[SCM] Debian package checker branch, master, updated. 1.24.2-14-g941101c

To: debian-lint-maint@lists.debian.org
Subject: [SCM] Debian package checker branch, master, updated. 1.24.2-14-g941101c
From: "Russ Allbery" <rra@debian.org>
Date: Mon, 21 Jul 2008 05:58:26 +0000
Message-id: <[🔎] E1KKoPi-0000VJ-SH@alioth.debian.org>

The following commit has been merged in the master branch:
commit 941101c7a8978b8519895e53735b74e6cb0e795f
Author: Russ Allbery <rra@debian.org>
Date:   Sun Jul 20 22:57:49 2008 -0700

    Warn about full paths to commands in maintainer scripts
    
    * checks/scripts{,.desc}:
      + [RA] Warn about maintainer scripts that prepend a path to commands.
        Based on a patch by Raphael Geissert.  (Closes: #376184)

diff --git a/checks/scripts b/checks/scripts
index 946cdb2..57d3c93 100644
--- a/checks/scripts
+++ b/checks/scripts
@@ -483,6 +483,7 @@ while (<SCRIPTS>) {
     my %warned;
     my ($saw_init, $saw_invoke, $saw_debconf, $has_code);
     my $cat_string = "";
+    my $LEADIN = qr'(?:(?:^|[`&;(|{])\s*|(?:if|then|do|while)\s+)';
 
     while (<C>) {
 	next if m,^\s*$,;  # skip empty lines
@@ -543,7 +544,6 @@ while (<SCRIPTS>) {
 	    if ($cat_string eq "" and $checkbashisms and !$within_another_shell) {
 		my $found = 0;
 		my $match = '';
-		my $LEADIN = qr'(?:(^|[`&;(|{])\s*|(if|then|do|while)\s+)';
 		my @bashism_single_quote_regexs = (
 		  $LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\'[^\']*(\\[\\abcEfnrtv0])+.*?[\']',
 			# unsafe echo with backslashes
@@ -749,6 +749,9 @@ while (<SCRIPTS>) {
 		    tag "maintainer-script-modifies-inetd-conf", "$file:$."
 			unless Dep::implies($deps{provides}, Dep::parse('inet-superserver'));
 		}
+		if (m,^$LEADIN(/(usr/)?s?bin/\w+),) {
+		    tag "command-with-path-in-maintainer-script", "$file:$. $1";
+		}
 
 		# Ancient dpkg feature tests.
 		if (m/^\s*dpkg\s+--assert-support-predepends\b/) {
diff --git a/checks/scripts.desc b/checks/scripts.desc
index 384bbee..b071a9f 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -401,6 +401,15 @@ Info: The maintainer script doesn't seem to contain any code other than
  If the package currently doesn't need to do anything in this maintainer
  script, it shouldn't be included in the package.
 
+Tag: command-with-path-in-maintainer-script
+Type: warning
+Info: The indicated program run in a maintainer script has a prepended
+ path.  Programs called from maintainer scripts normally should not have a
+ path prepended.  dpkg ensures that the PATH is set to a reasonable value,
+ and prepending a path may prevent the local administrator from using a
+ replacement version of a command for some local reason.
+Ref: policy 6.1
+
 Tag: ancient-dpkg-predepends-check
 Type: warning
 Info: The package calls dpkg --assert-support-predepends in a maintainer
diff --git a/debian/changelog b/debian/changelog
index 7522f7f..ad0a61d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -31,6 +31,9 @@ lintian (1.24.3) unstable; urgency=low
   * checks/po-debconf{,.desc}:
     + [ADB] Check that at least one complete translation exists.  Thanks Jordà
       Polo.
+  * checks/scripts{,.desc}:
+    + [RA] Warn about maintainer scripts that prepend a path to commands.
+      Based on a patch by Raphael Geissert.  (Closes: #376184)
   * checks/shared-libs.desc:
     + [ADB] Improve the description of no-symbols-control-file.
 
diff --git a/testset/maintainer-scripts/debian/preinst b/testset/maintainer-scripts/debian/preinst
index 01f0fee..bb97763 100644
--- a/testset/maintainer-scripts/debian/preinst
+++ b/testset/maintainer-scripts/debian/preinst
@@ -8,3 +8,5 @@ dpkg --assert-support-predepends || exit 1
 dpkg --assert-working-epoch || exit 1
 dpkg --assert-long-filenames || exit 1
 dpkg --assert-multi-conrep || exit 1
+
+/bin/egrep --mmap "^Package: foo$" /var/lib/dpkg/status
diff --git a/testset/tags.maintainer-scripts b/testset/tags.maintainer-scripts
index 80cc1b6..81659c3 100644
--- a/testset/tags.maintainer-scripts
+++ b/testset/tags.maintainer-scripts
@@ -19,6 +19,7 @@ E: maintainer-scripts: maintainer-script-modifies-netbase-managed-file postinst:
 E: maintainer-scripts: maintainer-script-removes-device-files postrm:39
 E: maintainer-scripts: maintainer-script-removes-device-files postrm:40
 E: maintainer-scripts: maintainer-script-uses-dpkg-status-directly postinst
+E: maintainer-scripts: maintainer-script-uses-dpkg-status-directly preinst
 E: maintainer-scripts: maintainer-shell-script-fails-syntax-check prerm
 E: maintainer-scripts: no-copyright-file
 E: maintainer-scripts: postrm-contains-additional-updaterc.d-calls /etc/init.d/bar
@@ -39,6 +40,7 @@ W: maintainer-scripts: ancient-dpkg-epoch-check preinst:8
 W: maintainer-scripts: ancient-dpkg-long-filenames-check preinst:9
 W: maintainer-scripts: ancient-dpkg-multi-conrep-check preinst:10
 W: maintainer-scripts: ancient-dpkg-predepends-check preinst:7
+W: maintainer-scripts: command-with-path-in-maintainer-script preinst:12 /bin/egrep
 W: maintainer-scripts: config-does-not-load-confmodule
 W: maintainer-scripts: deprecated-chown-usage postinst:167 'chown -R root.root'
 W: maintainer-scripts: deprecated-chown-usage postinst:35 'chown root.root'

-- 
Debian package checker

Reply to:

Prev by Date: [SCM] Debian package checker branch, master, updated. 1.24.2-14-g941101c
Next by Date: Processed: tagging 376184
Previous by thread: [SCM] Debian package checker branch, master, updated. 1.24.2-14-g941101c
Next by thread: Processed: tagging 376184
Index(es):
- Date
- Thread