rpm/rpmlint
SHA256
1
0
Fork 0
forked from pool/rpmlint
Code Pull Requests Activity
1d8d6856a8
rpmlint/suse-binarieschecks.diff
Dirk Mueller 1d8d6856a8 - update to 1.11: 
* Avoid exception on inaccessible scripts
  * Print out the error content on UnicodeError to make flake8 happy
  * Fix flake8 warning about missing space around operators
  * Use compressions when checking for backup files
  * Account for arch specific code in /usr/share
  * Check for installed libtool wrapper files
  * Check for missing optional dependencies
  * Consider gnome help for doc files
  * Check for noarch package with files in lib64
  * Verify if description is longer than summary
  * Explicitly tell users how to set URL
  * Ignore pytest_cache directory
  * confusing-invalid-spec-name
  * Ignore orig/rej leftovers after patching
  * Reenable Travis testing against Fedora Rawhide
  * Check all sections that should not use %buildroot in them
  * Put in default buildroot value used by Fedora/openSUSE
  * Stricter interpreter check
  * Use compileall to avoid %buildroot to be in pyc
  * Drop deprecated config file usage, 0.88 is pretty old anyway
  * Adjust Version to not print outdated Copyright
  * Rework Travis checks against latest Centos and Fedora releases
  * Fix exception handling
  * Fix various flake8-import-order test regressions
  * Blacklist newer pycodestyle warnings
  * Fix compatibility with file 5.33+
  * Python 3.7.0b5 magic number is 3394
  * Update TagsCheck.py
  * pyc related tests: DRY

OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=648
2019-01-13 14:33:18 +00:00

147 lines
5.9 KiB
Diff
Raw Blame History

From: Some One <nobody@opensuse.org>
Date: Thu, 9 Apr 2015 14:55:38 +0200
Subject: [PATCH] suse-binarieschecks.diff
===================================================================
---
BinariesCheck.py | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 56 insertions(+), 2 deletions(-)
Index: rpmlint-rpmlint-1.11/BinariesCheck.py
===================================================================
--- rpmlint-rpmlint-1.11.orig/BinariesCheck.py
+++ rpmlint-rpmlint-1.11/BinariesCheck.py
@@ -16,7 +16,7 @@ import rpm
import AbstractCheck
import Config
-from Filter import addDetails, printError, printWarning
+from Filter import addDetails, printError, printWarning, printInfo
import Pkg
@@ -54,6 +54,9 @@ class BinaryInfo(object):
setuid_call_regex = create_regexp_call(r'set(?:res|e)?uid')
setgroups_call_regex = create_regexp_call(r'(?:ini|se)tgroups')
chroot_call_regex = create_regexp_call('chroot')
+ debuginfo_regex = re.compile(r'^\s+\[\s*\d+\]\s+\.debug_.*\s+')
+ symtab_regex = re.compile(r'^\s+\[\s*\d+\]\s+\.symtab\s+')
+ gethostbyname_call_regex = create_regexp_call(r'(gethostbyname|gethostbyname2|gethostbyaddr|gethostbyname_r|gethostbyname2_r|gethostbyaddr_r)')
forbidden_functions = Config.getOption("WarnOnFunction")
if forbidden_functions:
@@ -83,7 +86,10 @@ class BinaryInfo(object):
self.exec_stack = False
self.exit_calls = []
self.forbidden_calls = []
+ self.calls_gethostbyname = False
fork_called = False
+ self.debuginfo = False
+ self.symtab = False
self.tail = ''
self.lto_sections = False
@@ -134,6 +140,14 @@ class BinaryInfo(object):
self.non_pic = False
continue
+ if BinaryInfo.debuginfo_regex.search(l):
+ self.debuginfo = True
+ continue
+
+ if BinaryInfo.symtab_regex.search(l):
+ self.symtab = True
+ continue
+
r = BinaryInfo.soname_regex.search(line)
if r:
self.soname = r.group(1)
@@ -174,6 +188,9 @@ class BinaryInfo(object):
if BinaryInfo.chroot_call_regex.search(line):
self.chroot = True
+ if BinaryInfo.gethostbyname_call_regex.search(l):
+ self.calls_gethostbyname = True
+
if BinaryInfo.forbidden_functions:
for r_name, func in BinaryInfo.forbidden_functions.items():
ret = func['f_regex'].search(line)
@@ -432,13 +449,26 @@ class BinariesCheck(AbstractCheck.Abstra
continue
# stripped ?
- if 'not stripped' in pkgfile.magic:
+ if ('not stripped' in pkgfile.magic and
+ (os.environ.get('BUILD_DIR', '') == '' or
+ os.environ.get('BUILD_DEBUG', '') != '')):
printWarning(pkg, 'unstripped-binary-or-object', fname)
# inspect binary file
is_shlib = so_regex.search(fname)
bin_info = BinaryInfo(pkg, pkgfile.path, fname, is_ar, is_shlib)
+ # stripped static library
+ if is_ar:
+ if bin_info.readelf_error:
+ pass
+ elif not bin_info.symtab:
+ printError(pkg, 'static-library-without-symtab', fname)
+ elif (not bin_info.debuginfo and
+ (os.environ.get('BUILD_DIR', '') == '' or
+ os.environ.get('BUILD_DEBUG', '') != '')):
+ printWarning(pkg, 'static-library-without-debuginfo', fname)
+
if is_shlib:
has_lib = True
@@ -496,6 +526,10 @@ class BinariesCheck(AbstractCheck.Abstra
printWarning(pkg, ec, fname,
BinaryInfo.forbidden_functions[ec]['f_name'])
+ # gethostbyname ?
+ if bin_info.calls_gethostbyname:
+ printInfo(pkg, 'binary-or-shlib-calls-gethostbyname', fname)
+
# rpath ?
if bin_info.rpath:
for p in bin_info.rpath:
@@ -724,6 +758,14 @@ with the intended shared libraries only.
'ldd-failed',
'''Executing ldd on this file failed, all checks could not be run.''',
+'static-library-without-symtab',
+'''The static library doesn't contain any symbols and therefore can't be linked
+against. This may indicated that it was strip.''',
+
+'static-library-without-debuginfo',
+'''The static library doesn't contain any debuginfo. Binaries linking against
+this static library can't be properly debugged.''',
+
'executable-stack',
'''The binary declares the stack as executable. Executable stack is usually an
error as it is only needed if the code contains GCC trampolines or similar
@@ -736,6 +778,10 @@ don\'t define a proper .note.GNU-stack s
make the stack executable. Usual suspects include use of a non-GNU linker or
an old GNU linker version.''',
+'binary-or-shlib-calls-gethostbyname',
+'''The binary calls gethostbyname(). Please port the code to use
+getaddrinfo().''',
+
'shared-lib-calls-exit',
'''This library package calls exit() or _exit(), probably in a non-fork()
context. Doing so from a library is strongly discouraged - when a library
@@ -754,6 +800,12 @@ that use prelink, make sure that prelink
placing a blacklist file in /etc/prelink.conf.d. For more information, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49''',
+'unstripped-binary-or-object',
+'''stripping debug info from binaries happens automatically according to global
+project settings. So there's normally no need to manually strip binaries.
+Left over unstripped binaries could therefore indicate a bug in the automatic
+stripping process.''',
+
'non-position-independent-executable',
'''This executable must be position independent. Check that it is built with
-fPIE/-fpie in compiler flags and -pie in linker flags.''',
View Git Blame Copy Permalink