1 # BB Class inspired by ebuild.sh
3 # This class will test files after installation for certain
4 # security issues and other kind of issues.
7 # -Check the ownership and permissions
8 # -Check the RUNTIME path for the $TMPDIR
9 # -Check if .la files wrongly point to workdir
10 # -Check if .pc files wrongly point to workdir
11 # -Check if packages contains .debug directories or .so files where they should be in -dev or -dbg
16 # We need to have the scanelf utility as soon as
17 # possible and this is contained within the pax-utils-native
21 # We play a special package function
23 PACKAGE_DEPENDS += "pax-utils-native"
24 PACKAGEFUNCS += " do_package_qa "
26 def package_qa_check_rpath(file,name,d):
28 Check for dangerous RPATHs
31 scanelf = os.path.join(bb.data.getVar('STAGING_BINDIR',d,True),'scanelf')
32 bad_dir = bb.data.getVar('TMPDIR', d, True) + "/work"
33 if not os.path.exists(scanelf):
34 bb.note("Can not check RPATH scanelf not found")
35 if not bad_dir in bb.data.getVar('WORKDIR', d, True):
36 bb.error("This class assumed that WORKDIR is ${TMPDIR}/work... Not doing any check")
38 output = os.popen("%s -Byr %s" % (scanelf,file))
39 txt = output.readline().rsplit()
41 bb.error("QA Issue package %s contains bad RPATH %s in file %s" % (name, txt, file))
45 def package_qa_check_devdbg(path, name,d):
47 Check for debug remains inside the binary or
48 non dev packages containing
52 if not "-dev" in name:
53 if path[-3:] == ".so":
54 bb.error("QA Issue: non dev package contains .so: %s" % name)
56 if not "-dbg" in name:
58 bb.error("QA Issue: non debug package contains .debug directory: %s" % name)
60 def package_qa_check_perm(path,name,d):
62 Check the permission of files
66 def package_qa_check_arch(path,name,d):
68 Check if archs are compatible
72 def package_qa_check_pcla(path,name,d):
74 .pc and .la files should not point
77 def package_qa_check_staged(path,d):
79 Check staged la and pc files for sanity
80 -e.g. installed being false
84 # Walk over all files in a directory and call func
85 def package_qa_walk(path, funcs, package,d):
87 for root, dirs, files in os.walk(path):
89 path = os.path.join(root,file)
94 def package_qa_check_rdepends(pkg, workdir, d):
96 if not "-dbg" in pkg and not "task-" in pkg and not "-image" in pkg:
97 # Copied from package_ipk.bbclass
98 # boiler plate to update the data
99 localdata = bb.data.createCopy(d)
100 root = "%s/install/%s" % (workdir, pkg)
102 bb.data.setVar('ROOT', '', localdata)
103 bb.data.setVar('ROOT_%s' % pkg, root, localdata)
104 pkgname = bb.data.getVar('PKG_%s' % pkg, localdata, 1)
107 bb.data.setVar('PKG', pkgname, localdata)
109 overrides = bb.data.getVar('OVERRIDES', localdata)
111 raise bb.build.FuncFailed('OVERRIDES not defined')
112 overrides = bb.data.expand(overrides, localdata)
113 bb.data.setVar('OVERRIDES', overrides + ':' + pkg, localdata)
115 bb.data.update_data(localdata)
117 # Now check the RDEPENDS
118 rdepends = explode_deps(bb.data.getVar('RDEPENDS', localdata, True) or "")
121 # Now do the sanity check!!!
122 for rdepend in rdepends:
123 if "-dbg" in rdepend:
124 bb.error("QA issue, koen give us a better msg!!!")
126 # The PACKAGE FUNC to scan each package
127 python do_package_qa () {
128 bb.note("DO PACKAGE QA")
129 workdir = bb.data.getVar('WORKDIR', d, True)
130 packages = bb.data.getVar('PACKAGES',d, True)
132 # no packages should be scanned
136 for package in packages.split():
137 bb.note("Package: %s" % package)
138 path = "%s/install/%s" % (workdir, package)
139 package_qa_walk(path, [package_qa_check_rpath, package_qa_check_devdbg, package_qa_check_perm, package_qa_check_arch], package, d)
140 package_qa_check_rdepends(package, workdir, d)
145 # The Staging Func, to check all staging
146 addtask qa_staging after do_populate_staging before do_build
147 python do_qa_staging() {
150 package_qa_check_staged(bb.data.getVar('STAGING_DIR',d,True), d)