diff options
Diffstat (limited to 'debian/scripts/audit-vendor-source')
-rwxr-xr-x | debian/scripts/audit-vendor-source | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/debian/scripts/audit-vendor-source b/debian/scripts/audit-vendor-source new file mode 100755 index 000000000..08a46d804 --- /dev/null +++ b/debian/scripts/audit-vendor-source @@ -0,0 +1,40 @@ +#!/bin/sh +# Audit Rust crate source for suspicious files in the current directory, that +# shouldn't or can't be part of a Debian source package. +# +# NOTE: this overwrites & deletes files in the current directory!!! Make a +# backup before running this script. +# +# Usage: $0 <whitelist> <filter_description> [<extra args to suspicious-source>] + +set -e + +whitelist="$1" +filter_description="$2" +shift 2 # everything else is args to suspicious-source + +# Remove tiny files 4 bytes or less +find . -size -4c -type f -delete +# Remove non-suspicious files, warning on patterns that match nothing +echo "Excluding (i.e. removing) whitelisted files..." +grep -v '^#' "$whitelist" | xargs -I% sh -c 'rm -r ./% || true' +echo "Checking for suspicious files..." +# Remove cargo metadata files +find . '(' -name '.cargo-checksum.json' -or -name '.cargo_vcs_info.json' ')' -delete +# Strip comments & blank lines before testing rust source code - +# some authors like to write really long comments +find . -name '*.rs' -execdir sed -i -e '\,^\s*//,d' -e '/^\s*$/d' '{}' \; + +# TODO: merge the -m stuff into suspicious-source(1). +suspicious-source -v "$@" +# The following shell snippet is a bit more strict than suspicious-source(1) +find . -type f -exec file '{}' \; | \ + sed -e 's/\btext\b\(.*\), with very long lines/verylongtext\1/g' | \ + grep -v '\b\(text\|empty\)\b' || true + +# Most C and JS code should be in their own package +find . -name '*.c' -o -name '*.js' + +echo "The above files (if any) seem suspicious, please audit them." +echo "If good, add them to $whitelist." +echo "If bad, add them to $filter_description." |