Extracting shell scripts from an RPM spec file for static analysis
I want to run ShellCheck scripts embedded in a spec file that will run where the RPM is deployed. I have .spec snippets like,
%setup -q
cat > ./example.sh << EOF
#!/bin/sh
echo "example"
EOF
Like the hooks
%post
#!/bin/sh
echo "Hello"
Is there a way to programmatically extract these shell snippets to run a script analysis tool like ShellCheck? How, maybe, rpmbuild --save-temps
or some concept like that? Or each script must be linked to a known text, so I can use the tool flow ( grep
, awk
, sed
etc.)?
I have a large number of spec files that I would rather not modify. For example, to test scripts for security related items, etc., without requiring parsing of the spec file. Searching bison + spec
gives the wrong concept and I think you need to parse RPM macros and a lot of other mechanisms; or maybe the grammar is simpler than I think?
source to share
I also thought about this for some of my RPMs.
You can get partitions %prep
, '% build', %install
etc. with python from the spec file itself.
CentOS 5 code:
import rpm
ts = rpm.ts()
spec = ts.parseSpec("package.spec")
for section in ['build', 'clean', 'install', 'prep']:
try:
print '%s' % (getattr(s, section,)())
except:
pass
CentOS 6 code:
import rpm
spec = rpm.spec('package.spec')
for section in ['build', 'clean', 'install', 'prep']:
if hasattr(spec, section):
print '%s' % (getattr(spec, section),)
There seems to be no way (on CentOS 5 or 6) to get the contents of pre / post / etc. scripts via python.
So you probably just need to output them from the embedded RPM with rpm -qp --scripts
and then split that output into temporary files and run a shellcheck on them.
source to share