[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SCM] Debian package checker branch, master, updated. 2.2.13-50-gbd5784d

The following commit has been merged in the master branch:
commit 1aad29879d2b6c3782a7270a8edb7a4a436ed94f
Author: Russ Allbery <rra@debian.org>
Date:   Sat Aug 15 18:50:03 2009 -0700

    Warn about maintainer scripts modifying /etc/ld.so.conf
    
    * checks/scripts:
      + [RA] Warn about maintainter scripts that modify /etc/ld.so.conf.
        Policy 3.8.3 no longer permits this.

diff --git a/checks/scripts b/checks/scripts
index 2c513ad..77c18d3 100644
--- a/checks/scripts
+++ b/checks/scripts
@@ -822,6 +822,14 @@ while (<SCRIPTS>) {
 		    tag "maintainer-script-modifies-inetd-conf", "$file:$."
 			unless $info->relation('provides')->implies('inet-superserver');
 		}
+		if (m,>\s*/etc/ld\.so\.conf(\s|\Z),) {
+		    tag "maintainer-script-modifies-ld-so-conf", "$file:$."
+			unless $pkg =~ /^libc/;
+		}
+		if (m,^\s*(?:cp|mv)\s+(?:.*\s)?/etc/ld\.so\.conf\s*$,) {
+		    tag "maintainer-script-modifies-ld-so-conf", "$file:$."
+			unless $pkg =~ /^libc/;
+		}
 		if (m,$LEADIN(/(usr/)?s?bin/[\w.+-]+)(\s|;|$),) {
 		    tag "command-with-path-in-maintainer-script", "$file:$. $1";
 		}
diff --git a/checks/scripts.desc b/checks/scripts.desc
index 3f07dde..21a4e5c 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -498,6 +498,23 @@ Info: The maintainer script modifies <tt>/etc/inetd.conf</tt> directly.
  <tt>update-inetd</tt> script or the <tt>DebianNet.pm</tt> Perl module.
 Ref: policy 11.2
 
+Tag: maintainer-script-modifies-ld-so-conf
+Severity: important
+Certainty: possible
+Info: This package appears to modify <tt>/etc/ld.so.conf</tt> and does not
+ appear to be part of libc.  Packages installing shared libraries in
+ non-standard locations were previously permitted to modify
+ /etc/ld.so.conf to add the non-standard path, but this permission was
+ removed in Policy 3.8.3.
+ .
+ Packages containing shared libraries should either install them into
+ <tt>/usr/lib</tt> or should require binaries built against them to set
+ RPATH to find the library at run-time.  Installing libraries in a
+ different directory and modifying the run-time linker path is equivalent
+ to installing them into <tt>/usr/lib</tt> except now conflicting library
+ packages may cause random segfaults and difficult-to-debug problems
+ instead of conflicts in the package manager.
+
 Tag: install-sgmlcatalog-deprecated
 Severity: important
 Certainty: certain
diff --git a/debian/changelog b/debian/changelog
index d64c6a6..ee5f4e1 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ lintian (2.2.14) UNRELEASED; urgency=low
   * Summary of tag changes:
     + Added:
       - debhelper-overrides-need-versioned-build-depends
+      - maintainer-script-modifies-ld-so-conf
       - multiple-distributions-in-changes-file
       - patch-system-but-no-source-readme
       - package-modifies-ld.so-search-path
@@ -62,6 +63,8 @@ lintian (2.2.14) UNRELEASED; urgency=low
     + [RA] Fix parsing of dpkg-divert commands diverting a file ending in
       a number, followed by a redirection.  Thanks, Andreas Beckmann.
       (Closes: #534942)
+    + [RA] Warn about maintainter scripts that modify /etc/ld.so.conf.
+      Policy 3.8.3 no longer permits this.
   * checks/watch-file:
     + [RA] Fix false positives in debian-watch-file-should-mangle-version
       when an upstream version is specified in the watch file and give the
diff --git a/t/tests/scripts-maintainer-general/debian/debian/postinst b/t/tests/scripts-maintainer-general/debian/debian/postinst
index 8051768..c553f07 100755
--- a/t/tests/scripts-maintainer-general/debian/debian/postinst
+++ b/t/tests/scripts-maintainer-general/debian/debian/postinst
@@ -104,4 +104,9 @@ suidregister /usr/bin/foo
 install-info --quiet --section Development Development \
     /usr/share/info/foobar.info
 
+# Packages don't get to modify /etc/ld.so.conf
+echo '/usr/local/lib' >> /etc/ld.so.conf
+( cat /etc/ld.so.conf ; echo '/usr/local/lib' ) > /etc/ld.so.conf.new
+mv /etc/ld.so.conf.new /etc/ld.so.conf
+
 #DEBHELPER#
diff --git a/t/tests/scripts-maintainer-general/desc b/t/tests/scripts-maintainer-general/desc
index a106a2c..3fc420f 100644
--- a/t/tests/scripts-maintainer-general/desc
+++ b/t/tests/scripts-maintainer-general/desc
@@ -13,6 +13,7 @@ Test-For:
  install-sgmlcatalog-deprecated
  maintainer-script-hides-init-failure
  maintainer-script-modifies-inetd-conf
+ maintainer-script-modifies-ld-so-conf
  maintainer-script-modifies-netbase-managed-file
  maintainer-script-needs-depends-on-gconf2
  maintainer-script-needs-depends-on-ucf
diff --git a/t/tests/scripts-maintainer-general/tags b/t/tests/scripts-maintainer-general/tags
index 8b36e22..cddaeb8 100644
--- a/t/tests/scripts-maintainer-general/tags
+++ b/t/tests/scripts-maintainer-general/tags
@@ -1,6 +1,8 @@
 E: scripts-maintainer-general: install-sgmlcatalog-deprecated postinst:74
 E: scripts-maintainer-general: maintainer-script-modifies-inetd-conf postinst:67
 E: scripts-maintainer-general: maintainer-script-modifies-inetd-conf postinst:68
+E: scripts-maintainer-general: maintainer-script-modifies-ld-so-conf postinst:108
+E: scripts-maintainer-general: maintainer-script-modifies-ld-so-conf postinst:110
 E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file postinst:59 /etc/services
 E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file postinst:60 /etc/protocols
 E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file postinst:61 /etc/rpc

-- 
Debian package checker
Reply to: