--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Allow and recommend sha256sums control file
- From: Frank Lin PIAT <fpiat@klabs.be>
- Date: Mon, 08 Mar 2010 21:10:12 +0100
- Message-id: <1268079012.21347.10858.camel@solid.paris.klabs.be>
Package: lintian
Tags: patch
Hello,
As discussed on debian-devel[1], md5sum is not secure anymore and no one
should rely on it for security purposes (which some people do).
Please find a patch attached that allow (and recommends) to provide
sha256sums. (During a "transition period", we encourage people to
provide both SHA and MD5, so existing setup don't get broken).
The overall status of enabling SHA256 is tracked on the page[2].
Your feedback is welcome (feel free to hack my patch as appropriate),
Thanks,
Franklin
[1] http://lists.debian.org/debian-devel/2010/03/msg00038.html
[2] http://wiki.debian.org/Sha256sumsInPackages
>From b6566aebe1bc44eaf6339e779ebed09da8a2b835 Mon Sep 17 00:00:00 2001
From: Frank Lin PIAT <fpiat@klabs.be>
Date: Mon, 8 Mar 2010 19:02:22 +0100
Subject: [PATCH] Allow and recommend sha256sums
---
checks/control-files | 1 +
checks/sha256sums | 124 +++++++++++++++++++++++++++
checks/sha256sums.desc | 63 ++++++++++++++
collection/sha256sums | 59 +++++++++++++
collection/sha256sums.desc | 7 ++
data/debhelper/dh_commands | 1 +
t/COVERAGE | 6 ++
t/debs/deb-format-ancient-file/Makefile | 5 +-
t/debs/deb-format-extra-member/Makefile | 5 +-
t/debs/deb-format-lzma/Makefile | 5 +-
t/debs/deb-format-record-size/Makefile | 5 +-
t/debs/deb-format-wrong-order/Makefile | 5 +-
t/debs/description-synopsis-spaces/Makefile | 5 +-
t/debs/fields-malformed-source/Makefile | 5 +-
t/debs/fields-obsolete-relation/Makefile | 5 +-
testset/binary/debian/rules | 3 +-
testset/etcfiles/debian/rules | 17 ++++
testset/tags.binary | 2 +
testset/tags.etcfiles | 5 +
testset/tags.filenames | 3 +
testset/tags.foo++ | 1 +
testset/tags.libbaz | 5 +
testset/tags.maintainer-scripts | 1 +
testset/tags.scripts | 1 +
24 files changed, 322 insertions(+), 17 deletions(-)
create mode 100644 checks/sha256sums
create mode 100644 checks/sha256sums.desc
create mode 100755 collection/sha256sums
create mode 100644 collection/sha256sums.desc
diff --git a/checks/control-files b/checks/control-files
index 5a42c77..4bd12f2 100644
--- a/checks/control-files
+++ b/checks/control-files
@@ -34,6 +34,7 @@ my %ctrl_deb =
postrm => 0755,
prerm => 0755,
shlibs => 0644,
+ sha256sums => 0644,
symbols => 0644,
templates => 0644,
triggers => 0644);
diff --git a/checks/sha256sums b/checks/sha256sums
new file mode 100644
index 0000000..91584d3
--- /dev/null
+++ b/checks/sha256sums
@@ -0,0 +1,124 @@
+# sha256sums -- lintian check script -*- perl -*-
+
+# Copyright (C) 1998 Christian Schwarz and Richard Braakman
+# Copyright (C) 2010 Frank Lin PIAT
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, you can find it on the World Wide
+# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package Lintian::sha256sums;
+use strict;
+
+use Lintian::Tags qw(tag);
+use Util;
+
+sub run {
+
+my $pkg = shift;
+my $type = shift;
+
+my $control = "control/sha256sums";
+
+my %control_entry;
+my %info_entry;
+my %conffile;
+
+# read in sha256sums info file
+open(C, '<', "sha256sums") or fail("cannot open sha256sums info file: $!");
+while (<C>) {
+ chop;
+ next if m/^\s*$/;
+ m/^(\S+)\s*(\S.*)$/ or fail("syntax error in sha256sums info file: $_");
+ my $zzsum = $1;
+ my $zzfile = $2;
+ $zzfile =~ s,^(\./)?,,;
+ $info_entry{$zzfile} = $zzsum;
+}
+close(C);
+
+# read in conffiles
+if (-f "control/conffiles") {
+ open(C, '<', "control/conffiles")
+ or fail("cannot open control file conffiles: $!");
+ while (<C>) {
+ chop;
+ next if m/^\s*$/;
+ s,^/,,;
+ $conffile{$_} = 1;
+ }
+ close(C);
+}
+
+# Is there a sha256sums control file?
+unless (-f $control) {
+ # ignore if package contains no files
+ return 0 if -z "sha256sums";
+
+ # check if package contains non-conffiles
+ # debhelper doesn't create entries in sha256sums
+ # for conffiles since this information would
+ # be redundant
+ my $only_conffiles = 1;
+ foreach my $file (keys %info_entry) {
+ unless ($conffile{$file}) {
+ $only_conffiles = 0;
+ last;
+ }
+ }
+
+ tag "no-sha256sums-control-file", "" unless $only_conffiles;
+ return 0;
+}
+
+# Is it empty? Then skip it. Tag will be issued by control-files
+if (-z $control) {
+ return 0;
+}
+
+# read in sha256sums control file
+open(C, '<', $control)
+ or fail("cannot open sha256sums control file $control: $!");
+while (<C>) {
+ chop;
+ next if m/^\s*$/;
+ if (m{^([a-f0-9]+)\s*(?:\./)?(\S.*)$} && length($1) == 64) {
+ $control_entry{$2} = $1;
+ } else {
+ tag "malformed-sha256sums-control-file", "line $.";
+ }
+}
+close(C);
+
+for my $file (keys %control_entry) {
+
+ if (not exists $info_entry{$file}) {
+ tag "sha256sums-lists-nonexisting-file", "$file";
+ } elsif ($info_entry{$file} ne $control_entry{$file}) {
+ tag "sha256sum-mismatch", "$file";
+ }
+
+ delete $info_entry{$file};
+}
+for my $file (keys %info_entry) {
+ tag "file-missing-in-sha256sums", "$file"
+ unless ($conffile{$file} || $file =~ m%^var/lib/[ai]spell/.%);
+}
+
+}
+
+1;
+
+# vim: syntax=perl
diff --git a/checks/sha256sums.desc b/checks/sha256sums.desc
new file mode 100644
index 0000000..66d67c3
--- /dev/null
+++ b/checks/sha256sums.desc
@@ -0,0 +1,63 @@
+Check-Script: sha256sums
+Author: Christian Schwarz <schwarz@debian.org>, Frank Lin PIAT <fpiat@klabs.be>
+Abbrev: sha256
+Type: binary
+Needs-Info: sha256sums
+Info: This script checks if sha5sum control files are valid, if they are
+ provided by a binary package.
+
+Tag: no-sha256sums-control-file
+Severity: wishlist
+Certainty: certain
+Info: This package does not contain an sha256sums control file. This control
+ file listing the SHA256 checksums of the contents of the package is not
+ required, but if present debsums can use it to verify that no files
+ shipped with your package have been modified. Providing it is
+ recommended.
+ .
+ If you are using debhelper to create your package, just add a call to
+ <tt>dh_checksums</tt> at the end of your binary-indep or binary-arch
+ target, right before <tt>dh_builddeb</tt>.
+
+Tag: malformed-sha256sums-control-file
+Severity: important
+Certainty: certain
+Info: The indicated line of the sha256sums control file for this package was
+ malformed. Each line of an sha256sums control file should contain a SHA256
+ checksum, some whitespace, and then the path to the file corresponding to
+ that checksum.
+
+Tag: sha256sum-mismatch
+Severity: important
+Certainty: certain
+Info: The sha256sum listed for the file does not match the actual file
+ contents.
+ .
+ Usually, this error occurs during the package build process, if the
+ <tt>debian/tmp/</tt> directory is touched after <tt>dh_checksums</tt> or
+ <tt>debstd</tt> is run.
+
+Tag: sha256sums-lists-nonexisting-file
+Severity: important
+Certainty: certain
+Info: The sha256sums control file lists a file which is not included in the
+ package.
+ .
+ Usually, this error occurs during the package build process, if the
+ <tt>debian/tmp/</tt> directory is touched after <tt>dh_checksums</tt> or
+ <tt>debstd</tt> is run.
+ .
+ If all the files in the <tt>DEBIAN/</tt> subdirectory are listed
+ above, the problem was probably caused by building the package using a
+ buggy debstd/debmake. In this case, rebuilding the package with an
+ updated debstd should fix the problem.
+
+Tag: file-missing-in-sha256sums
+Severity: normal
+Certainty: certain
+Info: The package contains a file which isn't listed in the sha256sums control
+ file.
+ .
+ Usually, this error occurs during the package build process, if the
+ <tt>debian/tmp/</tt> directory is touched after <tt>dh_sha256sums</tt> or
+ <tt>debstd</tt> is run.
diff --git a/collection/sha256sums b/collection/sha256sums
new file mode 100755
index 0000000..6df0d41
--- /dev/null
+++ b/collection/sha256sums
@@ -0,0 +1,59 @@
+#!/usr/bin/perl -w
+# sha256sums -- lintian collection script
+
+# Copyright (C) 1998 Richard Braakman
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, you can find it on the World Wide
+# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+use strict;
+
+use FileHandle;
+use lib "$ENV{'LINTIAN_ROOT'}/lib";
+use Lintian::Command qw(spawn reap);
+use Util;
+
+($#ARGV == 1) or fail("syntax: sha256sums <pkg> <type>");
+my $pkg = shift;
+my $type = shift;
+
+-f "fields/package" or fail("sha256sums invoked in wrong directory");
+
+unlink("sha256sums");
+chdir("unpacked")
+ or fail("cannot chdir to unpacked directory: $!");
+
+my %opts = ( pipe_in => FileHandle->new,
+ out => '../sha256sums',
+ fail => 'error' );
+spawn(\%opts, ['xargs', '-0r', 'sha256sum'] );
+$opts{pipe_in}->blocking(1);
+open(INDEX, '<', "../index")
+ or fail("cannot open index file: $!");
+while (<INDEX>) {
+ next unless m/^-/;
+ chop;
+ $_ = (split(" ", $_, 6))[5];
+ s/ link to .*//;
+ s/\\(\d+)/chr(oct($1))/eg;
+ s/\\\\/\\/g;
+ printf {$opts{pipe_in}} "%s\0", $_;
+}
+close(INDEX);
+
+close $opts{pipe_in};
+reap(\%opts);
+
diff --git a/collection/sha256sums.desc b/collection/sha256sums.desc
new file mode 100644
index 0000000..d4a193a
--- /dev/null
+++ b/collection/sha256sums.desc
@@ -0,0 +1,7 @@
+Collector-Script: sha256sums
+Author: Richard Braakman <dark@xs4all.nl>, Frank Lin PIAT <fpiat@klabs.be>
+Info: This script runs the "sha256sums" over all files in a binary package.
+Type: binary, udeb
+Version: 1
+Order: 1
+Needs-Info: unpacked
diff --git a/data/debhelper/dh_commands b/data/debhelper/dh_commands
index 5659a5a..c376d8b 100644
--- a/data/debhelper/dh_commands
+++ b/data/debhelper/dh_commands
@@ -9,6 +9,7 @@ dh_bash-completion=bash-completion
dh_bugfiles=debhelper
dh_builddeb=debhelper
dh_buildinfo=dh-buildinfo
+dh_checksums=debhelper
dh_clean=debhelper
dh_clideps=cli-common-dev
dh_clifixperms=cli-common-dev
diff --git a/t/COVERAGE b/t/COVERAGE
index b8c4b08..120f757 100644
--- a/t/COVERAGE
+++ b/t/COVERAGE
@@ -457,6 +457,12 @@ scripts shell-script-fails-syntax-check
scripts suid-perl-script-but-no-perl-suid-dep
scripts update-alternatives-remove-called-in-postrm
+sha256sums file-missing-in-sha256sums
+sha256sums malformed-sha256sums-control-file
+sha256sums sha256sum-mismatch
+sha256sums sha256sums-lists-nonexisting-file
+sha256sums no-sha256sums-control-file
+
shared-libs duplicate-entry-in-shlibs-control-file
shared-libs duplicate-entry-in-symbols-control-file
shared-libs invalid-template-id-in-symbols-file
diff --git a/t/debs/deb-format-ancient-file/Makefile b/t/debs/deb-format-ancient-file/Makefile
index 89d2771..0b1ef3d 100644
--- a/t/debs/deb-format-ancient-file/Makefile
+++ b/t/debs/deb-format-ancient-file/Makefile
@@ -10,10 +10,11 @@ all:
chmod 644 control
env TZ=GMT touch -t 197001010000 control
md5sum usr/share/doc/deb-format-ancient-file/* > md5sums
- tar -c -z -f control.tar.gz control md5sums
+ sha256sum usr/share/doc/deb-format-ancient-file/* > sha256sums
+ tar -c -z -f control.tar.gz control md5sums sha256sums
ar rc deb-format-ancient-file.deb \
debian-binary control.tar.gz data.tar.gz
clean:
- rm -f *.tar.gz *.deb md5sums debian-binary
+ rm -f *.tar.gz *.deb md5sums debian-binary sha256sums
rm -rf usr
diff --git a/t/debs/deb-format-extra-member/Makefile b/t/debs/deb-format-extra-member/Makefile
index 9159288..dd29fa1 100644
--- a/t/debs/deb-format-extra-member/Makefile
+++ b/t/debs/deb-format-extra-member/Makefile
@@ -8,10 +8,11 @@ all:
chown 0:0 control
chmod 644 control
md5sum usr/share/doc/deb-format-extra-member/* > md5sums
- tar cfz control.tar.gz control md5sums
+ sha256sum usr/share/doc/deb-format-extra-member/* > sha256sums
+ tar cfz control.tar.gz control md5sums sha256sums
ar rc deb-format-extra-member.deb \
debian-binary control.tar.gz data.tar.gz extra-stuff
clean:
- rm -f *.tar.gz *.deb md5sums debian-binary extra-stuff
+ rm -f *.tar.gz *.deb md5sums debian-binary extra-stuff sha256sums
rm -rf usr
diff --git a/t/debs/deb-format-lzma/Makefile b/t/debs/deb-format-lzma/Makefile
index d03041b..a44eed7 100644
--- a/t/debs/deb-format-lzma/Makefile
+++ b/t/debs/deb-format-lzma/Makefile
@@ -8,10 +8,11 @@ all:
chown 0:0 control
chmod 644 control
md5sum usr/share/doc/deb-format-lzma/* > md5sums
- tar cfz control.tar.gz control md5sums
+ sha256sum usr/share/doc/deb-format-lzma/* > sha256sums
+ tar cfz control.tar.gz control md5sums sha256sums
ar rc deb-format-lzma.deb \
debian-binary control.tar.gz data.tar.lzma
clean:
- rm -f *.tar.gz *.tar.lzma *.deb md5sums debian-binary
+ rm -f *.tar.gz *.tar.lzma *.deb md5sums debian-binary sha256sums
rm -rf usr
diff --git a/t/debs/deb-format-record-size/Makefile b/t/debs/deb-format-record-size/Makefile
index 4f223f9..11ea266 100644
--- a/t/debs/deb-format-record-size/Makefile
+++ b/t/debs/deb-format-record-size/Makefile
@@ -7,10 +7,11 @@ all:
chown 0:0 control
chmod 644 control
md5sum usr/share/doc/deb-format-record-size/* > md5sums
- tar --record-size=4096 -c -z -f control.tar.gz control md5sums
+ sha256sum usr/share/doc/deb-format-record-size/* > sha256sums
+ tar --record-size=4096 -c -z -f control.tar.gz control md5sums sha256sums
ar rc deb-format-record-size.deb \
debian-binary control.tar.gz data.tar.gz
clean:
- rm -f *.tar.gz *.deb md5sums debian-binary
+ rm -f *.tar.gz *.deb md5sums debian-binary sha256sums
rm -rf usr
diff --git a/t/debs/deb-format-wrong-order/Makefile b/t/debs/deb-format-wrong-order/Makefile
index fa0ccdd..8e17dde 100644
--- a/t/debs/deb-format-wrong-order/Makefile
+++ b/t/debs/deb-format-wrong-order/Makefile
@@ -7,10 +7,11 @@ all:
chown 0:0 control
chmod 644 control
md5sum usr/share/doc/deb-format-wrong-order/* > md5sums
- tar cfz control.tar.gz control md5sums
+ sha256sum usr/share/doc/deb-format-wrong-order/* > sha256sums
+ tar cfz control.tar.gz control md5sums sha256sums
ar rc deb-format-wrong-order.deb \
debian-binary data.tar.gz control.tar.gz
clean:
- rm -f *.tar.gz *.deb md5sums debian-binary
+ rm -f *.tar.gz *.deb md5sums debian-binary sha256sums
rm -rf usr
diff --git a/t/debs/description-synopsis-spaces/Makefile b/t/debs/description-synopsis-spaces/Makefile
index d0152b2..cb22d74 100644
--- a/t/debs/description-synopsis-spaces/Makefile
+++ b/t/debs/description-synopsis-spaces/Makefile
@@ -9,10 +9,11 @@ all:
chown 0:0 control
chmod 644 control
md5sum usr/share/doc/$(name)/* > md5sums
- tar cfz control.tar.gz control md5sums
+ sha256sum usr/share/doc/$(name)/* > sha256sums
+ tar cfz control.tar.gz control md5sums sha256sums
ar rc $(name).deb \
debian-binary control.tar.gz data.tar.gz
clean:
- rm -f *.tar.gz *.tar.lzma *.deb md5sums debian-binary
+ rm -f *.tar.gz *.tar.lzma *.deb md5sums debian-binary sha256sums
rm -rf usr
diff --git a/t/debs/fields-malformed-source/Makefile b/t/debs/fields-malformed-source/Makefile
index dd9605a..f76251a 100644
--- a/t/debs/fields-malformed-source/Makefile
+++ b/t/debs/fields-malformed-source/Makefile
@@ -9,10 +9,11 @@ all:
chown 0:0 control
chmod 644 control
md5sum usr/share/doc/$(name)/* > md5sums
- tar cfz control.tar.gz control md5sums
+ sha256sum usr/share/doc/$(name)/* > sha256sums
+ tar cfz control.tar.gz control md5sums sha256sums
ar rc $(name).deb \
debian-binary control.tar.gz data.tar.gz
clean:
- rm -f *.tar.gz *.tar.lzma *.deb md5sums debian-binary
+ rm -f *.tar.gz *.tar.lzma *.deb md5sums debian-binary sha256sums
rm -rf usr
diff --git a/t/debs/fields-obsolete-relation/Makefile b/t/debs/fields-obsolete-relation/Makefile
index 9fcd420..f2ad66e 100644
--- a/t/debs/fields-obsolete-relation/Makefile
+++ b/t/debs/fields-obsolete-relation/Makefile
@@ -9,10 +9,11 @@ all:
chown 0:0 control
chmod 644 control
md5sum usr/share/doc/$(name)/* > md5sums
- tar cfz control.tar.gz control md5sums
+ sha256sum usr/share/doc/$(name)/* > sha256sums
+ tar cfz control.tar.gz control md5sums sha256sums
ar rc $(name).deb \
debian-binary control.tar.gz data.tar.gz
clean:
- rm -f *.tar.gz *.tar.lzma *.deb md5sums debian-binary
+ rm -f *.tar.gz *.tar.lzma *.deb md5sums debian-binary sha256sums
rm -rf usr
diff --git a/testset/binary/debian/rules b/testset/binary/debian/rules
index 9ed885d..e3e0e68 100755
--- a/testset/binary/debian/rules
+++ b/testset/binary/debian/rules
@@ -80,8 +80,9 @@ binary-arch: build
dpkg-gencontrol -pbinary -isp
dpkg-gencontrol -pbinary-data -Pdebian/binary-data -isp
- # Test an md5sums check while we're here.
+ # Test md5sums and sha256sums check while we're here.
touch debian/binary-data/DEBIAN/md5sums
+ touch debian/binary-data/DEBIAN/sha256sums
dpkg --build debian/tmp ..
dpkg --build debian/binary-data ..
diff --git a/testset/etcfiles/debian/rules b/testset/etcfiles/debian/rules
index 1e58c81..7a50bd7 100755
--- a/testset/etcfiles/debian/rules
+++ b/testset/etcfiles/debian/rules
@@ -44,6 +44,23 @@ binary-indep:
echo '56fb27e455dd86d8801f1ecd3a4cee49 usr/share/doc/etcfiles/README.Debian' \
>> debian/tmp/DEBIAN/md5sums
+ echo '5e913e218e1f3fcac8487d7fbb954bd9669f72a7ef6e9d9f519d94b6a8cc88b9 ./etc/cron.daily/cronfile-normal' \
+ > debian/tmp/DEBIAN/sha256sums
+ echo '5e913e218e1f3fcac8487d7fbb954bd9669f72a7ef6e9d9f519d94b6a8cc88b9 ./etc/cron.daily/.cronfile-begins-with-fullstop' \
+ > debian/tmp/DEBIAN/sha256sums
+ echo '5e913e218e1f3fcac8487d7fbb954bd9669f72a7ef6e9d9f519d94b6a8cc88b9 ./etc/cron.daily/cronfile-contains.fullstop' \
+ > debian/tmp/DEBIAN/sha256sums
+ echo '4a66e953b00a3c22e34efc46457f78f988c58ee570e137095365a4d25f39289b ./etc/proper' \
+ > debian/tmp/DEBIAN/sha256sums
+ echo '4a66e953b00a3c22e34efc46457f78f988c58ee570e137095365a4d25f39289b etc/improper' \
+ >> debian/tmp/DEBIAN/sha256sums
+ echo '4a66e953b00a3c22e34efc46457f78f988c58ee570e137095365a4d25f39289b usr/bin/foo' \
+ >> debian/tmp/DEBIAN/sha256sums
+ echo 'this is a malformed line' \
+ >> debian/tmp/DEBIAN/sha256sums
+ echo '5c1474dcde5ed448d408c2c5451b762a0a35dfb465be5281862af08c1df6b554 usr/share/doc/etcfiles/README.Debian' \
+ >> debian/tmp/DEBIAN/sha256sums
+
install -d $(tmponly)/etc/etcfiles
touch $(tmponly)/etc/etcfiles/foo
touch $(tmponly)/etc/etcfiles/bar
diff --git a/testset/tags.binary b/testset/tags.binary
index 24a556c..13a2846 100644
--- a/testset/tags.binary
+++ b/testset/tags.binary
@@ -57,6 +57,7 @@ I: binary: capitalization-error-in-description debian Debian
I: binary: desktop-entry-contains-encoding-key /usr/share/applications/goodbye.desktop:11 Encoding
I: binary: desktop-entry-contains-encoding-key /usr/share/applications/hello.desktop:13 Encoding
I: binary: no-md5sums-control-file
+I: binary: no-sha256sums-control-file
W: binary source: ancient-standards-version 3.2.1 (current is 3.8.4)
W: binary source: debian-rules-ignores-make-clean-error line 12
W: binary source: debian-rules-uses-pwd line 9
@@ -65,6 +66,7 @@ W: binary source: native-package-with-dash-version
W: binary source: substvar-source-version-is-deprecated binary
W: binary source: substvar-source-version-is-deprecated binary-data
W: binary-data: control-file-is-empty md5sums
+W: binary-data: control-file-is-empty sha256sums
W: binary: binary-without-manpage usr/bin/hello
W: binary: binary-without-manpage usr/bin/hello-static
W: binary: binary-without-manpage usr/bin/hello.static
diff --git a/testset/tags.etcfiles b/testset/tags.etcfiles
index 99b3c25..aa010bc 100644
--- a/testset/tags.etcfiles
+++ b/testset/tags.etcfiles
@@ -4,15 +4,20 @@ E: etcfiles: changelog-file-not-compressed changelog
E: etcfiles: file-in-etc-not-marked-as-conffile /etc/improper
E: etcfiles: file-in-etc-not-marked-as-conffile /etc/improper-link
E: etcfiles: malformed-md5sums-control-file line 4
+E: etcfiles: malformed-sha256sums-control-file line 4
E: etcfiles: md5sum-mismatch etc/improper
E: etcfiles: md5sum-mismatch etc/proper
E: etcfiles: md5sums-lists-nonexisting-file usr/bin/foo
E: etcfiles: no-copyright-file
E: etcfiles: non-etc-file-marked-as-conffile /var/lib/foo
+E: etcfiles: sha256sum-mismatch etc/improper
+E: etcfiles: sha256sums-lists-nonexisting-file usr/bin/foo
E: only-etcfiles: extended-description-is-empty
W: etcfiles source: ancient-standards-version 3.5.0 (current is 3.8.4)
W: etcfiles: file-missing-in-md5sums etc/improper-link
W: etcfiles: file-missing-in-md5sums usr/share/doc/etcfiles/changelog
+W: etcfiles: file-missing-in-sha256sums etc/improper-link
+W: etcfiles: file-missing-in-sha256sums usr/share/doc/etcfiles/changelog
W: etcfiles: package-contains-hardlink etc/improper -> etc/improper-link
W: etcfiles: readme-debian-mentions-usr-doc line 2
W: etcfiles: run-parts-cron-filename-contains-full-stop etc/cron.daily/cronfile-contains.fullstop
diff --git a/testset/tags.filenames b/testset/tags.filenames
index 58ce11c..c0e605b 100644
--- a/testset/tags.filenames
+++ b/testset/tags.filenames
@@ -33,9 +33,11 @@ E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-30001:65
E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-65535:65001 65535/65001
E: more-filename-games: no-copyright-file
I: filename-games: no-md5sums-control-file
+I: filename-games: no-sha256sums-control-file
I: filename-games: package-contains-empty-directory usr/games/
I: filenames: duplicated-compressed-file usr/share/filenames/prototype.js.gz
I: filenames: no-md5sums-control-file
+I: filenames: no-sha256sums-control-file
I: filenames: package-contains-empty-directory usr/lib/perl5/.arch-ids/
I: filenames: package-contains-empty-directory usr/lib/perl5/.be/
I: filenames: package-contains-empty-directory usr/lib/perl5/.bzr/
@@ -45,6 +47,7 @@ I: filenames: package-contains-empty-directory usr/lib/perl5/CVS/
I: filenames: package-contains-empty-directory usr/lib/perl5/{arch}/
I: filenames: using-first-person-in-description line 1: I
I: more-filename-games: no-md5sums-control-file
+I: more-filename-games: no-sha256sums-control-file
W: filename-games: binary-without-manpage usr/bin/test-game
W: filename-games: no-priority-field
W: filenames source: ancient-standards-version 3.1.1 (current is 3.8.4)
diff --git a/testset/tags.foo++ b/testset/tags.foo++
index 6849f4a..174d52e 100644
--- a/testset/tags.foo++
+++ b/testset/tags.foo++
@@ -16,6 +16,7 @@ E: foo++: wrong-debian-qa-address-set-as-maintainer Lintian Maintainer <debian-q
E: foo++_arch.changes: changed-by-address-malformed Marc 'HE' Brockschmidt <he@unknown>
I: foo++ source: duplicate-short-description foo++ foo++-helper
I: foo++: no-md5sums-control-file
+I: foo++: no-sha256sums-control-file
W: foo++ source: ancient-standards-version 3.1.1 (current is 3.8.4)
W: foo++ source: debian-watch-file-in-native-package
W: foo++ source: debian-watch-file-unknown-version 0
diff --git a/testset/tags.libbaz b/testset/tags.libbaz
index e00c46d..755c1ea 100644
--- a/testset/tags.libbaz
+++ b/testset/tags.libbaz
@@ -28,12 +28,17 @@ E: libbaz2: debian-changelog-file-missing-or-wrong-name
I: ia32-libbaz2: no-symbols-control-file usr/lib/i486-linux-gnu/libbaz2.so.1.0.3b
I: libbaz1-dev: binary-has-unneeded-section ./usr/lib/perl5/auto/Foo/Foo.so .comment
I: libbaz1-dev: no-md5sums-control-file
+I: libbaz1-dev: no-sha256sums-control-file
I: libbaz1-dev: package-contains-empty-directory usr/include/
I: libbaz1: binary-has-unneeded-section ./usr/lib/perl5/auto/Foo/Foo.so .comment
I: libbaz1: no-md5sums-control-file
+I: libbaz1: no-sha256sums-control-file
I: libbaz2-dbg: no-md5sums-control-file
+I: libbaz2-dbg: no-sha256sums-control-file
I: libbaz2-dev: no-md5sums-control-file
+I: libbaz2-dev: no-sha256sums-control-file
I: libbaz2: no-md5sums-control-file
+I: libbaz2: no-sha256sums-control-file
I: libbaz2: no-symbols-control-file usr/lib/libbaz2.so.1.0.3b
N: 4 tags overridden (4 warnings)
W: ia32-libbaz2: new-package-should-close-itp-bug
diff --git a/testset/tags.maintainer-scripts b/testset/tags.maintainer-scripts
index 0b9e284..cddd6a7 100644
--- a/testset/tags.maintainer-scripts
+++ b/testset/tags.maintainer-scripts
@@ -37,6 +37,7 @@ E: maintainer-scripts: read-in-maintainer-script prerm:65
E: maintainer-scripts: read-in-maintainer-script prerm:66
E: maintainer-scripts: wrong-debian-qa-group-name QA group <packages@qa.debian.org>
I: maintainer-scripts: no-md5sums-control-file
+I: maintainer-scripts: no-sha256sums-control-file
I: maintainer-scripts: output-of-updaterc.d-not-redirected-to-dev-null bar postrm
W: maintainer-scripts source: ancient-standards-version 3.1.1 (current is 3.8.4)
W: maintainer-scripts source: changelog-should-mention-qa
diff --git a/testset/tags.scripts b/testset/tags.scripts
index 38c10e6..d3aa84b 100644
--- a/testset/tags.scripts
+++ b/testset/tags.scripts
@@ -26,6 +26,7 @@ I: scripts source: dpatch-missing-description 04_i_dont_have_a_description_eithe
I: scripts: init.d-script-does-not-provide-itself /etc/init.d/lsb-broken
I: scripts: init.d-script-missing-lsb-short-description /etc/init.d/lsb-other
I: scripts: no-md5sums-control-file
+I: scripts: no-sha256sums-control-file
I: scripts: script-in-usr-share-doc usr/share/doc/scripts/py2foo
I: scripts: script-in-usr-share-doc usr/share/doc/scripts/rubyfoo
W: scripts source: ancient-standards-version 3.2.1 (current is 3.8.4)
--
1.7.0
--- End Message ---