[SCM] Debian package checker branch, master, updated. 2.5.11-10-g28e7012

To: debian-lint-maint@lists.debian.org
Subject: [SCM] Debian package checker branch, master, updated. 2.5.11-10-g28e7012
From: "Niels Thykier" <niels@thykier.net>
Date: Tue, 18 Dec 2012 21:55:31 +0000
Message-id: <[🔎] E1Tl58N-0005i1-OK@vasks.debian.org>
The following commit has been merged in the master branch:
commit 28e7012073e6b14dee4f63ecf35a02a0c5ce7921
Author: Bastien ROUCARIÈS <roucaries.bastien@gmail.com>
Date:   Sun Dec 16 20:29:20 2012 +0100

    c/files: Add a few new path forbidden
    
    [nthykier:
     - Do not emit file-in-unusual-dir for /root and /home paths
       with a stronger tag emitted for those.
     - Fix Test-For list in test desc.
    }
    
    Signed-off-by: Niels Thykier <niels@thykier.net>

diff --git a/checks/files b/checks/files
index 3d5ee97..01a3ac0 100644
--- a/checks/files
+++ b/checks/files
@@ -336,6 +336,10 @@ foreach my $file ($info->sorted_index) {
         elsif ($file =~ m,^etc/modprobe\.d/(.+)$, and $1 !~ m,\.conf$, and !$index_info->is_dir) {
             tag 'non-conf-file-in-modprobe.d', $file;
         }
+        #---------------- /etc/opt
+        elsif ($file =~ m,^etc/opt/.,) {
+            tag 'dir-or-file-in-etc-opt', $file;
+        }
         #----------------- /etc/pam.conf
         elsif ($file =~ m,^etc/pam.conf, and $pkg ne 'libpam-runtime' ) {
             tag 'config-file-reserved', "$file by libpam-runtime";
@@ -639,6 +643,13 @@ foreach my $file ($info->sorted_index) {
     } elsif ($file =~ m,^servers/.,) {
         next;
     }
+    # -------------- /home
+    elsif ($file =~ m,^home/.,) {
+       tag 'dir-or-file-in-home', $file;
+    }
+    elsif ($file =~ m,^root/.,) {
+       tag 'dir-or-file-in-home', $file;
+    }
     # ---------------- /tmp, /var/tmp, /usr/tmp
     elsif ($file =~ m,^tmp/., or $file =~ m,^(?:var|usr)/tmp/.,) {
         tag 'dir-or-file-in-tmp', $file;
@@ -657,6 +668,10 @@ foreach my $file ($info->sorted_index) {
     elsif ($file =~ m,^srv/.,) {
         tag 'dir-or-file-in-srv', $file;
     }
+    # build directory
+    elsif ($file =~ m,^var/cache/pbuilder/build/., or $file =~ m,^var/lib/sbuild/., or $file =~ m,^var/lib/buildd/.,) {
+        tag 'dir-or-file-in-build-tree', $file;
+    }
     # ---------------- FHS directory?
     elsif ($file =~ m,^[^/]+/$,o and
            $file !~ m,^(?:bin|boot|dev|etc|home|lib(?:64|32)?|mnt|opt|root|run|sbin|selinux|srv|sys|tmp|usr|var)/,o) {
@@ -700,7 +715,7 @@ foreach my $file ($info->sorted_index) {
                 or $file =~ m,^usr/[^/]+-linux[^/]*/,
                 or $file =~ m,^usr/iraf/,
                 # not allowed, but tested indivudually
-                or $file =~ m,^(?:mnt|opt|run|srv|(?:(?:usr|var)/)?tmp)|var/www/,) {
+                or $file =~ m,^(?:home|mnt|opt|root|run|srv|(?:(?:usr|var)/)?tmp)|var/www/,) {
             tag 'file-in-unusual-dir', $file;
         }
     }
diff --git a/checks/files.desc b/checks/files.desc
index 11ad8b4..ce8b683 100644
--- a/checks/files.desc
+++ b/checks/files.desc
@@ -424,6 +424,13 @@ Info: Debian packages should not install into <tt>/opt</tt>, because it
  is reserved for add-on software.
 Ref: fhs optaddonapplicationsoftwarepackages
 
+Tag: dir-or-file-in-etc-opt
+Severity: serious
+Certainty: certain
+Info: Debian packages should not install into <tt>/etc/opt</tt>, because it
+ is reserved for add-on software.
+Ref: fhs optaddonapplicationsoftwarepackages
+
 Tag: dir-or-file-in-srv
 Severity: serious
 Certainty: certain
@@ -1273,3 +1280,14 @@ Info: The gzip file contains a timestamp that will differ between
  byte-for-byte identical.
  .
  This can usually be fixed by passing -n to gzip.
+
+Tag: dir-or-file-in-home
+Severity: serious
+Certainty: certain
+Info: Debian packages should not install into <tt>/home</tt>, because it
+ is reserved for users.
+
+Tag: dir-or-file-in-build-tree
+Severity: serious
+Certainty: possible
+Info: Your package install file in our build tree.
diff --git a/debian/changelog b/debian/changelog
index 3d334d3..cff35c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,17 @@
 lintian (2.5.12) UNRELEASED; urgency=low
 
+  * Summary of tag changes:
+    + Added:
+      - dir-or-file-in-build-tree
+      - dir-or-file-in-etc-opt
+      - dir-or-file-in-home
+
   * checks/cruft:
     + [NT] Do not emit the license-problem-json-evil tag for
       non-free packages.
+  * checks/files{,.desc}:
+    + [NT] Apply patch from Bastien Roucariès to catch paths
+      in (common) build dirs.  (Closes: #678857)
 
   * lib/Lintian/Collect.pm:
     + [NT] Add "is_non_free" method to easily check of a given
diff --git a/t/tests/files-foo-in-bar/debian/debian/install b/t/tests/files-foo-in-bar/debian/debian/install
index 961eddd..6aca91d 100644
--- a/t/tests/files-foo-in-bar/debian/debian/install
+++ b/t/tests/files-foo-in-bar/debian/debian/install
@@ -28,6 +28,12 @@ bar var/foo
 bar var/lock/foo
 bar var/run/foo
 bar var/www/foo
+bar home/johndoe
+bar root
+bar etc/opt
+bar var/cache/pbuilder/build
+bar var/lib/sbuild
+bar var/lib/buildd
 
 Bar.pm usr/lib/perl5/Foo
 bar.png usr/lib/files-foo-in-bar
diff --git a/t/tests/files-foo-in-bar/desc b/t/tests/files-foo-in-bar/desc
index 5d4f9c0..712bfb2 100644
--- a/t/tests/files-foo-in-bar/desc
+++ b/t/tests/files-foo-in-bar/desc
@@ -4,6 +4,9 @@ Version: 1.0
 Description: Test tags about files or dirs in given paths
 Test-For:
  dir-in-usr-local
+ dir-or-file-in-build-tree
+ dir-or-file-in-etc-opt
+ dir-or-file-in-home
  dir-or-file-in-mnt
  dir-or-file-in-run
  dir-or-file-in-srv
diff --git a/t/tests/files-foo-in-bar/tags b/t/tests/files-foo-in-bar/tags
index d980b09..b5ff6c5 100644
--- a/t/tests/files-foo-in-bar/tags
+++ b/t/tests/files-foo-in-bar/tags
@@ -1,4 +1,11 @@
 E: files-foo-in-bar: dir-in-usr-local usr/local/foo/
+E: files-foo-in-bar: dir-or-file-in-build-tree var/cache/pbuilder/build/bar
+E: files-foo-in-bar: dir-or-file-in-build-tree var/lib/buildd/bar
+E: files-foo-in-bar: dir-or-file-in-build-tree var/lib/sbuild/bar
+E: files-foo-in-bar: dir-or-file-in-etc-opt etc/opt/bar
+E: files-foo-in-bar: dir-or-file-in-home home/johndoe/
+E: files-foo-in-bar: dir-or-file-in-home home/johndoe/bar
+E: files-foo-in-bar: dir-or-file-in-home root/bar
 E: files-foo-in-bar: dir-or-file-in-mnt mnt/foo/
 E: files-foo-in-bar: dir-or-file-in-mnt mnt/foo/bar
 E: files-foo-in-bar: dir-or-file-in-run run/foo/
@@ -43,6 +50,7 @@ W: files-foo-in-bar: executable-not-elf-or-script bin/foo/bar
 W: files-foo-in-bar: executable-not-elf-or-script usr/bin/foo/bar
 W: files-foo-in-bar: file-in-unusual-dir usr/foo/bar
 W: files-foo-in-bar: file-in-unusual-dir usr/local/foo/bar
+W: files-foo-in-bar: file-in-unusual-dir var/cache/pbuilder/build/bar
 W: files-foo-in-bar: file-in-unusual-dir var/foo/bar
 W: files-foo-in-bar: file-in-unusual-dir var/lock/foo/bar
 W: files-foo-in-bar: file-in-unusual-dir var/run/foo/bar

-- 
Debian package checker
Reply to:
Prev by Date: Bug#696230: lintian: Signed Debian control block parsing can be fooled
Next by Date: Processed: limit source to lintian, tagging 678857
Previous by thread: Bug#696230: lintian: Signed Debian control block parsing can be fooled
Next by thread: Processed: limit source to lintian, tagging 678857
Index(es):
- Date
- Thread