debian/check-orig-suspicious.sh

   1 #!/bin/bash
   2
   3 set -e
   4
   5 ver="$1"
   6 test -n "$ver" || exit 2
   7
   8 FILTER="Files-Excluded: in debian/copyright and run a repack."
   9 SUS_WHITELIST=$(find "${PWD}" -name upstream-tarball-unsuspicious.txt -type f)
  10
  11 rm -rf rustc-${ver/*~*/beta}-src/
  12 tar xf ../rustc_$ver+dfsg1.orig.tar.xz && cd rustc-${ver/*~*/beta}-src/
  13
  14 # Remove tiny files 4 bytes or less
  15 find . -size -4c -delete
  16 # Remove non-suspicious files, warning on patterns that match nothing
  17 echo "Excluding (i.e. removing) whitelisted files..."
  18 grep -v '^#' ${SUS_WHITELIST} | xargs  -I% sh -c 'rm -r ./% || true'
  19 echo "Checking for suspicious files..."
  20
  21 # TODO: merge the -m stuff into suspicious-source(1).
  22 suspicious-source -v -m text/x-objective-c
  23 # The following shell snippet is a bit more strict than suspicious-source(1)
  24 find . -type f -and -not -name '.cargo-checksum.json' -exec file '{}' \; | \
  25   sed -e 's/\btext\b\(.*\), with very long lines/verylongtext\1/g' | \
  26   grep -v '\b\(text\|empty\)\b' || true
  27
  28 # Most C and JS code should be in their own package
  29 find src/vendor/ -name '*.c' -o -name '*.js'
  30
  31 echo "The above files (if any) seem suspicious, please audit them."
  32 echo "If good, add them to ${SUS_WHITELIST}."
  33 echo "If bad, add them to ${FILTER}."
  34
  35 echo "Artifacts left in rustc-$ver-src, please remove them yourself."