From b791b8f3a08100ed8ad3e818d2a34b0da91574ae Mon Sep 17 00:00:00 2001
From: Helmut Pozimski <helmut@pozimski.eu>
Date: Thu, 16 Jul 2020 19:44:01 +0200
Subject: [PATCH 1/2] 11-pkglint-elf-in-usrshare: allow explicit setting of
 exceptions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Piotr Wójcik <chocimier@tlen.pl>
---
 Manual.md                                     | 10 ++++++--
 .../11-pkglint-elf-in-usrshare.sh             | 24 ++++++++++++++++---
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/Manual.md b/Manual.md
index 8a8954e88d7..4691cbb136b 100644
--- a/Manual.md
+++ b/Manual.md
@@ -141,7 +141,7 @@ to be accepted. New fonts are welcome if they provide value beyond
 aesthetics (e.g. they contain glyphs for a script missing in already
 packaged fonts).
 
-Browser forks, including those based on Chromium and Firefox, are generally not 
+Browser forks, including those based on Chromium and Firefox, are generally not
 accepted. Such forks require heavy patching, maintenance and hours of build time.
 
 <a id="buildphase"></a>
@@ -623,6 +623,12 @@ the `$DESTDIR` which will not be scanned for runtime dependencies. This may be u
 skip files which are not meant to be run or loaded on the host but are to be sent to some
 target device or emulation.
 
+- `ignore_elf_files` White space separated list of machine code files
+in /usr/share directory specified by absolute path, which are expected and allowed.
+
+- `ignore_elf_dirs` White space separated list of directories in /usr/share directory
+specified by absolute path, which are expected and allowed to contain machine code files.
+
 - `nocross` If set, cross compilation won't be allowed and will exit immediately.
 This should be set to a string describing why it fails, or a link to a travis
 buildlog demonstrating the failure.
@@ -950,7 +956,7 @@ Environment variables for a specific `build_style` can be declared in a filename
 matching the `build_style` name, Example:
 
     `common/environment/build-style/gnu-configure.sh`
-    
+
 - `texmf` For texmf zip/tarballs that need to go into /usr/share/texmf-dist. Includes
 duplicates handling.
 
diff --git a/common/hooks/post-install/11-pkglint-elf-in-usrshare.sh b/common/hooks/post-install/11-pkglint-elf-in-usrshare.sh
index ff4f7789e86..a1ec9484bf4 100644
--- a/common/hooks/post-install/11-pkglint-elf-in-usrshare.sh
+++ b/common/hooks/post-install/11-pkglint-elf-in-usrshare.sh
@@ -2,26 +2,44 @@
 #
 # This hook executes the following tasks:
 #   - Looks on all packages for binary files being installed to /usr/share
+#   - Allows exceptions listed in $ignore_elf_files and $ignore_elf_dirs
 
 hook() {
-    local matches mime file
+    local matches mime file f prune_expr dir
 
     if [ ! -d ${PKGDESTDIR}/usr/share ]; then
         return 0
     fi
 
+    if [ "${ignore_elf_dirs}" ]; then
+        for dir in ${ignore_elf_dirs}; do
+            if ! [ "${prune_expr}" ]; then
+                prune_expr="( -path ${PKGDESTDIR}${dir}"
+            else
+                prune_expr+=" -o -path ${PKGDESTDIR}${dir}"
+            fi
+        done
+        prune_expr+=" ) -prune -o "
+    fi
+
     # Find all binaries in /usr/share and add them to the pool
     while read -r f; do
         mime="${f##*:}"
         mime="${mime// /}"
         file="${f%:*}"
+        file="${file#${PKGDESTDIR}}"
         case "${mime}" in
             # Note application/x-executable is missing which is present in most Electron apps
             application/x-sharedlib*|application/x-pie-executable*)
-                matches+=" ${file#$PKGDESTDIR}" ;;
+                if [[ ${ignore_elf_files} != *"${file}"* ]]
+                then
+                    matches+=" ${file}"
+                fi
+                ;;
         esac
-    done < <(find $PKGDESTDIR/usr/share -type f | file --mime-type --files-from -)
+    done < <(find $PKGDESTDIR/usr/share $prune_expr -type f | file --mime-type --files-from -)
 
+    # Check passed if no packages in pool
     if [ -z "$matches" ]; then
         return 0
     fi

From dbc4e70e8e76628bffcd8d0d09c9ca7182302994 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piotr=20W=C3=B3jcik?= <chocimier@tlen.pl>
Date: Tue, 4 Aug 2020 22:28:14 +0200
Subject: [PATCH 2/2] 11-pkglint-elf-in-usrshare: disallow x-executable

Can be allowed per-package now
---
 common/hooks/post-install/11-pkglint-elf-in-usrshare.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/common/hooks/post-install/11-pkglint-elf-in-usrshare.sh b/common/hooks/post-install/11-pkglint-elf-in-usrshare.sh
index a1ec9484bf4..7d6c9e73aa9 100644
--- a/common/hooks/post-install/11-pkglint-elf-in-usrshare.sh
+++ b/common/hooks/post-install/11-pkglint-elf-in-usrshare.sh
@@ -29,8 +29,9 @@ hook() {
         file="${f%:*}"
         file="${file#${PKGDESTDIR}}"
         case "${mime}" in
-            # Note application/x-executable is missing which is present in most Electron apps
-            application/x-sharedlib*|application/x-pie-executable*)
+            application/x-sharedlib*|\
+             application/x-pie-executable*|\
+             application/x-executable*)
                 if [[ ${ignore_elf_files} != *"${file}"* ]]
                 then
                     matches+=" ${file}"