[PATCH v2 0/2] sanity.bbclass fixes

[PATCH v2 0/2] sanity.bbclass fixes

[Paul Eggleton]

Changes since v1:
* Change the suid root binary check to a run-once check to be consistent
  with other similar checks
* Add a patch fixing grammatical errors in messages 

The following changes since commit f192c444c2d88c49738bea4ff4c3af0cc72916de:

  texinfo: Update to 5.1 (2013-07-31 06:56:28 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib paule/sanity
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/sanity

Paul Eggleton (2):
  classes/sanity: check for suid root command evility
  classes/sanity: fix some grammatical errors in messages

 meta/classes/sanity.bbclass | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

-- 
1.8.1.2

[PATCH v2 1/2] classes/sanity: check for suid root command evility

[Paul Eggleton]

Some users have been found to have an unnamed third-party piece of
software installed which sets chmod, chown and mknod as suid root as
part of its installation process. This interferes with the operation of
pseudo and can result in files really being owned by root within the
build output, and therefore breaks the build, apart from being a
security issue. Check for this and bail out if it is found.

Reported-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 meta/classes/sanity.bbclass | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 08ab1b7..cc67490 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -530,6 +530,16 @@ def check_sanity_version_change(status, d):
     tmpdir = d.getVar('TMPDIR', True)
     status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
 
+    # Some third-party software apparently relies on chmod etc. being suid root (!!)
+    import stat
+    suid_check_bins = "chown chmod mknod".split()
+    for bin_cmd in suid_check_bins:
+        bin_path = bb.utils.which(os.environ["PATH"], bin_cmd)
+        if bin_path:
+            bin_stat = os.stat(bin_path)
+            if bin_stat.st_uid == 0 and bin_stat.st_mode & stat.S_ISUID:
+                status.addresult('%s has the setuid bit set. This interferes with pseudo and may cause other issues that break the build process.\n' % bin_path)
+
     # Check that we can fetch from various network transports
     netcheck = check_connectivity(d)
     status.addresult(netcheck)
-- 
1.8.1.2

[PATCH v2 2/2] classes/sanity: fix some grammatical errors in messages

[Paul Eggleton]

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 meta/classes/sanity.bbclass | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index cc67490..4df3ca8 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -522,7 +522,7 @@ def check_sanity_version_change(status, d):
         status.addresult("Your gcc version is older than 4.5, please add the following param to local.conf\n \
         %s\n" % message)
     if not result:
-        status.addresult("Your gcc version is older then 4.5 or is not working properly.  Please verify you can build")
+        status.addresult("Your gcc version is older than 4.5 or is not working properly.  Please verify you can build")
         status.addresult(" and link something that uses atomic operations, such as: \n")
         status.addresult("        __sync_bool_compare_and_swap (&atomic, 2, 3);\n")
 
@@ -567,7 +567,7 @@ def check_sanity_version_change(status, d):
 
     oes_bb_conf = d.getVar( 'OES_BITBAKE_CONF', True)
     if not oes_bb_conf:
-        status.addresult('You do not include the OpenEmbedded version of conf/bitbake.conf. This means your environment is misconfigured, in particular check BBPATH.\n')
+        status.addresult('You are not using the OpenEmbedded version of conf/bitbake.conf. This means your environment is misconfigured, in particular check BBPATH.\n')
 
     # The length of tmpdir can't be longer than 410
     status.addresult(check_path_length(tmpdir, "TMPDIR", 410))
@@ -631,7 +631,7 @@ def check_sanity_everybuild(status, d):
     if d.getVar( 'IMAGETEST', True ) == 'qemu':
         display = d.getVar("BB_ORIGENV", False).getVar("DISPLAY", True)
         if not display:
-            status.addresult('qemuimagetest needs a X desktop to start qemu, please set DISPLAY correctly (e.g. DISPLAY=:1.0)\n')
+            status.addresult('qemuimagetest needs an X desktop to start qemu, please set DISPLAY correctly (e.g. DISPLAY=:1.0)\n')
 
     omask = os.umask(022)
     if omask & 0755:
-- 
1.8.1.2