From 8dfeeaccc2e5774f1c0650efbcf750bcc9eb1c8a Mon Sep 17 00:00:00 2001 From: "B. Watson" Date: Thu, 28 Apr 2022 15:45:29 -0400 Subject: sbolint: fix tarball handling, relax SlackBuild perms check. sbopkglint: recommend noarch. --- sbolint | 17 ++++++++++++----- sbopkglint | 5 +++++ sbopkglint.d/05-basic-sanity.t.sh | 14 +++++++++++--- sbopkglint.d/15-noarch.t.sh | 12 ++++++++++-- sbopkglint.d/20-arch.t.sh | 5 ++++- 5 files changed, 42 insertions(+), 11 deletions(-) diff --git a/sbolint b/sbolint index 7972a8f..135faf8 100755 --- a/sbolint +++ b/sbolint @@ -490,10 +490,10 @@ sub check_tarball_mime { my $file = shift; ### This stuff is a little pedantic. It also relies on having a recent-ish - ### version of GNU file (the one in Slack 14.1 works fine). + ### version of GNU file (the one in Slack 15.0 works fine). my %types = ( 'tar' => 'application/x-tar', - 'tar.gz' => 'application/x-gzip', + 'tar.gz' => 'application/gzip', 'tar.bz2' => 'application/x-bzip2', 'tar.xz' => 'application/x-xz', ); @@ -632,7 +632,7 @@ sub check_mode { my $gotmode = 07777 & ((stat($file))[2]); if($wantmode != $gotmode) { - log_error("$file should be mode %04o, not %04o", $wantmode, $gotmode); + log_error("$file must be mode %04o, not %04o", $wantmode, $gotmode); return 0; } @@ -657,7 +657,7 @@ sub check_and_read { my @lines; my $lastline_nonl; - check_mode($file, $mode); + check_mode($file, $mode) if defined $mode; if(open my $fh, "<$file") { while(<$fh>) { @@ -1091,7 +1091,14 @@ sub check_script { my $file = $buildname . ".SlackBuild"; my $wantmode = $in_git_repo ? 0644 : 0755; - my @lines = check_and_read($file, $wantmode); + if(-e $file) { + my $gotmode = 07777 & ((stat($file))[2]); + unless($gotmode == 0644 || (!$in_git_repo && $gotmode == 0755)) { + log_error("$file must have mode 644" . ($in_git_repo ? "" : " (or 0755)") . ", not %04o", $gotmode); + } + } + + my @lines = check_and_read($file); return unless scalar @lines; if($lines[0] !~ /^#!/) { diff --git a/sbopkglint b/sbopkglint index 6409fc4..fed1a8c 100755 --- a/sbopkglint +++ b/sbopkglint @@ -441,6 +441,11 @@ warn() { echo "--- $@" 1>&2 } +note() { + [ "$warncount" = "0" ] && echo + echo "___ note: $@" 1>&2 +} + die() { warn "$@" exit 1 diff --git a/sbopkglint.d/05-basic-sanity.t.sh b/sbopkglint.d/05-basic-sanity.t.sh index 612b107..3b98c74 100644 --- a/sbopkglint.d/05-basic-sanity.t.sh +++ b/sbopkglint.d/05-basic-sanity.t.sh @@ -112,10 +112,11 @@ for i in $baddirs; do fi done +# 20220414 bkw: don't complain about broken symlinks here, they get checked elsewhere. for i in $fileonlydirs; do [ -d "$i" ] || continue dir_ok "$i" || warn_badperms "$i" - badstuff="$( find -L "$i" -mindepth 1 -maxdepth 1 \! -type f )" + badstuff="$( find -L "$i" -mindepth 1 -maxdepth 1 \! \( -type l -o -type f \) )" [ -n "$badstuff" ] && warn "$i should only contain files, not:" && ls -ld $badstuff done @@ -151,8 +152,15 @@ for i in $badfiles; do [ -e "$i" ] && warn "forbidden file: $i" done +# 20220414 bkw: absolute symlinks used to be an error, but there are just +# too many packages that use them. so only flag them if they're broken links. abslinks="$( find . -type l -lname '/*' )" +[ -n "$abslinks" ] && for i in $abslinks; do + target="$( readlink $i | sed 's,^/*,,' )" + [ -e "$target" ] || brokenabslinks+="$i " +done + brokenlinks="$( find -L . -type l \! -lname '/*' )" -[ -n "$abslinks" ] && warn "package contains absolute symlinks (should be relative):" && ls -ld $abslinks -[ -n "$brokenlinks" ] && warn "package contains broken symlinks:" && ls -ld $brokenlinks +[ -n "$brokenabslinks" ] && warn "package contains broken absolute symlinks:" && ls -ld $brokenabslinks +[ -n "$brokenlinks" ] && warn "package contains broken relative symlinks:" && ls -ld $brokenlinks diff --git a/sbopkglint.d/15-noarch.t.sh b/sbopkglint.d/15-noarch.t.sh index 55c17f6..7480ba8 100644 --- a/sbopkglint.d/15-noarch.t.sh +++ b/sbopkglint.d/15-noarch.t.sh @@ -7,8 +7,16 @@ ######################################################################## # makes sure "noarch" packages really are noarch. +# for packages that aren't noarch, recommend noarch if it looks like one. +# the recommendation is not an error! + +elfbins="$( find * -type f -print0 | xargs -0 file -m /etc/file/magic/elf | grep ELF | cut -d: -f1 )" if [ "$ARCH" = "noarch" ]; then - elfbins="$( find * -type f -print0 | xargs -0 file -m /etc/file/magic/elf | grep ELF | cut -d: -f1 )" - [ -n "$elfbins" ] && warn "package claims to be noarch, but contains ELF binaries:" && ls -l $elfbins + [ -n "$elfbins" ] && \ + warn "package claims to be noarch, but contains ELF binaries:" && \ + ls -l $elfbins +elif [ -z "$elfbins" ] && [ ! -e usr/lib ] && [ ! -e usr/lib64 ]; then + x="$( find usr/share/pkgconfig -type f -exec grep 'usr/lib' {} \+ 2>/dev/null )" + [ -z "$x" ] && note "package might be a good candidate for noarch" fi diff --git a/sbopkglint.d/20-arch.t.sh b/sbopkglint.d/20-arch.t.sh index a6b9265..376074d 100644 --- a/sbopkglint.d/20-arch.t.sh +++ b/sbopkglint.d/20-arch.t.sh @@ -39,7 +39,10 @@ if [ -n "$WRONGDIR" ]; then file="$( echo $line | cut -d: -f1 )" filetype="$( echo $line | cut -d: -f2 )" case "$file" in - lib/firmware/*) continue ;; + # 20220414 bkw: only check for libs directly in the dir. + # this avoids e.g. lib/udev/ and usr/lib/prgnam/plugins/*.so. + # had to relax this check; it was too strict. + $WRONGDIR/*/*|usr/$WRONGDIR/*/*) continue ;; $WRONGDIR/*|usr/$WRONGDIR/*) INWRONGDIR+="$file " ;; esac -- cgit v1.2.3