Your message dated Mon, 14 May 2012 22:19:34 +0000 with message-id <E1SU3c6-00014x-GZ@franck.debian.org> and subject line Bug#668546: fixed in lintian 2.5.7 has caused the Debian Bug report #668546, regarding Add Apache2 checks to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 668546: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668546 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Add Apache2 checks
- From: Arno Töll <arno@debian.org>
- Date: Thu, 12 Apr 2012 19:20:38 +0200
- Message-id: <4F870EE6.4060604@debian.org>
Package: lintian Severity: wishlist Hi, please consider adding the following checks to Lintian. They add several checks related to reverse dependencies of Apache HTTPD server packages. I have no strong opinions about the importance and certainty of most tags. Feel free to adapt as desired if you feel like. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36DFrom 3b694d58943769159e41cc2b6db8c04b72e13a8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arno=20T=C3=B6ll?= <debian@toell.net> Date: Mon, 2 Apr 2012 19:09:40 +0200 Subject: [PATCH 1/3] Add Apache2 checks --- checks/apache2 | 271 ++++++++++++++++++++ checks/apache2.desc | 136 ++++++++++ t/tests/apache2-modules-general/debian/baz.load | 1 + .../debian/debian/control.in | 44 ++++ .../debian/debian/libapache2-mod-foo.dirs | 2 + .../debian/debian/libapache2-mod-foo.install | 4 + .../debian/debian/libapache2-mod-foo2.dirs | 2 + .../debian/debian/libapache2-mod-foo2.install | 2 + .../debian/debian/libapache2-mod-foo2.postinst | 9 + .../debian/debian/libapache2-mod-foo2.postrm | 9 + .../debian/debian/libapache2-modbaz.dirs | 2 + .../debian/debian/libapache2-modbaz.install | 2 + t/tests/apache2-modules-general/debian/foo | 1 + t/tests/apache2-modules-general/debian/foo.conf | 5 + t/tests/apache2-modules-general/debian/foo.load | 5 + t/tests/apache2-modules-general/desc | 13 + t/tests/apache2-modules-general/tags | 10 + .../debian/debian/control.in | 47 ++++ .../debian/debian/phpmyfoo.dirs | 1 + .../debian/debian/phpmyfoo.install | 1 + .../debian/debian/phpmyfoo.postinst | 11 + .../debian/debian/phpmyfoo.postrm | 8 + .../debian/debian/phpmyfoo2.dirs | 1 + .../debian/debian/phpmyfoo2.install | 2 + .../debian/debian/phpmyfoo3.dirs | 1 + .../debian/debian/phpmyfoo3.install | 1 + .../debian/local-phpmyfoo2.conf | 1 + .../debian/phpmyfoo.conf | 8 + .../debian/phpmyfoo2 | 1 + t/tests/apache2-webapplications-general/desc | 14 + t/tests/apache2-webapplications-general/tags | 13 + 31 files changed, 628 insertions(+), 0 deletions(-) create mode 100644 checks/apache2 create mode 100644 checks/apache2.desc create mode 100644 t/tests/apache2-modules-general/debian/baz.load create mode 100644 t/tests/apache2-modules-general/debian/debian/control.in create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.dirs create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.install create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.dirs create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.install create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postinst create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postrm create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.dirs create mode 100644 t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.install create mode 100644 t/tests/apache2-modules-general/debian/foo create mode 100644 t/tests/apache2-modules-general/debian/foo.conf create mode 100644 t/tests/apache2-modules-general/debian/foo.load create mode 100644 t/tests/apache2-modules-general/debian/mod_baz.so create mode 100644 t/tests/apache2-modules-general/debian/mod_foo.so create mode 100644 t/tests/apache2-modules-general/debian/mod_foo2.so create mode 100644 t/tests/apache2-modules-general/desc create mode 100644 t/tests/apache2-modules-general/tags create mode 100644 t/tests/apache2-webapplications-general/debian/debian/control.in create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.dirs create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.install create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postinst create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.dirs create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.dirs create mode 100644 t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.install create mode 100644 t/tests/apache2-webapplications-general/debian/local-phpmyfoo2.conf create mode 100644 t/tests/apache2-webapplications-general/debian/phpmyfoo.conf create mode 100644 t/tests/apache2-webapplications-general/debian/phpmyfoo2 create mode 100644 t/tests/apache2-webapplications-general/desc create mode 100644 t/tests/apache2-webapplications-general/tags diff --git a/checks/apache2 b/checks/apache2 new file mode 100644 index 0000000..3cc94ed --- /dev/null +++ b/checks/apache2 @@ -0,0 +1,271 @@ +# apache2 -- lintian check script -*- perl -*- +# +# Copyright © 2012 Arno Töll +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, you can find it on the World Wide +# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. + +package Lintian::apache2; + +use strict; +use warnings; + +use File::Basename; +use Lintian::Collect::Binary (); +use Lintian::Tags qw(tag); +use Lintian::Relation (); +use Util; + +sub run { + my $pkg = shift; + my $type = shift; + my $info = shift; + + + # Do nothing if the package in question appears to be related to + # the web server itself + return if $pkg =~ m/^apache2(:?\.2)?(?:-\w+)?$/; + + # whether the package appears to be an Apache2 module/web application + my $seen_apache2_special_file = 0; + + if ($type eq 'binary') { + foreach my $file (@{ $info->sorted_index }) { + next if $file eq ''; + my $file_info = $info->index->{$file}; + + # File is probably not relevant to us, ignore it + next if $file_info->{type} eq 'd'; + next if $file !~ m#^(?:usr/lib/apache2/modules/|etc/apache2/)#; + + + # Package installs an unrecognized file - check this for all files + if ($file !~ m#\.conf$# and $file =~ m#^(etc/apache2/(conf|site|mods)-available/(.*))$#) { + my $temp_path = $1; + my $temp_type = $2; + my $temp_file = $3; + # ... except modules which are allowed to ship .load files + tag 'apache2-configuration-files-need-conf-suffix', $temp_path + unless $temp_type eq 'mods' and $temp_file =~ m#\.load#; + } + + # Package appears to be a binary module + if ($file =~ m#^usr/lib/apache2/modules/(.*)\.so#) { + check_module_package ($pkg, $info, $1); + $seen_apache2_special_file++; + } + + # Package appears to be a web application + elsif ($file =~ m#^(etc/apache2/(conf|site)-available/(.*))$#) { + check_web_application_package ($pkg, $type, $info, $1, $2, $3); + $seen_apache2_special_file++; + } + + # Package appears to be a legacy web application + elsif ($file =~ m#^(etc/apache2/conf\.d/(.*))$#) { + tag "apache2-reverse-dependency-uses-obsolete-directory", $1; + check_web_application_package ($pkg, $type, $info, $1, 'conf', $2); + $seen_apache2_special_file++; + } + + # Package does scary things + elsif ($file =~ m#^(etc/apache2/(?:conf|sites|mods)-enabled/.*)$#) { + tag "apache2-reverse-dependency-ships-file-in-not-allowed-directory", $1; + $seen_apache2_special_file++; + } + + } + + if ($seen_apache2_special_file) { + check_maintainer_scripts ($info); + } + } +} + +sub check_web_application_package { + my ($pkg, $type, $info, $file, $pkgtype, $webapp) = @_; + + tag "non-standard-apache2-configuration-name", $webapp, " != ", "$pkg.conf" + if $webapp ne "$pkg.conf" or $webapp =~ m/^local-./; + + my $uncondep = 0; + my $datadep = 0; + + for my $type (qw/pre-depends depends recommends/) { + my $raw_dependency = $info->field ($type); + next unless $raw_dependency; + for my $dependency (split /\s*,\s*/, $raw_dependency) { + my $relation = $info->relation ($type); + # A web application must not depend on apache2-whatever + if ($dependency =~ m/\b(apache2(?:\.2)?-(?:common|data|bin))\b/) { + tag 'web-application-depends-on-apache2-data-package', $1 + unless $datadep++; + } + + # ... nor on apache2 only. Moreover, it should be in the form + # apache2 | httpd but don't worry about versions, virtual package + # don't support that + if ($relation->implies ('apache2')) { + tag 'web-application-should-not-depend-unconditionally-on-apache2', + unless $uncondep++; + } + } + } + + if (defined $info->index->{$file}) { + inspect_conf_file ($info, $pkgtype, $file); + } + +} + +sub check_module_package { + my ($pkg, $info, $module) = @_; + + # We want packages to be follow our naming scheme. Modules should be named + # libapache2-mod-<foo> if it ships a mod_foo.so + my $expected_name = 'libapache2-' . $module; + + # Package depends on apache2-api-YYYYMMDD + my $seen_api_dependency = 0; + + $expected_name =~ tr/_/-/; + if ( $expected_name ne $pkg ) { + tag 'non-standard-apache2-module-package-name', $pkg, " != ", $expected_name; + } + + for my $type (qw/pre-depends depends recommends/) { + my $raw_dependency = $info->field($type); + next unless $raw_dependency; + for my $dependency (split /\s*,\s*/, $raw_dependency) { + # no no no, do not depend on our real packages. A module must not + # depend on apache2-common or even worse apache2. + if ($dependency =~ m/\b(apache2(?:\.2)?-(?:common|data|bin))\b/) { + tag 'apache2-module-depends-on-real-apache2-package', $1; + } + # ... on the other hand, module packages must depend on + # apache2-api-YYYYMMDD + if (($type eq 'depends' or $type eq 'pre-depends') and $dependency =~ m/\bapache2-api-\d+\b/) { + $seen_api_dependency++; + } + } + } + + if (not $seen_api_dependency) { + tag 'apache2-module-does-not-depend-on-apache2-api'; + } + + # The module is called mod_foo.so, thus the load file is expected to be + # named foo.load + my $load_file = $module; + my $conf_file = $module; + $load_file =~ s#^mod.(.*)$#etc/apache2/mods-available/$1.load#; + $conf_file =~ s#^mod.(.*)$#etc/apache2/mods-available/$1.conf#; + + if (defined $info->index->{$load_file}) { + inspect_conf_file ($info, "mods", $load_file); + } else { + tag 'apache2-module-does-not-ship-load-file', $load_file; + } + + if (defined $info->index->{$conf_file}) { + inspect_conf_file ($info, "mods", $conf_file); + } + +} + + +sub check_maintainer_scripts { + my ($info) = @_; + + open my $fd, '<', 'control-scripts' or fail "cannot open lintian control-scripts file: $!"; + + while (<$fd>) + { + m/^(\S*) (.*)$/ or fail("bad line in control-scripts file: $_"); + my $interpreter = $1; + my $file = $2; + my $filename = $info->control ($file); + + # Don't follow links + next if -l $filename; + # Don't try to parse the file if it does not appear to be a shell script + next if $interpreter !~ m/sh\b/; + + open my $sfd, '<', $filename or fail "cannot open maintainer script $filename: $!"; + while (<$sfd>) { + # skip comments + next if substr ($_, 0, $-[0]) =~ /#/; + + # Do not allow reverse dependencies to call "a2enmod" and friends + # directly + if (m/\b(a2(?:en|dis)(?:conf|site|mod))\b/) { + tag 'apache2-reverse-dependency-calls-wrapper-script', $file, $1; + } + + # Do not allow reverse dependencies to call "invoke-rc.d apache2 + if (m/invoke-rc\.d\s+apache2/) { + tag 'apache2-reverse-dependency-calls-invoke-rc.d', $file; + } + + # XXX: Check whether apache2-maintscript-helper is used + # unconditionally e.g. not protected by a [ -e ], [ -x ] or so. + # That's going to be complicated. Or not possible without grammar + # parser. + } + close $sfd; + } + + close $fd; +} + + +sub inspect_conf_file { + my ($info, $conftype, $file) = @_; + + + my $filename = $info->unpacked ($file); + # Don't follow links + return if -l $filename; + open my $fd, '<', $filename or fail "cannot open configuration file $filename: $!"; + while (<$fd>) { + # only check until the first non-empty non-comment line. That follows + # the a2enmod reference implementation + last unless m/^\s*(?:#.*)?$/; + + if (m/^#\s*(Depends|Conflicts):\s+(.*?)\s*$/) { + tag 'apache2-unsupported-dependency', $file, $1 + if $1 eq 'Conflicts' and $conftype ne 'mods'; + my @dependencies = split( /[\n\s]+/, $2 ); + foreach my $dep (@dependencies) { + tag 'apache2-unparseable-dependency', $file, $dep + if $dep =~ m/\W/ or + $dep =~ /^mod\_/ or + $dep =~ m/\.(?:conf|load)/; + } + } + + } + close $fd; + +} + +1; + +# Local Variables: +# indent-tabs-mode: nil +# cperl-indent-level: 4 +# End: +# vim: syntax=perl sw=4 sts=4 sr et diff --git a/checks/apache2.desc b/checks/apache2.desc new file mode 100644 index 0000000..60ea8dc --- /dev/null +++ b/checks/apache2.desc @@ -0,0 +1,136 @@ +Check-Script: apache2 +Author: Arno Töll <debian@toell.net> +Abbrev: apache2 +Type: binary +Info: Checks various build mistakes in Apache2 reverse dependencies +Needs-Info: index, scripts, unpacked + +Tag: non-standard-apache2-module-package-name +Severity: normal +Certainty: certain +Info: The package appears to be an Apache2 HTTPD server module but it isn't + following the module naming scheme. Apache2 HTTPD modules should be called + <tt>libapache2-mod-name</tt> with <tt>mod-name</tt> being the actual + <tt>mod_name.so</tt> equivalent. + + +Tag: apache2-module-depends-on-real-apache2-package +Severity: serious +Certainty: certain +Info: The package is an Apache2 HTTPD server module but it depends on a real + Apache2 package. Binary module packages must depend on the virtual + <tt>apache2-api-YYYYMMNN</tt> package only in order to ease transitions in + future. + . + In particular, module packages must not pull the full web server or any of its + associated data packages as a depdendency. That's left to the user. + + +Tag: apache2-module-does-not-depend-on-apache2-api +Severity: serious +Certainty: certain +Info: The package is an Apache2 HTTPD server module but does not declare a + strong binary relation against the Apache2 server binary it links against. Modules + must depend on the <tt>apache2-api-YYYYMMNN</tt> package provided as a virtual + package by <tt>apache2-bin</tt>. + +Tag: apache2-module-does-not-ship-load-file +Severity: serious +Certainty: certain +Info: The package is an Apache2 HTTPD server module but does not ship a + "<tt>.load</tt>" file or it was installed under an unexpected name. The load + files in "<tt>/etc/apache2/mods-available</tt>" are required to interact with + the server package to enable and disable the module and must match the module + name without "<tt>mod_</tt> prefix, e.g. <tt>mod_foo</tt> must ship a load file + named "<tt>foo.load</tt>". + +Tag: apache2-reverse-dependency-ships-file-in-not-allowed-directory +Severity: serious +Certainty: certain +Info: The package installs a piece of Apache2 configuration to + <tt>/etc/apache2/{sites,mods,conf}-enabled</tt>. This is not allowed. Instead + the respective <tt>/etc/apache2/{sites,mods,conf}-available</tt> counterparts + must be used. + + +Tag: non-standard-apache2-configuration-name +Severity: normal +Certainty: certain +Info: The package appears to be a web application which is installing a + configuration file for the Apache2 HTTPD server. To avoid name clashes, any file + installed to <tt>/etc/apache2/{sites,conf}-availabe</tt> should match the binary package + name and must not start with <tt>local-</tt>. + + +Tag: apache2-reverse-dependency-calls-wrapper-script +Severity: normal +Certainty: certain +Info: The package is calling an Apache2 configuration wrapper script (e.g. + <tt>a2enmod</tt>, <tt>a2enconf</tt>, <tt>a2enconf</tt>, ...). Maintainer + scripts should not be calling these scripts directly. To achieve a uniform and + consolidated behavior these scripts should be invoked indirectly by using + apache2-maintscript-helper. + + +Tag: web-application-depends-on-apache2-data-package +Severity: normal +Certainty: certain +Info: The package appears to be a web application but declares a package + relation with <tt>apache2-bin</tt>, <tt>apache2-data</tt> or any of its + transitional packages. However, web applications are rarely bound to a specific + web server version. Thus, they should depend on <tt>apache2</tt> only instead. + If a web application is actually tied to a particular binary version of the web + server a dependency against the virtual <tt>apache2-api-YYYYMMDD</tt> package + is more appropriate. + +Tag: web-application-should-not-depend-unconditionally-on-apache2 +Severity: normal +Certainty: certain +Info: The package appears to be a web application but declares a dependency + against <tt>apache2</tt> without any alternative. Most web applications should + work with any decent web server, thus such a package should be satisfied if any + web server providing the virtual "<tt>httpd</tt>" package is installed. This + can be accomplished by declaring a package relation in the form "<tt>apache2 | + httpd</tt>". + +Tag: apache2-reverse-dependency-calls-invoke-rc.d +Severity: normal +Certainty: certain +Info: The package is invoking apache2's init script in its maintainer script + albeit it shouldn't do so. Reverse dependencies installing apache2 + configuration pieces should not restart the web server uncondtionally in + maintainer scripts. Instead they should be using apache2-maintscript-helper + which correctly obeys local policies. + +Tag: apache2-reverse-dependency-uses-obsolete-directory +Severity: normal +Certainty: certain +Info: The package is installing a file into the obsolete + <tt>/etc/apache2/conf.d/</tt> directory. This file is not read by the Apache2 + 2.4 web server anymore. Instead <tt>/etc/apache2/conf-available/</tt> should be + used. + +Tag: apache2-configuration-files-need-conf-suffix +Severity: important +Certainty: certain +Info: The package is installing an Apache2 configuration but that file does not + end with a '<tt>.conf</tt>' suffix. Starting with Apache2 2.4 all configuration + files except module '<tt>.load</tt>' files need that suffix or are ignored otherwise. + + +Tag: apache2-unparseable-dependency +Severity: normal +Certainty: certain +Info: The package is declaring a module dependency within an Apache + configuration file which does not meet the requirements. Dependencies must be + declared without paths, leading "<tt>mod_</tt>" prefix and without file + extension. + +Tag: apache2-unsupported-dependency +Severity: normal +Certainty: certain +Info: The package is declaring a module dependency within an Apache + configuration file which is not supported there. Dependencies are supported in + module '<tt>.load</tt>' files, and web application '<tt>.conf</tt>' files, + conflicts in '<tt>.load</tt> files only. + diff --git a/t/tests/apache2-modules-general/debian/baz.load b/t/tests/apache2-modules-general/debian/baz.load new file mode 100644 index 0000000..cb28fab --- /dev/null +++ b/t/tests/apache2-modules-general/debian/baz.load @@ -0,0 +1 @@ +LoadModule baz_module /usr/lib/apache2/modules/mod_baz.so diff --git a/t/tests/apache2-modules-general/debian/debian/control.in b/t/tests/apache2-modules-general/debian/debian/control.in new file mode 100644 index 0000000..f3d2935 --- /dev/null +++ b/t/tests/apache2-modules-general/debian/debian/control.in @@ -0,0 +1,44 @@ +Source: {$srcpkg} +Section: web +Priority: extra +Maintainer: Big Kahuna <kahuna@example.com> +Uploaders: {$author} +Standards-Version: {$standards_version} +Build-Depends: debhelper (>= 9) + +Package: libapache2-mod-foo +Architecture: {$architecture} +Depends: $\{shlibs:Depends\}, + $\{misc:Depends\}, + apache2-api-19700101 +Description: {$description} + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + +Package: libapache2-modbaz +Architecture: {$architecture} +Depends: $\{shlibs:Depends\}, + $\{misc:Depends\}, + apache2.2-common, +Description: {$description} don't care + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + To avoid duplicate description warnings this line differs. Ignore me. + +Package: libapache2-mod-foo2 +Architecture: {$architecture} +Depends: $\{shlibs:Depends\}, + $\{misc:Depends\}, + apache2-api-19700101, +Description: {$description} still don't care + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + To avoid duplicate description warnings this line differs. Still ignore me. diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.dirs b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.dirs new file mode 100644 index 0000000..871a471 --- /dev/null +++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.dirs @@ -0,0 +1,2 @@ +etc/apache2/mods-available +usr/lib/apache2/modules diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.install b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.install new file mode 100644 index 0000000..ac8f7f1 --- /dev/null +++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo.install @@ -0,0 +1,4 @@ +foo.load /etc/apache2/mods-available +foo /etc/apache2/mods-available +foo.conf /etc/apache2/mods-available +mod_foo.so /usr/lib/apache2/modules/ diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.dirs b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.dirs new file mode 100644 index 0000000..aec19ee --- /dev/null +++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.dirs @@ -0,0 +1,2 @@ +etc/apache2/mods-enabled +usr/lib/apache2/modules diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.install b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.install new file mode 100644 index 0000000..8aab3d1 --- /dev/null +++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.install @@ -0,0 +1,2 @@ +foo.conf /etc/apache2/mods-enabled +mod_foo2.so /usr/lib/apache2/modules/ diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postinst b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postinst new file mode 100644 index 0000000..8f6847d --- /dev/null +++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postinst @@ -0,0 +1,9 @@ +#! /bin/sh + +set -e + +if [ "$1" = 'configure' ] ; then + a2enmod -q foo2 +fi + +#DEBHELPER# diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postrm b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postrm new file mode 100644 index 0000000..a4c83a6 --- /dev/null +++ b/t/tests/apache2-modules-general/debian/debian/libapache2-mod-foo2.postrm @@ -0,0 +1,9 @@ +#! /bin/sh + +set -e + +if [ "$1" = 'remove' ] ; then + a2dismod -q foo2 +fi + +#DEBHELPER# diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.dirs b/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.dirs new file mode 100644 index 0000000..871a471 --- /dev/null +++ b/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.dirs @@ -0,0 +1,2 @@ +etc/apache2/mods-available +usr/lib/apache2/modules diff --git a/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.install b/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.install new file mode 100644 index 0000000..5f2e1f9 --- /dev/null +++ b/t/tests/apache2-modules-general/debian/debian/libapache2-modbaz.install @@ -0,0 +1,2 @@ +baz.load /etc/apache2/mods-available +mod_baz.so /usr/lib/apache2/modules/ diff --git a/t/tests/apache2-modules-general/debian/foo b/t/tests/apache2-modules-general/debian/foo new file mode 100644 index 0000000..2cc691e --- /dev/null +++ b/t/tests/apache2-modules-general/debian/foo @@ -0,0 +1 @@ +<irrelevant> diff --git a/t/tests/apache2-modules-general/debian/foo.conf b/t/tests/apache2-modules-general/debian/foo.conf new file mode 100644 index 0000000..bcbc503 --- /dev/null +++ b/t/tests/apache2-modules-general/debian/foo.conf @@ -0,0 +1,5 @@ +# Depends: notsupportedhere + +<Conf> + WithDirectives +</Conf> diff --git a/t/tests/apache2-modules-general/debian/foo.load b/t/tests/apache2-modules-general/debian/foo.load new file mode 100644 index 0000000..7f1659f --- /dev/null +++ b/t/tests/apache2-modules-general/debian/foo.load @@ -0,0 +1,5 @@ +# Depends: baz +# Depends: baz baz2 mod_baz3 baz4.load +# Conflicts: baz baz2 + +LoadModule foo_module /usr/lib/apache2/modules/mod_foo.so diff --git a/t/tests/apache2-modules-general/debian/mod_baz.so b/t/tests/apache2-modules-general/debian/mod_baz.so new file mode 100644 index 0000000..e69de29 diff --git a/t/tests/apache2-modules-general/debian/mod_foo.so b/t/tests/apache2-modules-general/debian/mod_foo.so new file mode 100644 index 0000000..e69de29 diff --git a/t/tests/apache2-modules-general/debian/mod_foo2.so b/t/tests/apache2-modules-general/debian/mod_foo2.so new file mode 100644 index 0000000..e69de29 diff --git a/t/tests/apache2-modules-general/desc b/t/tests/apache2-modules-general/desc new file mode 100644 index 0000000..420a0e3 --- /dev/null +++ b/t/tests/apache2-modules-general/desc @@ -0,0 +1,13 @@ +Testname: apache2-modules-general +Sequence: 6000 +Version: 1.0 +Description: Several tests related to Apache2 module packages +Test-For: + apache2-module-depends-on-real-apache2-package + apache2-module-does-not-depend-on-apache2-api + non-standard-apache2-module-package-name + apache2-module-does-not-ship-load-file + apache2-reverse-dependency-ships-file-in-not-allowed-directory + apache2-reverse-dependency-calls-wrapper-script + apache2-configuration-files-need-conf-suffix + apache2-unparseable-dependency diff --git a/t/tests/apache2-modules-general/tags b/t/tests/apache2-modules-general/tags new file mode 100644 index 0000000..4dd3da0 --- /dev/null +++ b/t/tests/apache2-modules-general/tags @@ -0,0 +1,10 @@ +E: libapache2-mod-foo2: apache2-module-does-not-ship-load-file etc/apache2/mods-available/foo2.load +E: libapache2-mod-foo2: apache2-reverse-dependency-ships-file-in-not-allowed-directory etc/apache2/mods-enabled/foo.conf +E: libapache2-mod-foo: apache2-configuration-files-need-conf-suffix etc/apache2/mods-available/foo +E: libapache2-modbaz: apache2-module-depends-on-real-apache2-package apache2.2-common +E: libapache2-modbaz: apache2-module-does-not-depend-on-apache2-api +W: libapache2-mod-foo2: apache2-reverse-dependency-calls-wrapper-script postinst a2enmod +W: libapache2-mod-foo2: apache2-reverse-dependency-calls-wrapper-script postrm a2dismod +W: libapache2-mod-foo: apache2-unparseable-dependency etc/apache2/mods-available/foo.load baz4.load +W: libapache2-mod-foo: apache2-unparseable-dependency etc/apache2/mods-available/foo.load mod_baz3 +W: libapache2-modbaz: non-standard-apache2-module-package-name libapache2-modbaz != libapache2-mod-baz diff --git a/t/tests/apache2-webapplications-general/debian/debian/control.in b/t/tests/apache2-webapplications-general/debian/debian/control.in new file mode 100644 index 0000000..0b5ffd8 --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/debian/control.in @@ -0,0 +1,47 @@ +Source: {$srcpkg} +Section: web +Priority: extra +Maintainer: Big Kahuna <kahuna@example.com> +Uploaders: {$author} +Standards-Version: {$standards_version} +Build-Depends: debhelper (>= 9) + +Package: phpmyfoo +Architecture: {$architecture} +Depends: $\{shlibs:Depends\}, + $\{misc:Depends\}, + apache2, + apache2-bin +Description: {$description} + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + +Package: phpmyfoo2 +Architecture: {$architecture} +Depends: $\{shlibs:Depends\}, + $\{misc:Depends\}, + apache2 | httpd +Description: {$description} - ignore me + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + Ignore me. + +Package: phpmyfoo3 +Architecture: {$architecture} +Depends: $\{shlibs:Depends\}, + $\{misc:Depends\}, + apache2 | lighttpd | httpd +Description: {$description} - another ignore me + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + Yet another ignore me. + + diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.dirs b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.dirs new file mode 100644 index 0000000..31e10a9 --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.dirs @@ -0,0 +1 @@ +etc/apache2/conf-available diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.install b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.install new file mode 100644 index 0000000..2789400 --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.install @@ -0,0 +1 @@ +phpmyfoo.conf /etc/apache2/conf-available diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postinst b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postinst new file mode 100644 index 0000000..c4a1988 --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postinst @@ -0,0 +1,11 @@ +#! /bin/sh + +set -e + +if [ "$1" = 'configure' ] ; then + a2enconf -q phpmyfoo +fi + +invoke-rc.d apache2 reload + +#DEBHELPER# diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm new file mode 100644 index 0000000..2fffaab --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm @@ -0,0 +1,8 @@ +if [ "$1" = 'configure' ] ; then + a2disconf -q phpmyfoo +fi + +invoke-rc.d apache2 reload + +#DEBHELPER# + diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.dirs b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.dirs new file mode 100644 index 0000000..31e10a9 --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.dirs @@ -0,0 +1 @@ +etc/apache2/conf-available diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install new file mode 100644 index 0000000..d47d625 --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install @@ -0,0 +1,2 @@ +phpmyfoo2 /etc/apache2/conf-available +local-phpmyfoo2.conf /etc/apache2/conf-available diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.dirs b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.dirs new file mode 100644 index 0000000..e9286b0 --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.dirs @@ -0,0 +1 @@ +etc/apache2/conf.d/ diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.install b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.install new file mode 100644 index 0000000..30fb624 --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo3.install @@ -0,0 +1 @@ +phpmyfoo.conf /etc/apache2/conf.d/ diff --git a/t/tests/apache2-webapplications-general/debian/local-phpmyfoo2.conf b/t/tests/apache2-webapplications-general/debian/local-phpmyfoo2.conf new file mode 100644 index 0000000..2cc691e --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/local-phpmyfoo2.conf @@ -0,0 +1 @@ +<irrelevant> diff --git a/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf b/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf new file mode 100644 index 0000000..783c00a --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf @@ -0,0 +1,8 @@ +# Depends: bar bar2.conf +# Conflicts: notsupportedhere + +Alias /foo /usr/share/foo + +<Directory /usr/share/foo> + WebAppConf +</Directory> diff --git a/t/tests/apache2-webapplications-general/debian/phpmyfoo2 b/t/tests/apache2-webapplications-general/debian/phpmyfoo2 new file mode 100644 index 0000000..2cc691e --- /dev/null +++ b/t/tests/apache2-webapplications-general/debian/phpmyfoo2 @@ -0,0 +1 @@ +<irrelevant> diff --git a/t/tests/apache2-webapplications-general/desc b/t/tests/apache2-webapplications-general/desc new file mode 100644 index 0000000..cd17788 --- /dev/null +++ b/t/tests/apache2-webapplications-general/desc @@ -0,0 +1,14 @@ +Testname: apache2-webapplications-general +Sequence: 6000 +Version: 1.0 +Description: Several tests related to Apache2 web application packages +Test-For: + non-standard-apache2-configuration-name + apache2-reverse-dependency-calls-invoke-rc.d + apache2-reverse-dependency-calls-wrapper-script + web-application-depends-on-apache2-data-package + web-application-should-not-depend-unconditionally-on-apache2 + apache2-reverse-dependency-uses-obsolete-directory + apache2-configuration-files-need-conf-suffix + apache2-unsupported-dependency + apache2-unparseable-dependency diff --git a/t/tests/apache2-webapplications-general/tags b/t/tests/apache2-webapplications-general/tags new file mode 100644 index 0000000..86f71fb --- /dev/null +++ b/t/tests/apache2-webapplications-general/tags @@ -0,0 +1,13 @@ +E: phpmyfoo2: apache2-configuration-files-need-conf-suffix etc/apache2/conf-available/phpmyfoo2 +W: phpmyfoo2: non-standard-apache2-configuration-name local-phpmyfoo2.conf != phpmyfoo2.conf +W: phpmyfoo2: non-standard-apache2-configuration-name phpmyfoo2 != phpmyfoo2.conf +W: phpmyfoo3: apache2-reverse-dependency-uses-obsolete-directory etc/apache2/conf.d/phpmyfoo.conf +W: phpmyfoo3: apache2-unparseable-dependency etc/apache2/conf.d/phpmyfoo.conf bar2.conf +W: phpmyfoo3: apache2-unsupported-dependency etc/apache2/conf.d/phpmyfoo.conf Conflicts +W: phpmyfoo3: non-standard-apache2-configuration-name phpmyfoo.conf != phpmyfoo3.conf +W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postinst +W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postinst a2enconf +W: phpmyfoo: apache2-unparseable-dependency etc/apache2/conf-available/phpmyfoo.conf bar2.conf +W: phpmyfoo: apache2-unsupported-dependency etc/apache2/conf-available/phpmyfoo.conf Conflicts +W: phpmyfoo: web-application-depends-on-apache2-data-package apache2-bin +W: phpmyfoo: web-application-should-not-depend-unconditionally-on-apache2 -- 1.7.9.1From 7d925c497d9f58e43caca1e8907f9b5f1142995e Mon Sep 17 00:00:00 2001 From: Stefan Fritsch <sf@sfritsch.de> Date: Sun, 8 Apr 2012 19:55:54 +0200 Subject: [PATCH 2/3] Add description for deprecated configiguration options --- checks/apache2.desc | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/checks/apache2.desc b/checks/apache2.desc index 60ea8dc..2112d62 100644 --- a/checks/apache2.desc +++ b/checks/apache2.desc @@ -134,3 +134,13 @@ Info: The package is declaring a module dependency within an Apache module '<tt>.load</tt>' files, and web application '<tt>.conf</tt>' files, conflicts in '<tt>.load</tt> files only. +Tag: apache2-deprecated-auth-config +Severity: normal +Certainty: certain +Info: The package is using some of the deprecated auth configuration + directives Order, Satisfy, Allow, Deny, <Limit>, or <LimitExcept>. + These do not integrate well with the new authorization scheme of Apache + 2.4 and, in the case of <Limit> and <LimitExcept>, have confusing + semantics. The configuration directives should be replaced with a suitable + combination of <RequireAll>, <RequireAny>, Require all, Require local, + Require ip, and Require method. -- 1.7.9.1From 7fe22a9fecb53e6867f3ee8208de9b13a1d63681 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arno=20T=C3=B6ll?= <debian@toell.net> Date: Mon, 9 Apr 2012 22:54:23 +0200 Subject: [PATCH 3/3] * Implement apache2-deprecated-auth-config tag * add a test case for apache2-deprecated-auth-config * Use the new Lintian::Relation system to parse dependencies --- checks/apache2 | 39 +++++++------------- checks/apache2.desc | 9 +++-- .../debian/phpmyfoo.conf | 5 +++ t/tests/apache2-webapplications-general/desc | 1 + t/tests/apache2-webapplications-general/tags | 6 +++ 5 files changed, 31 insertions(+), 29 deletions(-) diff --git a/checks/apache2 b/checks/apache2 index 3cc94ed..a1a989a 100644 --- a/checks/apache2 +++ b/checks/apache2 @@ -26,8 +26,8 @@ use warnings; use File::Basename; use Lintian::Collect::Binary (); use Lintian::Tags qw(tag); -use Lintian::Relation (); -use Util; +use Lintian::Relation qw(:constants); +use Lintian::Util; sub run { my $pkg = shift; @@ -138,32 +138,18 @@ sub check_module_package { # libapache2-mod-<foo> if it ships a mod_foo.so my $expected_name = 'libapache2-' . $module; - # Package depends on apache2-api-YYYYMMDD - my $seen_api_dependency = 0; - $expected_name =~ tr/_/-/; if ( $expected_name ne $pkg ) { tag 'non-standard-apache2-module-package-name', $pkg, " != ", $expected_name; } - for my $type (qw/pre-depends depends recommends/) { - my $raw_dependency = $info->field($type); - next unless $raw_dependency; - for my $dependency (split /\s*,\s*/, $raw_dependency) { - # no no no, do not depend on our real packages. A module must not - # depend on apache2-common or even worse apache2. - if ($dependency =~ m/\b(apache2(?:\.2)?-(?:common|data|bin))\b/) { - tag 'apache2-module-depends-on-real-apache2-package', $1; - } - # ... on the other hand, module packages must depend on - # apache2-api-YYYYMMDD - if (($type eq 'depends' or $type eq 'pre-depends') and $dependency =~ m/\bapache2-api-\d+\b/) { - $seen_api_dependency++; - } - } + my $strong = $info->relation ('strong'); + my $wrec = Lintian::Relation->and ($strong, $info->relation ('recommends')); + my $package_name = $wrec->visit( sub { return $_ if m/^(apache2(?:\.2)?-(?:common|data|bin))$/; return undef; }, VISIT_STOP_FIRST_MATCH ); + if ($package_name) { + tag 'apache2-module-depends-on-real-apache2-package', $package_name; } - - if (not $seen_api_dependency) { + if (! $strong->matches (qr/^apache2-api-\d+$/, VISIT_OR_CLAUSE_FULL )) { tag 'apache2-module-does-not-depend-on-apache2-api'; } @@ -241,9 +227,12 @@ sub inspect_conf_file { return if -l $filename; open my $fd, '<', $filename or fail "cannot open configuration file $filename: $!"; while (<$fd>) { - # only check until the first non-empty non-comment line. That follows - # the a2enmod reference implementation - last unless m/^\s*(?:#.*)?$/; + + for my $directive ('Order', 'Satisfy', 'Allow', 'Deny', '<(|/)Limit.*?>', '<(|/)LimitExcept.*?>') { + if (m/($directive)/) { + tag 'apache2-deprecated-auth-config', $1; + } + } if (m/^#\s*(Depends|Conflicts):\s+(.*?)\s*$/) { tag 'apache2-unsupported-dependency', $file, $1 diff --git a/checks/apache2.desc b/checks/apache2.desc index 2112d62..d917576 100644 --- a/checks/apache2.desc +++ b/checks/apache2.desc @@ -137,10 +137,11 @@ Info: The package is declaring a module dependency within an Apache Tag: apache2-deprecated-auth-config Severity: normal Certainty: certain -Info: The package is using some of the deprecated auth configuration - directives Order, Satisfy, Allow, Deny, <Limit>, or <LimitExcept>. +Info: The package is using some of the deprecated authentication configuration + directives Order, Satisfy, Allow, Deny, <Limit> or <LimitExcept> + . These do not integrate well with the new authorization scheme of Apache - 2.4 and, in the case of <Limit> and <LimitExcept>, have confusing + 2.4 and, in the case of <Limit> and <LimitExcept> have confusing semantics. The configuration directives should be replaced with a suitable - combination of <RequireAll>, <RequireAny>, Require all, Require local, + combination of <RequireAll>, <RequireAny>, Require all, Require local, Require ip, and Require method. diff --git a/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf b/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf index 783c00a..32e42f2 100644 --- a/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf +++ b/t/tests/apache2-webapplications-general/debian/phpmyfoo.conf @@ -5,4 +5,9 @@ Alias /foo /usr/share/foo <Directory /usr/share/foo> WebAppConf + <Limit POST PUT DELETE> + Order deny, allow + Require valid-user + </Limit> </Directory> + diff --git a/t/tests/apache2-webapplications-general/desc b/t/tests/apache2-webapplications-general/desc index cd17788..0ba9ba0 100644 --- a/t/tests/apache2-webapplications-general/desc +++ b/t/tests/apache2-webapplications-general/desc @@ -12,3 +12,4 @@ Test-For: apache2-configuration-files-need-conf-suffix apache2-unsupported-dependency apache2-unparseable-dependency + apache2-deprecated-auth-config diff --git a/t/tests/apache2-webapplications-general/tags b/t/tests/apache2-webapplications-general/tags index 86f71fb..3f52402 100644 --- a/t/tests/apache2-webapplications-general/tags +++ b/t/tests/apache2-webapplications-general/tags @@ -1,10 +1,16 @@ E: phpmyfoo2: apache2-configuration-files-need-conf-suffix etc/apache2/conf-available/phpmyfoo2 W: phpmyfoo2: non-standard-apache2-configuration-name local-phpmyfoo2.conf != phpmyfoo2.conf W: phpmyfoo2: non-standard-apache2-configuration-name phpmyfoo2 != phpmyfoo2.conf +W: phpmyfoo3: apache2-deprecated-auth-config </Limit> +W: phpmyfoo3: apache2-deprecated-auth-config <Limit POST PUT DELETE> +W: phpmyfoo3: apache2-deprecated-auth-config Order W: phpmyfoo3: apache2-reverse-dependency-uses-obsolete-directory etc/apache2/conf.d/phpmyfoo.conf W: phpmyfoo3: apache2-unparseable-dependency etc/apache2/conf.d/phpmyfoo.conf bar2.conf W: phpmyfoo3: apache2-unsupported-dependency etc/apache2/conf.d/phpmyfoo.conf Conflicts W: phpmyfoo3: non-standard-apache2-configuration-name phpmyfoo.conf != phpmyfoo3.conf +W: phpmyfoo: apache2-deprecated-auth-config </Limit> +W: phpmyfoo: apache2-deprecated-auth-config <Limit POST PUT DELETE> +W: phpmyfoo: apache2-deprecated-auth-config Order W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postinst W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postinst a2enconf W: phpmyfoo: apache2-unparseable-dependency etc/apache2/conf-available/phpmyfoo.conf bar2.conf -- 1.7.9.1Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: 668546-close@bugs.debian.org
- Subject: Bug#668546: fixed in lintian 2.5.7
- From: Niels Thykier <niels@thykier.net>
- Date: Mon, 14 May 2012 22:19:34 +0000
- Message-id: <E1SU3c6-00014x-GZ@franck.debian.org>
Source: lintian Source-Version: 2.5.7 We believe that the bug you reported is fixed in the latest version of lintian, which is due to be installed in the Debian FTP archive: lintian_2.5.7.dsc to main/l/lintian/lintian_2.5.7.dsc lintian_2.5.7.tar.gz to main/l/lintian/lintian_2.5.7.tar.gz lintian_2.5.7_all.deb to main/l/lintian/lintian_2.5.7_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 668546@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niels Thykier <niels@thykier.net> (supplier of updated lintian package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 14 May 2012 23:45:08 +0200 Source: lintian Binary: lintian Architecture: source all Version: 2.5.7 Distribution: unstable Urgency: low Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org> Changed-By: Niels Thykier <niels@thykier.net> Description: lintian - Debian package checker Closes: 614034 628189 648777 649277 649852 650536 657402 660845 663516 664061 664471 664600 666207 666765 668546 671024 671537 672615 Changes: lintian (2.5.7) unstable; urgency=low . * Summary of tag changes: + Added: - apache2-configuration-files-need-conf-suffix - apache2-deprecated-auth-config - apache2-module-depends-on-real-apache2-package - apache2-module-does-not-depend-on-apache2-api - apache2-module-does-not-ship-load-file - apache2-reverse-dependency-calls-invoke-rc.d - apache2-reverse-dependency-calls-wrapper-script - apache2-reverse-dependency-ships-file-in-not-allowed-directory - apache2-reverse-dependency-uses-obsolete-directory - apache2-unparseable-dependency - apache2-unsupported-dependency - diff-contains-quilt-control-dir - hardening-no-fortify-functions - hardening-no-relro - hardening-no-stackprotector - non-standard-apache2-configuration-name - non-standard-apache2-module-package-name - rc-version-greater-than-expected-version - udeb-uses-unsupported-compression-for-data-tarball - web-application-depends-on-apache2-data-package - web-application-should-not-depend-unconditionally-on-apache2 + Removed: - ancient-dpkg-long-filenames-check - ancient-dpkg-predepends-check - bad-ubuntu-distribution-in-changes-file - binary-nmu-uses-old-version-style - debian-control-with-duplicate-fields - doc-base-file-references-usr-doc - duplicate-fields-in-templates - manpage-for-non-x11-binary-in-wrong-directory - manpage-for-x11-binary-in-wrong-directory - missing-dependency-on-install-info - obsolete-field - old-app-defaults-directory - old-style-copyright-file - old-style-example-dir - package-installs-file-to-usr-x11r6-bin - package-installs-font-to-usr-x11r6 - package-uses-obsolete-file - postinst-should-not-set-usr-doc-link - raster-image-in-scalable-directory - udeb-uses-non-gzip-data-tarball - x11-games-should-be-in-usr-games . * checks/*: + [NT] Remove some old tags that are no longer useful. (Closes: #663516) + [NT] Migrate to sorted_index from sorted_file_info. + [NT] Explicitly import needed subs from L::Util. * checks/apache2{,.desc}: + [NT] New files to check for apache2 related packages. Thanks to Arno Töll and Stefan Fritsch for the patches. (Closes: #668546) + [NT] This check is not enabled by default. It can be used via the debian/extra-apache2 profile. * checks/binaries{,.desc}: + [NT] Move embedded library data to a data file. + [NT] Add ELF hardening checks. Thanks to Kees Cook for report and the patches. (Closes: 650536) + [NT] Replace architecture tables with data files. + [JW] Check for missing Python3 numpy ABI dependency. (Closes: #671024) * checks/changelog-file: + [NT] Output the correct line number for the "line-too-long" tag. Thanks to Arno Töll for the report. (Closes: #657402) * checks/changes-file{,.desc}: + [NT] Remove Ubuntu specific handling of distribution names. Instead replace it with a more generalized one that derivatives can reuse by extending vendor specific data files. Thanks to Daniel Dehennin for the suggestion. (Closes: #648777) * checks/control-file: + [NT] Rewrote parts to use Lintian::Collect for fetching data. * checks/cruft{,.desc}: + [NT] Check for quilt control dirs in the debian packaging files. * checks/deb-format{,.desc}: + [NT] Replace old udeb compression tag with a more general one. (Closes: #664600) + [NT] Remove logic for checking if a deb is meant for Ubuntu. Instead unconditionally emit the tag and let the vendor profiles handle it. * checks/debconf: + [NT] Special case debconf providers for purge-debconf tag. Generally they cannot use db_purge in postrm (for obvious reasons), so the tag will be a false-positive in such cases. * checks/fields{,.desc}: + [NT] Add devref reference. + [NT] Remove special handling of the Ubuntu specific field, "original-maintainer". This field is now handled by vendor specific data files. (Closes: #649852) + [JW,NT] Check for common mistakes with preview release and release candidate versions. For non-native packages, this check is only done on initial uploads of new upstream releases. Thanks to Stefano Rivera and Julian Taylor for their additional suggestions. (Closes: #649277) * checks/filename-length.desc: + [ADB, NT] Reword description of package-has-long-file-name. Thanks to Andreas Beckmann for suggestion. * checks/files{,.desc}: + [NT] Remove "manual" lazy loads of data files. + [NT] Remove code for the uses-FHS-doc-dir tag. + [NT] Extend icon checks to all icon directories and look for raster images in "scalable" icon directories. Thanks to Paul Wise for the report and Felix Geyer for the patches. (Closes: #628189) * checks/group-checks: + [NT] Include Provides when checking for conflict relations. Thanks to Damyan Ivanov for the report. (Closes: #672615) * checks/java: + [NT] Ignore "codeless" jars if they appear to be maven javadoc jars. Thanks to Ludovic Claude for the patch. (Closes: #660845) * checks/lintian.desc: + [NT] Updated the description of the override tags. * checks/manpages{,.desc}: + [RA] Detect hyphen used as minus sign following a groff \f[C] font change. Thanks, Iustin Pop. (Closes: #664471) * checks/menu-format: + [NT] Move menu section lists into a data file. + [NT] If a package is missing a menu icon, check its direct strong dependencies built from the same source (if any) for the icon. This fixes false-positives menu-icon-missing in some cases. * checks/menus{,.desc}: + [NT] Remove "manual" lazy load of data file. * checks/nmu: + [NT] Remove Ubuntu specific code to handle their (lack of) NMUs. These tags are instead suppressed by the Ubuntu profile. * chekcs/rules: + [NT] Fix false-positive "ignores-make-clean-error" tag caused by using make with -C and a dir containing the letter "i". Thanks to Tobias Hansen for the report. (Closes: #671537) * checks/scripts{,.desc}: + [NT] Mention devref 6.4 in command-with-path-in-maintainer-script. Thanks to Arno Töll for the patch. + [NT] Do not emit unusual-interpreter if the package provides the interpreter itself. + [NT] Ignore the lack of exec bit on th debconf shell modules. * checks/standards-version.desc: + [NT] Add references to the Policy upgrading checklist. Thanks to Simon Paillard for the patch. . * collection/*: + [NT] Use Lintian::Collect to access the package index. * collection/bin-pkg-control{,.desc}: + [NT] Compress control-index file and bump version of bin-pkg-control. * collection/copyright-file: + [NT] Remove code to look for old-style copyright file. * collection/file-info{,.desc}: + [NT] Compress file-info output and bump version of file-info. * collection/hardening-info{,.desc}: + [NT] New files. Thanks to Kees Cook for the patch. * collection/index{,.desc}: + [NT] Compress index output and bump version of index. * collection/java-info{,.desc}: + [NT] Compress java-info output and bump version of java-info. * collection/objdump-info: + [NT] Use "fail" from Lintian::Util.pm rather than embedding a copy of it. + [NT] Use Lintian::Collect to find ELF files. + [NT] Replace all usage of objdump with readelf. (Closes: #614034) + [NT] Compress objdump-info output and bump version of objdump-info. * collection/strings{,.desc}: + [NT] Compress strings output and bump version of strings. . * data: + [NT] Move to vendors/debian/ftp-master-auto-reject and replace it with a symlink. * data/binaries/{arch-{64bit-equivs,regex},hardening-tags}: + [NT] New file. * data/binaries/embedded-libs: + [NT] New file. + [NT] Add libav libraries. Thanks to Andres Mejia for the suggestion and the suggested patch. (Closes: #666765) * data/changes-file/{debian-dists -> known-dists}: + [NT] Renamed file. * data/menu-format/menu-sections: + [NT] New file. . * debian/changelog: + [NT] Amend the 2.5.5 to mention that it also added the tag binaries-have-file-conflict. . * frontend/lintian: + [JW] Fix typo in error message. + [JW,NT] Fix handling of "override" option in the lintianrc file. (Closes: #666207) . * lib/Lintian/Architecture.pm: + [NT] Lazily evaluate the data file. * lib/Lintian/Collect/Package.pm: + [NT] Remove an extra level of quoting in index. + [NT] Remove root dir from sorted_index. + [NT] Keep trailing slash in dir names for file_info. * lib/Lintian/Collect/Binary.pm: + [NT] Remove sorted_file_info as sorted_index now produces an identical list. * lib/Lintian/Data.pm: + [NT] Lazily load data files. + [NT] Allow pre-process sub to alter existing value for a key by passing the previous value as third argument. + [NT] Allow vendor specific data files. They will be loaded from LINTIAN_ROOT/vendors/$profile/data. * lib/Lintian/Output{,/*}.pm: + [NT] Replace non-printables with "?" in output. * lib/Lintian/Profile.pm: + [NT] Normalize profile name and replace "parents" with "profile_list". The latter also includes the current profile name. * lib/Lintian/Tag/Info.pm: + [NT] Use Lintian::Data to load the manual-references data file instead using an ad-hoc parser. * lib/{Text_utils => Lintian/Tag/TextUtil}.pm: + [NT] Renamed module. * lib/{Util => Lintian/Util}.pm: + [NT] Renamed Util to Lintian::Util. + [JW] Consider duplicate fields a syntax error in dctrl files. Previously, duplicate fields were silently ignored (except when a separate tag would check for it). (Closes: #664061) + [NT] Stop exported a majority of all subs by default. . * profiles/ubuntu/main.profile: + [NT] Add a number of NMU related tags to the list of disabled tags. . * vendors/ubuntu/main/data/changes-file/known-dists: + [NT] New file based on data/changes-file/ubuntu-dists. + [ADB] Add "quantal" (Quetzal) * vendors/ubuntu/main/data/common/source-fields: + [NT] New file. * vendors/ubuntu/main/data/fields/{binary,udeb}-fields: + [NT] New files. Checksums-Sha1: 0b03babd3aa8571eb0af02af768f7c4fade12fbd 2462 lintian_2.5.7.dsc 3af1c36dbe4ae3dc7b70aa375107928c28c8555f 1087847 lintian_2.5.7.tar.gz 2ebf64764da8e9b03cea8555ec6db1cf5da38f59 692506 lintian_2.5.7_all.deb Checksums-Sha256: 0dd400eff2da35e2e1b39370a0edf8a918ce3e3cdd68b6be2fcb53ae8a143e5f 2462 lintian_2.5.7.dsc c56d7550e10acb7672708911c7636611d128ab7ec3eded8e70035737581f1a26 1087847 lintian_2.5.7.tar.gz 5fd3554d5e76aa70334a4a56f87c75fe6a287b9723d64330621d7a423fffb2a0 692506 lintian_2.5.7_all.deb Files: ab60445e9f6618d0b9349dbc8e3455c3 2462 devel optional lintian_2.5.7.dsc ec47bdf0735e61fffd0a582cd76cdb74 1087847 devel optional lintian_2.5.7.tar.gz af45b86b4b0a254ab0cb46fab4de2bbf 692506 devel optional lintian_2.5.7_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPsYILAAoJEAVLu599gGRCaAEQAIs32SOJUFQMhKA5KMyPX7Ps Xr74WsCkSbyw5/klXdzkiFkf7mgcpuonYCBucTqRFWqyRCbtFPBtuogR8JSXyuG6 XvI4nOrKmkIGRGj2vnIyL1Jm/oaJZv4gkZBqRNKpQGpTuTk57yqmnl3TzXXDydh8 /HeOzE66XpCGBVqOygbBltQHPKXGE6U0O/h6pwwOglrsiW0/rV0AAY+pbk62TJxx 3NPZjlORSSJLtVgM+EZ1zKY4t+KdmqTXqpGyVhiMhs2u9FKnG3oCUlfPS+2kWFKq ZDdAD016a5CAH5xcUf3uNujlzuwFDgqjzCGG9c1oH8esvgL+nPKwBiaAeP1/AOTO aBQRERq4fo41SPFMcq8F5AtHw6AaEfKS5iJ/kSUds+8lI26alCezIRLL1TpbhrqV /LzLfKbp1aERek00kXr9K/P6Ke3ZCXMvdMqAGBvNvlThmPP0eG7H3IUE6yrHacvi UAbOjCGSMpJVrAeQ3zXKjFNUwYQ0Ykjqw9gWaWSbpo3RPAzmugBDrZQhS9yLFkDC 9jqo8gfOkKTXpL87Vk1jil1n7nLcDb/O4vW4/k5TK/sX1GY7zUzINk8pqpKmbIlP /yH1VJyhi2c7WO176dTFpoh7HkdLm8AIGONuLHGzYiYJ6Diy3kExbkMFqsC1TjVk SdFPmfihW8KzGJ4n7pqy =lpp5 -----END PGP SIGNATURE-----
--- End Message ---