blob: ee34d5208d14ae118c6b46dbf11af1efcbeb7d21 [file] [log] [blame]
Patrick Williams92b42cb2022-09-03 06:53:57 -05001#
2# Copyright OpenEmbedded Contributors
3#
4# SPDX-License-Identifier: MIT
5#
6
7# BB Class inspired by ebuild.sh
8#
9# This class will test files after installation for certain
10# security issues and other kind of issues.
11#
12# Checks we do:
13# -Check the ownership and permissions
14# -Check the RUNTIME path for the $TMPDIR
15# -Check if .la files wrongly point to workdir
16# -Check if .pc files wrongly point to workdir
17# -Check if packages contains .debug directories or .so files
18# where they should be in -dev or -dbg
19# -Check if config.log contains traces to broken autoconf tests
20# -Check invalid characters (non-utf8) on some package metadata
21# -Ensure that binaries in base_[bindir|sbindir|libdir] do not link
22# into exec_prefix
23# -Check that scripts in base_[bindir|sbindir|libdir] do not reference
24# files under exec_prefix
25# -Check if the package name is upper case
26
27# Elect whether a given type of error is a warning or error, they may
28# have been set by other files.
29WARN_QA ?= " libdir xorg-driver-abi buildpaths \
30 textrel incompatible-license files-invalid \
31 infodir build-deps src-uri-bad symlink-to-sysroot multilib \
Andrew Geisslerc5535c92023-01-27 16:10:19 -060032 invalid-packageconfig host-user-contaminated uppercase-pn \
Patrick Williams92b42cb2022-09-03 06:53:57 -050033 mime mime-xdg unlisted-pkg-lics unhandled-features-check \
34 missing-update-alternatives native-last missing-ptest \
35 license-exists license-no-generic license-syntax license-format \
36 license-incompatible license-file-missing obsolete-license \
37 "
38ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \
39 perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
40 split-strip packages-list pkgv-undefined var-undefined \
41 version-going-backwards expanded-d invalid-chars \
42 license-checksum dev-elf file-rdeps configure-unsafe \
43 configure-gettext perllocalpod shebang-size \
44 already-stripped installed-vs-shipped ldflags compile-host-path \
45 install-host-path pn-overrides unknown-configure-option \
46 useless-rpaths rpaths staticdev empty-dirs \
Andrew Geisslerc5535c92023-01-27 16:10:19 -060047 patch-fuzz patch-status-core\
Patrick Williams92b42cb2022-09-03 06:53:57 -050048 "
49# Add usrmerge QA check based on distro feature
50ERROR_QA:append = "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', ' usrmerge', '', d)}"
51
52FAKEROOT_QA = "host-user-contaminated"
53FAKEROOT_QA[doc] = "QA tests which need to run under fakeroot. If any \
54enabled tests are listed here, the do_package_qa task will run under fakeroot."
55
56ALL_QA = "${WARN_QA} ${ERROR_QA}"
57
58UNKNOWN_CONFIGURE_OPT_IGNORE ?= "--enable-nls --disable-nls --disable-silent-rules --disable-dependency-tracking --with-libtool-sysroot --disable-static"
59
60# This is a list of directories that are expected to be empty.
61QA_EMPTY_DIRS ?= " \
62 /dev/pts \
63 /media \
64 /proc \
65 /run \
66 /tmp \
67 ${localstatedir}/run \
68 ${localstatedir}/volatile \
69"
70# It is possible to specify why a directory is expected to be empty by defining
71# QA_EMPTY_DIRS_RECOMMENDATION:<path>, which will then be included in the error
72# message if the directory is not empty. If it is not specified for a directory,
73# then "but it is expected to be empty" will be used.
74
75def package_qa_clean_path(path, d, pkg=None):
76 """
77 Remove redundant paths from the path for display. If pkg isn't set then
78 TMPDIR is stripped, otherwise PKGDEST/pkg is stripped.
79 """
80 if pkg:
81 path = path.replace(os.path.join(d.getVar("PKGDEST"), pkg), "/")
82 return path.replace(d.getVar("TMPDIR"), "/").replace("//", "/")
83
84QAPATHTEST[shebang-size] = "package_qa_check_shebang_size"
85def package_qa_check_shebang_size(path, name, d, elf, messages):
86 import stat
87 if os.path.islink(path) or stat.S_ISFIFO(os.stat(path).st_mode) or elf:
88 return
89
90 try:
91 with open(path, 'rb') as f:
92 stanza = f.readline(130)
93 except IOError:
94 return
95
96 if stanza.startswith(b'#!'):
97 #Shebang not found
98 try:
99 stanza = stanza.decode("utf-8")
100 except UnicodeDecodeError:
101 #If it is not a text file, it is not a script
102 return
103
104 if len(stanza) > 129:
105 oe.qa.add_message(messages, "shebang-size", "%s: %s maximum shebang size exceeded, the maximum size is 128." % (name, package_qa_clean_path(path, d)))
106 return
107
108QAPATHTEST[libexec] = "package_qa_check_libexec"
109def package_qa_check_libexec(path,name, d, elf, messages):
110
111 # Skip the case where the default is explicitly /usr/libexec
112 libexec = d.getVar('libexecdir')
113 if libexec == "/usr/libexec":
114 return True
115
116 if 'libexec' in path.split(os.path.sep):
117 oe.qa.add_message(messages, "libexec", "%s: %s is using libexec please relocate to %s" % (name, package_qa_clean_path(path, d), libexec))
118 return False
119
120 return True
121
122QAPATHTEST[rpaths] = "package_qa_check_rpath"
123def package_qa_check_rpath(file,name, d, elf, messages):
124 """
125 Check for dangerous RPATHs
126 """
127 if not elf:
128 return
129
130 if os.path.islink(file):
131 return
132
133 bad_dirs = [d.getVar('BASE_WORKDIR'), d.getVar('STAGING_DIR_TARGET')]
134
135 phdrs = elf.run_objdump("-p", d)
136
137 import re
138 rpath_re = re.compile(r"\s+RPATH\s+(.*)")
139 for line in phdrs.split("\n"):
140 m = rpath_re.match(line)
141 if m:
142 rpath = m.group(1)
143 for dir in bad_dirs:
144 if dir in rpath:
145 oe.qa.add_message(messages, "rpaths", "package %s contains bad RPATH %s in file %s" % (name, rpath, file))
146
147QAPATHTEST[useless-rpaths] = "package_qa_check_useless_rpaths"
148def package_qa_check_useless_rpaths(file, name, d, elf, messages):
149 """
150 Check for RPATHs that are useless but not dangerous
151 """
152 def rpath_eq(a, b):
153 return os.path.normpath(a) == os.path.normpath(b)
154
155 if not elf:
156 return
157
158 if os.path.islink(file):
159 return
160
161 libdir = d.getVar("libdir")
162 base_libdir = d.getVar("base_libdir")
163
164 phdrs = elf.run_objdump("-p", d)
165
166 import re
167 rpath_re = re.compile(r"\s+RPATH\s+(.*)")
168 for line in phdrs.split("\n"):
169 m = rpath_re.match(line)
170 if m:
171 rpath = m.group(1)
172 if rpath_eq(rpath, libdir) or rpath_eq(rpath, base_libdir):
173 # The dynamic linker searches both these places anyway. There is no point in
174 # looking there again.
175 oe.qa.add_message(messages, "useless-rpaths", "%s: %s contains probably-redundant RPATH %s" % (name, package_qa_clean_path(file, d, name), rpath))
176
177QAPATHTEST[dev-so] = "package_qa_check_dev"
178def package_qa_check_dev(path, name, d, elf, messages):
179 """
180 Check for ".so" library symlinks in non-dev packages
181 """
182
183 if not name.endswith("-dev") and not name.endswith("-dbg") and not name.endswith("-ptest") and not name.startswith("nativesdk-") and path.endswith(".so") and os.path.islink(path):
184 oe.qa.add_message(messages, "dev-so", "non -dev/-dbg/nativesdk- package %s contains symlink .so '%s'" % \
185 (name, package_qa_clean_path(path, d, name)))
186
187QAPATHTEST[dev-elf] = "package_qa_check_dev_elf"
188def package_qa_check_dev_elf(path, name, d, elf, messages):
189 """
190 Check that -dev doesn't contain real shared libraries. The test has to
191 check that the file is not a link and is an ELF object as some recipes
192 install link-time .so files that are linker scripts.
193 """
194 if name.endswith("-dev") and path.endswith(".so") and not os.path.islink(path) and elf:
195 oe.qa.add_message(messages, "dev-elf", "-dev package %s contains non-symlink .so '%s'" % \
196 (name, package_qa_clean_path(path, d, name)))
197
198QAPATHTEST[staticdev] = "package_qa_check_staticdev"
199def package_qa_check_staticdev(path, name, d, elf, messages):
200 """
201 Check for ".a" library in non-staticdev packages
202 There are a number of exceptions to this rule, -pic packages can contain
203 static libraries, the _nonshared.a belong with their -dev packages and
204 libgcc.a, libgcov.a will be skipped in their packages
205 """
206
207 if not name.endswith("-pic") and not name.endswith("-staticdev") and not name.endswith("-ptest") and path.endswith(".a") and not path.endswith("_nonshared.a") and not '/usr/lib/debug-static/' in path and not '/.debug-static/' in path:
208 oe.qa.add_message(messages, "staticdev", "non -staticdev package contains static .a library: %s path '%s'" % \
209 (name, package_qa_clean_path(path,d, name)))
210
211QAPATHTEST[mime] = "package_qa_check_mime"
212def package_qa_check_mime(path, name, d, elf, messages):
213 """
214 Check if package installs mime types to /usr/share/mime/packages
215 while no inheriting mime.bbclass
216 """
217
218 if d.getVar("datadir") + "/mime/packages" in path and path.endswith('.xml') and not bb.data.inherits_class("mime", d):
219 oe.qa.add_message(messages, "mime", "package contains mime types but does not inherit mime: %s path '%s'" % \
220 (name, package_qa_clean_path(path,d)))
221
222QAPATHTEST[mime-xdg] = "package_qa_check_mime_xdg"
223def package_qa_check_mime_xdg(path, name, d, elf, messages):
224 """
225 Check if package installs desktop file containing MimeType and requires
226 mime-types.bbclass to create /usr/share/applications/mimeinfo.cache
227 """
228
229 if d.getVar("datadir") + "/applications" in path and path.endswith('.desktop') and not bb.data.inherits_class("mime-xdg", d):
230 mime_type_found = False
231 try:
232 with open(path, 'r') as f:
233 for line in f.read().split('\n'):
234 if 'MimeType' in line:
235 mime_type_found = True
236 break;
237 except:
238 # At least libreoffice installs symlinks with absolute paths that are dangling here.
239 # We could implement some magic but for few (one) recipes it is not worth the effort so just warn:
240 wstr = "%s cannot open %s - is it a symlink with absolute path?\n" % (name, package_qa_clean_path(path,d))
241 wstr += "Please check if (linked) file contains key 'MimeType'.\n"
242 pkgname = name
243 if name == d.getVar('PN'):
244 pkgname = '${PN}'
245 wstr += "If yes: add \'inhert mime-xdg\' and \'MIME_XDG_PACKAGES += \"%s\"\' / if no add \'INSANE_SKIP:%s += \"mime-xdg\"\' to recipe." % (pkgname, pkgname)
246 oe.qa.add_message(messages, "mime-xdg", wstr)
247 if mime_type_found:
248 oe.qa.add_message(messages, "mime-xdg", "package contains desktop file with key 'MimeType' but does not inhert mime-xdg: %s path '%s'" % \
249 (name, package_qa_clean_path(path,d)))
250
251def package_qa_check_libdir(d):
252 """
253 Check for wrong library installation paths. For instance, catch
254 recipes installing /lib/bar.so when ${base_libdir}="lib32" or
255 installing in /usr/lib64 when ${libdir}="/usr/lib"
256 """
257 import re
258
259 pkgdest = d.getVar('PKGDEST')
260 base_libdir = d.getVar("base_libdir") + os.sep
261 libdir = d.getVar("libdir") + os.sep
262 libexecdir = d.getVar("libexecdir") + os.sep
263 exec_prefix = d.getVar("exec_prefix") + os.sep
264
265 messages = []
266
267 # The re's are purposely fuzzy, as some there are some .so.x.y.z files
268 # that don't follow the standard naming convention. It checks later
269 # that they are actual ELF files
270 lib_re = re.compile(r"^/lib.+\.so(\..+)?$")
271 exec_re = re.compile(r"^%s.*/lib.+\.so(\..+)?$" % exec_prefix)
272
273 for root, dirs, files in os.walk(pkgdest):
274 if root == pkgdest:
275 # Skip subdirectories for any packages with libdir in INSANE_SKIP
276 skippackages = []
277 for package in dirs:
278 if 'libdir' in (d.getVar('INSANE_SKIP:' + package) or "").split():
279 bb.note("Package %s skipping libdir QA test" % (package))
280 skippackages.append(package)
281 elif d.getVar('PACKAGE_DEBUG_SPLIT_STYLE') == 'debug-file-directory' and package.endswith("-dbg"):
282 bb.note("Package %s skipping libdir QA test for PACKAGE_DEBUG_SPLIT_STYLE equals debug-file-directory" % (package))
283 skippackages.append(package)
284 for package in skippackages:
285 dirs.remove(package)
286 for file in files:
287 full_path = os.path.join(root, file)
288 rel_path = os.path.relpath(full_path, pkgdest)
289 if os.sep in rel_path:
290 package, rel_path = rel_path.split(os.sep, 1)
291 rel_path = os.sep + rel_path
292 if lib_re.match(rel_path):
293 if base_libdir not in rel_path:
294 # make sure it's an actual ELF file
295 elf = oe.qa.ELFFile(full_path)
296 try:
297 elf.open()
298 messages.append("%s: found library in wrong location: %s" % (package, rel_path))
299 except (oe.qa.NotELFFileError):
300 pass
301 if exec_re.match(rel_path):
302 if libdir not in rel_path and libexecdir not in rel_path:
303 # make sure it's an actual ELF file
304 elf = oe.qa.ELFFile(full_path)
305 try:
306 elf.open()
307 messages.append("%s: found library in wrong location: %s" % (package, rel_path))
308 except (oe.qa.NotELFFileError):
309 pass
310
311 if messages:
312 oe.qa.handle_error("libdir", "\n".join(messages), d)
313
314QAPATHTEST[debug-files] = "package_qa_check_dbg"
315def package_qa_check_dbg(path, name, d, elf, messages):
316 """
317 Check for ".debug" files or directories outside of the dbg package
318 """
319
320 if not "-dbg" in name and not "-ptest" in name:
321 if '.debug' in path.split(os.path.sep):
322 oe.qa.add_message(messages, "debug-files", "non debug package contains .debug directory: %s path %s" % \
323 (name, package_qa_clean_path(path,d)))
324
325QAPATHTEST[arch] = "package_qa_check_arch"
326def package_qa_check_arch(path,name,d, elf, messages):
327 """
328 Check if archs are compatible
329 """
330 import re, oe.elf
331
332 if not elf:
333 return
334
335 target_os = d.getVar('HOST_OS')
336 target_arch = d.getVar('HOST_ARCH')
337 provides = d.getVar('PROVIDES')
338 bpn = d.getVar('BPN')
339
340 if target_arch == "allarch":
341 pn = d.getVar('PN')
342 oe.qa.add_message(messages, "arch", pn + ": Recipe inherits the allarch class, but has packaged architecture-specific binaries")
343 return
344
345 # FIXME: Cross package confuse this check, so just skip them
346 for s in ['cross', 'nativesdk', 'cross-canadian']:
347 if bb.data.inherits_class(s, d):
348 return
349
350 # avoid following links to /usr/bin (e.g. on udev builds)
351 # we will check the files pointed to anyway...
352 if os.path.islink(path):
353 return
354
355 #if this will throw an exception, then fix the dict above
356 (machine, osabi, abiversion, littleendian, bits) \
357 = oe.elf.machine_dict(d)[target_os][target_arch]
358
359 # Check the architecture and endiannes of the binary
360 is_32 = (("virtual/kernel" in provides) or bb.data.inherits_class("module", d)) and \
361 (target_os == "linux-gnux32" or target_os == "linux-muslx32" or \
362 target_os == "linux-gnu_ilp32" or re.match(r'mips64.*32', d.getVar('DEFAULTTUNE')))
363 is_bpf = (oe.qa.elf_machine_to_string(elf.machine()) == "BPF")
364 if not ((machine == elf.machine()) or is_32 or is_bpf):
365 oe.qa.add_message(messages, "arch", "Architecture did not match (%s, expected %s) in %s" % \
366 (oe.qa.elf_machine_to_string(elf.machine()), oe.qa.elf_machine_to_string(machine), package_qa_clean_path(path, d, name)))
367 elif not ((bits == elf.abiSize()) or is_32 or is_bpf):
368 oe.qa.add_message(messages, "arch", "Bit size did not match (%d, expected %d) in %s" % \
369 (elf.abiSize(), bits, package_qa_clean_path(path, d, name)))
370 elif not ((littleendian == elf.isLittleEndian()) or is_bpf):
371 oe.qa.add_message(messages, "arch", "Endiannes did not match (%d, expected %d) in %s" % \
372 (elf.isLittleEndian(), littleendian, package_qa_clean_path(path,d, name)))
373
374QAPATHTEST[desktop] = "package_qa_check_desktop"
375def package_qa_check_desktop(path, name, d, elf, messages):
376 """
377 Run all desktop files through desktop-file-validate.
378 """
379 if path.endswith(".desktop"):
380 desktop_file_validate = os.path.join(d.getVar('STAGING_BINDIR_NATIVE'),'desktop-file-validate')
381 output = os.popen("%s %s" % (desktop_file_validate, path))
382 # This only produces output on errors
383 for l in output:
384 oe.qa.add_message(messages, "desktop", "Desktop file issue: " + l.strip())
385
386QAPATHTEST[textrel] = "package_qa_textrel"
387def package_qa_textrel(path, name, d, elf, messages):
388 """
389 Check if the binary contains relocations in .text
390 """
391
392 if not elf:
393 return
394
395 if os.path.islink(path):
396 return
397
398 phdrs = elf.run_objdump("-p", d)
399 sane = True
400
401 import re
402 textrel_re = re.compile(r"\s+TEXTREL\s+")
403 for line in phdrs.split("\n"):
404 if textrel_re.match(line):
405 sane = False
406 break
407
408 if not sane:
409 path = package_qa_clean_path(path, d, name)
410 oe.qa.add_message(messages, "textrel", "%s: ELF binary %s has relocations in .text" % (name, path))
411
412QAPATHTEST[ldflags] = "package_qa_hash_style"
413def package_qa_hash_style(path, name, d, elf, messages):
414 """
415 Check if the binary has the right hash style...
416 """
417
418 if not elf:
419 return
420
421 if os.path.islink(path):
422 return
423
424 gnu_hash = "--hash-style=gnu" in d.getVar('LDFLAGS')
425 if not gnu_hash:
426 gnu_hash = "--hash-style=both" in d.getVar('LDFLAGS')
427 if not gnu_hash:
428 return
429
430 sane = False
431 has_syms = False
432
433 phdrs = elf.run_objdump("-p", d)
434
435 # If this binary has symbols, we expect it to have GNU_HASH too.
436 for line in phdrs.split("\n"):
437 if "SYMTAB" in line:
438 has_syms = True
439 if "GNU_HASH" in line or "MIPS_XHASH" in line:
440 sane = True
441 if ("[mips32]" in line or "[mips64]" in line) and d.getVar('TCLIBC') == "musl":
442 sane = True
443 if has_syms and not sane:
444 path = package_qa_clean_path(path, d, name)
445 oe.qa.add_message(messages, "ldflags", "File %s in package %s doesn't have GNU_HASH (didn't pass LDFLAGS?)" % (path, name))
446
447
448QAPATHTEST[buildpaths] = "package_qa_check_buildpaths"
449def package_qa_check_buildpaths(path, name, d, elf, messages):
450 """
451 Check for build paths inside target files and error if paths are not
452 explicitly ignored.
453 """
454 import stat
455
456 # Ignore symlinks/devs/fifos
457 mode = os.lstat(path).st_mode
458 if stat.S_ISLNK(mode) or stat.S_ISBLK(mode) or stat.S_ISFIFO(mode) or stat.S_ISCHR(mode) or stat.S_ISSOCK(mode):
459 return
460
461 tmpdir = bytes(d.getVar('TMPDIR'), encoding="utf-8")
462 with open(path, 'rb') as f:
463 file_content = f.read()
464 if tmpdir in file_content:
465 trimmed = path.replace(os.path.join (d.getVar("PKGDEST"), name), "")
466 oe.qa.add_message(messages, "buildpaths", "File %s in package %s contains reference to TMPDIR" % (trimmed, name))
467
468
469QAPATHTEST[xorg-driver-abi] = "package_qa_check_xorg_driver_abi"
470def package_qa_check_xorg_driver_abi(path, name, d, elf, messages):
471 """
472 Check that all packages containing Xorg drivers have ABI dependencies
473 """
474
475 # Skip dev, dbg or nativesdk packages
476 if name.endswith("-dev") or name.endswith("-dbg") or name.startswith("nativesdk-"):
477 return
478
479 driverdir = d.expand("${libdir}/xorg/modules/drivers/")
480 if driverdir in path and path.endswith(".so"):
481 mlprefix = d.getVar('MLPREFIX') or ''
482 for rdep in bb.utils.explode_deps(d.getVar('RDEPENDS:' + name) or ""):
483 if rdep.startswith("%sxorg-abi-" % mlprefix):
484 return
485 oe.qa.add_message(messages, "xorg-driver-abi", "Package %s contains Xorg driver (%s) but no xorg-abi- dependencies" % (name, os.path.basename(path)))
486
487QAPATHTEST[infodir] = "package_qa_check_infodir"
488def package_qa_check_infodir(path, name, d, elf, messages):
489 """
490 Check that /usr/share/info/dir isn't shipped in a particular package
491 """
492 infodir = d.expand("${infodir}/dir")
493
494 if infodir in path:
495 oe.qa.add_message(messages, "infodir", "The /usr/share/info/dir file is not meant to be shipped in a particular package.")
496
497QAPATHTEST[symlink-to-sysroot] = "package_qa_check_symlink_to_sysroot"
498def package_qa_check_symlink_to_sysroot(path, name, d, elf, messages):
499 """
500 Check that the package doesn't contain any absolute symlinks to the sysroot.
501 """
502 if os.path.islink(path):
503 target = os.readlink(path)
504 if os.path.isabs(target):
505 tmpdir = d.getVar('TMPDIR')
506 if target.startswith(tmpdir):
507 trimmed = path.replace(os.path.join (d.getVar("PKGDEST"), name), "")
508 oe.qa.add_message(messages, "symlink-to-sysroot", "Symlink %s in %s points to TMPDIR" % (trimmed, name))
509
Andrew Geissler517393d2023-01-13 08:55:19 -0600510QAPATHTEST[32bit-time] = "check_32bit_symbols"
511def check_32bit_symbols(path, packagename, d, elf, messages):
512 """
513 Check that ELF files do not use any 32 bit time APIs from glibc.
514 """
515 import re
516 # This list is manually constructed by searching the image folder of the
517 # glibc recipe for __USE_TIME_BITS64. There is no good way to do this
518 # automatically.
519 api32 = {
520 # /usr/include/time.h
521 "clock_getres", "clock_gettime", "clock_nanosleep", "clock_settime",
522 "ctime", "ctime_r", "difftime", "gmtime", "gmtime_r", "localtime",
523 "localtime_r", "mktime", "nanosleep", "time", "timegm", "timelocal",
524 "timer_gettime", "timer_settime", "timespec_get", "timespec_getres",
525 # /usr/include/bits/time.h
526 "clock_adjtime",
527 # /usr/include/signal.h
528 "sigtimedwait",
529 # /usr/include/sys/time.h
530 "futimes", "futimesat", "getitimer", "gettimeofday", "lutimes",
531 "setitimer", "settimeofday", "utimes",
532 # /usr/include/sys/timex.h
533 "adjtimex", "ntp_adjtime", "ntp_gettime", "ntp_gettimex",
534 # /usr/include/sys/wait.h
535 "wait3", "wait4",
536 # /usr/include/sys/stat.h
537 "fstat", "fstat64", "fstatat", "fstatat64", "futimens", "lstat",
538 "lstat64", "stat", "stat64", "utimensat",
539 # /usr/include/sys/poll.h
540 "ppoll",
541 # /usr/include/sys/resource.h
542 "getrusage",
543 # /usr/include/sys/ioctl.h
544 "ioctl",
545 # /usr/include/sys/select.h
546 "select", "pselect",
547 # /usr/include/sys/prctl.h
548 "prctl",
549 # /usr/include/sys/epoll.h
550 "epoll_pwait2",
551 # /usr/include/sys/timerfd.h
552 "timerfd_gettime", "timerfd_settime",
553 # /usr/include/sys/socket.h
554 "getsockopt", "recvmmsg", "recvmsg", "sendmmsg", "sendmsg",
555 "setsockopt",
556 # /usr/include/sys/msg.h
557 "msgctl",
558 # /usr/include/sys/sem.h
559 "semctl", "semtimedop",
560 # /usr/include/sys/shm.h
561 "shmctl",
562 # /usr/include/pthread.h
563 "pthread_clockjoin_np", "pthread_cond_clockwait",
564 "pthread_cond_timedwait", "pthread_mutex_clocklock",
565 "pthread_mutex_timedlock", "pthread_rwlock_clockrdlock",
566 "pthread_rwlock_clockwrlock", "pthread_rwlock_timedrdlock",
567 "pthread_rwlock_timedwrlock", "pthread_timedjoin_np",
568 # /usr/include/semaphore.h
569 "sem_clockwait", "sem_timedwait",
570 # /usr/include/threads.h
571 "cnd_timedwait", "mtx_timedlock", "thrd_sleep",
572 # /usr/include/aio.h
573 "aio_cancel", "aio_error", "aio_read", "aio_return", "aio_suspend",
574 "aio_write", "lio_listio",
575 # /usr/include/mqueue.h
576 "mq_timedreceive", "mq_timedsend",
577 # /usr/include/glob.h
578 "glob", "glob64", "globfree", "globfree64",
579 # /usr/include/sched.h
580 "sched_rr_get_interval",
581 # /usr/include/fcntl.h
582 "fcntl", "fcntl64",
583 # /usr/include/utime.h
584 "utime",
585 # /usr/include/ftw.h
586 "ftw", "ftw64", "nftw", "nftw64",
587 # /usr/include/fts.h
588 "fts64_children", "fts64_close", "fts64_open", "fts64_read",
589 "fts64_set", "fts_children", "fts_close", "fts_open", "fts_read",
590 "fts_set",
591 # /usr/include/netdb.h
592 "gai_suspend",
593 }
594
595 ptrn = re.compile(
596 r'''
597 (?P<value>[\da-fA-F]+) \s+
598 (?P<flags>[lgu! ][w ][C ][W ][Ii ][dD ]F) \s+
599 (?P<section>\*UND\*) \s+
600 (?P<alignment>(?P<size>[\da-fA-F]+)) \s+
601 (?P<symbol>
602 ''' +
603 r'(?P<notag>' + r'|'.join(sorted(api32)) + r')' +
604 r'''
605 (@+(?P<tag>GLIBC_\d+\.\d+\S*)))
606 ''', re.VERBOSE
607 )
608
609 # elf is a oe.qa.ELFFile object
610 if elf is not None:
611 phdrs = elf.run_objdump("-tw", d)
612 syms = re.finditer(ptrn, phdrs)
613 usedapis = {sym.group('notag') for sym in syms}
614 if usedapis:
615 elfpath = package_qa_clean_path(path, d, packagename)
616 # Remove any .debug dir, heuristic that probably works
617 # At this point, any symbol information is stripped into the debug
618 # package, so that is the only place we will find them.
619 elfpath = elfpath.replace('.debug/', '')
620 allowed = (
621 d.getVarFlag(
622 'INSANE_SKIP:' + d.getVar('PN'), elfpath.replace('/', '_')
623 ) or ''
624 ).split()
625 usedapis -= set(allowed)
626 if usedapis:
627 msgformat = elfpath + " uses 32-bit api '%s'"
628 for sym in usedapis:
629 oe.qa.add_message(messages, '32bit-time', msgformat % sym)
630 oe.qa.add_message(
631 messages, '32bit-time',
632 'Suppress with INSANE_SKIP:%s[%s] = "%s"' % (
633 d.getVar('PN'), elfpath.replace('/', '_'),
634 ' '.join(usedapis)
635 )
636 )
637
Patrick Williams92b42cb2022-09-03 06:53:57 -0500638# Check license variables
639do_populate_lic[postfuncs] += "populate_lic_qa_checksum"
640python populate_lic_qa_checksum() {
641 """
642 Check for changes in the license files.
643 """
644
645 lic_files = d.getVar('LIC_FILES_CHKSUM') or ''
646 lic = d.getVar('LICENSE')
647 pn = d.getVar('PN')
648
649 if lic == "CLOSED":
650 return
651
652 if not lic_files and d.getVar('SRC_URI'):
653 oe.qa.handle_error("license-checksum", pn + ": Recipe file fetches files and does not have license file information (LIC_FILES_CHKSUM)", d)
654
655 srcdir = d.getVar('S')
656 corebase_licensefile = d.getVar('COREBASE') + "/LICENSE"
657 for url in lic_files.split():
658 try:
659 (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
660 except bb.fetch.MalformedUrl:
661 oe.qa.handle_error("license-checksum", pn + ": LIC_FILES_CHKSUM contains an invalid URL: " + url, d)
662 continue
663 srclicfile = os.path.join(srcdir, path)
664 if not os.path.isfile(srclicfile):
665 oe.qa.handle_error("license-checksum", pn + ": LIC_FILES_CHKSUM points to an invalid file: " + srclicfile, d)
666 continue
667
668 if (srclicfile == corebase_licensefile):
669 bb.warn("${COREBASE}/LICENSE is not a valid license file, please use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM. This will become an error in the future")
670
671 recipemd5 = parm.get('md5', '')
672 beginline, endline = 0, 0
673 if 'beginline' in parm:
674 beginline = int(parm['beginline'])
675 if 'endline' in parm:
676 endline = int(parm['endline'])
677
678 if (not beginline) and (not endline):
679 md5chksum = bb.utils.md5_file(srclicfile)
680 with open(srclicfile, 'r', errors='replace') as f:
681 license = f.read().splitlines()
682 else:
683 with open(srclicfile, 'rb') as f:
684 import hashlib
685 lineno = 0
686 license = []
Patrick Williams2390b1b2022-11-03 13:47:49 -0500687 try:
688 m = hashlib.new('MD5', usedforsecurity=False)
689 except TypeError:
690 m = hashlib.new('MD5')
Patrick Williams92b42cb2022-09-03 06:53:57 -0500691 for line in f:
692 lineno += 1
693 if (lineno >= beginline):
694 if ((lineno <= endline) or not endline):
695 m.update(line)
696 license.append(line.decode('utf-8', errors='replace').rstrip())
697 else:
698 break
699 md5chksum = m.hexdigest()
700 if recipemd5 == md5chksum:
701 bb.note (pn + ": md5 checksum matched for ", url)
702 else:
703 if recipemd5:
704 msg = pn + ": The LIC_FILES_CHKSUM does not match for " + url
705 msg = msg + "\n" + pn + ": The new md5 checksum is " + md5chksum
706 max_lines = int(d.getVar('QA_MAX_LICENSE_LINES') or 20)
707 if not license or license[-1] != '':
708 # Ensure that our license text ends with a line break
709 # (will be added with join() below).
710 license.append('')
711 remove = len(license) - max_lines
712 if remove > 0:
713 start = max_lines // 2
714 end = start + remove - 1
715 del license[start:end]
716 license.insert(start, '...')
717 msg = msg + "\n" + pn + ": Here is the selected license text:" + \
718 "\n" + \
719 "{:v^70}".format(" beginline=%d " % beginline if beginline else "") + \
720 "\n" + "\n".join(license) + \
721 "{:^^70}".format(" endline=%d " % endline if endline else "")
722 if beginline:
723 if endline:
724 srcfiledesc = "%s (lines %d through to %d)" % (srclicfile, beginline, endline)
725 else:
726 srcfiledesc = "%s (beginning on line %d)" % (srclicfile, beginline)
727 elif endline:
728 srcfiledesc = "%s (ending on line %d)" % (srclicfile, endline)
729 else:
730 srcfiledesc = srclicfile
731 msg = msg + "\n" + pn + ": Check if the license information has changed in %s to verify that the LICENSE value \"%s\" remains valid" % (srcfiledesc, lic)
732
733 else:
734 msg = pn + ": LIC_FILES_CHKSUM is not specified for " + url
735 msg = msg + "\n" + pn + ": The md5 checksum is " + md5chksum
736 oe.qa.handle_error("license-checksum", msg, d)
737
738 oe.qa.exit_if_errors(d)
739}
740
741def qa_check_staged(path,d):
742 """
743 Check staged la and pc files for common problems like references to the work
744 directory.
745
746 As this is run after every stage we should be able to find the one
747 responsible for the errors easily even if we look at every .pc and .la file.
748 """
749
750 tmpdir = d.getVar('TMPDIR')
751 workdir = os.path.join(tmpdir, "work")
752 recipesysroot = d.getVar("RECIPE_SYSROOT")
753
754 if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
755 pkgconfigcheck = workdir
756 else:
757 pkgconfigcheck = tmpdir
758
759 skip = (d.getVar('INSANE_SKIP') or "").split()
760 skip_la = False
761 if 'la' in skip:
762 bb.note("Recipe %s skipping qa checking: la" % d.getVar('PN'))
763 skip_la = True
764
765 skip_pkgconfig = False
766 if 'pkgconfig' in skip:
767 bb.note("Recipe %s skipping qa checking: pkgconfig" % d.getVar('PN'))
768 skip_pkgconfig = True
769
770 skip_shebang_size = False
771 if 'shebang-size' in skip:
772 bb.note("Recipe %s skipping qa checkking: shebang-size" % d.getVar('PN'))
773 skip_shebang_size = True
774
775 # find all .la and .pc files
776 # read the content
777 # and check for stuff that looks wrong
778 for root, dirs, files in os.walk(path):
779 for file in files:
780 path = os.path.join(root,file)
781 if file.endswith(".la") and not skip_la:
782 with open(path) as f:
783 file_content = f.read()
784 file_content = file_content.replace(recipesysroot, "")
785 if workdir in file_content:
786 error_msg = "%s failed sanity test (workdir) in path %s" % (file,root)
787 oe.qa.handle_error("la", error_msg, d)
788 elif file.endswith(".pc") and not skip_pkgconfig:
789 with open(path) as f:
790 file_content = f.read()
791 file_content = file_content.replace(recipesysroot, "")
792 if pkgconfigcheck in file_content:
793 error_msg = "%s failed sanity test (tmpdir) in path %s" % (file,root)
794 oe.qa.handle_error("pkgconfig", error_msg, d)
795
796 if not skip_shebang_size:
797 errors = {}
798 package_qa_check_shebang_size(path, "", d, None, errors)
799 for e in errors:
800 oe.qa.handle_error(e, errors[e], d)
801
802
803# Run all package-wide warnfuncs and errorfuncs
804def package_qa_package(warnfuncs, errorfuncs, package, d):
805 warnings = {}
806 errors = {}
807
808 for func in warnfuncs:
809 func(package, d, warnings)
810 for func in errorfuncs:
811 func(package, d, errors)
812
813 for w in warnings:
814 oe.qa.handle_error(w, warnings[w], d)
815 for e in errors:
816 oe.qa.handle_error(e, errors[e], d)
817
818 return len(errors) == 0
819
820# Run all recipe-wide warnfuncs and errorfuncs
821def package_qa_recipe(warnfuncs, errorfuncs, pn, d):
822 warnings = {}
823 errors = {}
824
825 for func in warnfuncs:
826 func(pn, d, warnings)
827 for func in errorfuncs:
828 func(pn, d, errors)
829
830 for w in warnings:
831 oe.qa.handle_error(w, warnings[w], d)
832 for e in errors:
833 oe.qa.handle_error(e, errors[e], d)
834
835 return len(errors) == 0
836
837def prepopulate_objdump_p(elf, d):
838 output = elf.run_objdump("-p", d)
839 return (elf.name, output)
840
841# Walk over all files in a directory and call func
842def package_qa_walk(warnfuncs, errorfuncs, package, d):
843 #if this will throw an exception, then fix the dict above
844 target_os = d.getVar('HOST_OS')
845 target_arch = d.getVar('HOST_ARCH')
846
847 warnings = {}
848 errors = {}
849 elves = {}
850 for path in pkgfiles[package]:
851 elf = None
852 if os.path.isfile(path):
853 elf = oe.qa.ELFFile(path)
854 try:
855 elf.open()
856 elf.close()
857 except oe.qa.NotELFFileError:
858 elf = None
859 if elf:
860 elves[path] = elf
861
862 results = oe.utils.multiprocess_launch(prepopulate_objdump_p, elves.values(), d, extraargs=(d,))
863 for item in results:
864 elves[item[0]].set_objdump("-p", item[1])
865
866 for path in pkgfiles[package]:
867 if path in elves:
868 elves[path].open()
869 for func in warnfuncs:
870 func(path, package, d, elves.get(path), warnings)
871 for func in errorfuncs:
872 func(path, package, d, elves.get(path), errors)
873 if path in elves:
874 elves[path].close()
875
876 for w in warnings:
877 oe.qa.handle_error(w, warnings[w], d)
878 for e in errors:
879 oe.qa.handle_error(e, errors[e], d)
880
881def package_qa_check_rdepends(pkg, pkgdest, skip, taskdeps, packages, d):
882 # Don't do this check for kernel/module recipes, there aren't too many debug/development
883 # packages and you can get false positives e.g. on kernel-module-lirc-dev
884 if bb.data.inherits_class("kernel", d) or bb.data.inherits_class("module-base", d):
885 return
886
887 if not "-dbg" in pkg and not "packagegroup-" in pkg and not "-image" in pkg:
888 localdata = bb.data.createCopy(d)
889 localdata.setVar('OVERRIDES', localdata.getVar('OVERRIDES') + ':' + pkg)
890
891 # Now check the RDEPENDS
892 rdepends = bb.utils.explode_deps(localdata.getVar('RDEPENDS') or "")
893
894 # Now do the sanity check!!!
895 if "build-deps" not in skip:
896 for rdepend in rdepends:
897 if "-dbg" in rdepend and "debug-deps" not in skip:
898 error_msg = "%s rdepends on %s" % (pkg,rdepend)
899 oe.qa.handle_error("debug-deps", error_msg, d)
900 if (not "-dev" in pkg and not "-staticdev" in pkg) and rdepend.endswith("-dev") and "dev-deps" not in skip:
901 error_msg = "%s rdepends on %s" % (pkg, rdepend)
902 oe.qa.handle_error("dev-deps", error_msg, d)
903 if rdepend not in packages:
904 rdep_data = oe.packagedata.read_subpkgdata(rdepend, d)
905 if rdep_data and 'PN' in rdep_data and rdep_data['PN'] in taskdeps:
906 continue
907 if not rdep_data or not 'PN' in rdep_data:
908 pkgdata_dir = d.getVar("PKGDATA_DIR")
909 try:
910 possibles = os.listdir("%s/runtime-rprovides/%s/" % (pkgdata_dir, rdepend))
911 except OSError:
912 possibles = []
913 for p in possibles:
914 rdep_data = oe.packagedata.read_subpkgdata(p, d)
915 if rdep_data and 'PN' in rdep_data and rdep_data['PN'] in taskdeps:
916 break
917 if rdep_data and 'PN' in rdep_data and rdep_data['PN'] in taskdeps:
918 continue
919 if rdep_data and 'PN' in rdep_data:
920 error_msg = "%s rdepends on %s, but it isn't a build dependency, missing %s in DEPENDS or PACKAGECONFIG?" % (pkg, rdepend, rdep_data['PN'])
921 else:
922 error_msg = "%s rdepends on %s, but it isn't a build dependency?" % (pkg, rdepend)
923 oe.qa.handle_error("build-deps", error_msg, d)
924
925 if "file-rdeps" not in skip:
926 ignored_file_rdeps = set(['/bin/sh', '/usr/bin/env', 'rtld(GNU_HASH)'])
927 if bb.data.inherits_class('nativesdk', d):
928 ignored_file_rdeps |= set(['/bin/bash', '/usr/bin/perl', 'perl'])
929 # For Saving the FILERDEPENDS
930 filerdepends = {}
931 rdep_data = oe.packagedata.read_subpkgdata(pkg, d)
932 for key in rdep_data:
933 if key.startswith("FILERDEPENDS:"):
934 for subkey in bb.utils.explode_deps(rdep_data[key]):
935 if subkey not in ignored_file_rdeps and \
936 not subkey.startswith('perl('):
937 # We already know it starts with FILERDEPENDS_
938 filerdepends[subkey] = key[13:]
939
940 if filerdepends:
941 done = rdepends[:]
942 # Add the rprovides of itself
943 if pkg not in done:
944 done.insert(0, pkg)
945
946 # The python is not a package, but python-core provides it, so
947 # skip checking /usr/bin/python if python is in the rdeps, in
948 # case there is a RDEPENDS:pkg = "python" in the recipe.
949 for py in [ d.getVar('MLPREFIX') + "python", "python" ]:
950 if py in done:
951 filerdepends.pop("/usr/bin/python",None)
952 done.remove(py)
953 for rdep in done:
954 # The file dependencies may contain package names, e.g.,
955 # perl
956 filerdepends.pop(rdep,None)
957
958 # For Saving the FILERPROVIDES, RPROVIDES and FILES_INFO
959 rdep_data = oe.packagedata.read_subpkgdata(rdep, d)
960 for key in rdep_data:
961 if key.startswith("FILERPROVIDES:") or key.startswith("RPROVIDES:"):
962 for subkey in bb.utils.explode_deps(rdep_data[key]):
963 filerdepends.pop(subkey,None)
964 # Add the files list to the rprovides
965 if key.startswith("FILES_INFO:"):
966 # Use eval() to make it as a dict
967 for subkey in eval(rdep_data[key]):
968 filerdepends.pop(subkey,None)
969 if not filerdepends:
970 # Break if all the file rdepends are met
971 break
972 if filerdepends:
973 for key in filerdepends:
974 error_msg = "%s contained in package %s requires %s, but no providers found in RDEPENDS:%s?" % \
975 (filerdepends[key].replace(":%s" % pkg, "").replace("@underscore@", "_"), pkg, key, pkg)
976 oe.qa.handle_error("file-rdeps", error_msg, d)
977package_qa_check_rdepends[vardepsexclude] = "OVERRIDES"
978
979def package_qa_check_deps(pkg, pkgdest, d):
980
981 localdata = bb.data.createCopy(d)
982 localdata.setVar('OVERRIDES', pkg)
983
984 def check_valid_deps(var):
985 try:
986 rvar = bb.utils.explode_dep_versions2(localdata.getVar(var) or "")
987 except ValueError as e:
988 bb.fatal("%s:%s: %s" % (var, pkg, e))
989 for dep in rvar:
990 for v in rvar[dep]:
991 if v and not v.startswith(('< ', '= ', '> ', '<= ', '>=')):
992 error_msg = "%s:%s is invalid: %s (%s) only comparisons <, =, >, <=, and >= are allowed" % (var, pkg, dep, v)
993 oe.qa.handle_error("dep-cmp", error_msg, d)
994
995 check_valid_deps('RDEPENDS')
996 check_valid_deps('RRECOMMENDS')
997 check_valid_deps('RSUGGESTS')
998 check_valid_deps('RPROVIDES')
999 check_valid_deps('RREPLACES')
1000 check_valid_deps('RCONFLICTS')
1001
1002QAPKGTEST[usrmerge] = "package_qa_check_usrmerge"
1003def package_qa_check_usrmerge(pkg, d, messages):
1004
1005 pkgdest = d.getVar('PKGDEST')
1006 pkg_dir = pkgdest + os.sep + pkg + os.sep
1007 merged_dirs = ['bin', 'sbin', 'lib'] + d.getVar('MULTILIB_VARIANTS').split()
1008 for f in merged_dirs:
1009 if os.path.exists(pkg_dir + f) and not os.path.islink(pkg_dir + f):
1010 msg = "%s package is not obeying usrmerge distro feature. /%s should be relocated to /usr." % (pkg, f)
1011 oe.qa.add_message(messages, "usrmerge", msg)
1012 return False
1013 return True
1014
1015QAPKGTEST[perllocalpod] = "package_qa_check_perllocalpod"
1016def package_qa_check_perllocalpod(pkg, d, messages):
1017 """
1018 Check that the recipe didn't ship a perlocal.pod file, which shouldn't be
1019 installed in a distribution package. cpan.bbclass sets NO_PERLLOCAL=1 to
1020 handle this for most recipes.
1021 """
1022 import glob
1023 pkgd = oe.path.join(d.getVar('PKGDEST'), pkg)
1024 podpath = oe.path.join(pkgd, d.getVar("libdir"), "perl*", "*", "*", "perllocal.pod")
1025
1026 matches = glob.glob(podpath)
1027 if matches:
1028 matches = [package_qa_clean_path(path, d, pkg) for path in matches]
1029 msg = "%s contains perllocal.pod (%s), should not be installed" % (pkg, " ".join(matches))
1030 oe.qa.add_message(messages, "perllocalpod", msg)
1031
1032QAPKGTEST[expanded-d] = "package_qa_check_expanded_d"
1033def package_qa_check_expanded_d(package, d, messages):
1034 """
1035 Check for the expanded D (${D}) value in pkg_* and FILES
1036 variables, warn the user to use it correctly.
1037 """
1038 sane = True
1039 expanded_d = d.getVar('D')
1040
1041 for var in 'FILES','pkg_preinst', 'pkg_postinst', 'pkg_prerm', 'pkg_postrm':
1042 bbvar = d.getVar(var + ":" + package) or ""
1043 if expanded_d in bbvar:
1044 if var == 'FILES':
1045 oe.qa.add_message(messages, "expanded-d", "FILES in %s recipe should not contain the ${D} variable as it references the local build directory not the target filesystem, best solution is to remove the ${D} reference" % package)
1046 sane = False
1047 else:
1048 oe.qa.add_message(messages, "expanded-d", "%s in %s recipe contains ${D}, it should be replaced by $D instead" % (var, package))
1049 sane = False
1050 return sane
1051
1052QAPKGTEST[unlisted-pkg-lics] = "package_qa_check_unlisted_pkg_lics"
1053def package_qa_check_unlisted_pkg_lics(package, d, messages):
1054 """
1055 Check that all licenses for a package are among the licenses for the recipe.
1056 """
1057 pkg_lics = d.getVar('LICENSE:' + package)
1058 if not pkg_lics:
1059 return True
1060
1061 recipe_lics_set = oe.license.list_licenses(d.getVar('LICENSE'))
1062 package_lics = oe.license.list_licenses(pkg_lics)
1063 unlisted = package_lics - recipe_lics_set
1064 if unlisted:
1065 oe.qa.add_message(messages, "unlisted-pkg-lics",
1066 "LICENSE:%s includes licenses (%s) that are not "
1067 "listed in LICENSE" % (package, ' '.join(unlisted)))
1068 return False
1069 obsolete = set(oe.license.obsolete_license_list()) & package_lics - recipe_lics_set
1070 if obsolete:
1071 oe.qa.add_message(messages, "obsolete-license",
1072 "LICENSE:%s includes obsolete licenses %s" % (package, ' '.join(obsolete)))
1073 return False
1074 return True
1075
1076QAPKGTEST[empty-dirs] = "package_qa_check_empty_dirs"
1077def package_qa_check_empty_dirs(pkg, d, messages):
1078 """
1079 Check for the existence of files in directories that are expected to be
1080 empty.
1081 """
1082
1083 pkgd = oe.path.join(d.getVar('PKGDEST'), pkg)
1084 for dir in (d.getVar('QA_EMPTY_DIRS') or "").split():
1085 empty_dir = oe.path.join(pkgd, dir)
1086 if os.path.exists(empty_dir) and os.listdir(empty_dir):
1087 recommendation = (d.getVar('QA_EMPTY_DIRS_RECOMMENDATION:' + dir) or
1088 "but it is expected to be empty")
1089 msg = "%s installs files in %s, %s" % (pkg, dir, recommendation)
1090 oe.qa.add_message(messages, "empty-dirs", msg)
1091
1092def package_qa_check_encoding(keys, encode, d):
1093 def check_encoding(key, enc):
1094 sane = True
1095 value = d.getVar(key)
1096 if value:
1097 try:
1098 s = value.encode(enc)
1099 except UnicodeDecodeError as e:
1100 error_msg = "%s has non %s characters" % (key,enc)
1101 sane = False
1102 oe.qa.handle_error("invalid-chars", error_msg, d)
1103 return sane
1104
1105 for key in keys:
1106 sane = check_encoding(key, encode)
1107 if not sane:
1108 break
1109
1110HOST_USER_UID := "${@os.getuid()}"
1111HOST_USER_GID := "${@os.getgid()}"
1112
1113QAPATHTEST[host-user-contaminated] = "package_qa_check_host_user"
1114def package_qa_check_host_user(path, name, d, elf, messages):
1115 """Check for paths outside of /home which are owned by the user running bitbake."""
1116
1117 if not os.path.lexists(path):
1118 return
1119
1120 dest = d.getVar('PKGDEST')
1121 pn = d.getVar('PN')
1122 home = os.path.join(dest, name, 'home')
1123 if path == home or path.startswith(home + os.sep):
1124 return
1125
1126 try:
1127 stat = os.lstat(path)
1128 except OSError as exc:
1129 import errno
1130 if exc.errno != errno.ENOENT:
1131 raise
1132 else:
1133 check_uid = int(d.getVar('HOST_USER_UID'))
1134 if stat.st_uid == check_uid:
1135 oe.qa.add_message(messages, "host-user-contaminated", "%s: %s is owned by uid %d, which is the same as the user running bitbake. This may be due to host contamination" % (pn, package_qa_clean_path(path, d, name), check_uid))
1136 return False
1137
1138 check_gid = int(d.getVar('HOST_USER_GID'))
1139 if stat.st_gid == check_gid:
1140 oe.qa.add_message(messages, "host-user-contaminated", "%s: %s is owned by gid %d, which is the same as the user running bitbake. This may be due to host contamination" % (pn, package_qa_clean_path(path, d, name), check_gid))
1141 return False
1142 return True
1143
1144QARECIPETEST[unhandled-features-check] = "package_qa_check_unhandled_features_check"
1145def package_qa_check_unhandled_features_check(pn, d, messages):
1146 if not bb.data.inherits_class('features_check', d):
1147 var_set = False
1148 for kind in ['DISTRO', 'MACHINE', 'COMBINED']:
1149 for var in ['ANY_OF_' + kind + '_FEATURES', 'REQUIRED_' + kind + '_FEATURES', 'CONFLICT_' + kind + '_FEATURES']:
1150 if d.getVar(var) is not None or d.hasOverrides(var):
1151 var_set = True
1152 if var_set:
1153 oe.qa.handle_error("unhandled-features-check", "%s: recipe doesn't inherit features_check" % pn, d)
1154
1155QARECIPETEST[missing-update-alternatives] = "package_qa_check_missing_update_alternatives"
1156def package_qa_check_missing_update_alternatives(pn, d, messages):
1157 # Look at all packages and find out if any of those sets ALTERNATIVE variable
1158 # without inheriting update-alternatives class
1159 for pkg in (d.getVar('PACKAGES') or '').split():
1160 if d.getVar('ALTERNATIVE:%s' % pkg) and not bb.data.inherits_class('update-alternatives', d):
1161 oe.qa.handle_error("missing-update-alternatives", "%s: recipe defines ALTERNATIVE:%s but doesn't inherit update-alternatives. This might fail during do_rootfs later!" % (pn, pkg), d)
1162
1163# The PACKAGE FUNC to scan each package
1164python do_package_qa () {
1165 import subprocess
1166 import oe.packagedata
1167
1168 bb.note("DO PACKAGE QA")
1169
1170 main_lic = d.getVar('LICENSE')
1171
1172 # Check for obsolete license references in main LICENSE (packages are checked below for any changes)
1173 main_licenses = oe.license.list_licenses(d.getVar('LICENSE'))
1174 obsolete = set(oe.license.obsolete_license_list()) & main_licenses
1175 if obsolete:
1176 oe.qa.handle_error("obsolete-license", "Recipe LICENSE includes obsolete licenses %s" % ' '.join(obsolete), d)
1177
1178 bb.build.exec_func("read_subpackage_metadata", d)
1179
1180 # Check non UTF-8 characters on recipe's metadata
1181 package_qa_check_encoding(['DESCRIPTION', 'SUMMARY', 'LICENSE', 'SECTION'], 'utf-8', d)
1182
1183 logdir = d.getVar('T')
1184 pn = d.getVar('PN')
1185
1186 # Scan the packages...
1187 pkgdest = d.getVar('PKGDEST')
1188 packages = set((d.getVar('PACKAGES') or '').split())
1189
1190 global pkgfiles
1191 pkgfiles = {}
1192 for pkg in packages:
1193 pkgfiles[pkg] = []
1194 pkgdir = os.path.join(pkgdest, pkg)
1195 for walkroot, dirs, files in os.walk(pkgdir):
1196 # Don't walk into top-level CONTROL or DEBIAN directories as these
1197 # are temporary directories created by do_package.
1198 if walkroot == pkgdir:
1199 for control in ("CONTROL", "DEBIAN"):
1200 if control in dirs:
1201 dirs.remove(control)
1202 for file in files:
1203 pkgfiles[pkg].append(os.path.join(walkroot, file))
1204
1205 # no packages should be scanned
1206 if not packages:
1207 return
1208
1209 import re
1210 # The package name matches the [a-z0-9.+-]+ regular expression
1211 pkgname_pattern = re.compile(r"^[a-z0-9.+-]+$")
1212
1213 taskdepdata = d.getVar("BB_TASKDEPDATA", False)
1214 taskdeps = set()
1215 for dep in taskdepdata:
1216 taskdeps.add(taskdepdata[dep][0])
1217
1218 def parse_test_matrix(matrix_name):
1219 testmatrix = d.getVarFlags(matrix_name) or {}
1220 g = globals()
1221 warnchecks = []
1222 for w in (d.getVar("WARN_QA") or "").split():
1223 if w in skip:
1224 continue
1225 if w in testmatrix and testmatrix[w] in g:
1226 warnchecks.append(g[testmatrix[w]])
1227
1228 errorchecks = []
1229 for e in (d.getVar("ERROR_QA") or "").split():
1230 if e in skip:
1231 continue
1232 if e in testmatrix and testmatrix[e] in g:
1233 errorchecks.append(g[testmatrix[e]])
1234 return warnchecks, errorchecks
1235
1236 for package in packages:
1237 skip = set((d.getVar('INSANE_SKIP') or "").split() +
1238 (d.getVar('INSANE_SKIP:' + package) or "").split())
1239 if skip:
1240 bb.note("Package %s skipping QA tests: %s" % (package, str(skip)))
1241
1242 bb.note("Checking Package: %s" % package)
1243 # Check package name
1244 if not pkgname_pattern.match(package):
1245 oe.qa.handle_error("pkgname",
1246 "%s doesn't match the [a-z0-9.+-]+ regex" % package, d)
1247
1248 warn_checks, error_checks = parse_test_matrix("QAPATHTEST")
1249 package_qa_walk(warn_checks, error_checks, package, d)
1250
1251 warn_checks, error_checks = parse_test_matrix("QAPKGTEST")
1252 package_qa_package(warn_checks, error_checks, package, d)
1253
1254 package_qa_check_rdepends(package, pkgdest, skip, taskdeps, packages, d)
1255 package_qa_check_deps(package, pkgdest, d)
1256
1257 warn_checks, error_checks = parse_test_matrix("QARECIPETEST")
1258 package_qa_recipe(warn_checks, error_checks, pn, d)
1259
1260 if 'libdir' in d.getVar("ALL_QA").split():
1261 package_qa_check_libdir(d)
1262
1263 oe.qa.exit_if_errors(d)
1264}
1265
1266# binutils is used for most checks, so need to set as dependency
1267# POPULATESYSROOTDEPS is defined in staging class.
1268do_package_qa[depends] += "${POPULATESYSROOTDEPS}"
1269do_package_qa[vardeps] = "${@bb.utils.contains('ERROR_QA', 'empty-dirs', 'QA_EMPTY_DIRS', '', d)}"
1270do_package_qa[vardepsexclude] = "BB_TASKDEPDATA"
1271do_package_qa[rdeptask] = "do_packagedata"
1272addtask do_package_qa after do_packagedata do_package before do_build
1273
1274# Add the package specific INSANE_SKIPs to the sstate dependencies
1275python() {
1276 pkgs = (d.getVar('PACKAGES') or '').split()
1277 for pkg in pkgs:
1278 d.appendVarFlag("do_package_qa", "vardeps", " INSANE_SKIP:{}".format(pkg))
1279}
1280
1281SSTATETASKS += "do_package_qa"
1282do_package_qa[sstate-inputdirs] = ""
1283do_package_qa[sstate-outputdirs] = ""
1284python do_package_qa_setscene () {
1285 sstate_setscene(d)
1286}
1287addtask do_package_qa_setscene
1288
1289python do_qa_sysroot() {
1290 bb.note("QA checking do_populate_sysroot")
1291 sysroot_destdir = d.expand('${SYSROOT_DESTDIR}')
1292 for sysroot_dir in d.expand('${SYSROOT_DIRS}').split():
1293 qa_check_staged(sysroot_destdir + sysroot_dir, d)
1294 oe.qa.exit_with_message_if_errors("do_populate_sysroot for this recipe installed files with QA issues", d)
1295}
1296do_populate_sysroot[postfuncs] += "do_qa_sysroot"
1297
1298python do_qa_patch() {
1299 import subprocess
1300
1301 ###########################################################################
1302 # Check patch.log for fuzz warnings
1303 #
1304 # Further information on why we check for patch fuzz warnings:
1305 # http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
1306 # https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
1307 ###########################################################################
1308
1309 logdir = d.getVar('T')
1310 patchlog = os.path.join(logdir,"log.do_patch")
1311
1312 if os.path.exists(patchlog):
1313 fuzzheader = '--- Patch fuzz start ---'
1314 fuzzfooter = '--- Patch fuzz end ---'
1315 statement = "grep -e '%s' %s > /dev/null" % (fuzzheader, patchlog)
1316 if subprocess.call(statement, shell=True) == 0:
1317 msg = "Fuzz detected:\n\n"
1318 fuzzmsg = ""
1319 inFuzzInfo = False
1320 f = open(patchlog, "r")
1321 for line in f:
1322 if fuzzheader in line:
1323 inFuzzInfo = True
1324 fuzzmsg = ""
1325 elif fuzzfooter in line:
1326 fuzzmsg = fuzzmsg.replace('\n\n', '\n')
1327 msg += fuzzmsg
1328 msg += "\n"
1329 inFuzzInfo = False
1330 elif inFuzzInfo and not 'Now at patch' in line:
1331 fuzzmsg += line
1332 f.close()
1333 msg += "The context lines in the patches can be updated with devtool:\n"
1334 msg += "\n"
1335 msg += " devtool modify %s\n" % d.getVar('PN')
1336 msg += " devtool finish --force-patch-refresh %s <layer_path>\n\n" % d.getVar('PN')
1337 msg += "Don't forget to review changes done by devtool!\n"
Andrew Geisslerc5535c92023-01-27 16:10:19 -06001338 msg += "\nPatch log indicates that patches do not apply cleanly."
Patrick Williams92b42cb2022-09-03 06:53:57 -05001339 oe.qa.handle_error("patch-fuzz", msg, d)
1340
1341 # Check if the patch contains a correctly formatted and spelled Upstream-Status
1342 import re
1343 from oe import patch
1344
Andrew Geisslerc5535c92023-01-27 16:10:19 -06001345 allpatches = False
1346 if bb.utils.filter('ERROR_QA', 'patch-status-noncore', d) or bb.utils.filter('WARN_QA', 'patch-status-noncore', d):
1347 allpatches = True
1348
Patrick Williams92b42cb2022-09-03 06:53:57 -05001349 coremeta_path = os.path.join(d.getVar('COREBASE'), 'meta', '')
1350 for url in patch.src_patches(d):
Andrew Geissler6aa7eec2023-03-03 12:41:14 -06001351 (_, _, fullpath, _, _, _) = bb.fetch.decodeurl(url)
Patrick Williams92b42cb2022-09-03 06:53:57 -05001352
Andrew Geissler6aa7eec2023-03-03 12:41:14 -06001353 # skip patches not in oe-core
1354 patchtype = "patch-status-core"
1355 if not os.path.abspath(fullpath).startswith(coremeta_path):
1356 patchtype = "patch-status-noncore"
1357 if not allpatches:
1358 continue
Patrick Williams92b42cb2022-09-03 06:53:57 -05001359
Andrew Geissler6aa7eec2023-03-03 12:41:14 -06001360 msg = oe.qa.check_upstream_status(fullpath)
1361 if msg:
1362 oe.qa.handle_error(patchtype, msg, d)
Andrew Geisslerc5535c92023-01-27 16:10:19 -06001363
1364 oe.qa.exit_if_errors(d)
Patrick Williams92b42cb2022-09-03 06:53:57 -05001365}
1366
1367python do_qa_configure() {
1368 import subprocess
1369
1370 ###########################################################################
1371 # Check config.log for cross compile issues
1372 ###########################################################################
1373
1374 configs = []
1375 workdir = d.getVar('WORKDIR')
1376
1377 skip = (d.getVar('INSANE_SKIP') or "").split()
1378 skip_configure_unsafe = False
1379 if 'configure-unsafe' in skip:
1380 bb.note("Recipe %s skipping qa checking: configure-unsafe" % d.getVar('PN'))
1381 skip_configure_unsafe = True
1382
1383 if bb.data.inherits_class('autotools', d) and not skip_configure_unsafe:
1384 bb.note("Checking autotools environment for common misconfiguration")
1385 for root, dirs, files in os.walk(workdir):
1386 statement = "grep -q -F -e 'is unsafe for cross-compilation' %s" % \
1387 os.path.join(root,"config.log")
1388 if "config.log" in files:
1389 if subprocess.call(statement, shell=True) == 0:
1390 error_msg = """This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities.
1391Rerun configure task after fixing this."""
1392 oe.qa.handle_error("configure-unsafe", error_msg, d)
1393
1394 if "configure.ac" in files:
1395 configs.append(os.path.join(root,"configure.ac"))
1396 if "configure.in" in files:
1397 configs.append(os.path.join(root, "configure.in"))
1398
1399 ###########################################################################
1400 # Check gettext configuration and dependencies are correct
1401 ###########################################################################
1402
1403 skip_configure_gettext = False
1404 if 'configure-gettext' in skip:
1405 bb.note("Recipe %s skipping qa checking: configure-gettext" % d.getVar('PN'))
1406 skip_configure_gettext = True
1407
1408 cnf = d.getVar('EXTRA_OECONF') or ""
1409 if not ("gettext" in d.getVar('P') or "gcc-runtime" in d.getVar('P') or \
1410 "--disable-nls" in cnf or skip_configure_gettext):
1411 ml = d.getVar("MLPREFIX") or ""
1412 if bb.data.inherits_class('cross-canadian', d):
1413 gt = "nativesdk-gettext"
1414 else:
1415 gt = "gettext-native"
1416 deps = bb.utils.explode_deps(d.getVar('DEPENDS') or "")
1417 if gt not in deps:
1418 for config in configs:
1419 gnu = "grep \"^[[:space:]]*AM_GNU_GETTEXT\" %s >/dev/null" % config
1420 if subprocess.call(gnu, shell=True) == 0:
1421 error_msg = "AM_GNU_GETTEXT used but no inherit gettext"
1422 oe.qa.handle_error("configure-gettext", error_msg, d)
1423
1424 ###########################################################################
1425 # Check unrecognised configure options (with a white list)
1426 ###########################################################################
1427 if bb.data.inherits_class("autotools", d):
1428 bb.note("Checking configure output for unrecognised options")
1429 try:
1430 if bb.data.inherits_class("autotools", d):
1431 flag = "WARNING: unrecognized options:"
1432 log = os.path.join(d.getVar('B'), 'config.log')
1433 output = subprocess.check_output(['grep', '-F', flag, log]).decode("utf-8").replace(', ', ' ').replace('"', '')
1434 options = set()
1435 for line in output.splitlines():
1436 options |= set(line.partition(flag)[2].split())
1437 ignore_opts = set(d.getVar("UNKNOWN_CONFIGURE_OPT_IGNORE").split())
1438 options -= ignore_opts
1439 if options:
1440 pn = d.getVar('PN')
1441 error_msg = pn + ": configure was passed unrecognised options: " + " ".join(options)
1442 oe.qa.handle_error("unknown-configure-option", error_msg, d)
1443 except subprocess.CalledProcessError:
1444 pass
1445
1446 # Check invalid PACKAGECONFIG
1447 pkgconfig = (d.getVar("PACKAGECONFIG") or "").split()
1448 if pkgconfig:
1449 pkgconfigflags = d.getVarFlags("PACKAGECONFIG") or {}
1450 for pconfig in pkgconfig:
1451 if pconfig not in pkgconfigflags:
1452 pn = d.getVar('PN')
1453 error_msg = "%s: invalid PACKAGECONFIG: %s" % (pn, pconfig)
1454 oe.qa.handle_error("invalid-packageconfig", error_msg, d)
1455
1456 oe.qa.exit_if_errors(d)
1457}
1458
1459def unpack_check_src_uri(pn, d):
1460 import re
1461
1462 skip = (d.getVar('INSANE_SKIP') or "").split()
1463 if 'src-uri-bad' in skip:
1464 bb.note("Recipe %s skipping qa checking: src-uri-bad" % d.getVar('PN'))
1465 return
1466
1467 if "${PN}" in d.getVar("SRC_URI", False):
1468 oe.qa.handle_error("src-uri-bad", "%s: SRC_URI uses PN not BPN" % pn, d)
1469
1470 for url in d.getVar("SRC_URI").split():
1471 # Search for github and gitlab URLs that pull unstable archives (comment for future greppers)
Patrick Williams7784c422022-11-17 07:29:11 -06001472 if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url) or "//codeload.github.com/" in url:
Patrick Williams92b42cb2022-09-03 06:53:57 -05001473 oe.qa.handle_error("src-uri-bad", "%s: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol" % pn, d)
1474
1475python do_qa_unpack() {
1476 src_uri = d.getVar('SRC_URI')
1477 s_dir = d.getVar('S')
1478 if src_uri and not os.path.exists(s_dir):
1479 bb.warn('%s: the directory %s (%s) pointed to by the S variable doesn\'t exist - please set S within the recipe to point to where the source has been unpacked to' % (d.getVar('PN'), d.getVar('S', False), s_dir))
1480
1481 unpack_check_src_uri(d.getVar('PN'), d)
1482}
1483
1484# Check for patch fuzz
1485do_patch[postfuncs] += "do_qa_patch "
1486
1487# Check broken config.log files, for packages requiring Gettext which
1488# don't have it in DEPENDS.
1489#addtask qa_configure after do_configure before do_compile
1490do_configure[postfuncs] += "do_qa_configure "
1491
1492# Check does S exist.
1493do_unpack[postfuncs] += "do_qa_unpack"
1494
1495python () {
1496 import re
1497
1498 tests = d.getVar('ALL_QA').split()
1499 if "desktop" in tests:
1500 d.appendVar("PACKAGE_DEPENDS", " desktop-file-utils-native")
1501
1502 ###########################################################################
1503 # Check various variables
1504 ###########################################################################
1505
1506 # Checking ${FILESEXTRAPATHS}
1507 extrapaths = (d.getVar("FILESEXTRAPATHS") or "")
1508 if '__default' not in extrapaths.split(":"):
1509 msg = "FILESEXTRAPATHS-variable, must always use :prepend (or :append)\n"
1510 msg += "type of assignment, and don't forget the colon.\n"
1511 msg += "Please assign it with the format of:\n"
1512 msg += " FILESEXTRAPATHS:append := \":${THISDIR}/Your_Files_Path\" or\n"
1513 msg += " FILESEXTRAPATHS:prepend := \"${THISDIR}/Your_Files_Path:\"\n"
1514 msg += "in your bbappend file\n\n"
1515 msg += "Your incorrect assignment is:\n"
1516 msg += "%s\n" % extrapaths
1517 bb.warn(msg)
1518
1519 overrides = d.getVar('OVERRIDES').split(':')
1520 pn = d.getVar('PN')
1521 if pn in overrides:
1522 msg = 'Recipe %s has PN of "%s" which is in OVERRIDES, this can result in unexpected behaviour.' % (d.getVar("FILE"), pn)
1523 oe.qa.handle_error("pn-overrides", msg, d)
1524 prog = re.compile(r'[A-Z]')
1525 if prog.search(pn):
1526 oe.qa.handle_error("uppercase-pn", 'PN: %s is upper case, this can result in unexpected behavior.' % pn, d)
1527
1528 # Some people mistakenly use DEPENDS:${PN} instead of DEPENDS and wonder
1529 # why it doesn't work.
1530 if (d.getVar(d.expand('DEPENDS:${PN}'))):
1531 oe.qa.handle_error("pkgvarcheck", "recipe uses DEPENDS:${PN}, should use DEPENDS", d)
1532
1533 issues = []
1534 if (d.getVar('PACKAGES') or "").split():
1535 for dep in (d.getVar('QADEPENDS') or "").split():
1536 d.appendVarFlag('do_package_qa', 'depends', " %s:do_populate_sysroot" % dep)
1537 for var in 'RDEPENDS', 'RRECOMMENDS', 'RSUGGESTS', 'RCONFLICTS', 'RPROVIDES', 'RREPLACES', 'FILES', 'pkg_preinst', 'pkg_postinst', 'pkg_prerm', 'pkg_postrm', 'ALLOW_EMPTY':
1538 if d.getVar(var, False):
1539 issues.append(var)
1540
1541 fakeroot_tests = d.getVar('FAKEROOT_QA').split()
1542 if set(tests) & set(fakeroot_tests):
1543 d.setVarFlag('do_package_qa', 'fakeroot', '1')
1544 d.appendVarFlag('do_package_qa', 'depends', ' virtual/fakeroot-native:do_populate_sysroot')
1545 else:
1546 d.setVarFlag('do_package_qa', 'rdeptask', '')
1547 for i in issues:
1548 oe.qa.handle_error("pkgvarcheck", "%s: Variable %s is set as not being package specific, please fix this." % (d.getVar("FILE"), i), d)
1549
1550 if 'native-last' not in (d.getVar('INSANE_SKIP') or "").split():
1551 for native_class in ['native', 'nativesdk']:
1552 if bb.data.inherits_class(native_class, d):
1553
1554 inherited_classes = d.getVar('__inherit_cache', False) or []
1555 needle = "/" + native_class
1556
1557 bbclassextend = (d.getVar('BBCLASSEXTEND') or '').split()
1558 # BBCLASSEXTEND items are always added in the end
1559 skip_classes = bbclassextend
1560 if bb.data.inherits_class('native', d) or 'native' in bbclassextend:
1561 # native also inherits nopackages and relocatable bbclasses
1562 skip_classes.extend(['nopackages', 'relocatable'])
1563
1564 broken_order = []
1565 for class_item in reversed(inherited_classes):
1566 if needle not in class_item:
1567 for extend_item in skip_classes:
1568 if '/%s.bbclass' % extend_item in class_item:
1569 break
1570 else:
1571 pn = d.getVar('PN')
1572 broken_order.append(os.path.basename(class_item))
1573 else:
1574 break
1575 if broken_order:
1576 oe.qa.handle_error("native-last", "%s: native/nativesdk class is not inherited last, this can result in unexpected behaviour. "
1577 "Classes inherited after native/nativesdk: %s" % (pn, " ".join(broken_order)), d)
1578
1579 oe.qa.exit_if_errors(d)
1580}