userland.py revision 2541
45N/A#!/usr/bin/python
45N/A#
45N/A# CDDL HEADER START
45N/A#
45N/A# The contents of this file are subject to the terms of the
45N/A# Common Development and Distribution License (the "License").
45N/A# You may not use this file except in compliance with the License.
45N/A#
45N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
45N/A# or http://www.opensolaris.org/os/licensing.
45N/A# See the License for the specific language governing permissions
45N/A# and limitations under the License.
45N/A#
45N/A# When distributing Covered Code, include this CDDL HEADER in each
45N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
45N/A# If applicable, add the following below this CDDL HEADER, with the
45N/A# fields enclosed by brackets "[]" replaced with your own identifying
45N/A# information: Portions Copyright [yyyy] [name of copyright owner]
45N/A#
45N/A# CDDL HEADER END
45N/A#
45N/A
45N/A#
84N/A# Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
45N/A#
45N/A
45N/A# Some userland consolidation specific lint checks
45N/A
45N/Aimport pkg.lint.base as base
84N/Afrom pkg.lint.engine import lint_fmri_successor
45N/Aimport pkg.elf as elf
45N/Aimport re
45N/Aimport os.path
84N/Aimport subprocess
45N/A
45N/Aclass UserlandActionChecker(base.ActionChecker):
45N/A """An opensolaris.org-specific class to check actions."""
45N/A
45N/A name = "userland.action"
45N/A
45N/A def __init__(self, config):
45N/A self.description = _(
117N/A "checks Userland packages for common content errors")
117N/A path = os.getenv('PROTO_PATH')
117N/A if path != None:
117N/A self.proto_path = path.split()
117N/A else:
45N/A self.proto_path = None
99N/A solaris_ver = os.getenv('SOLARIS_VERSION')
45N/A #
45N/A # These lists are used to check if a 32/64-bit binary
45N/A # is in a proper 32/64-bit directory.
84N/A #
45N/A self.pathlist32 = [
45N/A "i86",
45N/A "sparcv7",
117N/A "32",
84N/A "i86pc-solaris-64int", # perl path
84N/A "sun4-solaris-64int", # perl path
84N/A "i386-solaris" + solaris_ver, # ruby path
84N/A "sparc-solaris" + solaris_ver # ruby path
84N/A ]
84N/A self.pathlist64 = [
84N/A "amd64",
84N/A "sparcv9",
84N/A "64",
84N/A "i86pc-solaris-64", # perl path
84N/A "sun4-solaris-64", # perl path
84N/A "amd64-solaris" + solaris_ver, # ruby path
84N/A "sparcv9-solaris" + solaris_ver # ruby path
84N/A ]
84N/A self.runpath_re = [
84N/A re.compile('^/lib(/.*)?$'),
84N/A re.compile('^/usr/'),
84N/A re.compile('^\$ORIGIN/')
84N/A ]
84N/A self.runpath_64_re = [
84N/A re.compile('^.*/64(/.*)?$'),
84N/A re.compile('^.*/amd64(/.*)?$'),
84N/A re.compile('^.*/sparcv9(/.*)?$'),
84N/A re.compile('^.*/i86pc-solaris-64(/.*)?$'), # perl path
45N/A re.compile('^.*/sun4-solaris-64(/.*)?$'), # perl path
84N/A re.compile('^.*/amd64-solaris2\.[0-9]+(/.*)?$'),
84N/A # ruby path
84N/A re.compile('^.*/sparcv9-solaris2\.[0-9]+(/.*)?$')
84N/A # ruby path
84N/A ]
84N/A self.initscript_re = re.compile("^etc/(rc.|init)\.d")
84N/A
84N/A self.lint_paths = {}
84N/A self.ref_paths = {}
84N/A
84N/A super(UserlandActionChecker, self).__init__(config)
84N/A
84N/A def startup(self, engine):
84N/A """Initialize the checker with a dictionary of paths, so that we
84N/A can do link resolution.
84N/A
84N/A This is copied from the core pkglint code, but should eventually
84N/A be made common.
84N/A """
84N/A
168N/A def seed_dict(mf, attr, dic, atype=None, verbose=False):
84N/A """Updates a dictionary of { attr: [(fmri, action), ..]}
168N/A where attr is the value of that attribute from
168N/A actions of a given type atype, in the given
168N/A manifest."""
168N/A
168N/A pkg_vars = mf.get_all_variants()
168N/A
84N/A if atype:
168N/A mfg = (a for a in mf.gen_actions_by_type(atype))
84N/A else:
84N/A mfg = (a for a in mf.gen_actions())
84N/A
84N/A for action in mfg:
45N/A if atype and action.name != atype:
45N/A continue
84N/A if attr not in action.attrs:
45N/A continue
45N/A
117N/A variants = action.get_variant_template()
117N/A variants.merge_unknown(pkg_vars)
117N/A action.attrs.update(variants)
84N/A
84N/A p = action.attrs[attr]
145N/A dic.setdefault(p, []).append((mf.fmri, action))
84N/A
84N/A # construct a set of FMRIs being presented for linting, and
84N/A # avoid seeding the reference dictionary with any for which
84N/A # we're delivering new packages.
84N/A lint_fmris = {}
84N/A for m in engine.gen_manifests(engine.lint_api_inst,
84N/A release=engine.release, pattern=engine.pattern):
145N/A lint_fmris.setdefault(m.fmri.get_name(), []).append(m.fmri)
145N/A for m in engine.lint_manifests:
145N/A lint_fmris.setdefault(m.fmri.get_name(), []).append(m.fmri)
145N/A
145N/A engine.logger.debug(
145N/A _("Seeding reference action path dictionaries."))
145N/A
145N/A for manifest in engine.gen_manifests(engine.ref_api_inst,
145N/A release=engine.release):
145N/A # Only put this manifest into the reference dictionary
145N/A # if it's not an older version of the same package.
84N/A if not any(
84N/A lint_fmri_successor(fmri, manifest.fmri)
117N/A for fmri
117N/A in lint_fmris.get(manifest.fmri.get_name(), [])
117N/A ):
117N/A seed_dict(manifest, "path", self.ref_paths)
117N/A
117N/A engine.logger.debug(
84N/A _("Seeding lint action path dictionaries."))
84N/A
84N/A # we provide a search pattern, to allow users to lint a
84N/A # subset of the packages in the lint_repository
84N/A for manifest in engine.gen_manifests(engine.lint_api_inst,
84N/A release=engine.release, pattern=engine.pattern):
84N/A seed_dict(manifest, "path", self.lint_paths)
84N/A
84N/A engine.logger.debug(
84N/A _("Seeding local action path dictionaries."))
84N/A
84N/A for manifest in engine.lint_manifests:
84N/A seed_dict(manifest, "path", self.lint_paths)
84N/A
84N/A self.__merge_dict(self.lint_paths, self.ref_paths,
84N/A ignore_pubs=engine.ignore_pubs)
84N/A
84N/A def __merge_dict(self, src, target, ignore_pubs=True):
84N/A """Merges the given src dictionary into the target
84N/A dictionary, giving us the target content as it would appear,
84N/A were the packages in src to get published to the
84N/A repositories that made up target.
84N/A
84N/A We need to only merge packages at the same or successive
84N/A version from the src dictionary into the target dictionary.
84N/A If the src dictionary contains a package with no version
84N/A information, it is assumed to be more recent than the same
84N/A package with no version in the target."""
84N/A
84N/A for p in src:
84N/A if p not in target:
84N/A target[p] = src[p]
84N/A continue
84N/A
84N/A def build_dic(arr):
84N/A """Builds a dictionary of fmri:action entries"""
84N/A dic = {}
84N/A for (pfmri, action) in arr:
84N/A if pfmri in dic:
84N/A dic[pfmri].append(action)
84N/A else:
84N/A dic[pfmri] = [action]
84N/A return dic
84N/A
84N/A src_dic = build_dic(src[p])
84N/A targ_dic = build_dic(target[p])
84N/A
84N/A for src_pfmri in src_dic:
84N/A # we want to remove entries deemed older than
84N/A # src_pfmri from targ_dic.
84N/A for targ_pfmri in targ_dic.copy():
45N/A sname = src_pfmri.get_name()
45N/A tname = targ_pfmri.get_name()
45N/A if lint_fmri_successor(src_pfmri,
45N/A targ_pfmri,
84N/A ignore_pubs=ignore_pubs):
84N/A targ_dic.pop(targ_pfmri)
84N/A targ_dic.update(src_dic)
84N/A l = []
45N/A for pfmri in targ_dic:
45N/A for action in targ_dic[pfmri]:
84N/A l.append((pfmri, action))
84N/A target[p] = l
45N/A
45N/A def __realpath(self, path, target):
45N/A """Combine path and target to get the real path."""
45N/A
45N/A result = os.path.dirname(path)
45N/A
45N/A for frag in target.split(os.sep):
45N/A if frag == '..':
45N/A result = os.path.dirname(result)
84N/A elif frag == '.':
84N/A pass
84N/A else:
84N/A result = os.path.join(result, frag)
84N/A
84N/A return result
84N/A
84N/A def __elf_aslr_check(self, path, engine):
84N/A result = None
84N/A
45N/A ei = elf.get_info(path)
45N/A type = ei.get("type");
84N/A if type != "exe":
84N/A return result
45N/A
84N/A # get the ASLR tag string for this binary
84N/A aslr_tag_process = subprocess.Popen(
45N/A "/usr/bin/elfedit -r -e 'dyn:sunw_aslr' "
84N/A + path, shell=True,
84N/A stdout=subprocess.PIPE, stderr=subprocess.PIPE)
# aslr_tag_string will get stdout; err will get stderr
aslr_tag_string, err = aslr_tag_process.communicate()
# No ASLR tag was found; everything must be tagged
if aslr_tag_process.returncode != 0:
engine.error(
_("'%s' is not tagged for aslr") % (path),
msgid="%s%s.5" % (self.name, "001"))
return result
# look for "ENABLE" anywhere in the string;
# warn about binaries which are not ASLR enabled
if re.search("ENABLE", aslr_tag_string) is not None:
return result
engine.warning(
_("'%s' does not have aslr enabled") % (path),
msgid="%s%s.6" % (self.name, "001"))
return result
def __elf_runpath_check(self, path, engine):
result = None
list = []
ed = elf.get_dynamic(path)
ei = elf.get_info(path)
bits = ei.get("bits")
for dir in ed.get("runpath", "").split(":"):
if dir == None or dir == '':
continue
match = False
for expr in self.runpath_re:
if expr.match(dir):
match = True
break
if match == False:
list.append(dir)
# Make sure RUNPATH matches against a packaged path.
# Don't check runpaths starting with $ORIGIN, which
# is specially handled by the linker.
elif not dir.startswith('$ORIGIN/'):
# Strip out leading and trailing '/' in the
# runpath, since the reference paths don't start
# with '/' and trailing '/' could cause mismatches.
# Check first if there is an exact match, then check
# if any reference path starts with this runpath
# plus a trailing slash, since it may still be a link
# to a directory that has no action because it uses
# the default attributes.
relative_dir = dir.strip('/')
if not relative_dir in self.ref_paths and \
not any(key.startswith(relative_dir + '/')
for key in self.ref_paths):
# If still no match, if the runpath contains
# an embedded symlink, emit a warning; it may or may
# not resolve to a legitimate path.
# E.g., for usr/openwin/lib, usr/openwin->X11 and
# usr/X11/lib are packaged, but usr/openwin/lib is not.
# Otherwise, runpath is bad; add it to list.
embedded_link = False
pdir = os.path.dirname(relative_dir)
while pdir != '':
if (pdir in self.ref_paths and
self.ref_paths[pdir][0][1].name == "link"):
embedded_link = True
engine.warning(
_("runpath '%s' in '%s' not found in reference paths but contains symlink at '%s'") % (dir, path, pdir),
msgid="%s%s.3" % (self.name, "001"))
break
pdir = os.path.dirname(pdir)
if not embedded_link:
list.append(dir)
if bits == 32:
for expr in self.runpath_64_re:
if expr.search(dir):
engine.warning(
_("64-bit runpath in 32-bit binary, '%s' includes '%s'") % (path, dir),
msgid="%s%s.3" % (self.name, "001"))
else:
match = False
for expr in self.runpath_64_re:
if expr.search(dir):
match = True
break
if match == False:
engine.warning(
_("32-bit runpath in 64-bit binary, '%s' includes '%s'") % (path, dir),
msgid="%s%s.3" % (self.name, "001"))
if len(list) > 0:
result = _("bad RUNPATH, '%%s' includes '%s'" %
":".join(list))
return result
def __elf_wrong_location_check(self, path, inspath):
result = None
ei = elf.get_info(path)
bits = ei.get("bits")
type = ei.get("type");
elems = os.path.dirname(inspath).split("/")
path64 = False
for p in self.pathlist64:
if (p in elems):
path64 = True
path32 = False
for p in self.pathlist32:
if (p in elems):
path32 = True
# ignore 64-bit executables in normal (non-32-bit-specific)
# locations, that's ok now.
if (type == "exe" and bits == 64 and path32 == False and path64 == False):
return result
if bits == 32 and path64:
result = _("32-bit object '%s' in 64-bit path")
elif bits == 64 and not path64:
result = _("64-bit object '%s' in 32-bit path")
return result
def file_action(self, action, manifest, engine, pkglint_id="001"):
"""Checks for existence in the proto area."""
if action.name not in ["file"]:
return
inspath=action.attrs["path"]
path = action.hash
if path == None or path == 'NOHASH':
path = inspath
# check for writable files without a preserve attribute
if "mode" in action.attrs:
mode = action.attrs["mode"]
if (int(mode, 8) & 0222) != 0 and "preserve" not in action.attrs:
engine.error(
_("%(path)s is writable (%(mode)s), but missing a preserve"
" attribute") % {"path": path, "mode": mode},
msgid="%s%s.0" % (self.name, pkglint_id))
elif "preserve" in action.attrs:
if "mode" in action.attrs:
mode = action.attrs["mode"]
if (int(mode, 8) & 0222) == 0:
engine.error(
_("%(path)s has a preserve action, but is not writable (%(mode)s)") % {"path": path, "mode": mode},
msgid="%s%s.4" % (self.name, pkglint_id))
else:
engine.error(
_("%(path)s has a preserve action, but no mode") % {"path": path, "mode": mode},
msgid="%s%s.3" % (self.name, pkglint_id))
# checks that require a physical file to look at
if self.proto_path is not None:
for directory in self.proto_path:
fullpath = directory + "/" + path
if os.path.exists(fullpath):
break
if not os.path.exists(fullpath):
engine.info(
_("%s missing from proto area, skipping"
" content checks") % path,
msgid="%s%s.1" % (self.name, pkglint_id))
elif elf.is_elf_object(fullpath):
# 32/64 bit in wrong place
result = self.__elf_wrong_location_check(fullpath, inspath)
if result != None:
engine.error(result % inspath,
msgid="%s%s.2" % (self.name, pkglint_id))
result = self.__elf_runpath_check(fullpath, engine)
if result != None:
engine.error(result % path,
msgid="%s%s.3" % (self.name, pkglint_id))
result = self.__elf_aslr_check(fullpath, engine)
file_action.pkglint_desc = _("Paths should exist in the proto area.")
def link_resolves(self, action, manifest, engine, pkglint_id="002"):
"""Checks for link resolution."""
if action.name not in ["link", "hardlink"]:
return
path = action.attrs["path"]
target = action.attrs["target"]
realtarget = self.__realpath(path, target)
# Check against the target image (ref_paths), since links might
# resolve outside the packages delivering a particular
# component.
# links to files should directly match a patch in the reference
# repo.
if self.ref_paths.get(realtarget, None):
return
# If it didn't match a path in the reference repo, it may still
# be a link to a directory that has no action because it uses
# the default attributes. Look for a path that starts with
# this value plus a trailing slash to be sure this it will be
# resolvable on a fully installed system.
realtarget += '/'
for key in self.ref_paths:
if key.startswith(realtarget):
return
engine.error(_("%s %s has unresolvable target '%s'") %
(action.name, path, target),
msgid="%s%s.0" % (self.name, pkglint_id))
link_resolves.pkglint_desc = _("links should resolve.")
def init_script(self, action, manifest, engine, pkglint_id="003"):
"""Checks for SVR4 startup scripts."""
if action.name not in ["file", "dir", "link", "hardlink"]:
return
path = action.attrs["path"]
if self.initscript_re.match(path):
engine.warning(
_("SVR4 startup '%s', deliver SMF"
" service instead") % path,
msgid="%s%s.0" % (self.name, pkglint_id))
init_script.pkglint_desc = _(
"SVR4 startup scripts should not be delivered.")
class UserlandManifestChecker(base.ManifestChecker):
"""An opensolaris.org-specific class to check manifests."""
name = "userland.manifest"
def __init__(self, config):
super(UserlandManifestChecker, self).__init__(config)
def component_check(self, manifest, engine, pkglint_id="001"):
manifest_paths = []
files = False
license = False
for action in manifest.gen_actions_by_type("file"):
files = True
break
if files == False:
return
for action in manifest.gen_actions_by_type("license"):
license = True
break
if license == False:
engine.error( _("missing license action"),
msgid="%s%s.0" % (self.name, pkglint_id))
if 'org.opensolaris.arc-caseid' not in manifest:
engine.error( _("missing ARC data (org.opensolaris.arc-caseid)"),
msgid="%s%s.0" % (self.name, pkglint_id))
component_check.pkglint_dest = _(
"license actions and ARC information are required if you deliver files.")