scripts: Add check that libraries won't be installed in the wrong place

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/Makefile.am b/Makefile.am
index cbaa5161c364b0d8b46f468e2cce99511a261844..57da33e37275a55280fc956f324202ec7b2bffbe 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -557,6 +557,7 @@ dist_scripts_SCRIPTS = \
        src/scripts/check-buildroot \
        src/scripts/check-hardening \
        src/scripts/check-include \
+       src/scripts/check-libraries \
        src/scripts/check-symlinks \
        src/scripts/check-unsafe-files \
        src/scripts/cleanup \

diff --git a/src/libpakfire/build.c b/src/libpakfire/build.c
index b5f1b2e4bd1fb3a56f8a0239e594962540ef3f02..3940b18616228ea7a097db3e3214f0cd4b566c1b 100644 (file)
--- a/src/libpakfire/build.c
+++ b/src/libpakfire/build.c
@@ -341,6 +341,7 @@ static const char* post_build_scripts[] = {
        "remove-static-libs",
        "check-symlinks",
        "check-unsafe-files",
+       "check-libraries",
        "check-buildroot",
        "check-include",
        "check-hardening",

diff --git a/src/scripts/check-libraries b/src/scripts/check-libraries
new file mode 100644 (file)
index 0000000..02f5681
--- /dev/null
+++ b/src/scripts/check-libraries
@@ -0,0 +1,76 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# Pakfire - The IPFire package management system                              #
+# Copyright (C) 2021 Pakfire development team                                 #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+error() {
+       echo "${0#/}: $@" >&2
+}
+
+main() {
+       local buildroot="${1}"
+       shift
+
+       # Check if BUILDROOT exists
+       if [ ! -d "${buildroot}" ]; then
+               error "BUILDROOT does not exist"
+               return 1
+       fi
+
+       # Fetch the architecture
+       local arch="$(uname -m)"
+
+       case "${arch}" in
+               # Fall through on these architectures
+               aarch64|x86_64)
+                       ;;
+
+               # This check isn't relevant
+               *)
+                       return 0
+                       ;;
+       esac
+
+       local files=()
+
+       local file
+       for file in $(find "${buildroot}/usr/lib" -maxdepth 1 -name "*.so*" 2>/dev/null); do
+               # Ignore any non-ELF files
+               if ! file "${file}" | grep -q "ELF"; then
+                       continue
+               fi
+
+               files+=( "${file}" )
+       done
+
+       # Log errors
+       if [ "${#files[@]}" -gt 0 ]; then
+               error "Libraries are not allowed to be installed in /usr/lib"
+               local file
+               for file in ${files[@]}; do
+                       error "  ${file/${buildroot}/}"
+               done
+
+               return 1
+       fi
+
+       return 0
+}
+
+main "$@" || exit $?