[SCM] Debian package checker branch, master, updated. 2.2.11-17-g8ee61d5

To: debian-lint-maint@lists.debian.org
Subject: [SCM] Debian package checker branch, master, updated. 2.2.11-17-g8ee61d5
From: "Russ Allbery" <rra@debian.org>
Date: Thu, 18 Jun 2009 06:58:09 +0000
Message-id: <[🔎] E1MHBZZ-0004ht-NG@alioth.debian.org>
The following commit has been merged in the master branch:
commit 8ee61d518b02f7799bbd6116dccf56be055c2226
Author: Russ Allbery <rra@debian.org>
Date:   Wed Jun 17 23:56:47 2009 -0700

    Check for fc-cache in maintainer scripts
    
    * checks/scripts{,.desc}:
      + [RA] Catch obsolete dpkg checks in more contexts.
      + [RA] Check for invocations of fc-cache in maintainer scripts.
        Thanks, Josselin Mouette.  (Closes: #532984)
    
    Create a new scripts-maintainer-general test based on portions of the
    old maintainer-scripts check so that we have a place to test random
    maintainer script checks like this one.

diff --git a/checks/scripts b/checks/scripts
index db0698e..e3fe3bf 100644
--- a/checks/scripts
+++ b/checks/scripts
@@ -826,18 +826,23 @@ while (<SCRIPTS>) {
 		}
 
 		# Ancient dpkg feature tests.
-		if (m/^\s*dpkg\s+--assert-support-predepends\b/) {
+		if (m/^${LEADIN}dpkg\s+--assert-support-predepends\b/) {
 		    tag "ancient-dpkg-predepends-check", "$file:$.";
 		}
-		if (m/^\s*dpkg\s+--assert-working-epoch\b/) {
+		if (m/^${LEADIN}dpkg\s+--assert-working-epoch\b/) {
 		    tag "ancient-dpkg-epoch-check", "$file:$.";
 		}
-		if (m/^dpkg\s+--assert-long-filenames\b/) {
+		if (m/^${LEADIN}dpkg\s+--assert-long-filenames\b/) {
 		    tag "ancient-dpkg-long-filenames-check", "$file:$.";
 		}
-		if (m/^dpkg\s+--assert-multi-conrep\b/) {
+		if (m/^${LEADIN}dpkg\s+--assert-multi-conrep\b/) {
 		    tag "ancient-dpkg-multi-conrep-check", "$file:$.";
 		}
+
+		# Commands that should not be used in maintainer scripts.
+		if (m,^${LEADIN}(?:/usr/bin/)?fc-cache(\s|\Z),) {
+		    tag 'fc-cache-used-in-maintainer-script', "$file:$.";
+		}
 	    }
 	}
 	if (m,\bsuidregister\b,) {
diff --git a/checks/scripts.desc b/checks/scripts.desc
index 40be48b..c4d94b3 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -444,6 +444,13 @@ Certainty: possible
 Info: This script apparently runs gconftool or gconftool-2.  It should
  probably be calling gconf-schemas or update-gconf-defaults instead.
 
+Tag: fc-cache-used-in-maintainer-script
+Severity: normal
+Certainty: possible
+Info: This script apparently runs fc-cache.  Updating of the fontconfig
+ cache files is now handled automatically by triggers, so running fc-cache
+ from maintainer scripts is no longer necessary.
+
 Tag: maintainer-script-uses-dpkg-status-directly
 Severity: important
 Certainty: certain
diff --git a/debian/changelog b/debian/changelog
index 7d8391c..b0ab34a 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -49,9 +49,12 @@ lintian (2.2.12) UNRELEASED; urgency=low
     + [RA] Read menu-methods files from the collected location instead of
       the unpacked binary package and change the unpack level of menus to
       1.  Patch from Raphael Geissert.
-  * checks/scripts.desc:
+  * checks/scripts{,.desc}:
     + [RA] Per Policy 3.8.2, read-in-maintainer-script is now of serious
       severity.
+    + [RA] Catch obsolete dpkg checks in more contexts.
+    + [RA] Check for invocations of fc-cache in maintainer scripts.
+      Thanks, Josselin Mouette.  (Closes: #532984)
 
   * collection/menu-files{,.desc}:
     + [RA] Collect menu-methods as well as menu files.  Refactor to remove
diff --git a/t/COVERAGE b/t/COVERAGE
index 99749e0..0e54dba 100644
--- a/t/COVERAGE
+++ b/t/COVERAGE
@@ -552,32 +552,17 @@ scripts ancient-dpkg-long-filenames-check
 scripts ancient-dpkg-multi-conrep-check
 scripts ancient-dpkg-predepends-check
 scripts calls-suidperl-directly
-scripts command-with-path-in-maintainer-script
-scripts deprecated-chown-usage
 scripts executable-not-elf-or-script
-scripts gconftool-used-in-maintainer-script
-scripts install-sgmlcatalog-deprecated
-scripts maintainer-script-hides-init-failure
 scripts maintainer-script-ignores-errors
-scripts maintainer-script-modifies-inetd-conf
-scripts maintainer-script-modifies-netbase-managed-file
-scripts maintainer-script-needs-depends-on-gconf2
-scripts maintainer-script-needs-depends-on-ucf
-scripts maintainer-script-needs-depends-on-xml-core
 scripts maintainer-script-removes-device-files
-scripts maintainer-script-uses-dpkg-status-directly
 scripts maintainer-shell-script-fails-syntax-check
 scripts php-script-but-no-phpX-cli-dep
 scripts possible-bashism-in-maintainer-script
-scripts possibly-insecure-handling-of-tmp-files-in-maintainer-script
 scripts python-script-but-no-python-dep
-scripts read-in-maintainer-script
 scripts script-not-executable
 scripts script-uses-bin-env
 scripts shell-script-fails-syntax-check
-scripts start-stop-daemon-in-maintainer-script
 scripts suid-perl-script-but-no-perl-suid-dep
-scripts suidregister-used-in-maintainer-script
 scripts update-alternatives-remove-called-in-postrm
 
 shared-libs duplicate-entry-in-shlibs-control-file
diff --git a/t/tests/scripts-maintainer-general/debian/debian/postinst b/t/tests/scripts-maintainer-general/debian/debian/postinst
new file mode 100755
index 0000000..998753e
--- /dev/null
+++ b/t/tests/scripts-maintainer-general/debian/debian/postinst
@@ -0,0 +1,103 @@
+#!/bin/sh
+
+# This file contains a pile of random junk in maintainer scripts that we
+# should be checking for in checks/scripts.  Don't put bashisms in this file,
+# though; those should go into their own check.
+
+set -e
+
+print "Hit enter to continue"
+read foo
+
+echo Please use update-rc.d or invoke-rc.d to set up blah blah.
+
+chown root.root /usr/share/doc/maintainer-scripts/changelog
+chown root:root /usr/share/doc/maintainer-scripts/changelog
+
+# valid
+FOO=/tmp
+FOO=/var/tmp
+: ${FOO:=/tmp}
+FOO=`mktemp /tmp/scripts.XXXXXX`
+rm "$FOO"
+FOO=`tempfile -n/tmp/scripts.tmp`
+mkdir /var/tmp/scripts
+# invalid
+echo foo >>/tmp/scripts.tmp
+rm /tmp/scripts.tmp
+rmdir /var/tmp/scripts
+
+# invalid, maintainer-script-hides-init-failure
+invoke-rc.d foo start || exit 0
+
+# The right way to invoke an rc script
+if which invoke-rc.d >/dev/null 2>&1; then
+    invoke-rc.d package start
+else
+    /etc/init.d/package start
+fi
+
+# Example ucf invocation.
+ucf /usr/share/foo/configuration /etc/foo.conf
+
+# Calling gconftool directly.
+gconftool-2 --makefile-install-rule foo.schema
+
+# Calling gconf-schemas with no dependency.
+gconf-schemas --register foo.schema
+
+# Calling update-xmlcatalog with no dependency.
+update-xmlcatalog --add --type system --id "/usr/share/sgml/dtd/foo" \
+    --package maintainer-scripts --root
+
+# Maintainer scripts shouldn't touch /var/lib/dpkg/status.  This is the old
+# recipe from the dpkg wiki that should be replaced with dpkg-query.
+sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' /etc/conffile'{s/.* //;p}}\" \
+    /var/lib/dpkg/status
+
+# Don't modify these files.
+echo 'broken    6714/tcp' >> /etc/services
+cp /nonexistent /etc/protocols
+mv /usr/share/doc/rpc /etc/rpc
+
+# But this is okay.
+cp /etc/protocols /etc/protocols.new
+
+# This is also wrong.
+echo 'broken' > /etc/inetd.conf
+cp /etc/inetd.conf.new /etc/inetd.conf
+
+# But this is fine.
+cp /etc/inetd.conf /srv/chroot/etc/inetd.conf
+
+# Deprecated and not allowed except the second one.
+install-sgmlcatalog --install package
+install-sgmlcatalog --remove package
+
+# Calling start-stop-daemon directly in an init script.
+start-stop-daemon --start --quiet --name foo --startas /usr/bin/foo
+
+# But stopping it is fine -- we may be working around something else.
+start-stop-daemon --stop --quiet --name foo --startas /usr/bin/foo
+
+# Deprecated chown use with flags.
+chown -R root.root /usr/share/doc/maintainer-scripts
+
+# The first should not trigger an error about a command with a path, but the
+# second should.
+case $mainscript in
+        /usr/bin/foo) foobarbaz;;
+esac
+/usr/bin/baz; echo bar
+
+# fc-cache shouldn't be called directly, but make sure we don't see it in a
+# heredoc.
+fc-cache
+cat <<EOF
+fc-cache
+EOF
+
+# Obsolete suidregister program.
+suidregister /usr/bin/foo
+
+#DEBHELPER#
diff --git a/t/tests/scripts-maintainer-general/desc b/t/tests/scripts-maintainer-general/desc
new file mode 100644
index 0000000..b422b88
--- /dev/null
+++ b/t/tests/scripts-maintainer-general/desc
@@ -0,0 +1,24 @@
+Testname: scripts-maintainer-general
+Sequence: 6000
+Type: native
+Version: 1.0
+Architecture: any
+Description: Check general problems in maintainer scripts
+Test-For:
+ command-with-path-in-maintainer-script
+ deprecated-chown-usage
+ fc-cache-used-in-maintainer-script
+ gconftool-used-in-maintainer-script
+ install-sgmlcatalog-deprecated
+ maintainer-script-hides-init-failure
+ maintainer-script-modifies-inetd-conf
+ maintainer-script-modifies-netbase-managed-file
+ maintainer-script-needs-depends-on-gconf2
+ maintainer-script-needs-depends-on-ucf
+ maintainer-script-needs-depends-on-xml-core
+ maintainer-script-uses-dpkg-status-directly
+ possibly-insecure-handling-of-tmp-files-in-maintainer-script
+ read-in-maintainer-script
+ start-stop-daemon-in-maintainer-script
+ suidregister-used-in-maintainer-script
+References: Debian Bug#532984
diff --git a/t/tests/scripts-maintainer-general/tags b/t/tests/scripts-maintainer-general/tags
new file mode 100644
index 0000000..d61310f
--- /dev/null
+++ b/t/tests/scripts-maintainer-general/tags
@@ -0,0 +1,20 @@
+E: scripts-maintainer-general: install-sgmlcatalog-deprecated postinst:74
+E: scripts-maintainer-general: maintainer-script-modifies-inetd-conf postinst:67
+E: scripts-maintainer-general: maintainer-script-modifies-inetd-conf postinst:68
+E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file postinst:59 /etc/services
+E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file postinst:60 /etc/protocols
+E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file postinst:61 /etc/rpc
+E: scripts-maintainer-general: maintainer-script-uses-dpkg-status-directly postinst
+E: scripts-maintainer-general: read-in-maintainer-script postinst:10
+E: scripts-maintainer-general: suidregister-used-in-maintainer-script postinst
+W: scripts-maintainer-general: command-with-path-in-maintainer-script postinst:91 /usr/bin/baz
+W: scripts-maintainer-general: deprecated-chown-usage postinst:14 'chown root.root'
+W: scripts-maintainer-general: deprecated-chown-usage postinst:84 'chown -R root.root'
+W: scripts-maintainer-general: fc-cache-used-in-maintainer-script postinst:95
+W: scripts-maintainer-general: gconftool-used-in-maintainer-script postinst:44
+W: scripts-maintainer-general: maintainer-script-hides-init-failure postinst:31
+W: scripts-maintainer-general: maintainer-script-needs-depends-on-gconf2 postinst
+W: scripts-maintainer-general: maintainer-script-needs-depends-on-ucf postinst
+W: scripts-maintainer-general: maintainer-script-needs-depends-on-xml-core postinst
+W: scripts-maintainer-general: possibly-insecure-handling-of-tmp-files-in-maintainer-script postinst:26
+W: scripts-maintainer-general: start-stop-daemon-in-maintainer-script postinst:78

-- 
Debian package checker
Reply to:
Follow-Ups:
- Re: [SCM] Debian package checker branch, master, updated. 2.2.11-17-g8ee61d5
  - From: Raphael Geissert <atomo64+debian@gmail.com>
Prev by Date: Processed: setting package to lintian, tagging 531164
Next by Date: Processed: setting package to lintian, tagging 532984
Previous by thread: Processed: setting package to lintian, tagging 531164
Next by thread: Re: [SCM] Debian package checker branch, master, updated. 2.2.11-17-g8ee61d5
Index(es):
- Date
- Thread