From: Michael Tremer Date: Fri, 17 Mar 2023 13:05:21 +0000 (+0000) Subject: build: Perform BUILDROOT check in C X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fpakfire.git;a=commitdiff_plain;h=fabc09a9e97177da369785b1ec45093eada5fcf1 build: Perform BUILDROOT check in C Signed-off-by: Michael Tremer --- diff --git a/Makefile.am b/Makefile.am index ffc7599f..efd9a297 100644 --- a/Makefile.am +++ b/Makefile.am @@ -720,7 +720,6 @@ tests_parser_test_LDADD = \ # ------------------------------------------------------------------------------ dist_scripts_SCRIPTS = \ - src/scripts/check-buildroot \ src/scripts/check-hardening \ src/scripts/check-interpreters \ src/scripts/check-rpaths \ diff --git a/src/libpakfire/build.c b/src/libpakfire/build.c index db54fdc5..0bf09345 100644 --- a/src/libpakfire/build.c +++ b/src/libpakfire/build.c @@ -1219,6 +1219,33 @@ static int pakfire_build_post_check_filesystem( PAKFIRE_BUILD_ERROR_IF_NOT_EMPTY); } +/* + BUILDROOT Check +*/ +static int pakfire_build_post_check_buildroot( + struct pakfire_build* build, struct pakfire_filelist* filelist) { + const char* buildroot = pakfire_relpath(build->pakfire, build->buildroot); + + // Nested function to keep a reference to buildroot + int __pakfire_build_post_check_buildroot( + struct pakfire* pakfire, struct pakfire_file* file, void* data) { + struct pakfire_filelist* matches = (struct pakfire_filelist*)data; + int r; + + if (pakfire_file_payload_matches(file, buildroot, strlen(buildroot))) { + r = pakfire_filelist_add(matches, file); + if (r) + return r; + } + + return 0; + } + + return pakfire_build_post_process_files( + build, filelist, "Files containing BUILDROOT:", + __pakfire_build_post_check_buildroot, PAKFIRE_BUILD_ERROR_IF_NOT_EMPTY); +} + /* Hardening */ @@ -1309,6 +1336,11 @@ static int pakfire_build_run_post_build_checks(struct pakfire_build* build) { if (r) goto ERROR; + // Check for BUILDROOT + r = pakfire_build_post_check_buildroot(build, filelist); + if (r) + goto ERROR; + // Check hardening r = pakfire_build_post_check_hardening(build, filelist); if (r) @@ -1324,7 +1356,6 @@ ERROR: static const char* post_build_scripts[] = { "check-unsafe-files", "check-rpaths", - "check-buildroot", "check-hardening", "check-interpreters", "compress-man-pages", diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c index a5110880..1da33fbf 100644 --- a/src/libpakfire/file.c +++ b/src/libpakfire/file.c @@ -987,6 +987,52 @@ FILE* pakfire_file_open(struct pakfire_file* file) { return f; } +int pakfire_file_payload_matches(struct pakfire_file* file, + const void* needle, const size_t length) { + char buffer[1024 * 1024]; + FILE* f = NULL; + void* p = NULL; + int r; + + // Only run for regular files + if (!S_ISREG(file->st.st_mode)) + return 0; + + // Open the file + f = pakfire_file_open(file); + if (!f) + goto ERROR; + + printf("needle = %.*s\n", length, (const char*)needle); + + while (!feof(f)) { + size_t bytes_read = fread(buffer, 1, sizeof(buffer), f); + + // Raise any reading errors + if (ferror(f)) { + r = 1; + goto ERROR; + } + + // Search for the needle + p = memmem(buffer, bytes_read, needle, length); + printf("p = %p\n", p); + if (p) { + r = 1; + goto ERROR; + } + } + + // No match + r = 0; + +ERROR: + if (f) + fclose(f); + + return r; +} + static int __pakfire_file_compute_digests(struct pakfire_file* file, struct pakfire_digests* digests, const int types) { FILE* f = NULL; diff --git a/src/libpakfire/include/pakfire/file.h b/src/libpakfire/include/pakfire/file.h index e2fdecff..e9d190cc 100644 --- a/src/libpakfire/include/pakfire/file.h +++ b/src/libpakfire/include/pakfire/file.h @@ -154,6 +154,9 @@ int pakfire_file_set_abspath(struct pakfire_file* file, const char* path); FILE* pakfire_file_open(struct pakfire_file* file); +int pakfire_file_payload_matches(struct pakfire_file* file, + const void* needle, const size_t length); + int pakfire_file_compute_digests(struct pakfire_file* file, const int types); int pakfire_file_remove(struct pakfire_file* file);