-
Notifications
You must be signed in to change notification settings - Fork 14
/
check-tarball.sh
executable file
·105 lines (88 loc) · 2.38 KB
/
check-tarball.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/bin/bash
# Copyright lowRISC contributors.
# Licensed under the Apache License, Version 2.0, see LICENSE for details.
# SPDX-License-Identifier: Apache-2.0
## check-tarball.sh
#
# Takes a tarball name and checks all symlinks resolve to an existing file. This
# has been an issue we keep running into, so CI can now check it for us!
#
# It also checks that the `buildinfo.json` in the tarball is valid JSON, which
# was an issue we ran into.
set -e
set -o pipefail
if ! [ "$#" = 1 ]; then
echo "Usage: $0 <tarball>"
exit 2
fi;
tarball="$1"
tarball_dest="$(mktemp -d)"
found_error=false
echo "Checking: $1"
# Extract tarball into `tarball_dest`
echo "Extracting:"
tar -x -v \
-f "${tarball}" \
--strip-components=1 \
-C "${tarball_dest}"
broken_symlinks="$(mktemp)"
# Check for broken symlinks
echo "Checking symlinks"
find "${tarball_dest}" -type l \
-exec test ! -e '{}' \; \
-print | tee "${broken_symlinks}"
if [ -s "${broken_symlinks}" ]; then
echo "ERROR: Broken Symlinks Found"
found_error=true
fi
echo "Checking buidinfo.json"
if ! python3 -mjson.tool "${tarball_dest}/buildinfo.json"; then
echo "ERROR: buildinfo.json not valid json"
found_error=true
fi
# Check binaries to ensure that they are only linked to a very limited set of
# libraries:
#
# # Linux dynamic linker and kernel interface
# ld-linux.*
# linux-gate.so
# linux-vdso.so
#
# # glibc
# libc.so
# libm.so
# libpthread.so
# librt.so
# libdl.so
# libcrypt.so (NOT libcrypto.so!)
# libutil.so
# libnsl.so
# libresolv.so
# # GCC runtime
# libgcc_s.so
#
# See
# https://github.com/phusion/holy-build-box/blob/master/ESSENTIAL-SYSTEM-LIBRARIES.md
# for details.
# Clang and GCC link against the following libraries, which must be present at
# runtime:
# - libz.so.1 (zlib)
# - libncursesw.so.5 and libtinfo.so.5 (ncurses5)
# - libstdc++.so.6
export LIBCHECK_ALLOW='libstdc\+\+|libtinfo|libncursesw|libz'
libcheck_output="$(mktemp)"
echo "Checking ELF Binaries for Library Usage"
find "${tarball_dest}/bin" \
-exec sh -c 'file "$1" | grep -qi ": elf"' _ {} \; \
-exec python3 libcheck.py {} \; | tee "${libcheck_output}"
if grep "is linked to non-system libraries" "${libcheck_output}"; then
echo "ERROR: Toolchain Executable Linked to non-system library."
found_error=true
fi
if [ "${found_error}" = "true" ]; then
echo "FAIL! Problems found, see errors above."
exit 1
else
echo "PASS! No problems found."
exit 0
fi