From e2db47eaae00ec33f8971db44b68645c5d3b9590 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 17 Aug 2021 11:36:49 +0100 Subject: gentoo resync : 17.08.2021 --- metadata/install-qa-check.d/60tmpfiles-paths | 64 ++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 metadata/install-qa-check.d/60tmpfiles-paths (limited to 'metadata/install-qa-check.d/60tmpfiles-paths') diff --git a/metadata/install-qa-check.d/60tmpfiles-paths b/metadata/install-qa-check.d/60tmpfiles-paths new file mode 100644 index 000000000000..aa666dfb7ce5 --- /dev/null +++ b/metadata/install-qa-check.d/60tmpfiles-paths @@ -0,0 +1,64 @@ +# Copyright 2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# QA check: ensure that packages installing tmpfiles configuration inherit the eclass +# Maintainer: Sam James +# Maintainer: Georgy Yakovlev + +# Implements two checks: +# 1) Installation to /etc/tmpfiles.d (which is a user-customization location); +# 2) Installation of any tmpfiles to /usr/lib/tmpfiles.d without inheriting the eclass +# (needed for tmpfiles_process in pkg_postinst); +# 3) Check for installation of tmpfiles without calling tmpfiles_process in +# pkg_postinst. +tmpfiles_check() { + # Check 1 + # Scan image for files in /etc/tmpfiles.d which is a forbidden location + # (We use this glob to avoid triggering on keepdir) + shopt -s nullglob + local files=( "${ED}"/etc/tmpfiles.d/*.conf ) + shopt -u nullglob + + if [[ ${#files[@]} -gt 0 ]]; then + eqawarn "QA Notice: files installed to /etc/tmpfiles.d found" + eqawarn "tmpfiles configuration files supplied by ebuilds must be installed to /usr/lib/tmpfiles.d" + fi + + # Check 2 + # We're now going to check for whether we install files to /usr/lib/tmpfiles.d without + # inheriting the eclass (weak catch for ebuilds not calling tmpfiles_process in pkg_postinst) + + # It's okay for some packages to do this because of circular dependencies and such + # See: https://archives.gentoo.org/gentoo-dev/message/0a96793036a4fdd9ac311a46950d7e7b + # TODO: Standardize some way of allowing ebuilds to opt-out of checks like this + local package=${CATEGORY}/${PN} + + if [[ ${package} == "sys-apps/systemd" || ${package} == "sys-libs/pam" ]] ; then + return + fi + + if [[ -d "${ED}"/usr/lib/tmpfiles.d/ ]] ; then + if ! has tmpfiles ${INHERITED} ; then + eqawarn "QA Notice: package is installing tmpfiles without inheriting tmpfiles.eclass!" + eqawarn "Packages must inherit tmpfiles.eclass then call tmpfiles_process in pkg_postinst." + return + fi + + # Check 3 + # Check whether we're installing tmpfiles without explicitly + # calling tmpfiles_process in pkg_postinst, but we have inherited + # the eclass. + # Small risk of false positives if called indirectly. + # See: https://archives.gentoo.org/gentoo-dev/message/7bdfdc9a7560fd07436defd0253af0b8 + local pkg_postinst_body="$(declare -fp pkg_postinst 2>&1)" + if [[ ! ${pkg_postinst_body} == *tmpfiles_process* ]] ; then + eqawarn "QA Notice: package is installing tmpfiles without calling" + eqawarn "tmpfiles_process in pkg_postinst phase" + fi + fi +} + +tmpfiles_check +: # guarantee successful exit + +# vim:ft=sh -- cgit v1.2.3