+++ /dev/null
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-PKG_NAME = quality-agent
-PKG_VER =
-PKG_REL = -1
-
-THISAPP = $(PKG_NAME)
-DIR_APP = $(DIR_SOURCE)/$(PKG_NAME)
-
-OBJECT = $(DIR_INFO)/$(STAGE_ORDER)_$(STAGE)/$(THISAPP)
-
-MAINTAINER = Michael Tremer <michael.tremer@ipfire.org>
-GROUP =
-CORE = no
-EXTRA = no
-DEBUG = no
-BUILD_DEPS =
-DEPS =
-
-URL =
-LICENSE =
-SHORT_DESC = This script does some quality checks on the distribution.
-
-define LONG_DESC
- This script does some quality checks on the distribution.
-endef
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects =
-
-download: $(objects)
-
-info:
- $(DO_PKG_INFO)
-
-install: $(OBJECT)
-
-package:
- @$(DO_PACKAGE)
-
-$(objects):
- @$(LOAD)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(OBJECT): $(objects)
- cd $(DIR_APP) && ./quality-agent
+++ /dev/null
-#!/bin/bash
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-CHECK_PATHS=${@-"/bin /lib /opt /root /sbin /var /usr/bin /usr/lib /usr/sbin"}
-
-CHECK_PATHS=$(find ${CHECK_PATHS} -not -type d)
-
-echo "Searching for all world writable files..."
-f=$(find ${CHECK_PATHS} -not -path "/proc*" -type f -perm -2 2>/dev/null)
-if [ -n "$f" ]; then
- echo
- echo "QA Security Notice:"
- echo " - The folloing files will be world writable."
- echo " - This may or may not be a security problem, most of the time it is one."
- echo " - Please double check that these files really need a world writeable bit and file bugs accordingly."
- echo
- echo "$f"
- exit 1
-fi
-
-echo "Searching for unsafe files..."
-f=$(find ${CHECK_PATHS} -type f '(' -perm -2002 -o -perm -4002 ')')
-if [ -n "$f" ]; then
- echo
- echo "QA Notice: Unsafe files detected (set*id and world writable)"
- echo "${f}"
- exit 1
-fi
-
-# this should help to ensure that all (most?) shared libraries are executable
-# and that all libtool scripts / static libraries are not executable
-echo "Searching for not executeable libs..."
-for i in $(find ${CHECK_PATHS} -name *.so*); do
- [ ! -e ${i} ] && continue
- if [ -L ${i} ]; then
- linkdest=$(readlink "${i}")
- if [[ ${linkdest} == /* ]] ; then
- echo
- echo "QA Notice: Found an absolute symlink in a library directory:"
- echo " ${i} -> ${linkdest}"
- echo " It should be a relative symlink if in the same directory"
- echo " or a linker script if it crosses the /usr boundary."
- exit 1
- fi
- continue
- fi
- [ -x ${i} ] && continue
- echo "making executable: ${i}"
- chmod +x "${i}"
-done
-for i in $(find ${CHECK_PATHS} -name *.a -o -name *.la); do
- [ ! -e ${i} ] && continue
- [ -L ${i} ] && continue
- [ ! -x ${i} ] && continue
- echo "removing executable bit: ${i}"
- chmod -x "${i}"
-done
-
-# Make sure people don't store libtool files or static libs in /lib
-echo "Searching for bad files in /lib..."
-f=$(find /lib -name *.{a,la} 2>/dev/null)
-if [ -n "$f" ]; then
- echo "QA Notice: Excessive files found in the / partition"
- echo "${f}"
- exit 1
-fi
-
-if [ -n "$(which scanelf 2>/dev/null)" ]; then
- # Make sure we disallow insecure RUNPATH/RPATH's
- # Don't want paths that point to the tree where the package was built
- # (older, broken libtools would do this). Also check for null paths
- # because the loader will search $PWD when it finds null paths.
- echo "Searching for files that have unsecure RUNPATH/RPATH..."
- f=$(scanelf -qyRF '%r %p' ${CHECK_PATHS} 2>/dev/null | awk '{ print $NF }' | grep -v -f whitelist-rpaths)
- if [ -n "$f" ]; then
- echo
- echo "QA Notice: The following files contain insecure RUNPATH's"
- echo "${f}"
- echo
- exit 1
- fi
-
- # TEXTREL's are baaaaaaaad
- echo "Searching for files that have baaaaaaad TEXTRELs..."
- f=$(scanelf -qyRF '%t %p' ${CHECK_PATHS} 2>/dev/null | awk '{ print $NF }' | grep -v -f whitelist-textrels)
- if [ -n "$f" ]; then
- echo
- echo "QA Notice: The following files contain runtime text relocations"
- echo " Text relocations force the dynamic linker to perform extra"
- echo " work at startup, waste system resources, and may pose a security"
- echo " risk. On some architectures, the code may not even function"
- echo " properly, if at all."
- echo "${f}"
- exit 1
- fi
-
- # Also, executable stacks only matter on linux...
- echo "Searching for files that have executeable stacks..."
- f=$(scanelf -qyRF '%e %p' ${CHECK_PATHS} | awk '{ print $NF }' | grep -v -f whitelist-exec-stacks)
- if [ -n "$f" ]; then
- echo
- echo "QA Notice: The following files contain executable stacks"
- echo " Files with executable stacks will not work properly (or at all!)"
- echo " on some architectures/operating systems."
- echo "${f}"
- exit 1
- fi
-
- # Libary checks
- check_files=$(find ${CHECK_PATHS} -name lib*.so*)
-
- echo "Searching bad libs that lack a SONAME..."
- f=$(scanelf -ByF '%S %p' $check_files | awk '$2 == "" { print }' | grep -v -f whitelist-soname)
- if [ -n "$f" ]; then
- echo
- echo "QA Notice: The following shared libraries lack a SONAME"
- echo "${f}"
- exit 1
- fi
- f=$(scanelf -ByF '%n %p' $check_files | awk '$2 == "" { print }')
- if [ -n "$f" ]; then
- echo
- echo "QA Notice: The following shared libraries lack NEEDED entries"
- echo "${f}"
- exit 1
- fi
-
-else
- echo "scanelf is not available. Can't check."
-fi
projects / ipfire-3.x.git / commitdiff
