forked from pool/rpmlint
Ludwig Nussel
bda5d592a2
- add script update_git.sh based on qemu's to simplify importing a patch series from git after rebasing. * Patches dropped: 0001-Python-3-compatibility-tweaks.patch (upstream) 0001-Set-Python-3.4-magic-number-to-3310.patch (upstream) add-scoring-support.diff (different upstream solution) check-buildroot-during-install.diff (need to fix no-cleaning-of-buildroot check upstream) fix-versioned-prereq.diff (was disabled, not sure what it's useful for) ignore-non-readable-in-etc.diff (filtered anyways) locale-support.diff (drop) locale-update.diff (different upstream solution now) more-verbose-lsb-check.diff (drop) perl-versioned-rpath-deps.diff (upstream) rpmlint-1.5-disallow-var-run-and-var-lock.diff (upstream) rpmlint-1.5-Fix-setgroups-error-name.diff (upstream) rpmlint-decode-fix.diff (different upstream solution) rpmlint-fix-unexpanded-macros-for-array-values.patch (different upstream solution) stricter-tags-check.diff (merged in weak deps and check-for-self-provides.diff) suppress-for-perl-python.diff (use filter instead) suse-binary-info-compile-opts.diff (drop) suse-changelog.patch (change config instead) suse-mono-deps-checks.diff (useful?) suse-required-lsb-tags.diff (different upstream solution) verify-buildrequires.diff (very build system specific, drop) xdg-check-exception.diff (upstream) * renamed patches: script-interpreter-only-for-exec-scripts.diff -> script-interpreter-only-for-exec-sc.diff confusing-invalid-spec-name.patch OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=317
150 lines
5.9 KiB
Diff
150 lines
5.9 KiB
Diff
From 44ff92a4575956ffdcef5b3aad6ffa284b9f2282 Mon Sep 17 00:00:00 2001
|
|
From: Some One <nobody@opensuse.org>
|
|
Date: Thu, 9 Apr 2015 14:55:38 +0200
|
|
Subject: [PATCH] suse-binarieschecks.diff
|
|
|
|
===================================================================
|
|
---
|
|
BinariesCheck.py | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
|
|
1 file changed, 56 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/BinariesCheck.py b/BinariesCheck.py
|
|
index 4634eed..a74d3e3 100644
|
|
--- a/BinariesCheck.py
|
|
+++ b/BinariesCheck.py
|
|
@@ -14,7 +14,7 @@ import sys
|
|
|
|
import rpm
|
|
|
|
-from Filter import addDetails, printError, printWarning
|
|
+from Filter import addDetails, printError, printWarning, printInfo
|
|
import AbstractCheck
|
|
import Config
|
|
import Pkg
|
|
@@ -46,6 +46,9 @@ class BinaryInfo:
|
|
unused_regex = re.compile('^\s+(\S+)')
|
|
exit_call_regex = create_regexp_call('_?exit')
|
|
fork_call_regex = create_regexp_call('fork')
|
|
+ debuginfo_regex=re.compile('^\s+\[\s*\d+\]\s+\.debug_.*\s+')
|
|
+ symtab_regex=re.compile('^\s+\[\s*\d+\]\s+\.symtab\s+')
|
|
+ gethostbyname_call_regex = re.compile('\s+FUNC\s+.*?\s+(gethostbyname(?:@\S+)?)(?:\s|$)')
|
|
# regexp for setgid setegid setresgid set(?:res|e)?gid
|
|
setgid_call_regex = create_regexp_call(['setresgid', 'setegid', 'setgid'])
|
|
setuid_call_regex = create_regexp_call(['setresuid', 'seteuid', 'setuid'])
|
|
@@ -66,7 +69,10 @@ class BinaryInfo:
|
|
self.stack = False
|
|
self.exec_stack = False
|
|
self.exit_calls = []
|
|
+ self.calls_gethostbyname = False
|
|
fork_called = False
|
|
+ self.debuginfo = 0
|
|
+ self.symtab=0
|
|
self.tail = ''
|
|
|
|
self.setgid = False
|
|
@@ -135,6 +141,11 @@ class BinaryInfo:
|
|
self.exec_stack = True
|
|
continue
|
|
|
|
+ r = BinaryInfo.gethostbyname_call_regex.search(l)
|
|
+ if r:
|
|
+ self.calls_gethostbyname = True
|
|
+ continue
|
|
+
|
|
if is_shlib:
|
|
r = BinaryInfo.exit_call_regex.search(l)
|
|
if r:
|
|
@@ -145,6 +156,14 @@ class BinaryInfo:
|
|
fork_called = True
|
|
continue
|
|
|
|
+ if BinaryInfo.debuginfo_regex.search(l):
|
|
+ self.debuginfo=1
|
|
+ continue
|
|
+
|
|
+ if BinaryInfo.symtab_regex.search(l):
|
|
+ self.symtab=1
|
|
+ continue
|
|
+
|
|
if self.non_pic:
|
|
self.non_pic = 'TEXTREL' in res[1]
|
|
|
|
@@ -339,13 +358,26 @@ class BinariesCheck(AbstractCheck.AbstractCheck):
|
|
continue
|
|
|
|
# stripped ?
|
|
- if 'not stripped' in pkgfile.magic:
|
|
+ if 'not stripped' in pkgfile.magic and \
|
|
+ (os.environ.get('BUILD_DIR', '') == '' or
|
|
+ os.environ.get('BUILD_DEBUG', '') != ''):
|
|
printWarning(pkg, 'unstripped-binary-or-object', fname)
|
|
|
|
# inspect binary file
|
|
is_shlib = so_regex.search(fname)
|
|
bin_info = BinaryInfo(pkg, pkgfile.path, fname, is_ar, is_shlib)
|
|
|
|
+ # stripped static library
|
|
+ if is_ar:
|
|
+ if bin_info.readelf_error:
|
|
+ pass
|
|
+ elif not bin_info.symtab:
|
|
+ printError(pkg, 'static-library-without-symtab', fname)
|
|
+ elif not bin_info.debuginfo and \
|
|
+ (os.environ.get('BUILD_DIR', '') == '' or \
|
|
+ os.environ.get('BUILD_DEBUG','') != ''):
|
|
+ printWarning(pkg, 'static-library-without-debuginfo', fname)
|
|
+
|
|
if is_shlib:
|
|
has_lib = True
|
|
|
|
@@ -396,6 +428,10 @@ class BinariesCheck(AbstractCheck.AbstractCheck):
|
|
for ec in bin_info.exit_calls:
|
|
printWarning(pkg, 'shared-lib-calls-exit', fname, ec)
|
|
|
|
+ # gethostbyname ?
|
|
+ if bin_info.calls_gethostbyname:
|
|
+ printInfo(pkg, 'binary-or-shlib-calls-gethostbyname', fname)
|
|
+
|
|
# rpath ?
|
|
if bin_info.rpath:
|
|
for p in bin_info.rpath:
|
|
@@ -603,6 +639,14 @@ with the intended shared libraries only.''',
|
|
'ldd-failed',
|
|
'''Executing ldd on this file failed, all checks could not be run.''',
|
|
|
|
+'static-library-without-symtab',
|
|
+'''The static library doesn't contain any symbols and therefore can't be linked
|
|
+against. This may indicated that it was strip.''',
|
|
+
|
|
+'static-library-without-debuginfo',
|
|
+'''The static library doesn't contain any debuginfo. Binaries linking against
|
|
+this static library can't be properly debugged.''',
|
|
+
|
|
'executable-stack',
|
|
'''The binary declares the stack as executable. Executable stack is usually an
|
|
error as it is only needed if the code contains GCC trampolines or similar
|
|
@@ -615,6 +659,10 @@ don\'t define a proper .note.GNU-stack section.''',
|
|
make the stack executable. Usual suspects include use of a non-GNU linker or
|
|
an old GNU linker version.''',
|
|
|
|
+'binary-or-shlib-calls-gethostbyname',
|
|
+'''The binary calls gethostbyname(). Please port the code to use
|
|
+getaddrinfo().''',
|
|
+
|
|
'shared-lib-calls-exit',
|
|
'''This library package calls exit() or _exit(), probably in a non-fork()
|
|
context. Doing so from a library is strongly discouraged - when a library
|
|
@@ -633,6 +681,12 @@ that use prelink, make sure that prelink does not strip it either, usually by
|
|
placing a blacklist file in /etc/prelink.conf.d. For more information, see
|
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49''',
|
|
|
|
+'unstripped-binary-or-object',
|
|
+'''stripping debug info from binaries happens automatically according to global
|
|
+project settings. So there's normally no need to manually strip binaries.
|
|
+Left over unstripped binaries could therefore indicate a bug in the automatic
|
|
+stripping process.''',
|
|
+
|
|
'non-position-independent-executable',
|
|
'''This executable must be position independent. Check that it is built with
|
|
-fPIE/-fpie in compiler flags and -pie in linker flags.''',
|