classes/insanity.bbclass: Check for possible insecure RPATH, make it work with the...

    The def methods are in a different scope that the PACKAGEFUNC and the
    result is only the packagefunc is able to use 'd' so we need to make
    this a parameter for the other methods.
    Use the installed scanelf to check for the RPATH of the files

diff --git a/classes/insane.bbclass b/classes/insane.bbclass
index c74601a..ead718d 100644 (file)
--- a/classes/insane.bbclass
+++ b/classes/insane.bbclass
@@ -22,17 +22,32 @@ inherit package
 PACKAGE_DEPENDS += "pax-utils-native"
 PACKAGEFUNCS += " do_package_qa "
 
-def package_qa_check_rpath(file,name):
+def package_qa_check_rpath(file,name,d):
     """
     Check for dangerous RPATHs
     """
+    import bb, os
+    scanelf = os.path.join(bb.data.getVar('STAGING_BINDIR',d,True),'scanelf')
+    bad_dir = bb.data.getVar('TMPDIR', d, True) + "/work"
+    if not os.path.exists(scanelf):
+        bb.note("Can not check RPATH scanelf not found")
+    if not bad_dir in bb.data.getVar('WORKDIR', d, True):
+        bb.error("This class assumed that WORKDIR is ${TMPDIR}/work... Not doing any check")
+
+    output = os.popen("%s -Byr %s" % (scanelf,file))
+    txt    = output.readline().rsplit()
+    if bad_dir in txt:
+        bb.error("QA Issue package %s contains bad RPATH %s in file %s" % (name, txt, file))
+
     pass
 
-def package_qa_check_devdbg(path, name):
+def package_qa_check_devdbg(path, name,d):
     """
     Check for debug remains inside the binary or
     non dev packages containing
     """
+
+    import bb
     if not "-dev" in name:
         if path[-3:] == ".so":
             bb.error("QA Issue: non dev package contains .so")
@@ -41,24 +56,24 @@ def package_qa_check_devdbg(path, name):
         if path[-4:] == ".dbg":
             bb.error("QA Issue: non debug package contains .dbg file")
 
-def package_qa_check_perm(path,name):
+def package_qa_check_perm(path,name,d):
     """
     Check the permission of files
     """
     pass
 
-def package_qa_check_arch(path,name):
+def package_qa_check_arch(path,name,d):
     """
     Check if archs are compatible
     """
     pass
 
-def package_qa_check_pcla(path,name):
+def package_qa_check_pcla(path,name,d):
     """
     .pc and .la files should not point
     """
 
-def package_qa_check_staged(path):
+def package_qa_check_staged(path,d):
     """
     Check staged la and pc files for sanity
       -e.g. installed being false
@@ -66,13 +81,13 @@ def package_qa_check_staged(path):
     pass
 
 # Walk over all files in a directory and call func
-def package_qa_walk(path, funcs, package):
+def package_qa_walk(path, funcs, package,d):
     import os
     for root, dirs, files in os.walk(path):
         for file in files:
             path = os.path.join(root,file)
             for func in funcs:
-                func(path, package)
+                func(path, package,d)
 
 
 # The PACKAGE FUNC to scan each package
@@ -88,7 +103,7 @@ python do_package_qa () {
     for package in packages.split():
         bb.note("Package: %s" % package)
         path = "%s/install/%s" % (workdir, package)
-        package_qa_walk(path, [package_qa_check_rpath, package_qa_check_devdbg, package_qa_check_perm, package_qa_check_arch], package)
+        package_qa_walk(path, [package_qa_check_rpath, package_qa_check_devdbg, package_qa_check_perm, package_qa_check_arch], package, d)
 }
 
 
@@ -97,5 +112,5 @@ addtask qa_staging after do_populate_staging before do_build
 python do_qa_staging() {
     bb.note("Staged!")
 
-    package_qa_check_staged(bb.data.getVar('STAGING_DIR',d,True))
+    package_qa_check_staged(bb.data.getVar('STAGING_DIR',d,True), d)
 }