[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#668546: marked as done (Add Apache2 checks)

Your message dated Mon, 14 May 2012 22:19:34 +0000
with message-id <E1SU3c6-00014x-GZ@franck.debian.org>
and subject line Bug#668546: fixed in lintian 2.5.7
has caused the Debian Bug report #668546,
regarding Add Apache2 checks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
668546: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668546
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: lintian
Severity: wishlist


Hi,

please consider adding the following checks to Lintian. They add several
checks related to reverse dependencies of Apache HTTPD server packages.

I have no strong opinions about the importance and certainty of most
tags. Feel free to adapt as desired if you feel like.

-- 
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

From 3b694d58943769159e41cc2b6db8c04b72e13a8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arno=20T=C3=B6ll?= <debian@toell.net>
Date: Mon, 2 Apr 2012 19:09:40 +0200
Subject: [PATCH 1/3] Add Apache2 checks

---
 checks/apache2                                     |  271 ++++++++++++++++++++
 checks/apache2.desc                                |  136 ++++++++++
 t/tests/apache2-modules-general/debian/baz.load    |    1 +
 .../debian/debian/control.in                       |   44 ++++
 .../debian/debian/libapache2-mod-foo.dirs          |    2 +
 .../debian/debian/libapache2-mod-foo.install       |    4 +
 .../debian/debian/libapache2-mod-foo2.dirs         |    2 +
 .../debian/debian/libapache2-mod-foo2.install      |    2 +
 .../debian/debian/libapache2-mod-foo2.postinst     |    9 +
 .../debian/debian/libapache2-mod-foo2.postrm       |    9 +
 .../debian/debian/libapache2-modbaz.dirs           |    2 +
 .../debian/debian/libapache2-modbaz.install        |    2 +
 t/tests/apache2-modules-general/debian/foo         |    1 +
 t/tests/apache2-modules-general/debian/foo.conf    |    5 +
 t/tests/apache2-modules-general/debian/foo.load    |    5 +
 t/tests/apache2-modules-general/desc               |   13 +
 t/tests/apache2-modules-general/tags               |   10 +
 .../debian/debian/control.in                       |   47 ++++
 .../debian/debian/phpmyfoo.dirs                    |    1 +
 .../debian/debian/phpmyfoo.install                 |    1 +
 .../debian/debian/phpmyfoo.postinst                |   11 +
 .../debian/debian/phpmyfoo.postrm                  |    8 +
 .../debian/debian/phpmyfoo2.dirs                   |    1 +
 .../debian/debian/phpmyfoo2.install                |    2 +
 .../debian/debian/phpmyfoo3.dirs                   |    1 +
 .../debian/debian/phpmyfoo3.install                |    1 +
 .../debian/local-phpmyfoo2.conf                    |    1 +
 .../debian/phpmyfoo.conf                           |    8 +
 .../debian/phpmyfoo2                               |    1 +
 t/tests/apache2-webapplications-general/desc       |   14 +
 t/tests/apache2-webapplications-general/tags       |   13 +
 31 files changed, 628 insertions(+), 0 deletions(-)
 create mode 100644 checks/apache2
 create mode 100644 checks/apache2.desc
 create mode 100644 t/tests/apache2-modules-general/debian/baz.load
 create mode 100644 t/tests/apache2-modules-general/debian/debian/control.in
 create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.dirs
 create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.install
 create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.dirs
 create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.install
 create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postinst
 create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postrm
 create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.dirs
 create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.install
 create mode 100644 t/tests/apache2-modules-general/debian/foo
 create mode 100644 t/tests/apache2-modules-general/debian/foo.conf
 create mode 100644 t/tests/apache2-modules-general/debian/foo.load
 create mode 100644 t/tests/apache2-modules-general/debian/mod_baz.so
 create mode 100644 t/tests/apache2-modules-general/debian/mod_foo.so
 create mode 100644 t/tests/apache2-modules-general/debian/mod_foo2.so
 create mode 100644 t/tests/apache2-modules-general/desc
 create mode 100644 t/tests/apache2-modules-general/tags
 create mode 100644 t/tests/apache2-webapplications-general/debian/debian/control.in
 create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.dirs
 create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.install
 create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postinst
 create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
 create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.dirs
 create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install
 create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.dirs
 create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.install
 create mode 100644 t/tests/apache2-webapplications-general/debian/local-phpmyfoo2.conf
 create mode 100644 t/tests/apache2-webapplications-general/debian/phpmyfoo.conf
 create mode 100644 t/tests/apache2-webapplications-general/debian/phpmyfoo2
 create mode 100644 t/tests/apache2-webapplications-general/desc
 create mode 100644 t/tests/apache2-webapplications-general/tags

diff --git a/checks/apache2 b/checks/apache2
new file mode 100644
index 0000000..3cc94ed
--- /dev/null
+++ b/checks/apache2
@@ -0,0 +1,271 @@
+# apache2 -- lintian check script -*- perl -*-
+#
+# Copyright © 2012 Arno Töll
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, you can find it on the World Wide
+# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package Lintian::apache2;
+
+use strict;
+use warnings;
+
+use File::Basename;
+use Lintian::Collect::Binary ();
+use Lintian::Tags qw(tag);
+use Lintian::Relation ();
+use Util;
+
+sub run {
+    my $pkg = shift;
+    my $type = shift;
+    my $info = shift;
+
+
+    # Do nothing if the package in question appears to be related to
+    # the web server itself
+    return if $pkg =~ m/^apache2(:?\.2)?(?:-\w+)?$/;
+
+    # whether the package appears to be an Apache2 module/web application
+    my $seen_apache2_special_file = 0;
+
+    if ($type eq 'binary') {
+        foreach my $file (@{ $info->sorted_index }) {
+            next if $file eq '';
+            my $file_info = $info->index->{$file};
+
+            # File is probably not relevant to us, ignore it
+            next if $file_info->{type} eq 'd';
+            next if $file !~ m#^(?:usr/lib/apache2/modules/|etc/apache2/)#;
+
+
+            # Package installs an unrecognized file - check this for all files
+            if ($file !~ m#\.conf$# and $file =~ m#^(etc/apache2/(conf|site|mods)-available/(.*))$#)  {
+                my $temp_path = $1;
+                my $temp_type = $2;
+                my $temp_file = $3;
+                # ... except modules which are allowed to ship .load files
+                tag 'apache2-configuration-files-need-conf-suffix', $temp_path
+                    unless $temp_type eq 'mods' and $temp_file =~ m#\.load#;
+            }
+
+            # Package appears to be a binary module
+            if ($file =~ m#^usr/lib/apache2/modules/(.*)\.so#) {
+                check_module_package ($pkg, $info, $1);
+                $seen_apache2_special_file++;
+            }
+
+            # Package appears to be a web application
+            elsif ($file =~ m#^(etc/apache2/(conf|site)-available/(.*))$#) {
+                check_web_application_package ($pkg, $type, $info, $1, $2, $3);
+                $seen_apache2_special_file++;
+            }
+
+            # Package appears to be a legacy web application
+            elsif ($file =~ m#^(etc/apache2/conf\.d/(.*))$#) {
+                tag "apache2-reverse-dependency-uses-obsolete-directory", $1;
+                check_web_application_package ($pkg, $type, $info, $1, 'conf', $2);
+                $seen_apache2_special_file++;
+            }
+
+            # Package does scary things
+            elsif ($file =~ m#^(etc/apache2/(?:conf|sites|mods)-enabled/.*)$#) {
+                tag "apache2-reverse-dependency-ships-file-in-not-allowed-directory", $1;
+                $seen_apache2_special_file++;
+            }
+
+        }
+
+        if ($seen_apache2_special_file) {
+            check_maintainer_scripts ($info);
+        }
+    }
+}
+
+sub check_web_application_package {
+    my ($pkg, $type, $info, $file, $pkgtype, $webapp) = @_;
+
+    tag "non-standard-apache2-configuration-name", $webapp, " != ", "$pkg.conf"
+        if $webapp ne "$pkg.conf" or $webapp =~ m/^local-./;
+
+    my $uncondep = 0;
+    my $datadep = 0;
+
+    for my $type (qw/pre-depends depends recommends/) {
+        my $raw_dependency = $info->field ($type);
+        next unless $raw_dependency;
+        for my $dependency (split /\s*,\s*/, $raw_dependency) {
+            my $relation = $info->relation ($type);
+            # A web application must not depend on apache2-whatever
+            if ($dependency =~ m/\b(apache2(?:\.2)?-(?:common|data|bin))\b/) {
+                tag 'web-application-depends-on-apache2-data-package', $1
+                    unless $datadep++;
+            }
+
+            # ... nor on apache2 only. Moreover, it should be in the form
+            # apache2 | httpd but don't worry about versions, virtual package
+            # don't support that
+            if ($relation->implies ('apache2')) {
+                tag 'web-application-should-not-depend-unconditionally-on-apache2',
+                    unless $uncondep++;
+            }
+        }
+    }
+
+    if (defined $info->index->{$file}) {
+        inspect_conf_file ($info, $pkgtype, $file);
+    }
+
+}
+
+sub check_module_package {
+    my ($pkg, $info, $module) = @_;
+
+    # We want packages to be follow our naming scheme. Modules should be named
+    # libapache2-mod-<foo> if it ships a mod_foo.so
+    my $expected_name = 'libapache2-' . $module;
+
+    # Package depends on apache2-api-YYYYMMDD
+    my $seen_api_dependency = 0;
+
+    $expected_name =~ tr/_/-/;
+    if ( $expected_name ne $pkg ) {
+        tag 'non-standard-apache2-module-package-name', $pkg, " != ", $expected_name;
+    }
+
+    for my $type (qw/pre-depends depends recommends/)  {
+        my $raw_dependency = $info->field($type);
+        next unless $raw_dependency;
+        for my $dependency (split /\s*,\s*/, $raw_dependency) {
+            # no no no, do not depend on our real packages. A module must not
+            # depend on apache2-common or even worse apache2.
+            if ($dependency =~ m/\b(apache2(?:\.2)?-(?:common|data|bin))\b/) {
+                tag 'apache2-module-depends-on-real-apache2-package', $1;
+            }
+            # ... on the other hand, module packages must depend on
+            # apache2-api-YYYYMMDD
+            if (($type eq 'depends' or $type eq 'pre-depends') and $dependency =~ m/\bapache2-api-\d+\b/) {
+                $seen_api_dependency++;
+            }
+        }
+    }
+
+    if (not $seen_api_dependency) {
+        tag 'apache2-module-does-not-depend-on-apache2-api';
+    }
+
+    # The module is called mod_foo.so, thus the load file is expected to be
+    # named foo.load
+    my $load_file = $module;
+    my $conf_file = $module;
+    $load_file =~ s#^mod.(.*)$#etc/apache2/mods-available/$1.load#;
+    $conf_file =~ s#^mod.(.*)$#etc/apache2/mods-available/$1.conf#;
+
+    if (defined $info->index->{$load_file}) {
+        inspect_conf_file ($info, "mods", $load_file);
+    } else {
+        tag 'apache2-module-does-not-ship-load-file', $load_file;
+    }
+
+    if (defined $info->index->{$conf_file}) {
+        inspect_conf_file ($info, "mods", $conf_file);
+    }
+
+}
+
+
+sub check_maintainer_scripts {
+    my ($info) = @_;
+
+    open my $fd, '<', 'control-scripts' or fail "cannot open lintian control-scripts file: $!";
+
+    while (<$fd>)
+    {
+        m/^(\S*) (.*)$/ or fail("bad line in control-scripts file: $_");
+        my $interpreter = $1;
+        my $file = $2;
+        my $filename = $info->control ($file);
+
+        # Don't follow links
+        next if -l $filename;
+        # Don't try to parse the file if it does not appear to be a shell script
+        next if $interpreter !~ m/sh\b/;
+
+        open my $sfd, '<', $filename or fail "cannot open maintainer script $filename: $!";
+        while (<$sfd>) {
+            # skip comments
+            next if substr ($_, 0, $-[0]) =~ /#/;
+
+            # Do not allow reverse dependencies to call "a2enmod" and friends
+            # directly
+            if (m/\b(a2(?:en|dis)(?:conf|site|mod))\b/) {
+                tag 'apache2-reverse-dependency-calls-wrapper-script', $file, $1;
+            }
+
+            # Do not allow reverse dependencies to call "invoke-rc.d apache2
+            if (m/invoke-rc\.d\s+apache2/) {
+                tag 'apache2-reverse-dependency-calls-invoke-rc.d', $file;
+            }
+
+            # XXX: Check whether apache2-maintscript-helper is used
+            # unconditionally e.g. not protected by a [ -e ], [ -x ] or so.
+            # That's going to be complicated. Or not possible without grammar
+            # parser.
+        }
+        close $sfd;
+    }
+
+    close $fd;
+}
+
+
+sub inspect_conf_file {
+    my ($info, $conftype, $file) = @_;
+
+
+    my $filename =  $info->unpacked ($file);
+    # Don't follow links
+    return if -l $filename;
+    open my $fd, '<', $filename or fail "cannot open configuration file $filename: $!";
+    while (<$fd>)  {
+        # only check until the first non-empty non-comment line. That follows
+        # the a2enmod reference implementation
+        last unless m/^\s*(?:#.*)?$/;
+
+        if (m/^#\s*(Depends|Conflicts):\s+(.*?)\s*$/) {
+            tag 'apache2-unsupported-dependency', $file, $1
+                if $1 eq 'Conflicts' and $conftype ne 'mods';
+            my @dependencies = split( /[\n\s]+/, $2 );
+            foreach my $dep (@dependencies) {
+                tag 'apache2-unparseable-dependency', $file, $dep
+                    if $dep =~ m/\W/ or
+                       $dep =~ /^mod\_/ or
+                       $dep =~ m/\.(?:conf|load)/;
+            }
+        }
+
+    }
+    close $fd;
+
+}
+
+1;
+
+# Local Variables:
+# indent-tabs-mode: nil
+# cperl-indent-level: 4
+# End:
+# vim: syntax=perl sw=4 sts=4 sr et
diff --git a/checks/apache2.desc b/checks/apache2.desc
new file mode 100644
index 0000000..60ea8dc
--- /dev/null
+++ b/checks/apache2.desc
@@ -0,0 +1,136 @@
+Check-Script: apache2
+Author: Arno Töll <debian@toell.net>
+Abbrev: apache2
+Type: binary
+Info: Checks various build mistakes in Apache2 reverse dependencies
+Needs-Info: index, scripts, unpacked
+
+Tag: non-standard-apache2-module-package-name
+Severity: normal
+Certainty: certain
+Info: The package appears to be an Apache2 HTTPD server module but it isn't
+ following the module naming scheme. Apache2 HTTPD modules should be called
+ <tt>libapache2-mod-name</tt> with <tt>mod-name</tt> being the actual
+ <tt>mod_name.so</tt> equivalent.
+
+
+Tag: apache2-module-depends-on-real-apache2-package
+Severity: serious
+Certainty: certain
+Info: The package is an Apache2 HTTPD server module but it depends on a real
+ Apache2 package. Binary module packages must depend on the virtual
+ <tt>apache2-api-YYYYMMNN</tt> package only in order to ease transitions in
+ future.
+ .
+ In particular, module packages must not pull the full web server or any of its
+ associated data packages as a depdendency. That's left to the user.
+
+
+Tag: apache2-module-does-not-depend-on-apache2-api
+Severity: serious
+Certainty: certain
+Info: The package is an Apache2 HTTPD server module but does not declare a
+ strong binary relation against the Apache2 server binary it links against. Modules
+ must depend on the <tt>apache2-api-YYYYMMNN</tt> package provided as a virtual
+ package by <tt>apache2-bin</tt>.
+
+Tag: apache2-module-does-not-ship-load-file
+Severity: serious
+Certainty: certain
+Info: The package is an Apache2 HTTPD server module but does not ship a
+ "<tt>.load</tt>" file or it was installed under an unexpected name. The load
+ files in "<tt>/etc/apache2/mods-available</tt>" are required to interact with
+ the server package to enable and disable the module and must match the module
+ name without "<tt>mod_</tt> prefix, e.g. <tt>mod_foo</tt> must ship a load file
+ named "<tt>foo.load</tt>".
+
+Tag: apache2-reverse-dependency-ships-file-in-not-allowed-directory
+Severity: serious
+Certainty: certain
+Info: The package installs a piece of Apache2 configuration to
+ <tt>/etc/apache2/{sites,mods,conf}-enabled</tt>. This is not allowed. Instead
+ the respective <tt>/etc/apache2/{sites,mods,conf}-available</tt> counterparts
+ must be used.
+
+
+Tag: non-standard-apache2-configuration-name
+Severity: normal
+Certainty: certain
+Info: The package appears to be a web application which is installing a
+ configuration file for the Apache2 HTTPD server. To avoid name clashes, any file
+ installed to <tt>/etc/apache2/{sites,conf}-availabe</tt> should match the binary package
+ name and must not start with <tt>local-</tt>.
+
+
+Tag: apache2-reverse-dependency-calls-wrapper-script
+Severity: normal
+Certainty: certain
+Info: The package is calling an Apache2 configuration wrapper script (e.g.
+ <tt>a2enmod</tt>, <tt>a2enconf</tt>, <tt>a2enconf</tt>, ...). Maintainer
+ scripts should not be calling these scripts directly. To achieve a uniform and
+ consolidated behavior these scripts should be invoked indirectly by using
+ apache2-maintscript-helper.
+
+
+Tag: web-application-depends-on-apache2-data-package
+Severity: normal
+Certainty: certain
+Info: The package appears to be a web application but declares a package
+ relation with <tt>apache2-bin</tt>, <tt>apache2-data</tt> or any of its
+ transitional packages. However, web applications are rarely bound to a specific
+ web server version. Thus, they should depend on <tt>apache2</tt> only instead.
+ If a web application is actually tied to a particular binary version of the web
+ server a dependency against the virtual <tt>apache2-api-YYYYMMDD</tt> package
+ is more appropriate.
+
+Tag: web-application-should-not-depend-unconditionally-on-apache2
+Severity: normal
+Certainty: certain
+Info: The package appears to be a web application but declares a dependency
+ against <tt>apache2</tt> without any alternative. Most web applications should
+ work with any decent web server, thus such a package should be satisfied if any
+ web server providing the virtual "<tt>httpd</tt>" package is installed. This
+ can be accomplished by declaring a package relation in the form "<tt>apache2 |
+ httpd</tt>".
+
+Tag: apache2-reverse-dependency-calls-invoke-rc.d
+Severity: normal
+Certainty: certain
+Info: The package is invoking apache2's init script in its maintainer script
+ albeit it shouldn't do so. Reverse dependencies installing apache2
+ configuration pieces should not restart the web server uncondtionally in
+ maintainer scripts. Instead they should be using apache2-maintscript-helper
+ which correctly obeys local policies.
+
+Tag: apache2-reverse-dependency-uses-obsolete-directory
+Severity: normal
+Certainty: certain
+Info: The package is installing a file into the obsolete
+ <tt>/etc/apache2/conf.d/</tt> directory. This file is not read by the Apache2
+ 2.4 web server anymore. Instead <tt>/etc/apache2/conf-available/</tt> should be
+ used.
+
+Tag: apache2-configuration-files-need-conf-suffix
+Severity: important
+Certainty: certain
+Info: The package is installing an Apache2 configuration but that file does not
+ end with a '<tt>.conf</tt>' suffix. Starting with Apache2 2.4 all configuration
+ files except module '<tt>.load</tt>' files need that suffix or are ignored otherwise.
+
+
+Tag: apache2-unparseable-dependency
+Severity: normal
+Certainty: certain
+Info: The package is declaring a module dependency within an Apache
+ configuration file which does not meet the requirements. Dependencies must be
+ declared without paths, leading "<tt>mod_</tt>" prefix and without file
+ extension.
+
+Tag: apache2-unsupported-dependency
+Severity: normal
+Certainty: certain
+Info: The package is declaring a module dependency within an Apache
+ configuration file which is not supported there. Dependencies are supported in
+ module '<tt>.load</tt>' files, and web application '<tt>.conf</tt>' files,
+ conflicts in '<tt>.load</tt> files only.
+
diff --git a/t/tests/apache2-modules-general/debian/baz.load b/t/tests/apache2-modules-general/debian/baz.load
new file mode 100644
index 0000000..cb28fab
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/baz.load
@@ -0,0 +1 @@
+LoadModule baz_module /usr/lib/apache2/modules/mod_baz.so
diff --git a/t/tests/apache2-modules-general/debian/debian/control.in b/t/tests/apache2-modules-general/debian/debian/control.in
new file mode 100644
index 0000000..f3d2935
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/debian/control.in
@@ -0,0 +1,44 @@
+Source: {$srcpkg}
+Section: web
+Priority: extra
+Maintainer:  Big Kahuna <kahuna@example.com>
+Uploaders: {$author}
+Standards-Version: {$standards_version}
+Build-Depends: debhelper (>= 9)
+
+Package: libapache2-mod-foo
+Architecture: {$architecture}
+Depends: $\{shlibs:Depends\},
+ $\{misc:Depends\},
+ apache2-api-19700101
+Description: {$description}
+ This is a test package designed to exercise some feature or tag of
+ Lintian.  It is part of the Lintian test suite and may do very odd
+ things.  It should not be installed like a regular package.  It may
+ be an empty package.
+
+Package: libapache2-modbaz
+Architecture: {$architecture}
+Depends: $\{shlibs:Depends\},
+ $\{misc:Depends\},
+ apache2.2-common,
+Description: {$description} don't care
+ This is a test package designed to exercise some feature or tag of
+ Lintian.  It is part of the Lintian test suite and may do very odd
+ things.  It should not be installed like a regular package.  It may
+ be an empty package.
+ .
+ To avoid duplicate description warnings this line differs. Ignore me.
+
+Package: libapache2-mod-foo2
+Architecture: {$architecture}
+Depends: $\{shlibs:Depends\},
+ $\{misc:Depends\},
+ apache2-api-19700101,
+Description: {$description} still don't care
+ This is a test package designed to exercise some feature or tag of
+ Lintian.  It is part of the Lintian test suite and may do very odd
+ things.  It should not be installed like a regular package.  It may
+ be an empty package.
+ .
+ To avoid duplicate description warnings this line differs. Still ignore me.
diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.dirs b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.dirs
new file mode 100644
index 0000000..871a471
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.dirs
@@ -0,0 +1,2 @@
+etc/apache2/mods-available
+usr/lib/apache2/modules
diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.install b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.install
new file mode 100644
index 0000000..ac8f7f1
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.install
@@ -0,0 +1,4 @@
+foo.load	/etc/apache2/mods-available
+foo		/etc/apache2/mods-available
+foo.conf	/etc/apache2/mods-available
+mod_foo.so      /usr/lib/apache2/modules/
diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.dirs b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.dirs
new file mode 100644
index 0000000..aec19ee
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.dirs
@@ -0,0 +1,2 @@
+etc/apache2/mods-enabled
+usr/lib/apache2/modules
diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.install b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.install
new file mode 100644
index 0000000..8aab3d1
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.install
@@ -0,0 +1,2 @@
+foo.conf	/etc/apache2/mods-enabled
+mod_foo2.so	/usr/lib/apache2/modules/
diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postinst b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postinst
new file mode 100644
index 0000000..8f6847d
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postinst
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+set -e
+
+if [ "$1" = 'configure' ] ; then
+	a2enmod -q foo2
+fi
+
+#DEBHELPER#
diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postrm b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postrm
new file mode 100644
index 0000000..a4c83a6
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postrm
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+set -e
+
+if [ "$1" = 'remove' ] ; then
+        a2dismod -q foo2
+fi
+
+#DEBHELPER#
diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.dirs b/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.dirs
new file mode 100644
index 0000000..871a471
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.dirs
@@ -0,0 +1,2 @@
+etc/apache2/mods-available
+usr/lib/apache2/modules
diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.install b/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.install
new file mode 100644
index 0000000..5f2e1f9
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.install
@@ -0,0 +1,2 @@
+baz.load	/etc/apache2/mods-available
+mod_baz.so	/usr/lib/apache2/modules/
diff --git a/t/tests/apache2-modules-general/debian/foo b/t/tests/apache2-modules-general/debian/foo
new file mode 100644
index 0000000..2cc691e
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/foo
@@ -0,0 +1 @@
+<irrelevant>
diff --git a/t/tests/apache2-modules-general/debian/foo.conf b/t/tests/apache2-modules-general/debian/foo.conf
new file mode 100644
index 0000000..bcbc503
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/foo.conf
@@ -0,0 +1,5 @@
+# Depends: notsupportedhere
+
+<Conf>
+	WithDirectives
+</Conf>
diff --git a/t/tests/apache2-modules-general/debian/foo.load b/t/tests/apache2-modules-general/debian/foo.load
new file mode 100644
index 0000000..7f1659f
--- /dev/null
+++ b/t/tests/apache2-modules-general/debian/foo.load
@@ -0,0 +1,5 @@
+# Depends: baz
+# Depends: baz baz2	mod_baz3		baz4.load
+# Conflicts: baz		baz2
+
+LoadModule foo_module /usr/lib/apache2/modules/mod_foo.so
diff --git a/t/tests/apache2-modules-general/debian/mod_baz.so b/t/tests/apache2-modules-general/debian/mod_baz.so
new file mode 100644
index 0000000..e69de29
diff --git a/t/tests/apache2-modules-general/debian/mod_foo.so b/t/tests/apache2-modules-general/debian/mod_foo.so
new file mode 100644
index 0000000..e69de29
diff --git a/t/tests/apache2-modules-general/debian/mod_foo2.so b/t/tests/apache2-modules-general/debian/mod_foo2.so
new file mode 100644
index 0000000..e69de29
diff --git a/t/tests/apache2-modules-general/desc b/t/tests/apache2-modules-general/desc
new file mode 100644
index 0000000..420a0e3
--- /dev/null
+++ b/t/tests/apache2-modules-general/desc
@@ -0,0 +1,13 @@
+Testname: apache2-modules-general
+Sequence: 6000
+Version: 1.0
+Description: Several tests related to Apache2 module packages
+Test-For:
+ apache2-module-depends-on-real-apache2-package
+ apache2-module-does-not-depend-on-apache2-api
+ non-standard-apache2-module-package-name
+ apache2-module-does-not-ship-load-file
+ apache2-reverse-dependency-ships-file-in-not-allowed-directory
+ apache2-reverse-dependency-calls-wrapper-script
+ apache2-configuration-files-need-conf-suffix
+ apache2-unparseable-dependency
diff --git a/t/tests/apache2-modules-general/tags b/t/tests/apache2-modules-general/tags
new file mode 100644
index 0000000..4dd3da0
--- /dev/null
+++ b/t/tests/apache2-modules-general/tags
@@ -0,0 +1,10 @@
+E: libapache2-mod-foo2: apache2-module-does-not-ship-load-file etc/apache2/mods-available/foo2.load
+E: libapache2-mod-foo2: apache2-reverse-dependency-ships-file-in-not-allowed-directory etc/apache2/mods-enabled/foo.conf
+E: libapache2-mod-foo: apache2-configuration-files-need-conf-suffix etc/apache2/mods-available/foo
+E: libapache2-modbaz: apache2-module-depends-on-real-apache2-package apache2.2-common
+E: libapache2-modbaz: apache2-module-does-not-depend-on-apache2-api
+W: libapache2-mod-foo2: apache2-reverse-dependency-calls-wrapper-script postinst a2enmod
+W: libapache2-mod-foo2: apache2-reverse-dependency-calls-wrapper-script postrm a2dismod
+W: libapache2-mod-foo: apache2-unparseable-dependency etc/apache2/mods-available/foo.load baz4.load
+W: libapache2-mod-foo: apache2-unparseable-dependency etc/apache2/mods-available/foo.load mod_baz3
+W: libapache2-modbaz: non-standard-apache2-module-package-name libapache2-modbaz  !=  libapache2-mod-baz
diff --git a/t/tests/apache2-webapplications-general/debian/debian/control.in b/t/tests/apache2-webapplications-general/debian/debian/control.in
new file mode 100644
index 0000000..0b5ffd8
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/debian/control.in
@@ -0,0 +1,47 @@
+Source: {$srcpkg}
+Section: web
+Priority: extra
+Maintainer:  Big Kahuna <kahuna@example.com>
+Uploaders: {$author}
+Standards-Version: {$standards_version}
+Build-Depends: debhelper (>= 9)
+
+Package: phpmyfoo
+Architecture: {$architecture}
+Depends: $\{shlibs:Depends\},
+ $\{misc:Depends\},
+ apache2,
+ apache2-bin
+Description: {$description}
+ This is a test package designed to exercise some feature or tag of
+ Lintian.  It is part of the Lintian test suite and may do very odd
+ things.  It should not be installed like a regular package.  It may
+ be an empty package.
+
+Package: phpmyfoo2
+Architecture: {$architecture}
+Depends: $\{shlibs:Depends\},
+ $\{misc:Depends\},
+ apache2 | httpd
+Description: {$description} - ignore me
+ This is a test package designed to exercise some feature or tag of
+ Lintian.  It is part of the Lintian test suite and may do very odd
+ things.  It should not be installed like a regular package.  It may
+ be an empty package.
+ .
+ Ignore me.
+
+Package: phpmyfoo3
+Architecture: {$architecture}
+Depends: $\{shlibs:Depends\},
+ $\{misc:Depends\},
+ apache2 | lighttpd | httpd
+Description: {$description} - another ignore me
+ This is a test package designed to exercise some feature or tag of
+ Lintian.  It is part of the Lintian test suite and may do very odd
+ things.  It should not be installed like a regular package.  It may
+ be an empty package.
+ .
+ Yet another ignore me.
+
+
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.dirs b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.dirs
new file mode 100644
index 0000000..31e10a9
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.dirs
@@ -0,0 +1 @@
+etc/apache2/conf-available
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.install b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.install
new file mode 100644
index 0000000..2789400
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.install
@@ -0,0 +1 @@
+phpmyfoo.conf	/etc/apache2/conf-available
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postinst b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postinst
new file mode 100644
index 0000000..c4a1988
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postinst
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+set -e
+
+if [ "$1" = 'configure' ] ; then
+	a2enconf -q phpmyfoo
+fi
+
+invoke-rc.d apache2 reload
+
+#DEBHELPER#
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
new file mode 100644
index 0000000..2fffaab
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
@@ -0,0 +1,8 @@
+if [ "$1" = 'configure' ] ; then
+        a2disconf -q phpmyfoo
+fi
+
+invoke-rc.d apache2 reload
+
+#DEBHELPER#
+
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.dirs b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.dirs
new file mode 100644
index 0000000..31e10a9
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.dirs
@@ -0,0 +1 @@
+etc/apache2/conf-available
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install
new file mode 100644
index 0000000..d47d625
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install
@@ -0,0 +1,2 @@
+phpmyfoo2		/etc/apache2/conf-available
+local-phpmyfoo2.conf	/etc/apache2/conf-available
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.dirs b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.dirs
new file mode 100644
index 0000000..e9286b0
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.dirs
@@ -0,0 +1 @@
+etc/apache2/conf.d/
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.install b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.install
new file mode 100644
index 0000000..30fb624
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.install
@@ -0,0 +1 @@
+phpmyfoo.conf	/etc/apache2/conf.d/
diff --git a/t/tests/apache2-webapplications-general/debian/local-phpmyfoo2.conf b/t/tests/apache2-webapplications-general/debian/local-phpmyfoo2.conf
new file mode 100644
index 0000000..2cc691e
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/local-phpmyfoo2.conf
@@ -0,0 +1 @@
+<irrelevant>
diff --git a/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf b/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf
new file mode 100644
index 0000000..783c00a
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf
@@ -0,0 +1,8 @@
+# Depends: bar	bar2.conf
+# Conflicts: notsupportedhere
+
+Alias /foo /usr/share/foo
+
+<Directory /usr/share/foo>
+  WebAppConf
+</Directory>
diff --git a/t/tests/apache2-webapplications-general/debian/phpmyfoo2 b/t/tests/apache2-webapplications-general/debian/phpmyfoo2
new file mode 100644
index 0000000..2cc691e
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/phpmyfoo2
@@ -0,0 +1 @@
+<irrelevant>
diff --git a/t/tests/apache2-webapplications-general/desc b/t/tests/apache2-webapplications-general/desc
new file mode 100644
index 0000000..cd17788
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/desc
@@ -0,0 +1,14 @@
+Testname: apache2-webapplications-general
+Sequence: 6000
+Version: 1.0
+Description: Several tests related to Apache2 web application packages
+Test-For:
+ non-standard-apache2-configuration-name
+ apache2-reverse-dependency-calls-invoke-rc.d
+ apache2-reverse-dependency-calls-wrapper-script
+ web-application-depends-on-apache2-data-package
+ web-application-should-not-depend-unconditionally-on-apache2
+ apache2-reverse-dependency-uses-obsolete-directory
+ apache2-configuration-files-need-conf-suffix
+ apache2-unsupported-dependency
+ apache2-unparseable-dependency
diff --git a/t/tests/apache2-webapplications-general/tags b/t/tests/apache2-webapplications-general/tags
new file mode 100644
index 0000000..86f71fb
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/tags
@@ -0,0 +1,13 @@
+E: phpmyfoo2: apache2-configuration-files-need-conf-suffix etc/apache2/conf-available/phpmyfoo2
+W: phpmyfoo2: non-standard-apache2-configuration-name local-phpmyfoo2.conf  !=  phpmyfoo2.conf
+W: phpmyfoo2: non-standard-apache2-configuration-name phpmyfoo2  !=  phpmyfoo2.conf
+W: phpmyfoo3: apache2-reverse-dependency-uses-obsolete-directory etc/apache2/conf.d/phpmyfoo.conf
+W: phpmyfoo3: apache2-unparseable-dependency etc/apache2/conf.d/phpmyfoo.conf bar2.conf
+W: phpmyfoo3: apache2-unsupported-dependency etc/apache2/conf.d/phpmyfoo.conf Conflicts
+W: phpmyfoo3: non-standard-apache2-configuration-name phpmyfoo.conf  !=  phpmyfoo3.conf
+W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postinst
+W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postinst a2enconf
+W: phpmyfoo: apache2-unparseable-dependency etc/apache2/conf-available/phpmyfoo.conf bar2.conf
+W: phpmyfoo: apache2-unsupported-dependency etc/apache2/conf-available/phpmyfoo.conf Conflicts
+W: phpmyfoo: web-application-depends-on-apache2-data-package apache2-bin
+W: phpmyfoo: web-application-should-not-depend-unconditionally-on-apache2
-- 
1.7.9.1


From 7d925c497d9f58e43caca1e8907f9b5f1142995e Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@sfritsch.de>
Date: Sun, 8 Apr 2012 19:55:54 +0200
Subject: [PATCH 2/3] Add description for deprecated configiguration options

---
 checks/apache2.desc |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/checks/apache2.desc b/checks/apache2.desc
index 60ea8dc..2112d62 100644
--- a/checks/apache2.desc
+++ b/checks/apache2.desc
@@ -134,3 +134,13 @@ Info: The package is declaring a module dependency within an Apache
  module '<tt>.load</tt>' files, and web application '<tt>.conf</tt>' files,
  conflicts in '<tt>.load</tt> files only.
 
+Tag: apache2-deprecated-auth-config
+Severity: normal
+Certainty: certain
+Info: The package is using some of the deprecated auth configuration
+ directives Order, Satisfy, Allow, Deny, <Limit>, or <LimitExcept>.
+ These do not integrate well with the new authorization scheme of Apache
+ 2.4 and, in the case of <Limit> and <LimitExcept>, have confusing
+ semantics. The configuration directives should be replaced with a suitable
+ combination of <RequireAll>, <RequireAny>, Require all, Require local,
+ Require ip, and Require method.
-- 
1.7.9.1


From 7fe22a9fecb53e6867f3ee8208de9b13a1d63681 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arno=20T=C3=B6ll?= <debian@toell.net>
Date: Mon, 9 Apr 2012 22:54:23 +0200
Subject: [PATCH 3/3] * Implement apache2-deprecated-auth-config tag * add a
 test case for apache2-deprecated-auth-config * Use the
 new Lintian::Relation system to parse dependencies

---
 checks/apache2                                     |   39 +++++++-------------
 checks/apache2.desc                                |    9 +++--
 .../debian/phpmyfoo.conf                           |    5 +++
 t/tests/apache2-webapplications-general/desc       |    1 +
 t/tests/apache2-webapplications-general/tags       |    6 +++
 5 files changed, 31 insertions(+), 29 deletions(-)

diff --git a/checks/apache2 b/checks/apache2
index 3cc94ed..a1a989a 100644
--- a/checks/apache2
+++ b/checks/apache2
@@ -26,8 +26,8 @@ use warnings;
 use File::Basename;
 use Lintian::Collect::Binary ();
 use Lintian::Tags qw(tag);
-use Lintian::Relation ();
-use Util;
+use Lintian::Relation qw(:constants);
+use Lintian::Util;
 
 sub run {
     my $pkg = shift;
@@ -138,32 +138,18 @@ sub check_module_package {
     # libapache2-mod-<foo> if it ships a mod_foo.so
     my $expected_name = 'libapache2-' . $module;
 
-    # Package depends on apache2-api-YYYYMMDD
-    my $seen_api_dependency = 0;
-
     $expected_name =~ tr/_/-/;
     if ( $expected_name ne $pkg ) {
         tag 'non-standard-apache2-module-package-name', $pkg, " != ", $expected_name;
     }
 
-    for my $type (qw/pre-depends depends recommends/)  {
-        my $raw_dependency = $info->field($type);
-        next unless $raw_dependency;
-        for my $dependency (split /\s*,\s*/, $raw_dependency) {
-            # no no no, do not depend on our real packages. A module must not
-            # depend on apache2-common or even worse apache2.
-            if ($dependency =~ m/\b(apache2(?:\.2)?-(?:common|data|bin))\b/) {
-                tag 'apache2-module-depends-on-real-apache2-package', $1;
-            }
-            # ... on the other hand, module packages must depend on
-            # apache2-api-YYYYMMDD
-            if (($type eq 'depends' or $type eq 'pre-depends') and $dependency =~ m/\bapache2-api-\d+\b/) {
-                $seen_api_dependency++;
-            }
-        }
+    my $strong = $info->relation ('strong');
+    my $wrec = Lintian::Relation->and ($strong, $info->relation ('recommends'));
+    my $package_name = $wrec->visit( sub { return $_ if m/^(apache2(?:\.2)?-(?:common|data|bin))$/; return undef; }, VISIT_STOP_FIRST_MATCH );
+    if ($package_name) {
+        tag 'apache2-module-depends-on-real-apache2-package', $package_name;
     }
-
-    if (not $seen_api_dependency) {
+    if (! $strong->matches (qr/^apache2-api-\d+$/, VISIT_OR_CLAUSE_FULL )) {
         tag 'apache2-module-does-not-depend-on-apache2-api';
     }
 
@@ -241,9 +227,12 @@ sub inspect_conf_file {
     return if -l $filename;
     open my $fd, '<', $filename or fail "cannot open configuration file $filename: $!";
     while (<$fd>)  {
-        # only check until the first non-empty non-comment line. That follows
-        # the a2enmod reference implementation
-        last unless m/^\s*(?:#.*)?$/;
+
+        for my $directive ('Order', 'Satisfy', 'Allow', 'Deny', '<(|/)Limit.*?>', '<(|/)LimitExcept.*?>') {
+            if (m/($directive)/) {
+                tag 'apache2-deprecated-auth-config', $1;
+            }
+        }
 
         if (m/^#\s*(Depends|Conflicts):\s+(.*?)\s*$/) {
             tag 'apache2-unsupported-dependency', $file, $1
diff --git a/checks/apache2.desc b/checks/apache2.desc
index 2112d62..d917576 100644
--- a/checks/apache2.desc
+++ b/checks/apache2.desc
@@ -137,10 +137,11 @@ Info: The package is declaring a module dependency within an Apache
 Tag: apache2-deprecated-auth-config
 Severity: normal
 Certainty: certain
-Info: The package is using some of the deprecated auth configuration
- directives Order, Satisfy, Allow, Deny, <Limit>, or <LimitExcept>.
+Info: The package is using some of the deprecated authentication configuration
+ directives Order, Satisfy, Allow, Deny, &lt;Limit&gt; or &lt;LimitExcept&gt;
+ .
  These do not integrate well with the new authorization scheme of Apache
- 2.4 and, in the case of <Limit> and <LimitExcept>, have confusing
+ 2.4 and, in the case of &lt;Limit&gt; and &lt;LimitExcept&gt; have confusing
  semantics. The configuration directives should be replaced with a suitable
- combination of <RequireAll>, <RequireAny>, Require all, Require local,
+ combination of &lt;RequireAll&gt;, &lt;RequireAny&gt;, Require all, Require local,
  Require ip, and Require method.
diff --git a/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf b/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf
index 783c00a..32e42f2 100644
--- a/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf
+++ b/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf
@@ -5,4 +5,9 @@ Alias /foo /usr/share/foo
 
 <Directory /usr/share/foo>
   WebAppConf
+  <Limit POST PUT DELETE>
+	  Order deny, allow
+	  Require valid-user
+  </Limit>
 </Directory>
+
diff --git a/t/tests/apache2-webapplications-general/desc b/t/tests/apache2-webapplications-general/desc
index cd17788..0ba9ba0 100644
--- a/t/tests/apache2-webapplications-general/desc
+++ b/t/tests/apache2-webapplications-general/desc
@@ -12,3 +12,4 @@ Test-For:
  apache2-configuration-files-need-conf-suffix
  apache2-unsupported-dependency
  apache2-unparseable-dependency
+ apache2-deprecated-auth-config
diff --git a/t/tests/apache2-webapplications-general/tags b/t/tests/apache2-webapplications-general/tags
index 86f71fb..3f52402 100644
--- a/t/tests/apache2-webapplications-general/tags
+++ b/t/tests/apache2-webapplications-general/tags
@@ -1,10 +1,16 @@
 E: phpmyfoo2: apache2-configuration-files-need-conf-suffix etc/apache2/conf-available/phpmyfoo2
 W: phpmyfoo2: non-standard-apache2-configuration-name local-phpmyfoo2.conf  !=  phpmyfoo2.conf
 W: phpmyfoo2: non-standard-apache2-configuration-name phpmyfoo2  !=  phpmyfoo2.conf
+W: phpmyfoo3: apache2-deprecated-auth-config </Limit>
+W: phpmyfoo3: apache2-deprecated-auth-config <Limit POST PUT DELETE>
+W: phpmyfoo3: apache2-deprecated-auth-config Order
 W: phpmyfoo3: apache2-reverse-dependency-uses-obsolete-directory etc/apache2/conf.d/phpmyfoo.conf
 W: phpmyfoo3: apache2-unparseable-dependency etc/apache2/conf.d/phpmyfoo.conf bar2.conf
 W: phpmyfoo3: apache2-unsupported-dependency etc/apache2/conf.d/phpmyfoo.conf Conflicts
 W: phpmyfoo3: non-standard-apache2-configuration-name phpmyfoo.conf  !=  phpmyfoo3.conf
+W: phpmyfoo: apache2-deprecated-auth-config </Limit>
+W: phpmyfoo: apache2-deprecated-auth-config <Limit POST PUT DELETE>
+W: phpmyfoo: apache2-deprecated-auth-config Order
 W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postinst
 W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postinst a2enconf
 W: phpmyfoo: apache2-unparseable-dependency etc/apache2/conf-available/phpmyfoo.conf bar2.conf
-- 
1.7.9.1

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
--- Begin Message --- 
Source: lintian
Source-Version: 2.5.7

We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive:

lintian_2.5.7.dsc
  to main/l/lintian/lintian_2.5.7.dsc
lintian_2.5.7.tar.gz
  to main/l/lintian/lintian_2.5.7.tar.gz
lintian_2.5.7_all.deb
  to main/l/lintian/lintian_2.5.7_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668546@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niels Thykier <niels@thykier.net> (supplier of updated lintian package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 14 May 2012 23:45:08 +0200
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.7
Distribution: unstable
Urgency: low
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Niels Thykier <niels@thykier.net>
Description: 
 lintian    - Debian package checker
Closes: 614034 628189 648777 649277 649852 650536 657402 660845 663516 664061 664471 664600 666207 666765 668546 671024 671537 672615
Changes: 
 lintian (2.5.7) unstable; urgency=low
 .
   * Summary of tag changes:
     + Added:
       - apache2-configuration-files-need-conf-suffix
       - apache2-deprecated-auth-config
       - apache2-module-depends-on-real-apache2-package
       - apache2-module-does-not-depend-on-apache2-api
       - apache2-module-does-not-ship-load-file
       - apache2-reverse-dependency-calls-invoke-rc.d
       - apache2-reverse-dependency-calls-wrapper-script
       - apache2-reverse-dependency-ships-file-in-not-allowed-directory
       - apache2-reverse-dependency-uses-obsolete-directory
       - apache2-unparseable-dependency
       - apache2-unsupported-dependency
       - diff-contains-quilt-control-dir
       - hardening-no-fortify-functions
       - hardening-no-relro
       - hardening-no-stackprotector
       - non-standard-apache2-configuration-name
       - non-standard-apache2-module-package-name
       - rc-version-greater-than-expected-version
       - udeb-uses-unsupported-compression-for-data-tarball
       - web-application-depends-on-apache2-data-package
       - web-application-should-not-depend-unconditionally-on-apache2
     + Removed:
       - ancient-dpkg-long-filenames-check
       - ancient-dpkg-predepends-check
       - bad-ubuntu-distribution-in-changes-file
       - binary-nmu-uses-old-version-style
       - debian-control-with-duplicate-fields
       - doc-base-file-references-usr-doc
       - duplicate-fields-in-templates
       - manpage-for-non-x11-binary-in-wrong-directory
       - manpage-for-x11-binary-in-wrong-directory
       - missing-dependency-on-install-info
       - obsolete-field
       - old-app-defaults-directory
       - old-style-copyright-file
       - old-style-example-dir
       - package-installs-file-to-usr-x11r6-bin
       - package-installs-font-to-usr-x11r6
       - package-uses-obsolete-file
       - postinst-should-not-set-usr-doc-link
       - raster-image-in-scalable-directory
       - udeb-uses-non-gzip-data-tarball
       - x11-games-should-be-in-usr-games
 .
   * checks/*:
     + [NT] Remove some old tags that are no longer useful.
       (Closes: #663516)
     + [NT] Migrate to sorted_index from sorted_file_info.
     + [NT] Explicitly import needed subs from L::Util.
   * checks/apache2{,.desc}:
     + [NT] New files to check for apache2 related packages.  Thanks
       to Arno Töll and Stefan Fritsch for the patches.
       (Closes: #668546)
     + [NT] This check is not enabled by default.  It can be used
       via the debian/extra-apache2 profile.
   * checks/binaries{,.desc}:
     + [NT] Move embedded library data to a data file.
     + [NT] Add ELF hardening checks.  Thanks to Kees Cook for
       report and the patches.  (Closes: 650536)
     + [NT] Replace architecture tables with data files.
     + [JW] Check for missing Python3 numpy ABI dependency.
       (Closes: #671024)
   * checks/changelog-file:
     + [NT] Output the correct line number for the "line-too-long"
       tag.  Thanks to Arno Töll for the report.  (Closes: #657402)
   * checks/changes-file{,.desc}:
     + [NT] Remove Ubuntu specific handling of distribution names.
       Instead replace it with a more generalized one that derivatives
       can reuse by extending vendor specific data files.  Thanks to
       Daniel Dehennin for the suggestion.  (Closes: #648777)
   * checks/control-file:
     + [NT] Rewrote parts to use Lintian::Collect for fetching data.
   * checks/cruft{,.desc}:
     + [NT] Check for quilt control dirs in the debian packaging files.
   * checks/deb-format{,.desc}:
     + [NT] Replace old udeb compression tag with a more general
       one.  (Closes: #664600)
     + [NT] Remove logic for checking if a deb is meant for
       Ubuntu.  Instead unconditionally emit the tag and let the
       vendor profiles handle it.
   * checks/debconf:
     + [NT] Special case debconf providers for purge-debconf tag.
       Generally they cannot use db_purge in postrm (for obvious
       reasons), so the tag will be a false-positive in such
       cases.
   * checks/fields{,.desc}:
     + [NT] Add devref reference.
     + [NT] Remove special handling of the Ubuntu specific field,
       "original-maintainer".  This field is now handled by vendor
       specific data files.  (Closes: #649852)
     + [JW,NT] Check for common mistakes with preview release and
       release candidate versions.  For non-native packages, this
       check is only done on initial uploads of new upstream
       releases.  Thanks to Stefano Rivera and Julian Taylor for
       their additional suggestions.  (Closes: #649277)
   * checks/filename-length.desc:
     + [ADB, NT] Reword description of package-has-long-file-name.
       Thanks to Andreas Beckmann for suggestion.
   * checks/files{,.desc}:
     + [NT] Remove "manual" lazy loads of data files.
     + [NT] Remove code for the uses-FHS-doc-dir tag.
     + [NT] Extend icon checks to all icon directories and look for
       raster images in "scalable" icon directories.  Thanks to
       Paul Wise for the report and Felix Geyer for the patches.
       (Closes: #628189)
   * checks/group-checks:
     + [NT] Include Provides when checking for conflict relations.
       Thanks to Damyan Ivanov for the report.  (Closes: #672615)
   * checks/java:
     + [NT] Ignore "codeless" jars if they appear to be maven
       javadoc jars.  Thanks to Ludovic Claude for the patch.
       (Closes: #660845)
   * checks/lintian.desc:
     + [NT] Updated the description of the override tags.
   * checks/manpages{,.desc}:
     + [RA] Detect hyphen used as minus sign following a groff \f[C] font
       change.  Thanks, Iustin Pop.  (Closes: #664471)
   * checks/menu-format:
     + [NT] Move menu section lists into a data file.
     + [NT] If a package is missing a menu icon, check its direct strong
       dependencies built from the same source (if any) for the icon.
       This fixes false-positives menu-icon-missing in some cases.
   * checks/menus{,.desc}:
     + [NT] Remove "manual" lazy load of data file.
   * checks/nmu:
     + [NT] Remove Ubuntu specific code to handle their (lack of) NMUs.
       These tags are instead suppressed by the Ubuntu profile.
   * chekcs/rules:
     + [NT] Fix false-positive "ignores-make-clean-error" tag caused by
       using make with -C and a dir containing the letter "i".  Thanks to
       Tobias Hansen for the report.  (Closes: #671537)
   * checks/scripts{,.desc}:
     + [NT] Mention devref 6.4 in command-with-path-in-maintainer-script.
       Thanks to Arno Töll for the patch.
     + [NT] Do not emit unusual-interpreter if the package provides the
       interpreter itself.
     + [NT] Ignore the lack of exec bit on th debconf shell modules.
   * checks/standards-version.desc:
     + [NT] Add references to the Policy upgrading checklist.  Thanks to
       Simon Paillard for the patch.
 .
   * collection/*:
     + [NT] Use Lintian::Collect to access the package index.
   * collection/bin-pkg-control{,.desc}:
     + [NT] Compress control-index file and bump version of
       bin-pkg-control.
   * collection/copyright-file:
     + [NT] Remove code to look for old-style copyright file.
   * collection/file-info{,.desc}:
     + [NT] Compress file-info output and bump version of file-info.
   * collection/hardening-info{,.desc}:
     + [NT] New files.  Thanks to Kees Cook for the patch.
   * collection/index{,.desc}:
     + [NT] Compress index output and bump version of index.
   * collection/java-info{,.desc}:
     + [NT] Compress java-info output and bump version of java-info.
   * collection/objdump-info:
     + [NT] Use "fail" from Lintian::Util.pm rather than embedding a
       copy of it.
     + [NT] Use Lintian::Collect to find ELF files.
     + [NT] Replace all usage of objdump with readelf.
       (Closes: #614034)
     + [NT] Compress objdump-info output and bump version of objdump-info.
   * collection/strings{,.desc}:
     + [NT] Compress strings output and bump version of strings.
 .
   * data:
     + [NT] Move to vendors/debian/ftp-master-auto-reject and replace
       it with a symlink.
   * data/binaries/{arch-{64bit-equivs,regex},hardening-tags}:
     + [NT] New file.
   * data/binaries/embedded-libs:
     + [NT] New file.
     + [NT] Add libav libraries.  Thanks to Andres Mejia for the
       suggestion and the suggested patch.  (Closes: #666765)
   * data/changes-file/{debian-dists -> known-dists}:
     + [NT] Renamed file.
   * data/menu-format/menu-sections:
     + [NT] New file.
 .
   * debian/changelog:
     + [NT] Amend the 2.5.5 to mention that it also added the tag
       binaries-have-file-conflict.
 .
   * frontend/lintian:
     + [JW] Fix typo in error message.
     + [JW,NT] Fix handling of "override" option in the lintianrc file.
       (Closes: #666207)
 .
   * lib/Lintian/Architecture.pm:
     + [NT] Lazily evaluate the data file.
   * lib/Lintian/Collect/Package.pm:
     + [NT] Remove an extra level of quoting in index.
     + [NT] Remove root dir from sorted_index.
     + [NT] Keep trailing slash in dir names for file_info.
   * lib/Lintian/Collect/Binary.pm:
     + [NT] Remove sorted_file_info as sorted_index now produces
       an identical list.
   * lib/Lintian/Data.pm:
     + [NT] Lazily load data files.
     + [NT] Allow pre-process sub to alter existing value for a key
       by passing the previous value as third argument.
     + [NT] Allow vendor specific data files.  They will be loaded
       from LINTIAN_ROOT/vendors/$profile/data.
   * lib/Lintian/Output{,/*}.pm:
     + [NT] Replace non-printables with "?" in output.
   * lib/Lintian/Profile.pm:
     + [NT] Normalize profile name and replace "parents" with
       "profile_list".  The latter also includes the current profile
       name.
   * lib/Lintian/Tag/Info.pm:
     + [NT] Use Lintian::Data to load the manual-references data
       file instead using an ad-hoc parser.
   * lib/{Text_utils => Lintian/Tag/TextUtil}.pm:
     + [NT] Renamed module.
   * lib/{Util => Lintian/Util}.pm:
     + [NT] Renamed Util to Lintian::Util.
     + [JW] Consider duplicate fields a syntax error in dctrl files.
       Previously, duplicate fields were silently ignored (except
       when a separate tag would check for it).  (Closes: #664061)
     + [NT] Stop exported a majority of all subs by default.
 .
   * profiles/ubuntu/main.profile:
     + [NT] Add a number of NMU related tags to the list of disabled
       tags.
 .
   * vendors/ubuntu/main/data/changes-file/known-dists:
     + [NT] New file based on data/changes-file/ubuntu-dists.
     + [ADB] Add "quantal" (Quetzal)
   * vendors/ubuntu/main/data/common/source-fields:
     + [NT] New file.
   * vendors/ubuntu/main/data/fields/{binary,udeb}-fields:
     + [NT] New files.
Checksums-Sha1: 
 0b03babd3aa8571eb0af02af768f7c4fade12fbd 2462 lintian_2.5.7.dsc
 3af1c36dbe4ae3dc7b70aa375107928c28c8555f 1087847 lintian_2.5.7.tar.gz
 2ebf64764da8e9b03cea8555ec6db1cf5da38f59 692506 lintian_2.5.7_all.deb
Checksums-Sha256: 
 0dd400eff2da35e2e1b39370a0edf8a918ce3e3cdd68b6be2fcb53ae8a143e5f 2462 lintian_2.5.7.dsc
 c56d7550e10acb7672708911c7636611d128ab7ec3eded8e70035737581f1a26 1087847 lintian_2.5.7.tar.gz
 5fd3554d5e76aa70334a4a56f87c75fe6a287b9723d64330621d7a423fffb2a0 692506 lintian_2.5.7_all.deb
Files: 
 ab60445e9f6618d0b9349dbc8e3455c3 2462 devel optional lintian_2.5.7.dsc
 ec47bdf0735e61fffd0a582cd76cdb74 1087847 devel optional lintian_2.5.7.tar.gz
 af45b86b4b0a254ab0cb46fab4de2bbf 692506 devel optional lintian_2.5.7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPsYILAAoJEAVLu599gGRCaAEQAIs32SOJUFQMhKA5KMyPX7Ps
Xr74WsCkSbyw5/klXdzkiFkf7mgcpuonYCBucTqRFWqyRCbtFPBtuogR8JSXyuG6
XvI4nOrKmkIGRGj2vnIyL1Jm/oaJZv4gkZBqRNKpQGpTuTk57yqmnl3TzXXDydh8
/HeOzE66XpCGBVqOygbBltQHPKXGE6U0O/h6pwwOglrsiW0/rV0AAY+pbk62TJxx
3NPZjlORSSJLtVgM+EZ1zKY4t+KdmqTXqpGyVhiMhs2u9FKnG3oCUlfPS+2kWFKq
ZDdAD016a5CAH5xcUf3uNujlzuwFDgqjzCGG9c1oH8esvgL+nPKwBiaAeP1/AOTO
aBQRERq4fo41SPFMcq8F5AtHw6AaEfKS5iJ/kSUds+8lI26alCezIRLL1TpbhrqV
/LzLfKbp1aERek00kXr9K/P6Ke3ZCXMvdMqAGBvNvlThmPP0eG7H3IUE6yrHacvi
UAbOjCGSMpJVrAeQ3zXKjFNUwYQ0Ykjqw9gWaWSbpo3RPAzmugBDrZQhS9yLFkDC
9jqo8gfOkKTXpL87Vk1jil1n7nLcDb/O4vW4/k5TK/sX1GY7zUzINk8pqpKmbIlP
/yH1VJyhi2c7WO176dTFpoh7HkdLm8AIGONuLHGzYiYJ6Diy3kExbkMFqsC1TjVk
SdFPmfihW8KzGJ4n7pqy
=lpp5
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: