From: Michael Tremer Date: Thu, 3 Dec 2009 11:14:49 +0000 (+0100) Subject: Extensions on quality agent. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa68012cb2a889bb0d44064bec9c7ebdf799d55e;p=ipfire-3.x.git Extensions on quality agent. Add some more hooks for stripping bins, searching for unsafe files, etc. --- diff --git a/tools/quality-agent.d/001-include-files b/tools/quality-agent.d/001-include-files old mode 100644 new mode 100755 diff --git a/tools/quality-agent.d/001-unsafe-files b/tools/quality-agent.d/001-unsafe-files new file mode 100755 index 000000000..89ebc925f --- /dev/null +++ b/tools/quality-agent.d/001-unsafe-files @@ -0,0 +1,26 @@ +#!/bin/bash + +. $(dirname ${0})/qa-include + +echo "${0##*/}: Searching for world-writeable files..." + +files=$(find ${BUILDROOT} -type f -perm -2 2>/dev/null) +if [ -n "${files}" ]; then + echo " QA Security Notice:" + echo " - The folloing files will be world writable." + echo " - This may or may not be a security problem, most of the time it is one." + echo " - Please double check that these files really need a world writeable bit and file bugs accordingly." + echo + echo "${files}" + exit 1 +fi + +files=$(find ${BUILDROOT} -type f '(' -perm -2002 -o -perm -4002 ')') +if [ -n "${files}" ]; then + echo " QA Notice: Unsafe files detected (set*id and world writable)" + echo + echo "${files}" + exit 1 +fi + +exit 0 diff --git a/tools/quality-agent.d/050-textrels b/tools/quality-agent.d/050-textrels new file mode 100755 index 000000000..4db9187e7 --- /dev/null +++ b/tools/quality-agent.d/050-textrels @@ -0,0 +1,20 @@ +#!/bin/bash + +. $(dirname ${0})/qa-include + +# TEXTREL's are baaaaaaaad +echo "${0##*/}: Searching for bad TEXTRELs" + +files=$(scanelf -qyRF '%t %p' ${BUILDROOT} 2>/dev/null | awk '{ print $NF }') +if [ -n "${files}" ]; then + echo " QA Notice: The following files contain runtime text relocations" + echo " Text relocations force the dynamic linker to perform extra" + echo " work at startup, waste system resources, and may pose a security" + echo " risk. On some architectures, the code may not even function" + echo " properly, if at all." + echo "${files}" + + exit 1 +fi + +exit 0 diff --git a/tools/quality-agent.d/090-python-hardlinks b/tools/quality-agent.d/090-python-hardlinks new file mode 100644 index 000000000..591269341 --- /dev/null +++ b/tools/quality-agent.d/090-python-hardlinks @@ -0,0 +1,16 @@ +#!/bin/bash + +. $(dirname ${0})/qa-include + +# If the pyc and pyo files are the same, we can hardlink them +echo "${0##*/}: Hard-linking python bytecode files" + +for py in $(find ${BUILDROOT} -type f -name "*.py"); do + if [ -e "${py}c" ] && [ -e "${py}o" ]; then + if cmp -s "${py}c" "${py}o"; then + ln -f "${py}c" "${py}o" + fi + fi +done + +exit 0 diff --git a/tools/quality-agent.d/090-remove-empty-dirs b/tools/quality-agent.d/090-remove-empty-dirs new file mode 100755 index 000000000..66308114f --- /dev/null +++ b/tools/quality-agent.d/090-remove-empty-dirs @@ -0,0 +1,16 @@ +#!/bin/bash + +. $(dirname ${0})/qa-include + +# Remove unwanted files +echo "${0##*/}: Remove empty directories" + +for dir in {,/usr}/{{,s}bin,lib{,exec}} /usr/share/man{,/man{0,1,2,3,4,5,6,7,8,9}}; do + dir="${BUILDROOT}/${dir}" + if [ -d "${dir}" ] && [ "$(ls -1A ${dir} | wc -l)" = "0" ]; then + echo " Removing ${dir}" + rm -rf ${dir} + fi +done + +exit 0 diff --git a/tools/quality-agent.d/099-strip b/tools/quality-agent.d/099-strip new file mode 100755 index 000000000..d4bdafc5e --- /dev/null +++ b/tools/quality-agent.d/099-strip @@ -0,0 +1,20 @@ +#!/bin/bash + +. $(dirname ${0})/qa-include + +# Strip debugging symbols +echo "${0##*/}: Strip debugging symbols" +for f in $(find ${BUILDROOT} -type f \( -perm -0100 -or -perm -0010 -or -perm -0001 \)); do + if (file $f | grep -q ' shared object,'); then + strip --strip-debug "$f" || : + fi +done + +echo "${0##*/}: Strip unneeded symbols" +for f in $(find ${BUILDROOT} -type f); do + if (file $f | grep -q ' shared object,'); then + strip --strip-unneeded "$f" || : + fi +done + +exit 0