Ldd check linter (#1834)

Add a linter which checks for and recommends using the ldd-check test. --------- Signed-off-by: Sergio Durigan Junior <sergiodj@chainguard.dev> Co-authored-by: Sergio Durigan Junior <sergiodj@chainguard.dev>
chainguard-dev · Mar 6, 2025 · 3e03580 · 3e03580
1 parent c63ecae
commit 3e03580
Show file tree

Hide file tree

Showing 4 changed files with 110 additions and 6 deletions.
diff --git a/docs/md/melange_build.md b/docs/md/melange_build.md
@@ -54,7 +54,7 @@ melange build [flags]
   -k, --keyring-append strings                                  path to extra keys to include in the build environment keyring
       --license string                                          license to use for the build config file itself (default "NOASSERTION")
       --lint-require strings                                    linters that must pass (default [dev,infodir,tempdir,varempty])
-      --lint-warn strings                                       linters that will generate warnings (default [object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite])
+      --lint-warn strings                                       linters that will generate warnings (default [lddcheck,object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite])
       --memory string                                           default memory resources to use for builds
       --namespace string                                        namespace to use in package URLs in SBOM (eg wolfi, alpine) (default "unknown")
       --out-dir string                                          directory where packages will be output (default "./packages/")

diff --git a/docs/md/melange_lint.md b/docs/md/melange_lint.md
@@ -30,7 +30,7 @@ melange lint [flags]
 ```
   -h, --help                   help for lint
       --lint-require strings   linters that must pass (default [dev,infodir,tempdir,varempty])
-      --lint-warn strings      linters that will generate warnings (default [object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite])
+      --lint-warn strings      linters that will generate warnings (default [lddcheck,object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite])
 ```
 
 ### Options inherited from parent commands

diff --git a/pkg/linter/linter.go b/pkg/linter/linter.go
@@ -183,6 +183,11 @@ var linterMap = map[string]linter{
 		Explain:         "This package provides files in a pkgconfig directory, please add the pkgconf test pipeline",
 		defaultBehavior: Warn,
 	},
+	"lddcheck": {
+		LinterFunc:      allPaths(lddcheckTestLinter),
+		Explain:         "This package provides shared object files, please add the ldd-check test pipeline",
+		defaultBehavior: Warn,
+	},
 	"usrmerge": {
 		LinterFunc:      allPaths(usrmergeLinter),
 		Explain:         "Move binary to /usr/{bin,lib/sbin}",
@@ -593,6 +598,48 @@ func pkgconfTestLinter(_ context.Context, cfg *config.Configuration, pkgname, pa
 	return fmt.Errorf("pkgconfig directory found")
 }
 
+var isSharedObjectFileRegex = regexp.MustCompile(`\.so(?:\.[0-9]+)*$`)
+
+func lddcheckTestLinter(_ context.Context, cfg *config.Configuration, pkgname, path string) error {
+	if !isSharedObjectFileRegex.MatchString(path) {
+		return nil
+	}
+
+	if cfg == nil {
+		return fmt.Errorf("shared object found and missing .melange.yaml")
+	}
+
+	if cfg.Package.Name == pkgname {
+		if cfg.Test != nil {
+			for _, test := range cfg.Test.Pipeline {
+				if test.Uses == "test/ldd-check" || test.Uses == "test/tw/ldd-check" {
+					return nil
+				}
+			}
+		}
+	} else {
+		for _, p := range cfg.Subpackages {
+			if p.Name != pkgname {
+				continue
+			}
+
+			if p.Test == nil {
+				break
+			}
+
+			for _, test := range p.Test.Pipeline {
+				if test.Uses == "test/ldd-check" || test.Uses == "test/tw/ldd-check" {
+					return nil
+				}
+			}
+
+			break
+		}
+	}
+
+	return fmt.Errorf("shared object found")
+}
+
 func lintPackageFS(ctx context.Context, cfg *config.Configuration, pkgname string, fsys fs.FS, linters []string) error {
 	// If this is a compat package, do nothing.
 	if strings.HasSuffix(pkgname, "-compat") {

diff --git a/pkg/linter/linter_test.go b/pkg/linter/linter_test.go
@@ -45,7 +45,7 @@ func TestLinters(t *testing.T) {
 		},
 	}
 
-	goodCfg := &config.Configuration{
+	tpkgconfCfg := &config.Configuration{
 		Package: config.Package{
 			Name: "pkgconf",
 		},
@@ -56,7 +56,7 @@ func TestLinters(t *testing.T) {
 		},
 	}
 
-	subpkgCfg := &config.Configuration{
+	subpkgtpkgconfCfg := &config.Configuration{
 		Package: config.Package{
 			Name: "not-pkgconf",
 		},
@@ -72,6 +72,44 @@ func TestLinters(t *testing.T) {
 		}},
 	}
 
+	tlddcheckCfg := &config.Configuration{
+		Package: config.Package{
+			Name: "lddcheck",
+		},
+		Test: &config.Test{
+			Pipeline: []config.Pipeline{{
+				Uses: "test/ldd-check",
+			}},
+		},
+	}
+
+	ttwlddcheckCfg := &config.Configuration{
+		Package: config.Package{
+			Name: "lddcheck",
+		},
+		Test: &config.Test{
+			Pipeline: []config.Pipeline{{
+				Uses: "test/tw/ldd-check",
+			}},
+		},
+	}
+
+	subpkgtlddcheckCfg := &config.Configuration{
+		Package: config.Package{
+			Name: "not-lddcheck",
+		},
+		Subpackages: []config.Subpackage{{
+			Name: "also-not-lddcheck",
+		}, {
+			Name: "lddcheck",
+			Test: &config.Test{
+				Pipeline: []config.Pipeline{{
+					Uses: "test/ldd-check",
+				}},
+			},
+		}},
+	}
+
 	for _, c := range []struct {
 		cfg     *config.Configuration
 		dirFunc func() string
@@ -123,17 +161,36 @@ func TestLinters(t *testing.T) {
 	}, {
 		dirFunc: mkfile(t, "usr/lib/pkgconfig/test.txt"),
 		linter:  "pkgconf",
-		cfg:     goodCfg,
+		cfg:     tpkgconfCfg,
 		pass:    true,
 	}, {
 		dirFunc: mkfile(t, "usr/lib/pkgconfig/test.txt"),
 		linter:  "pkgconf",
-		cfg:     subpkgCfg,
+		cfg:     subpkgtpkgconfCfg,
 		pass:    true,
 	}, {
 		dirFunc: mkfile(t, "usr/share/pkgconfig/test.txt"),
 		linter:  "pkgconf",
 		cfg:     cfg,
+	}, {
+		dirFunc: mkfile(t, "usr/lib/test.so.1"),
+		linter:  "lddcheck",
+		cfg:     cfg,
+	}, {
+		dirFunc: mkfile(t, "usr/lib/test.so"),
+		linter:  "lddcheck",
+		cfg:     tlddcheckCfg,
+		pass:    true,
+	}, {
+		dirFunc: mkfile(t, "usr/lib/test.so"),
+		linter:  "lddcheck",
+		cfg:     ttwlddcheckCfg,
+		pass:    true,
+	}, {
+		dirFunc: mkfile(t, "usr/lib/test.so"),
+		linter:  "lddcheck",
+		cfg:     subpkgtlddcheckCfg,
+		pass:    true,
 	}, {
 		dirFunc: mkfile(t, "sbin/test.sh"),
 		linter:  "usrmerge",