[gentoo-portage-dev] [PATCH v2] install-qa-check.d: Add a QA check for installing xattrs

[Michał Górny]

Warn the developers if ebuilds install files with xattrs to ${ED}.
The xattrs may or may not be preserved when installing the package,
making them unreliable on one hand, and somewhat suprising in other
cases (e.g. when they unintentionally leak from developer's system).

This is the first step towards restoring PMS compliance and *not*
preserving extended metadata.

Signed-off-by: Michał Górny <mgo...@gentoo.org>
---
 bin/install-qa-check.d/95xattr | 54 ++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 bin/install-qa-check.d/95xattr

Changes in v2:
- added a link to the tracker in place of in-place explanation


diff --git a/bin/install-qa-check.d/95xattr b/bin/install-qa-check.d/95xattr
new file mode 100644
index 000000000..4bf6631d3
--- /dev/null
+++ b/bin/install-qa-check.d/95xattr
@@ -0,0 +1,54 @@
+# Check for xattrs.  See https://bugs.gentoo.org/815220.
+
+xattr_check() {
+       type -P getfattr >/dev/null || return
+
+       pushd "${ED}" >/dev/null || die
+       local x file= keys
+       local -A data=()
+       while read -r x; do
+               case ${x} in
+                       "# file: "*)
+                               file=${x#*: }
+                               file=/${file#.}
+                               ;;
+                       btrfs.*)
+                               # ignore btrfs xattrs, they're implicit fs 
metadata
+                               ;;
+                       security.capability)
+                               # don't report caps if we have fcaps.eclass 
inherited
+                               if ! has fcaps ${INHERITED}; then
+                                       data[${file}]+=" ${x}"
+                               fi
+                               ;;
+                       ?*)
+                               data[${file}]+=" ${x}"
+                               ;;
+               esac
+       done < <(getfattr -R -h -m - . 2>/dev/null)
+       popd >/dev/null || die
+
+       if [[ ${data[@]} ]]; then
+               eqawarn "One or more files in \${ED} include extended 
attributes."
+               eqawarn
+
+               for file in "${!data[@]}"; do
+                       keys=( ${data[${file}]} )
+                       for x in "${keys[@]}"; do
+                               eqatag xattr "key=${x}" "${file}"
+                       done
+                       eqawarn "  ${file} (${keys[*]})"
+               done
+
+               eqawarn
+               eqawarn "It is impossible to reliably guarantee that the 
extended attributes"
+               eqawarn "will be reliably preserved while merging.  Please file 
a bug"
+               eqawarn "and make it block the tracker 
https://bugs.gentoo.org/815220.";
+               eqawarn "More information about the problem can also be found 
on the tracker."
+       fi
+}
+
+xattr_check
+: # guarantee successful exit
+
+# vim:ft=sh
-- 
2.33.0