aboutsummaryrefslogtreecommitdiff
path: root/sbopkglint.d/05-basic-sanity.t.sh
diff options
context:
space:
mode:
authorB. Watson <yalhcru@gmail.com>2022-04-04 14:07:14 -0400
committerB. Watson <yalhcru@gmail.com>2022-04-04 14:07:14 -0400
commit533599f74e56dc42bdac215e2d152f9769b6b56e (patch)
tree9a8d349d138937a7c2880589ae16078b68f4009e /sbopkglint.d/05-basic-sanity.t.sh
downloadsbo-maintainer-tools-533599f74e56dc42bdac215e2d152f9769b6b56e.tar.gz
initial commit
Diffstat (limited to 'sbopkglint.d/05-basic-sanity.t.sh')
-rw-r--r--sbopkglint.d/05-basic-sanity.t.sh152
1 files changed, 152 insertions, 0 deletions
diff --git a/sbopkglint.d/05-basic-sanity.t.sh b/sbopkglint.d/05-basic-sanity.t.sh
new file mode 100644
index 0000000..6709203
--- /dev/null
+++ b/sbopkglint.d/05-basic-sanity.t.sh
@@ -0,0 +1,152 @@
+#!/bin/sh
+
+# sbopkglint test, must be sourced by sbopkglint (not run standalone).
+
+# PKG, PRGNAM, VERSION, ARCH are set by sbopkglint. also the current
+# directory is the root of the installed package tree.
+
+#######################################################################
+# these directories are allowed to exist in the package, but they
+# must be mode 0755 and owned by root:root. if a dir from this list
+# exists but is empty, that's an error. if a top-level directory
+# exists that's *not* in this list (such as /dev), that's an error.
+topleveldirs="bin boot etc lib lib64 opt sbin srv usr var run"
+
+# these directories are *required* to exist, and must be mode 0755, root:root.
+# if a dir from this list exists but is empty, that's an error. note
+# that the install/ dir no longer exists by the time we run (installpkg
+# deleted it already).
+requireddirs="usr/doc/$PRGNAM-$VERSION"
+
+# these directories *must not* exist. no need to list top-level dirs here,
+# the topleveldirs check already catches those.
+baddirs="usr/local usr/share/doc usr/share/man usr/etc usr/share/info usr/X11 usr/X11R6"
+
+# these directories may exist, but must contain only files or symlinks,
+# and must be mode 0755, root:root. I thought usr/share/pixmaps
+# belonged here, but quite a few packages create subdirs there for
+# images required at runtime that aren't the app icon.
+fileonlydirs="bin usr/bin sbin usr/sbin"
+
+# these directories may exist, but must contain only subdirectories
+# (no files, symlinks, devices, etc). "." (the top-level package dir)
+# doesn't need to be included here; it's checked separately.
+nofiledirs="usr usr/doc usr/share usr/man"
+
+# these directories may exist but must not have executable files
+# anywhere under them. I would put usr/doc and etc here, but too many
+# packages break that rule. usr/share/applications is listed here,
+# even though Slackware's KDE packages (erroneously) install .desktop
+# files +x.
+noexecdirs="usr/man usr/share/pixmaps usr/share/icons usr/share/applications usr/share/appdata usr/share/mime usr/share/mime-info usr/share/glib-2.0"
+
+# these files must exist.
+requiredfiles="usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild"
+
+# these files must not exist.
+badfiles="\
+usr/info/dir \
+usr/info/dir.gz \
+usr/lib64/perl5/perllocal.pod \
+usr/lib/perl5/perllocal.pod \
+usr/share/perl5/perllocal.pod \
+usr/share/perl5/vendor_perl/perllocal.pod \
+etc/passwd \
+etc/passwd.new \
+etc/shadow \
+etc/shadow.new \
+etc/group \
+etc/group.new \
+etc/gshadow \
+etc/gshadow.new \
+etc/ld.so.conf"
+
+#######################################################################
+
+# include 'hidden' files/dirs in * wildcard expansion.
+shopt -s dotglob
+
+dir_ok() {
+ [ -d "$1" ] && \
+ [ "$( stat -c '%A %U %G' "$1" )" = "drwxr-xr-x root root" ]
+}
+
+dir_empty() {
+ [ "$( find "$1" -mindepth 1 -maxdepth 1 )" = "" ]
+}
+
+warn_badperms() {
+ warn "bad permissions/owner (should be 0755 root:root): $1"
+}
+
+for i in *; do
+ if [ ! -d "$i" ]; then
+ warn "package root dir contains non-directory: $i"
+ elif ! echo "$topleveldirs" | grep -q "\\<$i\\>"; then
+ warn "package root dir contains non-standard directory: $i"
+ elif ! dir_ok "$i"; then
+ warn_badperms "$i"
+ elif dir_empty "$i"; then
+ warn "package contains empty top-level directory: $i"
+ fi
+done
+
+for i in $requireddirs; do
+ if [ ! -d "$i" ]; then
+ warn "missing required directory: $i"
+ elif ! dir_ok "$i"; then
+ warn_badperms "$i"
+ fi
+done
+
+for i in $baddirs; do
+ if [ -d "$i" ]; then
+ warn "forbidden directory exists: $i"
+ elif [ -e "$i" ]; then
+ warn "forbidden directory exists as a non-directory: $i"
+ fi
+done
+
+for i in $fileonlydirs; do
+ [ -d "$i" ] || continue
+ dir_ok "$i" || warn_badperms "$i"
+ badstuff="$( find -L "$i" -mindepth 1 -maxdepth 1 \! -type f )"
+ [ -n "$badstuff" ] && warn "$i should only contain files, not:" && ls -ld $badstuff
+done
+
+for i in $nofiledirs; do
+ [ -d "$i" ] || continue
+ dir_ok "$i" || warn_badperms "$i"
+ badstuff="$( find -L "$i" -mindepth 1 -maxdepth 1 \! -type d )"
+ [ -n "$badstuff" ] && warn "$i should only contain directories, not:" && ls -ld $badstuff
+done
+
+for i in $requiredfiles; do
+ [ -f "$i" ] || warn "missing required file: $i"
+done
+
+for i in $noexecdirs; do
+ [ -d "$i" ] || continue
+ found="$( find "$i" -type f -a -perm /0111 )"
+ if [ -n "$found" ]; then
+ warn "$i should not contain files with executable permission:"
+ ls -l $found
+ fi
+done
+
+for i in $badfiles; do
+ [ -e "$i" ] && warn "forbidden file: $i"
+done
+
+badlinks="$( find -L . -type l )"
+[ -n "$badlinks" ] && for i in $badlinks; do
+ target="$( readlink "$i" )"
+ case "$target" in
+ /*) abslinks+="$i " ;;
+ *) brokenlinks+="$i " ;;
+ esac
+done
+
+[ -n "$abslinks" ] && warn "package contains absolute symlinks (should be relative):" && ls -ld $abslinks
+[ -n "$brokenlinks" ] && warn "package contains broken symlinks:" && ls -ld $brokenlinks
+