1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
#!/bin/bash
# sbopkglint test, must be sourced by sbopkglint (not run standalone).
# PKG, PRGNAM, VERSION, ARCH are set by sbopkglint. also the current
# directory is the root of the installed package tree.
########################################################################
# for noarch packages, do nothing.
# for everything else, make sure any ELF binaries/libraries match the
# ARCH, and that libs are in the correct directory (lib vs. lib64).
# warnings:
# if an i?86 package has any 64-bit ELF objects (libs or bins)
# if an x86_64 package has any 32-bit ELF objects (libs or bins)
# if an i?86 package has lib64 or usr/lib64 at all
# if an x86_64 package has 64-bit libs in lib or usr/lib
# same 32/64 checking for arm (32-bit) and aarch64 (64-bit)
# note: sometimes files in /lib/firmware are ELF, and would cause
# false "wrong directory" warnings, so we exclude that dir from the
# search.
case "$ARCH" in
noarch) ;; # ok, do nothing.
i?86) WRONGDIR="lib64"; CPU="80386" ;;
x86_64) WRONGDIR="lib"; CPU="x86-64" ;;
aarch64) WRONGDIR="lib"; CPU="aarch64" ;;
arm) WRONGDIR="lib64"; CPU="ARM" ;;
*) warn "ARCH isn't noarch, i?86, x86_64, arm, or aarch64. don't know how to check binaries." ;;
esac
if [ -n "$WRONGDIR" ]; then
# 20230701 bkw: special case for /usr/share/qemu, it contains BIOS and such
# for emulated systems, some of which are ELF binaries.
# 20241008 bkw: special cases for firmware dirs.
find * -type f \
-a \! -path usr/share/qemu/\* \
-a \! -path usr/share/alsa/firmware/\* \
-a \! -path lib/firmware/\* \
-print0 | \
xargs -0 file -m /etc/file/magic/elf | \
grep 'ELF.*\(executable\|shared object\)' > .tmp.$$
while read line; do
file="$( echo $line | cut -d: -f1 )"
filetype="$( echo $line | cut -d: -f2 )"
nomachine="$( echo $line | grep 'no machine' )"
# 20230630 bkw: don't require nomachine objects to be +x.
# AFAIK, the only thing that uses them is guile2.2, and it
# installs them 0644.
if [ ! "$nomachine" ]; then
[ ! -x "$file" ] && ls -bld "$file" >> .nonexec.$$
fi
case "$file" in
# 20220414 bkw: only check for libs directly in the dir.
# this avoids e.g. lib/udev/<executable> and usr/lib/prgnam/plugins/*.so.
# had to relax this check; it was too strict.
# 20231216 bkw: don't check opt/ either.
opt/*|$WRONGDIR/*/*|usr/$WRONGDIR/*/*) continue ;;
$WRONGDIR/*|usr/$WRONGDIR/*)
ls -lb "$file" >> .inwrongdir.$$ ;;
usr/share/*)
ls -lb "$file" >> .insharedir.$$ ;;
esac
# 64-bit packages can contain 2 types of 32-bit binaries:
# - statically linked.
# - statified. very few of these exist, and we can't make
# them on 15.0 (statifier can't handle modern kernel/glibc
# and the author hasn't updated it).
if [ "$ARCH" = "x86_64" ]; then
echo "$filetype" | grep -q 'statically linked' && continue
grep -q DL_RO_DYN_TEMP_CNT "$file" && continue
fi
# "no machine" ELF objects are allowed, but since they still come
# in 64-bit and 32-bit varieties, they must be in the correct
# directory.
if ! echo "$filetype" | grep -q -e "$CPU" -e 'no machine'; then
ls -lb "$file" >> .wrongarch.$$
fi
# don't check "no machine" ELF objects for being stripped.
# our strip command doesn't know how to strip them!
if [ ! "$nomachine" ]; then
if echo "$filetype" | grep -q "not stripped"; then
ls -lb "$file" >> .notstripped.$$
fi
fi
done < .tmp.$$
rm -f .tmp.$$
fi
[ -s .inwrongdir.$$ ] && warn "shared lib(s) in wrong dir for ARCH:" && cat .inwrongdir.$$
[ -s .wrongarch.$$ ] && warn "ELF object(s) with wrong arch (should be $CPU):" && cat .wrongarch.$$
[ -s .notstripped.$$ ] && warn "ELF object(s) not stripped:" && cat .notstripped.$$
[ -s .nonexec.$$ ] && warn "ELF binaries/libraries should be executable:" && cat .nonexec.$$
if [ "$WRONGDIR" = "lib64" ]; then
[ -e usr/lib64 ] && warn "32-bit $ARCH package may not contain /usr/lib64"
[ -e lib64 ] && warn "32-bit $ARCH package may not contain /lib64"
elif [ "$WRONGDIR" = "lib" -a -e usr/lib ]; then
note "64-bit $ARCH package contains /usr/lib; this may or may not be a problem."
fi
rm -f .inwrongdir.$$ .wrongarch.$$ .notstripped.$$ .nonexec.$$
|