initial import
[patches.git] / portage-qa-ignores.patch
CommitLineData
5e993f12 1Index: ebuild.sh
2===================================================================
3--- ebuild.sh (revision 2825)
4+++ ebuild.sh (working copy)
5@@ -1095,7 +1095,7 @@
6 done
7
8 if type -p scanelf > /dev/null ; then
9- local insecure_rpath=0
10+ local qa_var insecure_rpath=0
11
12 # Make sure we disallow insecure RUNPATH/RPATH's
13 # Don't want paths that point to the tree where the package was built
14@@ -1132,9 +1132,22 @@
15 fi
16
17 # TEXTREL's are baaaaaaaad
18- f=$(scanelf -qyRF '%t %p' "${D}")
19+ # Allow devs to mark things as ignorable ... e.g. things that are
20+ # binary-only and upstream isn't cooperating (nvidia-glx) ... we
21+ # allow ebuild authors to set QA_TEXTRELS_arch and QA_TEXTRELS ...
22+ # the former overrides the latter ... regexes allowed ! :)
23+ qa_var="QA_TEXTRELS_${ARCH}"
24+ [[ -n ${!qa_var} ]] && QA_TEXTRELS=${!qa_var}
25+ f=$(scanelf -qyRF '%t %p' "${D}" | grep -v ' usr/lib/debug/' | \
26+ gawk '
27+ BEGIN { split("'"${QA_TEXTRELS}"'", ignore); }
28+ { for (idx in ignore)
29+ if ($NF ~ "^"ignore[idx]"$")
30+ next;
31+ print;
32+ }')
33 if [[ -n ${f} ]] ; then
34- scanelf -qyRF '%T %p' "${WORKDIR}"/ &> "${T}"/scanelf-textrel.log
35+ scanelf -qyRF '%T %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-textrel.log
36 echo -ne '\a\n'
37 echo "QA Notice: the following files contain runtime text relocations"
38 echo " Text relocations force the dynamic linker to perform extra"
39@@ -1158,15 +1171,30 @@
40 # http://hardened.gentoo.org/gnu-stack.xml (Arch Status)
41 case ${CTARGET:-${CHOST}} in
42 i?86*|ia64*|m68k*|powerpc64*|s390*|x86_64*)
43- f=$(scanelf -qyRF '%e %p' "${D}") ;;
44- *)
45- f="" ;;
46+ # Allow devs to mark things as ignorable ... e.g. things
47+ # that are binary-only and upstream isn't cooperating ...
48+ # we allow ebuild authors to set QA_EXECSTACK_arch and
49+ # QA_EXECSTACK ... the former overrides the latter ...
50+ # regexes allowed ! :)
51+
52+ qa_var="QA_EXECSTACK_${ARCH}"
53+ [[ -n ${!qa_var} ]] && QA_EXECSTACK=${!qa_var}
54+ f=$(scanelf -qyRF '%e %p' "${D}" | grep -v ' usr/lib/debug/' | \
55+ gawk '
56+ BEGIN { split("'"${QA_EXECSTACK}"'", ignore); }
57+ { for (idx in ignore)
58+ if ($NF ~ "^"ignore[idx]"$")
59+ next;
60+ print;
61+ }')
62+ ;;
63+ *) f="" ;;
64 esac
65 ;;
66 esac
67 if [[ -n ${f} ]] ; then
68 # One more pass to help devs track down the source
69- scanelf -qyRF '%e %p' "${WORKDIR}"/ &> "${T}"/scanelf-exec.log
70+ scanelf -qyRF '%e %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-execstack.log
71 echo -ne '\a\n'
72 echo "QA Notice: the following files contain executable stacks"
73 echo " Files with executable stacks will not work properly (or at all!)"
74@@ -1174,7 +1202,7 @@
75 echo " at http://bugs.gentoo.org/ to make sure the file is fixed."
76 echo " For more information, see http://hardened.gentoo.org/gnu-stack.xml"
77 echo " Please include this file in your report:"
78- echo " ${T}/scanelf-exec.log"
79+ echo " ${T}/scanelf-execstack.log"
80 echo "${f}"
81 echo -ne '\a\n'
82 die_msg="${die_msg} execstacks"