Bug#461350: [shared-libs] Check for a missing libc dependency indicating ${shlibs:Depends} problems
Package: lintian
Version: 1.23.42
Severity: wishlist
Tags: patch
As discussed in the debian-devel thread starting at
http://lists.debian.org/debian-devel/2008/01/msg00612.html
it would be nice if lintian could check for binary packages containing
ELF files dynamically linked against libc.so.* without depending on the
corresponding libc* package.
The attached patch tries to be smart with the relation between the libc
package name and the library file. I'm not sure if this is too fragile:
if the assumption that libcXXX contains libc.so.XXX breaks, the check
will output an error for every package.
The alternative I see is to hardcode the libc names for each architecture,
which would be a (smallish) maintenance burden.
Note that there's an issue with -dbg packages and dh_shlibdeps (#461339)
that should possibly be taken into account here. I'm not sure how yet;
let's see what happens with the bug first.
Cheers,
--
Niko Tyni ntyni@debian.org
diff --git a/checks/shared-libs b/checks/shared-libs
index ed1cf77..c77098b 100644
--- a/checks/shared-libs
+++ b/checks/shared-libs
@@ -74,6 +74,7 @@ my %SONAME;
my %INTERP;
my %STACK;
my %TEXTREL;
+my %NEEDED;
my %objsomething;
my %sharedobject;
my %index_info;
@@ -106,6 +107,8 @@ while (<IN>) {
$INTERP{$file} = 1;
} elsif (m/^\s*STACK\s/) {
$STACK{$file} = 0;
+ } elsif (m/^\s*NEEDED\s+(\S+)/o) {
+ $NEEDED{$1} = $file;
} else {
if (defined $STACK{$file} and $STACK{$file} eq 0) {
m/\sflags\s+(\S+)/o;
@@ -440,6 +443,42 @@ if (-f $preinst) {
}
}
+# 7th step: check libc dependency indicating broken ${shlibs:Depends} usage
+if (keys %NEEDED) {
+ my $depends = "";
+ if (open (DEPENDS, '<', 'fields/depends')) {
+ $depends = <DEPENDS>;
+ chomp $depends;
+ close DEPENDS;
+ }
+ my $predepends = "";
+ if (open (PREDEPENDS, '<', 'fields/pre-depends')) {
+ $predepends = <PREDEPENDS>;
+ chomp $predepends;
+ close PREDEPENDS;
+ }
+ $depends = Dep::parse($depends);
+ $predepends = Dep::parse($predepends);
+
+ my ($libc_filename, $libc_package);
+ for (keys %NEEDED) {
+ if (/^libc\.so\.(\d+.*)/) {
+ $libc_package = "libc$1";
+ $libc_filename = $_;
+ last;
+ }
+ }
+
+ if (defined $libc_filename) {
+ my $elffile = $NEEDED{$libc_filename};
+ if ($elffile && ! (Dep::implies($depends, Dep::parse($libc_package)) ||
+ Dep::implies($predepends, Dep::parse($libc_package)))) {
+ tag "missing-dep-on-libc", $file;
+ }
+ }
+}
+
+
my $we_call_postinst=0;
if (-f $postinst) {
local $_ = slurp_entire_file($postinst);
diff --git a/checks/shared-libs.desc b/checks/shared-libs.desc
index dfc4951..776a7e3 100644
--- a/checks/shared-libs.desc
+++ b/checks/shared-libs.desc
@@ -230,3 +230,16 @@ Info: Debian revisions should be stripped from versions in symbols files.
be stripped because the symbol really appearead between two specific
Debian revisions, you should postfix the version with a single "~"
(example: 1.0-3~ if the symbol appeared in 1.0-3).
+
+Tag: missing-dep-on-libc
+Type: error
+Ref: policy 8.6
+Info: All shared libraries and compiled binaries must be run through
+ dpkg-shlibdeps to find out any libraries they are linked against, usually
+ with the dh_shlibdeps debhelper command. The package containing these
+ files must use ${shlibs:Depends} to depend on the corresponding set
+ of packages.
+ .
+ The listed file is linked against the system C library, but the
+ package doesn't depend on the C library package. This indicates that
+ the ${shlibs:Depends} mechanism is not used correctly.
Reply to: