bin/misc-functions.sh - Issue 6903153: Check for references to ${ROOT} in install_qa_checks.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: bin/misc-functions.sh

Issue 6903153: Check for references to ${ROOT} in install_qa_checks. (Closed) Base URL: git://git.overlays.gentoo.org/proj/portage.git@master

Patch Set: Same patch, rebased against cros-2.1.9 branch Created 9 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: bin/misc-functions.sh

diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh

index ae4cc9e71e8509e8f4d7654ab836637cdf4a3b1e..22afd93868bfe451fef6c8dd89689b0cc463a8a4 100755

--- a/bin/misc-functions.sh

+++ b/bin/misc-functions.sh

@@ -184,16 +184,37 @@ install_qa_check() {

unset PORTAGE_QUIET

- # Make sure we disallow insecure RUNPATH/RPATHs

- # Don't want paths that point to the tree where the package was built

- # (older, broken libtools would do this). Also check for null paths

- # because the loader will search $PWD when it finds null paths.

- f=$(scanelf -qyRF '%r %p' "${D}" | grep -E "(${PORTAGE_BUILDDIR}|: |::|^:|^ )")

+ # Make sure we disallow insecure RUNPATH/RPATHs.

+ # 1) References to PORTAGE_BUILDDIR are banned because it's a

+ # security risk. We don't want to load files from a

+ # temporary directory.

+ # 2) If ROOT != "/", references to ROOT are banned because

+ # that directory won't exist on the target system.

+ # 3) Null paths are banned because the loader will search $PWD when

+ # it finds null paths.

+ local forbidden_dirs="${PORTAGE_BUILDDIR}"

+ if [[ -n "$ROOT" ]] && [[ "$ROOT" != "/" ]]; then

+ forbidden_dirs="${forbidden_dirs} ${ROOT}"

+ fi

+ local dir="" rpath_files=$(scanelf -F '%F:%r' -qBR "${D}")

+ f=""

+ for dir in ${forbidden_dirs}; do

+ for l in $(echo "${rpath_files}" | grep -E ":${dir}|::|: "); do

+ f+=" ${l%%:*}\n"

+ if ! has stricter ${FEATURES}; then

+ vecho "Auto fixing rpaths for ${l%%:*}"

+ TMPDIR="${dir}" scanelf -BXr "${l%%:*}" -o /dev/null

+ fi

+ done

# Reject set*id binaries with $ORIGIN in RPATH #260331

x=$(

find "${D}" -type f $ -perm -u+s -o -perm -g+s $ -print0 | \

xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN'

)

+ # Print QA notice.

if [[ -n ${f}${x} ]] ; then

vecho -ne '\n'

eqawarn "QA Notice: The following files contain insecure RUNPATHs"

@@ -203,9 +224,6 @@ install_qa_check() {

vecho -ne '\n'

if [[ -n ${x} ]] || has stricter ${FEATURES} ; then

insecure_rpath=1

- else

- vecho "Auto fixing rpaths for ${f}"

- TMPDIR=${PORTAGE_BUILDDIR} scanelf -BXr ${f} -o /dev/null

« no previous file with comments | « no previous file | no next file » | no next file with comments »