Bug#636994: lintian: add check for deprecated perl libraries (was: #629472)
tags 636994 +patch
thanks
On Sun, Aug 07, 2011 at 05:11:51PM +0100, Dominic Hargreaves wrote:
> Thanks for the response; I think you've convinced me that this would
> be the best approach, at least to start with.
>
> You're correct that build-time deps will be caught by rebuilds, once
> the modules get removed. Ideally in this case we'd have all the
> packages fixed well in advance of that; we'd like to be able to drop
> them from wheezy+1 without worrying about partial upgrades breaking
> things. However, this isn't actually a concern for situations where
> the build fails.
>
> I take your point about starting off with the check marked as
> experimental, although I would like this check to have the maximum
> input before wheezy freezes, so your planned released schedule for
> lintian may affect whether I'd like to have that included or not.
>
> I'm filing this as a wishlist bug without patch initially; I had a look
> at the lintian git repository and couldn't initially see where the best
> place to put such a check would be. If you can give me any hints about
> where to start, I'll do so :)
>
> To make this bug report complete, here's a specification for the check:
>
> check in all perl source files in binary packages not depending on
> libperl4-corelibs-perl for strings satisfying the following regexp:
>
> /(?:do|require)\s+(?:'|")(?:abbrev|assert|bigfloat|bigint|bigrat|cacheout|complete|ctime|dotsh|exceptions|fastcwd|find|finddepth|flush|getcwd|getopt|getopts|hostname|importenv|look|newgetopt|open2|open3|pwd|shellwords|stat|syslog|tainted|termcap|timelocal|validate)\.pl(?:'|")/
>
> Tag: uses-perl4-libs
> Severity: important
> Certainty: possible
> Experimental: yes
> Info: This package includes perl programs using obsoleted perl 4-era
> libraries. These libraries have been deprecated in perl in 5.14, and
> are likely to be removed from the core in perl 5.16. Please either
> remove references to these libraries, or add a dependency on
> "libperl4-corelibs-perl | perl (<< 5.12.3-7)" to this package.
Okay, I had a stab at implementing this. It involved a lot of guesswork
and cargo-culting, but it appears to work. Patch attached. Please do
let me know if I can do anything to improve the patch.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
>From c3c6d998bd623d5b4968a17db44daab9e0e479a1 Mon Sep 17 00:00:00 2001
From: Dominic Hargreaves <dom@earth.li>
Date: Sun, 14 Aug 2011 16:22:14 +0100
Subject: [PATCH] Add new perl4 libs checks
These new checks add the following tags:
- perl-module-uses-perl4-libs-without-dep
- script-uses-perl4-libs-without-dep
Closes: #636994
---
checks/perl_modules | 82 +++++++++++++++++++++++++++++++++++++++++
checks/perl_modules.desc | 15 +++++++
checks/scripts | 11 +++++
checks/scripts.desc | 9 ++++
collection/perl_modules | 59 +++++++++++++++++++++++++++++
collection/perl_modules.desc | 7 +++
lib/Lintian/Collect/Binary.pm | 20 ++++++++++
profiles/debian/main.profile | 4 +-
8 files changed, 205 insertions(+), 2 deletions(-)
create mode 100644 checks/perl_modules
create mode 100644 checks/perl_modules.desc
create mode 100755 collection/perl_modules
create mode 100644 collection/perl_modules.desc
diff --git a/checks/perl_modules b/checks/perl_modules
new file mode 100644
index 0000000..38f5496
--- /dev/null
+++ b/checks/perl_modules
@@ -0,0 +1,82 @@
+# perl-modules -- lintian check script -*- perl -*-
+#
+# This is probably the right file to add a check for the use of
+# set -e in bash and sh scripts.
+#
+# Copyright (C) 1998 Richard Braakman
+# Copyright (C) 2002 Josip Rodin
+# Copyright (C) 2011 Dominic Hargreaves
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, you can find it on the World Wide
+# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package Lintian::perl_modules;
+use strict;
+use warnings;
+
+use lib "$ENV{'LINTIAN_ROOT'}/checks/";
+
+use Lintian::Relation;
+use Lintian::Tags qw(tag);
+
+sub run {
+
+my $pkg = shift;
+my $type = shift;
+my $info = shift;
+
+foreach (@{$info->sorted_index}) {
+ next if $_ eq '';
+ my $index_info = $info->index->{$_};
+ my $operm = $index_info->{operm};
+ next unless ($index_info->{type} =~ m,^[-h], and ($operm & 01 or
+ $operm & 010 or $operm & 0100));
+}
+
+my $all_deps = '';
+for my $field (qw/suggests recommends depends pre-depends provides/) {
+ if (defined $info->field($field)) {
+ $all_deps .= ', ' if $all_deps;
+ $all_deps .= $info->field($field);
+ }
+}
+$all_deps .= ', ' if $all_deps;
+$all_deps .= $pkg;
+my $all_parsed = Lintian::Relation->new($all_deps);
+
+for my $filename (@{$info->perl_modules}) {
+ my $path = $info->unpacked($filename);
+ # Check for obsolete perl libraries
+ if (!$all_parsed->implies('libperl4-corelibs-perl')) {
+ open(FH, '<', $path);
+ while (<FH>) {
+ if (/(?:do|require)\s+(?:'|")(?:abbrev|assert|bigfloat|bigint|bigrat|cacheout|complete|ctime|dotsh|exceptions|fastcwd|find|finddepth|flush|getcwd|getopt|getopts|hostname|importenv|look|newgetopt|open2|open3|pwd|shellwords|stat|syslog|tainted|termcap|timelocal|validate)\.pl(?:'|")/) {
+ tag('perl-module-uses-perl4-libs-without-dep', "$filename:$_");
+ }
+ }
+ close(FH);
+ }
+}
+
+}
+
+1;
+
+# Local Variables:
+# indent-tabs-mode: t
+# cperl-indent-level: 4
+# End:
+# vim: syntax=perl ts=8 sw=4
diff --git a/checks/perl_modules.desc b/checks/perl_modules.desc
new file mode 100644
index 0000000..539e8b2
--- /dev/null
+++ b/checks/perl_modules.desc
@@ -0,0 +1,15 @@
+Check-Script: perl_modules
+Author: Dominic Hargreaves <dom@earth.li>
+Abbrev: perlmod
+Type: binary
+Info: This script checks the perl modules in a package.
+Needs-Info: unpacked, file-info, perl_modules, bin-pkg-control, fields, index
+
+Tag: perl-module-uses-perl4-libs-without-dep
+Severity: normal
+Certainty: possible
+Info: This package includes perl modules using obsoleted perl 4-era
+ libraries. These libraries have been deprecated in perl in 5.14, and
+ are likely to be removed from the core in perl 5.16. Please either
+ remove references to these libraries, or add a dependency on
+ <tt>libperl4-corelibs-perl | perl (<< 5.12.3-7)</tt> to this package.
diff --git a/checks/scripts b/checks/scripts
index bcb0526..1c084d9 100644
--- a/checks/scripts
+++ b/checks/scripts
@@ -449,6 +449,17 @@ for my $filename (sort keys %{$info->scripts}) {
script_tag('unusual-interpreter', $filename, "#!$interpreter");
}
+ # Check for obsolete perl libraries
+ if ($base eq 'perl' && !$all_parsed->implies('libperl4-corelibs-perl')) {
+ open(FH, '<', $path);
+ while (<FH>) {
+ if (/(?:do|require)\s+(?:'|")(?:abbrev|assert|bigfloat|bigint|bigrat|cacheout|complete|ctime|dotsh|exceptions|fastcwd|find|finddepth|flush|getcwd|getopt|getopts|hostname|importenv|look|newgetopt|open2|open3|pwd|shellwords|stat|syslog|tainted|termcap|timelocal|validate)\.pl(?:'|")/) {
+ tag('script-uses-perl4-libs-without-dep', "$filename:$_");
+ }
+ }
+ close(FH);
+ }
+
# Do some additional checks on shell scripts in /etc. This should
# probably be extended eventually to any script in a public directory.
# This also needs smarter processing of multiline quoted strings,
diff --git a/checks/scripts.desc b/checks/scripts.desc
index 240868c..d0abeee 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -680,3 +680,12 @@ Info: The maintainer script removes a diversion that it didn't add. If
you're cleaning up unnecessary diversions from older versions of the
package, remove them in <tt>preinst</tt> or <tt>postinst</tt> instead of
waiting for <tt>postrm</tt> to do it.
+
+Tag: script-uses-perl4-libs-without-dep
+Severity: normal
+Certainty: possible
+Info: This package includes perl scripts using obsoleted perl 4-era
+ libraries. These libraries have been deprecated in perl in 5.14, and
+ are likely to be removed from the core in perl 5.16. Please either
+ remove references to these libraries, or add a dependency on
+ <tt>libperl4-corelibs-perl | perl (<< 5.12.3-7)</tt> to this package.
diff --git a/collection/perl_modules b/collection/perl_modules
new file mode 100755
index 0000000..1061c77
--- /dev/null
+++ b/collection/perl_modules
@@ -0,0 +1,59 @@
+#!/usr/bin/perl -w
+# perl-modules -- lintian collection script
+
+# Copyright (C) 1998 Richard Braakman
+# Copyrgith (C) 2011 Dominic Hargreaves
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, you can find it on the World Wide
+# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+use strict;
+use warnings;
+
+open(MODS, '>', 'perl-modules') or fail("cannot open perl-modules output file: $!");
+open(INDEX, '<', 'index') or fail("cannot open index file: $!");
+
+my $file;
+
+while (<INDEX>) {
+ next unless /^-/; # skip non-files
+ chop;
+
+ # Extract the filename field from the tar-like file index.
+ # Note that the split is done with an explicit limit so that filenames
+ # with embedded spaces are handled correctly.
+ $file = (split(' ', $_, 6))[5];
+ $file =~ s/ link to .*//; # cut off info about hard links
+ $file =~ /\.pm$/ or next;
+ print MODS "$file\n";
+}
+close(INDEX);
+close(MODS) or fail("cannot write perl-modules file: $!");
+
+exit 0;
+
+# -----------------------------------
+
+sub fail {
+ if ($_[0]) {
+ print STDERR "internal error: $_[0]\n";
+ } elsif ($!) {
+ print STDERR "internal error: $!\n";
+ } else {
+ print STDERR "internal error.\n";
+ }
+ exit 1;
+}
diff --git a/collection/perl_modules.desc b/collection/perl_modules.desc
new file mode 100644
index 0000000..a950280
--- /dev/null
+++ b/collection/perl_modules.desc
@@ -0,0 +1,7 @@
+Collector-Script: perl_modules
+Author: Dominic Hargreaves <dom@earth.li>
+Info: This script scans a binary package for perl modules and lists their
+ filenames
+Type: binary, udeb
+Version: 1
+Needs-Info: unpacked, bin-pkg-control, index
diff --git a/lib/Lintian/Collect/Binary.pm b/lib/Lintian/Collect/Binary.pm
index 68062c4..32e3eb4 100644
--- a/lib/Lintian/Collect/Binary.pm
+++ b/lib/Lintian/Collect/Binary.pm
@@ -149,6 +149,26 @@ sub scripts {
return $self->{scripts};
}
+sub perl_modules {
+ my ($self) = @_;
+ return $self->{perl_modules} if exists $self->{perl_modules};
+ my $base_dir = $self->base_dir();
+ my @mods;
+ open(MODS, '<', "$base_dir/perl-modules")
+ or fail("cannot open perl-modules $base_dir/file: $!");
+ while (<MODS>) {
+ chomp;
+ my $name = $_;
+ $name =~ s,^\./,,o;
+ $name =~ s,/+$,,o;
+ push @mods, $name;
+ }
+ close MODS;
+ $self->{perl_modules} = \@mods;
+
+ return $self->{perl_modules};
+}
+
# Returns the information from collect/objdump-info
sub objdump_info {
diff --git a/profiles/debian/main.profile b/profiles/debian/main.profile
index b856c33..e6eff3c 100644
--- a/profiles/debian/main.profile
+++ b/profiles/debian/main.profile
@@ -6,6 +6,6 @@ Enable-Tags-From-Check: binaries, changelog-file, changes-file, circular-deps, c
debhelper, debian-readme, debian-source-dir, description, duplicate-files,
etcfiles, fields, filename-length, files, huge-usr-share, infofiles, init.d,
java, lintian, manpages, md5sums, menu-format, menus, nmu, ocaml, patch-systems,
- po-debconf, rules, scripts, shared-libs, standards-version, symlinks,
- version-substvars, watch-file
+ perl_modules, po-debconf, rules, scripts, shared-libs, standards-version,
+ symlinks, version-substvars, watch-file
--
1.7.5.4
Reply to: