diff options
author | B. Watson <urchlay@slackware.uk> | 2023-09-24 04:37:07 -0400 |
---|---|---|
committer | B. Watson <urchlay@slackware.uk> | 2023-09-24 04:37:07 -0400 |
commit | e40491e42bbac175587731c8dc6c56612001c903 (patch) | |
tree | 907fbe05728ea562473922a0c6b85c7de20e3c42 | |
parent | 681722e1e340a5e931940eb9b09f9fc580cef02b (diff) | |
download | sbo-maintainer-tools-e40491e42bbac175587731c8dc6c56612001c903.tar.gz |
sbolint: improve script permission check.
-rw-r--r-- | TODO | 4 | ||||
-rwxr-xr-x | sbolint | 42 |
2 files changed, 40 insertions, 6 deletions
@@ -1,3 +1,7 @@ +TODO: if sbopkglint finds a hardcoded $PKG in /var/lib/pkgtools/scripts/*, + mention doinst.sh in the error message +TODO: sbolint and sbopkglint both: complain if PRGNAM has invalid characters. + (first, decide what constitutes a valid character...) TODO: if package contains any static libs, don't suggest noarch. TODO: stop checking shared libs for +x and being stripped if they're not directly in /lib /lib64 /usr/lib /usr/lib64. too many packages @@ -449,10 +449,6 @@ if($recursive_git) { push @ARGV, "." unless @ARGV; -# are we in a git repo? build scripts are mode 0644 there, plus -# the junkfile check is skipped. -$in_git_repo = system("git rev-parse >/dev/null 2>/dev/null") == 0; - $argv_count = 0; $err_warn_count = 0; for(@ARGV) { @@ -675,6 +671,7 @@ sub extract_tarball { sub run_checks { $build = shift; my $checking_tarball = 0; + my $in_git_repo = 0; my $oldcwd = getcwd(); $errcount = $warncount = 0; @@ -698,6 +695,24 @@ sub run_checks { $buildname = `readlink -n -e .`; $buildname =~ s,.*/,,; + # are we in a git repo? build scripts are mode 0644 there, plus + # the junkfile check is skipped. + if(!$checking_tarball) { + $in_git_repo = system("git rev-parse >/dev/null 2>/dev/null") == 0; + } + + # what permissions are allowed for the SlackBuild? 3 choices: + # in a tarball, it has to be 755. + # in a git repo, it has to be 644. + # anywhere else, 644 and 755 are allowed. + if($checking_tarball) { + @script_perms = (0755); + } elsif($in_git_repo) { + @script_perms = (0644); + } else { + @script_perms = (0644, 0755); + } + if(script_exists()) { my @checks = ( \&check_readme, @@ -1052,6 +1067,10 @@ sub check_info { log_error("$file: PRGNAM is '$info{PRGNAM}', should be '$buildname'"); } + if($info{PRGNAM} =~ /[^-+._A-Za-z0-9]/) { + log_error("$file: PRGNAM has invalid characters, only A-Z, a-z, 0-9, - + . _ are allowed"); + } + if($info{VERSION} =~ /-/) { log_error("$file: VERSION may not contain - (dash) characters"); } @@ -1221,8 +1240,19 @@ sub check_script { my $file = $buildname . ".SlackBuild"; my $gotmode = 07777 & ((stat($file))[2]); - unless($gotmode == 0644 || (!$in_git_repo && $gotmode == 0755)) { - log_error("$file must have mode 644" . ($in_git_repo ? "" : " (or 0755)") . ", not %04o", $gotmode); + my $mode_ok = 0; + my @octalmodes = (); + + for(@script_perms) { + push @octalmodes, sprintf("%04o", $_); + $mode_ok++ if $gotmode == $_; + } + + # warn "allowed modes: " . join(", ", @octalmodes); + + if(!$mode_ok) { + my $modes = join " or ", @octalmodes; + log_error("$file must have mode $modes, not %04o", $gotmode); } my @lines = check_and_read($file); |