[SCM] Debian package checker branch, master, updated. 2.2.13-50-gbd5784d
The following commit has been merged in the master branch:
commit 1aad29879d2b6c3782a7270a8edb7a4a436ed94f
Author: Russ Allbery <rra@debian.org>
Date: Sat Aug 15 18:50:03 2009 -0700
Warn about maintainer scripts modifying /etc/ld.so.conf
* checks/scripts:
+ [RA] Warn about maintainter scripts that modify /etc/ld.so.conf.
Policy 3.8.3 no longer permits this.
diff --git a/checks/scripts b/checks/scripts
index 2c513ad..77c18d3 100644
--- a/checks/scripts
+++ b/checks/scripts
@@ -822,6 +822,14 @@ while (<SCRIPTS>) {
tag "maintainer-script-modifies-inetd-conf", "$file:$."
unless $info->relation('provides')->implies('inet-superserver');
}
+ if (m,>\s*/etc/ld\.so\.conf(\s|\Z),) {
+ tag "maintainer-script-modifies-ld-so-conf", "$file:$."
+ unless $pkg =~ /^libc/;
+ }
+ if (m,^\s*(?:cp|mv)\s+(?:.*\s)?/etc/ld\.so\.conf\s*$,) {
+ tag "maintainer-script-modifies-ld-so-conf", "$file:$."
+ unless $pkg =~ /^libc/;
+ }
if (m,$LEADIN(/(usr/)?s?bin/[\w.+-]+)(\s|;|$),) {
tag "command-with-path-in-maintainer-script", "$file:$. $1";
}
diff --git a/checks/scripts.desc b/checks/scripts.desc
index 3f07dde..21a4e5c 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -498,6 +498,23 @@ Info: The maintainer script modifies <tt>/etc/inetd.conf</tt> directly.
<tt>update-inetd</tt> script or the <tt>DebianNet.pm</tt> Perl module.
Ref: policy 11.2
+Tag: maintainer-script-modifies-ld-so-conf
+Severity: important
+Certainty: possible
+Info: This package appears to modify <tt>/etc/ld.so.conf</tt> and does not
+ appear to be part of libc. Packages installing shared libraries in
+ non-standard locations were previously permitted to modify
+ /etc/ld.so.conf to add the non-standard path, but this permission was
+ removed in Policy 3.8.3.
+ .
+ Packages containing shared libraries should either install them into
+ <tt>/usr/lib</tt> or should require binaries built against them to set
+ RPATH to find the library at run-time. Installing libraries in a
+ different directory and modifying the run-time linker path is equivalent
+ to installing them into <tt>/usr/lib</tt> except now conflicting library
+ packages may cause random segfaults and difficult-to-debug problems
+ instead of conflicts in the package manager.
+
Tag: install-sgmlcatalog-deprecated
Severity: important
Certainty: certain
diff --git a/debian/changelog b/debian/changelog
index d64c6a6..ee5f4e1 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ lintian (2.2.14) UNRELEASED; urgency=low
* Summary of tag changes:
+ Added:
- debhelper-overrides-need-versioned-build-depends
+ - maintainer-script-modifies-ld-so-conf
- multiple-distributions-in-changes-file
- patch-system-but-no-source-readme
- package-modifies-ld.so-search-path
@@ -62,6 +63,8 @@ lintian (2.2.14) UNRELEASED; urgency=low
+ [RA] Fix parsing of dpkg-divert commands diverting a file ending in
a number, followed by a redirection. Thanks, Andreas Beckmann.
(Closes: #534942)
+ + [RA] Warn about maintainter scripts that modify /etc/ld.so.conf.
+ Policy 3.8.3 no longer permits this.
* checks/watch-file:
+ [RA] Fix false positives in debian-watch-file-should-mangle-version
when an upstream version is specified in the watch file and give the
diff --git a/t/tests/scripts-maintainer-general/debian/debian/postinst b/t/tests/scripts-maintainer-general/debian/debian/postinst
index 8051768..c553f07 100755
--- a/t/tests/scripts-maintainer-general/debian/debian/postinst
+++ b/t/tests/scripts-maintainer-general/debian/debian/postinst
@@ -104,4 +104,9 @@ suidregister /usr/bin/foo
install-info --quiet --section Development Development \
/usr/share/info/foobar.info
+# Packages don't get to modify /etc/ld.so.conf
+echo '/usr/local/lib' >> /etc/ld.so.conf
+( cat /etc/ld.so.conf ; echo '/usr/local/lib' ) > /etc/ld.so.conf.new
+mv /etc/ld.so.conf.new /etc/ld.so.conf
+
#DEBHELPER#
diff --git a/t/tests/scripts-maintainer-general/desc b/t/tests/scripts-maintainer-general/desc
index a106a2c..3fc420f 100644
--- a/t/tests/scripts-maintainer-general/desc
+++ b/t/tests/scripts-maintainer-general/desc
@@ -13,6 +13,7 @@ Test-For:
install-sgmlcatalog-deprecated
maintainer-script-hides-init-failure
maintainer-script-modifies-inetd-conf
+ maintainer-script-modifies-ld-so-conf
maintainer-script-modifies-netbase-managed-file
maintainer-script-needs-depends-on-gconf2
maintainer-script-needs-depends-on-ucf
diff --git a/t/tests/scripts-maintainer-general/tags b/t/tests/scripts-maintainer-general/tags
index 8b36e22..cddaeb8 100644
--- a/t/tests/scripts-maintainer-general/tags
+++ b/t/tests/scripts-maintainer-general/tags
@@ -1,6 +1,8 @@
E: scripts-maintainer-general: install-sgmlcatalog-deprecated postinst:74
E: scripts-maintainer-general: maintainer-script-modifies-inetd-conf postinst:67
E: scripts-maintainer-general: maintainer-script-modifies-inetd-conf postinst:68
+E: scripts-maintainer-general: maintainer-script-modifies-ld-so-conf postinst:108
+E: scripts-maintainer-general: maintainer-script-modifies-ld-so-conf postinst:110
E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file postinst:59 /etc/services
E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file postinst:60 /etc/protocols
E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file postinst:61 /etc/rpc
--
Debian package checker
Reply to: