[SCM] Debian package checker branch, master, updated. 2.5.4-75-gc1ceb87
The following commit has been merged in the master branch:
commit c6f938ab496d4408cdf19e08bbb0d81441914ed6
Author: Gergely Nagy <algernon@balabit.hu>
Date: Fri Dec 23 11:31:22 2011 +0100
Add a test for unallowed use of private dh-exec helpers.
dh-exec is meant to be used via /usr/bin/dh-exec, if only a single
helper (or another set) is desired, the --with and --without options
can be used.
This lintian check implements a test that emits an error when it finds
/usr/lib/dh-exec/* in a dh-exec using package.
Modifications to original patch:
- Use a different regex delimiter for readability
- Removed unneeded "stringification" of a variable
Signed-off-by: Gergely Nagy <algernon@balabit.hu>
Signed-off-by: Niels Thykier <niels@thykier.net>
diff --git a/checks/debhelper b/checks/debhelper
index a955bcd..a0c85c6 100644
--- a/checks/debhelper
+++ b/checks/debhelper
@@ -350,7 +350,10 @@ foreach my $file (sort readdir(DEBIAN)) {
}
# Do not make assumptions about the contents of an
- # executable debhelper file.
+ # executable debhelper file, unless it's a dh-exec
+ # script.
+ _check_dh_exec ($cmd, "debian/$file", "$droot/$file")
+ if ( $cmd =~ /dh-exec/);
next;
}
}
@@ -483,6 +486,17 @@ sub _tag_if_executable {
tag 'package-file-is-executable', "debian/$file" if -f $path && -x _;
}
+# Perform various checks on a dh-exec file.
+sub _check_dh_exec {
+ my ($cmd, $pkgpath, $fspath) = @_;
+
+ # Only /usr/bin/dh-exec is allowed, even if
+ # /usr/lib/dh-exec/dh-exec-subst works too.
+ if ( $cmd =~ m,/usr/lib/dh-exec/, ) {
+ tag 'dh-exec-private-helper', $pkgpath;
+ }
+}
+
# Return the command after the #! in the file (if any).
# - if there is no command or no #! line, the empty string is returned.
sub _shebang_cmd {
diff --git a/checks/debhelper.desc b/checks/debhelper.desc
index 9c0aa71..f4783a7 100644
--- a/checks/debhelper.desc
+++ b/checks/debhelper.desc
@@ -327,3 +327,11 @@ Info: The packaging file is marked exectuable, but it does not appear to be
If debhelper file is not supposed to be executable, please remove the
executable bit from it.
+Tag: dh-exec-private-helper
+Severity: important
+Certainty: certain
+Info: The packaging file uses dh-exec, but it does not use /usr/bin/dh-exec.
+ .
+ If running dh-exec with the default set of helpers is not desired,
+ use its --with or --without options instead of directly using the
+ desired helper.
diff --git a/t/tests/debhelper-executable-files-compat-9/debian/debian/compat b/t/tests/debhelper-dh-exec/debian/debian/compat
similarity index 100%
copy from t/tests/debhelper-executable-files-compat-9/debian/debian/compat
copy to t/tests/debhelper-dh-exec/debian/debian/compat
diff --git a/t/tests/debhelper-dh-exec/debian/debian/manpages b/t/tests/debhelper-dh-exec/debian/debian/manpages
new file mode 100755
index 0000000..110b931
--- /dev/null
+++ b/t/tests/debhelper-dh-exec/debian/debian/manpages
@@ -0,0 +1,2 @@
+#! /usr/lib/dh-exec/dh-exec-subst
+## The above works, but is not recommended.
diff --git a/t/tests/debhelper-executable-files-compat-9/debian/debian/rules b/t/tests/debhelper-dh-exec/debian/debian/rules
similarity index 100%
copy from t/tests/debhelper-executable-files-compat-9/debian/debian/rules
copy to t/tests/debhelper-dh-exec/debian/debian/rules
diff --git a/t/tests/debhelper-dh-exec/desc b/t/tests/debhelper-dh-exec/desc
new file mode 100644
index 0000000..3abf0ea
--- /dev/null
+++ b/t/tests/debhelper-dh-exec/desc
@@ -0,0 +1,8 @@
+Testname: debhelper-dh-exec
+Sequence: 6000
+Version: 1.0
+Options: --suppress-tags
+ package-needs-versioned-debhelper-build-depends
+Description: Tests related to executable, dh-exec using packaging files
+Test-For:
+ dh-exec-private-helper
diff --git a/t/tests/debhelper-dh-exec/tags b/t/tests/debhelper-dh-exec/tags
new file mode 100644
index 0000000..4224fd0
--- /dev/null
+++ b/t/tests/debhelper-dh-exec/tags
@@ -0,0 +1 @@
+E: debhelper-dh-exec source: dh-exec-private-helper debian/manpages
--
Debian package checker
Reply to: