From: Michael Tremer Date: Wed, 26 May 2021 10:09:18 +0000 (+0000) Subject: Drop quality-agent X-Git-Tag: 0.9.28~1285^2~62 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aba9572bc41dfa49960202a6bb4031b5ddc8a15c;p=pakfire.git Drop quality-agent Signed-off-by: Michael Tremer --- diff --git a/.gitignore b/.gitignore index c7ef17134..e476f2b84 100644 --- a/.gitignore +++ b/.gitignore @@ -8,7 +8,6 @@ /missing /contrib/pakfire.nm /src/pakfire/__version__.py -/src/scripts/quality-agent /src/systemd/*.service /tests/.root /tests/libpakfire/arch diff --git a/Makefile.am b/Makefile.am index 254eb2934..d6373c531 100644 --- a/Makefile.am +++ b/Makefile.am @@ -40,7 +40,6 @@ pythondir = $(pyexecdir) configsdir = $(sysconfdir)/pakfire configsdistrosdir = $(configsdir)/distros macrosdir = $(prefix)/lib/pakfire/macros -qualityagentdir = $(prefix)/lib/quality-agent scriptsdir = $(prefix)/lib/$(PACKAGE_NAME) TEST_ROOTFS = $(abs_top_builddir)/tests/.root @@ -554,15 +553,6 @@ libpakfire_preload_la_LIBADD = \ # ------------------------------------------------------------------------------ -scripts_SCRIPTS = \ - src/scripts/quality-agent - -EXTRA_DIST += \ - src/scripts/quality-agent.in - -CLEANFILES += \ - src/scripts/quality-agent - dist_scripts_SCRIPTS = \ src/scripts/cleanup \ src/scripts/compress-man-pages \ @@ -587,28 +577,6 @@ dist_scripts_DATA = \ # ------------------------------------------------------------------------------ -dist_qualityagent_SCRIPTS = \ - src/quality-agent/001-include-files \ - src/quality-agent/001-remove-info-files \ - src/quality-agent/001-unsafe-files \ - src/quality-agent/002-bad-symlinks \ - src/quality-agent/003-libs-location \ - src/quality-agent/050-canary \ - src/quality-agent/050-execstacks \ - src/quality-agent/050-invalid-interpreters \ - src/quality-agent/050-libs-needed \ - src/quality-agent/050-libs-soname \ - src/quality-agent/050-libs-x86_64 \ - src/quality-agent/050-nx \ - src/quality-agent/050-relro \ - src/quality-agent/050-rpaths \ - src/quality-agent/095-directory-layout - -dist_qualityagent_DATA = \ - src/quality-agent/qa-include - -# ------------------------------------------------------------------------------ - dist_macros_DATA = \ macros/arch.macro \ macros/build.macro \ @@ -617,7 +585,6 @@ dist_macros_DATA = \ macros/package-default.macro \ macros/perl.macro \ macros/python.macro \ - macros/quality-agent.macro \ macros/systemd.macro \ macros/templates.macro @@ -650,8 +617,7 @@ substitutions = \ '|PACKAGE_NAME=$(PACKAGE_NAME)|' \ '|PACKAGE_VERSION=$(PACKAGE_VERSION)|' \ '|bindir=$(bindir)|' \ - '|libexecdir=$(libexecdir)|' \ - '|qualityagentdir=$(qualityagentdir)|' + '|libexecdir=$(libexecdir)|' SED_PROCESS = \ $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \ diff --git a/macros/build.macro b/macros/build.macro index e1a0a3e72..2251074d6 100644 --- a/macros/build.macro +++ b/macros/build.macro @@ -156,8 +156,6 @@ build %{perl_cleanup} %{install_post} - - %{MACRO_QUALITY_AGENT} end def install diff --git a/macros/quality-agent.macro b/macros/quality-agent.macro deleted file mode 100644 index a2e6b2627..000000000 --- a/macros/quality-agent.macro +++ /dev/null @@ -1,14 +0,0 @@ - -############################################################################### -# -# Quality agent -# -############################################################################### - -# Macro to define and start the quality agent. -# Long term goal is to improve the commited code. -MACRO_QUALITY_AGENT = BUILDROOT=%{BUILDROOT} /usr/lib/pakfire/quality-agent - -# XXX to be moved to some place else -#export QUALITY_AGENT_NO_DIRECTORY_CHECK -#export QUALITY_AGENT_NO_DIRECTORY_PRUNE diff --git a/po/POTFILES.in b/po/POTFILES.in index 96246dbbd..1f54fadea 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -74,5 +74,4 @@ src/pakfire/ui/cli.py src/pakfire/ui/helpers.py src/pakfire/ui/progressbar.py src/pakfire/util.py -src/scripts/quality-agent.in src/systemd/pakfire-daemon.service.in diff --git a/src/quality-agent/001-include-files b/src/quality-agent/001-include-files deleted file mode 100755 index 34257e690..000000000 --- a/src/quality-agent/001-include-files +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Include files have to belong to the root user. \ - This script will fix this automatically." - -check() { - if [ ! -d "${BUILDROOT}/usr/include" ]; then - return 0 - fi - - chown -R root:root ${BUILDROOT}/usr/include -} - -run diff --git a/src/quality-agent/001-remove-info-files b/src/quality-agent/001-remove-info-files deleted file mode 100755 index e742dc977..000000000 --- a/src/quality-agent/001-remove-info-files +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Remove documentation files." - -function check() { - for dir in ${BUILDROOT}/usr/{,share}/{doc,gtk-doc,info}; do - if [ -d "${dir}" ]; then - log DEBUG " Removing: ${dir}" - rm -rf ${dir} || exit $? - fi - done -} - -run - diff --git a/src/quality-agent/001-unsafe-files b/src/quality-agent/001-unsafe-files deleted file mode 100755 index 93a5dc8d3..000000000 --- a/src/quality-agent/001-unsafe-files +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Searching for world-writeable files..." - -function check() { - local ret=0 - - local files=$(find ${BUILDROOT} -type f -perm -2 2>/dev/null) - if [ -n "${files}" ]; then - log ERROR " QA Security Notice:" - log ERROR " - The folloing files will be world writable." - log ERROR " - This may or may not be a security problem, most of the time it is one." - log ERROR " - Please double check that these files really need a world writeable bit and file bugs accordingly." - log ERROR - log ERROR "${files}" - ret=1 - fi - - files=$(find ${BUILDROOT} -type f '(' -perm -2002 -o -perm -4002 ')') - if [ -n "${files}" ]; then - log ERROR " QA Notice: Unsafe files detected (set*id and world writable)" - log ERROR - log ERROR "${files}" - ret=1 - fi - - return ${ret} -} - -run - diff --git a/src/quality-agent/002-bad-symlinks b/src/quality-agent/002-bad-symlinks deleted file mode 100755 index 27e85583c..000000000 --- a/src/quality-agent/002-bad-symlinks +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -# Check for absolute symlinks. -# We do not allow them because they may point to any bad location. - -log_debug "Search for absolute symlinks" - -function check() { - local failed=0 - local item - - for link in $(find ${BUILDROOT} -type l); do - if fgrep -q "/lib/udev/devices" <<<${link}; then - continue - fi - - if listmatch "${link:${#BUILDROOT}}" ${QUALITY_AGENT_WHITELIST_SYMLINK}; then - log INFO "Symlink ${link} is on the whitelist." - continue - fi - - destination=$(readlink ${link}) - if [ "${destination:0:1}" = "/" ]; then - log ERROR " Absolute symlink: ${link}" - failed=1 - fi - if [ ! -e "${link%/*}/${destination}" ]; then - log ERROR " Not existant destination: ${link} -> ${destination}" - failed=1 - fi - done - - return ${failed} -} - -run - diff --git a/src/quality-agent/003-libs-location b/src/quality-agent/003-libs-location deleted file mode 100755 index 8f04358d3..000000000 --- a/src/quality-agent/003-libs-location +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Checking correct installation of libraries" - -# Find the system's libdir. -case "$(uname -m)" in - x86_86) - libdir="lib64" - ;; - *) - libdir="lib" - ;; -esac - -function check() { - local failed=0 - local found - - for lib in $(find ${BUILDROOT}/${libdir} -maxdepth 1 -type f -name "lib*.so.*" 2>/dev/null); do - lib=${lib##*/} - lib=${lib%%.so*} - - # Indicates if the library in question has been found. - found=0 - - # Check if ${lib}.so is in the linker's search path. - for path in /usr/${libdir}; do - if [ -e "${BUILDROOT}${path}/${lib}.so" ]; then - found=1 - break - fi - done - - if [ "${found}" = "0" ]; then - log ERROR " ${lib}.so cannot be found in the linker's search path:" - log ERROR " /usr/${libdir} ${gcc_libdir}" - failed=1 - fi - done - - return ${failed} -} - -run - diff --git a/src/quality-agent/050-canary b/src/quality-agent/050-canary deleted file mode 100755 index 67b25e531..000000000 --- a/src/quality-agent/050-canary +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Every binary file has to provide a canary." - -function check() { - local failed=0 - - local file - for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do - if filter_startfiles ${file}; then - continue - fi - - if ! file_has_canary ${file}; then - log_warning " Has no canary: ${file}" - failed=1 - fi - done - - # This is currently disabled and will only return a warning ! - failed=0 - - return ${failed} -} - -run diff --git a/src/quality-agent/050-execstacks b/src/quality-agent/050-execstacks deleted file mode 100755 index 9540eee55..000000000 --- a/src/quality-agent/050-execstacks +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Files with executable stacks will not work properly (or at all!) \ - on some architectures/operating systems." - -check() { - local failed=0 - - local file - for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do - if file_has_execstack ${file}; then - log_error " File has execstack: ${file}" - failed=1 - fi - done - - return ${failed} -} - -run diff --git a/src/quality-agent/050-invalid-interpreters b/src/quality-agent/050-invalid-interpreters deleted file mode 100755 index e1c9a17a0..000000000 --- a/src/quality-agent/050-invalid-interpreters +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Detect invalid interpreters." - -check() { - local failed=0 - - local file - local interpreter - for file in $(find ${BUILDROOT} -type f 2>/dev/null); do - # If a file is not executeable we don't need to check it - [ -x "${file}" ] || continue - - if file_is_script ${file}; then - interpreter=$(file_get_interpreter ${file}) - - if grep -q /usr/local <<<${interpreter}; then - failed=1 - log_error " Interpreter in /usr/local: ${file}" - fi - - # Search for bad /usr/bin/env - interp=$(basename ${interpreter} 2>/dev/null) - if [ "${interp}" = "env" ]; then - # Autofix that crap - sed -i ${file} \ - -e "s,/usr/bin/env \(/usr/bin/.*\),\1," \ - -e "s,/usr/bin/env python\(.*\),/usr/bin/python\1," \ - -e "s,/usr/bin/env python,/usr/bin/python," \ - -e "s,/usr/bin/env perl,/usr/bin/perl," \ - -e "s,/usr/bin/env ruby,/usr/bin/ruby," - - # If we could not fix it, raise an error - if [ "${interpreter}" = "$(file_get_interpreter ${file})" ]; then - failed=1 - log_error " Script uses forbidden \"env\" interpreter: ${file}" - fi - fi - fi - done - - return ${failed} -} - -run diff --git a/src/quality-agent/050-libs-needed b/src/quality-agent/050-libs-needed deleted file mode 100755 index 93f600dc3..000000000 --- a/src/quality-agent/050-libs-needed +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Every shared object has to provide the NEEDED entry." - -check() { - local failed=0 - - local file - local needed - for file in $(find_elf_files --prefix=${BUILDROOT} ${LIBARY_PATHS}); do - if ! file_is_shared_object ${file}; then - continue - fi - - if ! file_has_interpreter ${file}; then - continue - fi - - needed=$(file_get_needed ${file}) - if [ -z "${needed}" ]; then - log_error " File lacks needed attribute: ${file}" - failed=1 - fi - done - - return ${failed} -} - -run diff --git a/src/quality-agent/050-libs-soname b/src/quality-agent/050-libs-soname deleted file mode 100755 index b6232b644..000000000 --- a/src/quality-agent/050-libs-soname +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Every shared object has to provide the SONAME entry." - -check() { - local failed=0 - - local file - local soname - for file in $(find_elf_files --prefix=${BUILDROOT} ${LIBARY_PATHS}); do - if ! grep -q "\.so" <<<${file}; then - continue - fi - - if ! file_is_shared_object ${file}; then - continue - fi - - if ! file_has_interpreter ${file}; then - continue - fi - - soname=$(file_get_soname ${file}) - if [ -z "${soname}" ]; then - log_error " File lacks soname attribute: ${file}" - failed=1 - fi - done - - return ${failed} -} - -run diff --git a/src/quality-agent/050-libs-x86_64 b/src/quality-agent/050-libs-x86_64 deleted file mode 100755 index aed0b4081..000000000 --- a/src/quality-agent/050-libs-x86_64 +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Shared libs in /lib or /usr/lib are not allowed." - -check() { - local failed=0 - - # Do nothing on other platforms. - [ "$(uname -m)" = "x86_64" ] || return ${failed} - - local file - for file in $(find ${BUILDROOT}/lib ${BUILDROOT}/usr/lib -maxdepth 1 -name "*.so*" 2>/dev/null); do - file_is_elf ${file} >/dev/null 2>&1 || continue - - log_error " Unallowed location for library: ${file}" - failed=1 - done - - return ${failed} -} - -run diff --git a/src/quality-agent/050-nx b/src/quality-agent/050-nx deleted file mode 100755 index c9c27338d..000000000 --- a/src/quality-agent/050-nx +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -function check() { - local failed=0 - - FILTER="${QUALITY_AGENT_WHITELIST_NX}" - - local file - for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do - if filtered ${file}; then - continue - fi - - if ! file_has_nx ${file}; then - log_error " No NX: ${file}" - failed=1 - fi - done - - return ${failed} -} - -run diff --git a/src/quality-agent/050-relro b/src/quality-agent/050-relro deleted file mode 100755 index e42e8ff9c..000000000 --- a/src/quality-agent/050-relro +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Text relocations force the dynamic linker to perform extra \ - work at startup, waste system resources, and may pose a security \ - risk. On some architectures, the code may not even function \ - properly, if at all." - -function check() { - local failed=0 - - local file - for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do - if filter_startfiles ${file}; then - continue - fi - - # Skip all files that are not a shared object. - file_is_shared_object ${file} || continue - - if ! file_is_relro_full ${file}; then - if [ "${QUALITY_AGENT_PERMIT_NOT_FULL_RELRO}" = "yes" ]; then - log_warning " Is not full relro: ${file}" - else - log_error " Is not relro: ${file}" - failed=1 - fi - fi - done - - return ${failed} -} - -run diff --git a/src/quality-agent/050-rpaths b/src/quality-agent/050-rpaths deleted file mode 100755 index 8250612bf..000000000 --- a/src/quality-agent/050-rpaths +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="Searching for RPATHs. We don't want paths that point to the tree where \ - the package was built (older, broken libtools would do this). \ - Also check for null paths because the loader will search \$PWD when it \ - finds null paths." - -check() { - local failed=0 - - local file - local rpath - for file in $(find_elf_files --prefix=${BUILDROOT} ${BINARY_PATHS}); do - if filtered ${file}; then - continue - fi - - rpath=$(file_get_rpath ${file}) - if [ -n "${rpath}" ]; then - if [ "${QUALITY_AGENT_RPATH_ALLOW_ORIGIN}" = "yes" ]; then - [ "${rpath}" = '$ORIGIN' ] && continue - fi - if listmatch ${rpath} ${QUALITY_AGENT_WHITELIST_RPATH}; then - continue - fi - log_error " File has unallowed rpath: ${file} - ${rpath}" - failed=1 - fi - done - - return ${failed} -} - -run diff --git a/src/quality-agent/095-directory-layout b/src/quality-agent/095-directory-layout deleted file mode 100755 index d605fe941..000000000 --- a/src/quality-agent/095-directory-layout +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -. $(dirname ${0})/qa-include - -DESC="The filelayout should comply to the FHS." - -DIRS="/etc/init.d /etc/rc.d /lib/pkgconfig /usr/etc /usr/libexec /usr/local /usr/man /usr/usr /usr/var ${BUILDROOT}" - -function check() { - # Do nothing, if directory check was disabled. - if [ "${QUALITY_AGENT_NO_DIRECTORY_CHECK}" = "yes" ]; then - return 0 - fi - - local failed=0 - - local dir - for dir in ${DIRS}; do - if [ -d "${BUILDROOT}${dir}" ]; then - log_error "Bad directory: ${dir}" - failed=1 - fi - done - - return ${failed} -} - -run diff --git a/src/quality-agent/qa-include b/src/quality-agent/qa-include deleted file mode 100644 index bdcf99e45..000000000 --- a/src/quality-agent/qa-include +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash - -# Include additional functions -. /usr/lib/pakfire/functions-common - -function debug() { - [ "${NAOKI_DEBUG}" = "1" ] || [ "${DEBUG}" = "1" ] -} - -#function log() { -# local facility=${1} -# shift -# -# printf " %-7s %s\n" "${facility}" "$@" -#} - -function log_debug() { - debug && log DEBUG "$@" -} - -function log_error() { - log "ERROR" "$@" -} - -function log_info() { - log "INFO" "$@" -} - -function log_warning() { - log "WARNING" "$@" -} - -if [ -z "${BUILDROOT}" ]; then - echo "${0##*/}: ERROR: BUILDROOT is not set." >&2 - exit 1 -fi - -function filtered() { - [ -z "${FILTER}" ] && return 1 - grep -qE ${FILTER} <<<$@ -} - -function print_description() { - # Remove all whitespaces - local desc=$(echo ${DESC}) - - log_info "Check: $(basename ${0})" - IFS=' -' - for line in $(fold -s -w 60 <<<${desc}); do - log_info " ${line}" - done - log_info # Empty line - - unset IFS -} - -function qa_find() { - local filetype=${1} - local command=${2} - - log_debug "Running qa_find with command ${command} in ${filetype}" - - local file - for file in $(find_elf_files --prefix=${BUILDROOT} ${!filetype}); do - ${command} ${file} - done -} - -function check() { - log_error "REPLACE THIS FUNCTION BY A CUSTOM CHECK" - return 1 -} - -function run() { - local error_message - local ret - - error_message=$(check) - ret=$? - - [ -z "${error_message}" ] && \ - [ "${ret}" = "0" ] && return 0 - - print_description - - echo "${error_message}" - return ${ret} -} - diff --git a/src/scripts/quality-agent.in b/src/scripts/quality-agent.in deleted file mode 100644 index 19e97bce7..000000000 --- a/src/scripts/quality-agent.in +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -DIR_QA="@qualityagentdir@" - -failed=0 -for file in ${DIR_QA}/*; do - [ -x "${file}" ] || continue - - ${file} || failed=1 -done - -exit ${failed}