From d221257bc87189a8a0e47e38ccd8de224cdb4754 Mon Sep 17 00:00:00 2001 From: "B. Watson" Date: Fri, 15 Dec 2023 21:11:34 -0500 Subject: sbopkglint: only check images directly in /usr/share/pixmaps, not subdirs. --- sbopkglint.d/50-icons.t.sh | 28 +++++++++++++------ sbopkglint.d/90-terminfo.t.sh | 64 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 9 deletions(-) create mode 100644 sbopkglint.d/90-terminfo.t.sh (limited to 'sbopkglint.d') diff --git a/sbopkglint.d/50-icons.t.sh b/sbopkglint.d/50-icons.t.sh index 2296e9d..61703e2 100644 --- a/sbopkglint.d/50-icons.t.sh +++ b/sbopkglint.d/50-icons.t.sh @@ -35,6 +35,9 @@ check_image() { local ext="$( echo "$bn" | sed 's,.*\.\([^.]*\)$,\1,' )" [ "$ext" = "$f" ] && ext="" + [ "$( stat -Lc '%a %U %G' "$i" )" = "644 root root" ] || \ + ls -bld "$i" >> .badperms.$$ + [ "$bn" = "theme" -o "$bn" = "icon-theme.cache" -o "$bn" = "index.theme" ] && return mime="$( file -L -zS -b --mime-type "$f" )" @@ -71,15 +74,17 @@ check_image() { fi } -for icondir in usr/share/pixmaps usr/share/icons/hicolor; do - if [ -d "$icondir" ]; then - find -L "$icondir" -type f | while read i; do - check_image "$i" - [ "$( stat -Lc '%a %U %G' "$i" )" = "644 root root" ] || \ - ls -bld "$i" >> .badperms.$$ - done - fi -done +if [ -d usr/share/icons/hicolor ]; then + find -L usr/share/icons/hicolor -type f | while read i; do + check_image "$i" + done +fi + +if [ -d usr/share/pixmaps ]; then + find -L usr/share/pixmaps -type f -maxdepth 1 | while read i; do + check_image "$i" + done +fi [ -s .nonimages.$$ ] && warn "non-image files in icon dirs:" && cat .nonimages.$$ @@ -88,4 +93,9 @@ if [ -s .badperms.$$ ]; then cat .badperms.$$ fi +# this isn't (yet?) a fatal error, but at least let the user know something's up. +if [ -d usr/share/pixmaps/hicolor ]; then + note "Icons are in /usr/share/pixmaps/hicolor, this is almost certainly WRONG!" +fi + rm -f .nonimages.$$ .badperms.$$ diff --git a/sbopkglint.d/90-terminfo.t.sh b/sbopkglint.d/90-terminfo.t.sh new file mode 100644 index 0000000..9b0cc03 --- /dev/null +++ b/sbopkglint.d/90-terminfo.t.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# sbopkglint test, must be sourced by sbopkglint (not run standalone). + +# PKG, PRGNAM, VERSION, ARCH are set by sbopkglint. also the current +# directory is the root of the installed package tree. + +####################################################################### +# check contents of /usr/share/terminfo, if present. +# +# 0. /usr/share/terminfo may only contain directories (not files). This +# gets checked in 05-basic_sanity, not here. +# 1. directories under /usr/share/terminfo must have one-character names, +# /a-zA-Z0-9/. +# 2. directories under /usr/share/terminfo mode 0755. +# 3. /usr/share/terminfo/*/ must contain only files (no subdirs). +# 4. files must go in the subdir for the first letter of their name. +# 5. files must be valid compiled terminfo entries. +# 6. files must be mode 0644 or 0444. +# 7. all files and dirs must be owned by root:root. +# +# Note: although I've never seen it done, it's perfectly legit for a +# terminfo file to have a space in its name. So that's not checked +# for here. + +if [ -d "usr/share/terminfo" ]; then + find -L "usr/share/terminfo" -type f > .tfiles.$$ + # 1: + find -L "usr/share/terminfo" -type d -mindepth 1 -name '??*' > .baddirs.$$ + # 3: + find -L "usr/share/terminfo" -type d -mindepth 2 >> .baddirs.$$ + # 2: + find -L "usr/share/terminfo" -type d -a \! -perm 755 > .badperms.$$ + # 6: + find -L "usr/share/terminfo" -type f -a \! \( -perm 644 -o -perm 444 \) >> .badperms.$$ + # 7: + find -L "usr/share/terminfo" \! -user root -o \! -group root >> .badperms.$$ + # 5: + xargs -d "\n" file -L --mime-type < .tfiles.$$ | grep -v 'application/x-terminfo' > .badmime.$$ + # 4: + egrep -v 'usr/share/terminfo/([a-zA-Z0-9])/\1[^/]*$' .tfiles.$$ > .wrongdirs.$$ + + if [ -s .badperms.$$ ]; then + warn "bad terminfo ownership (must be root:root) and/or permissions (755 for dirs, 644 or 444 for files):" + sort -u .badperms.$$ | xargs -d "\n" ls -ld + fi + + if [ -s .baddirs.$$ ]; then + warn "invalid terminfo directory structure:" + sort -u .baddirs.$$ | xargs -d "\n" ls -ld + fi + + if [ -s .wrongdirs.$$ ]; then + warn "terminfo entries in wrong dir(s):" + xargs -d "\n" ls -l < .wrongdirs.$$ + fi + + if [ -s .badmime.$$ ]; then + warn "/usr/share/terminfo has invalid terminfo file(s):" + cat .badmime.$$ + fi + + rm -f .badperms.$$ .baddirs.$$ .tfiles.$$ .wrongdirs.$$ .badmime.$$ +fi -- cgit v1.2.3