1 files changed, 40 insertions, 0 deletions

diff --git a/debian/scripts/audit-vendor-source b/debian/scripts/audit-vendor-source
new file mode 100755
index 000000000..08a46d804
--- /dev/null
+++ b/debian/scripts/audit-vendor-source
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Audit Rust crate source for suspicious files in the current directory, that
+# shouldn't or can't be part of a Debian source package.
+#
+# NOTE: this overwrites & deletes files in the current directory!!! Make a
+# backup before running this script.
+#
+# Usage: $0 <whitelist> <filter_description> [<extra args to suspicious-source>]
+
+set -e
+
+whitelist="$1"
+filter_description="$2"
+shift 2 # everything else is args to suspicious-source
+
+# Remove tiny files 4 bytes or less
+find . -size -4c -type f -delete
+# Remove non-suspicious files, warning on patterns that match nothing
+echo "Excluding (i.e. removing) whitelisted files..."
+grep -v '^#' "$whitelist" | xargs  -I% sh -c 'rm -r ./% || true'
+echo "Checking for suspicious files..."
+# Remove cargo metadata files
+find . '(' -name '.cargo-checksum.json' -or -name '.cargo_vcs_info.json' ')' -delete
+# Strip comments & blank lines before testing rust source code -
+# some authors like to write really long comments
+find . -name '*.rs' -execdir sed -i -e '\,^\s*//,d' -e '/^\s*$/d' '{}' \;
+
+# TODO: merge the -m stuff into suspicious-source(1).
+suspicious-source -v "$@"
+# The following shell snippet is a bit more strict than suspicious-source(1)
+find . -type f -exec file '{}' \; | \
+  sed -e 's/\btext\b\(.*\), with very long lines/verylongtext\1/g' | \
+  grep -v '\b\(text\|empty\)\b' || true
+
+# Most C and JS code should be in their own package
+find . -name '*.c' -o -name '*.js'
+
+echo "The above files (if any) seem suspicious, please audit them."
+echo "If good, add them to $whitelist."
+echo "If bad, add them to $filter_description."