aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorB. Watson <urchlay@slackware.uk>2023-09-24 04:37:07 -0400
committerB. Watson <urchlay@slackware.uk>2023-09-24 04:37:07 -0400
commite40491e42bbac175587731c8dc6c56612001c903 (patch)
tree907fbe05728ea562473922a0c6b85c7de20e3c42
parent681722e1e340a5e931940eb9b09f9fc580cef02b (diff)
downloadsbo-maintainer-tools-e40491e42bbac175587731c8dc6c56612001c903.tar.gz
sbolint: improve script permission check.
-rw-r--r--TODO4
-rwxr-xr-xsbolint42
2 files changed, 40 insertions, 6 deletions
diff --git a/TODO b/TODO
index a52beb9..11c4e3d 100644
--- a/TODO
+++ b/TODO
@@ -1,3 +1,7 @@
+TODO: if sbopkglint finds a hardcoded $PKG in /var/lib/pkgtools/scripts/*,
+ mention doinst.sh in the error message
+TODO: sbolint and sbopkglint both: complain if PRGNAM has invalid characters.
+ (first, decide what constitutes a valid character...)
TODO: if package contains any static libs, don't suggest noarch.
TODO: stop checking shared libs for +x and being stripped if they're not
directly in /lib /lib64 /usr/lib /usr/lib64. too many packages
diff --git a/sbolint b/sbolint
index 7799652..bf4b8ae 100755
--- a/sbolint
+++ b/sbolint
@@ -449,10 +449,6 @@ if($recursive_git) {
push @ARGV, "." unless @ARGV;
-# are we in a git repo? build scripts are mode 0644 there, plus
-# the junkfile check is skipped.
-$in_git_repo = system("git rev-parse >/dev/null 2>/dev/null") == 0;
-
$argv_count = 0;
$err_warn_count = 0;
for(@ARGV) {
@@ -675,6 +671,7 @@ sub extract_tarball {
sub run_checks {
$build = shift;
my $checking_tarball = 0;
+ my $in_git_repo = 0;
my $oldcwd = getcwd();
$errcount = $warncount = 0;
@@ -698,6 +695,24 @@ sub run_checks {
$buildname = `readlink -n -e .`;
$buildname =~ s,.*/,,;
+ # are we in a git repo? build scripts are mode 0644 there, plus
+ # the junkfile check is skipped.
+ if(!$checking_tarball) {
+ $in_git_repo = system("git rev-parse >/dev/null 2>/dev/null") == 0;
+ }
+
+ # what permissions are allowed for the SlackBuild? 3 choices:
+ # in a tarball, it has to be 755.
+ # in a git repo, it has to be 644.
+ # anywhere else, 644 and 755 are allowed.
+ if($checking_tarball) {
+ @script_perms = (0755);
+ } elsif($in_git_repo) {
+ @script_perms = (0644);
+ } else {
+ @script_perms = (0644, 0755);
+ }
+
if(script_exists()) {
my @checks = (
\&check_readme,
@@ -1052,6 +1067,10 @@ sub check_info {
log_error("$file: PRGNAM is '$info{PRGNAM}', should be '$buildname'");
}
+ if($info{PRGNAM} =~ /[^-+._A-Za-z0-9]/) {
+ log_error("$file: PRGNAM has invalid characters, only A-Z, a-z, 0-9, - + . _ are allowed");
+ }
+
if($info{VERSION} =~ /-/) {
log_error("$file: VERSION may not contain - (dash) characters");
}
@@ -1221,8 +1240,19 @@ sub check_script {
my $file = $buildname . ".SlackBuild";
my $gotmode = 07777 & ((stat($file))[2]);
- unless($gotmode == 0644 || (!$in_git_repo && $gotmode == 0755)) {
- log_error("$file must have mode 644" . ($in_git_repo ? "" : " (or 0755)") . ", not %04o", $gotmode);
+ my $mode_ok = 0;
+ my @octalmodes = ();
+
+ for(@script_perms) {
+ push @octalmodes, sprintf("%04o", $_);
+ $mode_ok++ if $gotmode == $_;
+ }
+
+ # warn "allowed modes: " . join(", ", @octalmodes);
+
+ if(!$mode_ok) {
+ my $modes = join " or ", @octalmodes;
+ log_error("$file must have mode $modes, not %04o", $gotmode);
}
my @lines = check_and_read($file);