/missing
/contrib/pakfire.nm
/src/pakfire/__version__.py
-/src/scripts/quality-agent
/src/systemd/*.service
/tests/.root
/tests/libpakfire/arch
configsdir = $(sysconfdir)/pakfire
configsdistrosdir = $(configsdir)/distros
macrosdir = $(prefix)/lib/pakfire/macros
-qualityagentdir = $(prefix)/lib/quality-agent
scriptsdir = $(prefix)/lib/$(PACKAGE_NAME)
TEST_ROOTFS = $(abs_top_builddir)/tests/.root
# ------------------------------------------------------------------------------
-scripts_SCRIPTS = \
- src/scripts/quality-agent
-
-EXTRA_DIST += \
- src/scripts/quality-agent.in
-
-CLEANFILES += \
- src/scripts/quality-agent
-
dist_scripts_SCRIPTS = \
src/scripts/cleanup \
src/scripts/compress-man-pages \
# ------------------------------------------------------------------------------
-dist_qualityagent_SCRIPTS = \
- src/quality-agent/001-include-files \
- src/quality-agent/001-remove-info-files \
- src/quality-agent/001-unsafe-files \
- src/quality-agent/002-bad-symlinks \
- src/quality-agent/003-libs-location \
- src/quality-agent/050-canary \
- src/quality-agent/050-execstacks \
- src/quality-agent/050-invalid-interpreters \
- src/quality-agent/050-libs-needed \
- src/quality-agent/050-libs-soname \
- src/quality-agent/050-libs-x86_64 \
- src/quality-agent/050-nx \
- src/quality-agent/050-relro \
- src/quality-agent/050-rpaths \
- src/quality-agent/095-directory-layout
-
-dist_qualityagent_DATA = \
- src/quality-agent/qa-include
-
-# ------------------------------------------------------------------------------
-
dist_macros_DATA = \
macros/arch.macro \
macros/build.macro \
macros/package-default.macro \
macros/perl.macro \
macros/python.macro \
- macros/quality-agent.macro \
macros/systemd.macro \
macros/templates.macro
'|PACKAGE_NAME=$(PACKAGE_NAME)|' \
'|PACKAGE_VERSION=$(PACKAGE_VERSION)|' \
'|bindir=$(bindir)|' \
- '|libexecdir=$(libexecdir)|' \
- '|qualityagentdir=$(qualityagentdir)|'
+ '|libexecdir=$(libexecdir)|'
SED_PROCESS = \
$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
%{perl_cleanup}
%{install_post}
-
- %{MACRO_QUALITY_AGENT}
end
def install
+++ /dev/null
-
-###############################################################################
-#
-# Quality agent
-#
-###############################################################################
-
-# Macro to define and start the quality agent.
-# Long term goal is to improve the commited code.
-MACRO_QUALITY_AGENT = BUILDROOT=%{BUILDROOT} /usr/lib/pakfire/quality-agent
-
-# XXX to be moved to some place else
-#export QUALITY_AGENT_NO_DIRECTORY_CHECK
-#export QUALITY_AGENT_NO_DIRECTORY_PRUNE
src/pakfire/ui/helpers.py
src/pakfire/ui/progressbar.py
src/pakfire/util.py
-src/scripts/quality-agent.in
src/systemd/pakfire-daemon.service.in
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Include files have to belong to the root user. \
- This script will fix this automatically."
-
-check() {
- if [ ! -d "${BUILDROOT}/usr/include" ]; then
- return 0
- fi
-
- chown -R root:root ${BUILDROOT}/usr/include
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Remove documentation files."
-
-function check() {
- for dir in ${BUILDROOT}/usr/{,share}/{doc,gtk-doc,info}; do
- if [ -d "${dir}" ]; then
- log DEBUG " Removing: ${dir}"
- rm -rf ${dir} || exit $?
- fi
- done
-}
-
-run
-
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Searching for world-writeable files..."
-
-function check() {
- local ret=0
-
- local files=$(find ${BUILDROOT} -type f -perm -2 2>/dev/null)
- if [ -n "${files}" ]; then
- log ERROR " QA Security Notice:"
- log ERROR " - The folloing files will be world writable."
- log ERROR " - This may or may not be a security problem, most of the time it is one."
- log ERROR " - Please double check that these files really need a world writeable bit and file bugs accordingly."
- log ERROR
- log ERROR "${files}"
- ret=1
- fi
-
- files=$(find ${BUILDROOT} -type f '(' -perm -2002 -o -perm -4002 ')')
- if [ -n "${files}" ]; then
- log ERROR " QA Notice: Unsafe files detected (set*id and world writable)"
- log ERROR
- log ERROR "${files}"
- ret=1
- fi
-
- return ${ret}
-}
-
-run
-
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-# Check for absolute symlinks.
-# We do not allow them because they may point to any bad location.
-
-log_debug "Search for absolute symlinks"
-
-function check() {
- local failed=0
- local item
-
- for link in $(find ${BUILDROOT} -type l); do
- if fgrep -q "/lib/udev/devices" <<<${link}; then
- continue
- fi
-
- if listmatch "${link:${#BUILDROOT}}" ${QUALITY_AGENT_WHITELIST_SYMLINK}; then
- log INFO "Symlink ${link} is on the whitelist."
- continue
- fi
-
- destination=$(readlink ${link})
- if [ "${destination:0:1}" = "/" ]; then
- log ERROR " Absolute symlink: ${link}"
- failed=1
- fi
- if [ ! -e "${link%/*}/${destination}" ]; then
- log ERROR " Not existant destination: ${link} -> ${destination}"
- failed=1
- fi
- done
-
- return ${failed}
-}
-
-run
-
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Checking correct installation of libraries"
-
-# Find the system's libdir.
-case "$(uname -m)" in
- x86_86)
- libdir="lib64"
- ;;
- *)
- libdir="lib"
- ;;
-esac
-
-function check() {
- local failed=0
- local found
-
- for lib in $(find ${BUILDROOT}/${libdir} -maxdepth 1 -type f -name "lib*.so.*" 2>/dev/null); do
- lib=${lib##*/}
- lib=${lib%%.so*}
-
- # Indicates if the library in question has been found.
- found=0
-
- # Check if ${lib}.so is in the linker's search path.
- for path in /usr/${libdir}; do
- if [ -e "${BUILDROOT}${path}/${lib}.so" ]; then
- found=1
- break
- fi
- done
-
- if [ "${found}" = "0" ]; then
- log ERROR " ${lib}.so cannot be found in the linker's search path:"
- log ERROR " /usr/${libdir} ${gcc_libdir}"
- failed=1
- fi
- done
-
- return ${failed}
-}
-
-run
-
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Every binary file has to provide a canary."
-
-function check() {
- local failed=0
-
- local file
- for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do
- if filter_startfiles ${file}; then
- continue
- fi
-
- if ! file_has_canary ${file}; then
- log_warning " Has no canary: ${file}"
- failed=1
- fi
- done
-
- # This is currently disabled and will only return a warning !
- failed=0
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Files with executable stacks will not work properly (or at all!) \
- on some architectures/operating systems."
-
-check() {
- local failed=0
-
- local file
- for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do
- if file_has_execstack ${file}; then
- log_error " File has execstack: ${file}"
- failed=1
- fi
- done
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Detect invalid interpreters."
-
-check() {
- local failed=0
-
- local file
- local interpreter
- for file in $(find ${BUILDROOT} -type f 2>/dev/null); do
- # If a file is not executeable we don't need to check it
- [ -x "${file}" ] || continue
-
- if file_is_script ${file}; then
- interpreter=$(file_get_interpreter ${file})
-
- if grep -q /usr/local <<<${interpreter}; then
- failed=1
- log_error " Interpreter in /usr/local: ${file}"
- fi
-
- # Search for bad /usr/bin/env
- interp=$(basename ${interpreter} 2>/dev/null)
- if [ "${interp}" = "env" ]; then
- # Autofix that crap
- sed -i ${file} \
- -e "s,/usr/bin/env \(/usr/bin/.*\),\1," \
- -e "s,/usr/bin/env python\(.*\),/usr/bin/python\1," \
- -e "s,/usr/bin/env python,/usr/bin/python," \
- -e "s,/usr/bin/env perl,/usr/bin/perl," \
- -e "s,/usr/bin/env ruby,/usr/bin/ruby,"
-
- # If we could not fix it, raise an error
- if [ "${interpreter}" = "$(file_get_interpreter ${file})" ]; then
- failed=1
- log_error " Script uses forbidden \"env\" interpreter: ${file}"
- fi
- fi
- fi
- done
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Every shared object has to provide the NEEDED entry."
-
-check() {
- local failed=0
-
- local file
- local needed
- for file in $(find_elf_files --prefix=${BUILDROOT} ${LIBARY_PATHS}); do
- if ! file_is_shared_object ${file}; then
- continue
- fi
-
- if ! file_has_interpreter ${file}; then
- continue
- fi
-
- needed=$(file_get_needed ${file})
- if [ -z "${needed}" ]; then
- log_error " File lacks needed attribute: ${file}"
- failed=1
- fi
- done
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Every shared object has to provide the SONAME entry."
-
-check() {
- local failed=0
-
- local file
- local soname
- for file in $(find_elf_files --prefix=${BUILDROOT} ${LIBARY_PATHS}); do
- if ! grep -q "\.so" <<<${file}; then
- continue
- fi
-
- if ! file_is_shared_object ${file}; then
- continue
- fi
-
- if ! file_has_interpreter ${file}; then
- continue
- fi
-
- soname=$(file_get_soname ${file})
- if [ -z "${soname}" ]; then
- log_error " File lacks soname attribute: ${file}"
- failed=1
- fi
- done
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Shared libs in /lib or /usr/lib are not allowed."
-
-check() {
- local failed=0
-
- # Do nothing on other platforms.
- [ "$(uname -m)" = "x86_64" ] || return ${failed}
-
- local file
- for file in $(find ${BUILDROOT}/lib ${BUILDROOT}/usr/lib -maxdepth 1 -name "*.so*" 2>/dev/null); do
- file_is_elf ${file} >/dev/null 2>&1 || continue
-
- log_error " Unallowed location for library: ${file}"
- failed=1
- done
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-function check() {
- local failed=0
-
- FILTER="${QUALITY_AGENT_WHITELIST_NX}"
-
- local file
- for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do
- if filtered ${file}; then
- continue
- fi
-
- if ! file_has_nx ${file}; then
- log_error " No NX: ${file}"
- failed=1
- fi
- done
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Text relocations force the dynamic linker to perform extra \
- work at startup, waste system resources, and may pose a security \
- risk. On some architectures, the code may not even function \
- properly, if at all."
-
-function check() {
- local failed=0
-
- local file
- for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do
- if filter_startfiles ${file}; then
- continue
- fi
-
- # Skip all files that are not a shared object.
- file_is_shared_object ${file} || continue
-
- if ! file_is_relro_full ${file}; then
- if [ "${QUALITY_AGENT_PERMIT_NOT_FULL_RELRO}" = "yes" ]; then
- log_warning " Is not full relro: ${file}"
- else
- log_error " Is not relro: ${file}"
- failed=1
- fi
- fi
- done
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="Searching for RPATHs. We don't want paths that point to the tree where \
- the package was built (older, broken libtools would do this). \
- Also check for null paths because the loader will search \$PWD when it \
- finds null paths."
-
-check() {
- local failed=0
-
- local file
- local rpath
- for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do
- if filtered ${file}; then
- continue
- fi
-
- rpath=$(file_get_rpath ${file})
- if [ -n "${rpath}" ]; then
- if [ "${QUALITY_AGENT_RPATH_ALLOW_ORIGIN}" = "yes" ]; then
- [ "${rpath}" = '$ORIGIN' ] && continue
- fi
- if listmatch ${rpath} ${QUALITY_AGENT_WHITELIST_RPATH}; then
- continue
- fi
- log_error " File has unallowed rpath: ${file} - ${rpath}"
- failed=1
- fi
- done
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-. $(dirname ${0})/qa-include
-
-DESC="The filelayout should comply to the FHS."
-
-DIRS="/etc/init.d /etc/rc.d /lib/pkgconfig /usr/etc /usr/libexec /usr/local /usr/man /usr/usr /usr/var ${BUILDROOT}"
-
-function check() {
- # Do nothing, if directory check was disabled.
- if [ "${QUALITY_AGENT_NO_DIRECTORY_CHECK}" = "yes" ]; then
- return 0
- fi
-
- local failed=0
-
- local dir
- for dir in ${DIRS}; do
- if [ -d "${BUILDROOT}${dir}" ]; then
- log_error "Bad directory: ${dir}"
- failed=1
- fi
- done
-
- return ${failed}
-}
-
-run
+++ /dev/null
-#!/bin/bash
-
-# Include additional functions
-. /usr/lib/pakfire/functions-common
-
-function debug() {
- [ "${NAOKI_DEBUG}" = "1" ] || [ "${DEBUG}" = "1" ]
-}
-
-#function log() {
-# local facility=${1}
-# shift
-#
-# printf " %-7s %s\n" "${facility}" "$@"
-#}
-
-function log_debug() {
- debug && log DEBUG "$@"
-}
-
-function log_error() {
- log "ERROR" "$@"
-}
-
-function log_info() {
- log "INFO" "$@"
-}
-
-function log_warning() {
- log "WARNING" "$@"
-}
-
-if [ -z "${BUILDROOT}" ]; then
- echo "${0##*/}: ERROR: BUILDROOT is not set." >&2
- exit 1
-fi
-
-function filtered() {
- [ -z "${FILTER}" ] && return 1
- grep -qE ${FILTER} <<<$@
-}
-
-function print_description() {
- # Remove all whitespaces
- local desc=$(echo ${DESC})
-
- log_info "Check: $(basename ${0})"
- IFS='
-'
- for line in $(fold -s -w 60 <<<${desc}); do
- log_info " ${line}"
- done
- log_info # Empty line
-
- unset IFS
-}
-
-function qa_find() {
- local filetype=${1}
- local command=${2}
-
- log_debug "Running qa_find with command ${command} in ${filetype}"
-
- local file
- for file in $(find_elf_files --prefix=${BUILDROOT} ${!filetype}); do
- ${command} ${file}
- done
-}
-
-function check() {
- log_error "REPLACE THIS FUNCTION BY A CUSTOM CHECK"
- return 1
-}
-
-function run() {
- local error_message
- local ret
-
- error_message=$(check)
- ret=$?
-
- [ -z "${error_message}" ] && \
- [ "${ret}" = "0" ] && return 0
-
- print_description
-
- echo "${error_message}"
- return ${ret}
-}
-
+++ /dev/null
-#!/bin/bash
-
-DIR_QA="@qualityagentdir@"
-
-failed=0
-for file in ${DIR_QA}/*; do
- [ -x "${file}" ] || continue
-
- ${file} || failed=1
-done
-
-exit ${failed}
projects / pakfire.git / commitdiff
