- More updates from Kevin Q bug 131779 ; document the stricter feature along with the QA_* handling

svn path=/main/trunk/; revision=3410

3 files changed, 50 insertions, 1 deletions

diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh
index 4b545ab2..1a2f1b3f 100755
--- a/bin/misc-functions.sh
+++ b/bin/misc-functions.sh
@@ -133,7 +133,7 @@ install_qa_check() {
 					[[ -n ${QA_STRICT_EXECSTACK} ]] && QA_EXECSTACK=""
 					qa_var="QA_WX_LOAD_${ARCH}"
 					[[ -n ${!qa_var} ]] && QA_WX_LOAD=${!qa_var}
-					[[ -n ${QA_STRICT_EXECSTACK} ]] && QA_WX_LOAD=""
+					[[ -n ${QA_STRICT_WX_LOAD} ]] && QA_WX_LOAD=""
 					export QA_EXECSTACK QA_WX_LOAD
 					f=$(scanelf -qyRF '"%e %p"' "${D}" | grep -v 'usr/lib/debug/')
 					;;
diff --git a/man/ebuild.5 b/man/ebuild.5
index 0cbad639..053702a8 100644
--- a/man/ebuild.5
+++ b/man/ebuild.5
@@ -342,6 +342,38 @@ This variable should only be used when a package provides a virtual target.
 For example, blackdown-jdk and sun-jdk provide \fIvirtual/jdk\fR.  This
 allows for packages to depend on \fIvirtual/jdk\fR rather than on blackdown
 or sun specifically.
+.SH "QA CONTROL VARIABLES"
+.TP
+.B USAGE NOTES
+Several QA variables are provided which allow an ebuild to manipulate some
+of the QA checks performed by portage.  Use of these variables in ebuilds
+should be kept to an absolute minimum otherwise they defeat the purpose
+of the QA checks, and their use is subject to agreement of the QA team.
+They are primarily intended for use by ebuilds that install closed-source
+binary objects that cannot be altered.
+.br
+Note that objects that violate these rules may fail on some architectures.
+.TP
+\fBQA_TEXTRELS\fR
+This variable can be set to a list of file paths, relative to the image
+directory, of files that contain text relocations that cannot be eliminated.
+The paths may contain regular expressions.
+.br
+This variable is intended to be used on closed-source binary objects that
+cannot be altered.
+.TP
+\fBQA_EXECSTACK\fR
+This should contain a list of file paths, relative to the image directory, of
+objects that require executable stack in order to run.
+The paths may contain regular expressions.
+.br
+This variable is intended to be used on objects that truly need executable
+stack (i.e. not those marked to need it which in fact do not).
+.TP
+\fBQA_WX_LOAD\fR
+This should contain a list of file paths, relative to the image directory, of
+files that contain writable and executable segments.  These are rare.
+The paths may contain regular expressions.
 .SH "PORTAGE DECLARATIONS"
 .TP
 .B inherit
diff --git a/man/make.conf.5 b/man/make.conf.5
index 51ce5efa..ea0262fb 100644
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -231,6 +231,11 @@ stored for later use by various debuggers.
 Have portage react strongly to conditions that have the potential to be 
 dangerous (like missing or incorrect Manifests).
 .TP
+.B stricter
+Have portage react strongly to conditions that may conflict with system
+security provisions (for example textrels, executable stack).  Read about
+the \fIQA_STRICT_*\fR variables in \fBmake.conf\fR(5).
+.TP
 .B suidctl
 Before merging packages to the live filesystem, automatically strip setuid 
 bits from any file that is not listed in \fI/etc/portage/suidctl.conf\fR.
@@ -342,6 +347,18 @@ This variable contains the command used for resuming package sources that
 have been partially downloaded.  It should be defined using the same format
 as \fBFETCHCOMMAND\fR.
 .TP
+\fBQA_STRICT_EXECSTACK = \fI"set"\fR
+Set this to cause portage to ignore any \fIQA_EXECSTACK\fR override
+settings from ebuilds.  See also \fBebuild\fR(5).
+.TP
+\fBQA_STRICT_WX_LOAD = \fI"set"\fR
+Set this to cause portage to ignore any \fIQA_WX_LOAD\fR override
+settings from ebuilds.  See also \fBebuild\fR(5).
+.TP
+\fBQA_STRICT_TEXTRELS = \fI"set"\fR
+Set this to cause portage to ignore any \fIQA_TEXTREL\fR override
+settings from ebuilds.  See also \fBebuild\fR(5).
+.TP
 \fBROOT\fR = \fI[path]\fR
 Use \fBROOT\fR to specify the target root filesystem to be used for merging 
 packages or ebuilds.  All \fBRDEPEND\fR and \fBPDEPEND\fR will be installed