lintian: r605 - in trunk: checks debian testset testset/maintainer-scripts/debian
Author: rra
Date: 2006-04-03 07:33:13 +0200 (Mon, 03 Apr 2006)
New Revision: 605
Modified:
trunk/checks/scripts
trunk/checks/scripts.desc
trunk/debian/changelog
trunk/testset/maintainer-scripts/debian/postinst
trunk/testset/maintainer-scripts/debian/postrm
trunk/testset/tags.maintainer-scripts
Log:
+ [RA] Find missing ucf dependencies and restructure the code to allow
easier addition of similar checks. (Closes: #261891)
Modified: trunk/checks/scripts
===================================================================
--- trunk/checks/scripts 2006-04-03 04:34:23 UTC (rev 604)
+++ trunk/checks/scripts 2006-04-03 05:33:13 UTC (rev 605)
@@ -151,6 +151,16 @@
'zsh' => 'zsh'
);
+# Appearance of one of these regexes in a maintainer script means that there
+# must be a dependency (or pre-dependency) on the given package. The tag
+# reported is maintainer-script-needs-depends-on-%s, so be sure to update
+# scripts.desc when adding a new rule.
+my @depends_needed = (
+ [ adduser => '\badduser\b' ],
+ [ netbase => '\bupdate-inetd\b' ],
+ [ ucf => '\bucf\s' ],
+);
+
my %executable = ();
my %suid = ();
my %ELF = ();
@@ -415,7 +425,7 @@
open C, "$filename"
or fail("cannot open maintainer script $filename for reading: $!");
- my ($warned_tmp, $warned_killall, $warned_netbase, $warned_adduser);
+ my %warned;
my ($saw_init, $saw_invoke);
my $cat_string = "";
@@ -425,13 +435,13 @@
chomp();
if (m,[^\w=](/var)?/tmp\b, and not m/\bmktemp\b/ and not m/\btempfile\b/ and not m/\bmkdir\b/) {
tag "possibly-insecure-handling-of-tmp-files-in-maintainer-script", "$file:$."
- unless $warned_tmp;
- $warned_tmp = 1;
+ unless $warned{tmp};
+ $warned{tmp} = 1;
}
if (m/^\s*killall(?:\s|$)/) {
tag "killall-is-dangerous", "$file:$."
- unless $warned_killall;
- $warned_killall = 1;
+ unless $warned{killall};
+ $warned{killall} = 1;
}
if (m/^\s*mknod(?:\s|$)/ and not m/\sp\s/) {
tag "mknod-in-maintainer-script", "$file:$.";
@@ -554,24 +564,21 @@
if (m,\bsuidregister\b,) {
tag "suidregister-used-in-maintainer-script", "$file";
}
- if (m,\bupdate-inetd\b, && !$warned_netbase) {
- my $type = $deps{'netbase'};
- unless ($type and ($type eq 'depends' or $type eq 'pre-depends')) {
- tag "maintainer-script-needs-depends-on-netbase", "$file";
- $warned_netbase = 1;
- }
- }
- if (m,\badduser\b, && !$warned_adduser) {
- my $type = $deps{'adduser'};
- unless ($type and ($type eq 'depends' or $type eq 'pre-depends')) {
- tag "maintainer-script-needs-depends-on-adduser", "$file";
- $warned_adduser = 1;
- }
- }
if ($file eq 'postrm') {
if (m,update\-alternatives \-\-remove,) {
tag "update-alternatives-remove-called-in-postrm", "";
}
+ } else {
+ for my $rule (@depends_needed) {
+ my ($package, $regex) = @$rule;
+ if (/$regex/ && ! $warned{$package}) {
+ my $type = $deps{$package};
+ unless ($type and ($type eq 'depends' or $type eq 'pre-depends')) {
+ tag "maintainer-script-needs-depends-on-$package", "$file";
+ $warned{$package} = 1;
+ }
+ }
+ }
}
if (/invoke-rc.d.*\|\| exit 0/) {
tag "maintainer-script-hides-init-failure", "$file:$.";
Modified: trunk/checks/scripts.desc
===================================================================
--- trunk/checks/scripts.desc 2006-04-03 04:34:23 UTC (rev 604)
+++ trunk/checks/scripts.desc 2006-04-03 05:33:13 UTC (rev 605)
@@ -266,6 +266,11 @@
Info: This script calls adduser, but the package does not depend or
pre-depend on the adduser package.
+Tag: maintainer-script-needs-depends-on-ucf
+Type: warning
+Info: This script calls ucf, but the package does not depend or pre-depend
+ on the ucf package.
+
Tag: update-alternatives-remove-called-in-postrm
Type: warning
Info: 'update-alternatives --remove <alternative> foo' is called in the
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-04-03 04:34:23 UTC (rev 604)
+++ trunk/debian/changelog 2006-04-03 05:33:13 UTC (rev 605)
@@ -41,6 +41,8 @@
a typo. Thanks, Marc Haber. (Closes: #360214, #360216)
+ [RA] Warn when maintainer scripts run init scripts directly and
don't use invoke-rc.d. Thanks, Lars Wirzenius. (Closes: #353659)
+ + [RA] Find missing ucf dependencies and restructure the code to allow
+ easier addition of similar checks. (Closes: #261891)
* collection/objdump-info:
+ [RA] Unset CDPATH before running cd to avoid strange effects from
@@ -50,7 +52,7 @@
* lib/Util.pm:
+ [RA] Add system_env, like system but sanitizing the environment.
- -- Russ Allbery <rra@debian.org> Sun, 2 Apr 2006 15:40:00 -0700
+ -- Russ Allbery <rra@debian.org> Sun, 2 Apr 2006 22:32:37 -0700
lintian (1.23.16) unstable; urgency=low
Modified: trunk/testset/maintainer-scripts/debian/postinst
===================================================================
--- trunk/testset/maintainer-scripts/debian/postinst 2006-04-03 04:34:23 UTC (rev 604)
+++ trunk/testset/maintainer-scripts/debian/postinst 2006-04-03 05:33:13 UTC (rev 605)
@@ -60,3 +60,6 @@
else
/etc/init.d/package start
fi
+
+# Example ucf invocation.
+ucf /usr/share/foo/configuration /etc/foo.conf
Modified: trunk/testset/maintainer-scripts/debian/postrm
===================================================================
--- trunk/testset/maintainer-scripts/debian/postrm 2006-04-03 04:34:23 UTC (rev 604)
+++ trunk/testset/maintainer-scripts/debian/postrm 2006-04-03 05:33:13 UTC (rev 605)
@@ -23,3 +23,10 @@
# Shouldn't provoke an error despite no invoke-rc.d.
echo "/etc/init.d/package stop to stop something"
+
+# Shouldn't require a ucf dependency. Unfortunately, right now that's
+# just because postrm isn't checked, not because we ensure that the
+# invocation is conditional.
+if which ucf >/dev/null; then
+ ucf --purge /etc/foo.conf
+fi
Modified: trunk/testset/tags.maintainer-scripts
===================================================================
--- trunk/testset/tags.maintainer-scripts 2006-04-03 04:34:23 UTC (rev 604)
+++ trunk/testset/tags.maintainer-scripts 2006-04-03 05:33:13 UTC (rev 605)
@@ -27,6 +27,7 @@
W: maintainer-scripts: maintainer-script-calls-deprecated-wm-menu-config postinst:31
W: maintainer-scripts: maintainer-script-calls-init-script-directly prerm:54
W: maintainer-scripts: maintainer-script-hides-init-failure postinst:55
+W: maintainer-scripts: maintainer-script-needs-depends-on-ucf postinst
W: maintainer-scripts: missing-debconf-dependency
W: maintainer-scripts: no-debconf-templates
W: maintainer-scripts: possible-bashism-in-maintainer-script postinst:15 '. /usr/share/lintian/shell foo'
Reply to: