rpathsync / conary-policy
Pluggable policies for conary (http://wiki.rpath.com/wiki/Conary)
Clone this repository (size: 325.2 KB): HTTPS / SSH
$ hg clone http://bitbucket.org/rpathsync/conary-policy/
| commit 288: | 4b678f7be2d5 |
| parent 287: | 090644927dcc |
| branch: | default |
WarnScriptSharedLibrary to find ld.so.conf modification in capsule scripts (CNP-185)
Michael K. Johnson
3 months ago
Changed (Δ1.8 KB):
raw changeset »
NEWS (3 lines added, 0 lines removed)
policy/libraries.py (61 lines added, 0 lines removed)
| … | … | @@ -2,6 +2,9 @@ Changes in @NEW@: |
2 |
2 |
o All destdir policies have been audited, and modified as necessary, |
3 |
3 |
to correctly handle capsules, in preparation for enabling destdir |
4 |
4 |
policies for capsules. (CNY-3320) |
5 |
o The new WarnScriptSharedLibrary policy looks at capsule scripts |
|
6 |
for possible instances of modifying the ld.so.conf, when used |
|
7 |
with Conary 2.1.2 or later. (CNP-185) |
|
5 |
8 |
|
6 |
9 |
Changes in 1.0.26: |
7 |
10 |
o When "file:" requirements are not not explicitly met by |
Up to file-list policy/libraries.py:
| … | … | @@ -102,6 +102,67 @@ class AutoSharedLibrary(policy.DestdirPo |
102 |
102 |
for path in self._iterSharedlibList(): |
103 |
103 |
self.recipe.SharedLibrary(subtrees = path) |
104 |
104 |
|
105 |
||
106 |
class WarnScriptSharedLibrary(policy.EnforcementPolicy): |
|
107 |
""" |
|
108 |
NAME |
|
109 |
==== |
|
110 |
||
111 |
B{C{r.WarnScriptSharedLibrary()}} - Warn about scripts which modify |
|
112 |
C{ld.so.conf}-related files |
|
113 |
||
114 |
SYNOPSIS |
|
115 |
======== |
|
116 |
||
117 |
C{r.WarnScriptSharedLibrary([I{filterexp}] I{exceptions=filterexp}])} |
|
118 |
||
119 |
DESCRIPTION |
|
120 |
=========== |
|
121 |
||
122 |
The C{r.WarnScriptSharedLibrary()} policy inspects capsule scripts |
|
123 |
for mentions of C{ld.so.conf} and raises an error if any mentions |
|
124 |
are found that are not explicitly allowed as exceptions. |
|
125 |
||
126 |
EXAMPLES |
|
127 |
======== |
|
128 |
||
129 |
C{r.WarnScriptSharedLibrary(exceptions='postin')} |
|
130 |
||
131 |
Do not warn about C{ld.so.conf} in any postin scripts. |
|
132 |
||
133 |
C{r.WarnScriptSharedLibrary(exceptions='foo-1.0-1.*/prein')} |
|
134 |
||
135 |
Do not warn about C{ld.so.conf} in any prein scripts for capsules |
|
136 |
with names starting with C{foo-1.0-1}. |
|
137 |
||
138 |
""" |
|
139 |
try: |
|
140 |
filetree = policy.CAPSULESCRIPTDIR |
|
141 |
enabled = True |
|
142 |
except AttributeError: |
|
143 |
# Work with conary 2.1.1 and earlier |
|
144 |
enabled = False |
|
145 |
||
146 |
invariantinclusions = [ |
|
147 |
# look only at files, not directories |
|
148 |
(r'.*', None, stat.S_IFDIR), |
|
149 |
] |
|
150 |
||
151 |
def test(self): |
|
152 |
return self.enabled |
|
153 |
||
154 |
def doFile(self, path): |
|
155 |
fullpath = self.rootdir + path |
|
156 |
relpath = path[1:] |
|
157 |
if 'ld.so.conf' in file(fullpath, 'r').read(): |
|
158 |
self.error('Capsule script %s mentions ld.so.conf\n' |
|
159 |
'Directories containing shared libraries:' |
|
160 |
" r.SharedLibrary(subtrees='/path/to/directory')\n" |
|
161 |
'After investigating this script:' |
|
162 |
" r.WarnScriptSharedLibrary(exceptions='%s')" |
|
163 |
%(fullpath, relpath)) |
|
164 |
||
165 |
||
105 |
166 |
class SharedLibrary(policy.PackagePolicy): |
106 |
167 |
""" |
107 |
168 |
NAME |