[coreboot-gerrit] Patch set updated for coreboot: kconfig_lint: Fix checks when running in taint mode

Martin Roth (martinroth@google.com) gerrit at coreboot.org
Tue Feb 23 18:08:08 CET 2016 

Martin Roth (martinroth at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/13751

-gerrit

commit c77698ee1c5a8d46e06a6d2b6d2a9bc9399565d5
Author: Martin Roth <martinroth at google.com>
Date:   Fri Feb 19 10:24:25 2016 -0700

    kconfig_lint: Fix checks when running in taint mode
    
    The builders run perl scripts in taint mode, and some of the checks
    that the kconfig lint script were running were tainted, causing
    the script to terminate early when running on the servers.
    
    This checks to see if taint mode is enabled, and untaints the path
    if it is.  All external tools (git & grep) must be in
    /bin, /usr/bin, or /usr/local/bin.
    This also removes the check for unused kconfig files if taint mode
    is enabled.
    
    Change-Id: I8d1e1c32275f759d085759fb5d8a6c85d4f99539
    Signed-off-by: Martin Roth <martinroth at google.com>
---
 util/lint/kconfig_lint | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/util/lint/kconfig_lint b/util/lint/kconfig_lint
index b5a62d3..38fa968 100755
--- a/util/lint/kconfig_lint
+++ b/util/lint/kconfig_lint
@@ -26,6 +26,12 @@ use File::Find;
 use Getopt::Long;
 use Getopt::Std;
 
+# If taint mode is enabled, Untaint the path - git and grep must be in /bin, /usr/bin or /usr/local/bin
+if ( ${^TAINT} ) {
+    $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
+    delete @ENV{ 'IFS', 'CDPATH', 'ENV', 'BASH_ENV' };
+}
+
 my $suppress_error_output   = 0;      # flag to prevent error text
 my $suppress_warning_output = 0;      # flag to prevent warning text
 my $show_note_output        = 0;      # flag to show minor notes text
@@ -33,7 +39,7 @@ my $print_full_output       = 0;      # flag to print wholeconfig output
 my $output_file             = "-";    # filename of output - set stdout by default
 my $dont_use_git_grep       = 0;
 
-#globals
+# Globals
 my $top_dir        = ".";             # Directory where Kconfig is run
 my $root_dir       = "src";           # Directory of the top level Kconfig file
 my $errors_found   = 0;               # count of errors
@@ -76,9 +82,6 @@ sub Main {
     #load the Kconfig tree, checking what we can and building up all the hash tables
     build_and_parse_kconfig_tree("$root_dir/Kconfig");
 
-    #run checks based on the data that was found
-    find( \&check_if_file_referenced, $root_dir );
-
     load_config($config_file) if ($config_file);
 
     check_defaults();
@@ -91,6 +94,14 @@ sub Main {
     check_is_enabled();
     check_selected_symbols();
 
+    # Run checks based on the data that was found
+    if ( ( !$suppress_warning_output ) && ( ${^TAINT} == 0 ) ) {
+
+        # The find function is tainted - only run it if taint checking
+        # is disabled and warnings are enabled.
+        find( \&check_if_file_referenced, $root_dir );
+    }
+
     print_wholeconfig();
 
     if ($errors_found) {

More information about the coreboot-gerrit mailing list