we need a Package Checker

[James A.Treacy <treacy@debian.org>]

Suggestion: package checker

It is currently possible to have packages installed which do not comply with
Debian policy.  A lot of these could be avoided if we simply did some kind of
check on every package before we allowed it into the distribution.

Here is the framework for a simple, flexible way to check for a lot of packaging
mistakes.

The idea is to use dpkg to unpack the .deb into /tmp
and then to use run-parts to run all the checking scripts that
have been written.

------------------------ begin package_checker -------------------
#!/bin/sh

# USAGE: package_checker <package>.deb
# Just an example. This should be done in perl
if [ -f $1 ]; then
   mkdir /tmp/$1.check
   mkdir /tmp/$1.check/DEBIAN
   dpkg -e $1 /tmp/DEBIAN
   dpkg -x $1 /tmp/
   cd /tmp/$1.check
   run-parts /usr/lib/package_checker/
; fi
------------------------ end package_checker ---------------------

Instead of one monstrous convoluted program this allows different
checks to be written by different people. When changes are made
to policy, it should be easy to modify an existing check or create a new check
and just throw it into the package_checker directory.

A template program would be written which would create variables for the
package name and version so they can be used in the check and make writing
a check easier.

Off the top of my head, we could check for
 - scripts that need it contain 'set -e' ({post,pre}{inst}{rm} and files in
   /etc/inti.d for example)
 - permissions on all files
     anything in a bin dir is 755. Give warning for other perms - especially suid
     anything in a lib dir is 644 (except for soft links)
 - existance of all required files in /usr/doc/<package>
 - existance of man pages for every executable in /usr/bin /usr/sbin /bin /sbin
 - man pages compressed
 - libraries and executables are stripped

Anyway, the point here is not to create an exhaustive list, but just to give
an idea of what would be done. Even the few things I've listed would avoid
a lot of bugs. It would also allow us to force acceptance of changes in policy.

I'd do this if I had the time (it would be a perfect opportunity to finally learn perl).
The few I've listed above would be extremely easy to code.
Someone want to volunteer to do this? Once one person develops a good base, others
will create more checks over time.

- Jay


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .