2 ===================================================================
3 --- ebuild.sh (revision 2825)
4 +++ ebuild.sh (working copy)
8 if type -p scanelf > /dev/null ; then
9 - local insecure_rpath=0
10 + local qa_var insecure_rpath=0
12 # Make sure we disallow insecure RUNPATH/RPATH's
13 # Don't want paths that point to the tree where the package was built
14 @@ -1132,9 +1132,22 @@
17 # TEXTREL's are baaaaaaaad
18 - f=$(scanelf -qyRF '%t %p' "${D}")
19 + # Allow devs to mark things as ignorable ... e.g. things that are
20 + # binary-only and upstream isn't cooperating (nvidia-glx) ... we
21 + # allow ebuild authors to set QA_TEXTRELS_arch and QA_TEXTRELS ...
22 + # the former overrides the latter ... regexes allowed ! :)
23 + qa_var="QA_TEXTRELS_${ARCH}"
24 + [[ -n ${!qa_var} ]] && QA_TEXTRELS=${!qa_var}
25 + f=$(scanelf -qyRF '%t %p' "${D}" | grep -v ' usr/lib/debug/' | \
27 + BEGIN { split("'"${QA_TEXTRELS}"'", ignore); }
28 + { for (idx in ignore)
29 + if ($NF ~ "^"ignore[idx]"$")
33 if [[ -n ${f} ]] ; then
34 - scanelf -qyRF '%T %p' "${WORKDIR}"/ &> "${T}"/scanelf-textrel.log
35 + scanelf -qyRF '%T %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-textrel.log
37 echo "QA Notice: the following files contain runtime text relocations"
38 echo " Text relocations force the dynamic linker to perform extra"
39 @@ -1158,15 +1171,30 @@
40 # http://hardened.gentoo.org/gnu-stack.xml (Arch Status)
41 case ${CTARGET:-${CHOST}} in
42 i?86*|ia64*|m68k*|powerpc64*|s390*|x86_64*)
43 - f=$(scanelf -qyRF '%e %p' "${D}") ;;
46 + # Allow devs to mark things as ignorable ... e.g. things
47 + # that are binary-only and upstream isn't cooperating ...
48 + # we allow ebuild authors to set QA_EXECSTACK_arch and
49 + # QA_EXECSTACK ... the former overrides the latter ...
50 + # regexes allowed ! :)
52 + qa_var="QA_EXECSTACK_${ARCH}"
53 + [[ -n ${!qa_var} ]] && QA_EXECSTACK=${!qa_var}
54 + f=$(scanelf -qyRF '%e %p' "${D}" | grep -v ' usr/lib/debug/' | \
56 + BEGIN { split("'"${QA_EXECSTACK}"'", ignore); }
57 + { for (idx in ignore)
58 + if ($NF ~ "^"ignore[idx]"$")
67 if [[ -n ${f} ]] ; then
68 # One more pass to help devs track down the source
69 - scanelf -qyRF '%e %p' "${WORKDIR}"/ &> "${T}"/scanelf-exec.log
70 + scanelf -qyRF '%e %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-execstack.log
72 echo "QA Notice: the following files contain executable stacks"
73 echo " Files with executable stacks will not work properly (or at all!)"
75 echo " at http://bugs.gentoo.org/ to make sure the file is fixed."
76 echo " For more information, see http://hardened.gentoo.org/gnu-stack.xml"
77 echo " Please include this file in your report:"
78 - echo " ${T}/scanelf-exec.log"
79 + echo " ${T}/scanelf-execstack.log"
82 die_msg="${die_msg} execstacks"