Linux packager: Make sure ELF binaries live exclusively in /opt

BUG=768020 R=thestig@chromium.org Change-Id: Iaf520e6f064cdc44977607fdac8be7137648bbfd Reviewed-on: https://chromium-review.googlesource.com/685506Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> Cr-Commit-Position: refs/heads/master@{#504460}

Linux packager: Make sure ELF binaries live exclusively in /opt
BUG=768020 R=thestig@chromium.org Change-Id: Iaf520e6f064cdc44977607fdac8be7137648bbfd Reviewed-on: https://chromium-review.googlesource.com/685506Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> Cr-Commit-Position: refs/heads/master@{#504460}
cf34d549 · Tom Anderson · Commit Bot · 301efd00 · cf34d549
Commit cf34d549 authored Sep 26, 2017 by Tom Anderson Committed by Commit Bot Sep 26, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

chrome/installer/linux/common/installer.include chrome/installer/linux/common/installer.include +10 -0

No files found.
--- a/chrome/installer/linux/common/installer.include
+++ b/chrome/installer/linux/common/installer.include
@@ -295,6 +295,16 @@ stage_install_common() {
    exit 1
  fi

+  # Make sure ELF binaries live in INSTALLDIR exclusively.
+  ELF_OUTSIDE_INSTALLDIR=$(find "${STAGEDIR}/" -not -path \
+    "${STAGEDIR}${INSTALLDIR}/*" -type f | xargs file -b |
+    grep -ce "^ELF" || true)
+  if [ "${ELF_OUTSIDE_INSTALLDIR}" -ne 0 ]; then
+    echo "ERROR: Found ${ELF_OUTSIDE_INSTALLDIR} ELF binaries" \
+      "outside of ${INSTALLDIR}" 1>&2
+    exit 1
+  fi
+
  # Verify file permissions.
  for file in $(find "${STAGEDIR}" -mindepth 1); do
    local actual_perms=$(stat -c "%a" "${file}")