From 6af4d4bec4e5c77b054a6234b68ecb569c325d31 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 24 Oct 2024 15:42:37 +0000
Subject: [PATCH] linter: Run FHS checks on binary packages

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/libpakfire/linter.c | 59 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/src/libpakfire/linter.c b/src/libpakfire/linter.c
index c33646c0c..99119b4ef 100644
--- a/src/libpakfire/linter.c
+++ b/src/libpakfire/linter.c
@@ -27,6 +27,7 @@
 #include <archive_entry.h>
 
 #include <pakfire/archive.h>
+#include <pakfire/fhs.h>
 #include <pakfire/file.h>
 #include <pakfire/linter.h>
 #include <pakfire/logging.h>
@@ -237,6 +238,57 @@ static int pakfire_linter_name(struct pakfire_linter* linter) {
 	return 0;
 }
 
+static int pakfire_linter_lint_fhs(
+		struct pakfire_linter* linter, struct pakfire_file* file) {
+	int r;
+
+	// Checking against FHS
+	r = pakfire_fhs_check_file(linter->ctx, file);
+	if (r < 0)
+		 return r;
+
+	const char* path = pakfire_file_get_path(file);
+
+	// File must not exist
+	if (r & PAKFIRE_FHS_MUSTNOTEXIST) {
+		r = pakfire_linter_error(linter, "FHS: %s must not exist", path);
+		if (r < 0)
+			return r;
+	}
+
+	if (r & PAKFIRE_FHS_UNAME_MISMATCH) {
+		r = pakfire_linter_error(linter, "FHS: Invalid user for %s", path);
+		if (r < 0)
+			return r;
+	}
+
+	if (r & PAKFIRE_FHS_GNAME_MISMATCH) {
+		r = pakfire_linter_error(linter, "FHS: Invalid group for %s", path);
+		if (r < 0)
+			return r;
+	}
+
+	if (r & PAKFIRE_FHS_PERMS_MISMATCH) {
+		r = pakfire_linter_error(linter, "FHS: Invalid permissions for %s", path);
+		if (r < 0)
+			return r;
+	}
+
+	if (r & PAKFIRE_FHS_WORLDWRITABLE) {
+		r = pakfire_linter_error(linter, "FHS: %s is world-writable", path);
+		if (r < 0)
+			return r;
+	}
+
+	if (r & PAKFIRE_FHS_NOEXEC) {
+		r = pakfire_linter_error(linter, "FHS: %s is executable", path);
+		if (r < 0)
+			return r;
+	}
+
+	return 0;
+}
+
 static int pakfire_linter_payload(struct pakfire_archive* archive,
 		struct archive* a, struct archive_entry* e, void* data) {
 	struct pakfire_linter* linter = data;
@@ -250,6 +302,13 @@ static int pakfire_linter_payload(struct pakfire_archive* archive,
 
 	CTX_DEBUG(linter->ctx, "Linting %s...\n", pakfire_file_get_path(file));
 
+	if (!pakfire_package_is_source(linter->pkg)) {
+		// Checking against FHS
+		r = pakfire_linter_lint_fhs(linter, file);
+		if (r < 0)
+			 goto ERROR;
+	}
+
 ERROR:
 	if (file)
 		pakfire_file_unref(file);
-- 
2.39.5