independent.
+# Type: regex, default: None
+#setOption("PieExecutables", '^/bin/(ping6?|su)$')
 +
 # Whether to want default start/stop runlevels specified in init scripts.
 # Type: boolean, default: True
--- a/rpmlint-typo.diff
+++ b/rpmlint-typo.diff
@ -0,0 +1,26 @@
+From 75b89dd25fc1d653131f27702030b8b829759317 Mon Sep 17 00:00:00 2001
+From: scop <scop@9bc8b190-ac0f-0410-8968-dc7d1f502856>
+Date: Wed, 11 May 2011 16:25:39 +0000
+Subject: [PATCH] Fix setting message type for reasons with badness threshold defined (Ludwig Nussel).
+
+git-svn-id: http://rpmlint.zarb.org/svn/trunk@1862 9bc8b190-ac0f-0410-8968-dc7d1f502856
+---
+ Filter.py |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/Filter.py b/Filter.py
+index 5f076cd..6549131 100644
+--- a/Filter.py
+++ b/Filter.py
+@@ -49,7 +49,7 @@ def _print(msgtype, pkg, reason, details):
+         badness = Config.badness(reason)
+         # anything with badness is an error
+         if badness:
+-            msgtype == 'E'
+            msgtype = 'E'
+         # errors without badness become warnings
+         elif msgtype == 'E':
+             msgtype = 'W'
+-- 
+1.7.3.4
+
--- a/rpmlint.changes
+++ b/rpmlint.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue May 17 09:41:43 UTC 2011 - lnussel@suse.de
+
+- update rpmlint-pie.diff and suse-file-var-run.diff with upstream
+  accepted variant
+
 -------------------------------------------------------------------
 Wed May 11 11:25:33 UTC 2011 - lnussel@suse.de

--- a/rpmlint.spec
+++ b/rpmlint.spec
@ -71,6 +71,7 @@ Patch7:         suse-pkg-config-check.diff
 Patch8:         suse-binarieschecks.diff
 Patch9:         no-doc-for-lib.diff
 Patch10:        add-scoring-support.diff
+# accepted upstream
 Patch11:        suse-file-var-run.diff
 Patch12:        usr-arch.diff
 Patch13:        script-interpreter-only-for-exec-scripts.diff
@ -122,10 +123,13 @@ Patch81:        suse-whitelist-opensuse.diff
 Patch84:        extend-suse-conffiles-check.diff
 Patch85:        suse-changelog.patch
 Patch86:        suse-rclink-check.diff
-# already upstream
+# accepted upstream
 Patch87:        rpmlint-add-details.diff
 Patch88:        suse-speccheck-utf8.diff
+# accepted upstream
 Patch89:        rpmlint-pie.diff
+# accepted upstream
+Patch90:        rpmlint-typo.diff
 %py_requires

 %description
@ -206,6 +210,7 @@ Authors:
 %patch87 -p1
 %patch88
 %patch89 -p1
+%patch90 -p1
 cp -p %{SOURCE1} .
 cp -p %{SOURCE2} .
 cp -p %{SOURCE3} .
--- a/suse-file-var-run.diff
+++ b/suse-file-var-run.diff
@ -1,48 +1,44 @@
-From 811469ebe70ea65029d64ae2e7bc6e9828f59c9e Mon Sep 17 00:00:00 2001
-From: Ludwig Nussel <ludwig.nussel@suse.de>
-Date: Wed, 11 May 2011 13:15:22 +0200
-Subject: [PATCH] check for files in /var/run and /var/lock
+From d685ddb42daa5d3b122c0486cc1d4f2dde6c466f Mon Sep 17 00:00:00 2001
+From: scop <scop@9bc8b190-ac0f-0410-8968-dc7d1f502856>
+Date: Fri, 13 May 2011 17:10:53 +0000
+Subject: [PATCH] Warn about non-ghost files in /var/run and /var/lock (based on patch from Ludwig Nussel).

-nowadays /var/run and /var/lock move to using tmpfs so disallow
-packaging files there
+git-svn-id: http://rpmlint.zarb.org/svn/trunk@1863 9bc8b190-ac0f-0410-8968-dc7d1f502856
 ---
 FilesCheck.py |   16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

-diff --git a/FilesCheck.py b/FilesCheck.py
-index a82b4b8..0f43927 100644
--- a/FilesCheck.py
-+++ b/FilesCheck.py
-@@ -443,6 +443,10 @@ class FilesCheck(AbstractCheck.AbstractCheck):
+Index: rpmlint-1.1/FilesCheck.py
+===================================================================
+--- rpmlint-1.1.orig/FilesCheck.py
+++ rpmlint-1.1/FilesCheck.py
+@@ -911,6 +911,12 @@ class FilesCheck(AbstractCheck.AbstractC
                 printError(pkg, 'dir-or-file-in-usr-local', f)
             elif f.startswith('/var/local/'):
                 printError(pkg, 'dir-or-file-in-var-local', f)
-+            elif f.startswith('/var/run/') and f not in ghost_files:
-+                printError(pkg, 'dir-or-file-in-var-run', f)
+            elif f.startswith('/var/run/'):
+                if f not in ghost_files:
+                    printWarning(pkg, 'non-ghost-in-var-run', f)
 +            elif f.startswith('/var/lock/'):
-+                printError(pkg, 'dir-or-file-in-var-lock', f)
+                if f not in ghost_files:
+                    printWarning(pkg, 'non-ghost-in-var-lock', f)
             elif sub_bin_regex.search(f):
                 printError(pkg, 'subdir-in-bin', f)
             elif f.startswith('/home/'):
-@@ -1019,6 +1023,18 @@ for packages to install files in this directory.''',
+@@ -1478,6 +1484,16 @@ for packages to install files in this di
 '''A file in the package is located in /var/local. It's not permitted
 for packages to install files in this directory.''',
 
-+'dir-or-file-in-var-run',
-+'''A file or directory in the package is located in /var/run. It's not
-+permitted for packages to install files in this directory as it might
-+be created as tmpfs during boot. Mark the files in question as %ghost and
-+create them at run time instead.''',
+'non-ghost-in-var-run',
+'''A file or directory in the package is located in /var/run. Files installed
+in this directory should be marked as %ghost and created at runtime to work
+properly in tmpfs /var/run setups.''',
 +
-+'dir-or-file-in-var-lock',
-+'''A file or directory in the package is located in /var/lock. It's
-+not permitted for packages to install files in this directory as it
-+is a) reserved for legacy device lock files and b) might be created
-+as tmpfs during boot.''',
+'non-ghost-in-var-lock',
+'''A file or directory in the package is located in /var/lock. Files installed
+in this directory should be marked as %ghost and created at runtime to work
+properly in tmpfs /var/lock setups.''',
 +
 'subdir-in-bin',
 '''The package contains a subdirectory in /usr/bin. It's not permitted to
 create a subdir there. Create it in /usr/lib/ instead.''',
-- 
-1.7.3.4
-