Package: lintian
Version: 2.5.8
Severity: wishlist
[#657699 is a special case of this]
Hi,
It would be useful to have a check for .pc (pkg-config) files
introducing flags they probably should not, like Cflags -O2, -g or
-DNDEBUG.
I went through all the .pc files in the current sid amd64 archive.
Here are some examples I consider suspicious:
Cflags field
============
Some "interesting" examples from the archive:
usr/lib/pkgconfig/omnithread3.pc:Cflags: -D__x86_64__ -D__linux__ -D__OSVERSION__=2 -I${includedir}
* The first three look quite obviously bogus to me
usr/lib/pkgconfig/znc.pc:MODFLAGS=-g -DVERSION_EXTRA=\"+deb2\" -D_FORTIFY_SOURCE=2 -O2 -Wall -W -Wno-unused-parameter -Woverloaded-virtual -Wshadow -fvisibility=hidden -fPIC -DICONV_CONST=
* Don't know how all these should be caught... But (almost?) all of
these are something that I think shouldn't be there. Probably at
least all -W*, -O*, -g* should trigger a warning, ditto for
-D_FORTIFY_SOURCE=*? What about -fPIC and -fPIE?
usr/lib/pkgconfig/dolfin.pc:Cflags: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 -frounding-math -fopenmp -DDOLFIN_VERSION=\"1.0.0\" -DBOOST_UBLAS_NDEBUG -DHAS_SLEPC -DHAS_PETSC -DHAS_UMFPACK -DHAS_CHOLMOD -DHAS_SCOTCH -DHAS_CGAL -DHAS_ZLIB -DHAS_MPI -DMPICH_IGNORE_CXX_SEEK -DHAS_OPENMP -I${includedir} -I/usr/lib/openmpi/include/openmpi -I/usr/lib/openmpi/include -I/usr/lib/openmpi/include/openmpi -I/usr/lib/openmpi/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/scotch -I/usr/include/suitesparse -I/usr/include/suitesparse -I/usr/lib/openmpi/include/openmpi -I/usr/lib/openmpi/include -I/usr/include/suitesparse -I/usr/include/scotch -I/usr/include/spooles -I/usr/include -I/usr/lib/petscdir/3.2/linux-gnu-c-opt/include -I/usr/lib/petscdir/3.2/include -I/usr/lib/slepcdir/3.2/include -I/usr/lib/slepcdir/3.2/linux-gnu-c-opt/include -I/usr/lib/slepcdir/3.2 -I/usr/include -I/usr/include -I/usr/include -I/usr/include/libxml2
* -fstack-protector, --param=ssp-buffer-size=4, -frounding-math, probably -DHAS_*
usr/lib/pkgconfig/clam_core.pc:Cflags: -I${includedir} -DCLAM_FLOAT -DUSE_XERCES=1 -DCLAM_USE_XML -DCLAM_USE_XML -DUSE_LADSPA=1 -I/usr/local/include
* -I/usr/local/* seems wrong
usr/lib/pkgconfig/scilab.pc:Cflags: -I${includedir} -lieee -lSM -lncurses -ltk8.4 -ltcl8.4 -ldl
* having -l* in Cflags seems weird
usr/lib/pkgconfig/meep.pc:Cflags: -I${includedir} -malign-double -march=core2
* -march=core2 will probably make the result crash on some other archs
usr/lib/pkgconfig/libview.pc:Cflags: -I${includedir} @PACKAGE_CFLAGS@
usr/lib/pkgconfig/sfst-1.2.pc:Cflags: -I${includedir}/sfst-1.0 -I${libdir}/sfst-1.0/include @SFST_CFLAGS@
* not sure what this does. There's no mention of PACKAGE_CFLAGS or
SFST_CFLAGS anywhere else.
usr/lib/x86_64-linux-gnu/pkgconfig/opensaml.pc:Cflags: -I${includedir} -pthread -g -Wall -O2 -O2 -DNDEBUG
* -DNDEBUG will surprise the user by making assertions not work
usr/lib/pkgconfig/libspatialindex.pc:Cflags: -I${includedir}/spatialindex -Wall -Wno-long-long -pedantic
* -pedantic
usr/lib/pkgconfig/commoncpp.pc:Cflags: -Wno-long-long -DNEW_STDCPP -pthread -fno-check-new -finline -fvisibility=hidden -DUCOMMON_VISIBILITY=1
* at least -fno-check-new, -finline
usr/lib/pkgconfig/libhocr-gtk.pc:Cflags: -I@pkgincludedir@
usr/lib/pkgconfig/drizzle.pc:pkgincludedir=@pkgincludedir@
* the latter is not used in Cflags, but might still be worth
catching...
* Also, some .pc files include fields named CFlags (instead of Cflags)
or some such. My impression is that the field name is case
sensitive, so that may not do what is intended. I did not check
this, though.
Some packages make automatic checking harder:
usr/lib/x86_64-linux-gnu/pkgconfig/volk.pc:LV_CXXFLAGS=
usr/lib/x86_64-linux-gnu/pkgconfig/volk.pc:Cflags: -I${includedir} ${LV_CXXFLAGS}
* nothing wrong with this per se
usr/lib/pkgconfig/codeblocks.pc:Cflags: -I${includedir}/codeblocks \
usr/lib/pkgconfig/codeblocks.pc: -I${includedir}/codeblocks/tinyxml \
usr/lib/pkgconfig/codeblocks.pc: -I${includedir}/codeblocks/scripting/include \
usr/lib/pkgconfig/codeblocks.pc: -I${includedir}/codeblocks/scripting/bindings \
* continued lines may also hide stuff from a dumb checker
Other fields
============
usr/lib/x86_64-linux-gnu/pkgconfig/libbt.pc:Libs: -L${libdir} -lbt -Wl,-z,relro -L/usr/lib -L/usr/local/lib
* -L/usr/local/lib
usr/share/doc/libopal-doc/examples/samples/opal.pc:Libs: -L/usr/local/src/pkg-voip/build-area/opal-3.10.4~dfsg/lib_linux_x86_64 -L${libdir} -lopal${suffix}
* weird -L
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.0 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages lintian depends on:
ii binutils 2.22-6.1
ii bzip2 1.0.6-3
ii diffstat 1.55-3
ii file 5.11-1
ii gettext 0.18.1.1-9
ii hardening-includes 2.1
ii intltool-debian 0.35.0+20060710.1
ii libapt-pkg-perl 0.1.26+b1
ii libc-bin 2.13-33
ii libclass-accessor-perl 0.34-1
ii libclone-perl 0.31-1+b2
ii libdpkg-perl 1.16.4
ii libemail-valid-perl 0.190-1
ii libipc-run-perl 0.91-1
ii libparse-debianchangelog-perl 1.2.0-1
ii libtimedate-perl 1.2000-1
ii liburi-perl 1.60-1
ii locales 2.13-33
ii locales-all [locales] 2.13-33
ii man-db 2.6.1-2
ii patchutils 0.3.2-1.1
ii perl [libdigest-sha-perl] 5.14.2-11
ii unzip 6.0-6
lintian recommends no packages.
Versions of packages lintian suggests:
ii binutils-multiarch 2.22-6.1
ii dpkg-dev 1.16.4
ii libhtml-parser-perl 3.69-2
ii libtext-template-perl 1.45-2
ii man-db 2.6.1-2
ii xz-utils 5.1.1alpha+20110809-3
-- no debconf information
Attachment:
signature.asc
Description: Digital signature