[mirror_ubuntu-zesty-kernel.git] / debian / scripts / config-check

#!/usr/bin/perl
#
# check-config -- check the current config for issues
#
use strict;

my $P = 'check-config';

my $test = -1;
if ($ARGV[0] eq '--test') {
	$test = $ARGV[1] + 0;
} elsif ($#ARGV != 4) {
	die "Usage: $P <config> <arch> <flavour> <commonconfig> <warn-only>\n";
}

my ($config, $arch, $flavour, $commonconfig, $warn_only) = @ARGV;

my %values = ();

# If we are in overridden then still perform the checks and emit the messages
# but do not return failure.  Those items marked FATAL will alway trigger
# failure.
my $fail_exit = 1;
$fail_exit = 0 if ($warn_only eq 'true' || $warn_only eq '1');
my $exit_val = 0;

# Load up the current configuration values -- FATAL if this fails
print "$P: $config: loading config\n";
open(CONFIG, "<$config") || die "$P: $config: open failed -- $! -- aborting\n";
while (<CONFIG>) {
	# Pull out values.
	/^#*\s*(CONFIG_\w+)[\s=](.*)$/ or next;
	if ($2 eq 'is not set') {
		$values{$1} = 'n';
	} else {
		$values{$1} = $2;
	}
}
close(CONFIG);

# ANNOTATIONS: check any annotations marked for enforcement
my $pass = 0;
my $total = 0;
my $annotations = "$commonconfig/annotations";
my ($config, $value, $options, $option, $value, $check, $policy);
print "$P: $annotations loading annotations\n";
my %annot;
open(ANNOTATIONS, "<$annotations") || die "$P: $annotations: open failed -- $! -- aborting\n";
while (<ANNOTATIONS>) {
	/^#/ && next;
	chomp;
	/^$/ && next;

	/^CONFIG_/ || next;

	($config, $value, $options) = split(' ', $_, 3);

	$annot{$config} = $annot{$config} . ' ' . $options;
}
close(ANNOTATIONS);

my $config;
for $config (keys %annot) {
	$check = 0;
	$options = $annot{$config};

	$policy = undef;
	while ($options =~ /\s*(\S+)<(.*?)?>/g) {
		($option, $value) = ($1, $2);

		if ($option eq 'mark' && $value eq 'ENFORCED') {
			$check = 1;

		} elsif ($option eq 'policy') {
			if ($value =~ /^{/) {
				$value =~ s/:/=>/g;
				$policy = eval($value);
				warn "$@" if ($@);
			} else {
				$policy = undef;
			}
		}
	}
	if ($check == 1 && !defined($policy)) {
		print "$P: INVALID POLICY (use policy<{...}>) $config$options\n";
		$total++;
		$check = 0;
	}
	if ($check) {
		my $is = '-';
		$is = $values{$config} if (defined $values{$config});

		my $value = '-';
		for my $which ("$arch-$flavour", "$arch-*", "*-$flavour", "$arch", "*") {
			if (defined $policy->{$which}) {
				$value = $policy->{$which};
				last;
			}
		}
		if ($is eq $value) {
			$pass++;
		} else {
			print "$P: FAIL ($is != $value): $config$options\n";
			$exit_val = $fail_exit;
		}
		$total++;
	}
}

print "$P: $pass/$total checks passed -- exit $exit_val\n";
exit $exit_val;
Commit	Line	Data
356bd1e1 LO	1	#!/usr/bin/perl
	2	#
	3	# check-config -- check the current config for issues
	4	#
	5	use strict;
	6
	7	my $P = 'check-config';
	8
	9	my $test = -1;
	10	if ($ARGV[0] eq '--test') {
	11	$test = $ARGV[1] + 0;
	12	} elsif ($#ARGV != 4) {
	13	die "Usage: $P <config> <arch> <flavour> <commonconfig> <warn-only>\n";
	14	}
	15
	16	my ($config, $arch, $flavour, $commonconfig, $warn_only) = @ARGV;
	17
356bd1e1 LO	18	my %values = ();
	19
	20	# If we are in overridden then still perform the checks and emit the messages
	21	# but do not return failure. Those items marked FATAL will alway trigger
	22	# failure.
	23	my $fail_exit = 1;
	24	$fail_exit = 0 if ($warn_only eq 'true' \|\| $warn_only eq '1');
	25	my $exit_val = 0;
	26
356bd1e1 LO	27	# Load up the current configuration values -- FATAL if this fails
	28	print "$P: $config: loading config\n";
	29	open(CONFIG, "<$config") \|\| die "$P: $config: open failed -- $! -- aborting\n";
	30	while (<CONFIG>) {
	31	# Pull out values.
	32	/^#\s(CONFIG_\w+)[\s=](.*)$/ or next;
	33	if ($2 eq 'is not set') {
	34	$values{$1} = 'n';
	35	} else {
	36	$values{$1} = $2;
	37	}
	38	}
	39	close(CONFIG);
	40
d4395354 AW	41	# ANNOTATIONS: check any annotations marked for enforcement
	42	my $pass = 0;
	43	my $total = 0;
	44	my $annotations = "$commonconfig/annotations";
	45	my ($config, $value, $options, $option, $value, $check, $policy);
	46	print "$P: $annotations loading annotations\n";
66872888	47	my %annot;
d4395354 AW	48	open(ANNOTATIONS, "<$annotations") \|\| die "$P: $annotations: open failed -- $! -- aborting\n";
	49	while (<ANNOTATIONS>) {
	50	/^#/ && next;
	51	chomp;
	52	/^$/ && next;
	53
66872888 AW	54	/^CONFIG_/ \|\| next;
66872888 AW	55
d4395354	56	($config, $value, $options) = split(' ', $_, 3);
66872888 AW	57
	58	$annot{$config} = $annot{$config} . ' ' . $options;
	59	}
	60	close(ANNOTATIONS);
	61
	62	my $config;
	63	for $config (keys %annot) {
	64	$check = 0;
	65	$options = $annot{$config};
	66
	67	$policy = undef;
d4395354 AW	68	while ($options =~ /\s(\S+)<(.?)?>/g) {
	69	($option, $value) = ($1, $2);
	70
	71	if ($option eq 'mark' && $value eq 'ENFORCED') {
	72	$check = 1;
	73
	74	} elsif ($option eq 'policy') {
	75	if ($value =~ /^{/) {
	76	$value =~ s/:/=>/g;
	77	$policy = eval($value);
b51c78b4	78	warn "$@" if ($@);
d4395354 AW	79	} else {
	80	$policy = undef;
	81	}
	82	}
	83	}
66872888 AW	84	if ($check == 1 && !defined($policy)) {
66872888 AW	85	print "$P: INVALID POLICY (use policy<{...}>) $config$options\n";
d4395354	86	$total++;
66872888	87	$check = 0;
d4395354 AW	88	}
	89	if ($check) {
	90	my $is = '-';
	91	$is = $values{$config} if (defined $values{$config});
	92
	93	my $value = '-';
	94	for my $which ("$arch-$flavour", "$arch-", "-$flavour", "$arch", "*") {
	95	if (defined $policy->{$which}) {
	96	$value = $policy->{$which};
	97	last;
	98	}
	99	}
	100	if ($is eq $value) {
	101	$pass++;
	102	} else {
66872888	103	print "$P: FAIL ($is != $value): $config$options\n";
d4395354 AW	104	$exit_val = $fail_exit;
	105	}
	106	$total++;
	107	}
	108	}
d4395354	109
356bd1e1 LO	110	print "$P: $pass/$total checks passed -- exit $exit_val\n";
356bd1e1 LO	111	exit $exit_val;