Bug#325372: lintian: please add check for careless usage of "make clean" and the like
Package: lintian
Version: 1.23.10
Severity: wishlist
A lot of packages, particularly those with upstreams that use the GNU
autotools, have a very nasty habit of running the upstream clean rule while
utterly ignoring any errors from it. This is very, very bad. Please add a
check for it.
An egrep regex to catch this is probably about as simple as:
'\t[[:space:]]*-(\$[({]MAKE[)}]|make)[[:space:]].*(dist)?clean'
See transcript of IRC discussion below for further elaboration of rationale.
00:35 < Overfiend> joshk: What didn't you like about my changes to
debian/rules?
00:36 < Overfiend> a configure target for autofoo-using packages is
common practice AFAICT
00:36 < Overfiend> because of the problem of getting a properly cleaned
tree
00:36 < Overfiend> if you were to assert that configure getting run
*twice* for every package build from a freshly-unpacked source were
a bit stupid, I'd agree.
00:36 < Overfiend> But that stupidity appears to be forced on us by
GNU autofoo.
00:37 < joshk> yes - my scripts run a clean and then a build..
00:37 < Overfiend> your scripts? debuild does that too.
dpkg-buildpackage might as well, I don't remember.
00:37 < Overfiend> it's the Right Thing to do.
00:37 < vorlon> Overfiend: meh? Why would it be run twice?
00:37 < Overfiend> Builds should always start from a known state.
00:37 < Overfiend> vorlon: because debuild invokes debian/rules clean
before debian/rules binary
00:38 < Overfiend> or dpkg-buildpackage does
00:38 < Overfiend> as I said, I don't remember
00:38 < doogie> why does clean depend on configure?
00:38 < vorlon> Overfiend: there's no reason clean should need to depend
on configure
00:38 < Overfiend> can't "make clean" if there's no Makefile...
00:38 < vorlon> not with sane autotoolery
00:38 < doogie> then don't
00:38 < vorlon> yes, so you type "-make clean" instead
00:38 < Overfiend> UGH!
00:38 < doogie> what he said
00:38 < joshk> -$(MAKE) distclean, here
00:38 * Overfiend vomits across the room
00:38 < Overfiend> that's fucking moronic
00:38 < doogie> no, this is how it's done
00:38 < joshk> Overfiend: wow. have you considered entering a contest?
00:38 < Overfiend> "I don't care why make clean failed. Ignore it."
00:39 < vorlon> fine. [ ! -f Makefile ] || make clean
00:39 < vorlon> :P
00:39 < Overfiend> That's like swatting a fly with a neutron star.
00:39 < doogie> however, this is why I hate build systems that don't
support a build dir.
00:39 < joshk> build system? what build system? :|
00:39 < Overfiend> vorlon: that's a bit more reasonable.
00:39 < joshk> vorlon: hmm, good idea
00:39 < doogie> ifeq (Makefile,$(wildcard Makefile))
00:40 < doogie> make clean
00:40 < doogie> endif
00:40 < Overfiend> "Ignore all errors from make on the assumption that
the only reason it would fail is because there's no Makefile" is
mondo stupid.
00:40 < joshk> well, the reason i chose to do it my way is because it's
that way in every single one of my autofoo using packages currently
00:40 < doogie> my way is more efficient. less forking.
00:40 < joshk> so even if you were right, i'd end up having to orchestrate
that change over all my packages anyway..
00:40 < joshk> IOW: someday.
00:41 < Overfiend> I don't care which approach, vorlon's or doogie's,
people use. but -$(MAKE) {dist,}clean is just unholy bad.
00:41 < vorlon> doogie: doesn't every line get passed to sh for execution?
If [ is a builtin, there's no difference in fork count
(Connection timed out)]
00:42 < Overfiend> Recall that people mindlessly ignoring error conditions
is why we see most security advisories.
00:42 < doogie> vorlon: try again. if the Makefile doesn't exist,
$(wildcard) expands to nothing, so the line isn't sent to the shell
00:42 < vorlon> ah.
00:42 < vorlon> right.
00:42 < joshk> Overfiend: a ton of people, not just myself, use a
variation of -make clean - you may want to submit a lintian check
for it...
00:42 < doogie> and you have to test for the file's existance anyways.
00:42 < joshk> sounds like something that would get in. and it would
compel me to do it more quickly :)
00:42 < doogie> altho, it does make the file harder to read
00:43 < Overfiend> joshk, doogie, vorlon: permission to quote you guys
in my bug report.
00:43 < joshk> Overfiend: granted
00:43 < Overfiend> I'd rather paste this discussion than rewrite it.
00:43 < vorlon> Overfiend: as long as you leave out the fart noises
[Read error: 104 (Connection reset by peer)]
00:43 < Overfiend> vorlon: oh, very well
00:43 < doogie> you can always quote my makefile foo, if it is meant to
scare and intimidate
00:43 < Overfiend> doogie: :)
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.9-powerpc-smp
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages lintian depends on:
ii binutils 2.16.1-2 The GNU assembler, linker and bina
ii diffstat 1.41-1 produces graph of changes introduc
ii file 4.12-1 Determines file type using "magic"
ii gettext 0.14.5-2 GNU Internationalization utilities
ii intltool-debian 0.30+20040213 Help i18n of RFC822 compliant conf
ii man-db 2.4.3-1 The on-line manual pager
ii perl [libdigest-md5-perl] 5.8.7-4 Larry Wall's Practical Extraction
lintian recommends no packages.
-- no debconf information
Reply to: