[lintian] 01/01: Check for calls to dpkg-statoverride --add without a corresponding --list. (Closes: #652963)

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 01/01: Check for calls to dpkg-statoverride --add without a corresponding --list. (Closes: #652963)
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Tue, 18 Jul 2017 10:39:02 +0000
Message-id: <[🔎] E1dXPuA-0006l6-VT@moszumanska.debian.org>
Reply-to: Chris Lamb <lamby@debian.org>
In-reply-to: <[🔎] 20170718103841.13477.26803@moszumanska.debian.org>
References: <[🔎] 20170718103841.13477.26803@moszumanska.debian.org>

This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository lintian.

commit 1fd3df05882f8a0988df81558faddbd155a49c3e
Author: Chris Lamb <lamby@debian.org>
Date:   Tue Jul 18 10:46:04 2017 +0100

    Check for calls to dpkg-statoverride --add without a corresponding --list. (Closes: #652963)
---
 checks/scripts.desc                                     |  8 ++++++++
 checks/scripts.pm                                       | 17 +++++++++++++----
 debian/changelog                                        |  2 ++
 .../debian/debian/postinst                              | 10 ++++++++++
 .../scripts-unconditional-use-of-dpkg-statoverride/desc |  5 +++++
 .../scripts-unconditional-use-of-dpkg-statoverride/tags |  1 +
 6 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/checks/scripts.desc b/checks/scripts.desc
index 4090bd1..8b0a849 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -745,3 +745,11 @@ Info: This package appears to be the initial packaging of a new upstream
  .
  This warning can be ignored if the package is not intended for Debian or
  if it is a split of an existing Debian package.
+
+Tag: unconditional-use-of-dpkg-statoverride
+Severity: normal
+Certainty: possible
+Info: The maintainer script appears to use <tt>dpkg-statoverride --add</tt>
+ without a prior call to <tt>dpkg-statoverride --list</tt> to check the
+ current status.
+Ref: policy 10.9.1
diff --git a/checks/scripts.pm b/checks/scripts.pm
index 0e2a6a6..d7daee6 100644
--- a/checks/scripts.pm
+++ b/checks/scripts.pm
@@ -615,10 +615,9 @@ sub run {
         # now scan the file contents themselves
         my $fd = $path->open;
 
-        my (
-            $saw_init, $saw_invoke, $saw_debconf,
-            $saw_bange, $saw_sete, $has_code
-        );
+        my ($saw_init, $saw_invoke, $saw_debconf,
+            $saw_bange, $saw_sete, $has_code,
+            $saw_statoverride_list, $saw_statoverride_add);
         my %warned;
         my $cat_string = '';
 
@@ -675,6 +674,11 @@ sub run {
                 $saw_sete = 1;
             }
 
+            if (m,$LEADIN(?:/usr/bin/)?dpkg-statoverride\s,) {
+                $saw_statoverride_add = $. if /--add/;
+                $saw_statoverride_list = 1 if /--list/;
+            }
+
             if (    m,[^\w](?:(?:/var)?/tmp|\$TMPDIR)/[^)\]}\s],
                 and not m/\bmks?temp\b/
                 and not m/\btempfile\b/
@@ -1001,6 +1005,11 @@ sub run {
             }
         }
 
+        if ($saw_statoverride_add && !$saw_statoverride_list) {
+            tag 'unconditional-use-of-dpkg-statoverride',
+              "$file:$saw_statoverride_add";
+        }
+
         close($fd);
 
     }
diff --git a/debian/changelog b/debian/changelog
index 7afea54..0e5cd59 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -62,6 +62,8 @@ lintian (2.5.52) UNRELEASED; urgency=medium
       I: to W:. See #829744 for more info.
     + [CL] Clarify wording in new-package-should-not-package-python2-module
       to make the justification clearer.
+    + [CL] Check for calls to dpkg-statoverride --add without a
+      corresponding --list.  (Closes: #652963)
   * checks/rules.desc:
     + [CL] Clarify wording in debian-rules-parses-dpkg-parsechangelog to
       make the justification clearer.  (Closes: #865882)
diff --git a/t/tests/scripts-unconditional-use-of-dpkg-statoverride/debian/debian/postinst b/t/tests/scripts-unconditional-use-of-dpkg-statoverride/debian/debian/postinst
new file mode 100644
index 0000000..0c2e31c
--- /dev/null
+++ b/t/tests/scripts-unconditional-use-of-dpkg-statoverride/debian/debian/postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+# Unconditional use of dpkg-statoverride --add
+dpkg-statoverride --update --add root crontab 2755 /usr/bin/crontab
+
+exit 0
diff --git a/t/tests/scripts-unconditional-use-of-dpkg-statoverride/desc b/t/tests/scripts-unconditional-use-of-dpkg-statoverride/desc
new file mode 100644
index 0000000..d6a2bce
--- /dev/null
+++ b/t/tests/scripts-unconditional-use-of-dpkg-statoverride/desc
@@ -0,0 +1,5 @@
+Testname: scripts-unconditional-use-of-dpkg-statoverride
+Version: 1.0
+Description: Test for maintscripts that call dpkg-statoverride without calling --list
+Test-For:
+ unconditional-use-of-dpkg-statoverride
diff --git a/t/tests/scripts-unconditional-use-of-dpkg-statoverride/tags b/t/tests/scripts-unconditional-use-of-dpkg-statoverride/tags
new file mode 100644
index 0000000..75093b6
--- /dev/null
+++ b/t/tests/scripts-unconditional-use-of-dpkg-statoverride/tags
@@ -0,0 +1 @@
+W: scripts-unconditional-use-of-dpkg-statoverride: unconditional-use-of-dpkg-statoverride postinst:6

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git

Reply to:

References:
- [lintian] branch master updated (c52a2c6 -> 1fd3df0)
  - From: Chris Lamb <chris@chris-lamb.co.uk>

Prev by Date: [lintian] branch master updated (c52a2c6 -> 1fd3df0)
Next by Date: Bug#652963: lintian: should catch improper usage of dpkg-statoverride in maintainer scripts
Previous by thread: [lintian] branch master updated (c52a2c6 -> 1fd3df0)
Next by thread: Bug#652963: lintian: should catch improper usage of dpkg-statoverride in maintainer scripts
Index(es):
- Date
- Thread