diff options
| author | Guillem Jover <guillem@debian.org> | 2018-12-03 08:57:14 +0100 |
|---|---|---|
| committer | Guillem Jover <guillem@debian.org> | 2019-02-23 16:24:22 +0100 |
| commit | 769e87e0b9943bae4c62f1a5c85581be653d74b8 (patch) | |
| tree | a21c49ccbc15c65e444328a2876d61ee5a333f57 | |
| parent | dd406dc36649bacf646c51735214b9b21a82b5ae (diff) | |
| download | dpkg-769e87e0b9943bae4c62f1a5c85581be653d74b8.tar.gz | |
Dpkg::Vendor::Debian: Add support for usr-local-has-* tainted tags
These will detect problematic files under /usr/local which can taint
the current build.
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | man/deb-buildinfo.man | 12 | ||||
| -rw-r--r-- | scripts/Dpkg/Vendor/Debian.pm | 14 |
3 files changed, 27 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index a57bd3438..16ea0cf74 100644 --- a/debian/changelog +++ b/debian/changelog @@ -28,6 +28,7 @@ dpkg (1.19.5) UNRELEASED; urgency=medium * Perl modules: - Dpkg::Vendor::Debian: Add support for merged-usr-via-symlinks tainted tag. Suggested by Alexander E. Patrakov <patrakov@gmail.com>. + - Dpkg::Vendor::Debian: Add support for usr-local-has-* tainted tags. * Documentation: - start-stop-daemon(1): Document behavior of --pidfile security checks. Closes: #921557 diff --git a/man/deb-buildinfo.man b/man/deb-buildinfo.man index fe276bef2..691acb255 100644 --- a/man/deb-buildinfo.man +++ b/man/deb-buildinfo.man @@ -169,6 +169,18 @@ problems, and messes with the understanding of the filesystem that For build systems that hardcode pathnames to specific binaries or libraries on the resulting artifacts, it can also produce packages that will be incompatible with non-/usr-merged filesystems. +.TP +.B usr\-local\-has\-configs +The system has configuration files under \fI/usr/local/etc\fP. +.TP +.B usr\-local\-has\-includes +The system has header files under \fI/usr/local/include\fP. +.TP +.B usr\-local\-has\-programs +The system has programs under \fI/usr/local/bin\fP or \fI/usr/local/sbin\fP. +.TP +.B usr\-local\-has\-libraries +The system has libraries, either static or shared under \fI/usr/local/lib\fP. .RE .TP .BR Installed\-Build\-Depends: " (required)" diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index 6948bdc16..a352bbdde 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -455,6 +455,20 @@ sub _build_tainted_by { } } + require File::Find; + my %usr_local_types = ( + configs => [ qw(etc) ], + includes => [ qw(include) ], + programs => [ qw(bin sbin) ], + libraries => [ qw(lib) ], + ); + foreach my $type (keys %usr_local_types) { + File::Find::find({ + wanted => sub { $tainted{"usr-local-has-$type"} = 1 if -f }, + no_chdir => 1, + }, map { "/usr/local/$_" } @{$usr_local_types{$type}}); + } + my @tainted = sort keys %tainted; return @tainted; } |