We handle Go differently than Gentoo, so our 1.8.4 package includes
the same security fixes. When all packages are built with Go 1.9,
the older Go packages shouldn't be installed anymore, so this line
can be dropped.
Once we've built the packages, verify against the Gentoo Linux Security
Advisories to ensure that we're not shipping anything with known
vulnerabilities.
The new python script check_root uses data that portage already
maintains on what shared libraries packages need or provide instead of
re-scanning whatever ELF files that can be found. This is much more
comprehensive but there is a bit of a transition issue for folks with
long-lived SDKs: packages built with portage older than 2.2.18 do not
include this data. As such for now the check is non-fatal and provides a
command you can use to refresh locally installed packages.
The code checking for conflicts between top level directories and /usr
has also been rewritten. Both tests now are considerably faster.
Now uses the package database instead of filesystem so the check works
even if /bin and friends are symlinks to /usr. Also disable the
whitelist and check that the expected symlinks are correct if the
symlink-usr USE flag is enabled.
Switching the toolchain to upstream Gentoo brought this directory back
and based on the Chromium OS history keeping this directory out of the
builds is a bit tedious. Keeping image sizes down isn't *that* important
right now so just let it be.
This makes us fail if /etc/localtime doesn't point at
/var/lib/timezone/localtime.
BUG=chromium-os:27413
TEST=manual: error from build_image after i patched chromeos-base to not create the symlink
Change-Id: I11ef272c2dcd67a189a5d67c46792490ec6d27a1
Reviewed-on: https://gerrit.chromium.org/gerrit/19335
Tested-by: Daniel Erat <derat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Daniel Erat <derat@chromium.org>
Also, blacklist /usr/share/locale. Most recently this unused directory crept
back into the image after some "sudo" package changes/upgrades.
BUG=chromium-os:11820
TEST=build_image dev for x86-alex, tegra2, amd64-generic
Change-Id: I0a209a5030a3da3674d3a38faf2367032c6e3423
Reviewed-on: https://gerrit.chromium.org/gerrit/16352
Tested-by: Darin Petkov <petkov@chromium.org>
Reviewed-by: Chris Sosa <sosa@chromium.org>
Commit-Ready: Darin Petkov <petkov@chromium.org>
With Aura, we won't have a need for the WM any more.
TEST=built an image without chromeos-wm, verified that the build system didn't complain.
Change-Id: Id6e5006770f72ea45f440dbe56ff7f53262864c1
Reviewed-on: https://gerrit.chromium.org/gerrit/15212
Tested-by: Stéphane Marchesin <marcheu@chromium.org>
Reviewed-by: Daniel Erat <derat@chromium.org>
Commit-Ready: Stéphane Marchesin <marcheu@chromium.org>
Renamed the fuction from "test_image" to "test_image_content";
renamed the source file to match.
BUG=None
TEST=build both x86 and arm images
Change-Id: I158f2c5bc0f2fc260d48bd125a1899e6a21d7b79
Reviewed-on: http://gerrit.chromium.org/gerrit/5821
Reviewed-by: Vince Laviano <vlaviano@chromium.org>
Tested-by: Richard Barnette <jrbarnette@chromium.org>
