From e40491e42bbac175587731c8dc6c56612001c903 Mon Sep 17 00:00:00 2001 From: "B. Watson" Date: Sun, 24 Sep 2023 04:37:07 -0400 Subject: sbolint: improve script permission check. --- TODO | 4 ++++ sbolint | 42 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 40 insertions(+), 6 deletions(-) diff --git a/TODO b/TODO index a52beb9..11c4e3d 100644 --- a/TODO +++ b/TODO @@ -1,3 +1,7 @@ +TODO: if sbopkglint finds a hardcoded $PKG in /var/lib/pkgtools/scripts/*, + mention doinst.sh in the error message +TODO: sbolint and sbopkglint both: complain if PRGNAM has invalid characters. + (first, decide what constitutes a valid character...) TODO: if package contains any static libs, don't suggest noarch. TODO: stop checking shared libs for +x and being stripped if they're not directly in /lib /lib64 /usr/lib /usr/lib64. too many packages diff --git a/sbolint b/sbolint index 7799652..bf4b8ae 100755 --- a/sbolint +++ b/sbolint @@ -449,10 +449,6 @@ if($recursive_git) { push @ARGV, "." unless @ARGV; -# are we in a git repo? build scripts are mode 0644 there, plus -# the junkfile check is skipped. -$in_git_repo = system("git rev-parse >/dev/null 2>/dev/null") == 0; - $argv_count = 0; $err_warn_count = 0; for(@ARGV) { @@ -675,6 +671,7 @@ sub extract_tarball { sub run_checks { $build = shift; my $checking_tarball = 0; + my $in_git_repo = 0; my $oldcwd = getcwd(); $errcount = $warncount = 0; @@ -698,6 +695,24 @@ sub run_checks { $buildname = `readlink -n -e .`; $buildname =~ s,.*/,,; + # are we in a git repo? build scripts are mode 0644 there, plus + # the junkfile check is skipped. + if(!$checking_tarball) { + $in_git_repo = system("git rev-parse >/dev/null 2>/dev/null") == 0; + } + + # what permissions are allowed for the SlackBuild? 3 choices: + # in a tarball, it has to be 755. + # in a git repo, it has to be 644. + # anywhere else, 644 and 755 are allowed. + if($checking_tarball) { + @script_perms = (0755); + } elsif($in_git_repo) { + @script_perms = (0644); + } else { + @script_perms = (0644, 0755); + } + if(script_exists()) { my @checks = ( \&check_readme, @@ -1052,6 +1067,10 @@ sub check_info { log_error("$file: PRGNAM is '$info{PRGNAM}', should be '$buildname'"); } + if($info{PRGNAM} =~ /[^-+._A-Za-z0-9]/) { + log_error("$file: PRGNAM has invalid characters, only A-Z, a-z, 0-9, - + . _ are allowed"); + } + if($info{VERSION} =~ /-/) { log_error("$file: VERSION may not contain - (dash) characters"); } @@ -1221,8 +1240,19 @@ sub check_script { my $file = $buildname . ".SlackBuild"; my $gotmode = 07777 & ((stat($file))[2]); - unless($gotmode == 0644 || (!$in_git_repo && $gotmode == 0755)) { - log_error("$file must have mode 644" . ($in_git_repo ? "" : " (or 0755)") . ", not %04o", $gotmode); + my $mode_ok = 0; + my @octalmodes = (); + + for(@script_perms) { + push @octalmodes, sprintf("%04o", $_); + $mode_ok++ if $gotmode == $_; + } + + # warn "allowed modes: " . join(", ", @octalmodes); + + if(!$mode_ok) { + my $modes = join " or ", @octalmodes; + log_error("$file must have mode $modes, not %04o", $gotmode); } my @lines = check_and_read($file); -- cgit v1.2.3