lintian: r34 - in branches/1.22.9+tarcheck: branches/1.22.9+tarcheck/checks branches/1.22.9+tarcheck/debian branches/1.22.9+tarcheck/frontend

To: debian-lint-maint@lists.debian.org
Subject: lintian: r34 - in branches/1.22.9+tarcheck: branches/1.22.9+tarcheck/checks branches/1.22.9+tarcheck/debian branches/1.22.9+tarcheck/frontend
From: jeroen@wolffelaar.nl
Date: Fri, 13 Feb 2004 01:02:49 +0100
Message-id: <[🔎] E1ArQnB-0000zS-00@frodo.wolffelaar.nl>
Author: jeroen
Date: 2004-02-13 01:02:12 +0100 (Fri, 13 Feb 2004)
New Revision: 34

Added:
   branches/1.22.9+tarcheck/checks/deb-format
   branches/1.22.9+tarcheck/checks/deb-format.desc
Modified:
   branches/1.22.9+tarcheck/debian/changelog
   branches/1.22.9+tarcheck/debian/control
   branches/1.22.9+tarcheck/frontend/lintian
Log:
Added check against packages created with buggy tar

Added: branches/1.22.9+tarcheck/checks/deb-format
===================================================================
--- branches/1.22.9+tarcheck/checks/deb-format	2004-02-12 23:17:06 UTC (rev 33)
+++ branches/1.22.9+tarcheck/checks/deb-format	2004-02-13 00:02:12 UTC (rev 34)
@@ -0,0 +1,102 @@
+#!/usr/bin/perl -w
+# Most of this code is shamelessly stolen from Archive::Tar. Thanks.
+#
+# The copyright for the rest is as follows: 
+#
+# Copyright: (C) 2004 Marc Brockschmidt <marc@dch-faq.de>
+# Adapted to lintian by Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Library General Public License as published
+# by the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+use strict;
+
+($#ARGV == 1) or fail("syntax: standards-version <pkg> <type>");
+my $pkg = shift;
+my $type = shift;
+
+eval q{ use Archive::Tar };
+if ($@) {
+    print "N: The Archive::Tar module is not installed, so lintian\n";
+    print "N: cannot check whether a broken tar version was used for\n";
+    print "N: creating this .deb. Please install libarchive-tar-perl\n";
+    exit;
+}
+
+use constant HEAD           => 512;
+use constant TAR_END        => "\0" x 512;
+use constant BLOCK_SIZE     => sub { my $n = int($_[0]/512); $n++ if $_[0] % 512; $n * 512 };
+
+open INPUT, "ar p deb data.tar.gz | gzip -dc |";
+
+my ($chunk, $real_name, $data);
+while( read( INPUT, $chunk, HEAD ) ) {                  
+    ### if we can't read in all bytes... ###
+    last if length $chunk != HEAD;
+    
+    # Apparently this should really be two blocks of 512 zeroes,
+    # but GNU tar sometimes gets it wrong. See comment in the
+    # source code (tar.c) to GNU cpio.
+    last if $chunk eq TAR_END; 
+    
+    my $entry; 
+    unless( $entry = Archive::Tar::File->_new_from_chunk( $chunk ) ) {
+        warn ( qq[Couldnt read chunk '$chunk'] );
+        next;
+    }
+    
+    ### ignore labels:
+    ### http://www.gnu.org/manual/tar/html_node/tar_139.html
+    next if $entry->is_label;
+    
+    if( length $entry->type and ($entry->is_file || $entry->is_longlink) ) {      
+        ### part II of the @LongLink munging -- need to do /after/
+        ### the checksum check.
+
+        my $block = BLOCK_SIZE->( $entry->size );
+
+        $data = $entry->get_content_by_ref;
+        
+        ### just read everything into memory 
+        ### can't do lazy loading since IO::Zlib doesn't support 'seek'
+        ### this is because Compress::Zlib doesn't support it =/            
+        if( read( INPUT, $$data, $block ) < $block ) {
+            die ( qq[Read error on tarfile ]. $entry->name ."'" );
+        }
+
+        ### throw away trailing garbage ###
+        substr ($$data, $entry->size) = "";
+    }
+    
+    
+    ### clean up of the entries.. posix tar /apparently/ has some
+    ### weird 'feature' that allows for filenames > 255 characters
+    ### they'll put a header in with as name '././@LongLink' and the
+    ### contents will be the name of the /next/ file in the archive
+    ### pretty crappy and kludgy if you ask me
+    
+    ### set the name for the next entry if this is a @LongLink;
+    ### this is one ugly hack =/ but needed for direct extraction
+    if( $entry->is_longlink ) {
+        $real_name = $data;	
+        next;
+    } elsif ( defined $real_name ) {
+        $entry->name( $$real_name );
+        undef $real_name;
+    }
+
+	my $raw = $entry->raw();
+	my $name = substr($raw, 0, 100);
+	$name =~ s/\x00/-/g;
+
+	print "E: deb-created-with-broken-tar broken file: $name\n"
+		if ((length($name) == 100) && ($name eq $entry->name()));
+    
+    ### Guard against tarfiles with garbage at the end
+    last if $entry->name eq ''; 
+} continue {
+    undef $data;
+}
+


Property changes on: branches/1.22.9+tarcheck/checks/deb-format
___________________________________________________________________
Name: svn:executable
   + *

Added: branches/1.22.9+tarcheck/checks/deb-format.desc
===================================================================
--- branches/1.22.9+tarcheck/checks/deb-format.desc	2004-02-12 23:17:06 UTC (rev 33)
+++ branches/1.22.9+tarcheck/checks/deb-format.desc	2004-02-13 00:02:12 UTC (rev 34)
@@ -0,0 +1,17 @@
+Check-Script: deb-format
+Author: Marc Brockschmidt <marc@dch-faq.de>
+Abbrev: dfmt
+Standards-Version: 3.6.1
+Type: binary
+Unpack-Level: 1
+Info: This script checks if a binary package was build using a broken version
+ of tar (i.e., containing bug#230910)
+
+Tag: deb-created-with-broken-tar
+Type: error
+Info: The binary package was created with a broken version of tar.
+ Some versions of tar contain a bug, which make the resulting .deb broken. On
+ unpack, some filenames are going to be corrupted.
+ .
+ This package was build with such a version of tar, and the mentioned filename
+ is corrupted. Refer to Debian bug #230910 for more information.

Modified: branches/1.22.9+tarcheck/debian/changelog
===================================================================
--- branches/1.22.9+tarcheck/debian/changelog	2004-02-12 23:17:06 UTC (rev 33)
+++ branches/1.22.9+tarcheck/debian/changelog	2004-02-13 00:02:12 UTC (rev 34)
@@ -1,3 +1,11 @@
+lintian (1.22.10) unstable; urgency=low
+
+  * Interim release
+  * Add check for tar bug #230910
+    (tar check written by Marc 'HE' Brockschmidt <marc@marcbrockschmidt.de>)
+
+ -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Fri, 13 Feb 2004 01:00:48 +0100
+
 lintian (1.22.9) unstable; urgency=low
 
   * config.* files from 2000-09-05 and such had the timestamp in a

Modified: branches/1.22.9+tarcheck/debian/control
===================================================================
--- branches/1.22.9+tarcheck/debian/control	2004-02-12 23:17:06 UTC (rev 33)
+++ branches/1.22.9+tarcheck/debian/control	2004-02-13 00:02:12 UTC (rev 34)
@@ -8,7 +8,7 @@
 Package: lintian
 Architecture: all
 Depends: perl, file, binutils, diffstat (>= 1.27-1), man-db (>= 2.3.20-1)
-Suggests: binutils-multiarch
+Suggests: binutils-multiarch, libarchive-tar-perl
 Description: Debian package checker
  Lintian dissects Debian packages and reports bugs and policy
  violations. It contains automated checks for many aspects of Debian

Modified: branches/1.22.9+tarcheck/frontend/lintian
===================================================================
--- branches/1.22.9+tarcheck/frontend/lintian	2004-02-12 23:17:06 UTC (rev 33)
+++ branches/1.22.9+tarcheck/frontend/lintian	2004-02-13 00:02:12 UTC (rev 34)
@@ -29,7 +29,7 @@
 #  Global Variables
 #######################################
 my $lintian_info_cmd = 'lintian-info'; #Command to run for ?
-my $LINTIAN_VERSION = "1.22.9";	#External Version number
+my $LINTIAN_VERSION = "1.22.10";	#External Version number
 my $BANNER = "Lintian v$LINTIAN_VERSION"; #Version Banner - text form
 my $LAB_FORMAT = 6;		#Lab format Version Number
 				#increased whenever incompatible
Reply to:
Prev by Date: lintian: r33 - / branches
Next by Date: lintian: r35 - branches/1.22.9+tarcheck/debian
Previous by thread: lintian: r33 - / branches
Next by thread: lintian: r35 - branches/1.22.9+tarcheck/debian
Index(es):
- Date
- Thread