[SCM] Debian package checker branch, master, updated. 2.5.4-60-g3425bd8
The following commit has been merged in the master branch:
commit c5dac37927868895c7ad1f18553ba13037e9f979
Author: Niels Thykier <niels@thykier.net>
Date: Wed Dec 21 23:45:58 2011 +0100
Handle executable files in debian/
Check for executable files that are never meant to be executable
(e.g. "control"). Also catch executable debhelper files without using
compat 9 (as debhelper only executes them in compat 9).
Finally check that a debhelper file marked executable have a #!-line.
ELF executables are not accepted (see _can_be_run for rationale).
Signed-off-by: Niels Thykier <niels@thykier.net>
diff --git a/checks/debhelper b/checks/debhelper
index d5250ff..59a00df 100644
--- a/checks/debhelper
+++ b/checks/debhelper
@@ -295,6 +295,7 @@ my @indebfiles = ();
opendir(DEBIAN, $droot)
or fail("Can't open debfiles directory.");
foreach my $file (sort readdir(DEBIAN)) {
+ next if $file eq 'rules';
if ($file =~ m/^(?:(.*)\.)?(?:post|pre)(?:inst|rm)$/) {
next unless $needtomodifyscripts;
@@ -318,8 +319,9 @@ foreach my $file (sort readdir(DEBIAN)) {
tag 'maintainer-script-lacks-debhelper-token', "debian/$file";
}
}
- } elsif ($file eq 'control') {
- next; # ignore
+ } elsif ($file eq 'control' or $file =~ m/^(?:.*\.)?(?:copyright|changelog|NEWS)$/o) {
+ # Handle "control", [<pkg>.]copyright, [<pkg>.]changelog and [<pkg>.]NEWS
+ _tag_if_executable ($file, "$droot/$file");
} elsif ($file =~ m/^ex\.|\.ex$/i) {
tag 'dh-make-template-in-source', "debian/$file";
} elsif ($file =~ m/^(?:.+\.)?debhelper(?:\.log)?$/){
@@ -335,13 +337,27 @@ foreach my $file (sort readdir(DEBIAN)) {
$base =~ s/^.+\.//;
# Check whether this is a debhelper config file that takes a list of
- # filenames. If so, check it for brace expansions, which aren't
- # supported.
+ # filenames.
if ($filename_configs->known($base)) {
+ if ($level < 9) {
+ # debhelper only use executable files in compat 9
+ _tag_if_executable ($file, "$droot/$file");
+ } else {
+ if (-x "$droot/$file") {
+ unless (_can_be_run ("debian/$file", "$droot/$file")) {
+ tag 'executable-debhelper-file-without-being-executable', "debian/$file";
+ }
+
+ # Do not make assumptions about the contents of an
+ # executable debhelper file.
+ next;
+ }
+ }
+
+ # Skip brace expansion check for compat < 3 as those files
+ # do not allow any form for wildcards.
next if $level < 3;
- # Do not make assumptions about the contents of an
- # executable debhelper file.
- next if -x "$droot/$file" && $level >= 9;
+
open (IN, '<', "$droot/$file")
or fail("Can't open debfiles/$file: $!");
local $_;
@@ -461,6 +477,41 @@ if ($seen_dh and $seen_python3_helper != 1) {
}
+sub _tag_if_executable {
+ my ($file, $path) = @_;
+ tag 'package-file-is-executable', "debian/$file" if -f $path && -x _;
+}
+
+sub _can_be_run {
+ my ($pkgpath, $fspath) = @_;
+ my $magic;
+ my $cbr = 0;
+ open my $fd, '<', $fspath or fail "opening $pkgpath: $!";
+ if (read $fd, $magic, 2) {
+ if ($magic eq '#!') {
+ my $sp = <$fd>;
+ chomp $sp;
+
+ # It is beyond me why anyone would place a lincity data
+ # file here... but if they do, we will handle it
+ # correctly.
+ $cbr = 1 unless $sp =~ m/^#!/o;
+ }
+ }
+ close $fd;
+
+ # We are not checking if it is an ELF executable. While debhelper
+ # allows this (i.e. it also checks for <pkg>.<file>.<arch>), it is
+ # no cross-compilation safe. This is because debhelper uses
+ # "HOST" (and not "BUILD") arch, despite its documentation and
+ # code (incorrectly) suggests it is using "build".
+ #
+ # Oh yeah, it is also a terrible waste to keep pre-compiled
+ # binaries for all architectures in the source as well. :)
+
+ return $cbr;
+}
+
1;
# Local Variables:
diff --git a/checks/debhelper.desc b/checks/debhelper.desc
index 061e93d..9c0aa71 100644
--- a/checks/debhelper.desc
+++ b/checks/debhelper.desc
@@ -307,3 +307,23 @@ Experimental: yes
Info: The source package declares a dependency on ${python3:Depends} in the
given binary package's debian/control entry. However, debian/rules doesn't
call any helper that would generate this substitution variable.
+
+Tag: package-file-is-executable
+Severity: normal
+Certainty: certain
+Info: The packaging file is marked exectuable. For control, changelog and
+ copyright there is no reason for them to be executable.
+ .
+ This tag is also emitted if a debhelper file is marked executable without
+ using compat level 9, since debhelper does not execute them at lower
+ compat levels.
+
+Tag: executable-debhelper-file-without-being-executable
+Severity: important
+Certainty: possible
+Info: The packaging file is marked exectuable, but it does not appear to be
+ executable (e.g. it has no #! line).
+ .
+ If debhelper file is not supposed to be executable, please remove the
+ executable bit from it.
+
diff --git a/debian/changelog b/debian/changelog
index 9eb2b3b..fea94dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ lintian (2.5.5) UNRELEASED; urgency=low
* Summary of tag changes:
+ Added:
- dependency-is-not-multi-archified
+ - executable-debhelper-file-without-being-executable
+ - package-file-is-executable
- preinst-uses-dpkg-maintscript-helper-without-predepends
- shlib-in-multi-arch-foreign-package
+ Removed:
@@ -20,6 +22,9 @@ lintian (2.5.5) UNRELEASED; urgency=low
+ [NT] Do not check executable debhelper files for brace
expansion if compat is 9 (or greater). It may be allowed by
tool interpretting the file.
+ + [NT] Added checks for handling executable files in the
+ debian dir. Thanks to Joey Hess and Arno Töll for the
+ reports. (Closes: #651572, #651330)
* checks/fields{,.desc}:
+ [JW] Properly handle uploader names with commas.
(Closes: #485705)
diff --git a/t/tests/debhelper-executable-files-compat-9/debian/debian/compat b/t/tests/debhelper-executable-files-compat-9/debian/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/t/tests/debhelper-executable-files-compat-9/debian/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/t/tests/debhelper-executable-files-compat-9/debian/debian/docs b/t/tests/debhelper-executable-files-compat-9/debian/debian/docs
new file mode 100755
index 0000000..438f2fd
--- /dev/null
+++ b/t/tests/debhelper-executable-files-compat-9/debian/debian/docs
@@ -0,0 +1,2 @@
+#! /bin/sh
+# This is acceptable (though useless)
diff --git a/t/tests/debhelper-executable-files-compat-9/debian/debian/manpages b/t/tests/debhelper-executable-files-compat-9/debian/debian/manpages
new file mode 100755
index 0000000..094e005
--- /dev/null
+++ b/t/tests/debhelper-executable-files-compat-9/debian/debian/manpages
@@ -0,0 +1,2 @@
+# /o\ this is bad...
+
diff --git a/t/tests/debhelper-internal-files/debian/debian/rules b/t/tests/debhelper-executable-files-compat-9/debian/debian/rules
similarity index 56%
copy from t/tests/debhelper-internal-files/debian/debian/rules
copy to t/tests/debhelper-executable-files-compat-9/debian/debian/rules
index b792adb..44e34f9 100755
--- a/t/tests/debhelper-internal-files/debian/debian/rules
+++ b/t/tests/debhelper-executable-files-compat-9/debian/debian/rules
@@ -3,5 +3,4 @@
%:
dh $@
-clean:
- # No such thing
+override_dh_installman:
diff --git a/t/tests/debhelper-executable-files-compat-9/desc b/t/tests/debhelper-executable-files-compat-9/desc
new file mode 100644
index 0000000..1719b16
--- /dev/null
+++ b/t/tests/debhelper-executable-files-compat-9/desc
@@ -0,0 +1,7 @@
+Testname: debhelper-executable-files-compat-9
+Sequence: 6000
+Version: 1.0
+Options: --suppress-tags
+ package-needs-versioned-debhelper-build-depends
+Description: Tests related to executable packaging files
+Test-For: executable-debhelper-file-without-being-executable
diff --git a/t/tests/debhelper-executable-files-compat-9/tags b/t/tests/debhelper-executable-files-compat-9/tags
new file mode 100644
index 0000000..1da8f57
--- /dev/null
+++ b/t/tests/debhelper-executable-files-compat-9/tags
@@ -0,0 +1 @@
+E: debhelper-executable-files-compat-9 source: executable-debhelper-file-without-being-executable debian/manpages
diff --git a/t/tests/debhelper-executable-files/debian/debian/manpages b/t/tests/debhelper-executable-files/debian/debian/manpages
new file mode 100755
index 0000000..1a24852
--- /dev/null
+++ b/t/tests/debhelper-executable-files/debian/debian/manpages
@@ -0,0 +1 @@
+#!/bin/sh
diff --git a/t/tests/debhelper-executable-files/desc b/t/tests/debhelper-executable-files/desc
new file mode 100644
index 0000000..735941c
--- /dev/null
+++ b/t/tests/debhelper-executable-files/desc
@@ -0,0 +1,5 @@
+Testname: debhelper-executable-files
+Sequence: 6000
+Version: 1.0
+Description: Tests related to executable packaging files
+Test-For: package-file-is-executable
diff --git a/t/tests/debhelper-executable-files/pre_build b/t/tests/debhelper-executable-files/pre_build
new file mode 100755
index 0000000..0bb1b9a
--- /dev/null
+++ b/t/tests/debhelper-executable-files/pre_build
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+DIR="$1"
+
+for FILE in control copyright changelog ; do
+ chmod +x "$DIR/debian/$FILE"
+done
+
diff --git a/t/tests/debhelper-executable-files/tags b/t/tests/debhelper-executable-files/tags
new file mode 100644
index 0000000..62bdd41
--- /dev/null
+++ b/t/tests/debhelper-executable-files/tags
@@ -0,0 +1,4 @@
+W: debhelper-executable-files source: package-file-is-executable debian/changelog
+W: debhelper-executable-files source: package-file-is-executable debian/control
+W: debhelper-executable-files source: package-file-is-executable debian/copyright
+W: debhelper-executable-files source: package-file-is-executable debian/manpages
--
Debian package checker
Reply to: