[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 9728fbba80abeec5adad8ba6cf7580c16c039a45 Author: Eli Schwartz gmail com> AuthorDate: Tue May 21 23:22:31 2024 + Commit: Sam James gentoo org> CommitDate: Wed May 22 16:56:31 2024 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=9728fbba install-qa-checks.d: suppress some gnulib implicit decls on musl These happen in tons of GNU packages because of using gnulib's regex.m4 specifically, which pulls in a macro that checks for some functionality and spit out many implicit function declaration errors if regex.h isn't GNU's specifically. The compile tests do fail either way, it's just very dirty in the logs. Bug: https://bugs.gentoo.org/906027 Signed-off-by: Eli Schwartz gmail.com> Closes: https://github.com/gentoo/portage/pull/1327 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 12 1 file changed, 12 insertions(+) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index adea7d4051..8768c99c62 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -58,6 +58,18 @@ add_default_skips() { # also gnulib, but checks both linux/non-linux headers MIN ) + if [[ ${CHOST} = *musl* ]]; then + QA_CONFIG_IMPL_DECL_SKIP+=( + # gnulib checks for functions that aren't available on musl. + + # regex.m4 always emits these warnings, but they are noisy to fix + # and the check will correctly fail due to missing macros anyway. + re_set_syntax + re_compile_pattern + re_search + re_match + ) + fi } find_log_targets() {
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 8256473c6a9fa93e7cf81c46fa920cd522507c21 Author: Eli Schwartz gmail com> AuthorDate: Fri May 17 05:52:53 2024 + Commit: Sam James gentoo org> CommitDate: Fri May 17 06:28:24 2024 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=8256473c install-qa-checks.d: suppress some gnulib implicit configure declarations These happen in tons of GNU packages because of using gnulib, which pulls in macros that check for some functionality and spit out an implicit function declaration error if they aren't supported, which is *expected*. Bug: https://bugs.gentoo.org/906027 Signed-off-by: Eli Schwartz gmail.com> Closes: https://github.com/gentoo/portage/pull/1323 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 9 + 1 file changed, 9 insertions(+) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index 7969dff175..adea7d4051 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -49,6 +49,15 @@ add_default_skips() { res_ndestroy statacl ) + + QA_CONFIG_IMPL_DECL_SKIP+=( + # Available in c23, these gnulib checks are expected to fail + alignof + static_assert + unreachable + # also gnulib, but checks both linux/non-linux headers + MIN + ) } find_log_targets() {
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 8bbdc814485d2990630d4217f68830fe1148801c Author: Mike Gilbert gentoo org> AuthorDate: Wed Apr 24 15:35:32 2024 + Commit: Mike Gilbert gentoo org> CommitDate: Wed Apr 24 15:35:32 2024 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=8bbdc814 Remove QA warning when no bash completions are found This triggers unwanted warnings in at least two known cases. Bug: https://bugs.gentoo.org/928599 Bug: https://bugs.gentoo.org/928869 Signed-off-by: Mike Gilbert gentoo.org> bin/install-qa-check.d/60bash-completion | 3 --- 1 file changed, 3 deletions(-) diff --git a/bin/install-qa-check.d/60bash-completion b/bin/install-qa-check.d/60bash-completion index 85573df0e5..d3cb52d1c1 100644 --- a/bin/install-qa-check.d/60bash-completion +++ b/bin/install-qa-check.d/60bash-completion @@ -77,9 +77,6 @@ bashcomp_check() { fi if [[ -z ${completions[@]} ]]; then - qa_warnings+=( - "${f##*/}: does not define any completions (failed to source?)." - ) continue fi
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 9a06b7210562b8d03577cd4043227ea2023db1f2 Author: Sam James gentoo org> AuthorDate: Sun Feb 25 08:13:28 2024 + Commit: Sam James gentoo org> CommitDate: Sun Feb 25 08:15:18 2024 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=9a06b721 bin/install-qa-check.d: 90gcc-warnings: drop GCC warnings with known (heavy) FPs Drop -Wstringop-overflow, -Wstringop-overread, -Wstringop-truncation, -Waddress, and -Wreturn-local-addr for now because they cause too many FPs. We want only reliable warnings for this Portage QA check as we encourage people to report these upstream. Bug: https://gcc.gnu.org/PR88443 Bug: https://gcc.gnu.org/PR88781 Bug: https://gcc.gnu.org/PR93644 Bug: https://gcc.gnu.org/PR97048 Bug: https://gcc.gnu.org/PR103360 Bug: https://bugs.gentoo.org/925460 Signed-off-by: Sam James gentoo.org> NEWS | 2 ++ bin/install-qa-check.d/90gcc-warnings | 18 -- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 94be26de84..83be372043 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,8 @@ portage-3.0.63 (UNRELEASED) Bug fixes: * emerge: Skip installed packages with emptytree in depgraph selection (bug #651018). +* bin/install-qa-check.d: 90gcc-warnings: drop warnings with too many FPs (bug #925460). + portage-3.0.62 (2024-02-22) -- diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 449bf23627..1060618dfa 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -44,9 +44,12 @@ gcc_warn_check() { # those three do not have matching -W flags, it seems 'warning: .*will always overflow destination buffer' # compile-time part of FORTIFY_SOURCE - 'warning: .*\[-Wstringop-overflow\]' - 'warning: .*\[-Wstringop-overread\]' - 'warning: .*\[-Wstringop-truncation\]' + # XXX: Commented out because of gcc FPs (https://gcc.gnu.org/PR88443) + #'warning: .*\[-Wstringop-overflow\]' + # XXX: Commented out because of gcc FPs (https://gcc.gnu.org/PR97048) + #'warning: .*\[-Wstringop-overread\]' + # XXX: Commented out because of gcc FPs (https://gcc.gnu.org/PR88781) + #'warning: .*\[-Wstringop-truncation\]' # clang-only, equivalent of -Wstringop-overflow 'warning: .*\[-Wfortify-source\]' 'warning: .*assuming pointer wraparound does not occur' @@ -68,7 +71,8 @@ gcc_warn_check() { 'warning: .*function.*\[-Wpointer-arith\]' # the address of ... will never be NULL and likes # (uses of function refs & string constants in conditionals) - 'warning: .*\[-Waddress\]' + # XXX: Commented out because of gcc FPs (https://gcc.gnu.org/PR103360) + #'warning: .*\[-Waddress\]' # TODO: we want to enable these but bash currently triggers # them with a trick in random.c where it intentionally wants @@ -95,7 +99,8 @@ gcc_warn_check() { 'warning: .*matching.*\[-Wformat=\]' # function returns address of local variable - 'warning: .*\[-Wreturn-local-addr\]' + # XXX: Commented out for bug #925460 (https://gcc.gnu.org/PR93644) + #'warning: .*\[-Wreturn-local-addr\]' # missing return at end of function, or non-void return in a void function # (clang at least aggressively optimises on this) 'warning: .*\[-Wreturn-type\]' @@ -123,7 +128,8 @@ gcc_warn_check() { 'warning: .*\[-Wodr\]' # warning: argument value A will result in undefined behaviour (Clang) 'warning: .*\[-Wargument-undefined-behaviour\]' - 'warning: .*\[-Wnull-dereference\]' + # XXX: Commented out because of GCC FPs (https://gcc.gnu.org/PR86172) + #'warning: .*\[-Wnull-dereference\]' # general sensible warnings (will be rejected by modern compilers soon) 'warning: .*\[-Wmain\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, bin/ebuild-helpers/
commit: d801ec255a6725775b5e3d672b8c00e9c0095200 Author: Agostino Sarubbo gentoo org> AuthorDate: Fri Jan 26 11:14:48 2024 + Commit: Sam James gentoo org> CommitDate: Fri Feb 9 07:09:43 2024 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=d801ec25 bin: prefix eqawarn with 'QA Notice' Bug: https://bugs.gentoo.org/728046 Signed-off-by: Agostino Sarubbo gentoo.org> Closes: https://github.com/gentoo/portage/pull/1239 Signed-off-by: Sam James gentoo.org> bin/ebuild-helpers/dohtml| 2 +- bin/ebuild-helpers/fowners | 2 +- bin/ebuild-helpers/fperms| 2 +- bin/install-qa-check.d/05prefix | 6 +++--- bin/install-qa-check.d/60bash-completion | 4 ++-- bin/install-qa-check.d/90bad-bin-group-write | 2 +- bin/install-qa-check.d/90bad-bin-owner | 2 +- bin/install-qa-check.d/90cmake-warnings | 2 +- bin/install-qa-check.d/90world-writable | 2 +- bin/install-qa-check.d/95empty-dirs | 2 +- 10 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bin/ebuild-helpers/dohtml b/bin/ebuild-helpers/dohtml index 55339238e8..4d4efd496c 100755 --- a/bin/ebuild-helpers/dohtml +++ b/bin/ebuild-helpers/dohtml @@ -10,7 +10,7 @@ if ! ___eapi_has_dohtml; then fi if ___eapi_has_dohtml_deprecated; then - eqawarn "'${0##*/}' is deprecated in EAPI '${EAPI}'" + eqawarn "QA Notice: '${0##*/}' is deprecated in EAPI '${EAPI}'" fi # Use safe cwd, avoiding unsafe import for bug #469338. diff --git a/bin/ebuild-helpers/fowners b/bin/ebuild-helpers/fowners index fa4e3c0d7f..d05094caba 100755 --- a/bin/ebuild-helpers/fowners +++ b/bin/ebuild-helpers/fowners @@ -21,7 +21,7 @@ for arg; do args+=( "${ED%/}/${arg#/}" ) # remove the QA warning after 2024-12-31 if [[ ${arg:0:1} != / ]]; then - eqawarn "${0##*/}: Path '${arg}' does not start with '/'." + eqawarn "QA Notice: ${0##*/}: Path '${arg}' does not start with '/'." eqawarn "This is unsupported. Add a slash for a path in \${ED}," eqawarn "or use 'chown' for a path relative to the working dir." fi diff --git a/bin/ebuild-helpers/fperms b/bin/ebuild-helpers/fperms index d52f5a767e..16772d11f2 100755 --- a/bin/ebuild-helpers/fperms +++ b/bin/ebuild-helpers/fperms @@ -22,7 +22,7 @@ for arg; do args+=( "${ED%/}/${arg#/}" ) # remove the QA warning after 2024-12-31 if [[ ${arg:0:1} != / ]]; then - eqawarn "${0##*/}: Path '${arg}' does not start with '/'." + eqawarn "QA Notice: ${0##*/}: Path '${arg}' does not start with '/'." eqawarn "This is unsupported. Add a slash for a path in \${ED}," eqawarn "or use 'chmod' for a path relative to the working dir." fi diff --git a/bin/install-qa-check.d/05prefix b/bin/install-qa-check.d/05prefix index 28f2c06afe..edbd6fab2f 100644 --- a/bin/install-qa-check.d/05prefix +++ b/bin/install-qa-check.d/05prefix @@ -71,7 +71,7 @@ install_qa_check_prefix() { echo "${fn#${D}}:${line[0]} (explicit EPREFIX but target not found)" \ >> "${T}"/non-prefix-shebangs-errs else - eqawarn "${fn#${D}} has explicit EPREFIX in shebang but target not found (${line[0]})" + eqawarn "QA Notice: ${fn#${D}} has explicit EPREFIX in shebang but target not found (${line[0]})" fi fi continue @@ -81,7 +81,7 @@ install_qa_check_prefix() { if [[ -e ${EROOT}${line[0]} || -e ${ED}${line[0]} ]] ; then # is it unprefixed, but we can just fix it because a # prefixed variant exists - eqawarn "prefixing shebang of ${fn#${D}}" + eqawarn "QA Notice: prefixing shebang of ${fn#${D}}" # statement is made idempotent on purpose, because # symlinks may point to the same target, and hence the # same real file may be sedded multiple times since we @@ -98,7 +98,7 @@ install_qa_check_prefix() { # unprefixed/invalid shebang, but outside ${PATH}, this may be # intended (e.g. config.guess) so remain silent by default has stricter ${FEATURES} && \ - eqawarn "invalid shebang in ${fn#${D}}: ${line[0]}" + eqawarn "QA Notice: invalid shebang in ${fn#${D}}: ${line[0]}"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: da9e55236ef40ab4887415814c7f6ddd2abf083c Author: Florian Schmaus gentoo org> AuthorDate: Wed Jul 26 10:22:01 2023 + Commit: Sam James gentoo org> CommitDate: Sat Jul 29 03:55:20 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=da9e5523 install-qa-check.d/60openrc: be explicit about OpenRC Be explicit that this is not some arbitrary shell script that is checked by the QA check, but an OpenRC runscript. Signed-off-by: Florian Schmaus gentoo.org> Closes: https://github.com/gentoo/portage/pull/1074 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60openrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/60openrc b/bin/install-qa-check.d/60openrc index 0ab27f646..4d6199432 100644 --- a/bin/install-qa-check.d/60openrc +++ b/bin/install-qa-check.d/60openrc @@ -32,7 +32,7 @@ openrc_check() { [[ -L ${i} ]] && continue f=$("${checkbashisms}" -n -f "${i}" 2>&1) [[ $? != 0 && -n ${f} ]] || continue - eqawarn "QA Notice: shell script appears to use non-POSIX feature(s):" + eqawarn "QA Notice: OpenRC shell script appears to use non-POSIX feature(s):" while read -r ; do eqawarn " ${REPLY}" done <<< "${f//${ED}}"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 6066bb766f43ca06a5b0f08baa5946ff678f0c29 Author: Benda Xu debian org> AuthorDate: Sun Jun 25 09:03:00 2023 + Commit: Sam James gentoo org> CommitDate: Thu Jun 29 08:22:53 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6066bb76 bin/install-qa-check.d/05prefix: prefixify init-script shebangs. Init scripts in /etc/init.d have OpenRC shebangs "#!/sbin/openrc-run". They should be prefixified like a executable script in a Prefix. Signed-off-by: Benda Xu gentoo.org> Bug: https://bugs.gentoo.org/640658 Closes: https://github.com/gentoo/portage/pull/1061 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/05prefix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/05prefix b/bin/install-qa-check.d/05prefix index 7488ad9e4..28f2c06af 100644 --- a/bin/install-qa-check.d/05prefix +++ b/bin/install-qa-check.d/05prefix @@ -76,8 +76,8 @@ install_qa_check_prefix() { fi continue fi - # unprefixed shebang, is the script directly in ${PATH}? - if [[ ":${PATH}:" == *":${fp}:"* ]] ; then + # unprefixed shebang, is the script directly in ${PATH} or an init script? + if [[ ":${PATH}:${EPREFIX}/etc/init.d:" == *":${fp}:"* ]] ; then if [[ -e ${EROOT}${line[0]} || -e ${ED}${line[0]} ]] ; then # is it unprefixed, but we can just fix it because a # prefixed variant exists
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 595a73259025589c65af837ce23d994523242d45 Author: Matt Turner gentoo org> AuthorDate: Wed May 10 00:35:13 2023 + Commit: Sam James gentoo org> CommitDate: Thu May 11 01:24:41 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=595a7325 install-qa-check.d/90config-impl-decl: Allow wildcards in QA_CONFIG_IMPL_DECL_SKIP This will enable us to ignore all __builtin_* functions, for example. Signed-off-by: Matt Turner gentoo.org> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index 0e758e87d..7eb7dcff9 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -19,6 +19,18 @@ # # See also: bug 892651 +# Same as the "has" function, but allows wildcards in the array +is_in() { + local needle=$1 + shift + + local x + for x in "$@"; do + [[ "${needle}" = ${x} ]] && return 0 + done + return 1 +} + find_log_targets() { local log_targets=( 'config.log' @@ -80,7 +92,7 @@ config_impl_decl_check() { continue fi - has "${func}" "${QA_CONFIG_IMPL_DECL_SKIP[@]}" && continue + is_in "${func}" "${QA_CONFIG_IMPL_DECL_SKIP[@]}" && continue files+=( "${l}" ) lines+=( "${line}" )
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e34b593e10a86ffc61d54f113729b3fb556b46c0 Author: Matt Turner gentoo org> AuthorDate: Wed May 10 01:28:12 2023 + Commit: Sam James gentoo org> CommitDate: Thu May 11 01:24:41 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e34b593e install-qa-check.d/90config-impl-decl: Skip compiler built-ins Bug: https://bugs.gentoo.org/879687 Bug: https://bugs.gentoo.org/898232 Signed-off-by: Matt Turner gentoo.org> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 13 + 1 file changed, 13 insertions(+) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index 7eb7dcff9..43be4222b 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -31,6 +31,17 @@ is_in() { return 1 } +add_default_skips() { + # Skip built-in functions provided by the compiler + QA_CONFIG_IMPL_DECL_SKIP+=( + "__builtin_*" + # https://gcc.gnu.org/onlinedocs/gcc/_005f_005fsync-Builtins.html + "__sync_*" + # https://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html + "__atomic_*" + ) +} + find_log_targets() { local log_targets=( 'config.log' @@ -68,6 +79,8 @@ config_impl_decl_check() { local re_asc local is_utf8 + add_default_skips + # Given the UTF-8 character type, both gcc and clang may enclose the # function name between the LEFT SINGLE QUOTATION MARK and RIGHT SINGLE # QUOTATION MARK codepoints.
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 703199b7cf029be2a88ae1482f2d4089c9be957c Author: Matt Turner gentoo org> AuthorDate: Wed May 10 01:56:01 2023 + Commit: Sam James gentoo org> CommitDate: Thu May 11 01:24:42 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=703199b7 install-qa-check.d/90config-impl-decl: Skip acl_get_perm_np on Linux Seen in net-misc/rsync. It seems that at least Darwin, FreeBSD, and NetBSD have this function. Bug: https://bugs.gentoo.org/898366 Signed-off-by: Matt Turner gentoo.org> Closes: https://github.com/gentoo/portage/pull/1034 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index 068a7186f..7969dff17 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -44,6 +44,7 @@ add_default_skips() { # Functions not available on Linux [[ ${CHOST} == *linux* ]] && QA_CONFIG_IMPL_DECL_SKIP+=( acl + acl_get_perm_np res_getservers res_ndestroy statacl
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: b945f1ecd17c492f08d79e5927003b97ec41db5e Author: Matt Turner gentoo org> AuthorDate: Wed May 10 01:47:04 2023 + Commit: Sam James gentoo org> CommitDate: Thu May 11 01:24:42 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=b945f1ec install-qa-check.d/90config-impl-decl: Skip res_getservers on Linux Seen in app-emulation/wine-*. It seems that at least Darwin, NetBSD, and Solaris have this function. Signed-off-by: Matt Turner gentoo.org> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index 4e9494931..9950ac934 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -43,6 +43,7 @@ add_default_skips() { # Functions not available on Linux [[ ${CHOST} == *linux* ]] && QA_CONFIG_IMPL_DECL_SKIP+=( + res_getservers res_ndestroy ) }
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4f02695138a577e162e731f34cdc3eb9e9391e21 Author: Matt Turner gentoo org> AuthorDate: Wed May 10 01:44:04 2023 + Commit: Sam James gentoo org> CommitDate: Thu May 11 01:24:42 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4f026951 install-qa-check.d/90config-impl-decl: Skip acl & statacl on Linux Seen in app-editors/vim. Bug: https://bugs.gentoo.org/898450 Signed-off-by: Matt Turner gentoo.org> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index 9950ac934..068a7186f 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -43,8 +43,10 @@ add_default_skips() { # Functions not available on Linux [[ ${CHOST} == *linux* ]] && QA_CONFIG_IMPL_DECL_SKIP+=( + acl res_getservers res_ndestroy + statacl ) }
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a478b4c427cfc51188ec9273952ad498de95a39f Author: Matt Turner gentoo org> AuthorDate: Wed May 10 01:35:54 2023 + Commit: Sam James gentoo org> CommitDate: Thu May 11 01:24:41 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a478b4c4 install-qa-check.d/90config-impl-decl: Skip res_ndestroy on Linux Seen in dev-libs/glib. It seems that at least Darwin, FreeBSD, OpenBSD, NetBSD, and Solaris have this function. Bug: https://bugs.gentoo.org/898232 Signed-off-by: Matt Turner gentoo.org> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 5 + 1 file changed, 5 insertions(+) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index 43be4222b..4e9494931 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -40,6 +40,11 @@ add_default_skips() { # https://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html "__atomic_*" ) + + # Functions not available on Linux + [[ ${CHOST} == *linux* ]] && QA_CONFIG_IMPL_DECL_SKIP+=( + res_ndestroy + ) } find_log_targets() {
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: 6a21e8643a56f91c724f23d652fb43ead5c1e2af Author: Michał Górny gentoo org> AuthorDate: Wed Apr 19 14:27:42 2023 + Commit: Sam James gentoo org> CommitDate: Sun Apr 23 20:49:26 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6a21e864 install-qa-check.d: Add a install log check for missing dev-python/cython dep Signed-off-by: Michał Górny gentoo.org> Closes: https://github.com/gentoo/portage/pull/1024 Signed-off-by: Sam James gentoo.org> NEWS| 2 ++ bin/install-qa-check.d/90cython-dep | 45 + 2 files changed, 47 insertions(+) diff --git a/NEWS b/NEWS index e60262509..50d96402c 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,8 @@ Features: - -Wmain - -Wimplicit-int - -Wstring-compare +* install-qa-check.d: cython-dep: Report packages that are using Cython + but are missing BDEPEND on it. Bug fixes: * econf now checks for proper end of string in "configure --help" output for diff --git a/bin/install-qa-check.d/90cython-dep b/bin/install-qa-check.d/90cython-dep new file mode 100644 index 0..4932c0242 --- /dev/null +++ b/bin/install-qa-check.d/90cython-dep @@ -0,0 +1,45 @@ +# Check for missing dev-python/cython dep based on output +# from setuptools cythonize() support + +cython_dep_check() { + [[ ${CATEGORY}/${PN} == dev-python/cython ]] && return + # grepping log files is expensive, so do it only for ebuilds using + # distutils-r1 + has distutils-r1 ${INHERITED} || return + [[ ${BDEPEND} == *dev-python/cython* ]] && return + + # Evaluate misc gcc warnings + if [[ -n ${PORTAGE_LOG_FILE} && -r ${PORTAGE_LOG_FILE} ]] ; then + # In debug mode, the grep calls will produce false positives + # if they're shown in the trace. + local reset_debug=0 + if [[ ${-/x/} != $- ]] ; then + set +x + reset_debug=1 + fi + + local grep_cmd=grep + [[ ${PORTAGE_LOG_FILE} = *.gz ]] && grep_cmd=zgrep + + # Force C locale to work around slow multibyte locales, bug #160234 + # Force text mode as newer grep will treat non-ASCII (e.g. UTF-8) as + # binary when we run in the C locale. + local f=$( + LC_CTYPE=C LC_COLLATE=C "${grep_cmd}" -a "Cythonizing" \ + "${PORTAGE_LOG_FILE}" | uniq + ) + if [[ -n ${f} ]] ; then + __vecho -ne '\n' + eqawarn "QA Notice: Package seems to be missing a BDEPEND on dev-python/cython." + eqawarn "${f}" + __vecho -ne '\n' + fi + + [[ ${reset_debug} = 1 ]] && set -x + fi +} + +cython_dep_check +: # guarantee successful exit + +# vim:ft=sh
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: e9eb2f7b8b25559b555c0ec8806b602e486753de Author: Sam James gentoo org> AuthorDate: Fri Apr 7 10:39:53 2023 + Commit: Sam James gentoo org> CommitDate: Fri Apr 7 10:41:46 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e9eb2f7b bin/install-qa-check.d/90gcc-warnings: add more warnings These are all indicative of possible runtime issues. Signed-off-by: Sam James gentoo.org> NEWS | 15 +++ bin/install-qa-check.d/90gcc-warnings | 9 + 2 files changed, 24 insertions(+) diff --git a/NEWS b/NEWS index 0361e6ac6..3dfaf2a09 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,18 @@ +portage-3.0.47 (UNRELEASED) +--- + +Features: +* install-qa-check.d: 90gcc-warnings: Add additional code quality warnings: + - -Wrestrict + - -Wstringop-overread + - -Wstringop-truncation + - -Wformat-truncation + - -Wcast-function-type + - -Wnull-dereference + - -Wmain + - -Wimplicit-int + - -Wstring-compare + portage-3.0.46 (2023-04-07) --- diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index dbfbc4a9a..449bf2362 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -19,6 +19,7 @@ gcc_warn_check() { # only will and does, no might :) 'warning: .*will.*\[-Wstrict-aliasing\]' 'warning: .*does.*\[-Wstrict-aliasing\]' + 'warning: .*\[-Wrestrict\]' # strict aliasing violation in C++ (Clang) 'warning: .*\[-Wundefined-reinterpret-cast\]' @@ -44,6 +45,8 @@ gcc_warn_check() { 'warning: .*will always overflow destination buffer' # compile-time part of FORTIFY_SOURCE 'warning: .*\[-Wstringop-overflow\]' + 'warning: .*\[-Wstringop-overread\]' + 'warning: .*\[-Wstringop-truncation\]' # clang-only, equivalent of -Wstringop-overflow 'warning: .*\[-Wfortify-source\]' 'warning: .*assuming pointer wraparound does not occur' @@ -86,6 +89,7 @@ gcc_warn_check() { # -Wformat variants 'warning: .*too few arguments for format' 'warning: .*missing sentinel in function call.*\[-Wformat=\]' + 'warning: .*\[-Wformat-truncation\]' # format ... expects a matching ... argument # (iow, too few arguments for format in new wording :)) 'warning: .*matching.*\[-Wformat=\]' @@ -104,6 +108,8 @@ gcc_warn_check() { # more specific form of -Wincompatible-pointer-types (Clang) 'warning: .*\[-Wincompatible-function-pointer-types\]' # these will fail with CFI (https://reviews.llvm.org/D134831) + # (gcc lacks -strict) + #'warning: .*\[-Wcast-function-type\]' 'warning: .*\[-Wcast-function-type-strict\]' # using wrong deallocator, e.g. using free() on object allocated using my_malloc() # when my_malloc() is annotated as needing my_free(). @@ -117,9 +123,12 @@ gcc_warn_check() { 'warning: .*\[-Wodr\]' # warning: argument value A will result in undefined behaviour (Clang) 'warning: .*\[-Wargument-undefined-behaviour\]' + 'warning: .*\[-Wnull-dereference\]' # general sensible warnings (will be rejected by modern compilers soon) + 'warning: .*\[-Wmain\]' 'warning: .*\[-Wimplicit-int\]' + 'warning: .*\[-Wstring-compare\]' # this may be valid code :/ #': warning: multi-character character constant'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 6642bdf54d071d7b93b3f6fb4bc24df4075c8de1 Author: Sam James gentoo org> AuthorDate: Fri Apr 7 10:39:06 2023 + Commit: Sam James gentoo org> CommitDate: Fri Apr 7 10:39:06 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6642bdf5 bin/install-qa-check.d/90gcc-warnings: add -Wimplicit-int This will be rejected by modern compilers soon: https://wiki.gentoo.org/wiki/Modern_C_porting. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 431cc7639..dbfbc4a9a 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -118,6 +118,9 @@ gcc_warn_check() { # warning: argument value A will result in undefined behaviour (Clang) 'warning: .*\[-Wargument-undefined-behaviour\]' + # general sensible warnings (will be rejected by modern compilers soon) + 'warning: .*\[-Wimplicit-int\]' + # this may be valid code :/ #': warning: multi-character character constant' # need to check these two ...
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: eca90b6049a9ce42ec6868f64abcab403c9f4190 Author: Sam James gentoo org> AuthorDate: Tue Feb 28 03:10:26 2023 + Commit: Sam James gentoo org> CommitDate: Tue Feb 28 03:10:26 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=eca90b60 install-qa-check.d/90config-impl-decl: prefix warning with 'QA Notice' ... so tinderboxes can pick it up more easily. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index d1bc0e067..0e758e87d 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -92,12 +92,13 @@ config_impl_decl_check() { # Drop out early if no impl decls found (all the arrays are the same size) [[ ${#files[@]} -eq 0 ]] && return - eqawarn 'Found the following implicit function declarations in configure logs:' + eqawarn 'QA Notice: Found the following implicit function declarations in configure logs:' for l in "${!files[@]}"; do eqawarn " ${files[l]}:${lines[l]} - ${funcs[l]}" eqatag 'config.log-impl-decl' "line=${lines[l]}" "func=${funcs[l]}" "${files[l]}" done eqawarn 'Check that no features were accidentally disabled.' + eqawarn 'See https://wiki.gentoo.org/wiki/Modern_C_porting.' } config_impl_decl_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: b846c59c1e2ad80163745de024154cbe845fedaa Author: Oskari Pirhonen gmail com> AuthorDate: Mon Feb 27 02:05:39 2023 + Commit: Sam James gentoo org> CommitDate: Mon Feb 27 04:43:48 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=b846c59c 90config-impl-decl: bug fixes - Match "-Werror=impl..." from gcc - Use separate RE to check for UTF-8 and ASCII quoting when extracting the function name Signed-off-by: Oskari Pirhonen gmail.com> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 31 +-- 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl index 2fb8307ea..d1bc0e067 100644 --- a/bin/install-qa-check.d/90config-impl-decl +++ b/bin/install-qa-check.d/90config-impl-decl @@ -38,6 +38,12 @@ find_log_targets() { find -files0-from - -type f \( "${find_args[@]}" \) -print0 } +has_utf8_ctype() { + # Use python to check if the locale is UTF-8 since tools like locale(1) may + # not exist (eg, musl systems). + [[ "$("${PORTAGE_PYTHON:-/usr/bin/python}" -c 'import locale; print(locale.getlocale()[1])')" == UTF-8 ]] +} + config_impl_decl_check() { local files=() local lines=() @@ -46,19 +52,32 @@ config_impl_decl_check() { local entry local line local func - local re=" function '([[:print:]]+)'" + local re_uni + local re_asc + local is_utf8 + + # Given the UTF-8 character type, both gcc and clang may enclose the + # function name between the LEFT SINGLE QUOTATION MARK and RIGHT SINGLE + # QUOTATION MARK codepoints. + re_uni=$' function \u2018([^\u2019]+)\u2019' + + # This variant matches ASCII single quotes. + re_asc=$' function \x27([^\x27]+)\x27' + + # Is UTF-8 the effective character type? + has_utf8_ctype; is_utf8=$(( $? == 0 )) # Iterate over every log file found and check for '-Wimplicit-function-declaration' while IFS= read -rd '' l; do while IFS= read -ru3 entry; do # Strip ANSI codes (color and erase in line have been seen at least) - entry="$(printf '%s\n' "${entry}" | sed -E -e $'s/\033\[[0-9;]*[A-Za-z]//g')" + entry="$(printf '%s\n' "${entry}" | LC_ALL='C' sed -E -e $'s/\033\[[0-9;]*[A-Za-z]//g')" line="${entry%%:*}" - # This conditional should always be true unless compiler warnings - # get drastically changed - if [[ ${entry} =~ ${re} ]]; then + if [[ ${is_utf8} -eq 1 && ${entry} =~ ${re_uni} ]] || [[ ${entry} =~ ${re_asc} ]]; then func="${BASH_REMATCH[1]}" + else + continue fi has "${func}" "${QA_CONFIG_IMPL_DECL_SKIP[@]}" && continue @@ -67,7 +86,7 @@ config_impl_decl_check() { lines+=( "${line}" ) funcs+=( "${func}" ) # Using -I to ignore binary files is a GNU extension for grep - done 3< <(grep -nEI -e '-Wimplicit-function-declaration' "${l}") + done 3< <(grep -nEI -e '-W(error=)?implicit-function-declaration' "${l}") done < <(find_log_targets) # Drop out early if no impl decls found (all the arrays are the same size)
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: dc1e8d7b9ad8f7253fa14e068547b63b14c829b7 Author: Oskari Pirhonen gmail com> AuthorDate: Wed Feb 1 04:32:20 2023 + Commit: Sam James gentoo org> CommitDate: Sun Feb 26 20:22:42 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=dc1e8d7b install-qa-check.d/90config-impl-decl: check config log for warnings Check for -Wimplicit-function-declaration in: - config.log - CMakeError.log - meson-log.txt and log the config log, line number, and function name on-screen and in qa.log under the tag 'config.log-impl-decl'. In ebuilds, use the `QA_CONFIG_IMPL_DECL_SKIP` array to skip false positives. Closes: https://bugs.gentoo.org/892651 Signed-off-by: Oskari Pirhonen gmail.com> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90config-impl-decl | 87 +++ 1 file changed, 87 insertions(+) diff --git a/bin/install-qa-check.d/90config-impl-decl b/bin/install-qa-check.d/90config-impl-decl new file mode 100644 index 0..2fb8307ea --- /dev/null +++ b/bin/install-qa-check.d/90config-impl-decl @@ -0,0 +1,87 @@ +# Check for implicit function declaration warnings in configure logs +# +# ebuilds should set the QA_CONFIG_IMPL_DECL_SKIP array to skip known false +# positives. +# +# Some examples of logs to look for: +# bash: work/bash-5.1/config.log +# ^--- easy +# python: work/Python-3.10.9/config.log +# ^--- easy +# gcc: work/build/config.log +# ^--- can be out-of-tree +# clang: work/x/y/clang-abi_x86_64.amd64/CMakeFiles/CMakeError.log +#^--- can be non-autotools (and very deep) +# systemd-utils: work/systemd-stable-251.10-abi_x86_64.amd64/meson-logs/meson-log.txt +#^--- can be non-autotools +# +# Adapted from macports portconfigure.tcl with love. +# +# See also: bug 892651 + +find_log_targets() { + local log_targets=( + 'config.log' + 'CMakeError.log' + 'meson-log.txt' + ) + local find_args=() + local log + + # Find config logs. Assume the dirs can have spaces in them, even though + # that is hella evil and goes against good filesystem manners! + for log in "${log_targets[@]}"; do + find_args+=( '-name' "${log}" '-o' ) + done + unset -v 'find_args[-1]' + printf '%s\0' "${WORKDIR}" | + find -files0-from - -type f \( "${find_args[@]}" \) -print0 +} + +config_impl_decl_check() { + local files=() + local lines=() + local funcs=() + local l + local entry + local line + local func + local re=" function '([[:print:]]+)'" + + # Iterate over every log file found and check for '-Wimplicit-function-declaration' + while IFS= read -rd '' l; do + while IFS= read -ru3 entry; do + # Strip ANSI codes (color and erase in line have been seen at least) + entry="$(printf '%s\n' "${entry}" | sed -E -e $'s/\033\[[0-9;]*[A-Za-z]//g')" + + line="${entry%%:*}" + # This conditional should always be true unless compiler warnings + # get drastically changed + if [[ ${entry} =~ ${re} ]]; then + func="${BASH_REMATCH[1]}" + fi + + has "${func}" "${QA_CONFIG_IMPL_DECL_SKIP[@]}" && continue + + files+=( "${l}" ) + lines+=( "${line}" ) + funcs+=( "${func}" ) + # Using -I to ignore binary files is a GNU extension for grep + done 3< <(grep -nEI -e '-Wimplicit-function-declaration' "${l}") + done < <(find_log_targets) + + # Drop out early if no impl decls found (all the arrays are the same size) + [[ ${#files[@]} -eq 0 ]] && return + + eqawarn 'Found the following implicit function declarations in configure logs:' + for l in "${!files[@]}"; do + eqawarn " ${files[l]}:${lines[l]} - ${funcs[l]}" + eqatag 'config.log-impl-decl' "line=${lines[l]}" "func=${funcs[l]}" "${files[l]}" + done + eqawarn 'Check that no features were accidentally disabled.' +} + +config_impl_decl_check +: # guarantee successful exit + +# vim:ft=sh noexpandtab:
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: bd6e366894615fc7b2c7faafca666933ad850340 Author: Florian Schmaus gentoo org> AuthorDate: Sun Feb 19 09:04:21 2023 + Commit: Sam James gentoo org> CommitDate: Sun Feb 19 12:22:58 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=bd6e3668 install-qa-check.d/60pkgconfig: fix eapi_has_version_functions call The function is prefixed with three three underscores, not two. Fixes: f0d4e696f82d ("install-qa-check.d/60pkgconfig: conditionally source eapi7-ver-funcs.sh") Signed-off-by: Florian Schmaus gentoo.org> Closes: https://github.com/gentoo/portage/pull/990 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 625b22c9e..acbee4df1 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -1,7 +1,7 @@ # Check for pkg-config file issues # Ensure that ver_test is available. -if ! __eapi_has_version_functions; then +if ! ___eapi_has_version_functions; then source "${PORTAGE_BIN_PATH}/eapi7-ver-funcs.sh" || exit 1 fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: f0d4e696f82d989371360d7e4d8df6e2ff1f6bd2 Author: Florian Schmaus gentoo org> AuthorDate: Mon Aug 15 07:14:14 2022 + Commit: Sam James gentoo org> CommitDate: Fri Feb 17 09:12:03 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=f0d4e696 install-qa-check.d/60pkgconfig: conditionally source eapi7-ver-funcs.sh To make ver_test available, source eapi7-ver-funcs.sh instead of inherting eapi7-ver. This makes the check available for ebuild repositories that do not have ::gentoo as main repository. Suggested-by: Arfrever Frehtes Taifersar Arahesis apache.org> Signed-off-by: Florian Schmaus gentoo.org> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 6ecbcabfd..5d5b6d611 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -1,5 +1,10 @@ # Check for pkg-config file issues +# Ensure that ver_test is available. +if ! __eapi_has_version_functions; then + source "${PORTAGE_BIN_PATH}/eapi7-ver-funcs.sh" || exit 1 +fi + pkgconfig_check() { local files=() # Make a list of .pc files and bail out if there aren't any @@ -108,8 +113,6 @@ pkgconfig_check() { local is_pms_ver=false if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then - # Ensure that ver_test is available. - [[ $(type -t ver_test) == function ]] || inherit eapi7-ver is_pms_ver=true fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 7b00b5aa8c68942cdb9e751a9eeaa8b7795387f0 Author: Florian Schmaus gentoo org> AuthorDate: Thu Dec 22 07:59:14 2022 + Commit: Sam James gentoo org> CommitDate: Fri Feb 17 09:12:03 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=7b00b5aa Revert "bin/install-qa-check.d: drop QA_PKGCONFIG_VERSION checks from 60pkgconfig" This reverts commit 772fdceea5f148d9bb5fd6c87ffd48f87ca93bab. Signed-off-by: Florian Schmaus gentoo.org> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 60 ++ 1 file changed, 60 insertions(+) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index c982dbdf4..6ecbcabfd 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -88,6 +88,66 @@ pkgconfig_check() { eqawarn "(contains reference to either lib or lib64 in wrong directory)" eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}" fi + + # Check for mismatched Version field vs ${PV} + # To be safe, let's make sure _all_ installed .pcs have a bad Version + # before warning, as this should catch the general cases we're worried + # about, while avoiding any pathological cases e.g. multiple libraries + # with different versioning within one package. + # Example bugs: bug #833895, bug #833887. + + # Default to PV if QA_PKGCONFIG_VERSION is unset. + if [[ -z ${QA_PKGCONFIG_VERSION+set} ]]; then + local QA_PKGCONFIG_VERSION=${PV} + fi + + # Skip the check if QA_PKGCONFIG_VERSION is set to empty string. + if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then + local pms_ver_re="^([0-9]+(\.[0-9]+)*)([a-z]?)((_(alpha|beta|pre|rc|p)[0-9]*)*)(-r[0-9]+)?$" + local -A bad_files + + local is_pms_ver=false + if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then + # Ensure that ver_test is available. + [[ $(type -t ver_test) == function ]] || inherit eapi7-ver + is_pms_ver=true + fi + + for f in "${files[@]}" ; do + local file_version=$(pkg-config --modversion "${f}") + if [[ -n ${file_version} ]] ; then + if ${is_pms_ver} && [[ ${file_version} =~ ${pms_ver_re} ]]; then + # If both versions comply to PMS, then we can use ver_test to compare them. + ver_test ${QA_PKGCONFIG_VERSION} -eq ${file_version} && continue + else + # Otherwise, we resort to string comparision. + [[ ${QA_PKGCONFIG_VERSION} == ${file_version} ]] && continue + fi + else + # Record a special value if the .pc file has no version set at all. + file_version="" + fi + + bad_files["${f//${D}}"]="${file_version}" + done + + # Skip result reporting if *_p* because for both _pN and _preN, we + # don't generally expect the versions to be exactly accurate, and + # we want to avoid false positives. + if [[ ${#bad_files[@]} -gt 0 && ${PV} != *_p* ]] && ! has live ${PROPERTIES} ; then + eqawarn "QA Notice: pkg-config files with mismatched Version found!" + eqawarn "The Version field of the following files does not match ${PV}" + local bad_file + for bad_file in "${!bad_files[@]}"; do + local bad_file_version="${bad_files[${bad_file}]}" + eqawarn "- ${bad_file}: ${bad_file_version}" + done + eqawarn "Please check all .pc files installed by this package." + eqawarn "You can use QA_PKGCONFIG_VERSION to set the expected version," + eqawarn "or set to the empty string to disable this QA check." + eqatag pkgconfig.unexpected-version ${!bad_files[@]} + fi + fi } pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, man/, /
commit: 38de354cd5f8e9216792cd084c39d688925a9ee9 Author: Florian Schmaus gentoo org> AuthorDate: Thu Dec 22 08:14:38 2022 + Commit: Sam James gentoo org> CommitDate: Fri Feb 17 09:12:03 2023 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=38de354c install-qa-check.d/60pkgconfig: make QA_PKGCONFIG_VERSION opt-in Signed-off-by: Florian Schmaus gentoo.org> Closes: https://github.com/gentoo/portage/pull/889 Signed-off-by: Sam James gentoo.org> NEWS | 2 ++ bin/install-qa-check.d/60pkgconfig | 15 +-- man/ebuild.5 | 6 ++ 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/NEWS b/NEWS index b1f317ce3..7e2ce9f41 100644 --- a/NEWS +++ b/NEWS @@ -130,6 +130,8 @@ Features: * sync: git: run 'git clean' in git repositories if they are marked as non-volatile. +* install-qa-check.d: 60pkgconfig: add opt-in QA_PKGCONFIG_VERSION check + Bug fixes: * glsa: Abort if a GLSA's arch list doesn't match the expected format (bug #882797). diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 5d5b6d611..625b22c9e 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -94,19 +94,16 @@ pkgconfig_check() { eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}" fi - # Check for mismatched Version field vs ${PV} + # Check for mismatched .pc Version field vs ${PV}. As this check + # initially caused false-positives, i.e., reports of a mismatch + # where the mismatch was intentional, it is now an opt-in check. # To be safe, let's make sure _all_ installed .pcs have a bad Version # before warning, as this should catch the general cases we're worried # about, while avoiding any pathological cases e.g. multiple libraries # with different versioning within one package. # Example bugs: bug #833895, bug #833887. - # Default to PV if QA_PKGCONFIG_VERSION is unset. - if [[ -z ${QA_PKGCONFIG_VERSION+set} ]]; then - local QA_PKGCONFIG_VERSION=${PV} - fi - - # Skip the check if QA_PKGCONFIG_VERSION is set to empty string. + # Skip the check if QA_PKGCONFIG_VERSION is not set. if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then local pms_ver_re="^([0-9]+(\.[0-9]+)*)([a-z]?)((_(alpha|beta|pre|rc|p)[0-9]*)*)(-r[0-9]+)?$" local -A bad_files @@ -139,15 +136,13 @@ pkgconfig_check() { # we want to avoid false positives. if [[ ${#bad_files[@]} -gt 0 && ${PV} != *_p* ]] && ! has live ${PROPERTIES} ; then eqawarn "QA Notice: pkg-config files with mismatched Version found!" - eqawarn "The Version field of the following files does not match ${PV}" + eqawarn "The Version field of the following files does not match ${QA_PKGCONFIG_VERSION}" local bad_file for bad_file in "${!bad_files[@]}"; do local bad_file_version="${bad_files[${bad_file}]}" eqawarn "- ${bad_file}: ${bad_file_version}" done eqawarn "Please check all .pc files installed by this package." - eqawarn "You can use QA_PKGCONFIG_VERSION to set the expected version," - eqawarn "or set to the empty string to disable this QA check." eqatag pkgconfig.unexpected-version ${!bad_files[@]} fi fi diff --git a/man/ebuild.5 b/man/ebuild.5 index 186a3ac3f..decef8399 100644 --- a/man/ebuild.5 +++ b/man/ebuild.5 @@ -910,6 +910,12 @@ expressions with escape\-quoted special characters. This should contain a list of file paths, relative to the image directory, of desktop files which should not be validated. The paths may contain regular expressions with escape\-quoted special characters. +.TP +.B QA_PKGCONFIG_VERSION +If set, then portage verifies that all pkg-config .pc files have a Version field +with the value of QA_PKGCONFIG_VERSION. For example, set +\fIQA_PKGCONFIG_VERSION=${PV}\fR if your package is expected to install all +pkg-config .pc files with a Version field containing PV. .SH "PORTAGE DECLARATIONS" .TP
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: ddaf25365f74227dc581b9e2c38b0c0cc9c6d6b5 Author: Oskari Pirhonen gmail com> AuthorDate: Mon Dec 5 01:22:07 2022 + Commit: Sam James gentoo org> CommitDate: Sat Dec 10 01:46:43 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ddaf2536 install-qa-check.d/60pkgconfig: remove PCRE The pattern in question works with both `grep -P` and `grep -E`, prefer the latter to avoid having to check if grep is built with PCRE support. '=(/usr)?/lib\b' Bug: https://bugs.gentoo.org/884285 Signed-off-by: Oskari Pirhonen gmail.com> Closes: https://github.com/gentoo/portage/pull/957 Signed-off-by: Sam James gentoo.org> NEWS | 2 ++ bin/install-qa-check.d/60pkgconfig | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index ea9967d0f..8f4983e06 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ Features: Bug fixes: * glsa: Abort if a GLSA's arch list doesn't match the expected format (bug #882797). +* install-qa-check.d: 60pkgconfig: avoid using grep -P (PCRE) unnecessarily (bug #884285). + * etc-update: Apply defences for patsub_replacement being default on in Bash 5.2 (bug #881383). diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index f44ec232a..c982dbdf4 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -77,7 +77,7 @@ pkgconfig_check() { fi elif [[ ${f} == *lib64/pkgconfig* ]] ; then # We want to match /lib/, /lib/foo/, but not e.g. /lib64 or /lib64/, or libfoo - if grep -qP '=(/usr)?/lib\b' ${f} ; then + if grep -E -q '=(/usr)?/lib\b' ${f} ; then bad_libdir+=( "${f//${D}}" ) fi fi
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 0fdbbbdb5a80e331adf701f2b2c1f096695447c4 Author: Sam James gentoo org> AuthorDate: Sun Nov 20 23:32:08 2022 + Commit: Sam James gentoo org> CommitDate: Sun Nov 20 23:33:43 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=0fdbbbdb install-qa-check.d/90gcc-warnings: don't make implicit func decls fatal for now We need to do this at some point (as Clang 16 and GCC 14 are doing it, and they indicate runtime problems anyway), but there's too much breakage for now. We did find some extra bugs though. The main issue is too much high-profile stuff breaks rather than the total number of bugs, wrt Portage behaviour changing being suitable or not. Bug: https://bugs.gentoo.org/870412 Signed-off-by: Sam James gentoo.org> NEWS | 4 bin/install-qa-check.d/90gcc-warnings | 7 --- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 7b97f2a86..28f482350 100644 --- a/NEWS +++ b/NEWS @@ -16,6 +16,10 @@ Bug fixes: * Fix DeprecationWarning in sets. +* install-qa-check.d: 90gcc-warnigns: Disable -Wimplicit-function-declaration being + fatal for now. The number of failures in bug #870412 is too large for the time + being. + portage-3.0.39 (2022-11-20) -- diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 7a27b5aaa..431cc7639 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -153,9 +153,10 @@ gcc_warn_check() { # always_overflow=yes #fi - if [[ ${f} == *'[-Wimplicit-function-declaration]'* ]] ; then - implicit_func_decl=yes - fi + # Disabled for now because too many failures. bug #870412. + #if [[ ${f} == *'[-Wimplicit-function-declaration]'* ]] ; then + # implicit_func_decl=yes + #fi if [[ ${always_overflow} = yes || ${implicit_func_decl} = yes ]] ; then eerror
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 739e8de006c6c2a247edef3e616fcdecba28edc8 Author: Sam James gentoo org> AuthorDate: Wed Nov 9 07:38:53 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 07:38:53 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=739e8de0 install-qa-check.d/90gcc-warnings: drop some conversion warnings for now While I want to keep these, Bash triggers them with a trick it uses to force truncation in random.c, and I can't really justify FEATURES=stricter stopping Bash from installing. Signed-off-by: Sam James gentoo.org> NEWS | 4 bin/install-qa-check.d/90gcc-warnings | 13 + 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index 5ee6e3bd1..2480f55a8 100644 --- a/NEWS +++ b/NEWS @@ -30,10 +30,6 @@ Features: * -Wincompatible-function-pointer-types (Clang, becomes fatal in Clang 16) (note we already have -Wincompatible-pointer-types in the list for GCC) * -Wundefined-reinterpret-cast (Clang, C++ strict aliasing) - * -Wint-conversion - * -Wint-to-pointer-cast - * -Wpointer-to-int-cast - * -Wint-to-void-pointer-cast * -Wcast-function-type-strict (Clang, CFI) * Further -Wformat matches for missing specifiers. In future, we may warn on all -Wformat (in particular because of e.g. diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 845a83b08..7a27b5aaa 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -66,14 +66,19 @@ gcc_warn_check() { # the address of ... will never be NULL and likes # (uses of function refs & string constants in conditionals) 'warning: .*\[-Waddress\]' + + # TODO: we want to enable these but bash currently triggers + # them with a trick in random.c where it intentionally wants + # some truncation :( + # # warning: assignment/initialization to ... from ... makes integer from pointer without cast - 'warning: .*\[-Wint-conversion\]' + #'warning: .*\[-Wint-conversion\]' # warning: cast to ... from integer of different size (or smaller size) - 'warning: .*\[-Wint-to-pointer-cast\]' + #'warning: .*\[-Wint-to-pointer-cast\]' # warning: cast to ... from (smaller) integer type - 'warning: .*\[-Wint-to-void-pointer-cast\]' + #'warning: .*\[-Wint-to-void-pointer-cast\]' # warning: cast from ... to integer of different size - 'warning: .*\[-Wpointer-to-int-cast\]' + #'warning: .*\[-Wpointer-to-int-cast\]' # -Wformat # TODO: comment out some time in future for time_t & LFS preparedness
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: 2a352b6ff5ddd3a2d25ff6d0e6a50bc9daab67d6 Author: Sam James gentoo org> AuthorDate: Wed Nov 9 07:17:45 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 07:30:36 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=2a352b6f install-qa-check.d/90gcc-warnings: add -Wcast-function-type-strict New Clang flag which will warn on casts that'll break with CFI. Signed-off-by: Sam James gentoo.org> NEWS | 1 + bin/install-qa-check.d/90gcc-warnings | 2 ++ 2 files changed, 3 insertions(+) diff --git a/NEWS b/NEWS index 6fe36cbe0..16552ea7d 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,7 @@ Features: * -Wint-to-pointer-cast * -Wpointer-to-int-cast * -Wint-to-void-pointer-cast + * -Wcast-function-type-strict (Clang, CFI) * Further -Wformat matches for missing specifiers. In future, we may warn on all -Wformat (in particular because of e.g. time_t & LFS). diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index d8322871b..7fd8502ef 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -92,6 +92,8 @@ gcc_warn_check() { 'warning: .*\[-Wincompatible-pointer-types\]' # more specific form of -Wincompatible-pointer-types (Clang) 'warning: .*\[-Wincompatible-function-pointer-types\]' + # these will fail with CFI (https://reviews.llvm.org/D134831) + 'warning: .*\[-Wcast-function-type-strict\]' # using wrong deallocator, e.g. using free() on object allocated using my_malloc() # when my_malloc() is annotated as needing my_free(). 'warning: .*\[-Wmismatched-dealloc\]'
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 73fccc7cee325874e7533e1c809dc26e45e604e0 Author: Sam James gentoo org> AuthorDate: Wed Nov 9 07:29:54 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 07:30:36 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=73fccc7c install-qa-check.d/90gcc-warnings: add more Clang warnings All of these are either smells of something wrong or likely UB: -Wstrlcpy-strlcat-size -Wstrncat-size -Wsuspicious-bzero -Wvarargs Signed-off-by: Sam James gentoo.org> NEWS | 4 bin/install-qa-check.d/90gcc-warnings | 6 ++ 2 files changed, 10 insertions(+) diff --git a/NEWS b/NEWS index 16552ea7d..5ee6e3bd1 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,10 @@ Features: * -Wreturn-type * -Wstringop-overflow (GCC, FORTIFY_SOURCE) * -Wfortify-source (Clang, FORTIFY_SOURCE) + * -Wstrlcpy-strlcat-size + * -Wstrncat-size + * -Wsuspicious-bzero + * -Wvarargs * -Wargument-undefined-behaviour (Clang) * -Wincompatible-function-pointer-types (Clang, becomes fatal in Clang 16) (note we already have -Wincompatible-pointer-types in the list for GCC) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 7fd8502ef..845a83b08 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -49,6 +49,12 @@ gcc_warn_check() { 'warning: .*assuming pointer wraparound does not occur' 'warning: .*escape sequence out of range' + # all clang + 'warning: .*\[-Wstrlcpy-strlcat-size\]' + 'warning: .*\[-Wstrncat-size\]' + 'warning: .*\[-Wsuspicious-bzero\]' + 'warning: .*\[-Wvarargs\]' + # left-hand operand of comma expression has no effect 'warning: .*left.*comma.*\[-Wunused-value\]' # converting to non-pointer type ... from NULL and likes
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: c4df46e3da5fee516dba000ade492c2462db99fd Author: Sam James gentoo org> AuthorDate: Wed Nov 9 03:36:39 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 03:38:13 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=c4df46e3 install-qa-check.d/90gcc-warnings: update outdated -Wformat pattern This only covers missing specifiers. We may add generic -Wformat (as commented out) for time_t & LFS stuff later on, but I don't want to do it in portage 3.0.39 as we're adding enough new stuff here. Signed-off-by: Sam James gentoo.org> NEWS | 3 +++ bin/install-qa-check.d/90gcc-warnings | 6 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index cf3487e4b..6fe36cbe0 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,9 @@ Features: * -Wint-to-pointer-cast * -Wpointer-to-int-cast * -Wint-to-void-pointer-cast + * Further -Wformat matches for missing specifiers. +In future, we may warn on all -Wformat (in particular because of e.g. +time_t & LFS). * install-qa-check.d: 90gcc-warnings: Always die on -Wimplicit-function-declaration and remove bin/check-implicit-pointer-usage.py of dubious licencing (it was diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index cdffcd029..d8322871b 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -69,8 +69,12 @@ gcc_warn_check() { # warning: cast from ... to integer of different size 'warning: .*\[-Wpointer-to-int-cast\]' - # outdated? + # -Wformat + # TODO: comment out some time in future for time_t & LFS preparedness + #'warning: .*\[-Wformat=\]' + # -Wformat variants 'warning: .*too few arguments for format' + 'warning: .*missing sentinel in function call.*\[-Wformat=\]' # format ... expects a matching ... argument # (iow, too few arguments for format in new wording :)) 'warning: .*matching.*\[-Wformat=\]'
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 4a5dbb20506e366b205279a10504b66a2a96540a Author: Sam James gentoo org> AuthorDate: Wed Nov 9 03:27:34 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 03:31:48 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4a5dbb20 install-qa-check.d/90gcc-warnings: add -Wpointer-to-int-cast for completeness Opposite side of -Wint-to-pointer-cast. Signed-off-by: Sam James gentoo.org> NEWS | 1 + bin/install-qa-check.d/90gcc-warnings | 2 ++ 2 files changed, 3 insertions(+) diff --git a/NEWS b/NEWS index 4745b580d..f8441b6ec 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,7 @@ Features: * -Wundefined-reinterpret-cast (Clang, C++ strict aliasing) * -Wint-conversion * -Wint-to-pointer-cast + * -Wpointer-to-int-cast * install-qa-check.d: 90gcc-warnings: Always die on -Wimplicit-function-declaration and remove bin/check-implicit-pointer-usage.py of dubious licencing (it was diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index b8b5f7147..2edabcde7 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -64,6 +64,8 @@ gcc_warn_check() { 'warning: .*\[-Wint-conversion\]' # warning: cast to ... from integer of different size (or smaller size) 'warning: .*\[-Wint-to-pointer-cast\]' + # warning: cast from ... to integer of different size + 'warning: .*\[-Wpointer-to-int-cast\]' # outdated? 'warning: .*too few arguments for format'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: ee5ab4ca94fb308068d24291268abf52b9644c82 Author: Sam James gentoo org> AuthorDate: Wed Nov 9 03:30:42 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 03:31:48 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ee5ab4ca install-qa-check.d/90gcc-warnings: add -Wint-to-void-pointer-cast We already have the other -Wint-conversions and this complements -Wpointer-to-int-cast and -Wint-to-pointer-cast. The motivation for all of these is finding things which are likely to break across bitness. Signed-off-by: Sam James gentoo.org> NEWS | 1 + bin/install-qa-check.d/90gcc-warnings | 2 ++ 2 files changed, 3 insertions(+) diff --git a/NEWS b/NEWS index f8441b6ec..cf3487e4b 100644 --- a/NEWS +++ b/NEWS @@ -29,6 +29,7 @@ Features: * -Wint-conversion * -Wint-to-pointer-cast * -Wpointer-to-int-cast + * -Wint-to-void-pointer-cast * install-qa-check.d: 90gcc-warnings: Always die on -Wimplicit-function-declaration and remove bin/check-implicit-pointer-usage.py of dubious licencing (it was diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 2edabcde7..cdffcd029 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -64,6 +64,8 @@ gcc_warn_check() { 'warning: .*\[-Wint-conversion\]' # warning: cast to ... from integer of different size (or smaller size) 'warning: .*\[-Wint-to-pointer-cast\]' + # warning: cast to ... from (smaller) integer type + 'warning: .*\[-Wint-to-void-pointer-cast\]' # warning: cast from ... to integer of different size 'warning: .*\[-Wpointer-to-int-cast\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4030f0006c83bd7aa7a9c3549b6fe0910458ae62 Author: Sam James gentoo org> AuthorDate: Wed Nov 9 02:29:43 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 02:29:43 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4030f000 install-qa-check.d/90gcc-warnings: fix grep warning Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 2f6f393a4..b8b5f7147 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -20,7 +20,7 @@ gcc_warn_check() { 'warning: .*will.*\[-Wstrict-aliasing\]' 'warning: .*does.*\[-Wstrict-aliasing\]' # strict aliasing violation in C++ (Clang) - 'warning: .*\[\-Wundefined-reinterpret-cast\]' + 'warning: .*\[-Wundefined-reinterpret-cast\]' # implicit declaration of function ‘...’ 'warning: .*\[-Wimplicit-function-declaration\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a38aa2108f996c834e8ca2f10fb151a111c782dc Author: Sam James gentoo org> AuthorDate: Wed Nov 9 02:12:32 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 02:25:45 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a38aa210 install-qa-check.d/90gcc-warnings: add -Wint-conversion, -Wint-to-pointer-cast Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 4 1 file changed, 4 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index cd12558ba..7a859eb88 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -54,6 +54,10 @@ gcc_warn_check() { # the address of ... will never be NULL and likes # (uses of function refs & string constants in conditionals) 'warning: .*\[-Waddress\]' + # warning: assignment/initialization to ... from ... makes integer from pointer without cast + 'warning: .*\[-Wint-conversion\]' + # warning: cast to ... from integer of different size (or smaller size) + 'warning: .*\[-Wint-to-pointer-cast\]' # outdated? 'warning: .*too few arguments for format' # format ... expects a matching ... argument
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 800337e1d2d5d2d04eb83fe57f519850074b6e66 Author: Sam James gentoo org> AuthorDate: Wed Nov 9 02:23:22 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 02:25:46 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=800337e1 install-qa-check.d/90gcc-warnings: add -Wargument-undefined-behaviour Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 403c19684..2f6f393a4 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -94,6 +94,8 @@ gcc_warn_check() { 'warning: .*\[-Wlto-type-mismatch\]' # ODR (https://wiki.gentoo.org/wiki/Project:Toolchain/LTO) 'warning: .*\[-Wodr\]' + # warning: argument value A will result in undefined behaviour (Clang) + 'warning: .*\[-Wargument-undefined-behaviour\]' # this may be valid code :/ #': warning: multi-character character constant'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: dc6035cdcd66a447a5ffc16b4e028604eafb82bf Author: Sam James gentoo org> AuthorDate: Wed Nov 9 02:22:22 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 02:25:45 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=dc6035cd install-qa-check.d/90gcc-warnings: add -Wundefined-reinterpret-cast A type of strict aliasing violation which can only happen in C++. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 162e97459..d8bde18cb 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -19,6 +19,8 @@ gcc_warn_check() { # only will and does, no might :) 'warning: .*will.*\[-Wstrict-aliasing\]' 'warning: .*does.*\[-Wstrict-aliasing\]' + # strict aliasing violation in C++ (Clang) + 'warning: .*\[\-Wundefined-reinterpret-cast\]' # implicit declaration of function ‘...’ 'warning: .*\[-Wimplicit-function-declaration\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 40673d0184a695c5f92fd6b8d241db9697b234f4 Author: Sam James gentoo org> AuthorDate: Wed Nov 9 02:22:52 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 02:25:45 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=40673d01 install-qa-check.d/90gcc-warnings: add -Wincompatible-function-pointer-types Clang 16 makes this fatal, but we're just going to warn on it here. We already have -Wincompatible-pointer-types anyway. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index d8bde18cb..403c19684 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -82,6 +82,8 @@ gcc_warn_check() { 'warning: .*\[-Waggressive-loop-optimizations\]' # conversion between pointers that have incompatible types 'warning: .*\[-Wincompatible-pointer-types\]' + # more specific form of -Wincompatible-pointer-types (Clang) + 'warning: .*\[-Wincompatible-function-pointer-types\]' # using wrong deallocator, e.g. using free() on object allocated using my_malloc() # when my_malloc() is annotated as needing my_free(). 'warning: .*\[-Wmismatched-dealloc\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4982bec7b9623415fec4dc9d4d7a9696b47a4479 Author: Sam James gentoo org> AuthorDate: Wed Nov 9 02:22:06 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 02:25:45 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4982bec7 install-qa-check.d/90gcc-warnings: formatting tweaks Group similar warnings together. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 6 ++ 1 file changed, 6 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 7a859eb88..162e97459 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -19,18 +19,21 @@ gcc_warn_check() { # only will and does, no might :) 'warning: .*will.*\[-Wstrict-aliasing\]' 'warning: .*does.*\[-Wstrict-aliasing\]' + # implicit declaration of function ‘...’ 'warning: .*\[-Wimplicit-function-declaration\]' # with -Wall, goes in pair with -Wimplicit-function-declaration # but without -Wall, we need to assert for it alone 'warning: .*incompatible implicit declaration of built-in function' 'warning: .*\[-Wbuiltin-declaration-mismatch\]' + # 'is used uninitialized in this function' and some more 'warning: .*\[-Wuninitialized\]' # comparisons like ‘X<=Y<=Z’ do not have their mathematical meaning 'warning: .*mathematical meaning*\[-Wparentheses\]' # null argument where non-null required 'warning: .*\[-Wnonnull\]' + # array subscript is above/below/outside array bounds (FORTIFY_SOURCE) 'warning: .*\[-Warray-bounds\]' # attempt to free a non-heap object @@ -43,6 +46,7 @@ gcc_warn_check() { 'warning: .*\[-Wfortify-source\]' 'warning: .*assuming pointer wraparound does not occur' 'warning: .*escape sequence out of range' + # left-hand operand of comma expression has no effect 'warning: .*left.*comma.*\[-Wunused-value\]' # converting to non-pointer type ... from NULL and likes @@ -58,11 +62,13 @@ gcc_warn_check() { 'warning: .*\[-Wint-conversion\]' # warning: cast to ... from integer of different size (or smaller size) 'warning: .*\[-Wint-to-pointer-cast\]' + # outdated? 'warning: .*too few arguments for format' # format ... expects a matching ... argument # (iow, too few arguments for format in new wording :)) 'warning: .*matching.*\[-Wformat=\]' + # function returns address of local variable 'warning: .*\[-Wreturn-local-addr\]' # missing return at end of function, or non-void return in a void function
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, bin/
commit: 85723dbd4d8fa6392001adeb8ca695a29e530949 Author: Sam James gentoo org> AuthorDate: Wed Nov 9 01:16:27 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 9 01:17:50 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=85723dbd bin: replace check-implicit-pointer-usage.py Always die on -Wimplicit-function-declaration as Clang 16 is going to make it fatal and it's always pretty dubious. The licencing of check-implicit-pointer-usage.py is also unclear, but the tool has been broken since GCC 4.5(!) Bug: https://bugs.gentoo.org/365655 Bug: https://bugs.gentoo.org/870412 Signed-off-by: Sam James gentoo.org> bin/check-implicit-pointer-usage.py | 79 --- bin/install-qa-check.d/90gcc-warnings | 46 2 files changed, 7 insertions(+), 118 deletions(-) diff --git a/bin/check-implicit-pointer-usage.py b/bin/check-implicit-pointer-usage.py deleted file mode 100755 index 06b666c88..0 --- a/bin/check-implicit-pointer-usage.py +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env python - -# Ripped from HP and updated from Debian -# Update by Gentoo to support unicode output - -# -# Copyright (c) 2004 Hewlett-Packard Development Company, L.P. -# David Mosberger -# -# Scan standard input for GCC warning messages that are likely to -# source of real 64-bit problems. In particular, see whether there -# are any implicitly declared functions whose return values are later -# interpreted as pointers. Those are almost guaranteed to cause -# crashes. -# - -import re -import sys - -implicit_pattern = re.compile( -r"([^:]*):(\d+): warning: implicit declaration " + "of function [`']([^']*)'" -) -pointer_pattern = ( -r"([^:]*):(\d+): warning: " -+ r"(" -+ r"(assignment" -+ r"|initialization" -+ r"|return" -+ r"|passing arg \d+ of `[^']*'" -+ r"|passing arg \d+ of pointer to function" -+ r") makes pointer from integer without a cast" -+ r"|" -+ r"cast to pointer from integer of different size)" -) - -unicode_quote_open = "\u2018" -unicode_quote_close = "\u2019" - - -def write(msg): -sys.stdout.buffer.write(msg.encode("utf_8", "backslashreplace")) - - -pointer_pattern = re.compile(pointer_pattern) - -last_implicit_filename = "" -last_implicit_linenum = -1 -last_implicit_func = "" - -while True: -line = sys.stdin.buffer.readline().decode("utf_8", "replace") -if not line: -break -# translate unicode open/close quotes to ascii ones -line = line.replace(unicode_quote_open, "`") -line = line.replace(unicode_quote_close, "'") -m = implicit_pattern.match(line) -if m: -last_implicit_filename = m.group(1) -last_implicit_linenum = int(m.group(2)) -last_implicit_func = m.group(3) -else: -m = pointer_pattern.match(line) -if m: -pointer_filename = m.group(1) -pointer_linenum = int(m.group(2)) -if ( -last_implicit_filename == pointer_filename -and last_implicit_linenum == pointer_linenum -): -write( -"Function `%s' implicitly converted to pointer at " -"%s:%d\n" -% ( -last_implicit_func, -last_implicit_filename, -last_implicit_linenum, -) -) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index f5dae8a76..cd12558ba 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -110,12 +110,17 @@ gcc_warn_check() { f=$(LC_CTYPE=C LC_COLLATE=C "${grep_cmd}" -E -a "${joined_msgs}" "${PORTAGE_LOG_FILE}" | uniq) if [[ -n ${f} ]] ; then abort="yes" + # for now, don't make this fatal (see bug #337031) #if [[ ${f} == *'will always overflow destination buffer'* ]]; then # always_overflow=yes #fi - if [[ ${always_overflow} = yes ]] ; then + if [[ ${f} == *'[-Wimplicit-function-declaration]'* ]] ; then + implicit_func_decl=yes + fi + + if [[ ${always_overflow} = yes || ${implicit_func_decl} = yes ]] ; then eerror eerror "QA Notice: Package triggers severe warnings which indicate that it" eerror " may exhibit random runtime failures." @@ -134,47 +139,10 @@ gcc_warn_check() { fi fi - local cat_cmd=cat - [[ ${PORTAGE_LOG_FILE} = *.gz ]] && cat_cmd=zcat [[ ${reset_debug} = 1 ]] && set -x -
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 1619bda983a731961b17504e2a48e44d4849d2cc Author: Sam James gentoo org> AuthorDate: Tue Nov 8 23:51:35 2022 + Commit: Sam James gentoo org> CommitDate: Tue Nov 8 23:51:35 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=1619bda9 install-qa-check.d/90gcc-warnings: improve -Warray-bounds comment Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 579cb4135..f5dae8a76 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -31,7 +31,7 @@ gcc_warn_check() { 'warning: .*mathematical meaning*\[-Wparentheses\]' # null argument where non-null required 'warning: .*\[-Wnonnull\]' - # array subscript is above/below/outside array bounds + # array subscript is above/below/outside array bounds (FORTIFY_SOURCE) 'warning: .*\[-Warray-bounds\]' # attempt to free a non-heap object 'warning: .*\[-Wfree-nonheap-object\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: 9d454e1ad76d4a6fcb0184854e9a65ad6929e972 Author: Sam James gentoo org> AuthorDate: Tue Nov 8 23:47:51 2022 + Commit: Sam James gentoo org> CommitDate: Tue Nov 8 23:49:16 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=9d454e1a install-qa-check.d/90gcc-warnings: add further FORTIFY_SOURCE-related warnings These are the compile-time parts of FORTIFY_SOURCE [0]: * -Wstringop-overflow (GCC only) * -Wfortify-source (Clang only) [0] https://maskray.me/blog/2022-11-06-fortify-source Signed-off-by: Sam James gentoo.org> NEWS | 2 ++ bin/install-qa-check.d/90gcc-warnings | 4 2 files changed, 6 insertions(+) diff --git a/NEWS b/NEWS index ac21358b2..5395d0cb2 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,8 @@ Features: * -Wmismatched-dealloc * -Wodr (LTO esp.) * -Wreturn-type + * -Wstringop-overflow (GCC, FORTIFY_SOURCE) + * -Wfortify-source (Clang, FORTIFY_SOURCE) * ecompress, etc: Support additional compression suffixes for texinfo: .Z, .bz2, .lzma, .lz, .xz, .zst (bug #757525). diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 3a57c0a3b..579cb4135 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -37,6 +37,10 @@ gcc_warn_check() { 'warning: .*\[-Wfree-nonheap-object\]' # those three do not have matching -W flags, it seems 'warning: .*will always overflow destination buffer' + # compile-time part of FORTIFY_SOURCE + 'warning: .*\[-Wstringop-overflow\]' + # clang-only, equivalent of -Wstringop-overflow + 'warning: .*\[-Wfortify-source\]' 'warning: .*assuming pointer wraparound does not occur' 'warning: .*escape sequence out of range' # left-hand operand of comma expression has no effect
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: ebea8fa53bdd871deb841463f5fbd4f427b6ef3c Author: Sam James gentoo org> AuthorDate: Thu Oct 27 23:37:42 2022 + Commit: Sam James gentoo org> CommitDate: Thu Oct 27 23:37:42 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ebea8fa5 install-qa-check.d/90gcc-warnings: add -Wreturn-type Clang in particular optimises very aggressively based on this (if there's a missing return at the end, it'll end up performing mental gymnastics to deduce some other earlier case is taken). Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 662d2fd3a..7a506d357 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -56,6 +56,9 @@ gcc_warn_check() { 'warning: .*matching.*\[-Wformat=\]' # function returns address of local variable 'warning: .*\[-Wreturn-local-addr\]' + # missing return at end of function, or non-void return in a void function + # (clang at least aggressively optimises on this) + 'warning: .*\[-Wreturn-type\]' # argument to sizeof ... is the same expression as the source 'warning: .*\[-Wsizeof-pointer-memaccess\]' # iteration invokes undefined behavior
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: de8d2c8de7d456a15f83551bfc3fcf6ff1fffaf1 Author: Sam James gentoo org> AuthorDate: Thu Oct 27 23:37:43 2022 + Commit: Sam James gentoo org> CommitDate: Thu Oct 27 23:37:43 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=de8d2c8d install-qa-check.d/90gcc-warnings: add -Wmismatched-dealloc These could easily lead to UAFs / out of bound access if the malloc used is oversized (e.g. using my_free() on something allocated by malloc(), with my_free() assuming existence of some extra data from my_malloc()). Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 256e6918b..3a57c0a3b 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -66,6 +66,9 @@ gcc_warn_check() { 'warning: .*\[-Waggressive-loop-optimizations\]' # conversion between pointers that have incompatible types 'warning: .*\[-Wincompatible-pointer-types\]' + # using wrong deallocator, e.g. using free() on object allocated using my_malloc() + # when my_malloc() is annotated as needing my_free(). + 'warning: .*\[-Wmismatched-dealloc\]' # clobbered: Warn for variables that might be changed by longjmp or vfork # (This warning is also enabled by -Wextra.) 'warning: .*\[-Wclobbered\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: eaf2868e99280cb6c57df528f63f98c6b4757ef6 Author: Sam James gentoo org> AuthorDate: Thu Oct 27 23:37:43 2022 + Commit: Sam James gentoo org> CommitDate: Thu Oct 27 23:37:43 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=eaf2868e install-qa-check.d/90gcc-warnings: add -Wbuiltin-declaration-mismatch Closely related to -Wimplicit-function-declaration. It's a mistake to do this anyway, but it's particularly bad if it then inhibits further compiler diagnostics. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 7a506d357..256e6918b 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -24,6 +24,7 @@ gcc_warn_check() { # with -Wall, goes in pair with -Wimplicit-function-declaration # but without -Wall, we need to assert for it alone 'warning: .*incompatible implicit declaration of built-in function' + 'warning: .*\[-Wbuiltin-declaration-mismatch\]' # 'is used uninitialized in this function' and some more 'warning: .*\[-Wuninitialized\]' # comparisons like ‘X<=Y<=Z’ do not have their mathematical meaning
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a6675b40d06142f43f2592ed09b5c2bfa433c5c2 Author: Sam James gentoo org> AuthorDate: Mon Oct 10 19:47:12 2022 + Commit: Sam James gentoo org> CommitDate: Tue Oct 11 19:18:36 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a6675b40 install-qa-check.d/90gcc-warnings: add TODO for -Wformat-security Signed-off-by: Sam James gentoo.org> Closes: https://github.com/gentoo/portage/pull/923 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 7c4b1f8e3..662d2fd3a 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -1,5 +1,6 @@ # Check for important gcc warnings # TODO: adapt for clang? +# TODO: add -Wformat-security gcc_warn_check() { local f
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 8dc1ff9cc9eea96cd953b73c74e621d1d4c29efa Author: Sam James gentoo org> AuthorDate: Mon Oct 10 19:42:39 2022 + Commit: Sam James gentoo org> CommitDate: Tue Oct 11 19:18:36 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=8dc1ff9c install-qa-check.d/90gcc-warnings: add Clang TODO Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 6014f6be9..7c4b1f8e3 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -1,4 +1,5 @@ -# Check for important gcc warning +# Check for important gcc warnings +# TODO: adapt for clang? gcc_warn_check() { local f
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: aa5f84544096f3ffa5fad307768537ca34e8193e Author: Sam James gentoo org> AuthorDate: Mon Oct 10 19:42:00 2022 + Commit: Sam James gentoo org> CommitDate: Tue Oct 11 19:18:36 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=aa5f8454 install-qa-check.d/90gcc-warnings: add more LTO warnings (-Wodr, -Wlto-type-mismatch) Bug: https://bugs.gentoo.org/618550 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 4 1 file changed, 4 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index d118ce958..6014f6be9 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -63,6 +63,10 @@ gcc_warn_check() { # clobbered: Warn for variables that might be changed by longjmp or vfork # (This warning is also enabled by -Wextra.) 'warning: .*\[-Wclobbered\]' + # LTO type mismatch (https://wiki.gentoo.org/wiki/Project:Toolchain/LTO) + 'warning: .*\[-Wlto-type-mismatch\]' + # ODR (https://wiki.gentoo.org/wiki/Project:Toolchain/LTO) + 'warning: .*\[-Wodr\]' # this may be valid code :/ #': warning: multi-character character constant'
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 772fdceea5f148d9bb5fd6c87ffd48f87ca93bab Author: Sam James gentoo org> AuthorDate: Tue Aug 23 00:27:52 2022 + Commit: Sam James gentoo org> CommitDate: Tue Aug 23 00:33:19 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=772fdcee bin/install-qa-check.d: drop QA_PKGCONFIG_VERSION checks from 60pkgconfig They've been too noisy. We can consider restoring this with an opt-in check (perhaps by setting QA_PKGCONFIG_VERSION) in future. Bug: https://bugs.gentoo.org/857654 Signed-off-by: Sam James gentoo.org> NEWS | 3 ++ bin/install-qa-check.d/60pkgconfig | 60 -- 2 files changed, 3 insertions(+), 60 deletions(-) diff --git a/NEWS b/NEWS index 87799bc4f..9cf67107a 100644 --- a/NEWS +++ b/NEWS @@ -27,6 +27,9 @@ Bug fixes: * dispatch-conf: respect (E)ROOT +* install-qa-check.d: 60pkgconfig: drop noisy pkg-config mismatched Version + field check (bug 857654). + * install-qa-check.d: 60pkgconfig: fix --validate check by adding ${ED}/usr/{lib*,share} to search path. diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 20acaa7fb..f44ec232a 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -88,66 +88,6 @@ pkgconfig_check() { eqawarn "(contains reference to either lib or lib64 in wrong directory)" eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}" fi - - # Check for mismatched Version field vs ${PV} - # To be safe, let's make sure _all_ installed .pcs have a bad Version - # before warning, as this should catch the general cases we're worried - # about, while avoiding any pathological cases e.g. multiple libraries - # with different versioning within one package. - # Example bugs: bug #833895, bug #833887. - - # Default to PV if QA_PKGCONFIG_VERSION is unset. - if [[ -z ${QA_PKGCONFIG_VERSION+set} ]]; then - local QA_PKGCONFIG_VERSION=${PV} - fi - - # Skip the check if QA_PKGCONFIG_VERSION is set to empty string. - if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then - local pms_ver_re="^([0-9]+(\.[0-9]+)*)([a-z]?)((_(alpha|beta|pre|rc|p)[0-9]*)*)(-r[0-9]+)?$" - local -A bad_files - - local is_pms_ver=false - if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then - # Ensure that ver_test is available. - [[ $(type -t ver_test) == function ]] || inherit eapi7-ver - is_pms_ver=true - fi - - for f in "${files[@]}" ; do - local file_version=$(pkg-config --modversion "${f}") - if [[ -n ${file_version} ]] ; then - if ${is_pms_ver} && [[ ${file_version} =~ ${pms_ver_re} ]]; then - # If both versions comply to PMS, then we can use ver_test to compare them. - ver_test ${QA_PKGCONFIG_VERSION} -eq ${file_version} && continue - else - # Otherwise, we resort to string comparision. - [[ ${QA_PKGCONFIG_VERSION} == ${file_version} ]] && continue - fi - else - # Record a special value if the .pc file has no version set at all. - file_version="" - fi - - bad_files["${f//${D}}"]="${file_version}" - done - - # Skip result reporting if *_p* because for both _pN and _preN, we - # don't generally expect the versions to be exactly accurate, and - # we want to avoid false positives. - if [[ ${#bad_files[@]} -gt 0 && ${PV} != *_p* ]] && ! has live ${PROPERTIES} ; then - eqawarn "QA Notice: pkg-config files with mismatched Version found!" - eqawarn "The Version field of the following files does not match ${PV}" - local bad_file - for bad_file in "${!bad_files[@]}"; do - local bad_file_version="${bad_files[${bad_file}]}" - eqawarn "- ${bad_file}: ${bad_file_version}" - done - eqawarn "Please check all .pc files installed by this package." - eqawarn "You can use QA_PKGCONFIG_VERSION to set the expected version," - eqawarn "or set to the empty string to disable this QA check." - eqatag pkgconfig.unexpected-version ${!bad_files[@]} - fi - fi } pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 87deddd57a3259875d524138aeadd297d7b660c7 Author: genBTC gmx com> AuthorDate: Sun May 22 22:04:11 2022 + Commit: Sam James gentoo org> CommitDate: Fri Aug 19 00:07:34 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=87deddd5 install-qa-check.d/90gcc-warnings: add -Wincompatible-pointer-types, -Wclobbered They appear rarely enough that the additional noise should not be too much of a concern for QA, but of enough importance that it should be investigated and dealt with. Only a couple (~2) packages were flagged during inspecting my past build logs to test this commit. Closes: https://github.com/gentoo/portage/pull/833 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 5 + 1 file changed, 5 insertions(+) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 52124427d..d118ce958 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -58,6 +58,11 @@ gcc_warn_check() { 'warning: .*\[-Wsizeof-pointer-memaccess\]' # iteration invokes undefined behavior 'warning: .*\[-Waggressive-loop-optimizations\]' + # conversion between pointers that have incompatible types + 'warning: .*\[-Wincompatible-pointer-types\]' + # clobbered: Warn for variables that might be changed by longjmp or vfork + # (This warning is also enabled by -Wextra.) + 'warning: .*\[-Wclobbered\]' # this may be valid code :/ #': warning: multi-character character constant'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 32657fd62a4ab7616c28ea85cfaafb66695d7ab6 Author: Florian Schmaus gentoo org> AuthorDate: Sun Aug 14 18:46:52 2022 + Commit: Sam James gentoo org> CommitDate: Sun Aug 14 20:43:37 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=32657fd6 install-qa-check.d/60pkgconfig: fix ver_test type check Somehow, this ended up using the wrong argument to bash's 'type' builtin. :/ It must be '-t', which prints the type of the queried name. Fixes: f46b89282ff5 ("install-qa-check.d/60pkgconfig: use ver_test to compare versions") Signed-off-by: Florian Schmaus gentoo.org> Closes: https://github.com/gentoo/portage/pull/887 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index e275e1ee2..20acaa7fb 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -109,7 +109,7 @@ pkgconfig_check() { local is_pms_ver=false if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then # Ensure that ver_test is available. - [[ $(type -f ver_test) == function ]] || inherit eapi7-ver + [[ $(type -t ver_test) == function ]] || inherit eapi7-ver is_pms_ver=true fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: f46b89282ff58974bedb6ed29c83cfeab1e5ad4f Author: Florian Schmaus gentoo org> AuthorDate: Mon Aug 1 07:54:22 2022 + Commit: Sam James gentoo org> CommitDate: Sat Aug 13 17:30:25 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=f46b8928 install-qa-check.d/60pkgconfig: use ver_test to compare versions Motivied by Matthew's question if the version comparision could be improved so that, e.g., 25.0 and 25.0.0 are treated as equal. Note that using ver_test requires that we check the arguments passed to ver_test conform to PMS version strings. If this is not the case, then we fall back to the previous behavior and perform a string comparision. Thanks-to: Matthew Smith gentoo.org> Signed-off-by: Florian Schmaus gentoo.org> Closes: https://github.com/gentoo/portage/pull/882 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 30 +- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index a8e0aa5db..e275e1ee2 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -103,26 +103,38 @@ pkgconfig_check() { # Skip the check if QA_PKGCONFIG_VERSION is set to empty string. if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then - local all_bad=yes + local pms_ver_re="^([0-9]+(\.[0-9]+)*)([a-z]?)((_(alpha|beta|pre|rc|p)[0-9]*)*)(-r[0-9]+)?$" local -A bad_files + + local is_pms_ver=false + if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then + # Ensure that ver_test is available. + [[ $(type -f ver_test) == function ]] || inherit eapi7-ver + is_pms_ver=true + fi + for f in "${files[@]}" ; do local file_version=$(pkg-config --modversion "${f}") - if [[ ${QA_PKGCONFIG_VERSION} == ${file_version} ]] ; then - all_bad=no - break - fi - - # Record a special value if the .pc file has no version set at all. - if [[ -z ${file_version} ]] ; then + if [[ -n ${file_version} ]] ; then + if ${is_pms_ver} && [[ ${file_version} =~ ${pms_ver_re} ]]; then + # If both versions comply to PMS, then we can use ver_test to compare them. + ver_test ${QA_PKGCONFIG_VERSION} -eq ${file_version} && continue + else + # Otherwise, we resort to string comparision. + [[ ${QA_PKGCONFIG_VERSION} == ${file_version} ]] && continue + fi + else + # Record a special value if the .pc file has no version set at all. file_version="" fi + bad_files["${f//${D}}"]="${file_version}" done # Skip result reporting if *_p* because for both _pN and _preN, we # don't generally expect the versions to be exactly accurate, and # we want to avoid false positives. - if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live ${PROPERTIES} ; then + if [[ ${#bad_files[@]} -gt 0 && ${PV} != *_p* ]] && ! has live ${PROPERTIES} ; then eqawarn "QA Notice: pkg-config files with mismatched Version found!" eqawarn "The Version field of the following files does not match ${PV}" local bad_file
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4be2288e5e34cbcf59e92d5ad2d3763a1475a09d Author: Florian Schmaus gentoo org> AuthorDate: Sat Jul 30 08:49:06 2022 + Commit: Sam James gentoo org> CommitDate: Wed Aug 10 04:36:46 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4be2288e install-qa-check.d/60pkgconfig: improve pkg-config version check Make the pkg-config .pc-file version check display the actual found version and hint towards the QA_PKGCONFIG_VERSION variable. Signed-off-by: Florian Schmaus gentoo.org> Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 21 - 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 54122fe61..e95746505 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -104,15 +104,19 @@ pkgconfig_check() { # Skip the check if QA_PKGCONFIG_VERSION is set to empty string. if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then local all_bad=yes - # Record the last bad file matched - local bad_file + local -A bad_files for f in "${files[@]}" ; do - if [[ ${QA_PKGCONFIG_VERSION} == $(pkg-config --modversion "${f}") ]] ; then + local file_version=$(pkg-config --modversion "${f}") + if [[ ${QA_PKGCONFIG_VERSION} == ${file_version} ]] ; then all_bad=no break fi - bad_file="${f//${D}}" + # Record a special value if the .pc file has no version set at all. + if [[ -z ${file_version} ]] ; then + file_version="" + fi + bad_files["${f//${D}}"]="${file_version}" done # Skip result reporting if *_p* because for both _pN and _preN, we @@ -120,8 +124,15 @@ pkgconfig_check() { # we want to avoid false positives. if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live ${PROPERTIES} ; then eqawarn "QA Notice: pkg-config files with mismatched Version found!" - eqawarn "At least ${bad_file}'s Version field does not match ${PV}" + eqawarn "The Version field of the following files does not match ${PV}" + local bad_file + for bad_file in "${!bad_files[@]}"; do + local bad_file_version="${bad_files[${bad_file}]}" + eqawarn "- ${bad_file}: ${bad_file_version}" + done eqawarn "Please check all .pc files installed by this package." + eqawarn "You can use QA_PKGCONFIG_VERSION to set the expected version," + eqawarn "or set to the empty string to disable this QA check." fi fi }
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4dd66128f1b09cbe033e6eaf4d9ba7f8da274a65 Author: Florian Schmaus gentoo org> AuthorDate: Mon Aug 1 07:53:44 2022 + Commit: Sam James gentoo org> CommitDate: Wed Aug 10 04:36:46 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4dd66128 install-qa-check.d/60pkgconfig: use "eqatag pkgconfig.unexpected-version" Suggested-by: Sam James gentoo.org> Signed-off-by: Florian Schmaus gentoo.org> Closes: https://github.com/gentoo/portage/pull/875 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index e95746505..a8e0aa5db 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -133,6 +133,7 @@ pkgconfig_check() { eqawarn "Please check all .pc files installed by this package." eqawarn "You can use QA_PKGCONFIG_VERSION to set the expected version," eqawarn "or set to the empty string to disable this QA check." + eqatag pkgconfig.unexpected-version ${!bad_files[@]} fi fi }
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4f7f71fe7fca2744954d0092c3095221905f7e04 Author: Sam James gentoo org> AuthorDate: Mon Aug 1 02:47:56 2022 + Commit: Sam James gentoo org> CommitDate: Mon Aug 1 22:37:51 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4f7f71fe install-qa-check.d: 60pkgconfig: add ${ED}/usr/{lib*,share}/pkgconfig to search path Needed for --validate to not barf sometimes. Signed-off-by: Sam James gentoo.org> Closes: https://github.com/gentoo/portage/pull/880 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 6f1d6b8b1..54122fe61 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -27,7 +27,7 @@ pkgconfig_check() { # seems like f.d.o, OpenBSD, and of course pkgconf do though. # Need --maximum-traverse-depth=1 to avoid checking deps and giving # unrelated warnings/errors. - if ! pkg-config --maximum-traverse-depth=1 --validate "${files[@]}" ; then + if ! pkg-config --maximum-traverse-depth=1 --with-path="${ED}"/usr/{lib*,share}/pkgconfig --validate "${files[@]}" ; then eqawarn "QA Notice: pkg-config files which fail validation found!" eqawarn "Run 'pkg-config --validate ...' for more information" fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: cf16daf828e73ba5c37cd87086bfdc43eea23dd2 Author: Sam James gentoo org> AuthorDate: Thu Jul 28 02:56:20 2022 + Commit: Sam James gentoo org> CommitDate: Mon Aug 1 22:38:11 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=cf16daf8 install-qa-checks.d: fix 90gcc-warnings for other 64-bit arches We were missing: - aarch64* - arm64* (Apple uses this for arm64) - loongarch64* - riscv64* - s390x* Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/90gcc-warnings | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 041e39c8b..52124427d 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -113,25 +113,26 @@ gcc_warn_check() { fi local cat_cmd=cat - [[ $PORTAGE_LOG_FILE = *.gz ]] && cat_cmd=zcat - [[ $reset_debug = 1 ]] && set -x + [[ ${PORTAGE_LOG_FILE} = *.gz ]] && cat_cmd=zcat + [[ ${reset_debug} = 1 ]] && set -x + # Use safe cwd, avoiding unsafe import for bug #469338. - f=$(cd "${PORTAGE_PYM_PATH}" ; $cat_cmd "${PORTAGE_LOG_FILE}" | \ - "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH"/check-implicit-pointer-usage.py || die "check-implicit-pointer-usage.py failed") - if [[ -n ${f} ]] ; then + f=$(cd "${PORTAGE_PYM_PATH}" ; ${cat_cmd} "${PORTAGE_LOG_FILE}" | \ + "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}"/check-implicit-pointer-usage.py || die "check-implicit-pointer-usage.py failed") + if [[ -n ${f} ]] ; then # In the future this will be a forced "die". In preparation, # increase the log level from "qa" to "eerror" so that people - # are aware this is a problem that must be fixed asap. + # are aware this is a problem that must be fixed ASAP. - # just warn on 32bit hosts but bail on 64bit hosts + # Just warn on 32bit hosts but bail on 64bit hosts case ${CHOST} in - alpha*|hppa64*|ia64*|powerpc64*|mips64*|sparc64*|sparcv9*|x86_64*) gentoo_bug=yes ;; + alpha*|aarch64*|arm64*|hppa64*|ia64*|powerpc64*|loongarch64*|mips64*|riscv64*|sparc64*|sparcv9*|s390x*|x86_64*) gentoo_bug=yes ;; esac abort=yes - if [[ $gentoo_bug = yes ]] ; then + if [[ ${gentoo_bug} = yes ]] ; then eerror eerror "QA Notice: Package triggers severe warnings which indicate that it" eerror " will almost certainly crash on 64bit architectures."
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 06af67ad303d2f0d8a82c4d6cd4c594d7694689b Author: Sam James gentoo org> AuthorDate: Mon Aug 1 02:41:09 2022 + Commit: Sam James gentoo org> CommitDate: Mon Aug 1 22:37:51 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=06af67ad install-qa-check.d: 60pkgconfig: only verify defined variables in EPREFIX check e.g. 'exec_prefix' might not even appear in the pkg-config file. Bug: https://bugs.gentoo.org/860825 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index d4ba42f5b..6f1d6b8b1 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -38,6 +38,9 @@ pkgconfig_check() { for f in "${files[@]}" ; do local key for key in prefix exec_prefix libdir includedir ; do + # Check if the variable is even in there (bug #860825) + grep -E -q "^${key}" "${f}" || continue + local value=$(pkg-config --variable="${key}" "${f}") if [[ ${value} != "${EPREFIX}"* ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 7e39ed552544e6551c00f4a6231898d3f53c2204 Author: Fabian Groffen gentoo org> AuthorDate: Tue Jul 26 18:46:38 2022 + Commit: Fabian Groffen gentoo org> CommitDate: Thu Jul 28 06:32:01 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=7e39ed55 bin/install-qa-check.d/80multilib-strict: use file/find from Prefix Signed-off-by: Fabian Groffen gentoo.org> bin/install-qa-check.d/80multilib-strict | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/80multilib-strict b/bin/install-qa-check.d/80multilib-strict index afd223250..42e5f1ca6 100644 --- a/bin/install-qa-check.d/80multilib-strict +++ b/bin/install-qa-check.d/80multilib-strict @@ -1,7 +1,7 @@ # Strict multilib directory checks multilib_strict_check() { if has multilib-strict ${FEATURES} && \ - [[ -x /usr/bin/file && -x /usr/bin/find ]] && \ + type find &>/dev/null && type file &>/dev/null && \ [[ -n ${MULTILIB_STRICT_DIRS} && -n ${MULTILIB_STRICT_DENY} ]] then rm -f "${T}/multilib-strict.log"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: eb382e8b07e20ef7b9b8d287ca5c3946a5c3c0c5 Author: Fabian Groffen gentoo org> AuthorDate: Tue Jul 26 18:41:41 2022 + Commit: Fabian Groffen gentoo org> CommitDate: Wed Jul 27 08:17:46 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=eb382e8b bin/install-qa-check.d/80libraries: support Darwin/Mach-O objects Check for dylib on Darwin, so on everything else. Signed-off-by: Fabian Groffen gentoo.org> bin/install-qa-check.d/80libraries | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/80libraries b/bin/install-qa-check.d/80libraries index 8dc35bb87..81c926982 100644 --- a/bin/install-qa-check.d/80libraries +++ b/bin/install-qa-check.d/80libraries @@ -140,7 +140,11 @@ lib_check() { local abort="no" local a s for a in "${ED%/}"/usr/lib*/*.a ; do - s=${a%.a}.so + if [[ ${CHOST} == *-darwin* ]] ; then + s=${a%.a}.dylib + else + s=${a%.a}.so + fi if [[ ! -e ${s} ]] ; then s=${s%usr/*}${s##*/usr/} if [[ -e ${s} ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 54080c141fd2ee6fdb6827b95e5a21d72b0c82a1 Author: Fabian Groffen gentoo org> AuthorDate: Tue Jul 26 18:49:25 2022 + Commit: Fabian Groffen gentoo org> CommitDate: Wed Jul 27 08:16:21 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=54080c14 bin/install-qa-check.d/90world-writable: include EPREFIX in reports It is much less confusing and consistent to report full paths including the leading EPREFIX. Signed-off-by: Fabian Groffen gentoo.org> bin/install-qa-check.d/90world-writable | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/90world-writable b/bin/install-qa-check.d/90world-writable index 820683bd6..c69c43444 100644 --- a/bin/install-qa-check.d/90world-writable +++ b/bin/install-qa-check.d/90world-writable @@ -2,7 +2,7 @@ world_writable_check() { # Now we look for all world writable files. - local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e "s:^${ED}:/:") + local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e "s:^${D}:/:") local OLDIFS x prev_shopts=$- OLDIFS=$IFS @@ -19,7 +19,7 @@ world_writable_check() { eqawarn fi - local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm -4002 ')' | sed -e "s:^${ED}:/:") + local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm -4002 ')' | sed -e "s:^${D}:/:") if [[ -n ${unsafe_files} ]] ; then eqawarn "QA Notice: Unsafe files detected (set*id and world writable)"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 591e7e12009ce6599d2684dfde5eece236fdcdfb Author: Sam James gentoo org> AuthorDate: Sat May 7 05:56:02 2022 + Commit: Sam James gentoo org> CommitDate: Sun May 15 01:02:43 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=591e7e12 bin/install-qa-check.d/05prefix: egrep -> grep -E Newer greps will warn on this. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/05prefix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/05prefix b/bin/install-qa-check.d/05prefix index e1fc2bd99..c1a5606d8 100644 --- a/bin/install-qa-check.d/05prefix +++ b/bin/install-qa-check.d/05prefix @@ -20,7 +20,7 @@ install_qa_check_prefix() { fi if [[ -d ${D} ]] ; then - INSTALLTOD=$(find ${D%/} | egrep -v "^${ED}" | sed -e "s|^${D%/}||" | awk '{if (length($0) <= length("'"${EPREFIX}"'")) { if (substr("'"${EPREFIX}"'", 1, length($0)) != $0) {print $0;} } else if (substr($0, 1, length("'"${EPREFIX}"'")) != "'"${EPREFIX}"'") {print $0;} }') + INSTALLTOD=$(find ${D%/} | grep -E -v "^${ED}" | sed -e "s|^${D%/}||" | awk '{if (length($0) <= length("'"${EPREFIX}"'")) { if (substr("'"${EPREFIX}"'", 1, length($0)) != $0) {print $0;} } else if (substr($0, 1, length("'"${EPREFIX}"'")) != "'"${EPREFIX}"'") {print $0;} }') if [[ -n ${INSTALLTOD} ]] ; then eqawarn "QA Notice: the following files are outside of the prefix:" eqawarn "${INSTALLTOD}"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e810fb4cf1af6b7fe7d00ea7b73e99e917d83fc0 Author: Sam James gentoo org> AuthorDate: Sun May 15 01:01:42 2022 + Commit: Sam James gentoo org> CommitDate: Sun May 15 01:02:44 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e810fb4c bin/install-qa-check.d/60pkgconfig: egrep -> grep -E Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 25143275f..d4ba42f5b 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -11,7 +11,7 @@ pkgconfig_check() { local f # Look for leaking LDFLAGS into pkg-config files - f=$(egrep -zsH '^Libs.*-Wl,(-O[012]|--hash-style)' "${files[@]}") + f=$(grep -E -zsH '^Libs.*-Wl,(-O[012]|--hash-style)' "${files[@]}") if [[ -n ${f} ]] ; then eqawarn "QA Notice: pkg-config files with wrong LDFLAGS detected:" eqatag -v pkgconfig.bad-ldlags "${f//${D}}" @@ -69,7 +69,7 @@ pkgconfig_check() { fi # In ${ED}/usr/lib, we shouldn't reference lib64 - if egrep -q "=(/usr)?/lib64" ${f} ; then + if grep -E -q "=(/usr)?/lib64" ${f} ; then bad_libdir+=( "${f//${D}}" ) fi elif [[ ${f} == *lib64/pkgconfig* ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 2c25a3a6e88f32d94c63ab38baa34f2d79a2699e Author: Mike Gilbert gentoo org> AuthorDate: Tue Apr 26 19:22:10 2022 + Commit: Mike Gilbert gentoo org> CommitDate: Sat May 7 17:11:20 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=2c25a3a6 install-qa-check.d/60pkgconfig: add QA_PKGCONFIG_VERSION This allows ebuild maintainers to override the expected version in the .pc file when it differs from ${PV}. Signed-off-by: Mike Gilbert gentoo.org> bin/install-qa-check.d/60pkgconfig | 43 +++--- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 58f533e83..25143275f 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -92,25 +92,34 @@ pkgconfig_check() { # about, while avoiding any pathological cases e.g. multiple libraries # with different versioning within one package. # Example bugs: bug #833895, bug #833887. - local all_bad=yes - # Record the last bad file matched - local bad_file - for f in "${files[@]}" ; do - if [[ ${PV} == $(pkg-config --modversion "${f}") ]] ; then - all_bad=no - break - fi - bad_file="${f//${D}}" - done + # Default to PV if QA_PKGCONFIG_VERSION is unset. + if [[ -z ${QA_PKGCONFIG_VERSION+set} ]]; then + local QA_PKGCONFIG_VERSION=${PV} + fi + + # Skip the check if QA_PKGCONFIG_VERSION is set to empty string. + if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then + local all_bad=yes + # Record the last bad file matched + local bad_file + for f in "${files[@]}" ; do + if [[ ${QA_PKGCONFIG_VERSION} == $(pkg-config --modversion "${f}") ]] ; then + all_bad=no + break + fi - # Skip result reporting if *_p* because for both _pN and _preN, we - # don't generally expect the versions to be exactly accurate, and - # we want to avoid false positives. - if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live ${PROPERTIES} ; then - eqawarn "QA Notice: pkg-config files with mismatched Version found!" - eqawarn "At least ${bad_file}'s Version field does not match ${PV}" - eqawarn "Please check all .pc files installed by this package." + bad_file="${f//${D}}" + done + + # Skip result reporting if *_p* because for both _pN and _preN, we + # don't generally expect the versions to be exactly accurate, and + # we want to avoid false positives. + if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live ${PROPERTIES} ; then + eqawarn "QA Notice: pkg-config files with mismatched Version found!" + eqawarn "At least ${bad_file}'s Version field does not match ${PV}" + eqawarn "Please check all .pc files installed by this package." + fi fi }
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 98750a24b8c8adcdb8e6a0e37456bb75925f71c4 Author: Sam James gentoo org> AuthorDate: Tue Apr 19 21:33:03 2022 + Commit: Sam James gentoo org> CommitDate: Thu Apr 28 15:50:15 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=98750a24 install-qa-check.d/10ignored-flags: sync check with other examples (cosmetic) Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/10ignored-flags | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags index 7cd073578..0bda8eced 100644 --- a/bin/install-qa-check.d/10ignored-flags +++ b/bin/install-qa-check.d/10ignored-flags @@ -1,8 +1,9 @@ # QA checks for ignored *FLAGS. ignored_flag_check() { - type -P scanelf > /dev/null || return - has binchecks ${PORTAGE_RESTRICT} && return + if ! type -P scanelf >/dev/null || has binchecks ${PORTAGE_RESTRICT}; then + return + fi local qa_var="QA_FLAGS_IGNORED_${ARCH/-/_}" eval "[[ -n \${!qa_var} ]] && QA_FLAGS_IGNORED=(\"\${${qa_var}[@]}\")"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 561e2d1f884c01d987e8bd812e01c1a29da7f082 Author: Sam James gentoo org> AuthorDate: Thu Mar 3 21:16:55 2022 + Commit: Sam James gentoo org> CommitDate: Tue Apr 12 01:59:55 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=561e2d1f install-qa-check.d/60pkgconfig: drop ${D} from output; don't repeat ${EPREFIX} It's confusing when the ebuild has been merged to the system and we should be consistent with other checks. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 4c6f01f03..e2d839ca1 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -42,9 +42,12 @@ pkgconfig_check() { if [[ ${value} != "${EPREFIX}"* ]] ; then eqawarn "QA Notice: pkg-config files not respecting EPREFIX found" - eqawarn "${f}'s key=${key} does not respect EPREFIX:" + eqawarn "key=${key} does not respect EPREFIX:" eqawarn "${key}=${value}" - eqatag -v pkgconfig.bad-paths "${f}" + eqatag -v pkgconfig.bad-paths ${key}="${value}" "${f//${D}}" + + # Don't bother repeating for every variable in the same file + break fi done done @@ -67,12 +70,12 @@ pkgconfig_check() { fi if egrep -q "/lib64" ${f} ; then - bad_libdir+=( ${f} ) + bad_libdir+=( "${f//${D}}" ) fi elif [[ ${f} == *lib64/pkgconfig* ]] ; then # We want to match /lib/, /lib/foo/, but not e.g. /lib64 or /lib64/, or libfoo if grep -qP '/lib\b' ${f} ; then - bad_libdir+=( ${f} ) + bad_libdir+=( "${f//${D}}" ) fi fi done @@ -98,7 +101,7 @@ pkgconfig_check() { break fi - bad_file=f + bad_file="${f//${D}}" done # Skip result reporting if *_p* because for both _pN and _preN, we
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e31acf622d632d093b01e51e03c1c3f98dbe3a1c Author: Sam James gentoo org> AuthorDate: Wed Mar 16 00:02:24 2022 + Commit: Sam James gentoo org> CommitDate: Tue Apr 12 01:59:56 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e31acf62 install-qa-check.d/60pkgconfig: change libdir regex We don't want to watch /var/lib/, for example. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index e2d839ca1..58f533e83 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -62,19 +62,19 @@ pkgconfig_check() { # e.g. https://bugs.gentoo.org/729642 local bad_libdir=() for f in "${files[@]}" ; do - # In ${ED}/usr/lib, we shouldn't reference lib64 if [[ ${f} == *lib/pkgconfig* ]] ; then if [[ -d "${ED}"/usr/lib && -L "${ED}"/usr/lib ]] ; then # (Don't bother if /usr/lib is a symlink to /usr/lib64) continue fi - if egrep -q "/lib64" ${f} ; then + # In ${ED}/usr/lib, we shouldn't reference lib64 + if egrep -q "=(/usr)?/lib64" ${f} ; then bad_libdir+=( "${f//${D}}" ) fi elif [[ ${f} == *lib64/pkgconfig* ]] ; then # We want to match /lib/, /lib/foo/, but not e.g. /lib64 or /lib64/, or libfoo - if grep -qP '/lib\b' ${f} ; then + if grep -qP '=(/usr)?/lib\b' ${f} ; then bad_libdir+=( "${f//${D}}" ) fi fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 7aa2e188d6732088ae2a2926cc465988e4f117f9 Author: Sam James gentoo org> AuthorDate: Wed Feb 23 01:26:11 2022 + Commit: Sam James gentoo org> CommitDate: Tue Apr 12 01:59:54 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=7aa2e188 install-qa-check.d/60pkgconfig: check for mismatched version We want to try catch cases where we're installing a pkg-config (.pc) file with an obviously incorrect version (here, we're testing for ${PV} != any version in all of the installed .pc files) because: 1. it's bad; 2. it has a large blast radius (breaking consumers). Bug: https://bugs.gentoo.org/833895 Bug: https://bugs.gentoo.org/833887 Bug: https://bugs.gentoo.org/833907 Bug: https://bugs.gentoo.org/833884 Bug: https://bugs.gentoo.org/833888 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 26 ++ 1 file changed, 26 insertions(+) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index cb6660bcb..78c5b5a3c 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -78,6 +78,32 @@ pkgconfig_check() { eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}" fi + # Check for mismatched Version field vs ${PV} + # To be safe, let's make sure _all_ installed .pcs have a bad Version + # before warning, as this should catch the general cases we're worried + # about, while avoiding any pathological cases e.g. multiple libraries + # with different versioning within one package. + # Example bugs: bug #833895, bug #833887. + local all_bad=yes + # Record the last bad file matched + local bad_file + for f in "${files[@]}" ; do + if [[ ${PV} == $(pkg-config --modversion "${f}") ]] ; then + all_bad=no + break + fi + + bad_file=f + done + + # Skip result reporting if *_p* because for both _pN and _preN, we + # don't generally expect the versions to be exactly accurate, and + # we want to avoid false positives. + if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live ${PROPERTIES} ; then + eqawarn "QA Notice: pkg-config files with mismatched Version found!" + eqawarn "At least ${bad_file}'s Version field does not match ${PV}" + eqawarn "Please check all .pc files installed by this package." + fi } pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 183dc3d778cf83102aa7ed8291979b71a287cf7e Author: Sam James gentoo org> AuthorDate: Thu Feb 24 22:43:47 2022 + Commit: Sam James gentoo org> CommitDate: Tue Apr 12 01:59:55 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=183dc3d7 install-qa-check.d/60pkgconfig: exit early if no pkg-config installed But we still run the LDFLAGS check. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 5 + 1 file changed, 5 insertions(+) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 78c5b5a3c..4c6f01f03 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -17,6 +17,11 @@ pkgconfig_check() { eqatag -v pkgconfig.bad-ldlags "${f//${D}}" fi + # Bail out now so we can rely on pkgconfig in subsequent checks if we want. + if ! type -P pkg-config >/dev/null ; then + return + fi + # Validate using pkgconfig # Some less common implementations may not support this? # seems like f.d.o, OpenBSD, and of course pkgconf do though.
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 0d74ce0945f0567d2c695fe4443a5c94046dfe09 Author: Sam James gentoo org> AuthorDate: Thu Oct 28 00:37:15 2021 + Commit: Sam James gentoo org> CommitDate: Tue Apr 12 01:59:52 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=0d74ce09 install-qa-check.d/60pkgconfig: run pkg-config --validate on installed files Similar to the XDG desktop file validation check. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 10 ++ 1 file changed, 10 insertions(+) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 2cc9f7c59..9c4768a95 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -16,6 +16,16 @@ pkgconfig_check() { eqawarn "QA Notice: pkg-config files with wrong LDFLAGS detected:" eqawarn "${f//${D}}" fi + + # Validate using pkgconfig + # Some less common implementations may not support this? + # seems like f.d.o, OpenBSD, and of course pkgconf do though. + # Need --maximum-traverse-depth=1 to avoid checking deps and giving + # unrelated warnings/errors. + if ! pkg-config --maximum-traverse-depth=1 --validate "${files[@]}" ; then + eqawarn "QA Notice: pkg-config files which fail validation found!" + eqawarn "Run 'pkg-config --validate ...' for more information" + fi } pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 6bce6ac4dc87872c112e9f5c5a847acb78ec3d26 Author: Sam James gentoo org> AuthorDate: Thu Oct 28 00:37:41 2021 + Commit: Sam James gentoo org> CommitDate: Tue Apr 12 01:59:52 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6bce6ac4 install-qa-check.d/60pkgconfig: check if paths within .pc respect EPREFIX Seen this problem a few times and it's easy to miss. See: c90ab38e3577aae61fac2341b34ad593948de1cd in ::gentoo Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 17 + 1 file changed, 17 insertions(+) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 9c4768a95..9e09a1053 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -26,6 +26,23 @@ pkgconfig_check() { eqawarn "QA Notice: pkg-config files which fail validation found!" eqawarn "Run 'pkg-config --validate ...' for more information" fi + + # Check for unexpected paths + # e.g. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c90ab38e3577aae61fac2341b34ad593948de1cd + if [[ -n ${EPREFIX} ]] ; then + for f in "${files[@]}" ; do + local key + for key in prefix exec_prefix libdir includedir ; do + local value=$(pkg-config --variable="${key}" "${f}") + + if [[ ${value} != "${EPREFIX}"* ]] ; then + eqawarn "QA Notice: pkg-config files not respecting EPREFIX found" + eqawarn "${f}'s key=${key} does not respect EPREFIX:" + eqawarn "${key}=${value}" + fi + done + done + fi } pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 0ac65ddf7cff60a64730ca7c123f492fb68217a4 Author: Sam James gentoo org> AuthorDate: Thu Oct 28 00:38:43 2021 + Commit: Sam James gentoo org> CommitDate: Tue Apr 12 01:59:53 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=0ac65ddf install-qa-check.d/60pkgconfig: check for not respecting libdir in pc files It's not valid to reference lib64 when installing to /usr/lib where we want 32-bit libraries. We want to make sure that if we're installing a pkgconfig file for a 32-bit variant (multilib), we make sure that the file references the right library: it should have e.g. /usr/lib, not /usr/lib64, or consumers trying to use the 32-bit library will try to link against a 64-bit library. (We also cover the opposite case: /usr/lib64 pkgconfig files referencing /usr/lib). Bug: https://bugs.gentoo.org/729642 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 37 - 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 9e09a1053..cb6660bcb 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -14,7 +14,7 @@ pkgconfig_check() { f=$(egrep -zsH '^Libs.*-Wl,(-O[012]|--hash-style)' "${files[@]}") if [[ -n ${f} ]] ; then eqawarn "QA Notice: pkg-config files with wrong LDFLAGS detected:" - eqawarn "${f//${D}}" + eqatag -v pkgconfig.bad-ldlags "${f//${D}}" fi # Validate using pkgconfig @@ -39,10 +39,45 @@ pkgconfig_check() { eqawarn "QA Notice: pkg-config files not respecting EPREFIX found" eqawarn "${f}'s key=${key} does not respect EPREFIX:" eqawarn "${key}=${value}" + eqatag -v pkgconfig.bad-paths "${f}" fi done done fi + + # TODO: Generalise for non-lib64 libdir? Not that this is very common now + # that riscv chose a more standard layout. + # + # If we're installing to ${ED}/usr/lib/pkgconfig, let's make sure + # we're not referencing lib64. + # + # e.g. https://bugs.gentoo.org/729642 + local bad_libdir=() + for f in "${files[@]}" ; do + # In ${ED}/usr/lib, we shouldn't reference lib64 + if [[ ${f} == *lib/pkgconfig* ]] ; then + if [[ -d "${ED}"/usr/lib && -L "${ED}"/usr/lib ]] ; then + # (Don't bother if /usr/lib is a symlink to /usr/lib64) + continue + fi + + if egrep -q "/lib64" ${f} ; then + bad_libdir+=( ${f} ) + fi + elif [[ ${f} == *lib64/pkgconfig* ]] ; then + # We want to match /lib/, /lib/foo/, but not e.g. /lib64 or /lib64/, or libfoo + if grep -qP '/lib\b' ${f} ; then + bad_libdir+=( ${f} ) + fi + fi + done + + if [[ -n "${bad_libdir[@]}" ]] ; then + eqawarn "QA Notice: pkg-config files not respecting libdir found" + eqawarn "(contains reference to either lib or lib64 in wrong directory)" + eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}" + fi + } pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: d872bb3b6e879d75445536b9b0fca4009822d433 Author: Sam James gentoo org> AuthorDate: Thu Oct 28 00:36:29 2021 + Commit: Sam James gentoo org> CommitDate: Tue Apr 12 01:59:51 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=d872bb3b install-qa-check.d/60pkgconfig: create list of .pc files early (refactoring) This makes adding additional checks easier. We just bail out early if there's no work to be done. Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/60pkgconfig | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/60pkgconfig b/bin/install-qa-check.d/60pkgconfig index 1b34c04db..2cc9f7c59 100644 --- a/bin/install-qa-check.d/60pkgconfig +++ b/bin/install-qa-check.d/60pkgconfig @@ -1,8 +1,17 @@ # Check for pkg-config file issues pkgconfig_check() { + local files=() + # Make a list of .pc files and bail out if there aren't any + mapfile -d '' files < <( + find "${ED}"/usr/{lib*,share}/pkgconfig -maxdepth 1 -type f -name '*.pc' -print0 2>/dev/null + ) + [[ -z "${files[@]}" ]] && return + + local f + # Look for leaking LDFLAGS into pkg-config files - local f=$(egrep -sH '^Libs.*-Wl,(-O[012]|--hash-style)' "${ED}"/usr/*/pkgconfig/*.pc) + f=$(egrep -zsH '^Libs.*-Wl,(-O[012]|--hash-style)' "${files[@]}") if [[ -n ${f} ]] ; then eqawarn "QA Notice: pkg-config files with wrong LDFLAGS detected:" eqawarn "${f//${D}}"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 8ded447a1d194ad0190a174f7bb330417685d861 Author: Sam James gentoo org> AuthorDate: Sun Apr 10 16:51:02 2022 + Commit: Sam James gentoo org> CommitDate: Sun Apr 10 17:19:57 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=8ded447a install-qa-check.d/20runtime-directories: warn on /var/tmp too Bug: https://bugs.gentoo.org/493154 Bug: https://bugs.gentoo.org/837536 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/20runtime-directories | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/20runtime-directories b/bin/install-qa-check.d/20runtime-directories index 2e21d6d04..3dc52f425 100644 --- a/bin/install-qa-check.d/20runtime-directories +++ b/bin/install-qa-check.d/20runtime-directories @@ -1,10 +1,10 @@ # Check for directories that need to be created at runtime runtime_dir_check() { - # It's ok create these directories, but not to install into them. #493154 + # It's ok to create these directories, but not to install into them. #493154 # TODO: We should add var/lib to this list. local x f= - for x in var/cache var/lock var/run run ; do + for x in var/cache var/lock var/run var/tmp run ; do if [[ ! -L ${ED}/${x} && -d ${ED}/${x} ]] ; then if [[ -z $(find "${ED}/${x}" -prune -empty) ]] ; then f+=$(cd "${ED}"; find "${x}" -printf ' %p\n')
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 7b44116b4a669a49e51e5a495ab62a25229e18e4 Author: Sam James gentoo org> AuthorDate: Sat Apr 2 04:10:31 2022 + Commit: Sam James gentoo org> CommitDate: Tue Apr 5 04:32:56 2022 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=7b44116b bin/install-qa-check.d/95empty-dirs: update message for EAPI 8 Portage changed the default for >= EAPI 8 ("newer EAPIs" at the time, not actually specific to 8) in bfda0d2bd4ba03a4e77f488ec3fd4f9c6c351662 to enable FEATURES="strict-keepdir". Signed-off-by: Sam James gentoo.org> Closes: https://github.com/gentoo/portage/pull/802 Signed-off-by: Sam James gentoo.org> bin/install-qa-check.d/95empty-dirs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/95empty-dirs b/bin/install-qa-check.d/95empty-dirs index 34a1daf21..b8612bdf1 100644 --- a/bin/install-qa-check.d/95empty-dirs +++ b/bin/install-qa-check.d/95empty-dirs @@ -33,7 +33,7 @@ find_empty_dirs() { done eqawarn eqawarn "If those directories need to be preserved, please make sure to create" - eqawarn "or mark them for keeping using 'keepdir'. Future versions of Portage" + eqawarn "or mark them for keeping using 'keepdir'. Portage for >= EAPI 8 ebuilds" eqawarn "will strip empty directories from installation image." fi }
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 5952ad42e44d15da4d3a73d43f6bcc3714bf9a4f Author: Zac Medico gentoo org> AuthorDate: Sun Nov 3 20:11:35 2019 + Commit: Zac Medico gentoo org> CommitDate: Sun Nov 3 20:11:50 2019 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=5952ad42 Revert "install-qa-check.d: handle libtool files and static libs from /" This reverts commit a2506e4ebd47781eb81b7d13b0a1a376ed028c77. Signed-off-by: Zac Medico gentoo.org> bin/install-qa-check.d/80libraries | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/80libraries b/bin/install-qa-check.d/80libraries index 806605293..e59369bf6 100644 --- a/bin/install-qa-check.d/80libraries +++ b/bin/install-qa-check.d/80libraries @@ -139,7 +139,7 @@ lib_check() { # https://bugs.gentoo.org/4411 local abort="no" local a s - for a in "${ED%/}"{/usr,}/lib*/*.a ; do + for a in "${ED%/}"/usr/lib*/*.a ; do s=${a%.a}.so if [[ ! -e ${s} ]] ; then s=${s%usr/*}${s##*/usr/} @@ -154,7 +154,7 @@ lib_check() { # Verify that the libtool files don't contain bogus $D entries. local abort=no gentoo_bug=no always_overflow=no - for a in "${ED%/}"{/usr,}/lib*/*.la ; do + for a in "${ED%/}"/usr/lib*/*.la ; do s=${a##*/} if grep -qs "${ED}" "${a}" ; then __vecho -ne '\n'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: ae2a76261fd7e519bfbb3b8c4b41aa511d039245 Author: Zac Medico gentoo org> AuthorDate: Sun Nov 3 20:12:02 2019 + Commit: Zac Medico gentoo org> CommitDate: Sun Nov 3 20:14:42 2019 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ae2a7626 Revert "install-qa-check.d: remove check that bans libtool files and static libs from /" This reverts commit 498900e5e51460502d8271f409a4c614a021613b. This change is still being discussed. See: https://archives.gentoo.org/gentoo-portage-dev/message/6e4cfbb0ef9c36dc6511d4f2003cc458 Bug: https://bugs.gentoo.org/699252 Signed-off-by: Zac Medico gentoo.org> bin/install-qa-check.d/80libraries | 10 ++ 1 file changed, 10 insertions(+) diff --git a/bin/install-qa-check.d/80libraries b/bin/install-qa-check.d/80libraries index e59369bf6..d1d2c4fdd 100644 --- a/bin/install-qa-check.d/80libraries +++ b/bin/install-qa-check.d/80libraries @@ -152,6 +152,16 @@ lib_check() { done [[ ${abort} == "yes" ]] && die "add those ldscripts" + # Make sure people don't store libtool files or static libs in /lib + f=$(ls "${ED%/}"/lib*/*.{a,la} 2>/dev/null) + if [[ -n ${f} ]] ; then + __vecho -ne '\n' + eqawarn "QA Notice: Excessive files found in the / partition" + eqawarn "${f}" + __vecho -ne '\n' + die "static archives (*.a) and libtool library files (*.la) belong in /usr/lib*, not /lib*" + fi + # Verify that the libtool files don't contain bogus $D entries. local abort=no gentoo_bug=no always_overflow=no for a in "${ED%/}"/usr/lib*/*.la ; do
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a2506e4ebd47781eb81b7d13b0a1a376ed028c77 Author: Zac Medico gentoo org> AuthorDate: Sun Nov 3 19:59:06 2019 + Commit: Zac Medico gentoo org> CommitDate: Sun Nov 3 20:00:59 2019 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a2506e4e install-qa-check.d: handle libtool files and static libs from / Fixes: 498900e5e514 ("install-qa-check.d: remove check that bans libtool files and static libs from /") Bug: https://bugs.gentoo.org/699252 Signed-off-by: Zac Medico gentoo.org> bin/install-qa-check.d/80libraries | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/80libraries b/bin/install-qa-check.d/80libraries index e59369bf6..806605293 100644 --- a/bin/install-qa-check.d/80libraries +++ b/bin/install-qa-check.d/80libraries @@ -139,7 +139,7 @@ lib_check() { # https://bugs.gentoo.org/4411 local abort="no" local a s - for a in "${ED%/}"/usr/lib*/*.a ; do + for a in "${ED%/}"{/usr,}/lib*/*.a ; do s=${a%.a}.so if [[ ! -e ${s} ]] ; then s=${s%usr/*}${s##*/usr/} @@ -154,7 +154,7 @@ lib_check() { # Verify that the libtool files don't contain bogus $D entries. local abort=no gentoo_bug=no always_overflow=no - for a in "${ED%/}"/usr/lib*/*.la ; do + for a in "${ED%/}"{/usr,}/lib*/*.la ; do s=${a##*/} if grep -qs "${ED}" "${a}" ; then __vecho -ne '\n'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 498900e5e51460502d8271f409a4c614a021613b Author: William Hubbs gentoo org> AuthorDate: Sun Oct 27 17:40:07 2019 + Commit: Zac Medico gentoo org> CommitDate: Sun Nov 3 19:44:44 2019 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=498900e5 install-qa-check.d: remove check that bans libtool files and static libs from / Most upstreams and build systems do not make this distinction, so this causes unnecessary hacks in ebuilds. Bug: https://bugs.gentoo.org/699252 Signed-off-by: William Hubbs gentoo.org> Signed-off-by: Zac Medico gentoo.org> bin/install-qa-check.d/80libraries | 10 -- 1 file changed, 10 deletions(-) diff --git a/bin/install-qa-check.d/80libraries b/bin/install-qa-check.d/80libraries index d1d2c4fdd..e59369bf6 100644 --- a/bin/install-qa-check.d/80libraries +++ b/bin/install-qa-check.d/80libraries @@ -152,16 +152,6 @@ lib_check() { done [[ ${abort} == "yes" ]] && die "add those ldscripts" - # Make sure people don't store libtool files or static libs in /lib - f=$(ls "${ED%/}"/lib*/*.{a,la} 2>/dev/null) - if [[ -n ${f} ]] ; then - __vecho -ne '\n' - eqawarn "QA Notice: Excessive files found in the / partition" - eqawarn "${f}" - __vecho -ne '\n' - die "static archives (*.a) and libtool library files (*.la) belong in /usr/lib*, not /lib*" - fi - # Verify that the libtool files don't contain bogus $D entries. local abort=no gentoo_bug=no always_overflow=no for a in "${ED%/}"/usr/lib*/*.la ; do
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e54bc64a3779d4546b70a7a82d677a18d3c37b67 Author: Arfrever Frehtes Taifersar Arahesis Apache Org> AuthorDate: Fri May 10 01:20:14 2019 + Commit: Zac Medico gentoo org> CommitDate: Mon May 20 04:53:48 2019 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e54bc64a install-qa-check.d/80libraries: fix false positive Do not report libraries missing DT_NEEDED and not containing undefined non-weak symbols. Bug: https://bugs.gentoo.org/516016 Signed-off-by: Arfrever Frehtes Taifersar Arahesis Apache.Org> Signed-off-by: Zac Medico gentoo.org> bin/install-qa-check.d/80libraries | 21 +++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/80libraries b/bin/install-qa-check.d/80libraries index bbabc0eb9..d1d2c4fdd 100644 --- a/bin/install-qa-check.d/80libraries +++ b/bin/install-qa-check.d/80libraries @@ -1,7 +1,15 @@ # Check for issues with installed libraries scanelf_lib_check() { - local f x i j + local t v + for t in NM:nm ; do + v=${t%:*} # NM + t=${t#*:} # nm + eval ${v}=\"${!v:-${CHOST}-${t}}\" + type -P -- ${!v} >/dev/null || eval ${v}=${t} + done + + local f x i j library libraries # Check for shared libraries lacking SONAMEs local qa_var="QA_SONAME_${ARCH/-/_}" @@ -40,7 +48,16 @@ scanelf_lib_check() { # Check for shared libraries lacking NEEDED entries qa_var="QA_DT_NEEDED_${ARCH/-/_}" eval "[[ -n \${!qa_var} ]] && QA_DT_NEEDED=(\"\${${qa_var}[@]}\")" - f=$(scanelf -ByF '%n %p' "${ED%/}"/{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]${ED%/}/:/:") + f= + libraries=$(scanelf -ByF '%n %p' "${ED%/}"/{,usr/}lib*/lib*.so* | awk '$2 == "" { print }' | sed -e "s:^[[:space:]]::") + if [[ -n ${libraries} ]] ; then + while IFS= read -r library ; do + # Only shared libraries containing undefined non-weak symbols actually need NEEDED entries. + if [[ -n $(${NM} -D "${library}" | grep -E "^ +U ") ]] ; then + f+="/${library#${ED%/}/}"$'\n' + fi + done <<< "${libraries}" + fi if [[ -n ${f} ]] ; then echo "${f}" > "${T}"/scanelf-missing-NEEDED.log if [[ "${QA_STRICT_DT_NEEDED-unset}" == unset ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: bdde97ba14e85ea2ca6b128fddca710081334b55 Author: Arfrever Frehtes Taifersar Arahesis Apache Org> AuthorDate: Mon May 20 01:32:25 2019 + Commit: Zac Medico gentoo org> CommitDate: Mon May 20 04:36:32 2019 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=bdde97ba install-qa-check.d/10ignored-flags: fix false positive Do not report not respecting LDFLAGS for *.o files with __gentoo_check_ldflags__ symbol. Bug: https://bugs.gentoo.org/686356 Signed-off-by: Arfrever Frehtes Taifersar Arahesis Apache.Org> Signed-off-by: Zac Medico gentoo.org> bin/install-qa-check.d/10ignored-flags | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags index 09bcb57fc..062f51325 100644 --- a/bin/install-qa-check.d/10ignored-flags +++ b/bin/install-qa-check.d/10ignored-flags @@ -66,7 +66,7 @@ ignored_flag_check() { # Check for files built without respecting LDFLAGS if [[ "${LDFLAGS}" == *,--defsym=__gentoo_check_ldflags__* ]] && \ ! has binchecks ${RESTRICT} ; then - f=$(LC_ALL=C comm -3 <(scanelf -qyRF '#k%p' -k .dynsym "${ED%/}/" | LC_ALL=C sort) \ + f=$(LC_ALL=C comm -2 -3 <(scanelf -qyRF '#k%p' -k .dynsym "${ED%/}/" | LC_ALL=C sort) \ <(scanelf -qyRF '#s%p' -s __gentoo_check_ldflags__ "${ED%/}/" | LC_ALL=C sort)) if [[ -n ${f} ]] ; then echo "${f}" > "${T}"/scanelf-ignored-LDFLAGS.log
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, man/, bin/
commit: bfda0d2bd4ba03a4e77f488ec3fd4f9c6c351662 Author: Zac Medico gentoo org> AuthorDate: Sat Apr 27 18:11:11 2019 + Commit: Zac Medico gentoo org> CommitDate: Tue Apr 30 02:40:10 2019 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=bfda0d2b Enable FEATURES=strict-keepdir behavior for new EAPIs Suggested-by: Pacho Ramos gentoo.org> Bug: https://bugs.gentoo.org/651678 Signed-off-by: Zac Medico gentoo.org> bin/eapi.sh | 4 bin/install-qa-check.d/95empty-dirs | 4 +++- man/make.conf.5 | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/bin/eapi.sh b/bin/eapi.sh index 455bc9b0d..4eafc1c87 100644 --- a/bin/eapi.sh +++ b/bin/eapi.sh @@ -247,3 +247,7 @@ ___eapi_bash_4_2() { ___eapi_has_ENV_UNSET() { [[ ! ${1-${EAPI-0}} =~ ^(0|1|2|3|4|4-python|4-slot-abi|5|5-progress|6)$ ]] } + +___eapi_has_strict_keepdir() { + [[ ! ${1-${EAPI-0}} =~ ^(0|1|2|3|4|4-python|5|5-progress|6|7)$ ]] +} diff --git a/bin/install-qa-check.d/95empty-dirs b/bin/install-qa-check.d/95empty-dirs index 8599db395..34a1daf21 100644 --- a/bin/install-qa-check.d/95empty-dirs +++ b/bin/install-qa-check.d/95empty-dirs @@ -17,7 +17,9 @@ find_empty_dirs() { local warn_dirs=() local d striparg= - [[ ${FEATURES} == *strict-keepdir* ]] && striparg=-delete + if ___eapi_has_strict_keepdir || [[ ${FEATURES} == *strict-keepdir* ]]; then + striparg=-delete + fi while IFS= read -r -d $'\0' d; do [[ ${d} == ${ED%/}/var/* ]] && warn_dirs+=( "${d}" ) diff --git a/man/make.conf.5 b/man/make.conf.5 index 0ad3e2f7d..4c9f00675 100644 --- a/man/make.conf.5 +++ b/man/make.conf.5 @@ -649,6 +649,7 @@ dangerous (like missing or incorrect digests for ebuilds). .B strict-keepdir Have portage strictly require keepdir calls in ebuilds. Empty directories installed without explicit keepdir will be removed. +This feature is automatically enabled for \fBEAPI 8\fR and later. .TP .B stricter Have portage react strongly to conditions that may conflict with system
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: dd605b1aa574fc035d3319d954be1ca0d2cdde19 Author: Zac Medico gentoo org> AuthorDate: Sat Oct 6 01:11:02 2018 + Commit: Zac Medico gentoo org> CommitDate: Sat Oct 6 01:14:14 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=dd605b1a Revert "install-qa-checks.d: Add a check for Gentoo path policies (FHS-y)" This reverts commit d5f97eaa464736a454c8ad410f4acd4fccdf2324. Until this QA check has adjustable whitelist support, we can consider it an unstable work in progress. Therefore, I'd like for the QA team to move it gentoo/metadata/install-qa-check.d/08gentoo-paths until it has matured. It's safe to commit it to the gentoo repository now, and it will become active when portage's internal copy is removed. Bug: https://bugs.gentoo.org/667604 Closes: https://bugs.gentoo.org/667378 Closes: https://github.com/gentoo/portage/pull/373 Signed-off-by: Zac Medico gentoo.org> bin/install-qa-check.d/08gentoo-paths | 77 --- 1 file changed, 77 deletions(-) diff --git a/bin/install-qa-check.d/08gentoo-paths b/bin/install-qa-check.d/08gentoo-paths deleted file mode 100644 index 3ee887df0..0 --- a/bin/install-qa-check.d/08gentoo-paths +++ /dev/null @@ -1,77 +0,0 @@ -# Check whether ebuilds are not installing new, non-Gentoo-ey paths. - -gentoo_path_check() { - # allowed path definitions - # - - # directories common to / and /usr - local allowed_common_dirs=( - bin lib lib32 lib64 libx32 sbin - ) - - # toplevel directories which can be installed to by ebuilds - # /home is not included as no ebuilds should install files there - local allowed_paths_toplevel=( - "${allowed_common_dirs[@]}" - boot dev etc opt srv usr var - ) - - # directories in /usr which can be installed to by ebuilds - # /usr/games is not included as it is banned nowadays - local allowed_paths_usr=( - "${allowed_common_dirs[@]}" - include libexec share src - # toolchain stuff - "${CHOST}" "${CTARGET}" - ) - - - # the logic - # - - local bad_paths=() - local x - - local shopt_save=$(shopt -p nullglob) - shopt -s nullglob - - # 1. check for unexpected top-level directories - local toplevel_dirs=( "${ED%/}"/* ) - for x in "${toplevel_dirs[@]##*/}"; do - if ! has "${x}" "${allowed_paths_toplevel[@]}"; then - bad_paths+=( "/${x}" ) - fi - done - - # 2. check for unexpected /usr subdirectories - local usr_dirs=( "${ED%/}"/usr/* ) - for x in "${usr_dirs[@]##*/}"; do - if ! has "${x}" "${allowed_paths_usr[@]}"; then - bad_paths+=( "/usr/${x}" ) - fi - done - - # 3. check for unexpected /usr/share/doc subdirectories - local doc_dirs=( "${ED%/}"/usr/share/doc/* ) - for x in "${doc_dirs[@]##*/}"; do - if [[ ${x} != ${PF} ]]; then - bad_paths+=( "/usr/share/doc/${x}" ) - fi - done - - ${shopt_save} - - # report - # -- - if [[ -n ${bad_paths[@]} ]]; then - eqawarn "The ebuild is installing to one or more unexpected paths:" - eqawarn - eqatag -v non-gentoo-paths "${bad_paths[@]}" - eqawarn - eqawarn "Please fix the ebuild to use correct FHS/Gentoo policy paths." - fi -} - -gentoo_path_check -: # guarantee successful exit - -# vim:ft=sh
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, bin/
commit: aecc59a5f2c05db09ee7e04a32875998adddf446 Author: Michał Górny gentoo org> AuthorDate: Thu Sep 20 18:18:44 2018 + Commit: Michał Górny gentoo org> CommitDate: Thu Sep 20 18:48:37 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=aecc59a5 Move parallel xargs wrapping to isolated-functions.sh Move the parallel xargs support used in pngfix QA check to isolated-functions.sh, to be reused in ecompress. Signed-off-by: Michał Górny gentoo.org> Reviewed-by: Zac Medico gentoo.org> bin/helper-functions.sh | 9 + bin/install-qa-check.d/60pngfix | 13 ++--- bin/isolated-functions.sh | 22 ++ 3 files changed, 25 insertions(+), 19 deletions(-) diff --git a/bin/helper-functions.sh b/bin/helper-functions.sh index 9b6e201aa..2d359762a 100644 --- a/bin/helper-functions.sh +++ b/bin/helper-functions.sh @@ -10,13 +10,6 @@ source "${PORTAGE_BIN_PATH}"/isolated-functions.sh || exit 1 # # API functions for doing parallel processing # -makeopts_jobs() { - # Copied from eutils.eclass:makeopts_jobs() - local jobs=$(echo " ${MAKEOPTS} " | \ - sed -r -n 's:.*[[:space:]](-j|--jobs[=[:space:]])[[:space:]]*([0-9]+).*:\2:p') - echo ${jobs:-1} -} - __multijob_init() { # Setup a pipe for children to write their pids to when they finish. # We have to allocate two fd's because POSIX has undefined behavior @@ -34,7 +27,7 @@ __multijob_init() { rm -f "${pipe}" # See how many children we can fork based on the user's settings. - mj_max_jobs=$(makeopts_jobs "$@") + mj_max_jobs=$(___makeopts_jobs "$@") mj_num_jobs=0 } diff --git a/bin/install-qa-check.d/60pngfix b/bin/install-qa-check.d/60pngfix index b69c55614..a2e23d1d3 100644 --- a/bin/install-qa-check.d/60pngfix +++ b/bin/install-qa-check.d/60pngfix @@ -1,16 +1,7 @@ # Check for issues with PNG files -source "${PORTAGE_BIN_PATH}/helper-functions.sh" || exit 1 - pngfix_check() { - local chunksize=1 jobs pngfix=$(type -P pngfix) xargs=(${XARGS}) - - if "${xargs[@]}" --help | grep -q -- --max-procs=; then - jobs=$(makeopts_jobs) - if [[ ${jobs} -gt 1 ]]; then - xargs+=("--max-procs=${jobs}" -L "${chunksize}") - fi - fi + local pngfix=$(type -P pngfix) if [[ -n ${pngfix} ]] ; then local pngout=() @@ -35,7 +26,7 @@ pngfix_check() { fi eqawarn " ${pngout[@]:7}: ${error}" fi - done < <(find "${ED}" -type f -name '*.png' -print0 | "${xargs[@]}" -0 "${pngfix}") + done < <(find "${ED}" -type f -name '*.png' -print0 | ___parallel_xargs -0 "${pngfix}") fi } diff --git a/bin/isolated-functions.sh b/bin/isolated-functions.sh index cac42a4c5..39b0ad344 100644 --- a/bin/isolated-functions.sh +++ b/bin/isolated-functions.sh @@ -460,6 +460,28 @@ if [[ -z ${XARGS} ]] ; then esac fi +___makeopts_jobs() { + # Copied from eutils.eclass:makeopts_jobs() + local jobs=$(echo " ${MAKEOPTS} " | \ + sed -r -n 's:.*[[:space:]](-j|--jobs[=[:space:]])[[:space:]]*([0-9]+).*:\2:p') + echo ${jobs:-1} +} + +# Run ${XARGS} in parallel for detected number of CPUs, if supported. +# Passes all arguments to xargs, and returns its exit code +___parallel_xargs() { + local chunksize=1 jobs xargs=( ${XARGS} ) + + if "${xargs[@]}" --help | grep -q -- --max-procs=; then + jobs=$(___makeopts_jobs) + if [[ ${jobs} -gt 1 ]]; then + xargs+=("--max-procs=${jobs}" -L "${chunksize}") + fi + fi + + "${xargs[@]}" "${@}" +} + hasq() { has $EBUILD_PHASE prerm postrm || eqawarn \ "QA Notice: The 'hasq' function is deprecated (replaced by 'has')"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: d5f97eaa464736a454c8ad410f4acd4fccdf2324 Author: Michał Górny gentoo org> AuthorDate: Tue Sep 4 06:54:23 2018 + Commit: Michał Górny gentoo org> CommitDate: Tue Sep 4 21:15:55 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=d5f97eaa install-qa-checks.d: Add a check for Gentoo path policies (FHS-y) Add a check that verifies whether ebuilds don't install to paths forbidden by the policy. This mostly aims to verbosely report bugs such as missing dependencies causing empty install paths, resulting in files ending up in / and bad upstreams. This should also help detect the relatively common mistake of using /usr/share/doc/${P} instead of ${PF}. The initial list of allowed paths was based on what ebuilds installed to my system. bin/install-qa-check.d/08gentoo-paths | 77 +++ 1 file changed, 77 insertions(+) diff --git a/bin/install-qa-check.d/08gentoo-paths b/bin/install-qa-check.d/08gentoo-paths new file mode 100644 index 0..3ee887df0 --- /dev/null +++ b/bin/install-qa-check.d/08gentoo-paths @@ -0,0 +1,77 @@ +# Check whether ebuilds are not installing new, non-Gentoo-ey paths. + +gentoo_path_check() { + # allowed path definitions + # + + # directories common to / and /usr + local allowed_common_dirs=( + bin lib lib32 lib64 libx32 sbin + ) + + # toplevel directories which can be installed to by ebuilds + # /home is not included as no ebuilds should install files there + local allowed_paths_toplevel=( + "${allowed_common_dirs[@]}" + boot dev etc opt srv usr var + ) + + # directories in /usr which can be installed to by ebuilds + # /usr/games is not included as it is banned nowadays + local allowed_paths_usr=( + "${allowed_common_dirs[@]}" + include libexec share src + # toolchain stuff + "${CHOST}" "${CTARGET}" + ) + + + # the logic + # - + local bad_paths=() + local x + + local shopt_save=$(shopt -p nullglob) + shopt -s nullglob + + # 1. check for unexpected top-level directories + local toplevel_dirs=( "${ED%/}"/* ) + for x in "${toplevel_dirs[@]##*/}"; do + if ! has "${x}" "${allowed_paths_toplevel[@]}"; then + bad_paths+=( "/${x}" ) + fi + done + + # 2. check for unexpected /usr subdirectories + local usr_dirs=( "${ED%/}"/usr/* ) + for x in "${usr_dirs[@]##*/}"; do + if ! has "${x}" "${allowed_paths_usr[@]}"; then + bad_paths+=( "/usr/${x}" ) + fi + done + + # 3. check for unexpected /usr/share/doc subdirectories + local doc_dirs=( "${ED%/}"/usr/share/doc/* ) + for x in "${doc_dirs[@]##*/}"; do + if [[ ${x} != ${PF} ]]; then + bad_paths+=( "/usr/share/doc/${x}" ) + fi + done + + ${shopt_save} + + # report + # -- + if [[ -n ${bad_paths[@]} ]]; then + eqawarn "The ebuild is installing to one or more unexpected paths:" + eqawarn + eqatag -v non-gentoo-paths "${bad_paths[@]}" + eqawarn + eqawarn "Please fix the ebuild to use correct FHS/Gentoo policy paths." + fi +} + +gentoo_path_check +: # guarantee successful exit + +# vim:ft=sh
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 04e71a831bc42f2a0de1694dd2013eac0414e007 Author: Michael Orlitzky gentoo org> AuthorDate: Tue Aug 7 16:46:03 2018 + Commit: Zac Medico gentoo org> CommitDate: Tue Aug 7 18:39:26 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=04e71a83 bin/install-qa-check.d: add new 90bad-bin-owner QA check. System executables that are not owned by root pose a security risk. The owner of the executable is free to modify it at any time; so, for example, he can change a daemon's behavior to make it malicious before the next time the service is started (usually by root). On a "normal" system, the superuser should own every system executable (even setuid ones, for security reasons). This commit adds a new install-time check that reports any such binaries with a QA warning. To avoid false positives, non-"normal" systems (like prefix) are skipped at the moment. Bug: https://bugs.gentoo.org/629398 bin/install-qa-check.d/90bad-bin-owner | 48 ++ 1 file changed, 48 insertions(+) diff --git a/bin/install-qa-check.d/90bad-bin-owner b/bin/install-qa-check.d/90bad-bin-owner new file mode 100644 index 0..c3ee30746 --- /dev/null +++ b/bin/install-qa-check.d/90bad-bin-owner @@ -0,0 +1,48 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +bad_bin_owner_check() { + # Warn about globally-installed executables (in /bin, /usr/bin, /sbin, + # /usr/sbin, or /opt/bin) that are owned by a nonzero UID. + + # This check doesn't work on non-root prefix installations at + # the moment, because every executable therein is owned by a + # nonzero UID. + [[ "${EUID}" -ne "0" || "${PORTAGE_INST_UID}" -ne "0" ]] && return + + local d f found=() + + for d in "${ED%/}/opt/bin" "${ED%/}/bin" "${ED%/}/usr/bin" \ + "${ED%/}/sbin" "${ED%/}/usr/sbin"; do + [[ -d "${d}" ]] || continue + + # Read the results of the "find" command into the "found" bash array. + # + # Use -L to catch symlinks whose targets are owned by a non-root user, + # even though it won't catch ABSOLUTE symlinks until the package + # is RE-installed (the first time around, the target won't exist). + # + # We do want to list non-superuser setuid executables, because + # they can be exploited. The owner can simply wipe the setuid + # bit, and then alter the contents of the file. The superuser + # will then have a time bomb in his $PATH. + while read -r -d '' f; do + found+=( "${f}" ) + done < <(find -L "${d}" \ + -maxdepth 1 \ + -type f \ + ! -uid 0 \ + -print0) + done + + if [[ ${found[@]} ]]; then + eqawarn "system executables owned by nonzero uid:" + for f in "${found[@]}"; do + # Strip off the leading destdir before outputting the path. + eqawarn " ${f#${D%/}}" + done + fi +} + +bad_bin_owner_check +:
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 807ac3d9d6eecead73f59d399b30559e5c731587 Author: Michael Orlitzky gentoo org> AuthorDate: Tue Aug 7 16:46:04 2018 + Commit: Zac Medico gentoo org> CommitDate: Tue Aug 7 18:39:26 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=807ac3d9 bin/install-qa-check.d: add new 90bad-bin-group-write QA check. System executables that are writable by a non-root user pose a security risk. Anyone who can write to an executable can change its behavior. If that executable is later run with elevated privileges (say, by root, when the machine starts), then the non-root user can escalate his own privileges to those of the person running the modified executable. The 90bad-bin-owner check already addresses one cause for a non-root user to be able to modify an executable: because he owns it. This commit adds another check, to ensure that no non-root *groups* have write access to any system executables. On a "normal" system, all system executables should be writable only by the super-user's group, if any. To avoid false-positives, non-"normal" systems (like prefix) are skipped. Closes: https://bugs.gentoo.org/629398 bin/install-qa-check.d/90bad-bin-group-write | 55 1 file changed, 55 insertions(+) diff --git a/bin/install-qa-check.d/90bad-bin-group-write b/bin/install-qa-check.d/90bad-bin-group-write new file mode 100644 index 0..786dde712 --- /dev/null +++ b/bin/install-qa-check.d/90bad-bin-group-write @@ -0,0 +1,55 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +bad_bin_group_write_check() { + # Warn about globally-installed executables (in /bin, /usr/bin, /sbin, + # /usr/sbin, or /opt/bin) that are group-writable by a nonzero GID. + + # This check doesn't work on non-root prefix installations at + # the moment, because every executable therein is owned by a + # nonzero GID. + [[ "${EUID}" -ne "0" || "${PORTAGE_INST_UID}" -ne "0" ]] && return + + local d f found=() + + for d in "${ED%/}/opt/bin" "${ED%/}/bin" "${ED%/}/usr/bin" \ + "${ED%/}/sbin" "${ED%/}/usr/sbin"; do + [[ -d "${d}" ]] || continue + + # Read the results of the "find" command into the "found" array. + # + # Use -L to catch symlinks whose targets are vulnerable, + # even though it won't catch ABSOLUTE symlinks until the package + # is RE-installed (the first time around, the target won't exist). + # + # We match the GID and not the name "root" here because (for + # example) on FreeBSD, the superuser group is "wheel". + # + # We don't make an exception for setguid executables here, because + # a group-writable setguid executable is likely a mistake. By + # altering the contents of the executable, a member of the group + # can allow everyone (i.e. the people running it) to obtain the + # full privileges available to that group. While only existing + # group members can make that choice, it's a decision usually + # limited to the system administrator. + while read -r -d '' f; do + found+=( "${f}" ) + done < <(find -L "${d}" \ + -maxdepth 1 \ + -type f \ + -perm /g+w\ + ! -gid 0 \ + -print0) + done + + if [[ ${found[@]} ]]; then + eqawarn "system executables group-writable by nonzero gid:" + for f in "${found[@]}"; do + # Strip off the leading destdir before outputting the path. + eqawarn " ${f#${D%/}}" + done + fi +} + +bad_bin_group_write_check +:
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 12aa832c91a6f2c2faee5a2e839b7f1ed5a0ee6e Author: Francesco Turco fastmail fm> AuthorDate: Sat Aug 4 18:47:40 2018 + Commit: Zac Medico gentoo org> CommitDate: Sat Aug 4 19:34:51 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=12aa832c install-qa-check.d: fix hardened g.o e-mail address Closes: https://github.com/gentoo/portage/pull/350 bin/install-qa-check.d/10executable-issues | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/10executable-issues b/bin/install-qa-check.d/10executable-issues index 8a2c8e875..6b33d281d 100644 --- a/bin/install-qa-check.d/10executable-issues +++ b/bin/install-qa-check.d/10executable-issues @@ -128,7 +128,7 @@ elf_check() { eqawarn eqawarn " Please include the following list of files in your report:" eqawarn " Note: Bugs should be filed for the respective maintainers" - eqawarn " of the package in question and not hardened@g.o." + eqawarn " of the package in question and not harde...@gentoo.org." eqawarn "${f}" __vecho -ne '\n' die_msg="${die_msg} execstacks"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 50283f1abb77f0785ab86d41ad70d76df4e399be Author: Zac Medico gentoo org> AuthorDate: Wed Jul 25 19:43:24 2018 + Commit: Zac Medico gentoo org> CommitDate: Sat Jul 28 06:31:56 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=50283f1a install-qa-check.d/60pngfix: parallel support (bug 630292) If xargs supports the --max-procs option then use the makeopts_jobs function from helper-functions.sh to generate a --max-procs argument. Use xargs -L 1 to limit the number of png files per pngfix process, in order to ensure that enough processes are spawned, since otherwise xargs minimizes the number of processes spawned. A benchmark with flightgear-data-2018.2.1 shows that larger values of -L only decrease performance. Bug: https://bugs.gentoo.org/630292 Reviewed-by: Lars Wendler gentoo.org> Reviewed-by: Mike Gilbert gentoo.org> bin/install-qa-check.d/60pngfix | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/60pngfix b/bin/install-qa-check.d/60pngfix index 8d53040b6..b69c55614 100644 --- a/bin/install-qa-check.d/60pngfix +++ b/bin/install-qa-check.d/60pngfix @@ -1,7 +1,17 @@ # Check for issues with PNG files +source "${PORTAGE_BIN_PATH}/helper-functions.sh" || exit 1 + pngfix_check() { - local pngfix=$(type -P pngfix) + local chunksize=1 jobs pngfix=$(type -P pngfix) xargs=(${XARGS}) + + if "${xargs[@]}" --help | grep -q -- --max-procs=; then + jobs=$(makeopts_jobs) + if [[ ${jobs} -gt 1 ]]; then + xargs+=("--max-procs=${jobs}" -L "${chunksize}") + fi + fi + if [[ -n ${pngfix} ]] ; then local pngout=() local next @@ -25,7 +35,7 @@ pngfix_check() { fi eqawarn " ${pngout[@]:7}: ${error}" fi - done < <(find "${ED}" -type f -name '*.png' -exec "${pngfix}" {} +) + done < <(find "${ED}" -type f -name '*.png' -print0 | "${xargs[@]}" -0 "${pngfix}") fi }
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, bin/
commit: ae6d6aa22d074c04cd9caefe1ca02bf615bfd86f Author: Arfrever Frehtes Taifersar Arahesis Apache Org> AuthorDate: Tue Apr 17 02:06:38 2018 + Commit: Zac Medico gentoo org> CommitDate: Tue Apr 17 02:11:19 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ae6d6aa2 estrip, install-qa-check.d/10ignored-flags: fix bug 653352 Update detection of ELF files to work with >=sys-apps/file-5.33. Bug: https://bugs.gentoo.org/653352 bin/estrip | 3 ++- bin/install-qa-check.d/10ignored-flags | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/bin/estrip b/bin/estrip index 030d9e8bf..5709b862c 100755 --- a/bin/estrip +++ b/bin/estrip @@ -427,7 +427,8 @@ do ${STRIP} -g "${x}" fi fi - elif [[ ${f} == *"SB executable"* || ${f} == *"SB shared object"* ]] ; then + elif [[ ${f} == *"SB executable"* || ${f} == *"SB pie executable"* || + ${f} == *"SB shared object"* ]] ; then process_elf "${x}" "${inode_link}" ${PORTAGE_STRIP_FLAGS} elif [[ ${f} == *"SB relocatable"* ]] ; then process_elf "${x}" "${inode_link}" ${SAFE_STRIP_FLAGS} diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags index 28aec6787..dc160e182 100644 --- a/bin/install-qa-check.d/10ignored-flags +++ b/bin/install-qa-check.d/10ignored-flags @@ -32,7 +32,7 @@ ignored_flag_check() { # similar to how prepstrip uses it. f=$(file "${x}") || continue [[ -z ${f} ]] && continue - if [[ ${f} == *"SB executable"* || + if [[ ${f} == *"SB executable"* || ${f} == *"SB pie executable"* || ${f} == *"SB shared object"* ]] ; then echo "${x}" >> "${T}"/scanelf-ignored-CFLAGS.log fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a03d0f3d4b6aa58df7b6f9dd9d76c45128455ec1 Author: Michał Górny gentoo org> AuthorDate: Thu Jan 25 09:07:36 2018 + Commit: Michał Górny gentoo org> CommitDate: Fri Jan 26 06:40:02 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a03d0f3d install-qa-check.d: Scan build log for CMake unused var warnings Scan build log and report verbosely CMake warnings about unused variables. This is a quite common problem, yet currently it is hard to notice it since the warning is mixed with src_configure() output. Repeat it verbosely after the install. This check outputs warnings such as: * One or more CMake variables were not used by the project: * CMAKE_USER_MAKE_RULES_OVERRIDE Reviewed-by: Zac Medico gentoo.org> bin/install-qa-check.d/90cmake-warnings | 28 1 file changed, 28 insertions(+) diff --git a/bin/install-qa-check.d/90cmake-warnings b/bin/install-qa-check.d/90cmake-warnings new file mode 100644 index 0..a6e901efc --- /dev/null +++ b/bin/install-qa-check.d/90cmake-warnings @@ -0,0 +1,28 @@ +# Check for CMake invalid option warnings + +cmake_warn_check() { + if [[ -n ${PORTAGE_LOG_FILE} && -r ${PORTAGE_LOG_FILE} ]] ; then + local cat=cat + [[ ${PORTAGE_LOG_FILE} == *.gz ]] && cat=zcat + + local vars=() + while read -r l; do + vars+=( "${l}" ) + done < <( "${cat}" "${PORTAGE_LOG_FILE}" \ + | sed -n -e '/Manually-specified variables were not used by the project/,/^--/{/^/p}' \ + | LC_ALL=C sort -u) + + if [[ ${vars} ]]; then + eqawarn "One or more CMake variables were not used by the project:" + local v + for v in "${vars[@]}"; do + eqawarn " ${v}" + done + fi + fi +} + +cmake_warn_check +: # guarantee successful exit + +# vim:ft=sh
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 730a867c1050937c82c775d7678a616c7b9546e6 Author: Felix Janda posteo de> AuthorDate: Mon Oct 16 03:51:37 2017 + Commit: Zac Medico gentoo org> CommitDate: Mon Oct 16 17:20:04 2017 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=730a867c install-qa-check.d/10ignored-flags: fix LDFLAGS check (bug 455232) Since binutils-2.23.51.0.9+ defaults to hash-style=gnu, use a __gentoo_check_ldflags__ symbol instead. The check is now enabled by adding "-Wl,--defsym=__gentoo_check_ldflags__=0" to LDFLAGS. The symbol will be automatically removed when the binary is stripped. Bug: https://bugs.gentoo.org/455232 Acked-by: Brian Dolbec gentoo.org> bin/install-qa-check.d/10ignored-flags | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags index 7aa9eb695..28aec6787 100644 --- a/bin/install-qa-check.d/10ignored-flags +++ b/bin/install-qa-check.d/10ignored-flags @@ -64,9 +64,10 @@ ignored_flag_check() { fi # Check for files built without respecting LDFLAGS - if [[ "${LDFLAGS}" == *,--hash-style=gnu* ]] && \ + if [[ "${LDFLAGS}" == *,--defsym=__gentoo_check_ldflags__* ]] && \ ! has binchecks ${RESTRICT} ; then - f=$(scanelf -qyRF '#k%p' -k .hash "${ED}") + f=$(LC_ALL=C comm -3 <(scanelf -qyRF '#k%p' -k .dynsym "${ED}" | LC_ALL=C sort) \ + <(scanelf -qyRF '#s%p' -s __gentoo_check_ldflags__ "${ED}" | LC_ALL=C sort)) if [[ -n ${f} ]] ; then echo "${f}" > "${T}"/scanelf-ignored-LDFLAGS.log if [ "${QA_STRICT_FLAGS_IGNORED-unset}" = unset ] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 864585bc32dc0ccad8f53aec03d378d37b385c21 Author: Zac Medico gentoo org> AuthorDate: Tue Aug 1 05:04:29 2017 + Commit: Zac Medico gentoo org> CommitDate: Wed Aug 2 07:22:12 2017 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=864585bc multilib-strict: disable recursion into subdirectories (bug 424423) Disable recursion into subdirectories, in order to avoid false-positives. The MULTILIB_STRICT_EXEMPT variable only served to filter false-positives that were triggered by recursion, so it will no longer be needed. X-Gentoo-bug: 424423 X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=424423 Reviewed-by: Manuel Rüger gentoo.org> bin/install-qa-check.d/80multilib-strict | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/bin/install-qa-check.d/80multilib-strict b/bin/install-qa-check.d/80multilib-strict index f944be9e6..afd223250 100644 --- a/bin/install-qa-check.d/80multilib-strict +++ b/bin/install-qa-check.d/80multilib-strict @@ -6,14 +6,13 @@ multilib_strict_check() { then rm -f "${T}/multilib-strict.log" local abort=no dir file - MULTILIB_STRICT_EXEMPT=$(echo ${MULTILIB_STRICT_EXEMPT} | sed -e 's:\([(|)]\):\\\1:g') for dir in ${MULTILIB_STRICT_DIRS} ; do [[ -d ${ED}/${dir} ]] || continue - for file in $(find ${ED}/${dir} -type f | grep -v "^${ED}/${dir}/${MULTILIB_STRICT_EXEMPT}"); do - if file ${file} | egrep -q "${MULTILIB_STRICT_DENY}" ; then + while read -r -d '' file; do + if file "${file}" | grep -Eq "${MULTILIB_STRICT_DENY}" ; then echo "${file#${ED}//}" >> "${T}/multilib-strict.log" fi - done + done < <(find "${ED}/${dir}" -maxdepth 1 -type f -print0) done if [[ -s ${T}/multilib-strict.log ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e7fb57859b18a1c5ef3fb22d71ac8a6bf74e5375 Author: Zac Medico gentoo org> AuthorDate: Thu Jun 2 06:10:40 2016 + Commit: Zac Medico gentoo org> CommitDate: Thu Jun 2 06:10:40 2016 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e7fb5785 install-qa-check.d/60openrc: validate bash for openrc-run shebangs bin/install-qa-check.d/60openrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/60openrc b/bin/install-qa-check.d/60openrc index 28e3bbf..0ab27f6 100644 --- a/bin/install-qa-check.d/60openrc +++ b/bin/install-qa-check.d/60openrc @@ -11,7 +11,7 @@ openrc_check() { [[ ! -e ${i} ]] && continue if [[ ${d} == /etc/init.d && ${i} != *.sh ]] ; then # skip non-shell-script for bug #451386 - [[ $(head -n1 "${i}") =~ ^#!.*[[:space:]/](runscript|sh)$ ]] || continue + [[ $(head -n1 "${i}") =~ ^#!.*[[:space:]/](openrc-run|runscript|sh)$ ]] || continue if [[ $(head -n1 "${i}") == '#!/sbin/runscript' ]] ; then eqawarn "QA Notice: #!/sbin/runscript is deprecated, use #!/sbin/openrc-run instead:" while read -r ;
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 6296c4363abf36276bc49a28cd4635437757aa6e Author: Austin English gentoo org> AuthorDate: Wed Jun 1 07:00:38 2016 + Commit: Zac Medico gentoo org> CommitDate: Thu Jun 2 01:38:21 2016 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6296c436 install-qa-check.d/60openrc: make sure initscripts aren't using #!/sbin/runscript Signed-off-by: Zac Medico gentoo.org> bin/install-qa-check.d/60openrc | 6 ++ 1 file changed, 6 insertions(+) diff --git a/bin/install-qa-check.d/60openrc b/bin/install-qa-check.d/60openrc index 1e56b2f..28e3bbf 100644 --- a/bin/install-qa-check.d/60openrc +++ b/bin/install-qa-check.d/60openrc @@ -12,6 +12,12 @@ openrc_check() { if [[ ${d} == /etc/init.d && ${i} != *.sh ]] ; then # skip non-shell-script for bug #451386 [[ $(head -n1 "${i}") =~ ^#!.*[[:space:]/](runscript|sh)$ ]] || continue + if [[ $(head -n1 "${i}") == '#!/sbin/runscript' ]] ; then + eqawarn "QA Notice: #!/sbin/runscript is deprecated, use #!/sbin/openrc-run instead:" + while read -r ; + do eqawarn " ${REPLY}" + done <<< "${i//${ED}}" + fi fi bash -n "${i}" || die "The init.d file has syntax errors: ${i}" done
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 9266e8e8d5709b9046e085baf3521a9e7a744d5b Author: Mike Frysinger gentoo org> AuthorDate: Thu May 12 22:08:46 2016 + Commit: Mike Frysinger gentoo org> CommitDate: Thu May 12 22:08:46 2016 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=9266e8e8 qa-checks: executable-issues: improve logic & output Use more robust shell styles for parsing strings/output, and change the QA log output to include the actual failing rpaths. This helps in debugging/tracking down problems. X-Gentoo-Bug: 582524 X-Gentoo-Bug-URL: https://bugs.gentoo.org/582524 bin/install-qa-check.d/10executable-issues | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/bin/install-qa-check.d/10executable-issues b/bin/install-qa-check.d/10executable-issues index 066f150..b52cc93 100644 --- a/bin/install-qa-check.d/10executable-issues +++ b/bin/install-qa-check.d/10executable-issues @@ -22,26 +22,26 @@ elf_check() { # that directory won't exist on the target system. # 3) Null paths are banned because the loader will search $PWD when # it finds null paths. - local forbidden_dirs="${PORTAGE_BUILDDIR}" - if [[ -n "${ROOT}" && "${ROOT}" != "/" ]]; then - forbidden_dirs+=" ${ROOT}" + local forbidden_dirs=( "${PORTAGE_BUILDDIR}" ) + if [[ "${ROOT:-/}" != "/" ]]; then + forbidden_dirs+=( "${ROOT}" ) fi local dir l rpath_files=$(scanelf -F '%F:%r' -qBR "${ED}") f="" - for dir in ${forbidden_dirs}; do - for l in $(echo "${rpath_files}" | grep -E ":${dir}|::|: "); do - f+=" ${l%%:*}\n" + for dir in "${forbidden_dirs[@]}"; do + while read l; do + f+=" ${l/:/\nRPATH: }\n" if ! has stricter ${FEATURES}; then __vecho "Auto fixing rpaths for ${l%%:*}" TMPDIR="${dir}" scanelf -BXr "${l%%:*}" -o /dev/null fi - done + done < <(echo "${rpath_files}" | grep -F -e ":${dir}" -e "::" -e ": ") done # Reject set*id binaries with $ORIGIN in RPATH #260331 x=$( - find "${ED}" -type f \( -perm -u+s -o -perm -g+s \) -print0 | \ - xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN' + find "${ED}" -type f '(' -perm -u+s -o -perm -g+s ')' \ + -exec scanelf -qyRF '%r %p' {} + | grep '$ORIGIN' ) # Print QA notice.
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 04dd7923eedec4103c4ff52f382b5af68b4364b4 Author: Mike Frysinger gentoo org> AuthorDate: Thu May 12 21:35:13 2016 + Commit: Mike Frysinger gentoo org> CommitDate: Thu May 12 21:35:13 2016 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=04dd7923 qa-checks: change "herd" to "maintainer" bin/install-qa-check.d/10executable-issues | 2 +- bin/install-qa-check.d/90gcc-warnings | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/install-qa-check.d/10executable-issues b/bin/install-qa-check.d/10executable-issues index 10d3c71..066f150 100644 --- a/bin/install-qa-check.d/10executable-issues +++ b/bin/install-qa-check.d/10executable-issues @@ -49,7 +49,7 @@ elf_check() { __vecho -ne '\n' eqawarn "QA Notice: The following files contain insecure RUNPATHs" eqawarn " Please file a bug about this at http://bugs.gentoo.org/; - eqawarn " with the maintaining herd of the package." + eqawarn " with the maintainer of the package." eqawarn "${f}${f:+${x:+\n}}${x}" __vecho -ne '\n' if [[ -n ${x} ]] || has stricter ${FEATURES} ; then diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index 43f9498..a160436 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -99,7 +99,7 @@ gcc_warn_check() { eerror "${f}" eerror eerror " Please file a bug about this at http://bugs.gentoo.org/; - eerror " with the maintaining herd of the package." + eerror " with the maintainer of the package." eerror else __vecho -ne '\n' @@ -137,7 +137,7 @@ gcc_warn_check() { eerror "${f}" eerror eerror " Please file a bug about this at http://bugs.gentoo.org/; - eerror " with the maintaining herd of the package." + eerror " with the maintainer of the package." eerror else __vecho -ne '\n'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 91e1dd94c1615bf97d5bc42dac4d64876919e768 Author: Mike Frysinger gentoo org> AuthorDate: Wed May 11 17:53:40 2016 + Commit: Mike Frysinger gentoo org> CommitDate: Wed May 11 17:53:40 2016 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=91e1dd94 qa: gcc-warnings: force text mode w/grep Newer versions of grep will flag non-ASCII output (e.g. UTF-8 encoded) as binary when run in the C locale. Force it into text mode to avoid that otherwise the QA warning is simply: * QA Notice: Package triggers severe warnings which indicate that it *may exhibit random runtime failures. * Binary file /var/log/portage/net-fs:netatalk-3.1.8:20160511-173717.log matches bin/install-qa-check.d/90gcc-warnings | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index bd82cab..43f9498 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -81,8 +81,10 @@ gcc_warn_check() { local grep_cmd=grep [[ $PORTAGE_LOG_FILE = *.gz ]] && grep_cmd=zgrep - # force C locale to work around slow unicode locales #160234 - f=$(LC_CTYPE=C LC_COLLATE=C "${grep_cmd}" -E "${joined_msgs}" "${PORTAGE_LOG_FILE}" | uniq) + # Force C locale to work around slow multibyte locales. #160234 + # Force text mode as newer grep will treat non-ASCII (e.g. UTF-8) as + # binary when we run in the C locale. + f=$(LC_CTYPE=C LC_COLLATE=C "${grep_cmd}" -E -a "${joined_msgs}" "${PORTAGE_LOG_FILE}" | uniq) if [[ -n ${f} ]] ; then abort="yes" # for now, don't make this fatal (see bug #337031)
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 97c7b4f967e2b43984ad948ad0d77e84a1a55016 Author: Mike Frysinger gentoo org> AuthorDate: Wed Nov 11 00:55:26 2015 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Nov 11 00:55:26 2015 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=97c7b4f9 checkbashisms: also flag echo -e/-n usage Since we don't require echo support the -e or -n flag, and we know some shells do not support them, make sure we flag them in our scripts too. bin/install-qa-check.d/60openrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/60openrc b/bin/install-qa-check.d/60openrc index 9b7fc6d..1e56b2f 100644 --- a/bin/install-qa-check.d/60openrc +++ b/bin/install-qa-check.d/60openrc @@ -24,7 +24,7 @@ openrc_check() { for i in "${ED}${d}"/* ; do [[ -e ${i} ]] || continue [[ -L ${i} ]] && continue - f=$("${checkbashisms}" -f "${i}" 2>&1) + f=$("${checkbashisms}" -n -f "${i}" 2>&1) [[ $? != 0 && -n ${f} ]] || continue eqawarn "QA Notice: shell script appears to use non-POSIX feature(s):" while read -r ;
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: efa5c5e7b7a5ef7b4533dfe3bd6befc767b7b34a Author: Mike Frysinger vapier AT chromium DOT org AuthorDate: Tue May 26 03:42:27 2015 + Commit: Mike Frysinger vapier AT gentoo DOT org CommitDate: Tue May 26 03:46:31 2015 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=efa5c5e7 install-qa-check.d: tweak scanelf checks Rather than have a function whose entire body is indented by a scanelf existence check, do the check at the top and return early. This keeps the indentation from getting too out of hand. (Use `git log -p -1 -w` to see actual changed lines.) bin/install-qa-check.d/10executable-issues | 248 +++-- bin/install-qa-check.d/80libraries | 130 +++ 2 files changed, 193 insertions(+), 185 deletions(-) diff --git a/bin/install-qa-check.d/10executable-issues b/bin/install-qa-check.d/10executable-issues index 5c80660..10d3c71 100644 --- a/bin/install-qa-check.d/10executable-issues +++ b/bin/install-qa-check.d/10executable-issues @@ -2,141 +2,143 @@ # text relocations, executable stacks elf_check() { - if type -P scanelf /dev/null ! has binchecks ${RESTRICT}; then - local insecure_rpath=0 tmp_quiet=${PORTAGE_QUIET} - local f x + if ! type -P scanelf /dev/null || has binchecks ${RESTRICT}; then + return + fi - # display warnings when using stricter because we die afterwards - if has stricter ${FEATURES} ; then - local PORTAGE_QUIET - fi + local insecure_rpath=0 tmp_quiet=${PORTAGE_QUIET} + local f x - # Make sure we disallow insecure RUNPATH/RPATHs. - # 1) References to PORTAGE_BUILDDIR are banned because it's a - # security risk. We don't want to load files from a - # temporary directory. - # 2) If ROOT != /, references to ROOT are banned because - # that directory won't exist on the target system. - # 3) Null paths are banned because the loader will search $PWD when - # it finds null paths. - local forbidden_dirs=${PORTAGE_BUILDDIR} - if [[ -n ${ROOT} ${ROOT} != / ]]; then - forbidden_dirs+= ${ROOT} - fi - local dir l rpath_files=$(scanelf -F '%F:%r' -qBR ${ED}) - f= - for dir in ${forbidden_dirs}; do - for l in $(echo ${rpath_files} | grep -E :${dir}|::|: ); do - f+= ${l%%:*}\n - if ! has stricter ${FEATURES}; then - __vecho Auto fixing rpaths for ${l%%:*} - TMPDIR=${dir} scanelf -BXr ${l%%:*} -o /dev/null - fi - done + # display warnings when using stricter because we die afterwards + if has stricter ${FEATURES} ; then + local PORTAGE_QUIET + fi + + # Make sure we disallow insecure RUNPATH/RPATHs. + # 1) References to PORTAGE_BUILDDIR are banned because it's a + # security risk. We don't want to load files from a + # temporary directory. + # 2) If ROOT != /, references to ROOT are banned because + # that directory won't exist on the target system. + # 3) Null paths are banned because the loader will search $PWD when + # it finds null paths. + local forbidden_dirs=${PORTAGE_BUILDDIR} + if [[ -n ${ROOT} ${ROOT} != / ]]; then + forbidden_dirs+= ${ROOT} + fi + local dir l rpath_files=$(scanelf -F '%F:%r' -qBR ${ED}) + f= + for dir in ${forbidden_dirs}; do + for l in $(echo ${rpath_files} | grep -E :${dir}|::|: ); do + f+= ${l%%:*}\n + if ! has stricter ${FEATURES}; then + __vecho Auto fixing rpaths for ${l%%:*} + TMPDIR=${dir} scanelf -BXr ${l%%:*} -o /dev/null + fi done + done - # Reject set*id binaries with $ORIGIN in RPATH #260331 - x=$( - find ${ED} -type f \( -perm -u+s -o -perm -g+s \) -print0 | \ - xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN' - ) + # Reject set*id binaries with $ORIGIN in RPATH #260331 + x=$( + find ${ED} -type f \( -perm -u+s -o -perm -g+s \) -print0 | \ + xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN' + ) - # Print QA notice. - if [[ -n ${f}${x} ]] ; then - __vecho -ne '\n' - eqawarn QA Notice: The following files contain insecure RUNPATHs -
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: aacade093c18940c34449f711576c86360056346 Author: Ryan Hill rhill AT gentoo DOT org AuthorDate: Mon May 4 05:04:41 2015 + Commit: Zac Medico zmedico AT gentoo DOT org CommitDate: Mon May 4 05:07:23 2015 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=aacade09 gcc_warn_check: filter grep results with uniq (bug 548438) X-Gentoo-Bug: 548438 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=548438 Acked-by: Brian Dolbec dolsen AT gentoo.org bin/install-qa-check.d/90gcc-warnings | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings index b18651e..bd82cab 100644 --- a/bin/install-qa-check.d/90gcc-warnings +++ b/bin/install-qa-check.d/90gcc-warnings @@ -82,7 +82,7 @@ gcc_warn_check() { [[ $PORTAGE_LOG_FILE = *.gz ]] grep_cmd=zgrep # force C locale to work around slow unicode locales #160234 - f=$(LC_CTYPE=C LC_COLLATE=C ${grep_cmd} -E ${joined_msgs} ${PORTAGE_LOG_FILE}) + f=$(LC_CTYPE=C LC_COLLATE=C ${grep_cmd} -E ${joined_msgs} ${PORTAGE_LOG_FILE} | uniq) if [[ -n ${f} ]] ; then abort=yes # for now, don't make this fatal (see bug #337031)
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 0946bbe9a216513679d74c682d9f82b4aacc93a9 Author: Michał Górny mgorny AT gentoo DOT org AuthorDate: Mon Apr 20 05:36:02 2015 + Commit: Michał Górny mgorny AT gentoo DOT org CommitDate: Mon Apr 20 05:36:02 2015 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=0946bbe9 Update URLs in Hardened QA checks bin/install-qa-check.d/10executable-issues | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/bin/install-qa-check.d/10executable-issues b/bin/install-qa-check.d/10executable-issues index f765749..5c80660 100644 --- a/bin/install-qa-check.d/10executable-issues +++ b/bin/install-qa-check.d/10executable-issues @@ -72,7 +72,10 @@ elf_check() { eqawarn work at startup, waste system resources, and may pose a security eqawarn risk. On some architectures, the code may not even function eqawarn properly, if at all. - eqawarn For more information, see http://hardened.gentoo.org/pic-fix-guide.xml; + eqawarn For more information, see: + eqawarn + eqawarn https://wiki.gentoo.org/wiki/Hardened/HOWTO_locate_and_fix_textrels; + eqawarn eqawarn Please include the following list of files in your report: eqawarn ${f} __vecho -ne '\n' @@ -86,7 +89,7 @@ elf_check() { *-linux-gnu*) # Check for files with executable stacks, but only on arches which # are supported at the moment. Keep this list in sync with - # http://www.gentoo.org/proj/en/hardened/gnu-stack.xml (Arch Status) + # https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart#Arch_Status case ${CTARGET:-${CHOST}} in arm*|i?86*|ia64*|m68k*|s390*|sh*|x86_64*) # Allow devs to mark things as ignorable ... e.g. things @@ -116,7 +119,10 @@ elf_check() { eqawarn Files with such sections will not work properly (or at all!) on some eqawarn architectures/operating systems. A bug should be filed at eqawarn http://bugs.gentoo.org/ to make sure the issue is fixed. - eqawarn For more information, see http://hardened.gentoo.org/gnu-stack.xml; + eqawarn For more information, see: + eqawarn + eqawarn https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart; + eqawarn eqawarn Please include the following list of files in your report: eqawarn Note: Bugs should be filed for the respective maintainers eqawarn of the package in question and not hardened@g.o.
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 64aae90b942edb4a51ac3eed13dbcbe3e20199fb Author: Michael Palimaka kensington AT gentoo DOT org AuthorDate: Fri Nov 21 16:50:40 2014 + Commit: Brian Dolbec brian.dolbec AT gmail DOT com CommitDate: Tue Dec 2 18:40:46 2014 + URL: http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=64aae90b install-qa-check.d/90world-writable: fix usage of missing function Fixes: 6dafdc28897682f7b8c77b7863b5713634974647 Subject: Remove __eqalog __eqawarnlog Author: Michał Górny mgorny AT gentoo.org (Sun 02 Nov 2014 11:16:04 AM PST) As per Zmedico: This file also contains an invalid IFS=OLDIFS setting (which should really be IFS=$OLDIFS). --- bin/install-qa-check.d/90world-writable | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/bin/install-qa-check.d/90world-writable b/bin/install-qa-check.d/90world-writable index 2b435ac..820683b 100644 --- a/bin/install-qa-check.d/90world-writable +++ b/bin/install-qa-check.d/90world-writable @@ -23,13 +23,12 @@ world_writable_check() { if [[ -n ${unsafe_files} ]] ; then eqawarn QA Notice: Unsafe files detected (set*id and world writable) - for x in $unsafe_files ; do - __eqawarnlog world-writable-setid $x - done + eqatag -v world-writable-setid $unsafe_files + die Unsafe files found in \${D}. Portage will not install them. fi - IFS=OLDIFS + IFS=$OLDIFS [[ ${prev_shopts} == *f* ]] || set +f }