115 lines
3.1 KiB
Bash
Executable File
115 lines
3.1 KiB
Bash
Executable File
#!/bin/bash
|
|
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2023 IPFire Team info@ipfire.org #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
# All supported architectures
|
|
ARCHES=(
|
|
aarch64
|
|
riscv64
|
|
x86_64
|
|
)
|
|
|
|
# A list of files that are not scanned
|
|
# because they probably cause some false positives.
|
|
EXCLUDED_FILES=(
|
|
qemu
|
|
)
|
|
|
|
ARGS=(
|
|
# Search path
|
|
"config/rootfiles"
|
|
|
|
# Exclude old core updates
|
|
"--exclude-dir" "oldcore"
|
|
|
|
# Ignore the update scripts
|
|
"--exclude" "update.sh"
|
|
)
|
|
|
|
check_for_arch() {
|
|
local arch="${1}"
|
|
|
|
local args=(
|
|
"${ARGS[@]}"
|
|
)
|
|
|
|
# Exclude any architecture-specific directories
|
|
local a
|
|
for a in ${ARCHES[@]}; do
|
|
args+=( "--exclude-dir" "${a}" )
|
|
done
|
|
|
|
# Exclude all excluded files
|
|
local x
|
|
for x in ${EXCLUDED_FILES[@]}; do
|
|
args+=( "--exclude" "${x}" )
|
|
done
|
|
|
|
# Search for all lines that contain the architecture, but exclude commented lines
|
|
grep -r "^[^#].*${arch}" "${args[@]}"
|
|
}
|
|
|
|
check_for_pattern() {
|
|
local pattern="${1}"
|
|
local message="${2}"
|
|
|
|
local args=(
|
|
"${ARGS[@]}"
|
|
)
|
|
|
|
if grep -r "${pattern}" "${args[@]}"; then
|
|
if [ -n "${message}" ]; then
|
|
echo "ERROR: ${message}"
|
|
else
|
|
echo "ERROR: Files matching '${pattern}' have been found in the rootfiles"
|
|
fi
|
|
return 1
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
main() {
|
|
local failed=0
|
|
|
|
# Check for /etc/init.d
|
|
if ! check_for_pattern "^etc/init\.d/" \
|
|
"/etc/init.d/* has been found. Please replace by /etc/rc.d/init.d"; then
|
|
failed=1
|
|
fi
|
|
|
|
# Check for /var/run
|
|
if ! check_for_pattern "^var/run/.*" \
|
|
"You cannot ship files in /var/run as it is a ramdisk"; then
|
|
failed=1
|
|
fi
|
|
|
|
# Check architectures
|
|
local arch
|
|
for arch in ${ARCHES[@]}; do
|
|
check_for_arch "${arch}" || failed=$?
|
|
done
|
|
|
|
# Return the error
|
|
return ${failed}
|
|
}
|
|
|
|
main "$@" || exit $?
|