[SCM] Debian package checker branch, master, updated. 2.1.3-1-gc89353f
The following commit has been merged in the master branch:
commit c89353f3dcfdad407ae45924240a152be095ebb4
Author: Russ Allbery <rra@debian.org>
Date: Sun Dec 28 14:56:38 2008 -0800
Overhaul checking of maintainer script and config interpreters
* checks/scripts{,.desc}:
+ [RA] Overhaul checking of maintainer script and config interpreters:
- postrm scripts must use an essential interpreter.
- Only preinst scripts require Pre-Depends; Depends is sufficient for
postinst and prerm scripts. (Closes: #508307)
- Separate unknown-control-interpreter from unusual-interpreter
since it's much more likely to be an error.
- Separate control-interpreter-in-usr-local from
interpreter-in-usr-local since the severity is higher.
- unusual-control-interpreter is certain, not possible.
- Suppress some cases of multiple tags about the same basic problem.
diff --git a/checks/scripts b/checks/scripts
index 775dc90..2085b06 100644
--- a/checks/scripts
+++ b/checks/scripts
@@ -424,31 +424,45 @@ while (<SCRIPTS>) {
tag("interpreter-not-absolute", $filename, "#!$interpreter")
unless ($interpreter =~ m|^/|);
- if (exists $interpreters{$base}) {
- my $data = $interpreters{$base};
- my $expected = $data->[0] . '/' . $base;
+ if ($interpreter =~ m|/usr/local/|) {
+ tag("control-interpreter-in-usr-local", $filename, "#!$interpreter");
+ } elsif ($base eq 'sh' or $base eq 'bash' or $base eq 'perl') {
+ my $expected = $interpreters{$base}->[0] . '/' . $base;
tag("wrong-path-for-interpreter", "#!$interpreter != $expected",
"($filename)")
unless ($interpreter eq $expected);
- unless ($base eq 'sh' or $base eq 'bash' or $base eq 'perl') {
- my $tag;
- if ($file eq 'config') {
- $tag = 'forbidden-config-interpreter';
- } else {
- $tag = 'unusual-control-interpreter';
- }
- tag($tag, "#!$interpreter");
+ } elsif ($file eq 'config') {
+ tag('forbidden-config-interpreter', "#!$interpreter");
+ } elsif ($file eq 'postrm') {
+ tag('forbidden-postrm-interpreter', "#!$interpreter");
+ } elsif (exists $interpreters{$base}) {
+ my $data = $interpreters{$base};
+ my $expected = $data->[0] . '/' . $base;
+ unless ($interpreter eq $expected) {
+ tag("wrong-path-for-interpreter", "#!$interpreter != $expected",
+ "($filename)")
}
+ tag('unusual-control-interpreter', $filename, "#!$interpreter");
+
+ # Interpreters used by preinst scripts must be in Pre-Depends.
+ # Interpreters used by postinst or prerm scripts must be in Depends.
unless (defined ($data->[1]) and not $data->[1]) {
- my $depends = $data->[1] || $base;
- unless (Dep::implies($deps{'pre-depends'}, Dep::parse($depends))) {
- tag("interpreter-without-predep", $filename, "#!$interpreter");
+ my $depends = Dep::parse($data->[1] || $base);
+ if ($file eq 'preinst') {
+ unless (Dep::implies($deps{'pre-depends'}, $depends)) {
+ tag('preinst-interpreter-without-predepends',
+ "#!$interpreter")
+ }
+ } else {
+ unless (Dep::implies($deps{'pre-depends'}, $depends)
+ or Dep::implies($deps{'depends'}, $depends)) {
+ tag('control-interpreter-without-depends', $filename,
+ "#!$interpreter")
+ }
}
}
- } elsif ($interpreter =~ m|/usr/local/|) {
- tag("interpreter-in-usr-local", $filename, "#!$interpreter");
} else {
- tag("unusual-interpreter", $filename, "#!$interpreter");
+ tag("unknown-control-interpreter", $filename, "#!$interpreter");
next; # no use doing further checks if it's not a known interpreter
}
diff --git a/checks/scripts.desc b/checks/scripts.desc
index 58650cf..5889046 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -57,11 +57,31 @@ Info: This package contains a <tt>config</tt> script for pre-configuring
are guaranteed to be installed, so you cannot use a non-essential
interpreter.
+Tag: forbidden-postrm-interpreter
+Severity: serious
+Certainty: certain
+Info: This package contains a <tt>postrm</tt> maintainer script that uses
+ an interpreter that isn't essential. The <tt>purge</tt> action of
+ <tt>postrm</tt> can only rely on essential packages, which means the
+ interpreter used by <tt>postrm</tt> must be one of the essential ones
+ (<tt>sh</tt>, <tt>bash</tt>, or <tt>perl</tt>).
+Ref: policy 7.2
+
Tag: unusual-control-interpreter
Severity: minor
-Certainty: possible
+Certainty: certain
Info: This package contains a control script for an interpreter that is
- not normally used for control scripts.
+ not normally used for control scripts. This is permissible but not
+ recommended. It makes it harder for other developers to understand your
+ package.
+
+Tag: unknown-control-interpreter
+Severity: important
+Certainty: possible
+Info: This package contains a maintainer script that uses an interpreter
+ that the Lintian maintainers have not heard of. This is usually a typo
+ for a common interpreter. If not, please file a wishlist bug on lintian
+ so that the Lintian maintainers can add this interpreter to their list.
Tag: interpreter-in-usr-local
Severity: important
@@ -70,20 +90,34 @@ Info: This package contains a script that looks for an interpreter in a
directory in /usr/local. Since Debian does not install anything in
/usr/local, this is the wrong place to look.
-Tag: interpreter-without-predep
-Severity: important
+Tag: control-interpreter-in-usr-local
+Severity: serious
Certainty: certain
-Info: The package contains a control script that uses an unusual
- interpreter, but does not declare a pre-dependency on the package that
- provides this interpreter.
- .
- A perusal of &packaging; section 6.2 shows that any of the control
- scripts can be called while the package is not configured. Therefore, a
- pre-dependency is required to ensure that the interpreter is always
- available when the script is invoked.
+Info: A control script for this package references an interpreter in a
+ directory in <tt>/usr/local</tt>. Control scripts must use interpreters
+ provided by Debian packages, and Debian packages do not install anything
+ in <tt>/usr/local</tt>.
+
+Tag: preinst-interpreter-without-predepends
+Severity: serious
+Certainty: certain
+Info: The package contains a <tt>preinst</tt> maintainer script that uses
+ an unusual and non-essential interpreter but does not declare a
+ pre-dependency on the package that provides this interpreter.
.
- Please do not add a pre-dependency without following the policy for doing
- so. (Policy section 3.5).
+ <tt>preinst</tt> scripts should be written using only essential
+ interpreters to avoid additional dependency complexity. Please do not
+ add a pre-dependency without following the policy for doing so (Policy
+ section 3.5).
+Ref: policy 7.2
+
+Tag: control-interpreter-without-depends
+Severity: serious
+Certainty: possible
+Info: The package contains a maintainer script that uses an unusual and
+ non-essential interpreter but does not declare a dependency on the
+ package that provides this interpreter.
+Ref: policy 7.2
Tag: missing-dep-for-interpreter
Severity: important
diff --git a/debian/changelog b/debian/changelog
index 137372c..6aad5af 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,30 @@
+lintian (2.1.4) UNRELEASED; urgency=low
+
+ * Summary of tag changes:
+ + Added
+ - control-interpreter-in-usr-local (split from
+ interpreter-in-usr-local)
+ - control-interpreter-without-depends
+ - forbidden-postrm-interpreter
+ - preinst-interpreter-without-predepends
+ - unknown-control-interpreter (split from unusual-interpreter)
+ + Removed
+ - interpreter-without-predep
+
+ * checks/scripts{,.desc}:
+ + [RA] Overhaul checking of maintainer script and config interpreters:
+ - postrm scripts must use an essential interpreter.
+ - Only preinst scripts require Pre-Depends; Depends is sufficient for
+ postinst and prerm scripts. (Closes: #508307)
+ - Separate unknown-control-interpreter from unusual-interpreter
+ since it's much more likely to be an error.
+ - Separate control-interpreter-in-usr-local from
+ interpreter-in-usr-local since the severity is higher.
+ - unusual-control-interpreter is certain, not possible.
+ - Suppress some cases of multiple tags about the same basic problem.
+
+ -- Russ Allbery <rra@debian.org> Sun, 28 Dec 2008 13:02:03 -0800
+
lintian (2.1.3) unstable; urgency=low
* Summary of tag changes:
diff --git a/t/tests/6000_scripts-control-interpreters.desc b/t/tests/6000_scripts-control-interpreters.desc
new file mode 100644
index 0000000..4519837
--- /dev/null
+++ b/t/tests/6000_scripts-control-interpreters.desc
@@ -0,0 +1,14 @@
+Testname: scripts-control-interpreters
+Type: native
+Version: 1.0
+Architecture: any
+Description: Check maintainer and config script interpreters
+Test-For: control-interpreter-in-usr-local
+ wrong-path-for-interpreter
+ forbidden-config-interpreter
+ forbidden-postrm-interpreter
+ unusual-control-interpeter
+ preinst-interpreter-without-predepends
+ control-interpreter-without-depends
+ unknown-control-interpreter
+References: Debian Bug#508307
diff --git a/t/tests/scripts-control-interpreters/debian/debian/control.in b/t/tests/scripts-control-interpreters/debian/debian/control.in
new file mode 100644
index 0000000..cb5466a
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/control.in
@@ -0,0 +1,47 @@
+Source: {$srcpkg}
+Priority: extra
+Section: {$section}
+Maintainer: {$author}
+Standards-Version: 3.8.0
+Build-Depends: debhelper (>= 7)
+
+Package: {$srcpkg}-paths
+Architecture: {$architecture}
+Depends: $\{shlibs:Depends\}, $\{misc:Depends\}
+Description: {$description} (paths)
+ This is a test package designed to exercise some feature or tag of
+ Lintian. It is part of the Lintian test suite and may do very odd
+ things. It should not be installed like a regular package.
+
+Package: {$srcpkg}-forbidden
+Architecture: {$architecture}
+Depends: $\{shlibs:Depends\}, $\{misc:Depends\}
+Description: {$description} (forbidden)
+ This is a test package designed to exercise some feature or tag of
+ Lintian. It is part of the Lintian test suite and may do very odd
+ things. It should not be installed like a regular package.
+
+Package: {$srcpkg}-unknown
+Architecture: {$architecture}
+Depends: $\{shlibs:Depends\}, $\{misc:Depends\}
+Description: {$description} (forbidden)
+ This is a test package designed to exercise some feature or tag of
+ Lintian. It is part of the Lintian test suite and may do very odd
+ things. It should not be installed like a regular package.
+
+Package: {$srcpkg}-python
+Architecture: {$architecture}
+Depends: python, $\{shlibs:Depends\}, $\{misc:Depends\}
+Description: {$description} (python)
+ This is a test package designed to exercise some feature or tag of
+ Lintian. It is part of the Lintian test suite and may do very odd
+ things. It should not be installed like a regular package.
+
+Package: {$srcpkg}-prepython
+Architecture: {$architecture}
+Pre-Depends: python
+Depends: $\{shlibs:Depends\}, $\{misc:Depends\}
+Description: {$description} (python)
+ This is a test package designed to exercise some feature or tag of
+ Lintian. It is part of the Lintian test suite and may do very odd
+ things. It should not be installed like a regular package.
diff --git a/t/tests/scripts-control-interpreters/debian/debian/po/POTFILES.in b/t/tests/scripts-control-interpreters/debian/debian/po/POTFILES.in
new file mode 100644
index 0000000..5da079f
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] scripts-control-interpreters-forbidden.templates
diff --git a/t/tests/scripts-control-interpreters/debian/debian/po/de.po b/t/tests/scripts-control-interpreters/debian/debian/po/de.po
new file mode 100644
index 0000000..4ab3a8f
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/po/de.po
@@ -0,0 +1,13 @@
+msgid ""
+msgstr ""
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-12-28 14:30-0800\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: string
+#. description
+#: ../scripts-control-interpreters-forbidden.templates:1001
+msgid "Enter something:"
+msgstr "Not really a translation:"
diff --git a/t/tests/scripts-control-interpreters/debian/debian/po/templates.pot b/t/tests/scripts-control-interpreters/debian/debian/po/templates.pot
new file mode 100644
index 0000000..6b4af20
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/po/templates.pot
@@ -0,0 +1,23 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-12-28 14:30-0800\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: string
+#. description
+#: ../scripts-control-interpreters-forbidden.templates:1001
+msgid "Enter something:"
+msgstr ""
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.config b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.config
new file mode 100644
index 0000000..fb1c53e
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.config
@@ -0,0 +1,8 @@
+#!/usr/bin/python
+import sys
+"""
+This is here to fool Lintian to avoid additional tags about debconf.
+. /usr/share/debconf/confmodule
+db_input low scripts-control-interpreters-forbidden/test
+"""
+sys.exit(0)
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.postinst b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.postinst
new file mode 100644
index 0000000..5f9cb7d
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.postinst
@@ -0,0 +1,7 @@
+#!/usr/bin/python
+import sys
+"""
+This is here to fool Lintian to avoid additional tags about debconf.
+. /usr/share/debconf/confmodule
+"""
+sys.exit(0)
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.postrm b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.postrm
new file mode 100644
index 0000000..61e0d12
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.postrm
@@ -0,0 +1,7 @@
+#!/usr/bin/python
+import sys
+"""
+This is here to fool Lintian to avoid additional tags about debconf.
+db_purge
+"""
+sys.exit(0)
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.templates b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.templates
new file mode 100644
index 0000000..05d97b3
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-forbidden.templates
@@ -0,0 +1,3 @@
+Template: scripts-control-interpreters-forbidden/test
+Type: string
+_description: Enter something:
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-paths.postinst b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-paths.postinst
new file mode 100644
index 0000000..39cf003
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-paths.postinst
@@ -0,0 +1,5 @@
+#!/usr/bin/bash
+set -e
+run something
+
+#DEBHELPER#
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-paths.preinst b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-paths.preinst
new file mode 100644
index 0000000..542236f
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-paths.preinst
@@ -0,0 +1,5 @@
+#!/usr/local/bin/bash
+set -e
+run something
+
+#DEBHELPER#
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-paths.prerm b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-paths.prerm
new file mode 100644
index 0000000..4267164
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-paths.prerm
@@ -0,0 +1,3 @@
+#!/bin/python
+import sys
+sys.exit(0)
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-prepython.postinst b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-prepython.postinst
new file mode 100644
index 0000000..f540a5b
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-prepython.postinst
@@ -0,0 +1,3 @@
+#!/usr/bin/python
+import sys
+sys.exit(0)
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-prepython.preinst b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-prepython.preinst
new file mode 100644
index 0000000..f540a5b
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-prepython.preinst
@@ -0,0 +1,3 @@
+#!/usr/bin/python
+import sys
+sys.exit(0)
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-python.postinst b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-python.postinst
new file mode 100644
index 0000000..f540a5b
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-python.postinst
@@ -0,0 +1,3 @@
+#!/usr/bin/python
+import sys
+sys.exit(0)
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-python.preinst b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-python.preinst
new file mode 100644
index 0000000..f540a5b
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-python.preinst
@@ -0,0 +1,3 @@
+#!/usr/bin/python
+import sys
+sys.exit(0)
diff --git a/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-unknown.postinst b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-unknown.postinst
new file mode 100644
index 0000000..9e1804f
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/debian/debian/scripts-control-interpreters-unknown.postinst
@@ -0,0 +1,3 @@
+#!/usr/bin/unknown
+do the unknown thing
+exit happily
diff --git a/t/tests/scripts-control-interpreters/tags b/t/tests/scripts-control-interpreters/tags
new file mode 100644
index 0000000..5894307
--- /dev/null
+++ b/t/tests/scripts-control-interpreters/tags
@@ -0,0 +1,15 @@
+E: scripts-control-interpreters-forbidden: control-interpreter-without-depends control/postinst #!/usr/bin/python
+E: scripts-control-interpreters-forbidden: forbidden-config-interpreter #!/usr/bin/python
+E: scripts-control-interpreters-forbidden: forbidden-postrm-interpreter #!/usr/bin/python
+E: scripts-control-interpreters-paths: control-interpreter-in-usr-local control/preinst #!/usr/local/bin/bash
+E: scripts-control-interpreters-paths: control-interpreter-without-depends control/prerm #!/bin/python
+E: scripts-control-interpreters-paths: wrong-path-for-interpreter #!/bin/python != /usr/bin/python (control/prerm)
+E: scripts-control-interpreters-paths: wrong-path-for-interpreter #!/usr/bin/bash != /bin/bash (control/postinst)
+E: scripts-control-interpreters-python: preinst-interpreter-without-predepends #!/usr/bin/python
+E: scripts-control-interpreters-unknown: unknown-control-interpreter control/postinst #!/usr/bin/unknown
+W: scripts-control-interpreters-forbidden: unusual-control-interpreter control/postinst #!/usr/bin/python
+W: scripts-control-interpreters-paths: unusual-control-interpreter control/prerm #!/bin/python
+W: scripts-control-interpreters-prepython: unusual-control-interpreter control/postinst #!/usr/bin/python
+W: scripts-control-interpreters-prepython: unusual-control-interpreter control/preinst #!/usr/bin/python
+W: scripts-control-interpreters-python: unusual-control-interpreter control/postinst #!/usr/bin/python
+W: scripts-control-interpreters-python: unusual-control-interpreter control/preinst #!/usr/bin/python
diff --git a/testset/tags.maintainer-scripts b/testset/tags.maintainer-scripts
index 62b75bd..efc8acb 100644
--- a/testset/tags.maintainer-scripts
+++ b/testset/tags.maintainer-scripts
@@ -8,7 +8,6 @@ E: maintainer-scripts: forbidden-config-interpreter #!/usr/bin/python
E: maintainer-scripts: init.d-script-not-included-in-package /etc/init.d/foo
E: maintainer-scripts: install-sgmlcatalog-deprecated postinst:100
E: maintainer-scripts: install-sgmlcatalog-deprecated postrm:47
-E: maintainer-scripts: interpreter-without-predep control/config #!/usr/bin/python
E: maintainer-scripts: maintainer-script-calls-init-script-directly prerm:55
E: maintainer-scripts: maintainer-script-does-not-check-for-existence-of-wm-menu-config postinst:33
E: maintainer-scripts: maintainer-script-modifies-inetd-conf postinst:93
--
Debian package checker
Reply to: