tmpdir audit: only fail with files referenced below (#35068)

On Linux the `$TMPDIR` is `/build`. The TMPDIR audit looks for `$TMPDIR`
in the build output, which will then fail with packages like
/buildkite-agent.

This fixes the heuristic to look for `$TMPDIR/` instead.
This commit is contained in:
zimbatm 2018-11-16 22:35:56 +01:00 committed by GitHub
parent e15bac8f76
commit 551aecfa83
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -13,23 +13,23 @@ auditTmpdir() {
local dir="$1"
[ -e "$dir" ] || return 0
header "checking for references to $TMPDIR in $dir..."
header "checking for references to $TMPDIR/ in $dir..."
local i
while IFS= read -r -d $'\0' i; do
if [[ "$i" =~ .build-id ]]; then continue; fi
if isELF "$i"; then
if patchelf --print-rpath "$i" | grep -q -F "$TMPDIR"; then
echo "RPATH of binary $i contains a forbidden reference to $TMPDIR"
if patchelf --print-rpath "$i" | grep -q -F "$TMPDIR/"; then
echo "RPATH of binary $i contains a forbidden reference to $TMPDIR/"
exit 1
fi
fi
if isScript "$i"; then
if [ -e "$(dirname "$i")/.$(basename "$i")-wrapped" ]; then
if grep -q -F "$TMPDIR" "$i"; then
echo "wrapper script $i contains a forbidden reference to $TMPDIR"
if grep -q -F "$TMPDIR/" "$i"; then
echo "wrapper script $i contains a forbidden reference to $TMPDIR/"
exit 1
fi
fi