# vim:sw=4:et ############################################################################# # File : LibraryPolicyCheck.py # Package : rpmlint # Author : Richard Guenther # Purpose : Verify shared library packaging policy rules ############################################################################# from Filter import * import AbstractCheck import rpm import re import commands import stat import Config import os import string import Pkg _policy_legacy_exceptions = ( "libacl1", "libaio1", "libakode_mpeg_decoder", "libalut0", "libamso-rdmav2", "libapr-1-0", "libapr_dbd_mysql", "libapr_dbd_pgsql", "libapr_dbd_sqlite3", "libaprutil-1-0", "libapt-pkg-libc6_6-6-2", "libart_lgpl_2-2", "libartskde1", "libatm1", "libattr1", "libauthldap0", "libauthmysql0", "libauthpgsql0", "libauthpipe0", "libauthuserdb0", "libbluetooth2", "libcairo2", "libcairomm-1_0-1", "libcap1", "libcasakwallet1", "libc-client2006c1_suse", "libccrtp1-1_5-0", "libcdaudio1", "libcdk4", "libcheck0", "libchewing3", "libchm0", "libclalsadrv1", "libclthreads2", "libclucene0", "libclxclient3", "libcole2", "libcppunit-1_10-2", "libdar4", "libdbh-4_5-4", "libdb_java-4_3", "libdbus-glib-1-2", "libdbus-qt-1-1", "libdc0", "libdm0", "libdns_sd1", "libdrm2", "libdts0", "libdvdcss2", "libdvdnav4", "libebml0", "libefence0", "libEMF1", "libevent-1_3b1", "libevolutionglue", "libexif12", "libexif9", "libexif-gtk4", "libexiv2-0", "libf2c0", "libffi4", "libflaim5_2", "libFnlib0", "libfontenc1", "libfreebob0", "libfreeradius-client2", "libfreetype6", "libftgl0", "libg2banking2", "libg2c0", "libgadu3", "libgalago3", "libgalago-gtk1", "libganglia1", "libgcc_s1", "libgcc_s4", # only for hppa "libgconfmm-2_6-1", "libgdome0", "libghttp1", "libgif4", "libgimpprint1", "libgfortran1", # gcc41 "libglade-2_0-0", "libgladesharpglue-2", "libgle3", "libglibsharpglue-2", "libgltt0", "libglut3", "libGLw1", "libgmcop1", "libgnet-2_0-0", "libgnomecanvasmm-2_6-1", "libgnomecanvaspixbuf1", "libgnomecups-1_0-1", "libgnome-keyring0", "libgnomemm-2_6-1", "libgnomeprintui-2-2-0", "libgnomesharpglue-2", "libgnomeuimm-2_6-1", "libgomp1", "libgsfglue", "libgsf-gnome-1-114", "libgssapi2", "libgtkgl4", "libgtkhtml-2-0", "libgtksourceview-1_0-0", "libgtkspell0", "libgtkxmhtml1", "libhandle1", "libhangul0", "libHermes1", "libibcm1", "libibverbs1", "libICE6", "libid3-3_8-3", "libid3tag0", "libIDL-2-0", "libidmef0", "libidn11", "libiec61883-0", "libilbc0", "libind_helper0", "libiniparser0", "libInternalSymbols1", "libipathverbs-rdmav2", "libiterm1", "libjackasyn0", "libjasper1", "libJNIChangeHat1", "libjpeg62", "libkakasi2", "libkbanking1", "libkcddb5", "libkcompactdisc1", "libkdegames5", "libkexiv2-1", "libkeyutils1", "libkonq5", "libksba8", "libkscan1", "libktoblzcheck1", "libkxmleditorpart1", "liblash2", "libldapcpp0", "liblite0", "liblo0", "libloudmouth-1-0", "libltdl3", "liblua5_1", "liblzo2-2", "libmad0", "libmal0", "libmatroska0", "libmcrypt4", "libmdbodbc0", "libmeanwhile1", "libmemcache0", "libmhash2", "libmikmod2", "libmng1", "libmono-profiler-heap-buddy0", "libmp3lame0", "libmpcdec3", "libmpeg-0_3_0", # kdemultimedia3-mad "libmsrpc0", "libmthca-rdmav2", "libnasl2", "libneon24", "libnet0", "libnet6-1_3-0", "libnfsidmap0", "libnl1", "libnm_glib0", "libnm-novellvpn-properties0", "libnm-openvpn-properties0", "libnm-vpnc-properties0", "libnscd1", "libnvtvsimple0", "libobby-0_4-0", "libobjc1", "libobjc2", "libodbcinstQ1", "liboggz1", "liboil-0_3-0", "libol-0_3_18", "liboop4", "libopal2_2", "libopenal0", "libopencdk8", "libopenobex1", "libopenobex-glib1", "libotf0", "libparagui-1_0-0", "libpathan3", "libpcap0", "libpcd2", "libpgeasy3", "libpoppler1", "libpopt0", "libportaudio2", "libpowersave11", "libpq++4", "libpri1_0", "libPropList0", "libpt1_10", "libpth20", "libpythonize0", "libqainternal0", "libqainternalperl0", "libqca1", "libqnotify0", "libqscintilla6", "libQt3Support4", "libqtc1", "libQtDBus4", "libqtsharp0", "libQtSql4", "librdf0", "librekall_driver_xbase245", "librekall_driver_sqlite3-245", "librekall_driver_pgsql245", "librekall_driver_mysql245", "librdmacm1", "librlog1", "librpcsecgss3", "librsync1", "libsamplerate0", "libsax7", "libSDL-1_2-0", "libSDL_gfx0", "libSDL_image-1_2-0", "libSDLmm-0_1-8", "libSDL_net-1_2-0", "libSDL_Pango1", "libSDL_ttf-2_0-0", "libsecprog0", "libserdisp1", "libsexy2", "libsigc-1_2-5", "libsigc-2_0-0", "libSM6", "libsmbclient0", "libsmbios1", "libsmbiosxml1", "libsmbsharemodes0", "libsmi2", "libsndfile1", "libsoup-2_2-8", "libspandsp0", "libspeex1", "libstartup-notification-1-0", "libstdc++5", "libstdc++6", "libstroke0", "libstunnel", "libsvg1", "libsvg-cairo1", "libswfdec-0_4-2", "libsynaptics0", "libsysfs2", "libtclsqlite3-0", "libtelepathy2", "libthai0", "libthinkfinger0", "libtidy-0_99-0", "libtomoe-gtk0", "libtonezone1_0", "libtre4", "libutempter0", "libvirt0", "libvisual-0_4-0", "libvolume_id0", "libvtesharpglue-2", "libwnck-1-18", "libwnn1", "libwv2-1", "libwx_gtk2u_gl-2_8-0", "libx86-1", "libXau6", "libxclass0_9_2", "libxcrypt1", "libXdmcp6", "libXext6", "libxfce4util4", "libxfcegui4-4", "libXfixes3", "libxflaim3_2", "libXiterm1", "libxkbfile1", "libxklavier11", "libxml1", "libxml2-2", "libxml++-2_6-2", "libXp6", "libXprintUtil1", "libxquery-1_2", "libXrender1", "libXt6", "libXv1", "libxvidcore4", "liby2storage2", "liby2util3", "libz1", "libzio0", "libzrtpcpp-0_9-0", ) _essential_dependencies = ( "ld-linux.so.2", "libacl.so.1", "libanl.so.1", "libanonymous.so.2", "libattr.so.1", "libaudit.so.0", "libauparse.so.0", "libBrokenLocale.so.1", "libbz2.so.1", "libcidn.so.1", "libck-connector.so.0", "libcom_err.so.2", "libcrack.so.2", "libcrypto.so.0.9.8", "libcrypt.so.1", "libc.so.6", "libdbus-1.so.3", "libdbus-glib-1.so.2", "libdes425.so.3", "libdl.so.2", "libexpat.so.1", "libform.so.5", "libformw.so.5", "libgcc_s.so.1", "libgcrypt.so.11", "libgdbm_compat.so.3", "libgdbm.so.3", "libgio-2.0.so.0", "libglib-2.0.so.0", "libgmodule-2.0.so.0", "libgobject-2.0.so.0", "libgpg-error.so.0", "libgssapi_krb5.so.2", "libgssrpc.so.4", "libgthread-2.0.so.0", "libhal.so.1", "libhal-storage.so.1", "libhd.so.14", "libhistory.so.5", "libk5crypto.so.3", "libkadm5clnt.so.5", "libkadm5srv.so.5", "libkdb5.so.4", "libkeyutils.so.1", "libkrb4.so.2", "libkrb5.so.3", "libkrb5support.so.0", "libksba.so.8", "liblber-2.4.so.2", "libldap-2.4.so.2", "libldap_r-2.4.so.2", "liblogin.so.2", "liblog_syslog.so.1", "libltdl.so.3", "libmagic.so.1", "libmenu.so.5", "libmenuw.so.5", "libm.so.6", "libncurses.so.5", "libncursesw.so.5", "libnscd.so.1", "libnsl.so.1", "libnss_compat.so.2", "libnss_dns.so.2", "libnss_files.so.2", "libnss_hesiod.so.2", "libnss_nisplus.so.2", "libnss_nis.so.2", "libopenct.so.1", "libopensc.so.2", "libpamc.so.0", "libpam_misc.so.0", "libpam.so.0", "libpanel.so.5", "libpanelw.so.5", "libparted-1.8.so.8", "libpcrecpp.so.0", "libpcreposix.so.0", "libpcre.so.0", "libpcsclite.so.1", "libpkcs15init.so.2", "libpolkit-dbus.so.2", "libpolkit-grant.so.2", "libpolkit.so.2", "libpopt.so.0", "libpthread.so.0", "libpth.so.20", "libreadline.so.5", "libresmgr.so.0.9.8", "libresmgr.so.1", "libresolv.so.2", "librt.so.1", "libsasl2.so.2", "libsasldb.so.2", "libscconf.so.2", "libslp.so.1", "libsmbios.so.1", "libssl.so.0.9.8", "libss.so.2", "libstdc++.so.6", "libthread_db.so.1", "libtic.so.5", "libusb-0.1.so.4", "libusbpp-0.1.so.4", "libutil.so.1", "libuuid.so.1", "libvolume_id.so.0", "libwrap.so.0", "libX11.so.6", "libX11-xcb.so.1", "libXau.so.6", "libxcb-composite.so.0", "libxcb-damage.so.0", "libxcb-dpms.so.0", "libxcb-glx.so.0", "libxcb-randr.so.0", "libxcb-record.so.0", "libxcb-render.so.0", "libxcb-res.so.0", "libxcb-screensaver.so.0", "libxcb-shape.so.0", "libxcb-shm.so.0", "libxcb.so.1", "libxcb-sync.so.0", "libxcb-xevie.so.0", "libxcb-xf86dri.so.0", "libxcb-xfixes.so.0", "libxcb-xinerama.so.0", "libxcb-xlib.so.0", "libxcb-xprint.so.0", "libxcb-xtest.so.0", "libxcb-xvmc.so.0", "libxcb-xv.so.0", "libxcrypt.so.1", "libzio.so.0", "libz.so.1", ) from BinariesCheck import BinaryInfo def libname_from_soname (soname): libname = string.split(soname, '.so.') if len(libname) == 2: if libname[0][-1:].isdigit(): libname = string.join(libname, '-') else: libname = string.join(libname, '') else: libname = soname[:-3] libname = libname.replace('.', '_') return libname class LibraryPolicyCheck(AbstractCheck.AbstractCheck): def __init__(self): self.map = [] AbstractCheck.AbstractCheck.__init__(self, "LibraryPolicyCheck") def check(self, pkg): global _policy_legacy_exceptions if pkg.isSource(): return # Only check unsuffixed lib* packages if pkg.name.endswith('-devel') or pkg.name.endswith('-doc'): return files = pkg.files() # Search for shared libraries in this package libs = set() libs_needed = set() dirs = set() reqlibs = set() pkg_requires = set(map(lambda x: string.split(x[0],'(')[0], pkg.requires())) for f in files: if f.find('.so.') != -1 or f.endswith('.so'): filename = pkg.dirName() + '/' + f try: if stat.S_ISREG(files[f][0]): bi = BinaryInfo(pkg, filename, f, 0) libs_needed = libs_needed.union(bi.needed) if bi.soname != 0: libs.add(bi.soname) dirs.add(string.join(f.split('/')[:-1], '/')) if bi.soname in pkg_requires: # But not if the library is used by the pkg itself # This avoids program packages with their own private lib # FIXME: we'd need to check if somebody else links to this lib reqlibs.add(bi.soname) except: pass pass std_dirs = dirs.intersection(('/lib', '/lib64', '/usr/lib', '/usr/lib64', '/opt/kde3/lib')) # If this is a program package (all libs it provides are # required by itself), bail out if not pkg.name.startswith("lib") and len(libs.difference(reqlibs)) == 0: return # If this package should be or should be splitted into shlib # package(s) if len(libs) > 0 and len(std_dirs) > 0: # If the package contains a single shlib, name after soname if len(libs) == 1: soname = libs.copy().pop() libname = libname_from_soname (soname) if libname.startswith('lib') and pkg.name != libname: if libname in _policy_legacy_exceptions: printWarning(pkg, 'shlib-legacy-policy-name-error', libname) else: printError(pkg, 'shlib-policy-name-error', libname) elif not pkg.name[-1:].isdigit(): printError(pkg, 'shlib-policy-missing-suffix') if (not pkg.name.startswith('lib')) or pkg.name.endswith('-lang'): return if not libs: if pkg.name in _policy_legacy_exceptions: printWarning(pkg, 'shlib-legacy-policy-missing-lib', pkg.name) else: printError(pkg, 'shlib-policy-missing-lib') # Verify no non-lib stuff is in the package dirs = set() for f in files: if os.path.isdir(pkg.dirName()+f): dirs.add(f) # Verify non-lib stuff does not add dependencies if libs: for dep in pkg_requires.difference(_essential_dependencies): if dep.find('.so.') != -1 and not dep in libs and not dep in libs_needed: printError(pkg, 'shlib-policy-excessive-dependency', dep) # Check for non-versioned directories beyond sysdirs in package sysdirs = [ '/lib', '/lib64', '/usr/lib', '/usr/lib64', '/usr/share/doc/packages', '/usr/share' ] cdirs = set() for sysdir in sysdirs: done = set() for dir in dirs: if dir.startswith(sysdir + '/'): ssdir = string.split(dir[len(sysdir)+1:],'/')[0] if not ssdir[-1].isdigit(): cdirs.add(sysdir+'/'+ssdir) done.add(dir) dirs = dirs.difference(done) map(lambda dir: printError(pkg, 'shlib-policy-nonversioned-dir', dir), cdirs) check=LibraryPolicyCheck() if Config.info: addDetails( 'shlib-policy-missing-suffix', """Your package containing shared libraries does not end in a digit and should probably be split.""", 'shlib-policy-devel-file', """Your shared library package contains development files. Split them into a -devel subpackage.""", 'shlib-policy-name-error', """Your package contains a single shared library but is not named after its SONAME.""", 'shlib-policy-nonversioned-dir', """Your shared library package contains non-versioned directories. Those will not allow to install multiple versions of the package in parallel.""", 'shlib-legacy-policy-name-error', """Your shared library package is not named after its SONAME, but it has been added to the list of legacy exceptions. Please do ot rename the package until SONAME changes, but if you have to rename it for another reason, make sure you name it correctly.""", 'shlib-policy-excessive-dependency', """Your package starts with 'lib' as part of it's name, but also contains binaries that have more dependencies than those that already required by the libraries. Those binaries should probably not be part of the library package, but split into a seperate one to reduce the additional dependencies for other users of this library.""", 'shlib-policy-missing-lib', """Your package starts with 'lib' as part of it's name, but does not provide any libraries. It must not be called a lib-package then. Give it a more sensible name.""" )