On Sun, 18 Jan 2009 15:01:51 +0100 Cyril Brulebois wrote: > > I can't think of a single situation where that would be needed. > > Except for glibc, of course. Added that except and fixed a typo (package vs packages). New patch series attached. -- Bruce Schneier Fact Number 86: When God needs a new secure certificate, he uses Bruce Schneier as the signing authority.
>From 90ed079b26e8d78a6aa814d60d7545d89cb270c9 Mon Sep 17 00:00:00 2001 From: Evgeni Golov <sargentd@die-welt.net> Date: Sun, 18 Jan 2009 18:58:04 +0100 Subject: [PATCH] shout on people hardcoding libc6 in their debian/control file One should not hardcode a Depends on libc6 in debian/control, but use ${shlibs:Depends} for that. Warn about that. Closes: #512196 --- checks/control-file | 15 +++++++++++++++ checks/control-file.desc | 7 +++++++ 2 files changed, 22 insertions(+), 0 deletions(-) diff --git a/checks/control-file b/checks/control-file index 019bf79..c8ba92a 100644 --- a/checks/control-file +++ b/checks/control-file @@ -122,6 +122,21 @@ for my $control (@binary_controls) { } } +# Check that packages do not hardcode a depend on any variant of libc +@dep_fields = qw(pre-depends depends); +my @libcs = qw(libc6 libc6.1 libc0.1 libc0.3); +for my $control (@binary_controls) { + for my $field (0 .. ($#dep_fields)) { + next unless $control->{$dep_fields[$field]}; + my $parsed = Dep::parse ($control->{$dep_fields[$field]}); + for my $libc (@libcs) { + tag "packages-depends-on-hardcoded-libc", $control->{package}, $dep_fields[$field], $libc + if Dep::implies($parsed, Dep::parse($libc)); + } + + } +} + # Check that every package is in the same archive category, except that # sources in main can deliver both main and contrib packages. The source # package may or may not have a section specified; if it doesn't, derive the diff --git a/checks/control-file.desc b/checks/control-file.desc index c57db3c..2a162ca 100644 --- a/checks/control-file.desc +++ b/checks/control-file.desc @@ -132,3 +132,10 @@ Info: The given field in the <tt>debian/control</tt> file has a substvar syntactically valid, but as soon as the variable has a non-empty value, the control file will have a syntax error. You probably meant to put a comma after the substvar expansion. + +Tag: packages-depends-on-hardcoded-libc +Severity: normal +Certainty: certain +Info: The given package declares a dependency on libc directly instead + of using ${shlibs:Depends} in its <tt>debian/control</tt> stanza. + -- 1.5.6.5
>From c7e2fca693eafcc19da1138948d164aa281747df Mon Sep 17 00:00:00 2001 From: Evgeni Golov <sargentd@die-welt.net> Date: Sun, 18 Jan 2009 19:11:49 +0100 Subject: [PATCH] Don't shout on glibc hardcoding depends to libc6, they have to --- checks/control-file | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/checks/control-file b/checks/control-file index c8ba92a..7844b24 100644 --- a/checks/control-file +++ b/checks/control-file @@ -131,7 +131,7 @@ for my $control (@binary_controls) { my $parsed = Dep::parse ($control->{$dep_fields[$field]}); for my $libc (@libcs) { tag "packages-depends-on-hardcoded-libc", $control->{package}, $dep_fields[$field], $libc - if Dep::implies($parsed, Dep::parse($libc)); + if Dep::implies($parsed, Dep::parse($libc)) and $control->{package} ne "glibc"; } } -- 1.5.6.5
>From de84ba7bf99fa4fad75b1c5bc51b8df5fa87a981 Mon Sep 17 00:00:00 2001 From: Evgeni Golov <sargentd@die-welt.net> Date: Sun, 18 Jan 2009 19:13:09 +0100 Subject: [PATCH] The tag should be package-depends-on-hardcoded-libc not packages-depends-on-hardcoded-libc --- checks/control-file | 2 +- checks/control-file.desc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/checks/control-file b/checks/control-file index 7844b24..6f12699 100644 --- a/checks/control-file +++ b/checks/control-file @@ -130,7 +130,7 @@ for my $control (@binary_controls) { next unless $control->{$dep_fields[$field]}; my $parsed = Dep::parse ($control->{$dep_fields[$field]}); for my $libc (@libcs) { - tag "packages-depends-on-hardcoded-libc", $control->{package}, $dep_fields[$field], $libc + tag "package-depends-on-hardcoded-libc", $control->{package}, $dep_fields[$field], $libc if Dep::implies($parsed, Dep::parse($libc)) and $control->{package} ne "glibc"; } diff --git a/checks/control-file.desc b/checks/control-file.desc index 2a162ca..1239bb3 100644 --- a/checks/control-file.desc +++ b/checks/control-file.desc @@ -133,7 +133,7 @@ Info: The given field in the <tt>debian/control</tt> file has a substvar the control file will have a syntax error. You probably meant to put a comma after the substvar expansion. -Tag: packages-depends-on-hardcoded-libc +Tag: package-depends-on-hardcoded-libc Severity: normal Certainty: certain Info: The given package declares a dependency on libc directly instead -- 1.5.6.5
Attachment:
pgpltLiBE_v8Y.pgp
Description: PGP signature