tmpdir audit: only fail with files referenced below (#35068)

On Linux the `$TMPDIR` is `/build`. The TMPDIR audit looks for `$TMPDIR` in the build output, which will then fail with packages like /buildkite-agent. This fixes the heuristic to look for `$TMPDIR/` instead.
2024-11-13 09:17:07 +03:00 · 2018-11-16 22:35:56 +01:00 · 2018-11-16 22:35:56 +01:00 · 551aecfa83
commit 551aecfa83
parent e15bac8f76
1 changed files with 5 additions and 5 deletions
--- a/pkgs/build-support/setup-hooks/audit-tmpdir.sh
+++ b/pkgs/build-support/setup-hooks/audit-tmpdir.sh
@ -13,23 +13,23 @@ auditTmpdir() {
    local dir="$1"
    [ -e "$dir" ] || return 0

-    header "checking for references to $TMPDIR in $dir..."
+    header "checking for references to $TMPDIR/ in $dir..."

    local i
    while IFS= read -r -d $'\0' i; do
        if [[ "$i" =~ .build-id ]]; then continue; fi

        if isELF "$i"; then
-            if patchelf --print-rpath "$i" | grep -q -F "$TMPDIR"; then
-                echo "RPATH of binary $i contains a forbidden reference to $TMPDIR"
+            if patchelf --print-rpath "$i" | grep -q -F "$TMPDIR/"; then
+                echo "RPATH of binary $i contains a forbidden reference to $TMPDIR/"
                exit 1
            fi
        fi

        if  isScript "$i"; then
            if [ -e "$(dirname "$i")/.$(basename "$i")-wrapped" ]; then
-                if grep -q -F "$TMPDIR" "$i"; then
-                    echo "wrapper script $i contains a forbidden reference to $TMPDIR"
+                if grep -q -F "$TMPDIR/" "$i"; then
+                    echo "wrapper script $i contains a forbidden reference to $TMPDIR/"
                    exit 1
                fi
            fi