From c1e2772c4ef1c4ce59c9ca71f3818feb9458e9dc Mon Sep 17 00:00:00 2001 From: "B. Watson" Date: Thu, 7 Apr 2022 02:03:45 -0400 Subject: add check for non-executable files in bin dirs --- sbopkglint.d/05-basic-sanity.t.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'sbopkglint.d') diff --git a/sbopkglint.d/05-basic-sanity.t.sh b/sbopkglint.d/05-basic-sanity.t.sh index b621bbe..c0eb9b7 100644 --- a/sbopkglint.d/05-basic-sanity.t.sh +++ b/sbopkglint.d/05-basic-sanity.t.sh @@ -22,11 +22,16 @@ requireddirs="usr/doc/$PRGNAM-$VERSION" # the topleveldirs check already catches those. baddirs="usr/local usr/share/doc usr/share/man usr/etc usr/share/info usr/X11 usr/X11R6" +# these directories may only contain files with +x permissions. in +# other words, no non-executable files may live here. note that +# bindirs is a subset of fileonlydirs. +bindirs="bin usr/bin sbin usr/sbin" + # these directories may exist, but must contain only files or symlinks, # and must be mode 0755, root:root. I thought usr/share/pixmaps # belonged here, but quite a few packages create subdirs there for # images required at runtime that aren't the app icon. -fileonlydirs="bin usr/bin sbin usr/sbin" +fileonlydirs="$bindirs" # these directories may exist, but must contain only subdirectories # (no files, symlinks, devices, etc). "." (the top-level package dir) @@ -114,6 +119,12 @@ for i in $fileonlydirs; do [ -n "$badstuff" ] && warn "$i should only contain files, not:" && ls -ld $badstuff done +for i in $bindirs; do + [ -d "$i" ] || continue + badstuff="$( find -L "$i" -mindepth 1 -maxdepth 1 -type f \! -perm /0111 )" + [ -n "$badstuff" ] && warn "$i should only contain executable files, not:" && ls -ld $badstuff +done + for i in $nofiledirs; do [ -d "$i" ] || continue dir_ok "$i" || warn_badperms "$i" -- cgit v1.2.3