[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[lintian] 03/04: Add checks for mis-named D-Bus .service files, with regression tests

This is an automated email from the git hooks/post-receive script.

nthykier pushed a commit to branch master
in repository lintian.

commit 27e6ca3b0dc66443db346923e9e9291ec5e98305
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Oct 10 17:14:21 2014 +0100

    Add checks for mis-named D-Bus .service files, with regression tests
    
    Bug: https://bugs.debian.org/762609
    
    Signed-off-by: Niels Thykier <niels@thykier.net>
---
 checks/dbus.desc                                   | 31 +++++++++++++++++
 checks/dbus.pm                                     | 40 ++++++++++++++++++++--
 t/tests/dbus-services/debian/debian/install        |  1 +
 .../usr/share/dbus-1/services/gvfs-daemon.service  |  3 ++
 .../services/org.mpris.MediaPlayer2.mpd.service    |  3 ++
 .../org.freedesktop.PolicyKit1.service             |  5 +++
 .../system-services/this-name-cannot-work.service  |  4 +++
 t/tests/dbus-services/desc                         |  7 ++++
 t/tests/dbus-services/tags                         |  2 ++
 9 files changed, 94 insertions(+), 2 deletions(-)

diff --git a/checks/dbus.desc b/checks/dbus.desc
index 9f8ca36..42b9665 100644
--- a/checks/dbus.desc
+++ b/checks/dbus.desc
@@ -54,3 +54,34 @@ Info: The package contains D-Bus policy configuration that uses
  unintended effects on other services.
 Ref: https://bugs.freedesktop.org/show_bug.cgi?id=18961,http://lists.freedesktop.org/archives/dbus/2008-February/009401.html
 Experimental: yes
+
+Tag: dbus-session-service-wrong-name
+Severity: wishlist
+Certainty: certain
+Info: The package contains a D-Bus session service whose filename
+ does not match the <tt>Name</tt> field found in the file.
+ This makes it possible that two non-conflicting packages could
+ provide the same service name with the same search-path priority
+ (i.e. in the same directory). dbus-daemon will arbitrarily choose
+ one of them, which is unlikely to be the desired result.
+ .
+ Best-practice is that if you implement a session service whose well-known
+ name is <tt>com.example.MyService1</tt>, and it should be
+ service-activatable, you should achieve that by packaging
+ <tt>/usr/share/dbus-1/services/com.example.MyService1.service</tt>.
+Experimental: yes
+
+Tag: dbus-system-service-wrong-name
+Severity: serious
+Certainty: certain
+Info: The package contains a D-Bus system service whose filename
+ does not match the <tt>Name</tt> field found in the file.
+ This will not work, because dbus-daemon-launch-helper specifically
+ looks for that filename, in order to keep system-level activation
+ secure and predictable.
+ .
+ If you implement a session service whose well-known name is
+ <tt>com.example.MyService1</tt>, and it should be service-activatable,
+ you must provide
+ <tt>/usr/share/dbus-1/system-services/com.example.MyService1.service</tt>.
+Experimental: yes
diff --git a/checks/dbus.pm b/checks/dbus.pm
index 5c2c02b..364c980 100644
--- a/checks/dbus.pm
+++ b/checks/dbus.pm
@@ -32,8 +32,8 @@ sub run {
     my ($pkg, $type, $info) = @_;
 
     my @files;
-    foreach my $dirname (qw(etc/dbus-1/session.d/ etc/dbus-1/system.d)) {
-        if (my $dir = $info->index_resolved_path($dirname)) {
+    foreach my $dirname (qw(session system)) {
+        if (my $dir = $info->index_resolved_path("etc/dbus-1/${dirname}.d")) {
             push @files, $dir->children;
         }
     }
@@ -43,6 +43,21 @@ sub run {
         _check_policy($file);
     }
 
+    if (my $dir = $info->index_resolved_path('usr/share/dbus-1/services')) {
+        foreach my $file ($dir->children) {
+            next unless $file->is_open_ok;
+            _check_service($file, session => 1);
+        }
+    }
+
+    if (my $dir
+        = $info->index_resolved_path('usr/share/dbus-1/system-services')) {
+        foreach my $file ($dir->children) {
+            next unless $file->is_open_ok;
+            _check_service($file);
+        }
+    }
+
     return;
 }
 
@@ -74,6 +89,27 @@ sub _check_policy {
     return;
 }
 
+sub _check_service {
+    my ($file, %kwargs) = @_;
+
+    my $basename = $file->basename;
+    my $text = $file->file_contents;
+
+    while ($text =~ m{^Name=(.*)$}gm) {
+        my $name = $1;
+        if ($basename ne "${name}.service") {
+            if ($kwargs{session}) {
+                tag('dbus-session-service-wrong-name',
+                    "${name}.service", $file);
+            } else {
+                tag('dbus-system-service-wrong-name',"${name}.service", $file);
+            }
+        }
+    }
+
+    return;
+}
+
 1;
 
 # Local Variables:
diff --git a/t/tests/dbus-services/debian/debian/install b/t/tests/dbus-services/debian/debian/install
new file mode 100644
index 0000000..73752c9
--- /dev/null
+++ b/t/tests/dbus-services/debian/debian/install
@@ -0,0 +1 @@
+usr
diff --git a/t/tests/dbus-services/debian/usr/share/dbus-1/services/gvfs-daemon.service b/t/tests/dbus-services/debian/usr/share/dbus-1/services/gvfs-daemon.service
new file mode 100644
index 0000000..1a8607d
--- /dev/null
+++ b/t/tests/dbus-services/debian/usr/share/dbus-1/services/gvfs-daemon.service
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.gtk.vfs.Daemon
+Exec=/usr/lib/gvfs/gvfsd
diff --git a/t/tests/dbus-services/debian/usr/share/dbus-1/services/org.mpris.MediaPlayer2.mpd.service b/t/tests/dbus-services/debian/usr/share/dbus-1/services/org.mpris.MediaPlayer2.mpd.service
new file mode 100644
index 0000000..3f14f4a
--- /dev/null
+++ b/t/tests/dbus-services/debian/usr/share/dbus-1/services/org.mpris.MediaPlayer2.mpd.service
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.mpris.MediaPlayer2.mpd
+Exec=/usr/bin/mpDris2
diff --git a/t/tests/dbus-services/debian/usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service b/t/tests/dbus-services/debian/usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service
new file mode 100644
index 0000000..51d1f94
--- /dev/null
+++ b/t/tests/dbus-services/debian/usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service
@@ -0,0 +1,5 @@
+[D-BUS Service]
+Name=org.freedesktop.PolicyKit1
+Exec=/usr/lib/policykit-1/polkitd --no-debug
+User=root
+SystemdService=polkitd.service
diff --git a/t/tests/dbus-services/debian/usr/share/dbus-1/system-services/this-name-cannot-work.service b/t/tests/dbus-services/debian/usr/share/dbus-1/system-services/this-name-cannot-work.service
new file mode 100644
index 0000000..e87a5bb
--- /dev/null
+++ b/t/tests/dbus-services/debian/usr/share/dbus-1/system-services/this-name-cannot-work.service
@@ -0,0 +1,4 @@
+[D-BUS Service]
+Name=com.example.SystemDaemon1
+Exec=/usr/sbin/example-system-daemon
+User=nobody
diff --git a/t/tests/dbus-services/desc b/t/tests/dbus-services/desc
new file mode 100644
index 0000000..ffb0e71
--- /dev/null
+++ b/t/tests/dbus-services/desc
@@ -0,0 +1,7 @@
+Testname: dbus-services
+Sequence: 6000
+Version: 1.0
+Description: test D-Bus .service files
+Test-For:
+ dbus-session-service-wrong-name
+ dbus-system-service-wrong-name
diff --git a/t/tests/dbus-services/tags b/t/tests/dbus-services/tags
new file mode 100644
index 0000000..217b153
--- /dev/null
+++ b/t/tests/dbus-services/tags
@@ -0,0 +1,2 @@
+X: dbus-services: dbus-session-service-wrong-name org.gtk.vfs.Daemon.service usr/share/dbus-1/services/gvfs-daemon.service
+X: dbus-services: dbus-system-service-wrong-name com.example.SystemDaemon1.service usr/share/dbus-1/system-services/this-name-cannot-work.service

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: