[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 9728fbba80abeec5adad8ba6cf7580c16c039a45
Author: Eli Schwartz gmail com>
AuthorDate: Tue May 21 23:22:31 2024 +
Commit: Sam James gentoo org>
CommitDate: Wed May 22 16:56:31 2024 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=9728fbba
install-qa-checks.d: suppress some gnulib implicit decls on musl
These happen in tons of GNU packages because of using gnulib's regex.m4
specifically, which pulls in a macro that checks for some functionality
and spit out many implicit function declaration errors if regex.h isn't
GNU's specifically.
The compile tests do fail either way, it's just very dirty in the logs.
Bug: https://bugs.gentoo.org/906027
Signed-off-by: Eli Schwartz gmail.com>
Closes: https://github.com/gentoo/portage/pull/1327
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 12
1 file changed, 12 insertions(+)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index adea7d4051..8768c99c62 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -58,6 +58,18 @@ add_default_skips() {
# also gnulib, but checks both linux/non-linux headers
MIN
)
+ if [[ ${CHOST} = *musl* ]]; then
+ QA_CONFIG_IMPL_DECL_SKIP+=(
+ # gnulib checks for functions that aren't available on
musl.
+
+ # regex.m4 always emits these warnings, but they are
noisy to fix
+ # and the check will correctly fail due to missing
macros anyway.
+ re_set_syntax
+ re_compile_pattern
+ re_search
+ re_match
+ )
+ fi
}
find_log_targets() {
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 8256473c6a9fa93e7cf81c46fa920cd522507c21
Author: Eli Schwartz gmail com>
AuthorDate: Fri May 17 05:52:53 2024 +
Commit: Sam James gentoo org>
CommitDate: Fri May 17 06:28:24 2024 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=8256473c
install-qa-checks.d: suppress some gnulib implicit configure declarations
These happen in tons of GNU packages because of using gnulib, which
pulls in macros that check for some functionality and spit out an
implicit function declaration error if they aren't supported, which is
*expected*.
Bug: https://bugs.gentoo.org/906027
Signed-off-by: Eli Schwartz gmail.com>
Closes: https://github.com/gentoo/portage/pull/1323
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 9 +
1 file changed, 9 insertions(+)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index 7969dff175..adea7d4051 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -49,6 +49,15 @@ add_default_skips() {
res_ndestroy
statacl
)
+
+ QA_CONFIG_IMPL_DECL_SKIP+=(
+ # Available in c23, these gnulib checks are expected to fail
+ alignof
+ static_assert
+ unreachable
+ # also gnulib, but checks both linux/non-linux headers
+ MIN
+ )
}
find_log_targets() {
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 8bbdc814485d2990630d4217f68830fe1148801c
Author: Mike Gilbert gentoo org>
AuthorDate: Wed Apr 24 15:35:32 2024 +
Commit: Mike Gilbert gentoo org>
CommitDate: Wed Apr 24 15:35:32 2024 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=8bbdc814
Remove QA warning when no bash completions are found
This triggers unwanted warnings in at least two known cases.
Bug: https://bugs.gentoo.org/928599
Bug: https://bugs.gentoo.org/928869
Signed-off-by: Mike Gilbert gentoo.org>
bin/install-qa-check.d/60bash-completion | 3 ---
1 file changed, 3 deletions(-)
diff --git a/bin/install-qa-check.d/60bash-completion
b/bin/install-qa-check.d/60bash-completion
index 85573df0e5..d3cb52d1c1 100644
--- a/bin/install-qa-check.d/60bash-completion
+++ b/bin/install-qa-check.d/60bash-completion
@@ -77,9 +77,6 @@ bashcomp_check() {
fi
if [[ -z ${completions[@]} ]]; then
- qa_warnings+=(
- "${f##*/}: does not define any
completions (failed to source?)."
- )
continue
fi
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 9a06b7210562b8d03577cd4043227ea2023db1f2
Author: Sam James gentoo org>
AuthorDate: Sun Feb 25 08:13:28 2024 +
Commit: Sam James gentoo org>
CommitDate: Sun Feb 25 08:15:18 2024 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=9a06b721
bin/install-qa-check.d: 90gcc-warnings: drop GCC warnings with known (heavy) FPs
Drop -Wstringop-overflow, -Wstringop-overread, -Wstringop-truncation, -Waddress,
and -Wreturn-local-addr for now because they cause too many FPs.
We want only reliable warnings for this Portage QA check as we encourage people
to report these upstream.
Bug: https://gcc.gnu.org/PR88443
Bug: https://gcc.gnu.org/PR88781
Bug: https://gcc.gnu.org/PR93644
Bug: https://gcc.gnu.org/PR97048
Bug: https://gcc.gnu.org/PR103360
Bug: https://bugs.gentoo.org/925460
Signed-off-by: Sam James gentoo.org>
NEWS | 2 ++
bin/install-qa-check.d/90gcc-warnings | 18 --
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/NEWS b/NEWS
index 94be26de84..83be372043 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,8 @@ portage-3.0.63 (UNRELEASED)
Bug fixes:
* emerge: Skip installed packages with emptytree in depgraph selection (bug
#651018).
+* bin/install-qa-check.d: 90gcc-warnings: drop warnings with too many FPs (bug
#925460).
+
portage-3.0.62 (2024-02-22)
--
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 449bf23627..1060618dfa 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -44,9 +44,12 @@ gcc_warn_check() {
# those three do not have matching -W flags, it seems
'warning: .*will always overflow destination buffer'
# compile-time part of FORTIFY_SOURCE
- 'warning: .*\[-Wstringop-overflow\]'
- 'warning: .*\[-Wstringop-overread\]'
- 'warning: .*\[-Wstringop-truncation\]'
+ # XXX: Commented out because of gcc FPs
(https://gcc.gnu.org/PR88443)
+ #'warning: .*\[-Wstringop-overflow\]'
+ # XXX: Commented out because of gcc FPs
(https://gcc.gnu.org/PR97048)
+ #'warning: .*\[-Wstringop-overread\]'
+ # XXX: Commented out because of gcc FPs
(https://gcc.gnu.org/PR88781)
+ #'warning: .*\[-Wstringop-truncation\]'
# clang-only, equivalent of -Wstringop-overflow
'warning: .*\[-Wfortify-source\]'
'warning: .*assuming pointer wraparound does not occur'
@@ -68,7 +71,8 @@ gcc_warn_check() {
'warning: .*function.*\[-Wpointer-arith\]'
# the address of ... will never be NULL and likes
# (uses of function refs & string constants in
conditionals)
- 'warning: .*\[-Waddress\]'
+ # XXX: Commented out because of gcc FPs
(https://gcc.gnu.org/PR103360)
+ #'warning: .*\[-Waddress\]'
# TODO: we want to enable these but bash currently
triggers
# them with a trick in random.c where it intentionally
wants
@@ -95,7 +99,8 @@ gcc_warn_check() {
'warning: .*matching.*\[-Wformat=\]'
# function returns address of local variable
- 'warning: .*\[-Wreturn-local-addr\]'
+ # XXX: Commented out for bug #925460
(https://gcc.gnu.org/PR93644)
+ #'warning: .*\[-Wreturn-local-addr\]'
# missing return at end of function, or non-void return
in a void function
# (clang at least aggressively optimises on this)
'warning: .*\[-Wreturn-type\]'
@@ -123,7 +128,8 @@ gcc_warn_check() {
'warning: .*\[-Wodr\]'
# warning: argument value A will result in undefined
behaviour (Clang)
'warning: .*\[-Wargument-undefined-behaviour\]'
- 'warning: .*\[-Wnull-dereference\]'
+ # XXX: Commented out because of GCC FPs
(https://gcc.gnu.org/PR86172)
+ #'warning: .*\[-Wnull-dereference\]'
# general sensible warnings (will be rejected by modern
compilers soon)
'warning: .*\[-Wmain\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, bin/ebuild-helpers/
commit: d801ec255a6725775b5e3d672b8c00e9c0095200
Author: Agostino Sarubbo gentoo org>
AuthorDate: Fri Jan 26 11:14:48 2024 +
Commit: Sam James gentoo org>
CommitDate: Fri Feb 9 07:09:43 2024 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=d801ec25
bin: prefix eqawarn with 'QA Notice'
Bug: https://bugs.gentoo.org/728046
Signed-off-by: Agostino Sarubbo gentoo.org>
Closes: https://github.com/gentoo/portage/pull/1239
Signed-off-by: Sam James gentoo.org>
bin/ebuild-helpers/dohtml| 2 +-
bin/ebuild-helpers/fowners | 2 +-
bin/ebuild-helpers/fperms| 2 +-
bin/install-qa-check.d/05prefix | 6 +++---
bin/install-qa-check.d/60bash-completion | 4 ++--
bin/install-qa-check.d/90bad-bin-group-write | 2 +-
bin/install-qa-check.d/90bad-bin-owner | 2 +-
bin/install-qa-check.d/90cmake-warnings | 2 +-
bin/install-qa-check.d/90world-writable | 2 +-
bin/install-qa-check.d/95empty-dirs | 2 +-
10 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/bin/ebuild-helpers/dohtml b/bin/ebuild-helpers/dohtml
index 55339238e8..4d4efd496c 100755
--- a/bin/ebuild-helpers/dohtml
+++ b/bin/ebuild-helpers/dohtml
@@ -10,7 +10,7 @@ if ! ___eapi_has_dohtml; then
fi
if ___eapi_has_dohtml_deprecated; then
- eqawarn "'${0##*/}' is deprecated in EAPI '${EAPI}'"
+ eqawarn "QA Notice: '${0##*/}' is deprecated in EAPI '${EAPI}'"
fi
# Use safe cwd, avoiding unsafe import for bug #469338.
diff --git a/bin/ebuild-helpers/fowners b/bin/ebuild-helpers/fowners
index fa4e3c0d7f..d05094caba 100755
--- a/bin/ebuild-helpers/fowners
+++ b/bin/ebuild-helpers/fowners
@@ -21,7 +21,7 @@ for arg; do
args+=( "${ED%/}/${arg#/}" )
# remove the QA warning after 2024-12-31
if [[ ${arg:0:1} != / ]]; then
- eqawarn "${0##*/}: Path '${arg}' does not start with
'/'."
+ eqawarn "QA Notice: ${0##*/}: Path '${arg}' does not
start with '/'."
eqawarn "This is unsupported. Add a slash for a path in
\${ED},"
eqawarn "or use 'chown' for a path relative to the
working dir."
fi
diff --git a/bin/ebuild-helpers/fperms b/bin/ebuild-helpers/fperms
index d52f5a767e..16772d11f2 100755
--- a/bin/ebuild-helpers/fperms
+++ b/bin/ebuild-helpers/fperms
@@ -22,7 +22,7 @@ for arg; do
args+=( "${ED%/}/${arg#/}" )
# remove the QA warning after 2024-12-31
if [[ ${arg:0:1} != / ]]; then
- eqawarn "${0##*/}: Path '${arg}' does not start with
'/'."
+ eqawarn "QA Notice: ${0##*/}: Path '${arg}' does not
start with '/'."
eqawarn "This is unsupported. Add a slash for a path in
\${ED},"
eqawarn "or use 'chmod' for a path relative to the
working dir."
fi
diff --git a/bin/install-qa-check.d/05prefix b/bin/install-qa-check.d/05prefix
index 28f2c06afe..edbd6fab2f 100644
--- a/bin/install-qa-check.d/05prefix
+++ b/bin/install-qa-check.d/05prefix
@@ -71,7 +71,7 @@ install_qa_check_prefix() {
echo "${fn#${D}}:${line[0]} (explicit
EPREFIX but target not found)" \
>>
"${T}"/non-prefix-shebangs-errs
else
- eqawarn "${fn#${D}} has explicit
EPREFIX in shebang but target not found (${line[0]})"
+ eqawarn "QA Notice: ${fn#${D}} has
explicit EPREFIX in shebang but target not found (${line[0]})"
fi
fi
continue
@@ -81,7 +81,7 @@ install_qa_check_prefix() {
if [[ -e ${EROOT}${line[0]} || -e ${ED}${line[0]} ]] ;
then
# is it unprefixed, but we can just fix it
because a
# prefixed variant exists
- eqawarn "prefixing shebang of ${fn#${D}}"
+ eqawarn "QA Notice: prefixing shebang of
${fn#${D}}"
# statement is made idempotent on purpose,
because
# symlinks may point to the same target, and
hence the
# same real file may be sedded multiple times
since we
@@ -98,7 +98,7 @@ install_qa_check_prefix() {
# unprefixed/invalid shebang, but outside ${PATH}, this
may be
# intended (e.g. config.guess) so remain silent by
default
has stricter ${FEATURES} && \
- eqawarn "invalid shebang in ${fn#${D}}:
${line[0]}"
+ eqawarn "QA Notice: invalid shebang in
${fn#${D}}: ${line[0]}"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: da9e55236ef40ab4887415814c7f6ddd2abf083c
Author: Florian Schmaus gentoo org>
AuthorDate: Wed Jul 26 10:22:01 2023 +
Commit: Sam James gentoo org>
CommitDate: Sat Jul 29 03:55:20 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=da9e5523
install-qa-check.d/60openrc: be explicit about OpenRC
Be explicit that this is not some arbitrary shell script that is
checked by the QA check, but an OpenRC runscript.
Signed-off-by: Florian Schmaus gentoo.org>
Closes: https://github.com/gentoo/portage/pull/1074
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60openrc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/60openrc b/bin/install-qa-check.d/60openrc
index 0ab27f646..4d6199432 100644
--- a/bin/install-qa-check.d/60openrc
+++ b/bin/install-qa-check.d/60openrc
@@ -32,7 +32,7 @@ openrc_check() {
[[ -L ${i} ]] && continue
f=$("${checkbashisms}" -n -f "${i}" 2>&1)
[[ $? != 0 && -n ${f} ]] || continue
- eqawarn "QA Notice: shell script appears to use
non-POSIX feature(s):"
+ eqawarn "QA Notice: OpenRC shell script appears
to use non-POSIX feature(s):"
while read -r ;
do eqawarn " ${REPLY}"
done <<< "${f//${ED}}"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 6066bb766f43ca06a5b0f08baa5946ff678f0c29
Author: Benda Xu debian org>
AuthorDate: Sun Jun 25 09:03:00 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu Jun 29 08:22:53 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6066bb76
bin/install-qa-check.d/05prefix: prefixify init-script shebangs.
Init scripts in /etc/init.d have OpenRC shebangs "#!/sbin/openrc-run".
They should be prefixified like a executable script in a Prefix.
Signed-off-by: Benda Xu gentoo.org>
Bug: https://bugs.gentoo.org/640658
Closes: https://github.com/gentoo/portage/pull/1061
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/05prefix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/05prefix b/bin/install-qa-check.d/05prefix
index 7488ad9e4..28f2c06af 100644
--- a/bin/install-qa-check.d/05prefix
+++ b/bin/install-qa-check.d/05prefix
@@ -76,8 +76,8 @@ install_qa_check_prefix() {
fi
continue
fi
- # unprefixed shebang, is the script directly in ${PATH}?
- if [[ ":${PATH}:" == *":${fp}:"* ]] ; then
+ # unprefixed shebang, is the script directly in ${PATH} or an
init script?
+ if [[ ":${PATH}:${EPREFIX}/etc/init.d:" == *":${fp}:"* ]] ; then
if [[ -e ${EROOT}${line[0]} || -e ${ED}${line[0]} ]] ;
then
# is it unprefixed, but we can just fix it
because a
# prefixed variant exists
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 595a73259025589c65af837ce23d994523242d45
Author: Matt Turner gentoo org>
AuthorDate: Wed May 10 00:35:13 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu May 11 01:24:41 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=595a7325
install-qa-check.d/90config-impl-decl: Allow wildcards in
QA_CONFIG_IMPL_DECL_SKIP
This will enable us to ignore all __builtin_* functions, for example.
Signed-off-by: Matt Turner gentoo.org>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index 0e758e87d..7eb7dcff9 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -19,6 +19,18 @@
#
# See also: bug 892651
+# Same as the "has" function, but allows wildcards in the array
+is_in() {
+ local needle=$1
+ shift
+
+ local x
+ for x in "$@"; do
+ [[ "${needle}" = ${x} ]] && return 0
+ done
+ return 1
+}
+
find_log_targets() {
local log_targets=(
'config.log'
@@ -80,7 +92,7 @@ config_impl_decl_check() {
continue
fi
- has "${func}" "${QA_CONFIG_IMPL_DECL_SKIP[@]}" &&
continue
+ is_in "${func}" "${QA_CONFIG_IMPL_DECL_SKIP[@]}" &&
continue
files+=( "${l}" )
lines+=( "${line}" )
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e34b593e10a86ffc61d54f113729b3fb556b46c0
Author: Matt Turner gentoo org>
AuthorDate: Wed May 10 01:28:12 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu May 11 01:24:41 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e34b593e
install-qa-check.d/90config-impl-decl: Skip compiler built-ins
Bug: https://bugs.gentoo.org/879687
Bug: https://bugs.gentoo.org/898232
Signed-off-by: Matt Turner gentoo.org>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 13 +
1 file changed, 13 insertions(+)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index 7eb7dcff9..43be4222b 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -31,6 +31,17 @@ is_in() {
return 1
}
+add_default_skips() {
+ # Skip built-in functions provided by the compiler
+ QA_CONFIG_IMPL_DECL_SKIP+=(
+ "__builtin_*"
+ #
https://gcc.gnu.org/onlinedocs/gcc/_005f_005fsync-Builtins.html
+ "__sync_*"
+ #
https://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html
+ "__atomic_*"
+ )
+}
+
find_log_targets() {
local log_targets=(
'config.log'
@@ -68,6 +79,8 @@ config_impl_decl_check() {
local re_asc
local is_utf8
+ add_default_skips
+
# Given the UTF-8 character type, both gcc and clang may enclose the
# function name between the LEFT SINGLE QUOTATION MARK and RIGHT SINGLE
# QUOTATION MARK codepoints.
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 703199b7cf029be2a88ae1482f2d4089c9be957c
Author: Matt Turner gentoo org>
AuthorDate: Wed May 10 01:56:01 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu May 11 01:24:42 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=703199b7
install-qa-check.d/90config-impl-decl: Skip acl_get_perm_np on Linux
Seen in net-misc/rsync. It seems that at least Darwin, FreeBSD, and
NetBSD have this function.
Bug: https://bugs.gentoo.org/898366
Signed-off-by: Matt Turner gentoo.org>
Closes: https://github.com/gentoo/portage/pull/1034
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 1 +
1 file changed, 1 insertion(+)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index 068a7186f..7969dff17 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -44,6 +44,7 @@ add_default_skips() {
# Functions not available on Linux
[[ ${CHOST} == *linux* ]] && QA_CONFIG_IMPL_DECL_SKIP+=(
acl
+ acl_get_perm_np
res_getservers
res_ndestroy
statacl
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: b945f1ecd17c492f08d79e5927003b97ec41db5e
Author: Matt Turner gentoo org>
AuthorDate: Wed May 10 01:47:04 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu May 11 01:24:42 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=b945f1ec
install-qa-check.d/90config-impl-decl: Skip res_getservers on Linux
Seen in app-emulation/wine-*. It seems that at least Darwin, NetBSD, and
Solaris have this function.
Signed-off-by: Matt Turner gentoo.org>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 1 +
1 file changed, 1 insertion(+)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index 4e9494931..9950ac934 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -43,6 +43,7 @@ add_default_skips() {
# Functions not available on Linux
[[ ${CHOST} == *linux* ]] && QA_CONFIG_IMPL_DECL_SKIP+=(
+ res_getservers
res_ndestroy
)
}
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4f02695138a577e162e731f34cdc3eb9e9391e21
Author: Matt Turner gentoo org>
AuthorDate: Wed May 10 01:44:04 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu May 11 01:24:42 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4f026951
install-qa-check.d/90config-impl-decl: Skip acl & statacl on Linux
Seen in app-editors/vim.
Bug: https://bugs.gentoo.org/898450
Signed-off-by: Matt Turner gentoo.org>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index 9950ac934..068a7186f 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -43,8 +43,10 @@ add_default_skips() {
# Functions not available on Linux
[[ ${CHOST} == *linux* ]] && QA_CONFIG_IMPL_DECL_SKIP+=(
+ acl
res_getservers
res_ndestroy
+ statacl
)
}
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a478b4c427cfc51188ec9273952ad498de95a39f
Author: Matt Turner gentoo org>
AuthorDate: Wed May 10 01:35:54 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu May 11 01:24:41 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a478b4c4
install-qa-check.d/90config-impl-decl: Skip res_ndestroy on Linux
Seen in dev-libs/glib. It seems that at least Darwin, FreeBSD, OpenBSD,
NetBSD, and Solaris have this function.
Bug: https://bugs.gentoo.org/898232
Signed-off-by: Matt Turner gentoo.org>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 5 +
1 file changed, 5 insertions(+)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index 43be4222b..4e9494931 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -40,6 +40,11 @@ add_default_skips() {
#
https://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html
"__atomic_*"
)
+
+ # Functions not available on Linux
+ [[ ${CHOST} == *linux* ]] && QA_CONFIG_IMPL_DECL_SKIP+=(
+ res_ndestroy
+ )
}
find_log_targets() {
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: 6a21e8643a56f91c724f23d652fb43ead5c1e2af
Author: Michał Górny gentoo org>
AuthorDate: Wed Apr 19 14:27:42 2023 +
Commit: Sam James gentoo org>
CommitDate: Sun Apr 23 20:49:26 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6a21e864
install-qa-check.d: Add a install log check for missing dev-python/cython dep
Signed-off-by: Michał Górny gentoo.org>
Closes: https://github.com/gentoo/portage/pull/1024
Signed-off-by: Sam James gentoo.org>
NEWS| 2 ++
bin/install-qa-check.d/90cython-dep | 45 +
2 files changed, 47 insertions(+)
diff --git a/NEWS b/NEWS
index e60262509..50d96402c 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,8 @@ Features:
- -Wmain
- -Wimplicit-int
- -Wstring-compare
+* install-qa-check.d: cython-dep: Report packages that are using Cython
+ but are missing BDEPEND on it.
Bug fixes:
* econf now checks for proper end of string in "configure --help" output for
diff --git a/bin/install-qa-check.d/90cython-dep
b/bin/install-qa-check.d/90cython-dep
new file mode 100644
index 0..4932c0242
--- /dev/null
+++ b/bin/install-qa-check.d/90cython-dep
@@ -0,0 +1,45 @@
+# Check for missing dev-python/cython dep based on output
+# from setuptools cythonize() support
+
+cython_dep_check() {
+ [[ ${CATEGORY}/${PN} == dev-python/cython ]] && return
+ # grepping log files is expensive, so do it only for ebuilds using
+ # distutils-r1
+ has distutils-r1 ${INHERITED} || return
+ [[ ${BDEPEND} == *dev-python/cython* ]] && return
+
+ # Evaluate misc gcc warnings
+ if [[ -n ${PORTAGE_LOG_FILE} && -r ${PORTAGE_LOG_FILE} ]] ; then
+ # In debug mode, the grep calls will produce false positives
+ # if they're shown in the trace.
+ local reset_debug=0
+ if [[ ${-/x/} != $- ]] ; then
+ set +x
+ reset_debug=1
+ fi
+
+ local grep_cmd=grep
+ [[ ${PORTAGE_LOG_FILE} = *.gz ]] && grep_cmd=zgrep
+
+ # Force C locale to work around slow multibyte locales, bug
#160234
+ # Force text mode as newer grep will treat non-ASCII (e.g.
UTF-8) as
+ # binary when we run in the C locale.
+ local f=$(
+ LC_CTYPE=C LC_COLLATE=C "${grep_cmd}" -a "Cythonizing" \
+ "${PORTAGE_LOG_FILE}" | uniq
+ )
+ if [[ -n ${f} ]] ; then
+ __vecho -ne '\n'
+ eqawarn "QA Notice: Package seems to be missing a
BDEPEND on dev-python/cython."
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ fi
+
+ [[ ${reset_debug} = 1 ]] && set -x
+ fi
+}
+
+cython_dep_check
+: # guarantee successful exit
+
+# vim:ft=sh
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: e9eb2f7b8b25559b555c0ec8806b602e486753de
Author: Sam James gentoo org>
AuthorDate: Fri Apr 7 10:39:53 2023 +
Commit: Sam James gentoo org>
CommitDate: Fri Apr 7 10:41:46 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e9eb2f7b
bin/install-qa-check.d/90gcc-warnings: add more warnings
These are all indicative of possible runtime issues.
Signed-off-by: Sam James gentoo.org>
NEWS | 15 +++
bin/install-qa-check.d/90gcc-warnings | 9 +
2 files changed, 24 insertions(+)
diff --git a/NEWS b/NEWS
index 0361e6ac6..3dfaf2a09 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,18 @@
+portage-3.0.47 (UNRELEASED)
+---
+
+Features:
+* install-qa-check.d: 90gcc-warnings: Add additional code quality warnings:
+ - -Wrestrict
+ - -Wstringop-overread
+ - -Wstringop-truncation
+ - -Wformat-truncation
+ - -Wcast-function-type
+ - -Wnull-dereference
+ - -Wmain
+ - -Wimplicit-int
+ - -Wstring-compare
+
portage-3.0.46 (2023-04-07)
---
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index dbfbc4a9a..449bf2362 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -19,6 +19,7 @@ gcc_warn_check() {
# only will and does, no might :)
'warning: .*will.*\[-Wstrict-aliasing\]'
'warning: .*does.*\[-Wstrict-aliasing\]'
+ 'warning: .*\[-Wrestrict\]'
# strict aliasing violation in C++ (Clang)
'warning: .*\[-Wundefined-reinterpret-cast\]'
@@ -44,6 +45,8 @@ gcc_warn_check() {
'warning: .*will always overflow destination buffer'
# compile-time part of FORTIFY_SOURCE
'warning: .*\[-Wstringop-overflow\]'
+ 'warning: .*\[-Wstringop-overread\]'
+ 'warning: .*\[-Wstringop-truncation\]'
# clang-only, equivalent of -Wstringop-overflow
'warning: .*\[-Wfortify-source\]'
'warning: .*assuming pointer wraparound does not occur'
@@ -86,6 +89,7 @@ gcc_warn_check() {
# -Wformat variants
'warning: .*too few arguments for format'
'warning: .*missing sentinel in function
call.*\[-Wformat=\]'
+ 'warning: .*\[-Wformat-truncation\]'
# format ... expects a matching ... argument
# (iow, too few arguments for format in new wording :))
'warning: .*matching.*\[-Wformat=\]'
@@ -104,6 +108,8 @@ gcc_warn_check() {
# more specific form of -Wincompatible-pointer-types
(Clang)
'warning: .*\[-Wincompatible-function-pointer-types\]'
# these will fail with CFI
(https://reviews.llvm.org/D134831)
+ # (gcc lacks -strict)
+ #'warning: .*\[-Wcast-function-type\]'
'warning: .*\[-Wcast-function-type-strict\]'
# using wrong deallocator, e.g. using free() on object
allocated using my_malloc()
# when my_malloc() is annotated as needing my_free().
@@ -117,9 +123,12 @@ gcc_warn_check() {
'warning: .*\[-Wodr\]'
# warning: argument value A will result in undefined
behaviour (Clang)
'warning: .*\[-Wargument-undefined-behaviour\]'
+ 'warning: .*\[-Wnull-dereference\]'
# general sensible warnings (will be rejected by modern
compilers soon)
+ 'warning: .*\[-Wmain\]'
'warning: .*\[-Wimplicit-int\]'
+ 'warning: .*\[-Wstring-compare\]'
# this may be valid code :/
#': warning: multi-character character constant'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 6642bdf54d071d7b93b3f6fb4bc24df4075c8de1
Author: Sam James gentoo org>
AuthorDate: Fri Apr 7 10:39:06 2023 +
Commit: Sam James gentoo org>
CommitDate: Fri Apr 7 10:39:06 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6642bdf5
bin/install-qa-check.d/90gcc-warnings: add -Wimplicit-int
This will be rejected by modern compilers soon:
https://wiki.gentoo.org/wiki/Modern_C_porting.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 3 +++
1 file changed, 3 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 431cc7639..dbfbc4a9a 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -118,6 +118,9 @@ gcc_warn_check() {
# warning: argument value A will result in undefined
behaviour (Clang)
'warning: .*\[-Wargument-undefined-behaviour\]'
+ # general sensible warnings (will be rejected by modern
compilers soon)
+ 'warning: .*\[-Wimplicit-int\]'
+
# this may be valid code :/
#': warning: multi-character character constant'
# need to check these two ...
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: eca90b6049a9ce42ec6868f64abcab403c9f4190
Author: Sam James gentoo org>
AuthorDate: Tue Feb 28 03:10:26 2023 +
Commit: Sam James gentoo org>
CommitDate: Tue Feb 28 03:10:26 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=eca90b60
install-qa-check.d/90config-impl-decl: prefix warning with 'QA Notice'
... so tinderboxes can pick it up more easily.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index d1bc0e067..0e758e87d 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -92,12 +92,13 @@ config_impl_decl_check() {
# Drop out early if no impl decls found (all the arrays are the same
size)
[[ ${#files[@]} -eq 0 ]] && return
- eqawarn 'Found the following implicit function declarations in
configure logs:'
+ eqawarn 'QA Notice: Found the following implicit function declarations
in configure logs:'
for l in "${!files[@]}"; do
eqawarn " ${files[l]}:${lines[l]} - ${funcs[l]}"
eqatag 'config.log-impl-decl' "line=${lines[l]}"
"func=${funcs[l]}" "${files[l]}"
done
eqawarn 'Check that no features were accidentally disabled.'
+ eqawarn 'See https://wiki.gentoo.org/wiki/Modern_C_porting.'
}
config_impl_decl_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: b846c59c1e2ad80163745de024154cbe845fedaa
Author: Oskari Pirhonen gmail com>
AuthorDate: Mon Feb 27 02:05:39 2023 +
Commit: Sam James gentoo org>
CommitDate: Mon Feb 27 04:43:48 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=b846c59c
90config-impl-decl: bug fixes
- Match "-Werror=impl..." from gcc
- Use separate RE to check for UTF-8 and ASCII quoting when extracting
the function name
Signed-off-by: Oskari Pirhonen gmail.com>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 31 +--
1 file changed, 25 insertions(+), 6 deletions(-)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
index 2fb8307ea..d1bc0e067 100644
--- a/bin/install-qa-check.d/90config-impl-decl
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -38,6 +38,12 @@ find_log_targets() {
find -files0-from - -type f \( "${find_args[@]}" \) -print0
}
+has_utf8_ctype() {
+ # Use python to check if the locale is UTF-8 since tools like locale(1)
may
+ # not exist (eg, musl systems).
+ [[ "$("${PORTAGE_PYTHON:-/usr/bin/python}" -c 'import locale;
print(locale.getlocale()[1])')" == UTF-8 ]]
+}
+
config_impl_decl_check() {
local files=()
local lines=()
@@ -46,19 +52,32 @@ config_impl_decl_check() {
local entry
local line
local func
- local re=" function '([[:print:]]+)'"
+ local re_uni
+ local re_asc
+ local is_utf8
+
+ # Given the UTF-8 character type, both gcc and clang may enclose the
+ # function name between the LEFT SINGLE QUOTATION MARK and RIGHT SINGLE
+ # QUOTATION MARK codepoints.
+ re_uni=$' function \u2018([^\u2019]+)\u2019'
+
+ # This variant matches ASCII single quotes.
+ re_asc=$' function \x27([^\x27]+)\x27'
+
+ # Is UTF-8 the effective character type?
+ has_utf8_ctype; is_utf8=$(( $? == 0 ))
# Iterate over every log file found and check for
'-Wimplicit-function-declaration'
while IFS= read -rd '' l; do
while IFS= read -ru3 entry; do
# Strip ANSI codes (color and erase in line have been
seen at least)
- entry="$(printf '%s\n' "${entry}" | sed -E -e
$'s/\033\[[0-9;]*[A-Za-z]//g')"
+ entry="$(printf '%s\n' "${entry}" | LC_ALL='C' sed -E
-e $'s/\033\[[0-9;]*[A-Za-z]//g')"
line="${entry%%:*}"
- # This conditional should always be true unless
compiler warnings
- # get drastically changed
- if [[ ${entry} =~ ${re} ]]; then
+ if [[ ${is_utf8} -eq 1 && ${entry} =~ ${re_uni} ]] ||
[[ ${entry} =~ ${re_asc} ]]; then
func="${BASH_REMATCH[1]}"
+ else
+ continue
fi
has "${func}" "${QA_CONFIG_IMPL_DECL_SKIP[@]}" &&
continue
@@ -67,7 +86,7 @@ config_impl_decl_check() {
lines+=( "${line}" )
funcs+=( "${func}" )
# Using -I to ignore binary files is a GNU extension for grep
- done 3< <(grep -nEI -e '-Wimplicit-function-declaration' "${l}")
+ done 3< <(grep -nEI -e
'-W(error=)?implicit-function-declaration' "${l}")
done < <(find_log_targets)
# Drop out early if no impl decls found (all the arrays are the same
size)
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: dc1e8d7b9ad8f7253fa14e068547b63b14c829b7
Author: Oskari Pirhonen gmail com>
AuthorDate: Wed Feb 1 04:32:20 2023 +
Commit: Sam James gentoo org>
CommitDate: Sun Feb 26 20:22:42 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=dc1e8d7b
install-qa-check.d/90config-impl-decl: check config log for warnings
Check for -Wimplicit-function-declaration in:
- config.log
- CMakeError.log
- meson-log.txt
and log the config log, line number, and function name on-screen and in
qa.log under the tag 'config.log-impl-decl'. In ebuilds, use the
`QA_CONFIG_IMPL_DECL_SKIP` array to skip false positives.
Closes: https://bugs.gentoo.org/892651
Signed-off-by: Oskari Pirhonen gmail.com>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90config-impl-decl | 87 +++
1 file changed, 87 insertions(+)
diff --git a/bin/install-qa-check.d/90config-impl-decl
b/bin/install-qa-check.d/90config-impl-decl
new file mode 100644
index 0..2fb8307ea
--- /dev/null
+++ b/bin/install-qa-check.d/90config-impl-decl
@@ -0,0 +1,87 @@
+# Check for implicit function declaration warnings in configure logs
+#
+# ebuilds should set the QA_CONFIG_IMPL_DECL_SKIP array to skip known false
+# positives.
+#
+# Some examples of logs to look for:
+# bash: work/bash-5.1/config.log
+# ^--- easy
+# python: work/Python-3.10.9/config.log
+# ^--- easy
+# gcc: work/build/config.log
+# ^--- can be out-of-tree
+# clang: work/x/y/clang-abi_x86_64.amd64/CMakeFiles/CMakeError.log
+#^--- can be non-autotools (and very deep)
+# systemd-utils:
work/systemd-stable-251.10-abi_x86_64.amd64/meson-logs/meson-log.txt
+#^--- can be non-autotools
+#
+# Adapted from macports portconfigure.tcl with love.
+#
+# See also: bug 892651
+
+find_log_targets() {
+ local log_targets=(
+ 'config.log'
+ 'CMakeError.log'
+ 'meson-log.txt'
+ )
+ local find_args=()
+ local log
+
+ # Find config logs. Assume the dirs can have spaces in them, even though
+ # that is hella evil and goes against good filesystem manners!
+ for log in "${log_targets[@]}"; do
+ find_args+=( '-name' "${log}" '-o' )
+ done
+ unset -v 'find_args[-1]'
+ printf '%s\0' "${WORKDIR}" |
+ find -files0-from - -type f \( "${find_args[@]}" \) -print0
+}
+
+config_impl_decl_check() {
+ local files=()
+ local lines=()
+ local funcs=()
+ local l
+ local entry
+ local line
+ local func
+ local re=" function '([[:print:]]+)'"
+
+ # Iterate over every log file found and check for
'-Wimplicit-function-declaration'
+ while IFS= read -rd '' l; do
+ while IFS= read -ru3 entry; do
+ # Strip ANSI codes (color and erase in line have been
seen at least)
+ entry="$(printf '%s\n' "${entry}" | sed -E -e
$'s/\033\[[0-9;]*[A-Za-z]//g')"
+
+ line="${entry%%:*}"
+ # This conditional should always be true unless
compiler warnings
+ # get drastically changed
+ if [[ ${entry} =~ ${re} ]]; then
+ func="${BASH_REMATCH[1]}"
+ fi
+
+ has "${func}" "${QA_CONFIG_IMPL_DECL_SKIP[@]}" &&
continue
+
+ files+=( "${l}" )
+ lines+=( "${line}" )
+ funcs+=( "${func}" )
+ # Using -I to ignore binary files is a GNU extension for grep
+ done 3< <(grep -nEI -e '-Wimplicit-function-declaration' "${l}")
+ done < <(find_log_targets)
+
+ # Drop out early if no impl decls found (all the arrays are the same
size)
+ [[ ${#files[@]} -eq 0 ]] && return
+
+ eqawarn 'Found the following implicit function declarations in
configure logs:'
+ for l in "${!files[@]}"; do
+ eqawarn " ${files[l]}:${lines[l]} - ${funcs[l]}"
+ eqatag 'config.log-impl-decl' "line=${lines[l]}"
"func=${funcs[l]}" "${files[l]}"
+ done
+ eqawarn 'Check that no features were accidentally disabled.'
+}
+
+config_impl_decl_check
+: # guarantee successful exit
+
+# vim:ft=sh noexpandtab:
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: bd6e366894615fc7b2c7faafca666933ad850340
Author: Florian Schmaus gentoo org>
AuthorDate: Sun Feb 19 09:04:21 2023 +
Commit: Sam James gentoo org>
CommitDate: Sun Feb 19 12:22:58 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=bd6e3668
install-qa-check.d/60pkgconfig: fix eapi_has_version_functions call
The function is prefixed with three three underscores, not two.
Fixes: f0d4e696f82d ("install-qa-check.d/60pkgconfig: conditionally source
eapi7-ver-funcs.sh")
Signed-off-by: Florian Schmaus gentoo.org>
Closes: https://github.com/gentoo/portage/pull/990
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 625b22c9e..acbee4df1 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -1,7 +1,7 @@
# Check for pkg-config file issues
# Ensure that ver_test is available.
-if ! __eapi_has_version_functions; then
+if ! ___eapi_has_version_functions; then
source "${PORTAGE_BIN_PATH}/eapi7-ver-funcs.sh" || exit 1
fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: f0d4e696f82d989371360d7e4d8df6e2ff1f6bd2
Author: Florian Schmaus gentoo org>
AuthorDate: Mon Aug 15 07:14:14 2022 +
Commit: Sam James gentoo org>
CommitDate: Fri Feb 17 09:12:03 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=f0d4e696
install-qa-check.d/60pkgconfig: conditionally source eapi7-ver-funcs.sh
To make ver_test available, source eapi7-ver-funcs.sh instead of
inherting eapi7-ver. This makes the check available for ebuild
repositories that do not have ::gentoo as main repository.
Suggested-by: Arfrever Frehtes Taifersar Arahesis apache.org>
Signed-off-by: Florian Schmaus gentoo.org>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 6ecbcabfd..5d5b6d611 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -1,5 +1,10 @@
# Check for pkg-config file issues
+# Ensure that ver_test is available.
+if ! __eapi_has_version_functions; then
+ source "${PORTAGE_BIN_PATH}/eapi7-ver-funcs.sh" || exit 1
+fi
+
pkgconfig_check() {
local files=()
# Make a list of .pc files and bail out if there aren't any
@@ -108,8 +113,6 @@ pkgconfig_check() {
local is_pms_ver=false
if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then
- # Ensure that ver_test is available.
- [[ $(type -t ver_test) == function ]] || inherit
eapi7-ver
is_pms_ver=true
fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 7b00b5aa8c68942cdb9e751a9eeaa8b7795387f0
Author: Florian Schmaus gentoo org>
AuthorDate: Thu Dec 22 07:59:14 2022 +
Commit: Sam James gentoo org>
CommitDate: Fri Feb 17 09:12:03 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=7b00b5aa
Revert "bin/install-qa-check.d: drop QA_PKGCONFIG_VERSION checks from
60pkgconfig"
This reverts commit 772fdceea5f148d9bb5fd6c87ffd48f87ca93bab.
Signed-off-by: Florian Schmaus gentoo.org>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 60 ++
1 file changed, 60 insertions(+)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index c982dbdf4..6ecbcabfd 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -88,6 +88,66 @@ pkgconfig_check() {
eqawarn "(contains reference to either lib or lib64 in wrong
directory)"
eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}"
fi
+
+ # Check for mismatched Version field vs ${PV}
+ # To be safe, let's make sure _all_ installed .pcs have a bad Version
+ # before warning, as this should catch the general cases we're worried
+ # about, while avoiding any pathological cases e.g. multiple libraries
+ # with different versioning within one package.
+ # Example bugs: bug #833895, bug #833887.
+
+ # Default to PV if QA_PKGCONFIG_VERSION is unset.
+ if [[ -z ${QA_PKGCONFIG_VERSION+set} ]]; then
+ local QA_PKGCONFIG_VERSION=${PV}
+ fi
+
+ # Skip the check if QA_PKGCONFIG_VERSION is set to empty string.
+ if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then
+ local
pms_ver_re="^([0-9]+(\.[0-9]+)*)([a-z]?)((_(alpha|beta|pre|rc|p)[0-9]*)*)(-r[0-9]+)?$"
+ local -A bad_files
+
+ local is_pms_ver=false
+ if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then
+ # Ensure that ver_test is available.
+ [[ $(type -t ver_test) == function ]] || inherit
eapi7-ver
+ is_pms_ver=true
+ fi
+
+ for f in "${files[@]}" ; do
+ local file_version=$(pkg-config --modversion "${f}")
+ if [[ -n ${file_version} ]] ; then
+ if ${is_pms_ver} && [[ ${file_version} =~
${pms_ver_re} ]]; then
+ # If both versions comply to PMS, then
we can use ver_test to compare them.
+ ver_test ${QA_PKGCONFIG_VERSION} -eq
${file_version} && continue
+ else
+ # Otherwise, we resort to string
comparision.
+ [[ ${QA_PKGCONFIG_VERSION} ==
${file_version} ]] && continue
+ fi
+ else
+ # Record a special value if the .pc file has no
version set at all.
+ file_version=""
+ fi
+
+ bad_files["${f//${D}}"]="${file_version}"
+ done
+
+ # Skip result reporting if *_p* because for both _pN and _preN,
we
+ # don't generally expect the versions to be exactly accurate,
and
+ # we want to avoid false positives.
+ if [[ ${#bad_files[@]} -gt 0 && ${PV} != *_p* ]] && ! has live
${PROPERTIES} ; then
+ eqawarn "QA Notice: pkg-config files with mismatched
Version found!"
+ eqawarn "The Version field of the following files does
not match ${PV}"
+ local bad_file
+ for bad_file in "${!bad_files[@]}"; do
+ local
bad_file_version="${bad_files[${bad_file}]}"
+ eqawarn "- ${bad_file}: ${bad_file_version}"
+ done
+ eqawarn "Please check all .pc files installed by this
package."
+ eqawarn "You can use QA_PKGCONFIG_VERSION to set the
expected version,"
+ eqawarn "or set to the empty string to disable this QA
check."
+ eqatag pkgconfig.unexpected-version ${!bad_files[@]}
+ fi
+ fi
}
pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, man/, /
commit: 38de354cd5f8e9216792cd084c39d688925a9ee9
Author: Florian Schmaus gentoo org>
AuthorDate: Thu Dec 22 08:14:38 2022 +
Commit: Sam James gentoo org>
CommitDate: Fri Feb 17 09:12:03 2023 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=38de354c
install-qa-check.d/60pkgconfig: make QA_PKGCONFIG_VERSION opt-in
Signed-off-by: Florian Schmaus gentoo.org>
Closes: https://github.com/gentoo/portage/pull/889
Signed-off-by: Sam James gentoo.org>
NEWS | 2 ++
bin/install-qa-check.d/60pkgconfig | 15 +--
man/ebuild.5 | 6 ++
3 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/NEWS b/NEWS
index b1f317ce3..7e2ce9f41 100644
--- a/NEWS
+++ b/NEWS
@@ -130,6 +130,8 @@ Features:
* sync: git: run 'git clean' in git repositories if they are marked as
non-volatile.
+* install-qa-check.d: 60pkgconfig: add opt-in QA_PKGCONFIG_VERSION check
+
Bug fixes:
* glsa: Abort if a GLSA's arch list doesn't match the expected format (bug
#882797).
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 5d5b6d611..625b22c9e 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -94,19 +94,16 @@ pkgconfig_check() {
eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}"
fi
- # Check for mismatched Version field vs ${PV}
+ # Check for mismatched .pc Version field vs ${PV}. As this check
+ # initially caused false-positives, i.e., reports of a mismatch
+ # where the mismatch was intentional, it is now an opt-in check.
# To be safe, let's make sure _all_ installed .pcs have a bad Version
# before warning, as this should catch the general cases we're worried
# about, while avoiding any pathological cases e.g. multiple libraries
# with different versioning within one package.
# Example bugs: bug #833895, bug #833887.
- # Default to PV if QA_PKGCONFIG_VERSION is unset.
- if [[ -z ${QA_PKGCONFIG_VERSION+set} ]]; then
- local QA_PKGCONFIG_VERSION=${PV}
- fi
-
- # Skip the check if QA_PKGCONFIG_VERSION is set to empty string.
+ # Skip the check if QA_PKGCONFIG_VERSION is not set.
if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then
local
pms_ver_re="^([0-9]+(\.[0-9]+)*)([a-z]?)((_(alpha|beta|pre|rc|p)[0-9]*)*)(-r[0-9]+)?$"
local -A bad_files
@@ -139,15 +136,13 @@ pkgconfig_check() {
# we want to avoid false positives.
if [[ ${#bad_files[@]} -gt 0 && ${PV} != *_p* ]] && ! has live
${PROPERTIES} ; then
eqawarn "QA Notice: pkg-config files with mismatched
Version found!"
- eqawarn "The Version field of the following files does
not match ${PV}"
+ eqawarn "The Version field of the following files does
not match ${QA_PKGCONFIG_VERSION}"
local bad_file
for bad_file in "${!bad_files[@]}"; do
local
bad_file_version="${bad_files[${bad_file}]}"
eqawarn "- ${bad_file}: ${bad_file_version}"
done
eqawarn "Please check all .pc files installed by this
package."
- eqawarn "You can use QA_PKGCONFIG_VERSION to set the
expected version,"
- eqawarn "or set to the empty string to disable this QA
check."
eqatag pkgconfig.unexpected-version ${!bad_files[@]}
fi
fi
diff --git a/man/ebuild.5 b/man/ebuild.5
index 186a3ac3f..decef8399 100644
--- a/man/ebuild.5
+++ b/man/ebuild.5
@@ -910,6 +910,12 @@ expressions with escape\-quoted special characters.
This should contain a list of file paths, relative to the image directory, of
desktop files which should not be validated. The paths may contain regular
expressions with escape\-quoted special characters.
+.TP
+.B QA_PKGCONFIG_VERSION
+If set, then portage verifies that all pkg-config .pc files have a Version
field
+with the value of QA_PKGCONFIG_VERSION. For example, set
+\fIQA_PKGCONFIG_VERSION=${PV}\fR if your package is expected to install all
+pkg-config .pc files with a Version field containing PV.
.SH "PORTAGE DECLARATIONS"
.TP
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: ddaf25365f74227dc581b9e2c38b0c0cc9c6d6b5
Author: Oskari Pirhonen gmail com>
AuthorDate: Mon Dec 5 01:22:07 2022 +
Commit: Sam James gentoo org>
CommitDate: Sat Dec 10 01:46:43 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ddaf2536
install-qa-check.d/60pkgconfig: remove PCRE
The pattern in question works with both `grep -P` and `grep -E`, prefer
the latter to avoid having to check if grep is built with PCRE support.
'=(/usr)?/lib\b'
Bug: https://bugs.gentoo.org/884285
Signed-off-by: Oskari Pirhonen gmail.com>
Closes: https://github.com/gentoo/portage/pull/957
Signed-off-by: Sam James gentoo.org>
NEWS | 2 ++
bin/install-qa-check.d/60pkgconfig | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index ea9967d0f..8f4983e06 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@ Features:
Bug fixes:
* glsa: Abort if a GLSA's arch list doesn't match the expected format (bug
#882797).
+* install-qa-check.d: 60pkgconfig: avoid using grep -P (PCRE) unnecessarily
(bug #884285).
+
* etc-update: Apply defences for patsub_replacement being default on in Bash
5.2
(bug #881383).
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index f44ec232a..c982dbdf4 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -77,7 +77,7 @@ pkgconfig_check() {
fi
elif [[ ${f} == *lib64/pkgconfig* ]] ; then
# We want to match /lib/, /lib/foo/, but not e.g.
/lib64 or /lib64/, or libfoo
- if grep -qP '=(/usr)?/lib\b' ${f} ; then
+ if grep -E -q '=(/usr)?/lib\b' ${f} ; then
bad_libdir+=( "${f//${D}}" )
fi
fi
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 0fdbbbdb5a80e331adf701f2b2c1f096695447c4
Author: Sam James gentoo org>
AuthorDate: Sun Nov 20 23:32:08 2022 +
Commit: Sam James gentoo org>
CommitDate: Sun Nov 20 23:33:43 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=0fdbbbdb
install-qa-check.d/90gcc-warnings: don't make implicit func decls fatal for now
We need to do this at some point (as Clang 16 and GCC 14 are doing it, and
they indicate runtime problems anyway), but there's too much breakage for now.
We did find some extra bugs though. The main issue is too much high-profile
stuff breaks rather than the total number of bugs, wrt Portage behaviour
changing being suitable or not.
Bug: https://bugs.gentoo.org/870412
Signed-off-by: Sam James gentoo.org>
NEWS | 4
bin/install-qa-check.d/90gcc-warnings | 7 ---
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/NEWS b/NEWS
index 7b97f2a86..28f482350 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,10 @@ Bug fixes:
* Fix DeprecationWarning in sets.
+* install-qa-check.d: 90gcc-warnigns: Disable -Wimplicit-function-declaration
being
+ fatal for now. The number of failures in bug #870412 is too large for the
time
+ being.
+
portage-3.0.39 (2022-11-20)
--
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 7a27b5aaa..431cc7639 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -153,9 +153,10 @@ gcc_warn_check() {
# always_overflow=yes
#fi
- if [[ ${f} == *'[-Wimplicit-function-declaration]'* ]]
; then
- implicit_func_decl=yes
- fi
+ # Disabled for now because too many failures. bug
#870412.
+ #if [[ ${f} == *'[-Wimplicit-function-declaration]'* ]]
; then
+ # implicit_func_decl=yes
+ #fi
if [[ ${always_overflow} = yes || ${implicit_func_decl}
= yes ]] ; then
eerror
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 739e8de006c6c2a247edef3e616fcdecba28edc8
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 07:38:53 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 07:38:53 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=739e8de0
install-qa-check.d/90gcc-warnings: drop some conversion warnings for now
While I want to keep these, Bash triggers them with a trick it uses
to force truncation in random.c, and I can't really justify FEATURES=stricter
stopping Bash from installing.
Signed-off-by: Sam James gentoo.org>
NEWS | 4
bin/install-qa-check.d/90gcc-warnings | 13 +
2 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/NEWS b/NEWS
index 5ee6e3bd1..2480f55a8 100644
--- a/NEWS
+++ b/NEWS
@@ -30,10 +30,6 @@ Features:
* -Wincompatible-function-pointer-types (Clang, becomes fatal in Clang 16)
(note we already have -Wincompatible-pointer-types in the list for GCC)
* -Wundefined-reinterpret-cast (Clang, C++ strict aliasing)
- * -Wint-conversion
- * -Wint-to-pointer-cast
- * -Wpointer-to-int-cast
- * -Wint-to-void-pointer-cast
* -Wcast-function-type-strict (Clang, CFI)
* Further -Wformat matches for missing specifiers.
In future, we may warn on all -Wformat (in particular because of e.g.
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 845a83b08..7a27b5aaa 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -66,14 +66,19 @@ gcc_warn_check() {
# the address of ... will never be NULL and likes
# (uses of function refs & string constants in
conditionals)
'warning: .*\[-Waddress\]'
+
+ # TODO: we want to enable these but bash currently
triggers
+ # them with a trick in random.c where it intentionally
wants
+ # some truncation :(
+ #
# warning: assignment/initialization to ... from ...
makes integer from pointer without cast
- 'warning: .*\[-Wint-conversion\]'
+ #'warning: .*\[-Wint-conversion\]'
# warning: cast to ... from integer of different size
(or smaller size)
- 'warning: .*\[-Wint-to-pointer-cast\]'
+ #'warning: .*\[-Wint-to-pointer-cast\]'
# warning: cast to ... from (smaller) integer type
- 'warning: .*\[-Wint-to-void-pointer-cast\]'
+ #'warning: .*\[-Wint-to-void-pointer-cast\]'
# warning: cast from ... to integer of different size
- 'warning: .*\[-Wpointer-to-int-cast\]'
+ #'warning: .*\[-Wpointer-to-int-cast\]'
# -Wformat
# TODO: comment out some time in future for time_t &
LFS preparedness
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: 2a352b6ff5ddd3a2d25ff6d0e6a50bc9daab67d6
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 07:17:45 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 07:30:36 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=2a352b6f
install-qa-check.d/90gcc-warnings: add -Wcast-function-type-strict
New Clang flag which will warn on casts that'll break with CFI.
Signed-off-by: Sam James gentoo.org>
NEWS | 1 +
bin/install-qa-check.d/90gcc-warnings | 2 ++
2 files changed, 3 insertions(+)
diff --git a/NEWS b/NEWS
index 6fe36cbe0..16552ea7d 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,7 @@ Features:
* -Wint-to-pointer-cast
* -Wpointer-to-int-cast
* -Wint-to-void-pointer-cast
+ * -Wcast-function-type-strict (Clang, CFI)
* Further -Wformat matches for missing specifiers.
In future, we may warn on all -Wformat (in particular because of e.g.
time_t & LFS).
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index d8322871b..7fd8502ef 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -92,6 +92,8 @@ gcc_warn_check() {
'warning: .*\[-Wincompatible-pointer-types\]'
# more specific form of -Wincompatible-pointer-types
(Clang)
'warning: .*\[-Wincompatible-function-pointer-types\]'
+ # these will fail with CFI
(https://reviews.llvm.org/D134831)
+ 'warning: .*\[-Wcast-function-type-strict\]'
# using wrong deallocator, e.g. using free() on object
allocated using my_malloc()
# when my_malloc() is annotated as needing my_free().
'warning: .*\[-Wmismatched-dealloc\]'
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 73fccc7cee325874e7533e1c809dc26e45e604e0
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 07:29:54 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 07:30:36 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=73fccc7c
install-qa-check.d/90gcc-warnings: add more Clang warnings
All of these are either smells of something wrong or likely UB:
-Wstrlcpy-strlcat-size
-Wstrncat-size
-Wsuspicious-bzero
-Wvarargs
Signed-off-by: Sam James gentoo.org>
NEWS | 4
bin/install-qa-check.d/90gcc-warnings | 6 ++
2 files changed, 10 insertions(+)
diff --git a/NEWS b/NEWS
index 16552ea7d..5ee6e3bd1 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,10 @@ Features:
* -Wreturn-type
* -Wstringop-overflow (GCC, FORTIFY_SOURCE)
* -Wfortify-source (Clang, FORTIFY_SOURCE)
+ * -Wstrlcpy-strlcat-size
+ * -Wstrncat-size
+ * -Wsuspicious-bzero
+ * -Wvarargs
* -Wargument-undefined-behaviour (Clang)
* -Wincompatible-function-pointer-types (Clang, becomes fatal in Clang 16)
(note we already have -Wincompatible-pointer-types in the list for GCC)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 7fd8502ef..845a83b08 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -49,6 +49,12 @@ gcc_warn_check() {
'warning: .*assuming pointer wraparound does not occur'
'warning: .*escape sequence out of range'
+ # all clang
+ 'warning: .*\[-Wstrlcpy-strlcat-size\]'
+ 'warning: .*\[-Wstrncat-size\]'
+ 'warning: .*\[-Wsuspicious-bzero\]'
+ 'warning: .*\[-Wvarargs\]'
+
# left-hand operand of comma expression has no effect
'warning: .*left.*comma.*\[-Wunused-value\]'
# converting to non-pointer type ... from NULL and likes
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: c4df46e3da5fee516dba000ade492c2462db99fd
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 03:36:39 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 03:38:13 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=c4df46e3
install-qa-check.d/90gcc-warnings: update outdated -Wformat pattern
This only covers missing specifiers. We may add generic -Wformat (as commented
out) for time_t & LFS stuff later on, but I don't want to do it in portage
3.0.39
as we're adding enough new stuff here.
Signed-off-by: Sam James gentoo.org>
NEWS | 3 +++
bin/install-qa-check.d/90gcc-warnings | 6 +-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index cf3487e4b..6fe36cbe0 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,9 @@ Features:
* -Wint-to-pointer-cast
* -Wpointer-to-int-cast
* -Wint-to-void-pointer-cast
+ * Further -Wformat matches for missing specifiers.
+In future, we may warn on all -Wformat (in particular because of e.g.
+time_t & LFS).
* install-qa-check.d: 90gcc-warnings: Always die on
-Wimplicit-function-declaration
and remove bin/check-implicit-pointer-usage.py of dubious licencing (it was
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index cdffcd029..d8322871b 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -69,8 +69,12 @@ gcc_warn_check() {
# warning: cast from ... to integer of different size
'warning: .*\[-Wpointer-to-int-cast\]'
- # outdated?
+ # -Wformat
+ # TODO: comment out some time in future for time_t &
LFS preparedness
+ #'warning: .*\[-Wformat=\]'
+ # -Wformat variants
'warning: .*too few arguments for format'
+ 'warning: .*missing sentinel in function
call.*\[-Wformat=\]'
# format ... expects a matching ... argument
# (iow, too few arguments for format in new wording :))
'warning: .*matching.*\[-Wformat=\]'
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 4a5dbb20506e366b205279a10504b66a2a96540a
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 03:27:34 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 03:31:48 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4a5dbb20
install-qa-check.d/90gcc-warnings: add -Wpointer-to-int-cast for completeness
Opposite side of -Wint-to-pointer-cast.
Signed-off-by: Sam James gentoo.org>
NEWS | 1 +
bin/install-qa-check.d/90gcc-warnings | 2 ++
2 files changed, 3 insertions(+)
diff --git a/NEWS b/NEWS
index 4745b580d..f8441b6ec 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,7 @@ Features:
* -Wundefined-reinterpret-cast (Clang, C++ strict aliasing)
* -Wint-conversion
* -Wint-to-pointer-cast
+ * -Wpointer-to-int-cast
* install-qa-check.d: 90gcc-warnings: Always die on
-Wimplicit-function-declaration
and remove bin/check-implicit-pointer-usage.py of dubious licencing (it was
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index b8b5f7147..2edabcde7 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -64,6 +64,8 @@ gcc_warn_check() {
'warning: .*\[-Wint-conversion\]'
# warning: cast to ... from integer of different size
(or smaller size)
'warning: .*\[-Wint-to-pointer-cast\]'
+ # warning: cast from ... to integer of different size
+ 'warning: .*\[-Wpointer-to-int-cast\]'
# outdated?
'warning: .*too few arguments for format'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: ee5ab4ca94fb308068d24291268abf52b9644c82
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 03:30:42 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 03:31:48 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ee5ab4ca
install-qa-check.d/90gcc-warnings: add -Wint-to-void-pointer-cast
We already have the other -Wint-conversions and this complements
-Wpointer-to-int-cast and -Wint-to-pointer-cast. The motivation
for all of these is finding things which are likely to break
across bitness.
Signed-off-by: Sam James gentoo.org>
NEWS | 1 +
bin/install-qa-check.d/90gcc-warnings | 2 ++
2 files changed, 3 insertions(+)
diff --git a/NEWS b/NEWS
index f8441b6ec..cf3487e4b 100644
--- a/NEWS
+++ b/NEWS
@@ -29,6 +29,7 @@ Features:
* -Wint-conversion
* -Wint-to-pointer-cast
* -Wpointer-to-int-cast
+ * -Wint-to-void-pointer-cast
* install-qa-check.d: 90gcc-warnings: Always die on
-Wimplicit-function-declaration
and remove bin/check-implicit-pointer-usage.py of dubious licencing (it was
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 2edabcde7..cdffcd029 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -64,6 +64,8 @@ gcc_warn_check() {
'warning: .*\[-Wint-conversion\]'
# warning: cast to ... from integer of different size
(or smaller size)
'warning: .*\[-Wint-to-pointer-cast\]'
+ # warning: cast to ... from (smaller) integer type
+ 'warning: .*\[-Wint-to-void-pointer-cast\]'
# warning: cast from ... to integer of different size
'warning: .*\[-Wpointer-to-int-cast\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4030f0006c83bd7aa7a9c3549b6fe0910458ae62
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 02:29:43 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 02:29:43 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4030f000
install-qa-check.d/90gcc-warnings: fix grep warning
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 2f6f393a4..b8b5f7147 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -20,7 +20,7 @@ gcc_warn_check() {
'warning: .*will.*\[-Wstrict-aliasing\]'
'warning: .*does.*\[-Wstrict-aliasing\]'
# strict aliasing violation in C++ (Clang)
- 'warning: .*\[\-Wundefined-reinterpret-cast\]'
+ 'warning: .*\[-Wundefined-reinterpret-cast\]'
# implicit declaration of function ‘...’
'warning: .*\[-Wimplicit-function-declaration\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a38aa2108f996c834e8ca2f10fb151a111c782dc
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 02:12:32 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 02:25:45 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a38aa210
install-qa-check.d/90gcc-warnings: add -Wint-conversion, -Wint-to-pointer-cast
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 4
1 file changed, 4 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index cd12558ba..7a859eb88 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -54,6 +54,10 @@ gcc_warn_check() {
# the address of ... will never be NULL and likes
# (uses of function refs & string constants in
conditionals)
'warning: .*\[-Waddress\]'
+ # warning: assignment/initialization to ... from ...
makes integer from pointer without cast
+ 'warning: .*\[-Wint-conversion\]'
+ # warning: cast to ... from integer of different size
(or smaller size)
+ 'warning: .*\[-Wint-to-pointer-cast\]'
# outdated?
'warning: .*too few arguments for format'
# format ... expects a matching ... argument
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 800337e1d2d5d2d04eb83fe57f519850074b6e66
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 02:23:22 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 02:25:46 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=800337e1
install-qa-check.d/90gcc-warnings: add -Wargument-undefined-behaviour
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 2 ++
1 file changed, 2 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 403c19684..2f6f393a4 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -94,6 +94,8 @@ gcc_warn_check() {
'warning: .*\[-Wlto-type-mismatch\]'
# ODR
(https://wiki.gentoo.org/wiki/Project:Toolchain/LTO)
'warning: .*\[-Wodr\]'
+ # warning: argument value A will result in undefined
behaviour (Clang)
+ 'warning: .*\[-Wargument-undefined-behaviour\]'
# this may be valid code :/
#': warning: multi-character character constant'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: dc6035cdcd66a447a5ffc16b4e028604eafb82bf
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 02:22:22 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 02:25:45 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=dc6035cd
install-qa-check.d/90gcc-warnings: add -Wundefined-reinterpret-cast
A type of strict aliasing violation which can only happen in C++.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 2 ++
1 file changed, 2 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 162e97459..d8bde18cb 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -19,6 +19,8 @@ gcc_warn_check() {
# only will and does, no might :)
'warning: .*will.*\[-Wstrict-aliasing\]'
'warning: .*does.*\[-Wstrict-aliasing\]'
+ # strict aliasing violation in C++ (Clang)
+ 'warning: .*\[\-Wundefined-reinterpret-cast\]'
# implicit declaration of function ‘...’
'warning: .*\[-Wimplicit-function-declaration\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 40673d0184a695c5f92fd6b8d241db9697b234f4
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 02:22:52 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 02:25:45 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=40673d01
install-qa-check.d/90gcc-warnings: add -Wincompatible-function-pointer-types
Clang 16 makes this fatal, but we're just going to warn on it here. We
already have -Wincompatible-pointer-types anyway.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 2 ++
1 file changed, 2 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index d8bde18cb..403c19684 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -82,6 +82,8 @@ gcc_warn_check() {
'warning: .*\[-Waggressive-loop-optimizations\]'
# conversion between pointers that have incompatible
types
'warning: .*\[-Wincompatible-pointer-types\]'
+ # more specific form of -Wincompatible-pointer-types
(Clang)
+ 'warning: .*\[-Wincompatible-function-pointer-types\]'
# using wrong deallocator, e.g. using free() on object
allocated using my_malloc()
# when my_malloc() is annotated as needing my_free().
'warning: .*\[-Wmismatched-dealloc\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4982bec7b9623415fec4dc9d4d7a9696b47a4479
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 02:22:06 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 02:25:45 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4982bec7
install-qa-check.d/90gcc-warnings: formatting tweaks
Group similar warnings together.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 6 ++
1 file changed, 6 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 7a859eb88..162e97459 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -19,18 +19,21 @@ gcc_warn_check() {
# only will and does, no might :)
'warning: .*will.*\[-Wstrict-aliasing\]'
'warning: .*does.*\[-Wstrict-aliasing\]'
+
# implicit declaration of function ‘...’
'warning: .*\[-Wimplicit-function-declaration\]'
# with -Wall, goes in pair with
-Wimplicit-function-declaration
# but without -Wall, we need to assert for it alone
'warning: .*incompatible implicit declaration of
built-in function'
'warning: .*\[-Wbuiltin-declaration-mismatch\]'
+
# 'is used uninitialized in this function' and some more
'warning: .*\[-Wuninitialized\]'
# comparisons like ‘X<=Y<=Z’ do not have their
mathematical meaning
'warning: .*mathematical meaning*\[-Wparentheses\]'
# null argument where non-null required
'warning: .*\[-Wnonnull\]'
+
# array subscript is above/below/outside array bounds
(FORTIFY_SOURCE)
'warning: .*\[-Warray-bounds\]'
# attempt to free a non-heap object
@@ -43,6 +46,7 @@ gcc_warn_check() {
'warning: .*\[-Wfortify-source\]'
'warning: .*assuming pointer wraparound does not occur'
'warning: .*escape sequence out of range'
+
# left-hand operand of comma expression has no effect
'warning: .*left.*comma.*\[-Wunused-value\]'
# converting to non-pointer type ... from NULL and likes
@@ -58,11 +62,13 @@ gcc_warn_check() {
'warning: .*\[-Wint-conversion\]'
# warning: cast to ... from integer of different size
(or smaller size)
'warning: .*\[-Wint-to-pointer-cast\]'
+
# outdated?
'warning: .*too few arguments for format'
# format ... expects a matching ... argument
# (iow, too few arguments for format in new wording :))
'warning: .*matching.*\[-Wformat=\]'
+
# function returns address of local variable
'warning: .*\[-Wreturn-local-addr\]'
# missing return at end of function, or non-void return
in a void function
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, bin/
commit: 85723dbd4d8fa6392001adeb8ca695a29e530949
Author: Sam James gentoo org>
AuthorDate: Wed Nov 9 01:16:27 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 9 01:17:50 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=85723dbd
bin: replace check-implicit-pointer-usage.py
Always die on -Wimplicit-function-declaration as Clang 16 is going
to make it fatal and it's always pretty dubious.
The licencing of check-implicit-pointer-usage.py is also unclear,
but the tool has been broken since GCC 4.5(!)
Bug: https://bugs.gentoo.org/365655
Bug: https://bugs.gentoo.org/870412
Signed-off-by: Sam James gentoo.org>
bin/check-implicit-pointer-usage.py | 79 ---
bin/install-qa-check.d/90gcc-warnings | 46
2 files changed, 7 insertions(+), 118 deletions(-)
diff --git a/bin/check-implicit-pointer-usage.py
b/bin/check-implicit-pointer-usage.py
deleted file mode 100755
index 06b666c88..0
--- a/bin/check-implicit-pointer-usage.py
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/bin/env python
-
-# Ripped from HP and updated from Debian
-# Update by Gentoo to support unicode output
-
-#
-# Copyright (c) 2004 Hewlett-Packard Development Company, L.P.
-# David Mosberger
-#
-# Scan standard input for GCC warning messages that are likely to
-# source of real 64-bit problems. In particular, see whether there
-# are any implicitly declared functions whose return values are later
-# interpreted as pointers. Those are almost guaranteed to cause
-# crashes.
-#
-
-import re
-import sys
-
-implicit_pattern = re.compile(
-r"([^:]*):(\d+): warning: implicit declaration " + "of function
[`']([^']*)'"
-)
-pointer_pattern = (
-r"([^:]*):(\d+): warning: "
-+ r"("
-+ r"(assignment"
-+ r"|initialization"
-+ r"|return"
-+ r"|passing arg \d+ of `[^']*'"
-+ r"|passing arg \d+ of pointer to function"
-+ r") makes pointer from integer without a cast"
-+ r"|"
-+ r"cast to pointer from integer of different size)"
-)
-
-unicode_quote_open = "\u2018"
-unicode_quote_close = "\u2019"
-
-
-def write(msg):
-sys.stdout.buffer.write(msg.encode("utf_8", "backslashreplace"))
-
-
-pointer_pattern = re.compile(pointer_pattern)
-
-last_implicit_filename = ""
-last_implicit_linenum = -1
-last_implicit_func = ""
-
-while True:
-line = sys.stdin.buffer.readline().decode("utf_8", "replace")
-if not line:
-break
-# translate unicode open/close quotes to ascii ones
-line = line.replace(unicode_quote_open, "`")
-line = line.replace(unicode_quote_close, "'")
-m = implicit_pattern.match(line)
-if m:
-last_implicit_filename = m.group(1)
-last_implicit_linenum = int(m.group(2))
-last_implicit_func = m.group(3)
-else:
-m = pointer_pattern.match(line)
-if m:
-pointer_filename = m.group(1)
-pointer_linenum = int(m.group(2))
-if (
-last_implicit_filename == pointer_filename
-and last_implicit_linenum == pointer_linenum
-):
-write(
-"Function `%s' implicitly converted to pointer at "
-"%s:%d\n"
-% (
-last_implicit_func,
-last_implicit_filename,
-last_implicit_linenum,
-)
-)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index f5dae8a76..cd12558ba 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -110,12 +110,17 @@ gcc_warn_check() {
f=$(LC_CTYPE=C LC_COLLATE=C "${grep_cmd}" -E -a
"${joined_msgs}" "${PORTAGE_LOG_FILE}" | uniq)
if [[ -n ${f} ]] ; then
abort="yes"
+
# for now, don't make this fatal (see bug #337031)
#if [[ ${f} == *'will always overflow destination
buffer'* ]]; then
# always_overflow=yes
#fi
- if [[ ${always_overflow} = yes ]] ; then
+ if [[ ${f} == *'[-Wimplicit-function-declaration]'* ]]
; then
+ implicit_func_decl=yes
+ fi
+
+ if [[ ${always_overflow} = yes || ${implicit_func_decl}
= yes ]] ; then
eerror
eerror "QA Notice: Package triggers severe
warnings which indicate that it"
eerror " may exhibit random runtime
failures."
@@ -134,47 +139,10 @@ gcc_warn_check() {
fi
fi
- local cat_cmd=cat
- [[ ${PORTAGE_LOG_FILE} = *.gz ]] && cat_cmd=zcat
[[ ${reset_debug} = 1 ]] && set -x
-
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 1619bda983a731961b17504e2a48e44d4849d2cc
Author: Sam James gentoo org>
AuthorDate: Tue Nov 8 23:51:35 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Nov 8 23:51:35 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=1619bda9
install-qa-check.d/90gcc-warnings: improve -Warray-bounds comment
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 579cb4135..f5dae8a76 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -31,7 +31,7 @@ gcc_warn_check() {
'warning: .*mathematical meaning*\[-Wparentheses\]'
# null argument where non-null required
'warning: .*\[-Wnonnull\]'
- # array subscript is above/below/outside array bounds
+ # array subscript is above/below/outside array bounds
(FORTIFY_SOURCE)
'warning: .*\[-Warray-bounds\]'
# attempt to free a non-heap object
'warning: .*\[-Wfree-nonheap-object\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, /
commit: 9d454e1ad76d4a6fcb0184854e9a65ad6929e972
Author: Sam James gentoo org>
AuthorDate: Tue Nov 8 23:47:51 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Nov 8 23:49:16 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=9d454e1a
install-qa-check.d/90gcc-warnings: add further FORTIFY_SOURCE-related warnings
These are the compile-time parts of FORTIFY_SOURCE [0]:
* -Wstringop-overflow (GCC only)
* -Wfortify-source (Clang only)
[0] https://maskray.me/blog/2022-11-06-fortify-source
Signed-off-by: Sam James gentoo.org>
NEWS | 2 ++
bin/install-qa-check.d/90gcc-warnings | 4
2 files changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index ac21358b2..5395d0cb2 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,8 @@ Features:
* -Wmismatched-dealloc
* -Wodr (LTO esp.)
* -Wreturn-type
+ * -Wstringop-overflow (GCC, FORTIFY_SOURCE)
+ * -Wfortify-source (Clang, FORTIFY_SOURCE)
* ecompress, etc: Support additional compression suffixes for texinfo:
.Z, .bz2, .lzma, .lz, .xz, .zst (bug #757525).
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 3a57c0a3b..579cb4135 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -37,6 +37,10 @@ gcc_warn_check() {
'warning: .*\[-Wfree-nonheap-object\]'
# those three do not have matching -W flags, it seems
'warning: .*will always overflow destination buffer'
+ # compile-time part of FORTIFY_SOURCE
+ 'warning: .*\[-Wstringop-overflow\]'
+ # clang-only, equivalent of -Wstringop-overflow
+ 'warning: .*\[-Wfortify-source\]'
'warning: .*assuming pointer wraparound does not occur'
'warning: .*escape sequence out of range'
# left-hand operand of comma expression has no effect
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: ebea8fa53bdd871deb841463f5fbd4f427b6ef3c
Author: Sam James gentoo org>
AuthorDate: Thu Oct 27 23:37:42 2022 +
Commit: Sam James gentoo org>
CommitDate: Thu Oct 27 23:37:42 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ebea8fa5
install-qa-check.d/90gcc-warnings: add -Wreturn-type
Clang in particular optimises very aggressively based
on this (if there's a missing return at the end, it'll end
up performing mental gymnastics to deduce some other earlier
case is taken).
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 3 +++
1 file changed, 3 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 662d2fd3a..7a506d357 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -56,6 +56,9 @@ gcc_warn_check() {
'warning: .*matching.*\[-Wformat=\]'
# function returns address of local variable
'warning: .*\[-Wreturn-local-addr\]'
+ # missing return at end of function, or non-void return
in a void function
+ # (clang at least aggressively optimises on this)
+ 'warning: .*\[-Wreturn-type\]'
# argument to sizeof ... is the same expression as the
source
'warning: .*\[-Wsizeof-pointer-memaccess\]'
# iteration invokes undefined behavior
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: de8d2c8de7d456a15f83551bfc3fcf6ff1fffaf1
Author: Sam James gentoo org>
AuthorDate: Thu Oct 27 23:37:43 2022 +
Commit: Sam James gentoo org>
CommitDate: Thu Oct 27 23:37:43 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=de8d2c8d
install-qa-check.d/90gcc-warnings: add -Wmismatched-dealloc
These could easily lead to UAFs / out of bound access if the
malloc used is oversized (e.g. using my_free() on something
allocated by malloc(), with my_free() assuming existence
of some extra data from my_malloc()).
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 3 +++
1 file changed, 3 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 256e6918b..3a57c0a3b 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -66,6 +66,9 @@ gcc_warn_check() {
'warning: .*\[-Waggressive-loop-optimizations\]'
# conversion between pointers that have incompatible
types
'warning: .*\[-Wincompatible-pointer-types\]'
+ # using wrong deallocator, e.g. using free() on object
allocated using my_malloc()
+ # when my_malloc() is annotated as needing my_free().
+ 'warning: .*\[-Wmismatched-dealloc\]'
# clobbered: Warn for variables that might be changed
by longjmp or vfork
# (This warning is also enabled by -Wextra.)
'warning: .*\[-Wclobbered\]'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: eaf2868e99280cb6c57df528f63f98c6b4757ef6
Author: Sam James gentoo org>
AuthorDate: Thu Oct 27 23:37:43 2022 +
Commit: Sam James gentoo org>
CommitDate: Thu Oct 27 23:37:43 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=eaf2868e
install-qa-check.d/90gcc-warnings: add -Wbuiltin-declaration-mismatch
Closely related to -Wimplicit-function-declaration. It's a mistake
to do this anyway, but it's particularly bad if it then inhibits
further compiler diagnostics.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 1 +
1 file changed, 1 insertion(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 7a506d357..256e6918b 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -24,6 +24,7 @@ gcc_warn_check() {
# with -Wall, goes in pair with
-Wimplicit-function-declaration
# but without -Wall, we need to assert for it alone
'warning: .*incompatible implicit declaration of
built-in function'
+ 'warning: .*\[-Wbuiltin-declaration-mismatch\]'
# 'is used uninitialized in this function' and some more
'warning: .*\[-Wuninitialized\]'
# comparisons like ‘X<=Y<=Z’ do not have their
mathematical meaning
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a6675b40d06142f43f2592ed09b5c2bfa433c5c2
Author: Sam James gentoo org>
AuthorDate: Mon Oct 10 19:47:12 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Oct 11 19:18:36 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a6675b40
install-qa-check.d/90gcc-warnings: add TODO for -Wformat-security
Signed-off-by: Sam James gentoo.org>
Closes: https://github.com/gentoo/portage/pull/923
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 1 +
1 file changed, 1 insertion(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 7c4b1f8e3..662d2fd3a 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -1,5 +1,6 @@
# Check for important gcc warnings
# TODO: adapt for clang?
+# TODO: add -Wformat-security
gcc_warn_check() {
local f
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 8dc1ff9cc9eea96cd953b73c74e621d1d4c29efa
Author: Sam James gentoo org>
AuthorDate: Mon Oct 10 19:42:39 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Oct 11 19:18:36 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=8dc1ff9c
install-qa-check.d/90gcc-warnings: add Clang TODO
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 6014f6be9..7c4b1f8e3 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -1,4 +1,5 @@
-# Check for important gcc warning
+# Check for important gcc warnings
+# TODO: adapt for clang?
gcc_warn_check() {
local f
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: aa5f84544096f3ffa5fad307768537ca34e8193e
Author: Sam James gentoo org>
AuthorDate: Mon Oct 10 19:42:00 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Oct 11 19:18:36 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=aa5f8454
install-qa-check.d/90gcc-warnings: add more LTO warnings (-Wodr,
-Wlto-type-mismatch)
Bug: https://bugs.gentoo.org/618550
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 4
1 file changed, 4 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index d118ce958..6014f6be9 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -63,6 +63,10 @@ gcc_warn_check() {
# clobbered: Warn for variables that might be changed
by longjmp or vfork
# (This warning is also enabled by -Wextra.)
'warning: .*\[-Wclobbered\]'
+ # LTO type mismatch
(https://wiki.gentoo.org/wiki/Project:Toolchain/LTO)
+ 'warning: .*\[-Wlto-type-mismatch\]'
+ # ODR
(https://wiki.gentoo.org/wiki/Project:Toolchain/LTO)
+ 'warning: .*\[-Wodr\]'
# this may be valid code :/
#': warning: multi-character character constant'
[gentoo-commits] proj/portage:master commit in: /, bin/install-qa-check.d/
commit: 772fdceea5f148d9bb5fd6c87ffd48f87ca93bab
Author: Sam James gentoo org>
AuthorDate: Tue Aug 23 00:27:52 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Aug 23 00:33:19 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=772fdcee
bin/install-qa-check.d: drop QA_PKGCONFIG_VERSION checks from 60pkgconfig
They've been too noisy. We can consider restoring this with an opt-in
check (perhaps by setting QA_PKGCONFIG_VERSION) in future.
Bug: https://bugs.gentoo.org/857654
Signed-off-by: Sam James gentoo.org>
NEWS | 3 ++
bin/install-qa-check.d/60pkgconfig | 60 --
2 files changed, 3 insertions(+), 60 deletions(-)
diff --git a/NEWS b/NEWS
index 87799bc4f..9cf67107a 100644
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,9 @@ Bug fixes:
* dispatch-conf: respect (E)ROOT
+* install-qa-check.d: 60pkgconfig: drop noisy pkg-config mismatched Version
+ field check (bug 857654).
+
* install-qa-check.d: 60pkgconfig: fix --validate check by adding
${ED}/usr/{lib*,share} to search path.
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 20acaa7fb..f44ec232a 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -88,66 +88,6 @@ pkgconfig_check() {
eqawarn "(contains reference to either lib or lib64 in wrong
directory)"
eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}"
fi
-
- # Check for mismatched Version field vs ${PV}
- # To be safe, let's make sure _all_ installed .pcs have a bad Version
- # before warning, as this should catch the general cases we're worried
- # about, while avoiding any pathological cases e.g. multiple libraries
- # with different versioning within one package.
- # Example bugs: bug #833895, bug #833887.
-
- # Default to PV if QA_PKGCONFIG_VERSION is unset.
- if [[ -z ${QA_PKGCONFIG_VERSION+set} ]]; then
- local QA_PKGCONFIG_VERSION=${PV}
- fi
-
- # Skip the check if QA_PKGCONFIG_VERSION is set to empty string.
- if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then
- local
pms_ver_re="^([0-9]+(\.[0-9]+)*)([a-z]?)((_(alpha|beta|pre|rc|p)[0-9]*)*)(-r[0-9]+)?$"
- local -A bad_files
-
- local is_pms_ver=false
- if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then
- # Ensure that ver_test is available.
- [[ $(type -t ver_test) == function ]] || inherit
eapi7-ver
- is_pms_ver=true
- fi
-
- for f in "${files[@]}" ; do
- local file_version=$(pkg-config --modversion "${f}")
- if [[ -n ${file_version} ]] ; then
- if ${is_pms_ver} && [[ ${file_version} =~
${pms_ver_re} ]]; then
- # If both versions comply to PMS, then
we can use ver_test to compare them.
- ver_test ${QA_PKGCONFIG_VERSION} -eq
${file_version} && continue
- else
- # Otherwise, we resort to string
comparision.
- [[ ${QA_PKGCONFIG_VERSION} ==
${file_version} ]] && continue
- fi
- else
- # Record a special value if the .pc file has no
version set at all.
- file_version=""
- fi
-
- bad_files["${f//${D}}"]="${file_version}"
- done
-
- # Skip result reporting if *_p* because for both _pN and _preN,
we
- # don't generally expect the versions to be exactly accurate,
and
- # we want to avoid false positives.
- if [[ ${#bad_files[@]} -gt 0 && ${PV} != *_p* ]] && ! has live
${PROPERTIES} ; then
- eqawarn "QA Notice: pkg-config files with mismatched
Version found!"
- eqawarn "The Version field of the following files does
not match ${PV}"
- local bad_file
- for bad_file in "${!bad_files[@]}"; do
- local
bad_file_version="${bad_files[${bad_file}]}"
- eqawarn "- ${bad_file}: ${bad_file_version}"
- done
- eqawarn "Please check all .pc files installed by this
package."
- eqawarn "You can use QA_PKGCONFIG_VERSION to set the
expected version,"
- eqawarn "or set to the empty string to disable this QA
check."
- eqatag pkgconfig.unexpected-version ${!bad_files[@]}
- fi
- fi
}
pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 87deddd57a3259875d524138aeadd297d7b660c7
Author: genBTC gmx com>
AuthorDate: Sun May 22 22:04:11 2022 +
Commit: Sam James gentoo org>
CommitDate: Fri Aug 19 00:07:34 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=87deddd5
install-qa-check.d/90gcc-warnings: add -Wincompatible-pointer-types, -Wclobbered
They appear rarely enough that the additional noise should not be too much of a
concern for QA,
but of enough importance that it should be investigated and dealt with.
Only a couple (~2) packages were flagged during inspecting my past build logs
to test this commit.
Closes: https://github.com/gentoo/portage/pull/833
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 5 +
1 file changed, 5 insertions(+)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 52124427d..d118ce958 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -58,6 +58,11 @@ gcc_warn_check() {
'warning: .*\[-Wsizeof-pointer-memaccess\]'
# iteration invokes undefined behavior
'warning: .*\[-Waggressive-loop-optimizations\]'
+ # conversion between pointers that have incompatible
types
+ 'warning: .*\[-Wincompatible-pointer-types\]'
+ # clobbered: Warn for variables that might be changed
by longjmp or vfork
+ # (This warning is also enabled by -Wextra.)
+ 'warning: .*\[-Wclobbered\]'
# this may be valid code :/
#': warning: multi-character character constant'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 32657fd62a4ab7616c28ea85cfaafb66695d7ab6
Author: Florian Schmaus gentoo org>
AuthorDate: Sun Aug 14 18:46:52 2022 +
Commit: Sam James gentoo org>
CommitDate: Sun Aug 14 20:43:37 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=32657fd6
install-qa-check.d/60pkgconfig: fix ver_test type check
Somehow, this ended up using the wrong argument to bash's 'type'
builtin. :/ It must be '-t', which prints the type of the queried
name.
Fixes: f46b89282ff5 ("install-qa-check.d/60pkgconfig: use ver_test to compare
versions")
Signed-off-by: Florian Schmaus gentoo.org>
Closes: https://github.com/gentoo/portage/pull/887
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index e275e1ee2..20acaa7fb 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -109,7 +109,7 @@ pkgconfig_check() {
local is_pms_ver=false
if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then
# Ensure that ver_test is available.
- [[ $(type -f ver_test) == function ]] || inherit
eapi7-ver
+ [[ $(type -t ver_test) == function ]] || inherit
eapi7-ver
is_pms_ver=true
fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: f46b89282ff58974bedb6ed29c83cfeab1e5ad4f
Author: Florian Schmaus gentoo org>
AuthorDate: Mon Aug 1 07:54:22 2022 +
Commit: Sam James gentoo org>
CommitDate: Sat Aug 13 17:30:25 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=f46b8928
install-qa-check.d/60pkgconfig: use ver_test to compare versions
Motivied by Matthew's question if the version comparision could be
improved so that, e.g., 25.0 and 25.0.0 are treated as equal.
Note that using ver_test requires that we check the arguments passed
to ver_test conform to PMS version strings. If this is not the case,
then we fall back to the previous behavior and perform a string
comparision.
Thanks-to: Matthew Smith gentoo.org>
Signed-off-by: Florian Schmaus gentoo.org>
Closes: https://github.com/gentoo/portage/pull/882
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 30 +-
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index a8e0aa5db..e275e1ee2 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -103,26 +103,38 @@ pkgconfig_check() {
# Skip the check if QA_PKGCONFIG_VERSION is set to empty string.
if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then
- local all_bad=yes
+ local
pms_ver_re="^([0-9]+(\.[0-9]+)*)([a-z]?)((_(alpha|beta|pre|rc|p)[0-9]*)*)(-r[0-9]+)?$"
local -A bad_files
+
+ local is_pms_ver=false
+ if [[ ${QA_PKGCONFIG_VERSION} =~ ${pms_ver_re} ]] ; then
+ # Ensure that ver_test is available.
+ [[ $(type -f ver_test) == function ]] || inherit
eapi7-ver
+ is_pms_ver=true
+ fi
+
for f in "${files[@]}" ; do
local file_version=$(pkg-config --modversion "${f}")
- if [[ ${QA_PKGCONFIG_VERSION} == ${file_version} ]] ;
then
- all_bad=no
- break
- fi
-
- # Record a special value if the .pc file has no version
set at all.
- if [[ -z ${file_version} ]] ; then
+ if [[ -n ${file_version} ]] ; then
+ if ${is_pms_ver} && [[ ${file_version} =~
${pms_ver_re} ]]; then
+ # If both versions comply to PMS, then
we can use ver_test to compare them.
+ ver_test ${QA_PKGCONFIG_VERSION} -eq
${file_version} && continue
+ else
+ # Otherwise, we resort to string
comparision.
+ [[ ${QA_PKGCONFIG_VERSION} ==
${file_version} ]] && continue
+ fi
+ else
+ # Record a special value if the .pc file has no
version set at all.
file_version=""
fi
+
bad_files["${f//${D}}"]="${file_version}"
done
# Skip result reporting if *_p* because for both _pN and _preN,
we
# don't generally expect the versions to be exactly accurate,
and
# we want to avoid false positives.
- if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live
${PROPERTIES} ; then
+ if [[ ${#bad_files[@]} -gt 0 && ${PV} != *_p* ]] && ! has live
${PROPERTIES} ; then
eqawarn "QA Notice: pkg-config files with mismatched
Version found!"
eqawarn "The Version field of the following files does
not match ${PV}"
local bad_file
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4be2288e5e34cbcf59e92d5ad2d3763a1475a09d
Author: Florian Schmaus gentoo org>
AuthorDate: Sat Jul 30 08:49:06 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Aug 10 04:36:46 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4be2288e
install-qa-check.d/60pkgconfig: improve pkg-config version check
Make the pkg-config .pc-file version check display the actual found
version and hint towards the QA_PKGCONFIG_VERSION variable.
Signed-off-by: Florian Schmaus gentoo.org>
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 21 -
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 54122fe61..e95746505 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -104,15 +104,19 @@ pkgconfig_check() {
# Skip the check if QA_PKGCONFIG_VERSION is set to empty string.
if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then
local all_bad=yes
- # Record the last bad file matched
- local bad_file
+ local -A bad_files
for f in "${files[@]}" ; do
- if [[ ${QA_PKGCONFIG_VERSION} == $(pkg-config
--modversion "${f}") ]] ; then
+ local file_version=$(pkg-config --modversion "${f}")
+ if [[ ${QA_PKGCONFIG_VERSION} == ${file_version} ]] ;
then
all_bad=no
break
fi
- bad_file="${f//${D}}"
+ # Record a special value if the .pc file has no version
set at all.
+ if [[ -z ${file_version} ]] ; then
+ file_version=""
+ fi
+ bad_files["${f//${D}}"]="${file_version}"
done
# Skip result reporting if *_p* because for both _pN and _preN,
we
@@ -120,8 +124,15 @@ pkgconfig_check() {
# we want to avoid false positives.
if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live
${PROPERTIES} ; then
eqawarn "QA Notice: pkg-config files with mismatched
Version found!"
- eqawarn "At least ${bad_file}'s Version field does not
match ${PV}"
+ eqawarn "The Version field of the following files does
not match ${PV}"
+ local bad_file
+ for bad_file in "${!bad_files[@]}"; do
+ local
bad_file_version="${bad_files[${bad_file}]}"
+ eqawarn "- ${bad_file}: ${bad_file_version}"
+ done
eqawarn "Please check all .pc files installed by this
package."
+ eqawarn "You can use QA_PKGCONFIG_VERSION to set the
expected version,"
+ eqawarn "or set to the empty string to disable this QA
check."
fi
fi
}
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4dd66128f1b09cbe033e6eaf4d9ba7f8da274a65
Author: Florian Schmaus gentoo org>
AuthorDate: Mon Aug 1 07:53:44 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Aug 10 04:36:46 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4dd66128
install-qa-check.d/60pkgconfig: use "eqatag pkgconfig.unexpected-version"
Suggested-by: Sam James gentoo.org>
Signed-off-by: Florian Schmaus gentoo.org>
Closes: https://github.com/gentoo/portage/pull/875
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index e95746505..a8e0aa5db 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -133,6 +133,7 @@ pkgconfig_check() {
eqawarn "Please check all .pc files installed by this
package."
eqawarn "You can use QA_PKGCONFIG_VERSION to set the
expected version,"
eqawarn "or set to the empty string to disable this QA
check."
+ eqatag pkgconfig.unexpected-version ${!bad_files[@]}
fi
fi
}
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 4f7f71fe7fca2744954d0092c3095221905f7e04
Author: Sam James gentoo org>
AuthorDate: Mon Aug 1 02:47:56 2022 +
Commit: Sam James gentoo org>
CommitDate: Mon Aug 1 22:37:51 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=4f7f71fe
install-qa-check.d: 60pkgconfig: add ${ED}/usr/{lib*,share}/pkgconfig to search
path
Needed for --validate to not barf sometimes.
Signed-off-by: Sam James gentoo.org>
Closes: https://github.com/gentoo/portage/pull/880
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 6f1d6b8b1..54122fe61 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -27,7 +27,7 @@ pkgconfig_check() {
# seems like f.d.o, OpenBSD, and of course pkgconf do though.
# Need --maximum-traverse-depth=1 to avoid checking deps and giving
# unrelated warnings/errors.
- if ! pkg-config --maximum-traverse-depth=1 --validate "${files[@]}" ;
then
+ if ! pkg-config --maximum-traverse-depth=1
--with-path="${ED}"/usr/{lib*,share}/pkgconfig --validate "${files[@]}" ; then
eqawarn "QA Notice: pkg-config files which fail validation
found!"
eqawarn "Run 'pkg-config --validate ...' for more information"
fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: cf16daf828e73ba5c37cd87086bfdc43eea23dd2
Author: Sam James gentoo org>
AuthorDate: Thu Jul 28 02:56:20 2022 +
Commit: Sam James gentoo org>
CommitDate: Mon Aug 1 22:38:11 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=cf16daf8
install-qa-checks.d: fix 90gcc-warnings for other 64-bit arches
We were missing:
- aarch64*
- arm64* (Apple uses this for arm64)
- loongarch64*
- riscv64*
- s390x*
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/90gcc-warnings | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 041e39c8b..52124427d 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -113,25 +113,26 @@ gcc_warn_check() {
fi
local cat_cmd=cat
- [[ $PORTAGE_LOG_FILE = *.gz ]] && cat_cmd=zcat
- [[ $reset_debug = 1 ]] && set -x
+ [[ ${PORTAGE_LOG_FILE} = *.gz ]] && cat_cmd=zcat
+ [[ ${reset_debug} = 1 ]] && set -x
+
# Use safe cwd, avoiding unsafe import for bug #469338.
- f=$(cd "${PORTAGE_PYM_PATH}" ; $cat_cmd "${PORTAGE_LOG_FILE}" |
\
- "${PORTAGE_PYTHON:-/usr/bin/python}"
"$PORTAGE_BIN_PATH"/check-implicit-pointer-usage.py || die
"check-implicit-pointer-usage.py failed")
- if [[ -n ${f} ]] ; then
+ f=$(cd "${PORTAGE_PYM_PATH}" ; ${cat_cmd} "${PORTAGE_LOG_FILE}"
| \
+ "${PORTAGE_PYTHON:-/usr/bin/python}"
"${PORTAGE_BIN_PATH}"/check-implicit-pointer-usage.py || die
"check-implicit-pointer-usage.py failed")
+ if [[ -n ${f} ]] ; then
# In the future this will be a forced "die". In
preparation,
# increase the log level from "qa" to "eerror" so that
people
- # are aware this is a problem that must be fixed asap.
+ # are aware this is a problem that must be fixed ASAP.
- # just warn on 32bit hosts but bail on 64bit hosts
+ # Just warn on 32bit hosts but bail on 64bit hosts
case ${CHOST} in
-
alpha*|hppa64*|ia64*|powerpc64*|mips64*|sparc64*|sparcv9*|x86_64*)
gentoo_bug=yes ;;
+
alpha*|aarch64*|arm64*|hppa64*|ia64*|powerpc64*|loongarch64*|mips64*|riscv64*|sparc64*|sparcv9*|s390x*|x86_64*)
gentoo_bug=yes ;;
esac
abort=yes
- if [[ $gentoo_bug = yes ]] ; then
+ if [[ ${gentoo_bug} = yes ]] ; then
eerror
eerror "QA Notice: Package triggers severe
warnings which indicate that it"
eerror " will almost certainly crash
on 64bit architectures."
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 06af67ad303d2f0d8a82c4d6cd4c594d7694689b
Author: Sam James gentoo org>
AuthorDate: Mon Aug 1 02:41:09 2022 +
Commit: Sam James gentoo org>
CommitDate: Mon Aug 1 22:37:51 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=06af67ad
install-qa-check.d: 60pkgconfig: only verify defined variables in EPREFIX check
e.g. 'exec_prefix' might not even appear in the pkg-config file.
Bug: https://bugs.gentoo.org/860825
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 3 +++
1 file changed, 3 insertions(+)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index d4ba42f5b..6f1d6b8b1 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -38,6 +38,9 @@ pkgconfig_check() {
for f in "${files[@]}" ; do
local key
for key in prefix exec_prefix libdir includedir ; do
+ # Check if the variable is even in there (bug
#860825)
+ grep -E -q "^${key}" "${f}" || continue
+
local value=$(pkg-config --variable="${key}"
"${f}")
if [[ ${value} != "${EPREFIX}"* ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 7e39ed552544e6551c00f4a6231898d3f53c2204
Author: Fabian Groffen gentoo org>
AuthorDate: Tue Jul 26 18:46:38 2022 +
Commit: Fabian Groffen gentoo org>
CommitDate: Thu Jul 28 06:32:01 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=7e39ed55
bin/install-qa-check.d/80multilib-strict: use file/find from Prefix
Signed-off-by: Fabian Groffen gentoo.org>
bin/install-qa-check.d/80multilib-strict | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/80multilib-strict
b/bin/install-qa-check.d/80multilib-strict
index afd223250..42e5f1ca6 100644
--- a/bin/install-qa-check.d/80multilib-strict
+++ b/bin/install-qa-check.d/80multilib-strict
@@ -1,7 +1,7 @@
# Strict multilib directory checks
multilib_strict_check() {
if has multilib-strict ${FEATURES} && \
- [[ -x /usr/bin/file && -x /usr/bin/find ]] && \
+ type find &>/dev/null && type file &>/dev/null && \
[[ -n ${MULTILIB_STRICT_DIRS} && -n ${MULTILIB_STRICT_DENY} ]]
then
rm -f "${T}/multilib-strict.log"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: eb382e8b07e20ef7b9b8d287ca5c3946a5c3c0c5
Author: Fabian Groffen gentoo org>
AuthorDate: Tue Jul 26 18:41:41 2022 +
Commit: Fabian Groffen gentoo org>
CommitDate: Wed Jul 27 08:17:46 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=eb382e8b
bin/install-qa-check.d/80libraries: support Darwin/Mach-O objects
Check for dylib on Darwin, so on everything else.
Signed-off-by: Fabian Groffen gentoo.org>
bin/install-qa-check.d/80libraries | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/80libraries
b/bin/install-qa-check.d/80libraries
index 8dc35bb87..81c926982 100644
--- a/bin/install-qa-check.d/80libraries
+++ b/bin/install-qa-check.d/80libraries
@@ -140,7 +140,11 @@ lib_check() {
local abort="no"
local a s
for a in "${ED%/}"/usr/lib*/*.a ; do
- s=${a%.a}.so
+ if [[ ${CHOST} == *-darwin* ]] ; then
+ s=${a%.a}.dylib
+ else
+ s=${a%.a}.so
+ fi
if [[ ! -e ${s} ]] ; then
s=${s%usr/*}${s##*/usr/}
if [[ -e ${s} ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 54080c141fd2ee6fdb6827b95e5a21d72b0c82a1
Author: Fabian Groffen gentoo org>
AuthorDate: Tue Jul 26 18:49:25 2022 +
Commit: Fabian Groffen gentoo org>
CommitDate: Wed Jul 27 08:16:21 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=54080c14
bin/install-qa-check.d/90world-writable: include EPREFIX in reports
It is much less confusing and consistent to report full paths including
the leading EPREFIX.
Signed-off-by: Fabian Groffen gentoo.org>
bin/install-qa-check.d/90world-writable | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/90world-writable
b/bin/install-qa-check.d/90world-writable
index 820683bd6..c69c43444 100644
--- a/bin/install-qa-check.d/90world-writable
+++ b/bin/install-qa-check.d/90world-writable
@@ -2,7 +2,7 @@
world_writable_check() {
# Now we look for all world writable files.
- local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e
"s:^${ED}:/:")
+ local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e
"s:^${D}:/:")
local OLDIFS x prev_shopts=$-
OLDIFS=$IFS
@@ -19,7 +19,7 @@ world_writable_check() {
eqawarn
fi
- local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm
-4002 ')' | sed -e "s:^${ED}:/:")
+ local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm
-4002 ')' | sed -e "s:^${D}:/:")
if [[ -n ${unsafe_files} ]] ; then
eqawarn "QA Notice: Unsafe files detected (set*id and world
writable)"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 591e7e12009ce6599d2684dfde5eece236fdcdfb
Author: Sam James gentoo org>
AuthorDate: Sat May 7 05:56:02 2022 +
Commit: Sam James gentoo org>
CommitDate: Sun May 15 01:02:43 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=591e7e12
bin/install-qa-check.d/05prefix: egrep -> grep -E
Newer greps will warn on this.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/05prefix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/05prefix b/bin/install-qa-check.d/05prefix
index e1fc2bd99..c1a5606d8 100644
--- a/bin/install-qa-check.d/05prefix
+++ b/bin/install-qa-check.d/05prefix
@@ -20,7 +20,7 @@ install_qa_check_prefix() {
fi
if [[ -d ${D} ]] ; then
- INSTALLTOD=$(find ${D%/} | egrep -v "^${ED}" | sed -e
"s|^${D%/}||" | awk '{if (length($0) <= length("'"${EPREFIX}"'")) { if
(substr("'"${EPREFIX}"'", 1, length($0)) != $0) {print $0;} } else if
(substr($0, 1, length("'"${EPREFIX}"'")) != "'"${EPREFIX}"'") {print $0;} }')
+ INSTALLTOD=$(find ${D%/} | grep -E -v "^${ED}" | sed -e
"s|^${D%/}||" | awk '{if (length($0) <= length("'"${EPREFIX}"'")) { if
(substr("'"${EPREFIX}"'", 1, length($0)) != $0) {print $0;} } else if
(substr($0, 1, length("'"${EPREFIX}"'")) != "'"${EPREFIX}"'") {print $0;} }')
if [[ -n ${INSTALLTOD} ]] ; then
eqawarn "QA Notice: the following files are outside of
the prefix:"
eqawarn "${INSTALLTOD}"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e810fb4cf1af6b7fe7d00ea7b73e99e917d83fc0
Author: Sam James gentoo org>
AuthorDate: Sun May 15 01:01:42 2022 +
Commit: Sam James gentoo org>
CommitDate: Sun May 15 01:02:44 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e810fb4c
bin/install-qa-check.d/60pkgconfig: egrep -> grep -E
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 25143275f..d4ba42f5b 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -11,7 +11,7 @@ pkgconfig_check() {
local f
# Look for leaking LDFLAGS into pkg-config files
- f=$(egrep -zsH '^Libs.*-Wl,(-O[012]|--hash-style)' "${files[@]}")
+ f=$(grep -E -zsH '^Libs.*-Wl,(-O[012]|--hash-style)' "${files[@]}")
if [[ -n ${f} ]] ; then
eqawarn "QA Notice: pkg-config files with wrong LDFLAGS
detected:"
eqatag -v pkgconfig.bad-ldlags "${f//${D}}"
@@ -69,7 +69,7 @@ pkgconfig_check() {
fi
# In ${ED}/usr/lib, we shouldn't reference lib64
- if egrep -q "=(/usr)?/lib64" ${f} ; then
+ if grep -E -q "=(/usr)?/lib64" ${f} ; then
bad_libdir+=( "${f//${D}}" )
fi
elif [[ ${f} == *lib64/pkgconfig* ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 2c25a3a6e88f32d94c63ab38baa34f2d79a2699e
Author: Mike Gilbert gentoo org>
AuthorDate: Tue Apr 26 19:22:10 2022 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat May 7 17:11:20 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=2c25a3a6
install-qa-check.d/60pkgconfig: add QA_PKGCONFIG_VERSION
This allows ebuild maintainers to override the expected version in the
.pc file when it differs from ${PV}.
Signed-off-by: Mike Gilbert gentoo.org>
bin/install-qa-check.d/60pkgconfig | 43 +++---
1 file changed, 26 insertions(+), 17 deletions(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 58f533e83..25143275f 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -92,25 +92,34 @@ pkgconfig_check() {
# about, while avoiding any pathological cases e.g. multiple libraries
# with different versioning within one package.
# Example bugs: bug #833895, bug #833887.
- local all_bad=yes
- # Record the last bad file matched
- local bad_file
- for f in "${files[@]}" ; do
- if [[ ${PV} == $(pkg-config --modversion "${f}") ]] ; then
- all_bad=no
- break
- fi
- bad_file="${f//${D}}"
- done
+ # Default to PV if QA_PKGCONFIG_VERSION is unset.
+ if [[ -z ${QA_PKGCONFIG_VERSION+set} ]]; then
+ local QA_PKGCONFIG_VERSION=${PV}
+ fi
+
+ # Skip the check if QA_PKGCONFIG_VERSION is set to empty string.
+ if [[ -n ${QA_PKGCONFIG_VERSION} ]]; then
+ local all_bad=yes
+ # Record the last bad file matched
+ local bad_file
+ for f in "${files[@]}" ; do
+ if [[ ${QA_PKGCONFIG_VERSION} == $(pkg-config
--modversion "${f}") ]] ; then
+ all_bad=no
+ break
+ fi
- # Skip result reporting if *_p* because for both _pN and _preN, we
- # don't generally expect the versions to be exactly accurate, and
- # we want to avoid false positives.
- if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live
${PROPERTIES} ; then
- eqawarn "QA Notice: pkg-config files with mismatched Version
found!"
- eqawarn "At least ${bad_file}'s Version field does not match
${PV}"
- eqawarn "Please check all .pc files installed by this package."
+ bad_file="${f//${D}}"
+ done
+
+ # Skip result reporting if *_p* because for both _pN and _preN,
we
+ # don't generally expect the versions to be exactly accurate,
and
+ # we want to avoid false positives.
+ if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live
${PROPERTIES} ; then
+ eqawarn "QA Notice: pkg-config files with mismatched
Version found!"
+ eqawarn "At least ${bad_file}'s Version field does not
match ${PV}"
+ eqawarn "Please check all .pc files installed by this
package."
+ fi
fi
}
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 98750a24b8c8adcdb8e6a0e37456bb75925f71c4
Author: Sam James gentoo org>
AuthorDate: Tue Apr 19 21:33:03 2022 +
Commit: Sam James gentoo org>
CommitDate: Thu Apr 28 15:50:15 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=98750a24
install-qa-check.d/10ignored-flags: sync check with other examples (cosmetic)
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/10ignored-flags | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/10ignored-flags
b/bin/install-qa-check.d/10ignored-flags
index 7cd073578..0bda8eced 100644
--- a/bin/install-qa-check.d/10ignored-flags
+++ b/bin/install-qa-check.d/10ignored-flags
@@ -1,8 +1,9 @@
# QA checks for ignored *FLAGS.
ignored_flag_check() {
- type -P scanelf > /dev/null || return
- has binchecks ${PORTAGE_RESTRICT} && return
+ if ! type -P scanelf >/dev/null || has binchecks ${PORTAGE_RESTRICT};
then
+ return
+ fi
local qa_var="QA_FLAGS_IGNORED_${ARCH/-/_}"
eval "[[ -n \${!qa_var} ]] && QA_FLAGS_IGNORED=(\"\${${qa_var}[@]}\")"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 561e2d1f884c01d987e8bd812e01c1a29da7f082
Author: Sam James gentoo org>
AuthorDate: Thu Mar 3 21:16:55 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Apr 12 01:59:55 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=561e2d1f
install-qa-check.d/60pkgconfig: drop ${D} from output; don't repeat ${EPREFIX}
It's confusing when the ebuild has been merged to the system
and we should be consistent with other checks.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 13 -
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 4c6f01f03..e2d839ca1 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -42,9 +42,12 @@ pkgconfig_check() {
if [[ ${value} != "${EPREFIX}"* ]] ; then
eqawarn "QA Notice: pkg-config files
not respecting EPREFIX found"
- eqawarn "${f}'s key=${key} does not
respect EPREFIX:"
+ eqawarn "key=${key} does not respect
EPREFIX:"
eqawarn "${key}=${value}"
- eqatag -v pkgconfig.bad-paths "${f}"
+ eqatag -v pkgconfig.bad-paths
${key}="${value}" "${f//${D}}"
+
+ # Don't bother repeating for every
variable in the same file
+ break
fi
done
done
@@ -67,12 +70,12 @@ pkgconfig_check() {
fi
if egrep -q "/lib64" ${f} ; then
- bad_libdir+=( ${f} )
+ bad_libdir+=( "${f//${D}}" )
fi
elif [[ ${f} == *lib64/pkgconfig* ]] ; then
# We want to match /lib/, /lib/foo/, but not e.g.
/lib64 or /lib64/, or libfoo
if grep -qP '/lib\b' ${f} ; then
- bad_libdir+=( ${f} )
+ bad_libdir+=( "${f//${D}}" )
fi
fi
done
@@ -98,7 +101,7 @@ pkgconfig_check() {
break
fi
- bad_file=f
+ bad_file="${f//${D}}"
done
# Skip result reporting if *_p* because for both _pN and _preN, we
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e31acf622d632d093b01e51e03c1c3f98dbe3a1c
Author: Sam James gentoo org>
AuthorDate: Wed Mar 16 00:02:24 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Apr 12 01:59:56 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e31acf62
install-qa-check.d/60pkgconfig: change libdir regex
We don't want to watch /var/lib/, for example.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index e2d839ca1..58f533e83 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -62,19 +62,19 @@ pkgconfig_check() {
# e.g. https://bugs.gentoo.org/729642
local bad_libdir=()
for f in "${files[@]}" ; do
- # In ${ED}/usr/lib, we shouldn't reference lib64
if [[ ${f} == *lib/pkgconfig* ]] ; then
if [[ -d "${ED}"/usr/lib && -L "${ED}"/usr/lib ]] ; then
# (Don't bother if /usr/lib is a symlink to
/usr/lib64)
continue
fi
- if egrep -q "/lib64" ${f} ; then
+ # In ${ED}/usr/lib, we shouldn't reference lib64
+ if egrep -q "=(/usr)?/lib64" ${f} ; then
bad_libdir+=( "${f//${D}}" )
fi
elif [[ ${f} == *lib64/pkgconfig* ]] ; then
# We want to match /lib/, /lib/foo/, but not e.g.
/lib64 or /lib64/, or libfoo
- if grep -qP '/lib\b' ${f} ; then
+ if grep -qP '=(/usr)?/lib\b' ${f} ; then
bad_libdir+=( "${f//${D}}" )
fi
fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 7aa2e188d6732088ae2a2926cc465988e4f117f9
Author: Sam James gentoo org>
AuthorDate: Wed Feb 23 01:26:11 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Apr 12 01:59:54 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=7aa2e188
install-qa-check.d/60pkgconfig: check for mismatched version
We want to try catch cases where we're installing a pkg-config (.pc)
file with an obviously incorrect version (here, we're testing for
${PV} != any version in all of the installed .pc files) because:
1. it's bad;
2. it has a large blast radius (breaking consumers).
Bug: https://bugs.gentoo.org/833895
Bug: https://bugs.gentoo.org/833887
Bug: https://bugs.gentoo.org/833907
Bug: https://bugs.gentoo.org/833884
Bug: https://bugs.gentoo.org/833888
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 26 ++
1 file changed, 26 insertions(+)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index cb6660bcb..78c5b5a3c 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -78,6 +78,32 @@ pkgconfig_check() {
eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}"
fi
+ # Check for mismatched Version field vs ${PV}
+ # To be safe, let's make sure _all_ installed .pcs have a bad Version
+ # before warning, as this should catch the general cases we're worried
+ # about, while avoiding any pathological cases e.g. multiple libraries
+ # with different versioning within one package.
+ # Example bugs: bug #833895, bug #833887.
+ local all_bad=yes
+ # Record the last bad file matched
+ local bad_file
+ for f in "${files[@]}" ; do
+ if [[ ${PV} == $(pkg-config --modversion "${f}") ]] ; then
+ all_bad=no
+ break
+ fi
+
+ bad_file=f
+ done
+
+ # Skip result reporting if *_p* because for both _pN and _preN, we
+ # don't generally expect the versions to be exactly accurate, and
+ # we want to avoid false positives.
+ if [[ ${all_bad} == "yes" && ${PV} != *_p* ]] && ! has live
${PROPERTIES} ; then
+ eqawarn "QA Notice: pkg-config files with mismatched Version
found!"
+ eqawarn "At least ${bad_file}'s Version field does not match
${PV}"
+ eqawarn "Please check all .pc files installed by this package."
+ fi
}
pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 183dc3d778cf83102aa7ed8291979b71a287cf7e
Author: Sam James gentoo org>
AuthorDate: Thu Feb 24 22:43:47 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Apr 12 01:59:55 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=183dc3d7
install-qa-check.d/60pkgconfig: exit early if no pkg-config installed
But we still run the LDFLAGS check.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 5 +
1 file changed, 5 insertions(+)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 78c5b5a3c..4c6f01f03 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -17,6 +17,11 @@ pkgconfig_check() {
eqatag -v pkgconfig.bad-ldlags "${f//${D}}"
fi
+ # Bail out now so we can rely on pkgconfig in subsequent checks if we
want.
+ if ! type -P pkg-config >/dev/null ; then
+ return
+ fi
+
# Validate using pkgconfig
# Some less common implementations may not support this?
# seems like f.d.o, OpenBSD, and of course pkgconf do though.
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 0d74ce0945f0567d2c695fe4443a5c94046dfe09
Author: Sam James gentoo org>
AuthorDate: Thu Oct 28 00:37:15 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Apr 12 01:59:52 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=0d74ce09
install-qa-check.d/60pkgconfig: run pkg-config --validate on installed files
Similar to the XDG desktop file validation check.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 10 ++
1 file changed, 10 insertions(+)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 2cc9f7c59..9c4768a95 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -16,6 +16,16 @@ pkgconfig_check() {
eqawarn "QA Notice: pkg-config files with wrong LDFLAGS
detected:"
eqawarn "${f//${D}}"
fi
+
+ # Validate using pkgconfig
+ # Some less common implementations may not support this?
+ # seems like f.d.o, OpenBSD, and of course pkgconf do though.
+ # Need --maximum-traverse-depth=1 to avoid checking deps and giving
+ # unrelated warnings/errors.
+ if ! pkg-config --maximum-traverse-depth=1 --validate "${files[@]}" ;
then
+ eqawarn "QA Notice: pkg-config files which fail validation
found!"
+ eqawarn "Run 'pkg-config --validate ...' for more information"
+ fi
}
pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 6bce6ac4dc87872c112e9f5c5a847acb78ec3d26
Author: Sam James gentoo org>
AuthorDate: Thu Oct 28 00:37:41 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Apr 12 01:59:52 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6bce6ac4
install-qa-check.d/60pkgconfig: check if paths within .pc respect EPREFIX
Seen this problem a few times and it's easy to miss.
See: c90ab38e3577aae61fac2341b34ad593948de1cd in ::gentoo
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 17 +
1 file changed, 17 insertions(+)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 9c4768a95..9e09a1053 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -26,6 +26,23 @@ pkgconfig_check() {
eqawarn "QA Notice: pkg-config files which fail validation
found!"
eqawarn "Run 'pkg-config --validate ...' for more information"
fi
+
+ # Check for unexpected paths
+ # e.g.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c90ab38e3577aae61fac2341b34ad593948de1cd
+ if [[ -n ${EPREFIX} ]] ; then
+ for f in "${files[@]}" ; do
+ local key
+ for key in prefix exec_prefix libdir includedir ; do
+ local value=$(pkg-config --variable="${key}"
"${f}")
+
+ if [[ ${value} != "${EPREFIX}"* ]] ; then
+ eqawarn "QA Notice: pkg-config files
not respecting EPREFIX found"
+ eqawarn "${f}'s key=${key} does not
respect EPREFIX:"
+ eqawarn "${key}=${value}"
+ fi
+ done
+ done
+ fi
}
pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 0ac65ddf7cff60a64730ca7c123f492fb68217a4
Author: Sam James gentoo org>
AuthorDate: Thu Oct 28 00:38:43 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Apr 12 01:59:53 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=0ac65ddf
install-qa-check.d/60pkgconfig: check for not respecting libdir in pc files
It's not valid to reference lib64 when installing to /usr/lib where we
want 32-bit libraries.
We want to make sure that if we're installing a pkgconfig file for a 32-bit
variant (multilib), we make sure that the file references the right library:
it should have e.g. /usr/lib, not /usr/lib64, or consumers trying to use
the 32-bit library will try to link against a 64-bit library.
(We also cover the opposite case: /usr/lib64 pkgconfig files referencing
/usr/lib).
Bug: https://bugs.gentoo.org/729642
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 37 -
1 file changed, 36 insertions(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 9e09a1053..cb6660bcb 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -14,7 +14,7 @@ pkgconfig_check() {
f=$(egrep -zsH '^Libs.*-Wl,(-O[012]|--hash-style)' "${files[@]}")
if [[ -n ${f} ]] ; then
eqawarn "QA Notice: pkg-config files with wrong LDFLAGS
detected:"
- eqawarn "${f//${D}}"
+ eqatag -v pkgconfig.bad-ldlags "${f//${D}}"
fi
# Validate using pkgconfig
@@ -39,10 +39,45 @@ pkgconfig_check() {
eqawarn "QA Notice: pkg-config files
not respecting EPREFIX found"
eqawarn "${f}'s key=${key} does not
respect EPREFIX:"
eqawarn "${key}=${value}"
+ eqatag -v pkgconfig.bad-paths "${f}"
fi
done
done
fi
+
+ # TODO: Generalise for non-lib64 libdir? Not that this is very common
now
+ # that riscv chose a more standard layout.
+ #
+ # If we're installing to ${ED}/usr/lib/pkgconfig, let's make sure
+ # we're not referencing lib64.
+ #
+ # e.g. https://bugs.gentoo.org/729642
+ local bad_libdir=()
+ for f in "${files[@]}" ; do
+ # In ${ED}/usr/lib, we shouldn't reference lib64
+ if [[ ${f} == *lib/pkgconfig* ]] ; then
+ if [[ -d "${ED}"/usr/lib && -L "${ED}"/usr/lib ]] ; then
+ # (Don't bother if /usr/lib is a symlink to
/usr/lib64)
+ continue
+ fi
+
+ if egrep -q "/lib64" ${f} ; then
+ bad_libdir+=( ${f} )
+ fi
+ elif [[ ${f} == *lib64/pkgconfig* ]] ; then
+ # We want to match /lib/, /lib/foo/, but not e.g.
/lib64 or /lib64/, or libfoo
+ if grep -qP '/lib\b' ${f} ; then
+ bad_libdir+=( ${f} )
+ fi
+ fi
+ done
+
+ if [[ -n "${bad_libdir[@]}" ]] ; then
+ eqawarn "QA Notice: pkg-config files not respecting libdir
found"
+ eqawarn "(contains reference to either lib or lib64 in wrong
directory)"
+ eqatag -v pkgconfig.bad-libdir "${bad_libdir[@]}"
+ fi
+
}
pkgconfig_check
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: d872bb3b6e879d75445536b9b0fca4009822d433
Author: Sam James gentoo org>
AuthorDate: Thu Oct 28 00:36:29 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Apr 12 01:59:51 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=d872bb3b
install-qa-check.d/60pkgconfig: create list of .pc files early (refactoring)
This makes adding additional checks easier. We just bail out early
if there's no work to be done.
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/60pkgconfig | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/60pkgconfig
b/bin/install-qa-check.d/60pkgconfig
index 1b34c04db..2cc9f7c59 100644
--- a/bin/install-qa-check.d/60pkgconfig
+++ b/bin/install-qa-check.d/60pkgconfig
@@ -1,8 +1,17 @@
# Check for pkg-config file issues
pkgconfig_check() {
+ local files=()
+ # Make a list of .pc files and bail out if there aren't any
+ mapfile -d '' files < <(
+ find "${ED}"/usr/{lib*,share}/pkgconfig -maxdepth 1 -type f
-name '*.pc' -print0 2>/dev/null
+ )
+ [[ -z "${files[@]}" ]] && return
+
+ local f
+
# Look for leaking LDFLAGS into pkg-config files
- local f=$(egrep -sH '^Libs.*-Wl,(-O[012]|--hash-style)'
"${ED}"/usr/*/pkgconfig/*.pc)
+ f=$(egrep -zsH '^Libs.*-Wl,(-O[012]|--hash-style)' "${files[@]}")
if [[ -n ${f} ]] ; then
eqawarn "QA Notice: pkg-config files with wrong LDFLAGS
detected:"
eqawarn "${f//${D}}"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 8ded447a1d194ad0190a174f7bb330417685d861
Author: Sam James gentoo org>
AuthorDate: Sun Apr 10 16:51:02 2022 +
Commit: Sam James gentoo org>
CommitDate: Sun Apr 10 17:19:57 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=8ded447a
install-qa-check.d/20runtime-directories: warn on /var/tmp too
Bug: https://bugs.gentoo.org/493154
Bug: https://bugs.gentoo.org/837536
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/20runtime-directories | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/20runtime-directories
b/bin/install-qa-check.d/20runtime-directories
index 2e21d6d04..3dc52f425 100644
--- a/bin/install-qa-check.d/20runtime-directories
+++ b/bin/install-qa-check.d/20runtime-directories
@@ -1,10 +1,10 @@
# Check for directories that need to be created at runtime
runtime_dir_check() {
- # It's ok create these directories, but not to install into them.
#493154
+ # It's ok to create these directories, but not to install into them.
#493154
# TODO: We should add var/lib to this list.
local x f=
- for x in var/cache var/lock var/run run ; do
+ for x in var/cache var/lock var/run var/tmp run ; do
if [[ ! -L ${ED}/${x} && -d ${ED}/${x} ]] ; then
if [[ -z $(find "${ED}/${x}" -prune -empty) ]] ; then
f+=$(cd "${ED}"; find "${x}" -printf ' %p\n')
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 7b44116b4a669a49e51e5a495ab62a25229e18e4
Author: Sam James gentoo org>
AuthorDate: Sat Apr 2 04:10:31 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Apr 5 04:32:56 2022 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=7b44116b
bin/install-qa-check.d/95empty-dirs: update message for EAPI 8
Portage changed the default for >= EAPI 8 ("newer EAPIs" at the time, not
actually specific to 8) in bfda0d2bd4ba03a4e77f488ec3fd4f9c6c351662 to
enable FEATURES="strict-keepdir".
Signed-off-by: Sam James gentoo.org>
Closes: https://github.com/gentoo/portage/pull/802
Signed-off-by: Sam James gentoo.org>
bin/install-qa-check.d/95empty-dirs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/95empty-dirs
b/bin/install-qa-check.d/95empty-dirs
index 34a1daf21..b8612bdf1 100644
--- a/bin/install-qa-check.d/95empty-dirs
+++ b/bin/install-qa-check.d/95empty-dirs
@@ -33,7 +33,7 @@ find_empty_dirs() {
done
eqawarn
eqawarn "If those directories need to be preserved, please make
sure to create"
- eqawarn "or mark them for keeping using 'keepdir'. Future
versions of Portage"
+ eqawarn "or mark them for keeping using 'keepdir'. Portage for
>= EAPI 8 ebuilds"
eqawarn "will strip empty directories from installation image."
fi
}
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 5952ad42e44d15da4d3a73d43f6bcc3714bf9a4f
Author: Zac Medico gentoo org>
AuthorDate: Sun Nov 3 20:11:35 2019 +
Commit: Zac Medico gentoo org>
CommitDate: Sun Nov 3 20:11:50 2019 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=5952ad42
Revert "install-qa-check.d: handle libtool files and static libs from /"
This reverts commit a2506e4ebd47781eb81b7d13b0a1a376ed028c77.
Signed-off-by: Zac Medico gentoo.org>
bin/install-qa-check.d/80libraries | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/80libraries
b/bin/install-qa-check.d/80libraries
index 806605293..e59369bf6 100644
--- a/bin/install-qa-check.d/80libraries
+++ b/bin/install-qa-check.d/80libraries
@@ -139,7 +139,7 @@ lib_check() {
# https://bugs.gentoo.org/4411
local abort="no"
local a s
- for a in "${ED%/}"{/usr,}/lib*/*.a ; do
+ for a in "${ED%/}"/usr/lib*/*.a ; do
s=${a%.a}.so
if [[ ! -e ${s} ]] ; then
s=${s%usr/*}${s##*/usr/}
@@ -154,7 +154,7 @@ lib_check() {
# Verify that the libtool files don't contain bogus $D entries.
local abort=no gentoo_bug=no always_overflow=no
- for a in "${ED%/}"{/usr,}/lib*/*.la ; do
+ for a in "${ED%/}"/usr/lib*/*.la ; do
s=${a##*/}
if grep -qs "${ED}" "${a}" ; then
__vecho -ne '\n'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: ae2a76261fd7e519bfbb3b8c4b41aa511d039245
Author: Zac Medico gentoo org>
AuthorDate: Sun Nov 3 20:12:02 2019 +
Commit: Zac Medico gentoo org>
CommitDate: Sun Nov 3 20:14:42 2019 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ae2a7626
Revert "install-qa-check.d: remove check that bans libtool files and static
libs from /"
This reverts commit 498900e5e51460502d8271f409a4c614a021613b.
This change is still being discussed.
See:
https://archives.gentoo.org/gentoo-portage-dev/message/6e4cfbb0ef9c36dc6511d4f2003cc458
Bug: https://bugs.gentoo.org/699252
Signed-off-by: Zac Medico gentoo.org>
bin/install-qa-check.d/80libraries | 10 ++
1 file changed, 10 insertions(+)
diff --git a/bin/install-qa-check.d/80libraries
b/bin/install-qa-check.d/80libraries
index e59369bf6..d1d2c4fdd 100644
--- a/bin/install-qa-check.d/80libraries
+++ b/bin/install-qa-check.d/80libraries
@@ -152,6 +152,16 @@ lib_check() {
done
[[ ${abort} == "yes" ]] && die "add those ldscripts"
+ # Make sure people don't store libtool files or static libs in /lib
+ f=$(ls "${ED%/}"/lib*/*.{a,la} 2>/dev/null)
+ if [[ -n ${f} ]] ; then
+ __vecho -ne '\n'
+ eqawarn "QA Notice: Excessive files found in the / partition"
+ eqawarn "${f}"
+ __vecho -ne '\n'
+ die "static archives (*.a) and libtool library files (*.la)
belong in /usr/lib*, not /lib*"
+ fi
+
# Verify that the libtool files don't contain bogus $D entries.
local abort=no gentoo_bug=no always_overflow=no
for a in "${ED%/}"/usr/lib*/*.la ; do
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a2506e4ebd47781eb81b7d13b0a1a376ed028c77
Author: Zac Medico gentoo org>
AuthorDate: Sun Nov 3 19:59:06 2019 +
Commit: Zac Medico gentoo org>
CommitDate: Sun Nov 3 20:00:59 2019 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a2506e4e
install-qa-check.d: handle libtool files and static libs from /
Fixes: 498900e5e514 ("install-qa-check.d: remove check that bans libtool files
and static libs from /")
Bug: https://bugs.gentoo.org/699252
Signed-off-by: Zac Medico gentoo.org>
bin/install-qa-check.d/80libraries | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/80libraries
b/bin/install-qa-check.d/80libraries
index e59369bf6..806605293 100644
--- a/bin/install-qa-check.d/80libraries
+++ b/bin/install-qa-check.d/80libraries
@@ -139,7 +139,7 @@ lib_check() {
# https://bugs.gentoo.org/4411
local abort="no"
local a s
- for a in "${ED%/}"/usr/lib*/*.a ; do
+ for a in "${ED%/}"{/usr,}/lib*/*.a ; do
s=${a%.a}.so
if [[ ! -e ${s} ]] ; then
s=${s%usr/*}${s##*/usr/}
@@ -154,7 +154,7 @@ lib_check() {
# Verify that the libtool files don't contain bogus $D entries.
local abort=no gentoo_bug=no always_overflow=no
- for a in "${ED%/}"/usr/lib*/*.la ; do
+ for a in "${ED%/}"{/usr,}/lib*/*.la ; do
s=${a##*/}
if grep -qs "${ED}" "${a}" ; then
__vecho -ne '\n'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 498900e5e51460502d8271f409a4c614a021613b
Author: William Hubbs gentoo org>
AuthorDate: Sun Oct 27 17:40:07 2019 +
Commit: Zac Medico gentoo org>
CommitDate: Sun Nov 3 19:44:44 2019 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=498900e5
install-qa-check.d: remove check that bans libtool files and static libs from /
Most upstreams and build systems do not make this distinction, so this
causes unnecessary hacks in ebuilds.
Bug: https://bugs.gentoo.org/699252
Signed-off-by: William Hubbs gentoo.org>
Signed-off-by: Zac Medico gentoo.org>
bin/install-qa-check.d/80libraries | 10 --
1 file changed, 10 deletions(-)
diff --git a/bin/install-qa-check.d/80libraries
b/bin/install-qa-check.d/80libraries
index d1d2c4fdd..e59369bf6 100644
--- a/bin/install-qa-check.d/80libraries
+++ b/bin/install-qa-check.d/80libraries
@@ -152,16 +152,6 @@ lib_check() {
done
[[ ${abort} == "yes" ]] && die "add those ldscripts"
- # Make sure people don't store libtool files or static libs in /lib
- f=$(ls "${ED%/}"/lib*/*.{a,la} 2>/dev/null)
- if [[ -n ${f} ]] ; then
- __vecho -ne '\n'
- eqawarn "QA Notice: Excessive files found in the / partition"
- eqawarn "${f}"
- __vecho -ne '\n'
- die "static archives (*.a) and libtool library files (*.la)
belong in /usr/lib*, not /lib*"
- fi
-
# Verify that the libtool files don't contain bogus $D entries.
local abort=no gentoo_bug=no always_overflow=no
for a in "${ED%/}"/usr/lib*/*.la ; do
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e54bc64a3779d4546b70a7a82d677a18d3c37b67
Author: Arfrever Frehtes Taifersar Arahesis Apache Org>
AuthorDate: Fri May 10 01:20:14 2019 +
Commit: Zac Medico gentoo org>
CommitDate: Mon May 20 04:53:48 2019 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e54bc64a
install-qa-check.d/80libraries: fix false positive
Do not report libraries missing DT_NEEDED and not containing undefined
non-weak symbols.
Bug: https://bugs.gentoo.org/516016
Signed-off-by: Arfrever Frehtes Taifersar Arahesis Apache.Org>
Signed-off-by: Zac Medico gentoo.org>
bin/install-qa-check.d/80libraries | 21 +++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/80libraries
b/bin/install-qa-check.d/80libraries
index bbabc0eb9..d1d2c4fdd 100644
--- a/bin/install-qa-check.d/80libraries
+++ b/bin/install-qa-check.d/80libraries
@@ -1,7 +1,15 @@
# Check for issues with installed libraries
scanelf_lib_check() {
- local f x i j
+ local t v
+ for t in NM:nm ; do
+ v=${t%:*} # NM
+ t=${t#*:} # nm
+ eval ${v}=\"${!v:-${CHOST}-${t}}\"
+ type -P -- ${!v} >/dev/null || eval ${v}=${t}
+ done
+
+ local f x i j library libraries
# Check for shared libraries lacking SONAMEs
local qa_var="QA_SONAME_${ARCH/-/_}"
@@ -40,7 +48,16 @@ scanelf_lib_check() {
# Check for shared libraries lacking NEEDED entries
qa_var="QA_DT_NEEDED_${ARCH/-/_}"
eval "[[ -n \${!qa_var} ]] && QA_DT_NEEDED=(\"\${${qa_var}[@]}\")"
- f=$(scanelf -ByF '%n %p' "${ED%/}"/{,usr/}lib*/lib*.so* | awk '$2 == ""
{ print }' | sed -e "s:^[[:space:]]${ED%/}/:/:")
+ f=
+ libraries=$(scanelf -ByF '%n %p' "${ED%/}"/{,usr/}lib*/lib*.so* | awk
'$2 == "" { print }' | sed -e "s:^[[:space:]]::")
+ if [[ -n ${libraries} ]] ; then
+ while IFS= read -r library ; do
+ # Only shared libraries containing undefined non-weak
symbols actually need NEEDED entries.
+ if [[ -n $(${NM} -D "${library}" | grep -E "^ +U ") ]]
; then
+ f+="/${library#${ED%/}/}"$'\n'
+ fi
+ done <<< "${libraries}"
+ fi
if [[ -n ${f} ]] ; then
echo "${f}" > "${T}"/scanelf-missing-NEEDED.log
if [[ "${QA_STRICT_DT_NEEDED-unset}" == unset ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: bdde97ba14e85ea2ca6b128fddca710081334b55
Author: Arfrever Frehtes Taifersar Arahesis Apache Org>
AuthorDate: Mon May 20 01:32:25 2019 +
Commit: Zac Medico gentoo org>
CommitDate: Mon May 20 04:36:32 2019 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=bdde97ba
install-qa-check.d/10ignored-flags: fix false positive
Do not report not respecting LDFLAGS for *.o files with
__gentoo_check_ldflags__ symbol.
Bug: https://bugs.gentoo.org/686356
Signed-off-by: Arfrever Frehtes Taifersar Arahesis Apache.Org>
Signed-off-by: Zac Medico gentoo.org>
bin/install-qa-check.d/10ignored-flags | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/10ignored-flags
b/bin/install-qa-check.d/10ignored-flags
index 09bcb57fc..062f51325 100644
--- a/bin/install-qa-check.d/10ignored-flags
+++ b/bin/install-qa-check.d/10ignored-flags
@@ -66,7 +66,7 @@ ignored_flag_check() {
# Check for files built without respecting LDFLAGS
if [[ "${LDFLAGS}" == *,--defsym=__gentoo_check_ldflags__* ]] && \
! has binchecks ${RESTRICT} ; then
- f=$(LC_ALL=C comm -3 <(scanelf -qyRF '#k%p' -k .dynsym
"${ED%/}/" | LC_ALL=C sort) \
+ f=$(LC_ALL=C comm -2 -3 <(scanelf -qyRF '#k%p' -k .dynsym
"${ED%/}/" | LC_ALL=C sort) \
<(scanelf -qyRF '#s%p' -s __gentoo_check_ldflags__
"${ED%/}/" | LC_ALL=C sort))
if [[ -n ${f} ]] ; then
echo "${f}" > "${T}"/scanelf-ignored-LDFLAGS.log
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, man/, bin/
commit: bfda0d2bd4ba03a4e77f488ec3fd4f9c6c351662
Author: Zac Medico gentoo org>
AuthorDate: Sat Apr 27 18:11:11 2019 +
Commit: Zac Medico gentoo org>
CommitDate: Tue Apr 30 02:40:10 2019 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=bfda0d2b
Enable FEATURES=strict-keepdir behavior for new EAPIs
Suggested-by: Pacho Ramos gentoo.org>
Bug: https://bugs.gentoo.org/651678
Signed-off-by: Zac Medico gentoo.org>
bin/eapi.sh | 4
bin/install-qa-check.d/95empty-dirs | 4 +++-
man/make.conf.5 | 1 +
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/bin/eapi.sh b/bin/eapi.sh
index 455bc9b0d..4eafc1c87 100644
--- a/bin/eapi.sh
+++ b/bin/eapi.sh
@@ -247,3 +247,7 @@ ___eapi_bash_4_2() {
___eapi_has_ENV_UNSET() {
[[ ! ${1-${EAPI-0}} =~ ^(0|1|2|3|4|4-python|4-slot-abi|5|5-progress|6)$
]]
}
+
+___eapi_has_strict_keepdir() {
+ [[ ! ${1-${EAPI-0}} =~ ^(0|1|2|3|4|4-python|5|5-progress|6|7)$ ]]
+}
diff --git a/bin/install-qa-check.d/95empty-dirs
b/bin/install-qa-check.d/95empty-dirs
index 8599db395..34a1daf21 100644
--- a/bin/install-qa-check.d/95empty-dirs
+++ b/bin/install-qa-check.d/95empty-dirs
@@ -17,7 +17,9 @@ find_empty_dirs() {
local warn_dirs=()
local d striparg=
- [[ ${FEATURES} == *strict-keepdir* ]] && striparg=-delete
+ if ___eapi_has_strict_keepdir || [[ ${FEATURES} == *strict-keepdir* ]];
then
+ striparg=-delete
+ fi
while IFS= read -r -d $'\0' d; do
[[ ${d} == ${ED%/}/var/* ]] && warn_dirs+=( "${d}" )
diff --git a/man/make.conf.5 b/man/make.conf.5
index 0ad3e2f7d..4c9f00675 100644
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -649,6 +649,7 @@ dangerous (like missing or incorrect digests for ebuilds).
.B strict-keepdir
Have portage strictly require keepdir calls in ebuilds. Empty
directories installed without explicit keepdir will be removed.
+This feature is automatically enabled for \fBEAPI 8\fR and later.
.TP
.B stricter
Have portage react strongly to conditions that may conflict with system
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: dd605b1aa574fc035d3319d954be1ca0d2cdde19
Author: Zac Medico gentoo org>
AuthorDate: Sat Oct 6 01:11:02 2018 +
Commit: Zac Medico gentoo org>
CommitDate: Sat Oct 6 01:14:14 2018 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=dd605b1a
Revert "install-qa-checks.d: Add a check for Gentoo path policies (FHS-y)"
This reverts commit d5f97eaa464736a454c8ad410f4acd4fccdf2324.
Until this QA check has adjustable whitelist support, we can consider
it an unstable work in progress. Therefore, I'd like for the QA team
to move it gentoo/metadata/install-qa-check.d/08gentoo-paths until
it has matured. It's safe to commit it to the gentoo repository now,
and it will become active when portage's internal copy is removed.
Bug: https://bugs.gentoo.org/667604
Closes: https://bugs.gentoo.org/667378
Closes: https://github.com/gentoo/portage/pull/373
Signed-off-by: Zac Medico gentoo.org>
bin/install-qa-check.d/08gentoo-paths | 77 ---
1 file changed, 77 deletions(-)
diff --git a/bin/install-qa-check.d/08gentoo-paths
b/bin/install-qa-check.d/08gentoo-paths
deleted file mode 100644
index 3ee887df0..0
--- a/bin/install-qa-check.d/08gentoo-paths
+++ /dev/null
@@ -1,77 +0,0 @@
-# Check whether ebuilds are not installing new, non-Gentoo-ey paths.
-
-gentoo_path_check() {
- # allowed path definitions
- #
-
- # directories common to / and /usr
- local allowed_common_dirs=(
- bin lib lib32 lib64 libx32 sbin
- )
-
- # toplevel directories which can be installed to by ebuilds
- # /home is not included as no ebuilds should install files there
- local allowed_paths_toplevel=(
- "${allowed_common_dirs[@]}"
- boot dev etc opt srv usr var
- )
-
- # directories in /usr which can be installed to by ebuilds
- # /usr/games is not included as it is banned nowadays
- local allowed_paths_usr=(
- "${allowed_common_dirs[@]}"
- include libexec share src
- # toolchain stuff
- "${CHOST}" "${CTARGET}"
- )
-
-
- # the logic
- # -
- local bad_paths=()
- local x
-
- local shopt_save=$(shopt -p nullglob)
- shopt -s nullglob
-
- # 1. check for unexpected top-level directories
- local toplevel_dirs=( "${ED%/}"/* )
- for x in "${toplevel_dirs[@]##*/}"; do
- if ! has "${x}" "${allowed_paths_toplevel[@]}"; then
- bad_paths+=( "/${x}" )
- fi
- done
-
- # 2. check for unexpected /usr subdirectories
- local usr_dirs=( "${ED%/}"/usr/* )
- for x in "${usr_dirs[@]##*/}"; do
- if ! has "${x}" "${allowed_paths_usr[@]}"; then
- bad_paths+=( "/usr/${x}" )
- fi
- done
-
- # 3. check for unexpected /usr/share/doc subdirectories
- local doc_dirs=( "${ED%/}"/usr/share/doc/* )
- for x in "${doc_dirs[@]##*/}"; do
- if [[ ${x} != ${PF} ]]; then
- bad_paths+=( "/usr/share/doc/${x}" )
- fi
- done
-
- ${shopt_save}
-
- # report
- # --
- if [[ -n ${bad_paths[@]} ]]; then
- eqawarn "The ebuild is installing to one or more unexpected
paths:"
- eqawarn
- eqatag -v non-gentoo-paths "${bad_paths[@]}"
- eqawarn
- eqawarn "Please fix the ebuild to use correct FHS/Gentoo policy
paths."
- fi
-}
-
-gentoo_path_check
-: # guarantee successful exit
-
-# vim:ft=sh
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, bin/
commit: aecc59a5f2c05db09ee7e04a32875998adddf446
Author: Michał Górny gentoo org>
AuthorDate: Thu Sep 20 18:18:44 2018 +
Commit: Michał Górny gentoo org>
CommitDate: Thu Sep 20 18:48:37 2018 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=aecc59a5
Move parallel xargs wrapping to isolated-functions.sh
Move the parallel xargs support used in pngfix QA check
to isolated-functions.sh, to be reused in ecompress.
Signed-off-by: Michał Górny gentoo.org>
Reviewed-by: Zac Medico gentoo.org>
bin/helper-functions.sh | 9 +
bin/install-qa-check.d/60pngfix | 13 ++---
bin/isolated-functions.sh | 22 ++
3 files changed, 25 insertions(+), 19 deletions(-)
diff --git a/bin/helper-functions.sh b/bin/helper-functions.sh
index 9b6e201aa..2d359762a 100644
--- a/bin/helper-functions.sh
+++ b/bin/helper-functions.sh
@@ -10,13 +10,6 @@ source "${PORTAGE_BIN_PATH}"/isolated-functions.sh || exit 1
#
# API functions for doing parallel processing
#
-makeopts_jobs() {
- # Copied from eutils.eclass:makeopts_jobs()
- local jobs=$(echo " ${MAKEOPTS} " | \
- sed -r -n
's:.*[[:space:]](-j|--jobs[=[:space:]])[[:space:]]*([0-9]+).*:\2:p')
- echo ${jobs:-1}
-}
-
__multijob_init() {
# Setup a pipe for children to write their pids to when they finish.
# We have to allocate two fd's because POSIX has undefined behavior
@@ -34,7 +27,7 @@ __multijob_init() {
rm -f "${pipe}"
# See how many children we can fork based on the user's settings.
- mj_max_jobs=$(makeopts_jobs "$@")
+ mj_max_jobs=$(___makeopts_jobs "$@")
mj_num_jobs=0
}
diff --git a/bin/install-qa-check.d/60pngfix b/bin/install-qa-check.d/60pngfix
index b69c55614..a2e23d1d3 100644
--- a/bin/install-qa-check.d/60pngfix
+++ b/bin/install-qa-check.d/60pngfix
@@ -1,16 +1,7 @@
# Check for issues with PNG files
-source "${PORTAGE_BIN_PATH}/helper-functions.sh" || exit 1
-
pngfix_check() {
- local chunksize=1 jobs pngfix=$(type -P pngfix) xargs=(${XARGS})
-
- if "${xargs[@]}" --help | grep -q -- --max-procs=; then
- jobs=$(makeopts_jobs)
- if [[ ${jobs} -gt 1 ]]; then
- xargs+=("--max-procs=${jobs}" -L "${chunksize}")
- fi
- fi
+ local pngfix=$(type -P pngfix)
if [[ -n ${pngfix} ]] ; then
local pngout=()
@@ -35,7 +26,7 @@ pngfix_check() {
fi
eqawarn " ${pngout[@]:7}: ${error}"
fi
- done < <(find "${ED}" -type f -name '*.png' -print0 |
"${xargs[@]}" -0 "${pngfix}")
+ done < <(find "${ED}" -type f -name '*.png' -print0 |
___parallel_xargs -0 "${pngfix}")
fi
}
diff --git a/bin/isolated-functions.sh b/bin/isolated-functions.sh
index cac42a4c5..39b0ad344 100644
--- a/bin/isolated-functions.sh
+++ b/bin/isolated-functions.sh
@@ -460,6 +460,28 @@ if [[ -z ${XARGS} ]] ; then
esac
fi
+___makeopts_jobs() {
+ # Copied from eutils.eclass:makeopts_jobs()
+ local jobs=$(echo " ${MAKEOPTS} " | \
+ sed -r -n
's:.*[[:space:]](-j|--jobs[=[:space:]])[[:space:]]*([0-9]+).*:\2:p')
+ echo ${jobs:-1}
+}
+
+# Run ${XARGS} in parallel for detected number of CPUs, if supported.
+# Passes all arguments to xargs, and returns its exit code
+___parallel_xargs() {
+ local chunksize=1 jobs xargs=( ${XARGS} )
+
+ if "${xargs[@]}" --help | grep -q -- --max-procs=; then
+ jobs=$(___makeopts_jobs)
+ if [[ ${jobs} -gt 1 ]]; then
+ xargs+=("--max-procs=${jobs}" -L "${chunksize}")
+ fi
+ fi
+
+ "${xargs[@]}" "${@}"
+}
+
hasq() {
has $EBUILD_PHASE prerm postrm || eqawarn \
"QA Notice: The 'hasq' function is deprecated (replaced by
'has')"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: d5f97eaa464736a454c8ad410f4acd4fccdf2324
Author: Michał Górny gentoo org>
AuthorDate: Tue Sep 4 06:54:23 2018 +
Commit: Michał Górny gentoo org>
CommitDate: Tue Sep 4 21:15:55 2018 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=d5f97eaa
install-qa-checks.d: Add a check for Gentoo path policies (FHS-y)
Add a check that verifies whether ebuilds don't install to paths
forbidden by the policy. This mostly aims to verbosely report bugs
such as missing dependencies causing empty install paths, resulting
in files ending up in / and bad upstreams. This should also help
detect the relatively common mistake of using /usr/share/doc/${P}
instead of ${PF}.
The initial list of allowed paths was based on what ebuilds installed
to my system.
bin/install-qa-check.d/08gentoo-paths | 77 +++
1 file changed, 77 insertions(+)
diff --git a/bin/install-qa-check.d/08gentoo-paths
b/bin/install-qa-check.d/08gentoo-paths
new file mode 100644
index 0..3ee887df0
--- /dev/null
+++ b/bin/install-qa-check.d/08gentoo-paths
@@ -0,0 +1,77 @@
+# Check whether ebuilds are not installing new, non-Gentoo-ey paths.
+
+gentoo_path_check() {
+ # allowed path definitions
+ #
+
+ # directories common to / and /usr
+ local allowed_common_dirs=(
+ bin lib lib32 lib64 libx32 sbin
+ )
+
+ # toplevel directories which can be installed to by ebuilds
+ # /home is not included as no ebuilds should install files there
+ local allowed_paths_toplevel=(
+ "${allowed_common_dirs[@]}"
+ boot dev etc opt srv usr var
+ )
+
+ # directories in /usr which can be installed to by ebuilds
+ # /usr/games is not included as it is banned nowadays
+ local allowed_paths_usr=(
+ "${allowed_common_dirs[@]}"
+ include libexec share src
+ # toolchain stuff
+ "${CHOST}" "${CTARGET}"
+ )
+
+
+ # the logic
+ # -
+ local bad_paths=()
+ local x
+
+ local shopt_save=$(shopt -p nullglob)
+ shopt -s nullglob
+
+ # 1. check for unexpected top-level directories
+ local toplevel_dirs=( "${ED%/}"/* )
+ for x in "${toplevel_dirs[@]##*/}"; do
+ if ! has "${x}" "${allowed_paths_toplevel[@]}"; then
+ bad_paths+=( "/${x}" )
+ fi
+ done
+
+ # 2. check for unexpected /usr subdirectories
+ local usr_dirs=( "${ED%/}"/usr/* )
+ for x in "${usr_dirs[@]##*/}"; do
+ if ! has "${x}" "${allowed_paths_usr[@]}"; then
+ bad_paths+=( "/usr/${x}" )
+ fi
+ done
+
+ # 3. check for unexpected /usr/share/doc subdirectories
+ local doc_dirs=( "${ED%/}"/usr/share/doc/* )
+ for x in "${doc_dirs[@]##*/}"; do
+ if [[ ${x} != ${PF} ]]; then
+ bad_paths+=( "/usr/share/doc/${x}" )
+ fi
+ done
+
+ ${shopt_save}
+
+ # report
+ # --
+ if [[ -n ${bad_paths[@]} ]]; then
+ eqawarn "The ebuild is installing to one or more unexpected
paths:"
+ eqawarn
+ eqatag -v non-gentoo-paths "${bad_paths[@]}"
+ eqawarn
+ eqawarn "Please fix the ebuild to use correct FHS/Gentoo policy
paths."
+ fi
+}
+
+gentoo_path_check
+: # guarantee successful exit
+
+# vim:ft=sh
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 04e71a831bc42f2a0de1694dd2013eac0414e007
Author: Michael Orlitzky gentoo org>
AuthorDate: Tue Aug 7 16:46:03 2018 +
Commit: Zac Medico gentoo org>
CommitDate: Tue Aug 7 18:39:26 2018 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=04e71a83
bin/install-qa-check.d: add new 90bad-bin-owner QA check.
System executables that are not owned by root pose a security
risk. The owner of the executable is free to modify it at any time;
so, for example, he can change a daemon's behavior to make it
malicious before the next time the service is started (usually by
root).
On a "normal" system, the superuser should own every system executable
(even setuid ones, for security reasons). This commit adds a new
install-time check that reports any such binaries with a QA
warning. To avoid false positives, non-"normal" systems (like prefix)
are skipped at the moment.
Bug: https://bugs.gentoo.org/629398
bin/install-qa-check.d/90bad-bin-owner | 48 ++
1 file changed, 48 insertions(+)
diff --git a/bin/install-qa-check.d/90bad-bin-owner
b/bin/install-qa-check.d/90bad-bin-owner
new file mode 100644
index 0..c3ee30746
--- /dev/null
+++ b/bin/install-qa-check.d/90bad-bin-owner
@@ -0,0 +1,48 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+bad_bin_owner_check() {
+ # Warn about globally-installed executables (in /bin, /usr/bin, /sbin,
+ # /usr/sbin, or /opt/bin) that are owned by a nonzero UID.
+
+ # This check doesn't work on non-root prefix installations at
+ # the moment, because every executable therein is owned by a
+ # nonzero UID.
+ [[ "${EUID}" -ne "0" || "${PORTAGE_INST_UID}" -ne "0" ]] && return
+
+ local d f found=()
+
+ for d in "${ED%/}/opt/bin" "${ED%/}/bin" "${ED%/}/usr/bin" \
+ "${ED%/}/sbin"
"${ED%/}/usr/sbin"; do
+ [[ -d "${d}" ]] || continue
+
+ # Read the results of the "find" command into the "found" bash
array.
+ #
+ # Use -L to catch symlinks whose targets are owned by a
non-root user,
+ # even though it won't catch ABSOLUTE symlinks until the package
+ # is RE-installed (the first time around, the target won't
exist).
+ #
+ # We do want to list non-superuser setuid executables, because
+ # they can be exploited. The owner can simply wipe the setuid
+ # bit, and then alter the contents of the file. The superuser
+ # will then have a time bomb in his $PATH.
+ while read -r -d '' f; do
+ found+=( "${f}" )
+ done < <(find -L "${d}" \
+ -maxdepth 1 \
+ -type f \
+ ! -uid 0 \
+ -print0)
+ done
+
+ if [[ ${found[@]} ]]; then
+ eqawarn "system executables owned by nonzero uid:"
+ for f in "${found[@]}"; do
+ # Strip off the leading destdir before outputting the
path.
+ eqawarn " ${f#${D%/}}"
+ done
+ fi
+}
+
+bad_bin_owner_check
+:
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 807ac3d9d6eecead73f59d399b30559e5c731587
Author: Michael Orlitzky gentoo org>
AuthorDate: Tue Aug 7 16:46:04 2018 +
Commit: Zac Medico gentoo org>
CommitDate: Tue Aug 7 18:39:26 2018 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=807ac3d9
bin/install-qa-check.d: add new 90bad-bin-group-write QA check.
System executables that are writable by a non-root user pose a
security risk. Anyone who can write to an executable can change its
behavior. If that executable is later run with elevated privileges
(say, by root, when the machine starts), then the non-root user can
escalate his own privileges to those of the person running the
modified executable.
The 90bad-bin-owner check already addresses one cause for a non-root
user to be able to modify an executable: because he owns it. This
commit adds another check, to ensure that no non-root *groups* have
write access to any system executables. On a "normal" system, all
system executables should be writable only by the super-user's group,
if any. To avoid false-positives, non-"normal" systems (like prefix)
are skipped.
Closes: https://bugs.gentoo.org/629398
bin/install-qa-check.d/90bad-bin-group-write | 55
1 file changed, 55 insertions(+)
diff --git a/bin/install-qa-check.d/90bad-bin-group-write
b/bin/install-qa-check.d/90bad-bin-group-write
new file mode 100644
index 0..786dde712
--- /dev/null
+++ b/bin/install-qa-check.d/90bad-bin-group-write
@@ -0,0 +1,55 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+bad_bin_group_write_check() {
+ # Warn about globally-installed executables (in /bin, /usr/bin, /sbin,
+ # /usr/sbin, or /opt/bin) that are group-writable by a nonzero GID.
+
+ # This check doesn't work on non-root prefix installations at
+ # the moment, because every executable therein is owned by a
+ # nonzero GID.
+ [[ "${EUID}" -ne "0" || "${PORTAGE_INST_UID}" -ne "0" ]] && return
+
+ local d f found=()
+
+ for d in "${ED%/}/opt/bin" "${ED%/}/bin" "${ED%/}/usr/bin" \
+ "${ED%/}/sbin"
"${ED%/}/usr/sbin"; do
+ [[ -d "${d}" ]] || continue
+
+ # Read the results of the "find" command into the "found" array.
+ #
+ # Use -L to catch symlinks whose targets are vulnerable,
+ # even though it won't catch ABSOLUTE symlinks until the package
+ # is RE-installed (the first time around, the target won't
exist).
+ #
+ # We match the GID and not the name "root" here because (for
+ # example) on FreeBSD, the superuser group is "wheel".
+ #
+ # We don't make an exception for setguid executables here,
because
+ # a group-writable setguid executable is likely a mistake. By
+ # altering the contents of the executable, a member of the group
+ # can allow everyone (i.e. the people running it) to obtain the
+ # full privileges available to that group. While only existing
+ # group members can make that choice, it's a decision usually
+ # limited to the system administrator.
+ while read -r -d '' f; do
+ found+=( "${f}" )
+ done < <(find -L "${d}" \
+ -maxdepth 1 \
+ -type f \
+ -perm /g+w\
+ ! -gid 0 \
+ -print0)
+ done
+
+ if [[ ${found[@]} ]]; then
+ eqawarn "system executables group-writable by nonzero gid:"
+ for f in "${found[@]}"; do
+ # Strip off the leading destdir before outputting the
path.
+ eqawarn " ${f#${D%/}}"
+ done
+ fi
+}
+
+bad_bin_group_write_check
+:
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 12aa832c91a6f2c2faee5a2e839b7f1ed5a0ee6e
Author: Francesco Turco fastmail fm>
AuthorDate: Sat Aug 4 18:47:40 2018 +
Commit: Zac Medico gentoo org>
CommitDate: Sat Aug 4 19:34:51 2018 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=12aa832c
install-qa-check.d: fix hardened g.o e-mail address
Closes: https://github.com/gentoo/portage/pull/350
bin/install-qa-check.d/10executable-issues | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/10executable-issues
b/bin/install-qa-check.d/10executable-issues
index 8a2c8e875..6b33d281d 100644
--- a/bin/install-qa-check.d/10executable-issues
+++ b/bin/install-qa-check.d/10executable-issues
@@ -128,7 +128,7 @@ elf_check() {
eqawarn
eqawarn " Please include the following list of files in your
report:"
eqawarn " Note: Bugs should be filed for the respective
maintainers"
- eqawarn " of the package in question and not hardened@g.o."
+ eqawarn " of the package in question and not
harde...@gentoo.org."
eqawarn "${f}"
__vecho -ne '\n'
die_msg="${die_msg} execstacks"
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 50283f1abb77f0785ab86d41ad70d76df4e399be
Author: Zac Medico gentoo org>
AuthorDate: Wed Jul 25 19:43:24 2018 +
Commit: Zac Medico gentoo org>
CommitDate: Sat Jul 28 06:31:56 2018 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=50283f1a
install-qa-check.d/60pngfix: parallel support (bug 630292)
If xargs supports the --max-procs option then use the makeopts_jobs
function from helper-functions.sh to generate a --max-procs argument.
Use xargs -L 1 to limit the number of png files per pngfix process,
in order to ensure that enough processes are spawned, since otherwise
xargs minimizes the number of processes spawned. A benchmark with
flightgear-data-2018.2.1 shows that larger values of -L only decrease
performance.
Bug: https://bugs.gentoo.org/630292
Reviewed-by: Lars Wendler gentoo.org>
Reviewed-by: Mike Gilbert gentoo.org>
bin/install-qa-check.d/60pngfix | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/60pngfix b/bin/install-qa-check.d/60pngfix
index 8d53040b6..b69c55614 100644
--- a/bin/install-qa-check.d/60pngfix
+++ b/bin/install-qa-check.d/60pngfix
@@ -1,7 +1,17 @@
# Check for issues with PNG files
+source "${PORTAGE_BIN_PATH}/helper-functions.sh" || exit 1
+
pngfix_check() {
- local pngfix=$(type -P pngfix)
+ local chunksize=1 jobs pngfix=$(type -P pngfix) xargs=(${XARGS})
+
+ if "${xargs[@]}" --help | grep -q -- --max-procs=; then
+ jobs=$(makeopts_jobs)
+ if [[ ${jobs} -gt 1 ]]; then
+ xargs+=("--max-procs=${jobs}" -L "${chunksize}")
+ fi
+ fi
+
if [[ -n ${pngfix} ]] ; then
local pngout=()
local next
@@ -25,7 +35,7 @@ pngfix_check() {
fi
eqawarn " ${pngout[@]:7}: ${error}"
fi
- done < <(find "${ED}" -type f -name '*.png' -exec "${pngfix}"
{} +)
+ done < <(find "${ED}" -type f -name '*.png' -print0 |
"${xargs[@]}" -0 "${pngfix}")
fi
}
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/, bin/
commit: ae6d6aa22d074c04cd9caefe1ca02bf615bfd86f
Author: Arfrever Frehtes Taifersar Arahesis Apache Org>
AuthorDate: Tue Apr 17 02:06:38 2018 +
Commit: Zac Medico gentoo org>
CommitDate: Tue Apr 17 02:11:19 2018 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=ae6d6aa2
estrip, install-qa-check.d/10ignored-flags: fix bug 653352
Update detection of ELF files to work with >=sys-apps/file-5.33.
Bug: https://bugs.gentoo.org/653352
bin/estrip | 3 ++-
bin/install-qa-check.d/10ignored-flags | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/bin/estrip b/bin/estrip
index 030d9e8bf..5709b862c 100755
--- a/bin/estrip
+++ b/bin/estrip
@@ -427,7 +427,8 @@ do
${STRIP} -g "${x}"
fi
fi
- elif [[ ${f} == *"SB executable"* || ${f} == *"SB shared object"* ]] ;
then
+ elif [[ ${f} == *"SB executable"* || ${f} == *"SB pie executable"* ||
+ ${f} == *"SB shared object"* ]] ; then
process_elf "${x}" "${inode_link}" ${PORTAGE_STRIP_FLAGS}
elif [[ ${f} == *"SB relocatable"* ]] ; then
process_elf "${x}" "${inode_link}" ${SAFE_STRIP_FLAGS}
diff --git a/bin/install-qa-check.d/10ignored-flags
b/bin/install-qa-check.d/10ignored-flags
index 28aec6787..dc160e182 100644
--- a/bin/install-qa-check.d/10ignored-flags
+++ b/bin/install-qa-check.d/10ignored-flags
@@ -32,7 +32,7 @@ ignored_flag_check() {
# similar to how prepstrip uses it.
f=$(file "${x}") || continue
[[ -z ${f} ]] && continue
- if [[ ${f} == *"SB executable"* ||
+ if [[ ${f} == *"SB executable"* || ${f} == *"SB pie
executable"* ||
${f} == *"SB shared object"* ]] ; then
echo "${x}" >> "${T}"/scanelf-ignored-CFLAGS.log
fi
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: a03d0f3d4b6aa58df7b6f9dd9d76c45128455ec1
Author: Michał Górny gentoo org>
AuthorDate: Thu Jan 25 09:07:36 2018 +
Commit: Michał Górny gentoo org>
CommitDate: Fri Jan 26 06:40:02 2018 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=a03d0f3d
install-qa-check.d: Scan build log for CMake unused var warnings
Scan build log and report verbosely CMake warnings about unused
variables. This is a quite common problem, yet currently it is hard
to notice it since the warning is mixed with src_configure() output.
Repeat it verbosely after the install.
This check outputs warnings such as:
* One or more CMake variables were not used by the project:
* CMAKE_USER_MAKE_RULES_OVERRIDE
Reviewed-by: Zac Medico gentoo.org>
bin/install-qa-check.d/90cmake-warnings | 28
1 file changed, 28 insertions(+)
diff --git a/bin/install-qa-check.d/90cmake-warnings
b/bin/install-qa-check.d/90cmake-warnings
new file mode 100644
index 0..a6e901efc
--- /dev/null
+++ b/bin/install-qa-check.d/90cmake-warnings
@@ -0,0 +1,28 @@
+# Check for CMake invalid option warnings
+
+cmake_warn_check() {
+ if [[ -n ${PORTAGE_LOG_FILE} && -r ${PORTAGE_LOG_FILE} ]] ; then
+ local cat=cat
+ [[ ${PORTAGE_LOG_FILE} == *.gz ]] && cat=zcat
+
+ local vars=()
+ while read -r l; do
+ vars+=( "${l}" )
+ done < <( "${cat}" "${PORTAGE_LOG_FILE}" \
+ | sed -n -e '/Manually-specified variables were not
used by the project/,/^--/{/^/p}' \
+ | LC_ALL=C sort -u)
+
+ if [[ ${vars} ]]; then
+ eqawarn "One or more CMake variables were not used by
the project:"
+ local v
+ for v in "${vars[@]}"; do
+ eqawarn " ${v}"
+ done
+ fi
+ fi
+}
+
+cmake_warn_check
+: # guarantee successful exit
+
+# vim:ft=sh
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 730a867c1050937c82c775d7678a616c7b9546e6
Author: Felix Janda posteo de>
AuthorDate: Mon Oct 16 03:51:37 2017 +
Commit: Zac Medico gentoo org>
CommitDate: Mon Oct 16 17:20:04 2017 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=730a867c
install-qa-check.d/10ignored-flags: fix LDFLAGS check (bug 455232)
Since binutils-2.23.51.0.9+ defaults to hash-style=gnu, use
a __gentoo_check_ldflags__ symbol instead. The check is now
enabled by adding "-Wl,--defsym=__gentoo_check_ldflags__=0"
to LDFLAGS. The symbol will be automatically removed when
the binary is stripped.
Bug: https://bugs.gentoo.org/455232
Acked-by: Brian Dolbec gentoo.org>
bin/install-qa-check.d/10ignored-flags | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/10ignored-flags
b/bin/install-qa-check.d/10ignored-flags
index 7aa9eb695..28aec6787 100644
--- a/bin/install-qa-check.d/10ignored-flags
+++ b/bin/install-qa-check.d/10ignored-flags
@@ -64,9 +64,10 @@ ignored_flag_check() {
fi
# Check for files built without respecting LDFLAGS
- if [[ "${LDFLAGS}" == *,--hash-style=gnu* ]] && \
+ if [[ "${LDFLAGS}" == *,--defsym=__gentoo_check_ldflags__* ]] && \
! has binchecks ${RESTRICT} ; then
- f=$(scanelf -qyRF '#k%p' -k .hash "${ED}")
+ f=$(LC_ALL=C comm -3 <(scanelf -qyRF '#k%p' -k .dynsym "${ED}"
| LC_ALL=C sort) \
+ <(scanelf -qyRF '#s%p' -s __gentoo_check_ldflags__
"${ED}" | LC_ALL=C sort))
if [[ -n ${f} ]] ; then
echo "${f}" > "${T}"/scanelf-ignored-LDFLAGS.log
if [ "${QA_STRICT_FLAGS_IGNORED-unset}" = unset ] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 864585bc32dc0ccad8f53aec03d378d37b385c21
Author: Zac Medico gentoo org>
AuthorDate: Tue Aug 1 05:04:29 2017 +
Commit: Zac Medico gentoo org>
CommitDate: Wed Aug 2 07:22:12 2017 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=864585bc
multilib-strict: disable recursion into subdirectories (bug 424423)
Disable recursion into subdirectories, in order to avoid false-positives.
The MULTILIB_STRICT_EXEMPT variable only served to filter false-positives
that were triggered by recursion, so it will no longer be needed.
X-Gentoo-bug: 424423
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=424423
Reviewed-by: Manuel Rüger gentoo.org>
bin/install-qa-check.d/80multilib-strict | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/bin/install-qa-check.d/80multilib-strict
b/bin/install-qa-check.d/80multilib-strict
index f944be9e6..afd223250 100644
--- a/bin/install-qa-check.d/80multilib-strict
+++ b/bin/install-qa-check.d/80multilib-strict
@@ -6,14 +6,13 @@ multilib_strict_check() {
then
rm -f "${T}/multilib-strict.log"
local abort=no dir file
- MULTILIB_STRICT_EXEMPT=$(echo ${MULTILIB_STRICT_EXEMPT} | sed
-e 's:\([(|)]\):\\\1:g')
for dir in ${MULTILIB_STRICT_DIRS} ; do
[[ -d ${ED}/${dir} ]] || continue
- for file in $(find ${ED}/${dir} -type f | grep -v
"^${ED}/${dir}/${MULTILIB_STRICT_EXEMPT}"); do
- if file ${file} | egrep -q
"${MULTILIB_STRICT_DENY}" ; then
+ while read -r -d '' file; do
+ if file "${file}" | grep -Eq
"${MULTILIB_STRICT_DENY}" ; then
echo "${file#${ED}//}" >>
"${T}/multilib-strict.log"
fi
- done
+ done < <(find "${ED}/${dir}" -maxdepth 1 -type f
-print0)
done
if [[ -s ${T}/multilib-strict.log ]] ; then
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: e7fb57859b18a1c5ef3fb22d71ac8a6bf74e5375
Author: Zac Medico gentoo org>
AuthorDate: Thu Jun 2 06:10:40 2016 +
Commit: Zac Medico gentoo org>
CommitDate: Thu Jun 2 06:10:40 2016 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=e7fb5785
install-qa-check.d/60openrc: validate bash for openrc-run shebangs
bin/install-qa-check.d/60openrc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/60openrc b/bin/install-qa-check.d/60openrc
index 28e3bbf..0ab27f6 100644
--- a/bin/install-qa-check.d/60openrc
+++ b/bin/install-qa-check.d/60openrc
@@ -11,7 +11,7 @@ openrc_check() {
[[ ! -e ${i} ]] && continue
if [[ ${d} == /etc/init.d && ${i} != *.sh ]] ; then
# skip non-shell-script for bug #451386
- [[ $(head -n1 "${i}") =~
^#!.*[[:space:]/](runscript|sh)$ ]] || continue
+ [[ $(head -n1 "${i}") =~
^#!.*[[:space:]/](openrc-run|runscript|sh)$ ]] || continue
if [[ $(head -n1 "${i}") == '#!/sbin/runscript'
]] ; then
eqawarn "QA Notice: #!/sbin/runscript
is deprecated, use #!/sbin/openrc-run instead:"
while read -r ;
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 6296c4363abf36276bc49a28cd4635437757aa6e
Author: Austin English gentoo org>
AuthorDate: Wed Jun 1 07:00:38 2016 +
Commit: Zac Medico gentoo org>
CommitDate: Thu Jun 2 01:38:21 2016 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=6296c436
install-qa-check.d/60openrc: make sure initscripts aren't using
#!/sbin/runscript
Signed-off-by: Zac Medico gentoo.org>
bin/install-qa-check.d/60openrc | 6 ++
1 file changed, 6 insertions(+)
diff --git a/bin/install-qa-check.d/60openrc b/bin/install-qa-check.d/60openrc
index 1e56b2f..28e3bbf 100644
--- a/bin/install-qa-check.d/60openrc
+++ b/bin/install-qa-check.d/60openrc
@@ -12,6 +12,12 @@ openrc_check() {
if [[ ${d} == /etc/init.d && ${i} != *.sh ]] ; then
# skip non-shell-script for bug #451386
[[ $(head -n1 "${i}") =~
^#!.*[[:space:]/](runscript|sh)$ ]] || continue
+ if [[ $(head -n1 "${i}") == '#!/sbin/runscript'
]] ; then
+ eqawarn "QA Notice: #!/sbin/runscript
is deprecated, use #!/sbin/openrc-run instead:"
+ while read -r ;
+ do eqawarn " ${REPLY}"
+ done <<< "${i//${ED}}"
+ fi
fi
bash -n "${i}" || die "The init.d file has syntax
errors: ${i}"
done
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 9266e8e8d5709b9046e085baf3521a9e7a744d5b
Author: Mike Frysinger gentoo org>
AuthorDate: Thu May 12 22:08:46 2016 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu May 12 22:08:46 2016 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=9266e8e8
qa-checks: executable-issues: improve logic & output
Use more robust shell styles for parsing strings/output, and change
the QA log output to include the actual failing rpaths. This helps
in debugging/tracking down problems.
X-Gentoo-Bug: 582524
X-Gentoo-Bug-URL: https://bugs.gentoo.org/582524
bin/install-qa-check.d/10executable-issues | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/bin/install-qa-check.d/10executable-issues
b/bin/install-qa-check.d/10executable-issues
index 066f150..b52cc93 100644
--- a/bin/install-qa-check.d/10executable-issues
+++ b/bin/install-qa-check.d/10executable-issues
@@ -22,26 +22,26 @@ elf_check() {
# that directory won't exist on the target system.
# 3) Null paths are banned because the loader will search $PWD when
# it finds null paths.
- local forbidden_dirs="${PORTAGE_BUILDDIR}"
- if [[ -n "${ROOT}" && "${ROOT}" != "/" ]]; then
- forbidden_dirs+=" ${ROOT}"
+ local forbidden_dirs=( "${PORTAGE_BUILDDIR}" )
+ if [[ "${ROOT:-/}" != "/" ]]; then
+ forbidden_dirs+=( "${ROOT}" )
fi
local dir l rpath_files=$(scanelf -F '%F:%r' -qBR "${ED}")
f=""
- for dir in ${forbidden_dirs}; do
- for l in $(echo "${rpath_files}" | grep -E ":${dir}|::|: "); do
- f+=" ${l%%:*}\n"
+ for dir in "${forbidden_dirs[@]}"; do
+ while read l; do
+ f+=" ${l/:/\nRPATH: }\n"
if ! has stricter ${FEATURES}; then
__vecho "Auto fixing rpaths for ${l%%:*}"
TMPDIR="${dir}" scanelf -BXr "${l%%:*}" -o
/dev/null
fi
- done
+ done < <(echo "${rpath_files}" | grep -F -e ":${dir}" -e "::"
-e ": ")
done
# Reject set*id binaries with $ORIGIN in RPATH #260331
x=$(
- find "${ED}" -type f \( -perm -u+s -o -perm -g+s \) -print0 | \
- xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN'
+ find "${ED}" -type f '(' -perm -u+s -o -perm -g+s ')' \
+ -exec scanelf -qyRF '%r %p' {} + | grep '$ORIGIN'
)
# Print QA notice.
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 04dd7923eedec4103c4ff52f382b5af68b4364b4
Author: Mike Frysinger gentoo org>
AuthorDate: Thu May 12 21:35:13 2016 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu May 12 21:35:13 2016 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=04dd7923
qa-checks: change "herd" to "maintainer"
bin/install-qa-check.d/10executable-issues | 2 +-
bin/install-qa-check.d/90gcc-warnings | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/bin/install-qa-check.d/10executable-issues
b/bin/install-qa-check.d/10executable-issues
index 10d3c71..066f150 100644
--- a/bin/install-qa-check.d/10executable-issues
+++ b/bin/install-qa-check.d/10executable-issues
@@ -49,7 +49,7 @@ elf_check() {
__vecho -ne '\n'
eqawarn "QA Notice: The following files contain insecure
RUNPATHs"
eqawarn " Please file a bug about this at
http://bugs.gentoo.org/;
- eqawarn " with the maintaining herd of the package."
+ eqawarn " with the maintainer of the package."
eqawarn "${f}${f:+${x:+\n}}${x}"
__vecho -ne '\n'
if [[ -n ${x} ]] || has stricter ${FEATURES} ; then
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index 43f9498..a160436 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -99,7 +99,7 @@ gcc_warn_check() {
eerror "${f}"
eerror
eerror " Please file a bug about this at
http://bugs.gentoo.org/;
- eerror " with the maintaining herd of the
package."
+ eerror " with the maintainer of the package."
eerror
else
__vecho -ne '\n'
@@ -137,7 +137,7 @@ gcc_warn_check() {
eerror "${f}"
eerror
eerror " Please file a bug about this at
http://bugs.gentoo.org/;
- eerror " with the maintaining herd of the
package."
+ eerror " with the maintainer of the package."
eerror
else
__vecho -ne '\n'
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 91e1dd94c1615bf97d5bc42dac4d64876919e768
Author: Mike Frysinger gentoo org>
AuthorDate: Wed May 11 17:53:40 2016 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed May 11 17:53:40 2016 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=91e1dd94
qa: gcc-warnings: force text mode w/grep
Newer versions of grep will flag non-ASCII output (e.g. UTF-8 encoded)
as binary when run in the C locale. Force it into text mode to avoid
that otherwise the QA warning is simply:
* QA Notice: Package triggers severe warnings which indicate that it
*may exhibit random runtime failures.
* Binary file /var/log/portage/net-fs:netatalk-3.1.8:20160511-173717.log
matches
bin/install-qa-check.d/90gcc-warnings | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index bd82cab..43f9498 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -81,8 +81,10 @@ gcc_warn_check() {
local grep_cmd=grep
[[ $PORTAGE_LOG_FILE = *.gz ]] && grep_cmd=zgrep
- # force C locale to work around slow unicode locales #160234
- f=$(LC_CTYPE=C LC_COLLATE=C "${grep_cmd}" -E "${joined_msgs}"
"${PORTAGE_LOG_FILE}" | uniq)
+ # Force C locale to work around slow multibyte locales. #160234
+ # Force text mode as newer grep will treat non-ASCII (e.g.
UTF-8) as
+ # binary when we run in the C locale.
+ f=$(LC_CTYPE=C LC_COLLATE=C "${grep_cmd}" -E -a
"${joined_msgs}" "${PORTAGE_LOG_FILE}" | uniq)
if [[ -n ${f} ]] ; then
abort="yes"
# for now, don't make this fatal (see bug #337031)
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 97c7b4f967e2b43984ad948ad0d77e84a1a55016
Author: Mike Frysinger gentoo org>
AuthorDate: Wed Nov 11 00:55:26 2015 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Nov 11 00:55:26 2015 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=97c7b4f9
checkbashisms: also flag echo -e/-n usage
Since we don't require echo support the -e or -n flag, and we know some
shells do not support them, make sure we flag them in our scripts too.
bin/install-qa-check.d/60openrc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/60openrc b/bin/install-qa-check.d/60openrc
index 9b7fc6d..1e56b2f 100644
--- a/bin/install-qa-check.d/60openrc
+++ b/bin/install-qa-check.d/60openrc
@@ -24,7 +24,7 @@ openrc_check() {
for i in "${ED}${d}"/* ; do
[[ -e ${i} ]] || continue
[[ -L ${i} ]] && continue
- f=$("${checkbashisms}" -f "${i}" 2>&1)
+ f=$("${checkbashisms}" -n -f "${i}" 2>&1)
[[ $? != 0 && -n ${f} ]] || continue
eqawarn "QA Notice: shell script appears to use
non-POSIX feature(s):"
while read -r ;
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: efa5c5e7b7a5ef7b4533dfe3bd6befc767b7b34a
Author: Mike Frysinger vapier AT chromium DOT org
AuthorDate: Tue May 26 03:42:27 2015 +
Commit: Mike Frysinger vapier AT gentoo DOT org
CommitDate: Tue May 26 03:46:31 2015 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=efa5c5e7
install-qa-check.d: tweak scanelf checks
Rather than have a function whose entire body is indented by a scanelf
existence check, do the check at the top and return early. This keeps
the indentation from getting too out of hand.
(Use `git log -p -1 -w` to see actual changed lines.)
bin/install-qa-check.d/10executable-issues | 248 +++--
bin/install-qa-check.d/80libraries | 130 +++
2 files changed, 193 insertions(+), 185 deletions(-)
diff --git a/bin/install-qa-check.d/10executable-issues
b/bin/install-qa-check.d/10executable-issues
index 5c80660..10d3c71 100644
--- a/bin/install-qa-check.d/10executable-issues
+++ b/bin/install-qa-check.d/10executable-issues
@@ -2,141 +2,143 @@
# text relocations, executable stacks
elf_check() {
- if type -P scanelf /dev/null ! has binchecks ${RESTRICT}; then
- local insecure_rpath=0 tmp_quiet=${PORTAGE_QUIET}
- local f x
+ if ! type -P scanelf /dev/null || has binchecks ${RESTRICT}; then
+ return
+ fi
- # display warnings when using stricter because we die afterwards
- if has stricter ${FEATURES} ; then
- local PORTAGE_QUIET
- fi
+ local insecure_rpath=0 tmp_quiet=${PORTAGE_QUIET}
+ local f x
- # Make sure we disallow insecure RUNPATH/RPATHs.
- # 1) References to PORTAGE_BUILDDIR are banned because it's a
- # security risk. We don't want to load files from a
- # temporary directory.
- # 2) If ROOT != /, references to ROOT are banned because
- # that directory won't exist on the target system.
- # 3) Null paths are banned because the loader will search
$PWD when
- # it finds null paths.
- local forbidden_dirs=${PORTAGE_BUILDDIR}
- if [[ -n ${ROOT} ${ROOT} != / ]]; then
- forbidden_dirs+= ${ROOT}
- fi
- local dir l rpath_files=$(scanelf -F '%F:%r' -qBR ${ED})
- f=
- for dir in ${forbidden_dirs}; do
- for l in $(echo ${rpath_files} | grep -E
:${dir}|::|: ); do
- f+= ${l%%:*}\n
- if ! has stricter ${FEATURES}; then
- __vecho Auto fixing rpaths for
${l%%:*}
- TMPDIR=${dir} scanelf -BXr ${l%%:*}
-o /dev/null
- fi
- done
+ # display warnings when using stricter because we die afterwards
+ if has stricter ${FEATURES} ; then
+ local PORTAGE_QUIET
+ fi
+
+ # Make sure we disallow insecure RUNPATH/RPATHs.
+ # 1) References to PORTAGE_BUILDDIR are banned because it's a
+ # security risk. We don't want to load files from a
+ # temporary directory.
+ # 2) If ROOT != /, references to ROOT are banned because
+ # that directory won't exist on the target system.
+ # 3) Null paths are banned because the loader will search $PWD when
+ # it finds null paths.
+ local forbidden_dirs=${PORTAGE_BUILDDIR}
+ if [[ -n ${ROOT} ${ROOT} != / ]]; then
+ forbidden_dirs+= ${ROOT}
+ fi
+ local dir l rpath_files=$(scanelf -F '%F:%r' -qBR ${ED})
+ f=
+ for dir in ${forbidden_dirs}; do
+ for l in $(echo ${rpath_files} | grep -E :${dir}|::|: ); do
+ f+= ${l%%:*}\n
+ if ! has stricter ${FEATURES}; then
+ __vecho Auto fixing rpaths for ${l%%:*}
+ TMPDIR=${dir} scanelf -BXr ${l%%:*} -o
/dev/null
+ fi
done
+ done
- # Reject set*id binaries with $ORIGIN in RPATH #260331
- x=$(
- find ${ED} -type f \( -perm -u+s -o -perm -g+s \)
-print0 | \
- xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN'
- )
+ # Reject set*id binaries with $ORIGIN in RPATH #260331
+ x=$(
+ find ${ED} -type f \( -perm -u+s -o -perm -g+s \) -print0 | \
+ xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN'
+ )
- # Print QA notice.
- if [[ -n ${f}${x} ]] ; then
- __vecho -ne '\n'
- eqawarn QA Notice: The following files contain
insecure RUNPATHs
-
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: aacade093c18940c34449f711576c86360056346
Author: Ryan Hill rhill AT gentoo DOT org
AuthorDate: Mon May 4 05:04:41 2015 +
Commit: Zac Medico zmedico AT gentoo DOT org
CommitDate: Mon May 4 05:07:23 2015 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=aacade09
gcc_warn_check: filter grep results with uniq (bug 548438)
X-Gentoo-Bug: 548438
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=548438
Acked-by: Brian Dolbec dolsen AT gentoo.org
bin/install-qa-check.d/90gcc-warnings | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/install-qa-check.d/90gcc-warnings
b/bin/install-qa-check.d/90gcc-warnings
index b18651e..bd82cab 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -82,7 +82,7 @@ gcc_warn_check() {
[[ $PORTAGE_LOG_FILE = *.gz ]] grep_cmd=zgrep
# force C locale to work around slow unicode locales #160234
- f=$(LC_CTYPE=C LC_COLLATE=C ${grep_cmd} -E ${joined_msgs}
${PORTAGE_LOG_FILE})
+ f=$(LC_CTYPE=C LC_COLLATE=C ${grep_cmd} -E ${joined_msgs}
${PORTAGE_LOG_FILE} | uniq)
if [[ -n ${f} ]] ; then
abort=yes
# for now, don't make this fatal (see bug #337031)
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 0946bbe9a216513679d74c682d9f82b4aacc93a9
Author: Michał Górny mgorny AT gentoo DOT org
AuthorDate: Mon Apr 20 05:36:02 2015 +
Commit: Michał Górny mgorny AT gentoo DOT org
CommitDate: Mon Apr 20 05:36:02 2015 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=0946bbe9
Update URLs in Hardened QA checks
bin/install-qa-check.d/10executable-issues | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/bin/install-qa-check.d/10executable-issues
b/bin/install-qa-check.d/10executable-issues
index f765749..5c80660 100644
--- a/bin/install-qa-check.d/10executable-issues
+++ b/bin/install-qa-check.d/10executable-issues
@@ -72,7 +72,10 @@ elf_check() {
eqawarn work at startup, waste system resources, and
may pose a security
eqawarn risk. On some architectures, the code may
not even function
eqawarn properly, if at all.
- eqawarn For more information, see
http://hardened.gentoo.org/pic-fix-guide.xml;
+ eqawarn For more information, see:
+ eqawarn
+ eqawarn
https://wiki.gentoo.org/wiki/Hardened/HOWTO_locate_and_fix_textrels;
+ eqawarn
eqawarn Please include the following list of files in
your report:
eqawarn ${f}
__vecho -ne '\n'
@@ -86,7 +89,7 @@ elf_check() {
*-linux-gnu*)
# Check for files with executable stacks, but only on
arches which
# are supported at the moment. Keep this list in sync
with
- # http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
(Arch Status)
+ #
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart#Arch_Status
case ${CTARGET:-${CHOST}} in
arm*|i?86*|ia64*|m68k*|s390*|sh*|x86_64*)
# Allow devs to mark things as
ignorable ... e.g. things
@@ -116,7 +119,10 @@ elf_check() {
eqawarn Files with such sections will not work
properly (or at all!) on some
eqawarn architectures/operating systems. A bug
should be filed at
eqawarn http://bugs.gentoo.org/ to make sure the
issue is fixed.
- eqawarn For more information, see
http://hardened.gentoo.org/gnu-stack.xml;
+ eqawarn For more information, see:
+ eqawarn
+ eqawarn
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart;
+ eqawarn
eqawarn Please include the following list of files in
your report:
eqawarn Note: Bugs should be filed for the respective
maintainers
eqawarn of the package in question and not
hardened@g.o.
[gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
commit: 64aae90b942edb4a51ac3eed13dbcbe3e20199fb
Author: Michael Palimaka kensington AT gentoo DOT org
AuthorDate: Fri Nov 21 16:50:40 2014 +
Commit: Brian Dolbec brian.dolbec AT gmail DOT com
CommitDate: Tue Dec 2 18:40:46 2014 +
URL:
http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=64aae90b
install-qa-check.d/90world-writable: fix usage of missing function
Fixes: 6dafdc28897682f7b8c77b7863b5713634974647
Subject: Remove __eqalog __eqawarnlog
Author: Michał Górny mgorny AT gentoo.org (Sun 02 Nov 2014 11:16:04 AM PST)
As per Zmedico:
This file also contains an invalid IFS=OLDIFS setting (which should
really be IFS=$OLDIFS).
---
bin/install-qa-check.d/90world-writable | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/bin/install-qa-check.d/90world-writable
b/bin/install-qa-check.d/90world-writable
index 2b435ac..820683b 100644
--- a/bin/install-qa-check.d/90world-writable
+++ b/bin/install-qa-check.d/90world-writable
@@ -23,13 +23,12 @@ world_writable_check() {
if [[ -n ${unsafe_files} ]] ; then
eqawarn QA Notice: Unsafe files detected (set*id and world
writable)
- for x in $unsafe_files ; do
- __eqawarnlog world-writable-setid $x
- done
+ eqatag -v world-writable-setid $unsafe_files
+
die Unsafe files found in \${D}. Portage will not install
them.
fi
- IFS=OLDIFS
+ IFS=$OLDIFS
[[ ${prev_shopts} == *f* ]] || set +f
}
