Russ Allbery wrote: > Luk Claes <luk@debian.org> writes: > >> tags 231770 +patch >> thanks > >> Hi > >> Easy patch included for consideration. > > My concern about the simple approach to this (which I never sent to the > bug; my bad) is that the other major use of read besides prompting is for > parsing files. It's not uncommon to see a construct like: > > while read facility destination ; do > # do something with facility and destination > done < /etc/syslog.conf > > Your patch won't produce false positives with this, but I don't know if > there are any scripts that do something similar but don't use that > explicit of a loop. I don't see any in a quick check on my system, but I > only have a few packages installed. I would be surprised to see it happen, but if it happens we can always improve the checking, no? > The other problem is that some packages fall back on read when debconf > isn't available (Postfix, for example) and others intentionally don't use > debconf (libc6). I'm not sure how to handle those cases, and this patch > would definitely give false positives for Postfix unless we think that it > shouldn't support a fallback if debconf is missing. There are several > other packages on my system with similar fallbacks (flex, fvwm, and > openssh-server) in their *.preinst files. > > I wonder if we could work around the case where read is used only as a > fallback by not issuing this diagnostic for scripts that also try to use > debconf and just assume that if the maintainer is using debconf at all, > they know what they're doing. That leaves the packages that are > intentionally avoiding use of debconf, but maybe if we exempt essential > packages from this check (plus things like libc6 that are essential in > practice), that would cut the false positives down sufficiently. > > What do you think? Why would essential packages not try to use debconf if available? I updated the patch a bit so that if db_input is used before the read it won't barf: - my $cat_string = ""; + my $cat_string = ""; + my $seen_debconf = 0; - if (m/^\s*read(?:\s|$)) { - tag "read-in-maintainer-script", "$file:$."; - } + if (m/db_input/) { + $seen_debconf = 1; + } + if (m/^\s*read(?:\s|$)/ && !$seen_debconf) { + tag "read-in-maintainer-script", "$file:$."; + } Cheers Luk -- Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D Fingerprint: D5AF 25FB 316B 53BB 08E7 F999 E544 DE07 9B7C 328D
Attachment:
signature.asc
Description: OpenPGP digital signature