From ed0cee645f6747190ded18780c45c906332d0b03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= Date: Sat, 1 Dec 2018 16:16:01 +0100 Subject: [PATCH 1/2] audit-tmpdir hook: use abspath matching on RPATH entries This ensures that RPATH entries like "/foo/build/bar" doesn't trigger a match when TMPDIR is "/build/bar". (I've had this problem with a prebuilt package.) --- pkgs/build-support/setup-hooks/audit-tmpdir.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/setup-hooks/audit-tmpdir.sh b/pkgs/build-support/setup-hooks/audit-tmpdir.sh index 43ea0d6caec..291f7f306f7 100644 --- a/pkgs/build-support/setup-hooks/audit-tmpdir.sh +++ b/pkgs/build-support/setup-hooks/audit-tmpdir.sh @@ -20,7 +20,7 @@ auditTmpdir() { if [[ "$i" =~ .build-id ]]; then continue; fi if isELF "$i"; then - if patchelf --print-rpath "$i" | grep -q -F "$TMPDIR/"; then + if { printf :; patchelf --print-rpath "$i"; } | grep -q -F ":$TMPDIR/"; then echo "RPATH of binary $i contains a forbidden reference to $TMPDIR/" exit 1 fi From ad28261ad2c812948bdedaf9e05a3beafda4055d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= Date: Sun, 2 Dec 2018 11:34:26 +0100 Subject: [PATCH 2/2] audit-tmpdir hook: clean up whitespace --- pkgs/build-support/setup-hooks/audit-tmpdir.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/setup-hooks/audit-tmpdir.sh b/pkgs/build-support/setup-hooks/audit-tmpdir.sh index 291f7f306f7..5264ce39851 100644 --- a/pkgs/build-support/setup-hooks/audit-tmpdir.sh +++ b/pkgs/build-support/setup-hooks/audit-tmpdir.sh @@ -26,7 +26,7 @@ auditTmpdir() { fi fi - if isScript "$i"; then + if isScript "$i"; then if [ -e "$(dirname "$i")/.$(basename "$i")-wrapped" ]; then if grep -q -F "$TMPDIR/" "$i"; then echo "wrapper script $i contains a forbidden reference to $TMPDIR/"