# ------------------------------------------------------------------------------
dist_scripts_SCRIPTS = \
- src/scripts/check-buildroot \
src/scripts/check-hardening \
src/scripts/check-interpreters \
src/scripts/check-rpaths \
PAKFIRE_BUILD_ERROR_IF_NOT_EMPTY);
}
+/*
+ BUILDROOT Check
+*/
+static int pakfire_build_post_check_buildroot(
+ struct pakfire_build* build, struct pakfire_filelist* filelist) {
+ const char* buildroot = pakfire_relpath(build->pakfire, build->buildroot);
+
+ // Nested function to keep a reference to buildroot
+ int __pakfire_build_post_check_buildroot(
+ struct pakfire* pakfire, struct pakfire_file* file, void* data) {
+ struct pakfire_filelist* matches = (struct pakfire_filelist*)data;
+ int r;
+
+ if (pakfire_file_payload_matches(file, buildroot, strlen(buildroot))) {
+ r = pakfire_filelist_add(matches, file);
+ if (r)
+ return r;
+ }
+
+ return 0;
+ }
+
+ return pakfire_build_post_process_files(
+ build, filelist, "Files containing BUILDROOT:",
+ __pakfire_build_post_check_buildroot, PAKFIRE_BUILD_ERROR_IF_NOT_EMPTY);
+}
+
/*
Hardening
*/
if (r)
goto ERROR;
+ // Check for BUILDROOT
+ r = pakfire_build_post_check_buildroot(build, filelist);
+ if (r)
+ goto ERROR;
+
// Check hardening
r = pakfire_build_post_check_hardening(build, filelist);
if (r)
static const char* post_build_scripts[] = {
"check-unsafe-files",
"check-rpaths",
- "check-buildroot",
"check-hardening",
"check-interpreters",
"compress-man-pages",
return f;
}
+int pakfire_file_payload_matches(struct pakfire_file* file,
+ const void* needle, const size_t length) {
+ char buffer[1024 * 1024];
+ FILE* f = NULL;
+ void* p = NULL;
+ int r;
+
+ // Only run for regular files
+ if (!S_ISREG(file->st.st_mode))
+ return 0;
+
+ // Open the file
+ f = pakfire_file_open(file);
+ if (!f)
+ goto ERROR;
+
+ printf("needle = %.*s\n", length, (const char*)needle);
+
+ while (!feof(f)) {
+ size_t bytes_read = fread(buffer, 1, sizeof(buffer), f);
+
+ // Raise any reading errors
+ if (ferror(f)) {
+ r = 1;
+ goto ERROR;
+ }
+
+ // Search for the needle
+ p = memmem(buffer, bytes_read, needle, length);
+ printf("p = %p\n", p);
+ if (p) {
+ r = 1;
+ goto ERROR;
+ }
+ }
+
+ // No match
+ r = 0;
+
+ERROR:
+ if (f)
+ fclose(f);
+
+ return r;
+}
+
static int __pakfire_file_compute_digests(struct pakfire_file* file,
struct pakfire_digests* digests, const int types) {
FILE* f = NULL;
FILE* pakfire_file_open(struct pakfire_file* file);
+int pakfire_file_payload_matches(struct pakfire_file* file,
+ const void* needle, const size_t length);
+
int pakfire_file_compute_digests(struct pakfire_file* file, const int types);
int pakfire_file_remove(struct pakfire_file* file);