[lintian] 01/01: update-alternatives --set should be disallowed from maintainer scripts

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 01/01: update-alternatives --set should be disallowed from maintainer scripts
From: Bastien ROUCARIES <broucaries-guest@moszumanska.debian.org>
Date: Wed, 04 Dec 2013 20:02:57 +0000
Message-id: <[🔎] E1VoIev-0003qC-U5@moszumanska.debian.org>
Reply-to: Bastien ROUCARIÈS <roucaries.bastien@gmail.com>
In-reply-to: <[🔎] 20131204200257.14580.51000@moszumanska.debian.org>
References: <[🔎] 20131204200257.14580.51000@moszumanska.debian.org>

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 13396c6e0cbf5a5c117217916a5806cf84d421cf
Author: Bastien ROUCARIÈS <roucaries.bastien@gmail.com>
Date:   Wed Dec 4 10:05:50 2013 +0100

    update-alternatives --set should be disallowed from maintainer scripts
    
    Implement this test. Closes #643602.
---
 checks/scripts.desc                                       | 13 +++++++++++++
 checks/scripts.pm                                         |  3 +++
 debian/changelog                                          |  3 +++
 t/tests/scripts-maintainer-general/debian/debian/postinst |  2 ++
 t/tests/scripts-maintainer-general/desc                   |  1 +
 t/tests/scripts-maintainer-general/tags                   |  1 +
 6 files changed, 23 insertions(+)

diff --git a/checks/scripts.desc b/checks/scripts.desc
index f8f30f6..debe910 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -470,6 +470,19 @@ Info: <tt>update-alternatives --remove &lt;alternative&gt; foo</tt> is
  instead.
 Ref: policy F, update-alternatives(8)
 
+Tag: update-alternatives-set-called-in-maintainer-script
+Severity: normal
+Certainty: certain
+Info: <tt>update-alternatives --set &lt;alternative&gt; foo</tt> or
+ <tt>update-alternatives --config &lt;alternative&gt;</tt> or
+ <tt>update-alternatives --set-selections</tt>
+ called in maitainer script. Thus it's impossible to distinguish
+ between an alternative that's manually set because the user set it,
+ vs. one that's manually set because the package set it.
+Ref: update-alternatives(8)
+
+
+
 Tag: deprecated-chown-usage
 Severity: normal
 Certainty: certain
diff --git a/checks/scripts.pm b/checks/scripts.pm
index 8153186..56ffad1 100644
--- a/checks/scripts.pm
+++ b/checks/scripts.pm
@@ -920,6 +920,9 @@ sub run {
                     }
                 }
             }
+            if (m,update\-alternatives \-\-(?:set|set\-selections|config),) {
+                tag 'update-alternatives-set-called-in-maintainer-script', "$file:$.";
+            }
             if (m,\bgconftool(?:-2)?(?:\s|\Z),) {
                 tag 'gconftool-used-in-maintainer-script', "$file:$.";
             }
diff --git a/debian/changelog b/debian/changelog
index 8af6e19..2e1fa7e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,9 @@ lintian (2.5.20) UNRELEASED; urgency=low
     + [BR] Improve description of pkg-config-multi-arch-wrong-dir
       tag. Add debhelper > 9 on non multi-arched package as a likely
       cause (Closes: #723886).
+  * checks/scripts.{desc,pm}:
+    + [BR] Detect update-alternatives --set in maintainer scripts.
+      (Closes: #643602).
   * checks/watch.{desc,pm}:
     + [BR] Detect lack of uscan support for gpg signature.
       (Closes: #711553).
diff --git a/t/tests/scripts-maintainer-general/debian/debian/postinst b/t/tests/scripts-maintainer-general/debian/debian/postinst
index 66f725a..8cacc46 100755
--- a/t/tests/scripts-maintainer-general/debian/debian/postinst
+++ b/t/tests/scripts-maintainer-general/debian/debian/postinst
@@ -125,4 +125,6 @@ if false ; then
     mknod some thing
 fi
 
+# Calling update alternative --set see #643602
+update-alternatives --set editor /usr/bin/nano
 #DEBHELPER#
diff --git a/t/tests/scripts-maintainer-general/desc b/t/tests/scripts-maintainer-general/desc
index 03677d8..dcaca2d 100644
--- a/t/tests/scripts-maintainer-general/desc
+++ b/t/tests/scripts-maintainer-general/desc
@@ -25,6 +25,7 @@ Test-For:
  mknod-in-maintainer-script
  possibly-insecure-handling-of-tmp-files-in-maintainer-script
  read-in-maintainer-script
+ update-alternatives-set-called-in-maintainer-script
  start-stop-daemon-in-maintainer-script
  suidregister-used-in-maintainer-script
 References: Debian Bug#532984
diff --git a/t/tests/scripts-maintainer-general/tags b/t/tests/scripts-maintainer-general/tags
index 2d08ef5..006f093 100644
--- a/t/tests/scripts-maintainer-general/tags
+++ b/t/tests/scripts-maintainer-general/tags
@@ -26,3 +26,4 @@ W: scripts-maintainer-general: maintainer-script-needs-depends-on-ucf postinst
 W: scripts-maintainer-general: maintainer-script-needs-depends-on-xml-core postinst
 W: scripts-maintainer-general: possibly-insecure-handling-of-tmp-files-in-maintainer-script postinst:26
 W: scripts-maintainer-general: start-stop-daemon-in-maintainer-script postinst:78
+W: scripts-maintainer-general: update-alternatives-set-called-in-maintainer-script postinst:129

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git

Reply to:

References:
- [lintian] branch master updated (1b193ce -> 13396c6)
  - From: Bastien ROUCARIES <broucaries-guest@moszumanska.debian.org>

Prev by Date: [lintian] branch master updated (1b193ce -> 13396c6)
Next by Date: Preparer et gagner un APPEL D'OFFRES
Previous by thread: [lintian] branch master updated (1b193ce -> 13396c6)
Next by thread: Preparer et gagner un APPEL D'OFFRES
Index(es):
- Date
- Thread