From: Michael Tremer Date: Tue, 22 Mar 2011 13:46:21 +0000 (+0100) Subject: build-essentials: Add whitelisting for symlinks. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e337df8a6068f8710ea233abbe0c98595c12f1e4;p=ipfire-3.x.git build-essentials: Add whitelisting for symlinks. --- diff --git a/pkgs/build-essentials/build-essentials.nm b/pkgs/build-essentials/build-essentials.nm index 6df021578..6509f73cb 100644 --- a/pkgs/build-essentials/build-essentials.nm +++ b/pkgs/build-essentials/build-essentials.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include PKG_NAME = build-essentials PKG_VER = $(DISTRO_VERSION) -PKG_REL = 12 +PKG_REL = 13 PKG_EPOCH = 1 PKG_ARCH = noarch diff --git a/pkgs/build-essentials/buildsystem/Constants b/pkgs/build-essentials/buildsystem/Constants index dda11953b..0bc56c112 100644 --- a/pkgs/build-essentials/buildsystem/Constants +++ b/pkgs/build-essentials/buildsystem/Constants @@ -157,3 +157,4 @@ export QUALITY_AGENT_WHITELIST_EXECSTACK export QUALITY_AGENT_WHITELIST_NX export QUALITY_AGENT_WHITELIST_RPATH export QUALITY_AGENT_WHITELIST_SONAME +export QUALITY_AGENT_WHITELIST_SYMLINK diff --git a/pkgs/build-essentials/quality-agent/quality-agent.d/002-bad-symlinks b/pkgs/build-essentials/quality-agent/quality-agent.d/002-bad-symlinks index 595a7c5b6..27e85583c 100755 --- a/pkgs/build-essentials/quality-agent/quality-agent.d/002-bad-symlinks +++ b/pkgs/build-essentials/quality-agent/quality-agent.d/002-bad-symlinks @@ -9,12 +9,18 @@ log_debug "Search for absolute symlinks" function check() { local failed=0 + local item for link in $(find ${BUILDROOT} -type l); do if fgrep -q "/lib/udev/devices" <<<${link}; then continue fi + if listmatch "${link:${#BUILDROOT}}" ${QUALITY_AGENT_WHITELIST_SYMLINK}; then + log INFO "Symlink ${link} is on the whitelist." + continue + fi + destination=$(readlink ${link}) if [ "${destination:0:1}" = "/" ]; then log ERROR " Absolute symlink: ${link}"