From 00dacc1b6218822faeeefe7378085bf33f0a6d41 Mon Sep 17 00:00:00 2001
From: jperkin <jperkin@pkgsrc.org>
Date: Wed, 3 May 2017 13:46:53 +0000
Subject: Introduce CHECK_SHLIBS_BLACKLIST which allows users to specify a list
 of regexps that will cause the checks to fail if they match resolved RPATHs.

---
 mk/check/check-shlibs-elf.awk | 11 +++++++++--
 mk/check/check-shlibs.mk      | 13 ++++++++++++-
 2 files changed, 21 insertions(+), 3 deletions(-)

(limited to 'mk')

diff --git a/mk/check/check-shlibs-elf.awk b/mk/check/check-shlibs-elf.awk
index 8f934896ee2..84bf5c1b433 100644
--- a/mk/check/check-shlibs-elf.awk
+++ b/mk/check/check-shlibs-elf.awk
@@ -1,4 +1,4 @@
-# $NetBSD: check-shlibs-elf.awk,v 1.14 2017/04/26 11:19:16 jperkin Exp $
+# $NetBSD: check-shlibs-elf.awk,v 1.15 2017/05/03 13:46:53 jperkin Exp $
 #
 # Copyright (c) 2007 Joerg Sonnenberger <joerg@NetBSD.org>.
 # All rights reserved.
@@ -121,13 +121,14 @@ function checkshlib(DSO, needed, rpath, found, dso_rpath, got_rpath, nrpath) {
 	if (!got_rpath)
 		nrpath = split(system_rpath, rpath, ":")
 	close(cmd)
-	nedirs = split(extradirs, edirs, " ")
 	for (p in rpath) {
 		if (rpath[p] == wrkdir ||
 		    substr(rpath[p], 1, length(wrkdir) + 1) == wrkdir "/") {
 			print DSO ": rpath relative to WRKDIR"
 		}
 	}
+	nblist = split(blacklist, blist, " ")
+	nedirs = split(extradirs, edirs, " ")
 	for (lib in needed) {
 		found = 0
 		for (p = 1; p <= nrpath; p++) {
@@ -137,6 +138,11 @@ function checkshlib(DSO, needed, rpath, found, dso_rpath, got_rpath, nrpath) {
 			}
 			if (!libcache[libfile]) {
 				check_pkg(rpath[p] "/" lib)
+				for (b = 1; b <= nblist; b++) {
+					if (match(rpath[p] "/" lib, blist[b])) {
+						print DSO ": resolved path " rpath[p] "/" lib " matches blacklist " blist[b]
+					}
+				}
 				for (e = 1; e <= nedirs; e++) {
 					if (rpath[p] == edirs[e] ||
 					    substr(rpath[p], 1, length(edirs[e]) + 1) == edirs[e] "/") {
@@ -169,6 +175,7 @@ BEGIN {
 	readelf = ENVIRON["READELF"]
 	wrkdir = ENVIRON["WRKDIR"]
 	extradirs = ENVIRON["CHECK_WRKREF_EXTRA_DIRS"]
+	blacklist = ENVIRON["CHECK_SHLIBS_BLACKLIST"]
 	pkg_info_cmd = ENVIRON["PKG_INFO_CMD"]
 	depends_file = ENVIRON["DEPENDS_FILE"]
 	if (readelf == "")
diff --git a/mk/check/check-shlibs.mk b/mk/check/check-shlibs.mk
index cf931b10b03..9b07d6fd9ac 100644
--- a/mk/check/check-shlibs.mk
+++ b/mk/check/check-shlibs.mk
@@ -1,4 +1,4 @@
-# $NetBSD: check-shlibs.mk,v 1.29 2016/04/10 15:58:02 joerg Exp $
+# $NetBSD: check-shlibs.mk,v 1.30 2017/05/03 13:46:53 jperkin Exp $
 #
 # This file verifies that all libraries used by the package can be found
 # at run-time.
@@ -10,6 +10,14 @@
 #
 #	Default value: "yes" for PKG_DEVELOPERs, "no" otherwise.
 #
+# CHECK_SHLIBS_BLACKLIST
+# 	A list of regular expressions that will cause the test to fail
+# 	if they are matched in the resolved runpath.  For example, set
+# 	to ^/usr/lib/lib(crypto|ssl) will ensure that OpenSSL is not
+# 	accidentally picked up from the OS.
+#
+#	Default value: empty.
+#
 # Package-settable variables:
 #
 # CHECK_SHLIBS_SKIP
@@ -68,6 +76,9 @@ CHECK_SHLIBS_NATIVE_ENV+=	WRKDIR=${WRKDIR:Q}
 .  if defined(CHECK_WRKREF) && !empty(CHECK_WRKREF:Mextra)
 CHECK_SHLIBS_NATIVE_ENV+=	CHECK_WRKREF_EXTRA_DIRS=${CHECK_WRKREF_EXTRA_DIRS:Q}
 .  endif
+.  if defined(CHECK_SHLIBS_BLACKLIST)
+CHECK_SHLIBS_NATIVE_ENV+=	CHECK_SHLIBS_BLACKLIST=${CHECK_SHLIBS_BLACKLIST:Q}
+.  endif
 
 _check-shlibs: error-check .PHONY
 	@${STEP_MSG} "Checking for missing run-time search paths in ${PKGNAME}"
-- 
cgit v1.2.3