mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-11 23:16:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
d2f2e11225
flatcar-scripts/build_library/test_image_content.sh
David Michael 3383790d28 build_library: Whitelist the new Go 1.9 GLSA 
This is the same case as the previous one.  Our Go 1.8 package has
the fix, but none of the older unsupported versions do.  Since we
have multiple installed versions and this says anything less than
Go 1.9 is vulnerable, we have to whitelist it until all older
versions of Go are removed from the OS.
2018-03-07 18:54:15 -05:00

74 lines
2.2 KiB
Bash
Raw Blame History

# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
GLSA_WHITELIST=(
201412-09 # incompatible CA certificate version numbers
201710-23 # we handle Go differently; drop when 1.9 builds everything
201803-03 # same as above, drop when all Go < 1.9 packages are gone
)
glsa_image() {
if glsa-check-$BOARD -t all | grep -Fvx "${GLSA_WHITELIST[@]/#/-e}"; then
echo "The above GLSAs apply to $ROOT"
return 1
fi
return 0
}
test_image_content() {
local root="$1"
local returncode=0
info "Checking $1"
local check_root="${BUILD_LIBRARY_DIR}/check_root"
if ! ROOT="$root" "$check_root" libs; then
warn "test_image_content: Failed dependency check"
warn "This may be the result of having a long-lived SDK with binary"
warn "packages that predate portage 2.2.18. If this is the case try:"
echo " emerge-$BOARD -agkuDN --rebuilt-binaries=y -j9 @world"
echo " emerge-$BOARD -a --depclean"
#returncode=1
fi
local blacklist_dirs=(
"$root/usr/share/locale"
)
for dir in "${blacklist_dirs[@]}"; do
if [ -d "$dir" ]; then
warn "test_image_content: Blacklisted directory found: $dir"
# Only a warning for now, size isn't important enough to kill time
# playing whack-a-mole on things like this this yet.
#error "test_image_content: Blacklisted directory found: $dir"
#returncode=1
fi
done
# Check that there are no conflicts between /* and /usr/*
if ! ROOT="$root" "$check_root" usr; then
error "test_image_content: Failed /usr conflict check"
returncode=1
fi
# Check that there are no #! lines pointing to non-existant locations
if ! ROOT="$root" "$check_root" shebang; then
warn "test_image_content: Failed #! check"
# Only a warning for now. We still have to actually remove all of the
# offending scripts.
#error "test_image_content: Failed #! check"
#returncode=1
fi
if ! sudo ROOT="$root" "$check_root" symlink; then
error "test_image_content: Failed symlink check"
returncode=1
fi
if ! ROOT="$root" glsa_image; then
returncode=1
fi
return $returncode
}
Reference in New Issue View Git Blame Copy Permalink