Date: Wed, 26 Nov 2008 16:36:44 GMT From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/129210: [patch] Instrument bsd.ports.mk to detect unstripped binaries Message-ID: <200811261636.mAQGaic6017542@happy-idiot-talk.infracaninophile.co.uk> Resent-Message-ID: <200811261640.mAQGe4f2021935@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129210 >Category: ports >Synopsis: [patch] Instrument bsd.ports.mk to detect unstripped binaries >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Nov 26 16:40:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 7.1-PRERELEASE i386 >Organization: Infracaninophile >Environment: System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #48: Sat Nov 15 16:25:25 GMT 2008 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 >Description: This patch was suggested by a conversation on freebsd-questions@ where it became apparent that a significant minority of ports were not installing binary objects stripped, in contravention of the Porter's Handbook: http://lists.freebsd.org/pipermail/freebsd-questions/2008-November/186573.html et. seq. During my testing it has quickly become apparent that most binary executables installed via the ports are correctly stripped -- with some exceptions -- whereas shared libraries and loadable objects generally aren't. Compare the results of 'file *.so.*' in /usr/lib against /usr/local/lib for example. This also works for Linux executables / shared objects as well as Native FreeBSD. I also implemented a second, very similar check, which just flags if a port doesn't install any files using architecture dependant formats, on the basis that there's no point repeatedly building exactly the same thing for 6 different CPU architectures. The new functionality is turned off by default. To enable the checks, simply add: ENABLE_POST_INSTALL_CHECKS= check-binaries-stripped check-if-arch-indep to /etc/make.conf Or just list one of those targets if you don't want both. >How-To-Repeat: >Fix: --- bsd.port.mk.patch begins here --- --- bsd.port.mk.save 2008-11-22 17:21:56.000000000 +0000 +++ bsd.port.mk 2008-11-26 15:59:38.000000000 +0000 @@ -4095,6 +4095,100 @@ .endif # !defined(DISABLE_SECURITY_CHECK) ################################################################ +# Post install checks -- not enabled by default. Checks to do +# with QA and gathering statistics about ports, primarily of +# interest to port maintainers and portmgr@ +# +# To enable, define ENABLE_POST_INSTALL_CHECKS as a list of the +# check targets to be run +################################################################ + +.if !target(post-install-checks) +.if !defined(ENABLE_POST_INSTALL_CHECKS) + +post-install-checks: + @${DO_NADA} + +.else + +post-install-checks: _show_checks + +_show_checks: + @${ECHO_MSG} "===> Performing the following post install checks:" + +.if !empty(ENABLE_POST_INSTALL_CHECKS:Mcheck-binaries-stripped) +# Binaries should generally be stripped on installation, with some +# exceptions -- eg. kernel modules should not be stripped. + +post-install-checks: check-binaries-stripped + +.if !target(check-binaries-stripped) +check-binaries-stripped: + @${ECHO_MSG} "---> check-binaries-stripped" + -@${RM} -f ${WRKDIR}/.PLIST.binaries-stripped \ + ${WRKDIR}/.PLIST.binaries-not-stripped ; \ + for i in `${GREP} -v '^@' ${TMPPLIST}`; do \ + if [ ! -L "${PREFIX}/$$i" -a -f "${PREFIX}/$$i" ]; then \ + case `${FILE} -i ${PREFIX}/$$i` in \ + *application/x-executable*,\ not\ stripped* | \ + *application/x-sharedlib*,\ not\ stripped*) \ + ${ECHO_CMD} "${PREFIX}/$$i" >> \ + ${WRKDIR}/.PLIST.binaries-not-stripped ;; \ + *application/x-executable*,\ stripped* | \ + *application/x-sharedlib*,\ stripped*) \ + ${ECHO_CMD} "${PREFIX}/$$i" >> \ + ${WRKDIR}/.PLIST.binaries-stripped ;; \ + *) ;; \ + esac ; \ + fi; \ + done ; \ + if [ -s ${WRKDIR}/.PLIST.binaries-not-stripped ] ; then \ + ${ECHO_MSG} " This port has installed the following *non-stripped* binaries:" ; \ + ${CAT} ${WRKDIR}/.PLIST.binaries-not-stripped ; \ + fi ; \ + if [ -s ${WRKDIR}/.PLIST.binaries-stripped ] ; then \ + ${ECHO_MSG} " This port has installed the following *stripped* binaries:" ; \ + ${CAT} ${WRKDIR}/.PLIST.binaries-stripped ; \ + fi ; + +.endif +.endif # !empty(ENABLE_POST_INSTALL_CHECKS:Mcheck-binaries-stripped) + +.if !empty(ENABLE_POST_INSTALL_CHECKS:Mcheck-if-arch-indep) +# Identify ports which do not install any compiled object code +# (eg. pure perl modules, PEAR modules, shell scripts, etc.) as these +# are likely to be completely architecture independent. In which +# case, there's no point rebuilding them for each different CPU +# architecture, or have multiple copies of the packages on the FTP +# servers. + +post-install-checks: check-if-arch-indep + +.if !target(check-if-arch-indep) +check-if-arch-indep: + @${ECHO_MSG} "---> check-if-arch-indep" + -@${RM} -f ${WRKDIR}/.PLIST.elf-objects ; \ + for i in `${GREP} -v '^@' ${TMPPLIST}`; do \ + if [ ! -L "${PREFIX}/$$i" -a -f "${PREFIX}/$$i" ]; then \ + case `${FILE} ${PREFIX}/$$i` in \ + *ELF*) \ + ${ECHO_CMD} "${PREFIX}/$$i" >> \ + ${WRKDIR}/.PLIST.elf-objects ;; \ + esac ; \ + fi; \ + done ; \ + if [ ! -s ${WRKDIR}/.PLIST.elf-objects ]; then \ + ${ECHO_CMD} " Port does not install any architecture dependent files" ; \ + fi ; + +.endif +.endif # !empty(ENABLE_POST_INSTALL_CHECKS:Mcheck-if-arch-indep) + +.endif # !defined(ENABLE_POST_INSTALL_CHECKS) +.endif # !target(post-install-checks) + + +################################################################ # Skeleton targets start here # # You shouldn't have to change these. Either add the pre-* or @@ -4141,7 +4235,8 @@ post-install post-install-script add-plist-info \ add-plist-docs add-plist-examples add-plist-data \ add-plist-post install-rc-script compress-man \ - install-ldconfig-file fake-pkg security-check + install-ldconfig-file fake-pkg security-check \ + post-install-checks _PACKAGE_DEP= install _PACKAGE_SEQ= package-message pre-package pre-package-script \ do-package post-package-script --- bsd.port.mk.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811261636.mAQGaic6017542>