[lintian] 02/09: c/udev.{desc, pm}: Added new check for udev rule files
This is an automated email from the git hooks/post-receive script.
nthykier pushed a commit to branch master
in repository lintian.
commit 594891f4d93aecfae064632e06dacdd4ca8cc284
Author: Petter Reinholdtsen <pere@hungry.com>
Date: Sun Oct 23 23:33:22 2016 +0200
c/udev.{desc,pm}: Added new check for udev rule files
Mostly check USB rules.
Signed-off-by: Niels Thykier <niels@thykier.net>
---
checks/udev.desc | 32 +++++++++++++
checks/udev.pm | 114 +++++++++++++++++++++++++++++++++++++++++++++++
t/scripts/pod-spelling.t | 2 +-
3 files changed, 147 insertions(+), 1 deletion(-)
diff --git a/checks/udev.desc b/checks/udev.desc
new file mode 100644
index 0000000..7ccfdf8
--- /dev/null
+++ b/checks/udev.desc
@@ -0,0 +1,32 @@
+Check-Script: udev
+Author: Petter Reinholdtsen <pere@hungry.com>
+Type: binary
+Needs-Info: unpacked
+Info: This script checks the udev rules for problems.
+
+Tag: udev-rule-unreadable
+Severity: serious
+Certainty: certain
+Ref: https://wiki.debian.org/USB/GadgetSetup
+Info: The udev rule entry should be a file
+ The package contain a non-file in /lib/udev/rules.d/. The directory
+ should only contain readable files.
+
+Tag: udev-rule-missing-uaccess
+Severity: normal
+Certainty: possible
+Ref: https://wiki.debian.org/USB/GadgetSetup
+Info: The package set up a device for user access without using the
+ uaccess tag. Some udev rules get the same effect using other markers
+ enabling console user access using rules in
+ /lib/udev/rules.d/70-uaccess.rules. Others should specify
+ TAG+="uaccess" in the udev rule.
+
+Tag: udev-rule-missing-subsystem
+Severity: normal
+Certainty: possible
+Ref: https://wiki.debian.org/USB/GadgetSetup
+Info: The package matches vendor/product IDs without specifying
+ subsystem. The vendor/product IDs are subsystem specific. Matching
+ rules using those should specify subsystem too, for example by using
+ SUBSYSTEM=="usb" at the start of the matching rule.
diff --git a/checks/udev.pm b/checks/udev.pm
new file mode 100644
index 0000000..3aa5e2a
--- /dev/null
+++ b/checks/udev.pm
@@ -0,0 +1,114 @@
+# udev -- lintian check script -*- perl -*-
+
+# Copyright © 2016 Petter Reinholdtsen
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, you can find it on the World Wide
+# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package Lintian::udev;
+
+use strict;
+use warnings;
+
+use Lintian::Tags qw(tag);
+
+# Check /lib/udev/rules.d/, detect use of MODE="0666" and use of
+# GROUP="plugdev" without TAG+="uaccess".
+
+sub run {
+ my ($pkg, $type, $info, $proc, $group) = @_;
+ my $rules_dir = $info->index_resolved_path('lib/udev/rules.d/');
+ return unless $rules_dir;
+ foreach my $file ($rules_dir->children) {
+ if (! $file->is_open_ok()) {
+ tag('udev-rule-unreadable', $file);
+ next;
+ }
+ check_udev_rules($file, \&check_rule);
+ }
+ return;
+}
+
+sub check_rule {
+ my ($file, $linenum, $rule) = @_;
+
+ # for USB, if everyone or the plugdev group members are
+ # allowed access, the uaccess tag should be used too.
+ if ($rule =~ m/SUBSYSTEM=="usb"/
+ && ($rule =~ m/GROUP="plugdev"/
+ || $rule =~ m/MODE="0666"/)
+ && $rule !~ m/ENV\{COLOR_MEASUREMENT_DEVICE\}/
+ && $rule !~ m/ENV\{DDC_DEVICE\}/
+ && $rule !~ m/ENV\{ID_CDROM\}/
+ && $rule !~ m/ENV\{ID_FFADO\}/
+ && $rule !~ m/ENV\{ID_GPHOTO2\}/
+ && $rule !~ m/ENV\{ID_HPLIP\}/
+ && $rule !~ m/ENV\{ID_INPUT_JOYSTICK\}/
+ && $rule !~ m/ENV\{ID_MAKER_TOOL\}/
+ && $rule !~ m/ENV\{ID_MEDIA_PLAYER\}/
+ && $rule !~ m/ENV\{ID_PDA\}/
+ && $rule !~ m/ENV\{ID_REMOTE_CONTROL\}/
+ && $rule !~ m/ENV\{ID_SECURITY_TOKEN\}/
+ && $rule !~ m/ENV\{ID_SMARTCARD_READER\}/
+ && $rule !~ m/ENV\{ID_SOFTWARE_RADIO\}/
+ && $rule !~ m/TAG\+="uaccess"/) {
+ tag('udev-rule-missing-uaccess', "$file:$linenum",
+ 'user accessible device missing TAG+="uaccess"');
+ }
+
+ # Matching rules mentioning vendor/product should also specify
+ # subsystem, as vendor/product is subsystem specific.
+ if ($rule =~ m/ATTR\{idVendor\}=="[0-9a-fA-F]+"/
+ && $rule =~ m/ATTR\{idProduct\}=="[0-9a-fA-F]*"/
+ && $rule !~ m/SUBSYSTEM=="[^"]+"/ ) {
+ tag('udev-rule-missing-subsystem', "$file:$linenum",
+ 'vendor/product matching missing SUBSYSTEM specifier');
+ }
+ return 0;
+}
+
+sub check_udev_rules {
+ my ($file, $check) = @_;
+
+ my $fd = $file->open();
+ my $linenum = 0;
+ my $cont;
+ my $retval = 0;
+ while (<$fd>) {
+ chomp;
+ $linenum++;
+ if (defined $cont) {
+ $_ = $cont . $_;
+ $cont = undef;
+ }
+ if (/^(.*)\\$/) {
+ $cont = $1;
+ next;
+ }
+ next if /^#.*/; # Skip comments
+ $retval |= $check->($file, $linenum, $_);
+ }
+ close($fd);
+ return $retval;
+}
+
+1;
+
+# Local Variables:
+# indent-tabs-mode: nil
+# cperl-indent-level: 4
+# End:
+# vim: syntax=perl sw=4 sts=4 sr et
diff --git a/t/scripts/pod-spelling.t b/t/scripts/pod-spelling.t
index 75787eb..6973488 100755
--- a/t/scripts/pod-spelling.t
+++ b/t/scripts/pod-spelling.t
@@ -121,7 +121,7 @@ hashrefs namespace subdir SIGPIPE SIG blocknumber blocksub readwindow
REMOVESLASH STAMPFILE TAGNAME TCODE TESTDATA BLOCKSIZE jN
POSIX t1c2pfb init runtime txt executability writability
INHANDLE OUTHANDLES UTC timestamp faux tagname READMEs Testname
-debhelper dh buildpackage
+debhelper dh buildpackage uaccess udev
__END__
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: