2007-01-21 21:28:51 +00:00
# BB Class inspired by ebuild.sh
#
# This class will test files after installation for certain
# security issues and other kind of issues.
#
# Checks we do:
# -Check the ownership and permissions
# -Check the RUNTIME path for the $TMPDIR
# -Check if .la files wrongly point to workdir
# -Check if .pc files wrongly point to workdir
2008-03-19 15:53:07 +00:00
# -Check if packages contains .debug directories or .so files
# where they should be in -dev or -dbg
2007-09-02 09:46:35 +00:00
# -Check if config.log contains traces to broken autoconf tests
2007-01-21 21:28:51 +00:00
#
# We need to have the scanelf utility as soon as
2008-03-19 15:53:07 +00:00
# possible and this is contained within the pax-utils-native.
# The package.bbclass can help us here.
2007-01-21 21:28:51 +00:00
#
inherit package
2007-11-14 09:36:55 +00:00
PACKAGE_DEPENDS += "pax-utils-native desktop-file-utils-native"
2007-01-21 21:28:51 +00:00
PACKAGEFUNCS += " do_package_qa "
2007-09-02 09:46:35 +00:00
#
# dictionary for elf headers
#
2008-03-19 15:53:07 +00:00
# feel free to add and correct.
2007-09-02 09:46:35 +00:00
#
# TARGET_OS TARGET_ARCH MACHINE, OSABI, ABIVERSION, Little Endian, 32bit?
def package_qa_get_machine_dict():
return {
"linux" : {
"arm" : (40, 97, 0, True, True),
"armeb": (40, 97, 0, False, True),
"powerpc": (20, 0, 0, False, True),
"i386": ( 3, 0, 0, True, True),
"i486": ( 3, 0, 0, True, True),
"i586": ( 3, 0, 0, True, True),
"i686": ( 3, 0, 0, True, True),
2007-10-19 10:29:34 +00:00
"x86_64": (62, 0, 0, True, False),
2007-09-02 09:46:35 +00:00
"ia64": (50, 0, 0, True, False),
"alpha": (36902, 0, 0, True, False),
"hppa": (15, 3, 0, False, True),
"m68k": ( 4, 0, 0, False, True),
"mips": ( 8, 0, 0, False, True),
"mipsel": ( 8, 0, 0, True, True),
"s390": (22, 0, 0, False, True),
"sh4": (42, 0, 0, True, True),
"sparc": ( 2, 0, 0, False, True),
},
"linux-uclibc" : {
"arm" : ( 40, 97, 0, True, True),
"armeb": ( 40, 97, 0, False, True),
"powerpc": ( 20, 0, 0, False, True),
2008-03-19 15:53:07 +00:00
"i386": ( 3, 0, 0, True, True),
"i486": ( 3, 0, 0, True, True),
"i586": ( 3, 0, 0, True, True),
"i686": ( 3, 0, 0, True, True),
2007-09-02 09:46:35 +00:00
"mipsel": ( 8, 0, 0, True, True),
2008-03-19 15:53:07 +00:00
"avr32": (6317, 0, 0, False, True),
2007-09-02 09:46:35 +00:00
},
"uclinux-uclibc" : {
"bfin": ( 106, 0, 0, True, True),
},
"linux-gnueabi" : {
"arm" : (40, 0, 0, True, True),
"armeb" : (40, 0, 0, False, True),
},
"linux-uclibcgnueabi" : {
"arm" : (40, 0, 0, True, True),
"armeb" : (40, 0, 0, False, True),
},
2008-03-19 15:53:07 +00:00
2007-09-02 09:46:35 +00:00
}
# factory for a class, embedded in a method
def package_qa_get_elf(path, bits32):
class ELFFile:
EI_NIDENT = 16
EI_CLASS = 4
EI_DATA = 5
EI_VERSION = 6
EI_OSABI = 7
EI_ABIVERSION = 8
# possible values for EI_CLASS
ELFCLASSNONE = 0
ELFCLASS32 = 1
ELFCLASS64 = 2
# possible value for EI_VERSION
EV_CURRENT = 1
# possible values for EI_DATA
ELFDATANONE = 0
ELFDATA2LSB = 1
ELFDATA2MSB = 2
2008-03-19 15:53:07 +00:00
def my_assert(self, expectation, result):
2007-09-02 09:46:35 +00:00
if not expectation == result:
2008-03-19 15:53:07 +00:00
#print "'%x','%x' %s" % (ord(expectation), ord(result), self.name)
2007-09-03 10:49:33 +00:00
raise Exception("This does not work as expected")
2007-09-02 09:46:35 +00:00
def __init__(self, name):
self.name = name
def open(self):
self.file = file(self.name, "r")
self.data = self.file.read(ELFFile.EI_NIDENT+4)
2008-03-19 15:53:07 +00:00
self.my_assert(len(self.data), ELFFile.EI_NIDENT+4)
self.my_assert(self.data[0], chr(0x7f) )
self.my_assert(self.data[1], 'E')
self.my_assert(self.data[2], 'L')
self.my_assert(self.data[3], 'F')
2007-09-02 09:46:35 +00:00
if bits32 :
2008-03-19 15:53:07 +00:00
self.my_assert(self.data[ELFFile.EI_CLASS], chr(ELFFile.ELFCLASS32))
2007-09-02 09:46:35 +00:00
else:
2008-03-19 15:53:07 +00:00
self.my_assert(self.data[ELFFile.EI_CLASS], chr(ELFFile.ELFCLASS64))
self.my_assert(self.data[ELFFile.EI_VERSION], chr(ELFFile.EV_CURRENT) )
2007-09-02 09:46:35 +00:00
self.sex = self.data[ELFFile.EI_DATA]
if self.sex == chr(ELFFile.ELFDATANONE):
2007-09-03 10:49:33 +00:00
raise Exception("self.sex == ELFDATANONE")
2007-09-02 09:46:35 +00:00
elif self.sex == chr(ELFFile.ELFDATA2LSB):
self.sex = "<"
elif self.sex == chr(ELFFile.ELFDATA2MSB):
self.sex = ">"
else:
2007-09-03 10:49:33 +00:00
raise Exception("Unknown self.sex")
2007-09-02 09:46:35 +00:00
def osAbi(self):
return ord(self.data[ELFFile.EI_OSABI])
def abiVersion(self):
return ord(self.data[ELFFile.EI_ABIVERSION])
def isLittleEndian(self):
return self.sex == "<"
def isBigEngian(self):
return self.sex == ">"
def machine(self):
"""
We know the sex stored in self.sex and we
know the position
"""
import struct
(a,) = struct.unpack(self.sex+"H", self.data[18:20])
return a
return ELFFile(path)
# Known Error classes
# 0 - non dev contains .so
# 1 - package contains a dangerous RPATH
# 2 - package depends on debug package
# 3 - non dbg contains .so
# 4 - wrong architecture
# 5 - .la contains installed=yes or reference to the workdir
# 6 - .pc contains reference to /usr/include or workdir
2008-03-19 15:53:07 +00:00
# 7 - the desktop file is not valid
# 8 - .la contains reference to the workdir
2007-09-02 09:46:35 +00:00
def package_qa_clean_path(path,d):
2008-03-19 15:53:07 +00:00
""" Remove the common prefix from the path. In this case it is the TMPDIR"""
2007-09-02 09:46:35 +00:00
return path.replace(bb.data.getVar('TMPDIR',d,True),"")
def package_qa_make_fatal_error(error_class, name, path,d):
"""
decide if an error is fatal
TODO: Load a whitelist of known errors
"""
2008-04-22 21:22:11 +00:00
return not error_class in [0, 5, 7, 8, 9]
2007-09-02 09:46:35 +00:00
def package_qa_write_error(error_class, name, path, d):
2008-03-19 15:53:07 +00:00
"""
Log the error
"""
2007-09-02 09:46:35 +00:00
ERROR_NAMES =[
"non dev contains .so",
"package contains RPATH",
"package depends on debug package",
"non dbg contains .debug",
"wrong architecture",
"evil hides inside the .la",
"evil hides inside the .pc",
2008-03-19 15:53:07 +00:00
"the desktop file is not valid",
".la contains reference to the workdir",
2008-04-22 21:22:11 +00:00
"package contains reference to tmpdir paths",
2007-09-02 09:46:35 +00:00
]
log_path = os.path.join( bb.data.getVar('T', d, True), "log.qa_package" )
f = file( log_path, "a+")
2008-03-19 15:53:07 +00:00
print >> f, "%s, %s, %s" % \
(ERROR_NAMES[error_class], name, package_qa_clean_path(path,d))
2007-09-02 09:46:35 +00:00
f.close()
2008-04-22 21:22:11 +00:00
logfile = bb.data.getVar('QA_LOGFILE', d, True)
if logfile:
p = bb.data.getVar('P', d, True)
f = file( logfile, "a+")
print >> f, "%s, %s, %s, %s" % \
(p, ERROR_NAMES[error_class], name, package_qa_clean_path(path,d))
f.close()
2008-03-19 15:53:07 +00:00
def package_qa_handle_error(error_class, error_msg, name, path, d):
2008-04-22 21:22:11 +00:00
fatal = package_qa_make_fatal_error(error_class, name, path, d)
if fatal:
bb.error("QA Issue: %s" % error_msg)
else:
# Use bb.warn here when it works
bb.note("QA Issue: %s" % error_msg)
2008-03-19 15:53:07 +00:00
package_qa_write_error(error_class, name, path, d)
2008-04-22 21:22:11 +00:00
return not fatal
2007-09-02 09:46:35 +00:00
2007-01-21 21:28:51 +00:00
def package_qa_check_rpath(file,name,d):
"""
Check for dangerous RPATHs
"""
2008-03-19 15:53:07 +00:00
sane = True
2007-01-21 21:28:51 +00:00
scanelf = os.path.join(bb.data.getVar('STAGING_BINDIR_NATIVE',d,True),'scanelf')
bad_dir = bb.data.getVar('TMPDIR', d, True) + "/work"
2007-09-02 09:46:35 +00:00
bad_dir_test = bb.data.getVar('TMPDIR', d, True)
2007-01-21 21:28:51 +00:00
if not os.path.exists(scanelf):
2007-09-02 09:46:35 +00:00
bb.fatal("Can not check RPATH, scanelf (part of pax-utils-native) not found")
2008-03-19 15:53:07 +00:00
2007-01-21 21:28:51 +00:00
if not bad_dir in bb.data.getVar('WORKDIR', d, True):
bb.fatal("This class assumed that WORKDIR is ${TMPDIR}/work... Not doing any check")
2007-09-02 09:46:35 +00:00
output = os.popen("%s -B -F%%r#F '%s'" % (scanelf,file))
txt = output.readline().split()
for line in txt:
if bad_dir in line:
2008-03-19 15:53:07 +00:00
error_msg = "package %s contains bad RPATH %s in file %s" % (name, line, file)
sane = package_qa_handle_error(1, error_msg, name, file, d)
return sane
2007-01-21 21:28:51 +00:00
def package_qa_check_devdbg(path, name,d):
"""
Check for debug remains inside the binary or
non dev packages containing
"""
2007-09-02 09:46:35 +00:00
sane = True
2007-01-21 21:28:51 +00:00
if not "-dev" in name:
2007-01-22 17:04:39 +00:00
if path[-3:] == ".so" and os.path.islink(path):
2008-03-19 15:53:07 +00:00
error_msg = "non -dev package contains symlink .so: %s path '%s'" % \
(name, package_qa_clean_path(path,d))
sane = package_qa_handle_error(0, error_msg, name, path, d)
2007-01-21 21:28:51 +00:00
if not "-dbg" in name:
if '.debug' in path:
2008-03-19 15:53:07 +00:00
error_msg = "non debug package contains .debug directory: %s path %s" % \
(name, package_qa_clean_path(path,d))
sane = package_qa_handle_error(3, error_msg, name, path, d)
2007-09-02 09:46:35 +00:00
return sane
2007-01-21 21:28:51 +00:00
def package_qa_check_perm(path,name,d):
"""
Check the permission of files
"""
2007-09-02 09:46:35 +00:00
sane = True
return sane
2007-01-21 21:28:51 +00:00
def package_qa_check_arch(path,name,d):
"""
Check if archs are compatible
"""
2008-03-19 15:53:07 +00:00
sane = True
2007-09-02 09:46:35 +00:00
target_os = bb.data.getVar('TARGET_OS', d, True)
target_arch = bb.data.getVar('TARGET_ARCH', d, True)
2008-03-19 15:53:07 +00:00
2007-09-02 09:46:35 +00:00
# FIXME: Cross package confuse this check, so just skip them
2009-12-14 11:56:01 +00:00
if bb.data.inherits_class('cross', d) or bb.data.inherits_class('nativesdk', d) or bb.data.inherits_class('cross-canadian', d):
2007-09-02 09:46:35 +00:00
return True
# avoid following links to /usr/bin (e.g. on udev builds)
# we will check the files pointed to anyway...
if os.path.islink(path):
return True
#if this will throw an exception, then fix the dict above
2008-03-19 15:53:07 +00:00
(machine, osabi, abiversion, littleendian, bits32) \
= package_qa_get_machine_dict()[target_os][target_arch]
2007-09-02 09:46:35 +00:00
elf = package_qa_get_elf(path, bits32)
try:
elf.open()
except:
return True
2008-03-19 15:53:07 +00:00
# Check the architecture and endiannes of the binary
2007-09-02 09:46:35 +00:00
if not machine == elf.machine():
2008-03-19 15:53:07 +00:00
error_msg = "Architecture did not match (%d to %d) on %s" % \
(machine, elf.machine(), package_qa_clean_path(path,d))
sane = package_qa_handle_error(4, error_msg, name, path, d)
2007-09-02 09:46:35 +00:00
elif not littleendian == elf.isLittleEndian():
2008-03-19 15:53:07 +00:00
error_msg = "Endiannes did not match (%d to %d) on %s" % \
(littleendian, elf.isLittleEndian(), package_qa_clean_path(path,d))
sane = package_qa_handle_error(4, error_msg, name, path, d)
2007-01-21 21:28:51 +00:00
2007-09-02 09:46:35 +00:00
return sane
2007-01-21 21:28:51 +00:00
2007-11-14 09:36:55 +00:00
def package_qa_check_desktop(path, name, d):
"""
Run all desktop files through desktop-file-validate.
"""
2008-03-19 15:53:07 +00:00
sane = True
2007-11-14 09:36:55 +00:00
if path.endswith(".desktop"):
2008-04-03 05:17:32 +00:00
desktop_file_validate = os.path.join(bb.data.getVar('STAGING_BINDIR_NATIVE',d,True),'desktop-file-validate')
output = os.popen("%s %s" % (desktop_file_validate, path))
2007-11-14 09:48:17 +00:00
# This only produces output on errors
for l in output:
2008-03-19 15:53:07 +00:00
sane = package_qa_handle_error(7, l.strip(), name, path, d)
return sane
2007-11-14 09:36:55 +00:00
2008-04-22 21:22:11 +00:00
def package_qa_check_buildpaths(path, name, d):
"""
Check for build paths inside target files and error if not found in the whitelist
"""
sane = True
# Ignore .debug files, not interesting
if path.find(".debug") != -1:
return True
# Ignore symlinks
if os.path.islink(path):
return True
tmpdir = bb.data.getVar('TMPDIR', d, True)
file_content = open(path).read()
if tmpdir in file_content:
error_msg = "File %s in package contained reference to tmpdir" % package_qa_clean_path(path,d)
sane = package_qa_handle_error(9, error_msg, name, path, d)
return sane
2007-01-21 21:28:51 +00:00
def package_qa_check_staged(path,d):
"""
Check staged la and pc files for sanity
-e.g. installed being false
2007-09-02 09:46:35 +00:00
As this is run after every stage we should be able
to find the one responsible for the errors easily even
if we look at every .pc and .la file
2007-01-21 21:28:51 +00:00
"""
2007-09-02 09:46:35 +00:00
sane = True
2008-03-19 15:53:07 +00:00
tmpdir = bb.data.getVar('TMPDIR', d, True)
workdir = os.path.join(tmpdir, "work")
2007-09-02 09:46:35 +00:00
2008-03-19 15:53:07 +00:00
installed = "installed=yes"
if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
pkgconfigcheck = workdir
2007-09-02 09:46:35 +00:00
else:
2008-03-19 15:53:07 +00:00
pkgconfigcheck = tmpdir
2007-09-02 09:46:35 +00:00
# find all .la and .pc files
# read the content
# and check for stuff that looks wrong
for root, dirs, files in os.walk(path):
for file in files:
path = os.path.join(root,file)
if file[-2:] == "la":
file_content = open(path).read()
2008-03-19 15:53:07 +00:00
# Don't check installed status for native/cross packages
if not bb.data.inherits_class("native", d) and not bb.data.inherits_class("cross", d):
if installed in file_content:
error_msg = "%s failed sanity test (installed) in path %s" % (file,root)
sane = package_qa_handle_error(5, error_msg, "staging", path, d)
2008-01-13 16:58:42 +00:00
if workdir in file_content:
2008-03-19 15:53:07 +00:00
error_msg = "%s failed sanity test (workdir) in path %s" % (file,root)
sane = package_qa_handle_error(8, error_msg, "staging", path, d)
2007-09-02 09:46:35 +00:00
elif file[-2:] == "pc":
file_content = open(path).read()
2008-03-19 15:53:07 +00:00
if pkgconfigcheck in file_content:
error_msg = "%s failed sanity test (tmpdir) in path %s" % (file,root)
sane = package_qa_handle_error(6, error_msg, "staging", path, d)
2007-09-02 09:46:35 +00:00
return sane
2007-01-21 21:28:51 +00:00
# Walk over all files in a directory and call func
def package_qa_walk(path, funcs, package,d):
2007-09-02 09:46:35 +00:00
sane = True
2007-01-21 21:28:51 +00:00
for root, dirs, files in os.walk(path):
for file in files:
path = os.path.join(root,file)
for func in funcs:
2007-09-02 09:46:35 +00:00
if not func(path, package,d):
sane = False
return sane
2007-01-21 21:28:51 +00:00
def package_qa_check_rdepends(pkg, workdir, d):
2007-09-02 09:46:35 +00:00
sane = True
2007-01-21 21:28:51 +00:00
if not "-dbg" in pkg and not "task-" in pkg and not "-image" in pkg:
# Copied from package_ipk.bbclass
# boiler plate to update the data
localdata = bb.data.createCopy(d)
root = "%s/install/%s" % (workdir, pkg)
bb.data.setVar('ROOT', '', localdata)
bb.data.setVar('ROOT_%s' % pkg, root, localdata)
2007-01-22 20:11:19 +00:00
pkgname = bb.data.getVar('PKG_%s' % pkg, localdata, True)
2007-01-21 21:28:51 +00:00
if not pkgname:
pkgname = pkg
bb.data.setVar('PKG', pkgname, localdata)
overrides = bb.data.getVar('OVERRIDES', localdata)
if not overrides:
raise bb.build.FuncFailed('OVERRIDES not defined')
overrides = bb.data.expand(overrides, localdata)
bb.data.setVar('OVERRIDES', overrides + ':' + pkg, localdata)
bb.data.update_data(localdata)
# Now check the RDEPENDS
2009-01-25 17:20:05 +00:00
rdepends = bb.utils.explode_deps(bb.data.getVar('RDEPENDS', localdata, True) or "")
2007-01-21 21:28:51 +00:00
# Now do the sanity check!!!
for rdepend in rdepends:
if "-dbg" in rdepend:
2008-03-19 15:53:07 +00:00
error_msg = "%s rdepends on %s" % (pkgname,rdepend)
sane = package_qa_handle_error(2, error_msg, pkgname, rdepend, d)
2007-09-02 09:46:35 +00:00
return sane
2007-01-21 21:28:51 +00:00
# The PACKAGE FUNC to scan each package
python do_package_qa () {
bb.note("DO PACKAGE QA")
workdir = bb.data.getVar('WORKDIR', d, True)
packages = bb.data.getVar('PACKAGES',d, True)
# no packages should be scanned
if not packages:
return
2008-03-19 15:53:07 +00:00
checks = [package_qa_check_rpath, package_qa_check_devdbg,
package_qa_check_perm, package_qa_check_arch,
2008-04-22 21:22:11 +00:00
package_qa_check_desktop, package_qa_check_buildpaths]
2007-09-02 09:46:35 +00:00
walk_sane = True
rdepends_sane = True
2007-01-21 21:28:51 +00:00
for package in packages.split():
2007-01-22 20:11:19 +00:00
if bb.data.getVar('INSANE_SKIP_' + package, d, True):
2007-01-22 19:41:29 +00:00
bb.note("Package: %s (skipped)" % package)
continue
2007-09-02 09:46:35 +00:00
bb.note("Checking Package: %s" % package)
2007-01-21 21:28:51 +00:00
path = "%s/install/%s" % (workdir, package)
2008-03-19 15:53:07 +00:00
if not package_qa_walk(path, checks, package, d):
2007-09-02 09:46:35 +00:00
walk_sane = False
if not package_qa_check_rdepends(package, workdir, d):
rdepends_sane = False
if not walk_sane or not rdepends_sane:
bb.fatal("QA run found fatal errors. Please consider fixing them.")
bb.note("DONE with PACKAGE QA")
2007-01-21 21:28:51 +00:00
}
# The Staging Func, to check all staging
2009-11-10 14:55:23 +00:00
addtask qa_staging after do_populate_sysroot before do_build
2007-01-21 21:28:51 +00:00
python do_qa_staging() {
2007-09-02 09:46:35 +00:00
bb.note("QA checking staging")
2007-01-21 21:28:51 +00:00
2007-09-02 09:46:35 +00:00
if not package_qa_check_staged(bb.data.getVar('STAGING_LIBDIR',d,True), d):
bb.fatal("QA staging was broken by the package built above")
}
2009-12-15 21:04:17 +00:00
# Check broken config.log files & for packages requiring Gettext which don't
# have it in DEPENDS
2007-09-02 09:46:35 +00:00
addtask qa_configure after do_configure before do_compile
python do_qa_configure() {
2009-12-19 12:29:14 +00:00
configs = []
bb.note("Checking autotools environment for common misconfiguration")
2007-09-02 09:46:35 +00:00
for root, dirs, files in os.walk(bb.data.getVar('WORKDIR', d, True)):
2008-03-19 15:53:07 +00:00
statement = "grep 'CROSS COMPILE Badness:' %s > /dev/null" % \
os.path.join(root,"config.log")
2007-09-02 09:46:35 +00:00
if "config.log" in files:
2008-03-19 15:53:07 +00:00
if os.system(statement) == 0:
bb.fatal("""This autoconf log indicates errors, it looked at host includes.
Rerun configure task after fixing this. The path was '%s'""" % root)
2009-12-19 12:29:14 +00:00
if "configure.ac" in files:
configs.append(os.path.join(root,"configure.ac"))
if "configure.in" in files:
configs.append(os.path.join(root, "configure.in"))
2009-12-22 17:17:55 +00:00
if "gettext" not in bb.data.getVar('P', d, True):
if bb.data.inherits_class('native', d) or bb.data.inherits_class('cross', d) or bb.data.inherits_class('crosssdk', d) or bb.data.inherits_class('nativesdk', d):
gt = "gettext-native"
2010-01-14 11:37:56 +00:00
elif bb.data.inherits_class('cross-canadian', d):
2010-01-14 11:25:42 +00:00
gt = "gettext-nativesdk"
2009-12-22 17:17:55 +00:00
else:
gt = "gettext"
deps = bb.utils.explode_deps(bb.data.getVar('DEPENDS', d, True) or "")
if gt not in deps:
for config in configs:
gnu = "grep \"^[[:space:]]*AM_GNU_GETTEXT\" %s >/dev/null" % config
if os.system(gnu) == 0:
2010-01-06 10:50:06 +00:00
bb.fatal("""Gettext required but not in DEPENDS for file %s.
Missing inherit gettext?""" % config)
2007-01-21 21:28:51 +00:00
}