commit: f653e0b5ff5620e852e5fbbd23d62fa3577f2a7d Author: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> AuthorDate: Fri Aug 13 01:52:38 2021 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon Aug 16 02:12:09 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f653e0b5
metadata/install-qa-check.d: add check for missing tmpfiles_process call See: https://archives.gentoo.org/gentoo-dev/message/7bdfdc9a7560fd07436defd0253af0b8 Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org> Signed-off-by: Sam James <sam <AT> gentoo.org> metadata/install-qa-check.d/60tmpfiles-paths | 34 ++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/metadata/install-qa-check.d/60tmpfiles-paths b/metadata/install-qa-check.d/60tmpfiles-paths index 81286de584a..aa666dfb7ce 100644 --- a/metadata/install-qa-check.d/60tmpfiles-paths +++ b/metadata/install-qa-check.d/60tmpfiles-paths @@ -3,11 +3,14 @@ # QA check: ensure that packages installing tmpfiles configuration inherit the eclass # Maintainer: Sam James <[email protected]> +# Maintainer: Georgy Yakovlev <[email protected]> # Implements two checks: # 1) Installation to /etc/tmpfiles.d (which is a user-customization location); # 2) Installation of any tmpfiles to /usr/lib/tmpfiles.d without inheriting the eclass -# (needed for tmpfiles_process in pkg_postinst) +# (needed for tmpfiles_process in pkg_postinst); +# 3) Check for installation of tmpfiles without calling tmpfiles_process in +# pkg_postinst. tmpfiles_check() { # Check 1 # Scan image for files in /etc/tmpfiles.d which is a forbidden location @@ -17,30 +20,41 @@ tmpfiles_check() { shopt -u nullglob if [[ ${#files[@]} -gt 0 ]]; then - eqawarn "QA Notice: files installed to /etc/tmpfiles.d" - eqawarn "tmpfiles configuration files must be installed by ebuilds /usr/lib/tmpfiles.d!" + eqawarn "QA Notice: files installed to /etc/tmpfiles.d found" + eqawarn "tmpfiles configuration files supplied by ebuilds must be installed to /usr/lib/tmpfiles.d" fi # Check 2 # We're now going to check for whether we install files to /usr/lib/tmpfiles.d without # inheriting the eclass (weak catch for ebuilds not calling tmpfiles_process in pkg_postinst) - # No need to carry on if we're inheriting the eclass - if has tmpfiles ${INHERITED} ; then - return - fi - # It's okay for some packages to do this because of circular dependencies and such # See: https://archives.gentoo.org/gentoo-dev/message/0a96793036a4fdd9ac311a46950d7e7b # TODO: Standardize some way of allowing ebuilds to opt-out of checks like this local package=${CATEGORY}/${PN} + if [[ ${package} == "sys-apps/systemd" || ${package} == "sys-libs/pam" ]] ; then return fi if [[ -d "${ED}"/usr/lib/tmpfiles.d/ ]] ; then - eqawarn "QA Notice: package is installing tmpfiles without inheriting tmpfiles.eclass!" - eqawarn "Packages must inherit tmpfiles.eclass then call tmpfiles_process in pkg_postinst." + if ! has tmpfiles ${INHERITED} ; then + eqawarn "QA Notice: package is installing tmpfiles without inheriting tmpfiles.eclass!" + eqawarn "Packages must inherit tmpfiles.eclass then call tmpfiles_process in pkg_postinst." + return + fi + + # Check 3 + # Check whether we're installing tmpfiles without explicitly + # calling tmpfiles_process in pkg_postinst, but we have inherited + # the eclass. + # Small risk of false positives if called indirectly. + # See: https://archives.gentoo.org/gentoo-dev/message/7bdfdc9a7560fd07436defd0253af0b8 + local pkg_postinst_body="$(declare -fp pkg_postinst 2>&1)" + if [[ ! ${pkg_postinst_body} == *tmpfiles_process* ]] ; then + eqawarn "QA Notice: package is installing tmpfiles without calling" + eqawarn "tmpfiles_process in pkg_postinst phase" + fi fi }
