[SCM] Debian package checker branch, master, updated. 2.5.0-34-g3a6f65a

To: debian-lint-maint@lists.debian.org
Subject: [SCM] Debian package checker branch, master, updated. 2.5.0-34-g3a6f65a
From: "Niels Thykier" <niels@thykier.net>
Date: Sat, 04 Jun 2011 21:45:17 +0000
Message-id: <[🔎] E1QSyej-00082A-71@vasks.debian.org>

The following commit has been merged in the master branch:
commit 3a6f65a94ab1f687f0494180b1987c1a7b08b93a
Author: Niels Thykier <niels@thykier.net>
Date:   Sat Jun 4 23:42:25 2011 +0200

    Added bad-perm-for-file-in-etc-sudoers.d tag

diff --git a/checks/files b/checks/files
index e907333..4d0c501 100644
--- a/checks/files
+++ b/checks/files
@@ -1097,8 +1097,10 @@ foreach my $file (@{$info->sorted_index}) {
 		# everything is ok
 	    } elsif ($operm == 0600 and $file =~ m,^etc/backup.d/,) {
 		# backupninja expects configurations files to be 0600
-	    } elsif ($operm == 0440 and $file =~ m,^etc/sudoers.d/,) {
-		# sudo recommends sudoers files be mode 0440
+	    } elsif ($file =~ m,^etc/sudoers.d/,) {
+		# sudo requires sudoers files to be mode 0440
+		tag 'bad-perm-for-file-in-etc-sudoers.d', $file,
+		    sprintf('%04o != 0440', $operm) unless $operm == 0440;
 	    } elsif ($operm != 0644) {
 		tag 'non-standard-file-perm', $file,
 		    sprintf('%04o != 0644',$operm);
diff --git a/checks/files.desc b/checks/files.desc
index 5245613..b05015e 100644
--- a/checks/files.desc
+++ b/checks/files.desc
@@ -243,6 +243,14 @@ Info: The file has a mode different from 0644. In some cases this is
  intentional, but in other cases this is a bug.
 Ref: policy 10.9
 
+Tag: bad-perm-for-file-in-etc-sudoers.d
+Severity: serious
+Certainty: certain
+Info: Files in /etc/sudoers.d/ must be 0440 or sudo will refuse to
+ parse them.
+Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588831,
+     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576527
+
 Tag: special-file
 Severity: serious
 Certainty: certain
diff --git a/debian/changelog b/debian/changelog
index 619eb29..3949e14 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,8 +4,9 @@ lintian (2.5.1) UNRELEASED; urgency=low
     + Added:
       - dh_pycentral-is-obsolete
       - dh_python-is-obsolete
-      - non-empty-dependency_libs-in-la-file
       - illegal-multi-arch-value
+      - non-empty-dependency_libs-in-la-file
+      - bad-perm-for-file-in-etc-sudoers.d
     + Removed:
       - uses-dh-python-with-no-pycompat
 
@@ -20,6 +21,8 @@ lintian (2.5.1) UNRELEASED; urgency=low
     + [NT] Fixed two misnamed udeb tags, which lead to an internal
       error if triggered.  Thanks to Guillem Jover for the report.
       (Closes: #628754)
+    + [NT] Added bad-perm-for-file-in-etc-sudoers.d tag.
+      (Closes: #588831)
   * checks/java{,.desc}:
     + [NT] Sort the jar files by name, so they are checked in the same
       order.
diff --git a/t/tests/files-general/debian/debian/install b/t/tests/files-general/debian/debian/install
index 0e50eb3..98c7ba8 100644
--- a/t/tests/files-general/debian/debian/install
+++ b/t/tests/files-general/debian/debian/install
@@ -11,3 +11,4 @@ php-foo.ini etc/php5/conf.d
 types usr/share/mime
 mimeinfo.cache usr/share/applications
 file-in-new-top-level-dir new-top-level-dir/
+sudotest etc/sudoers.d/
diff --git a/t/tests/files-general/debian/debian/rules b/t/tests/files-general/debian/debian/rules
index 1ce5593..7c4d2dd 100755
--- a/t/tests/files-general/debian/debian/rules
+++ b/t/tests/files-general/debian/debian/rules
@@ -13,6 +13,7 @@ override_dh_install:
 override_dh_fixperms:
 	dh_fixperms
 	chmod 755 $(tmp)/usr/share/man/man5/foo.5.gz
+	chmod 644 $(tmp)/etc/sudoers.d/*
 
 override_dh_compress:
 	dh_compress
diff --git a/reporting/lintian-dummy.cfg b/t/tests/files-general/debian/sudotest
similarity index 100%
copy from reporting/lintian-dummy.cfg
copy to t/tests/files-general/debian/sudotest
diff --git a/t/tests/files-general/desc b/t/tests/files-general/desc
index 3a83141..33fbd64 100644
--- a/t/tests/files-general/desc
+++ b/t/tests/files-general/desc
@@ -3,6 +3,7 @@ Sequence: 6000
 Version: 1.0
 Description: Test tags for file paths, names, and modes
 Test-For:
+ bad-perm-for-file-in-etc-sudoers.d
  dir-or-file-in-var-lock
  dir-or-file-in-var-run
  duplicated-compressed-file
diff --git a/t/tests/files-general/tags b/t/tests/files-general/tags
index 7b7d278..f1c2bb8 100644
--- a/t/tests/files-general/tags
+++ b/t/tests/files-general/tags
@@ -1,3 +1,4 @@
+E: files-general: bad-perm-for-file-in-etc-sudoers.d etc/sudoers.d/sudotest 0644 != 0440
 E: files-general: dir-or-file-in-var-lock var/lock/lintian/
 E: files-general: dir-or-file-in-var-run var/run/lintian/
 E: files-general: executable-manpage usr/share/man/man5/foo.5.gz

-- 
Debian package checker

Reply to:

Prev by Date: Processed: limit source to lintian, tagging 616493
Next by Date: [SCM] Debian package checker branch, master, updated. 2.5.0-35-ged14452
Previous by thread: Processed: limit source to lintian, tagging 616493
Next by thread: [SCM] Debian package checker branch, master, updated. 2.5.0-35-ged14452
Index(es):
- Date
- Thread