insane.bbclass: make the checking stricter for unsafe references in scripts

Previously, the checking for unsafe references is not strict enough. It only checks whether '/usr/' is in the script. As a result, any script containing statements like below will match this check. PATH="/bin:/sbin:/usr/bin:/usr/sbin" However, as we can see, this is actually not an unsafe reference. What we really want to check is something like '/usr/bin/tail', so we should make the checking stricter. This patch solves the QA warning in gzip and nfs-utils. (From OE-Core rev: f818f7359c1a5db2c5c041c42eecb9f0434d9800) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Chen Qi <qi.chen@windriver.com> 2016-02-19 10:38:39 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-03-07 00:11:37 +0000
commit: 4284fdfe5e8cb17fdc75ce6759f27db3bce2b96c (patch)
tree: ea15d613cbaaea8a7af3769e3096529cc350fcff /meta
parent: 5cd71fe432c9bdfd3ff519543e96e8caa2b7cf6c (diff)
download: poky-4284fdfe5e8cb17fdc75ce6759f27db3bce2b96c.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index b9adea77c8..ebf92ac621 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -428,7 +428,7 @@ def package_qa_check_unsafe_references_in_scripts(path, name, d, elf, messages):
        if bool(statinfo.st_mode & stat.S_IXUSR):
            # grep shell scripts for possible references to /exec_prefix/
            exec_prefix = d.getVar('exec_prefix', True)
-            statement = "grep -e '%s/' %s > /dev/null" % (exec_prefix, path)
+            statement = "grep -e '%s/[^ :]\{1,\}/[^ :]\{1,\}' %s > /dev/null" % (exec_prefix, path)
            if subprocess.call(statement, shell=True) == 0:
                error_msg = pn + ": Found a reference to %s/ in %s" % (exec_prefix, path)
                package_qa_handle_error("unsafe-references-in-scripts", error_msg, d)
author	Chen Qi <qi.chen@windriver.com>	2016-02-19 10:38:39 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-03-07 00:11:37 +0000
commit	4284fdfe5e8cb17fdc75ce6759f27db3bce2b96c (patch)
tree	ea15d613cbaaea8a7af3769e3096529cc350fcff /meta
parent	5cd71fe432c9bdfd3ff519543e96e8caa2b7cf6c (diff)
download	poky-4284fdfe5e8cb17fdc75ce6759f27db3bce2b96c.tar.gz

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass index b9adea77c8..ebf92ac621 100644 --- a/meta/classes/insane.bbclass +++ b/meta/classes/insane.bbclass
@@ -428,7 +428,7 @@ def package_qa_check_unsafe_references_in_scripts(path, name, d, elf, messages):
428	if bool(statinfo.st_mode & stat.S_IXUSR):	428	if bool(statinfo.st_mode & stat.S_IXUSR):
429	# grep shell scripts for possible references to /exec_prefix/	429	# grep shell scripts for possible references to /exec_prefix/
430	exec_prefix = d.getVar('exec_prefix', True)	430	exec_prefix = d.getVar('exec_prefix', True)
431	statement = "grep -e '%s/' %s > /dev/null" % (exec_prefix, path)	431	statement = "grep -e '%s/[^ :]\{1,\}/[^ :]\{1,\}' %s > /dev/null" % (exec_prefix, path)
432	if subprocess.call(statement, shell=True) == 0:	432	if subprocess.call(statement, shell=True) == 0:
433	error_msg = pn + ": Found a reference to %s/ in %s" % (exec_prefix, path)	433	error_msg = pn + ": Found a reference to %s/ in %s" % (exec_prefix, path)
434	package_qa_handle_error("unsafe-references-in-scripts", error_msg, d)	434	package_qa_handle_error("unsafe-references-in-scripts", error_msg, d)