[SCM] Debian package checker branch, master, updated. 1.24.4-110-g461090e

To: debian-lint-maint@lists.debian.org
Subject: [SCM] Debian package checker branch, master, updated. 1.24.4-110-g461090e
From: "Frank Lichtenheld" <djpig@debian.org>
Date: Fri, 12 Sep 2008 00:09:04 +0000
Message-id: <[🔎] E1KdwDg-0001f0-0O@alioth.debian.org>

The following commit has been merged in the master branch:
commit 77d39221af84fe242622e6912288aaa6c41e01d0
Author: Raphael Geissert <atomo64@gmail.com>
Date:   Thu Sep 4 15:13:18 2008 -0500

    Implemented maintainer-script-ignores-errors
    
    Signed-off-by: Raphael Geissert <atomo64@gmail.com>
    Signed-off-by: Frank Lichtenheld <djpig@debian.org>

diff --git a/checks/scripts b/checks/scripts
index 8705034..7f050bf 100644
--- a/checks/scripts
+++ b/checks/scripts
@@ -466,11 +466,15 @@ while (<SCRIPTS>) {
 	or fail("cannot open maintainer script $filename for reading: $!");
 
     my %warned;
-    my ($saw_init, $saw_invoke, $saw_debconf, $has_code);
+    my ($saw_init, $saw_invoke, $saw_debconf, $saw_sete, $has_code);
     my $cat_string = "";
     my $LEADIN = qr'(?:(?:^|[`&;(|{])\s*|(?:if|then|do|while)\s+)';
 
     while (<C>) {
+	if ($. == 1 && $shellscript && m,/$base\s*.*\s-\w*e\w*\b,) {
+	    $saw_sete = 1;
+	}
+
 	next if m,^\s*$,;  # skip empty lines
 	next if m,^\s*\#,; # skip comment lines
 	s/\#.*$//;         # eat comments
@@ -490,6 +494,10 @@ while (<SCRIPTS>) {
 	    $has_code = 1;
 	}
 
+	if ($shellscript && m,${LEADIN}set\s*(\s+-(-.*|[^e]+))*\s-\w*e,) {
+	    $saw_sete = 1;
+	}
+
 	if (m,[^\w]((/var)?/tmp|\$TMPDIR)/[^)\]}\s], and not m/\bmks?temp\b/ and not m/\btempfile\b/ and not m/\bmkdir\b/ and not m/\$RANDOM/) {
 	    tag "possibly-insecure-handling-of-tmp-files-in-maintainer-script", "$file:$."
 		unless $warned{tmp};
@@ -797,6 +805,9 @@ while (<SCRIPTS>) {
     unless ($has_code) {
 	tag "maintainer-script-empty", $file;
     }
+    if ($shellscript && !$saw_sete) {
+	tag 'maintainer-script-ignores-errors', $file;
+    }
 
     close C;
 
diff --git a/checks/scripts.desc b/checks/scripts.desc
index 2c2b989..ee26918 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -498,6 +498,15 @@ Info: The maintainer script doesn't seem to contain any code other than
  If the package currently doesn't need to do anything in this maintainer
  script, it shouldn't be included in the package.
 
+Tag: maintainer-script-ignores-errors
+Type: warning
+Severity: normal
+Certainty: certain
+Ref: policy 3.9
+Info: The maintainer script doesn't seem to set the <tt>-e</tt> flag which
+ ensures that the script's execution is aborted when any executed command
+ fails.
+
 Tag: command-with-path-in-maintainer-script
 Type: warning
 Severity: normal
diff --git a/debian/changelog b/debian/changelog
index 6b94c66..cffc63b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -62,6 +62,8 @@ lintian (2.0.0~rc1) experimental; urgency=low
       pike7.7, php4, octave2.9, add: tcl8.6, tk8.6).  (Closes: #485954)
     + [FL] Add . and + to regex for command-with-path-in-maintainer-script.
       Based on a patch from Raphael Geissert.
+    + [FL] Check for missing set -e in maintainer scripts. Patch by
+      Raphael Geissert.
 
   * collection/objdump-info:
     + [ADB] Correctly handle shared objects with no symbol versioning when
diff --git a/testset/scripts/debian/postinst b/testset/scripts/debian/postinst
index 4172b09..7c5baf1 100644
--- a/testset/scripts/debian/postinst
+++ b/testset/scripts/debian/postinst
@@ -1,5 +1,5 @@
 #!/bin/sh
-set -e
+
 if [ -x "/etc/init.d/lsb-broken" ] ; then
     update-rc.d lsb-broken defaults >/dev/null
 fi
diff --git a/testset/scripts/debian/postrm b/testset/scripts/debian/postrm
index 31e699b..8fa75a2 100644
--- a/testset/scripts/debian/postrm
+++ b/testset/scripts/debian/postrm
@@ -1,5 +1,5 @@
-#!/bin/sh
-set -e
+#!/bin/sh -e
+
 if [ "$1" = purge ] ; then
     update-rc.d lsb-broken remove >/dev/null
     update-rc.d no-lsb remove >/dev/null
diff --git a/testset/tags.scripts b/testset/tags.scripts
index bfb4eca..37f87f7 100644
--- a/testset/tags.scripts
+++ b/testset/tags.scripts
@@ -65,6 +65,7 @@ W: scripts: init.d-script-missing-lsb-keyword /etc/init.d/lsb-broken required-st
 W: scripts: init.d-script-missing-lsb-section /etc/init.d/no-lsb
 W: scripts: init.d-script-not-marked-as-conffile /etc/init.d/skeleton
 W: scripts: maintainer-script-empty preinst
+W: scripts: maintainer-script-ignores-errors postinst
 W: scripts: non-standard-executable-perm usr/bin/perl-bizarre-3 0754 != 0755
 W: scripts: non-standard-setuid-executable-perm usr/bin/suidperlfoo 4555
 W: scripts: package-installs-python-pyc usr/lib/python2.3/site-packages/test.pyc

-- 
Debian package checker

Reply to:

Prev by Date: [SCM] Debian package checker branch, master, updated. 1.24.4-110-g461090e
Next by Date: [SCM] Debian package checker branch, master, updated. 1.24.4-110-g461090e
Previous by thread: [SCM] Debian package checker branch, master, updated. 1.24.4-110-g461090e
Next by thread: [SCM] Debian package checker branch, master, updated. 1.24.4-110-g461090e
Index(es):
- Date
- Thread