portage-qa-ignores.patch

   1 Index: ebuild.sh
   2 ===================================================================
   3 --- ebuild.sh   (revision 2825)
   4 +++ ebuild.sh   (working copy)
   5 @@ -1095,7 +1095,7 @@
   6         done
   7
   8         if type -p scanelf > /dev/null ; then
   9 -               local insecure_rpath=0
  10 +               local qa_var insecure_rpath=0
  11
  12                 # Make sure we disallow insecure RUNPATH/RPATH's
  13                 # Don't want paths that point to the tree where the package was built
  14 @@ -1132,9 +1132,22 @@
  15                 fi
  16
  17                 # TEXTREL's are baaaaaaaad
  18 -               f=$(scanelf -qyRF '%t %p' "${D}")
  19 +               # Allow devs to mark things as ignorable ... e.g. things that are
  20 +               # binary-only and upstream isn't cooperating (nvidia-glx) ... we
  21 +               # allow ebuild authors to set QA_TEXTRELS_arch and QA_TEXTRELS ...
  22 +               # the former overrides the latter ... regexes allowed ! :)
  23 +               qa_var="QA_TEXTRELS_${ARCH}"
  24 +               [[ -n ${!qa_var} ]] && QA_TEXTRELS=${!qa_var}
  25 +               f=$(scanelf -qyRF '%t %p' "${D}" | grep -v ' usr/lib/debug/' | \
  26 +                       gawk '
  27 +                       BEGIN { split("'"${QA_TEXTRELS}"'", ignore); }
  28 +                       {       for (idx in ignore)
  29 +                                       if ($NF ~ "^"ignore[idx]"$")
  30 +                                       next;
  31 +                               print;
  32 +                       }')
  33                 if [[ -n ${f} ]] ; then
  34 -                       scanelf -qyRF '%T %p' "${WORKDIR}"/ &> "${T}"/scanelf-textrel.log
  35 +                       scanelf -qyRF '%T %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-textrel.log
  36                         echo -ne '\a\n'
  37                         echo "QA Notice: the following files contain runtime text relocations"
  38                         echo " Text relocations force the dynamic linker to perform extra"
  39 @@ -1158,15 +1171,30 @@
  40                         # http://hardened.gentoo.org/gnu-stack.xml (Arch Status)
  41                         case ${CTARGET:-${CHOST}} in
  42                                 i?86*|ia64*|m68k*|powerpc64*|s390*|x86_64*)
  43 -                                       f=$(scanelf -qyRF '%e %p' "${D}") ;;
  44 -                               *)
  45 -                                       f="" ;;
  46 +                                       # Allow devs to mark things as ignorable ... e.g. things
  47 +                                       # that are binary-only and upstream isn't cooperating ...
  48 +                                       # we allow ebuild authors to set QA_EXECSTACK_arch and
  49 +                                       # QA_EXECSTACK ... the former overrides the latter ...
  50 +                                       # regexes allowed ! :)
  51 +
  52 +                                       qa_var="QA_EXECSTACK_${ARCH}"
  53 +                                       [[ -n ${!qa_var} ]] && QA_EXECSTACK=${!qa_var}
  54 +                                       f=$(scanelf -qyRF '%e %p' "${D}" | grep -v ' usr/lib/debug/' | \
  55 +                                               gawk '
  56 +                                               BEGIN { split("'"${QA_EXECSTACK}"'", ignore); }
  57 +                                               {       for (idx in ignore)
  58 +                                                               if ($NF ~ "^"ignore[idx]"$")
  59 +                                                                       next;
  60 +                                                       print;
  61 +                                               }')
  62 +                                       ;;
  63 +                               *)      f="" ;;
  64                         esac
  65                         ;;
  66                 esac
  67                 if [[ -n ${f} ]] ; then
  68                         # One more pass to help devs track down the source
  69 -                       scanelf -qyRF '%e %p' "${WORKDIR}"/ &> "${T}"/scanelf-exec.log
  70 +                       scanelf -qyRF '%e %p' "${PORTAGE_BUILDDIR}"/ &> "${T}"/scanelf-execstack.log
  71                         echo -ne '\a\n'
  72                         echo "QA Notice: the following files contain executable stacks"
  73                         echo " Files with executable stacks will not work properly (or at all!)"
  74 @@ -1174,7 +1202,7 @@
  75                         echo " at http://bugs.gentoo.org/ to make sure the file is fixed."
  76                         echo " For more information, see http://hardened.gentoo.org/gnu-stack.xml"
  77                         echo " Please include this file in your report:"
  78 -                       echo " ${T}/scanelf-exec.log"
  79 +                       echo " ${T}/scanelf-execstack.log"
  80                         echo "${f}"
  81                         echo -ne '\a\n'
  82                         die_msg="${die_msg} execstacks"