Date: Sun, 1 Sep 2013 00:02:02 GMT From: Jan Beich <jbeich@tormail.org> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/181715: [regression] bmake vs. bsd.port.mk: security-check doesn't work after base@r254980 Message-ID: <201309010002.r81022gI099805@oldred.freebsd.org> Resent-Message-ID: <201309010010.r810A0Xc065830@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 181715
>Category: bin
>Synopsis: [regression] bmake vs. bsd.port.mk: security-check doesn't work after base@r254980
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Sep 01 00:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Jan Beich
>Release: FreeBSD 10.0-CURRENT amd64
>Organization:
>Environment:
reassign to portmgr if it's a feature
>Description:
When security-check tries to generate a list of symbols to check for
unsafe functions, objdump(1) may sometimes encounter non-ELF files and
change exit status to 1. While bmake and fmake both agree to not abort
the target if the line starts with `-' (ignore) flag that's not so for
what happens to the rest of shell commands.
>How-To-Repeat:
# no warning
$ cd net/socat
$ make install
..
*** Error code 1 (ignored)
# test case
$ cat Makefile
all:
-@true | false; echo foo
-@true; set -o | fgrep err
$ fmake
foo
errexit off
$ make
*** Error code 1 (ignored)
errexit on
>Fix:
workaround
--- ignore.diff begins here ---
Index: Mk/bsd.port.mk
===================================================================
--- Mk/bsd.port.mk (revision 325833)
+++ Mk/bsd.port.mk (working copy)
@@ -4167,7 +4169,7 @@ security-check:
| ${XARGS} -0 -J % ${FIND} % -prune -perm -0002 \! -type l 2> /dev/null > ${WRKDIR}/.PLIST.writable; \
${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
| ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f -print0 2> /dev/null \
- | ${XARGS} -0 -n 1 ${OBJDUMP} -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump; \
+ | ${XARGS} -0 -n 1 ${OBJDUMP} -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump || ${TRUE}; \
if \
! ${AWK} -v audit="$${PORTS_AUDIT}" -f ${PORTSDIR}/Tools/scripts/security-check.awk \
${WRKDIR}/.PLIST.flattened ${WRKDIR}/.PLIST.objdump ${WRKDIR}/.PLIST.setuid ${WRKDIR}/.PLIST.writable; \
--- ignore.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309010002.r81022gI099805>