[lintian] 01/01: Check that non-ELF maintainer scripts start with #!. (Closes: #843428)

[Chris Lamb <chris@chris-lamb.co.uk>]

This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository lintian.

commit 9da2a1aceb5a4281a2a627d95f5c9288bab85038
Author: Chris Lamb <lamby@debian.org>
Date:   Thu Jul 20 22:58:44 2017 +0100

    Check that non-ELF maintainer scripts start with #!. (Closes: #843428)
---
 collection/scripts                                          | 13 +++++++++++--
 debian/changelog                                            |  4 ++++
 .../debian/debian/phpmyfoo.postrm                           |  4 ++++
 t/tests/apache2-webapplications-general/tags                |  2 ++
 t/tests/legacy-scripts/tags                                 |  1 +
 .../debian/debian/postinst                                  |  9 +++++++++
 .../debian/debian/postrm                                    |  7 +++++++
 .../scripts-does-not-start-with-shebang/debian/debian/rules |  8 ++++++++
 t/tests/scripts-does-not-start-with-shebang/debian/true.c   |  5 +++++
 t/tests/scripts-does-not-start-with-shebang/desc            |  6 ++++++
 t/tests/scripts-does-not-start-with-shebang/tags            |  1 +
 11 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/collection/scripts b/collection/scripts
index 1fabc86..1c4260a 100755
--- a/collection/scripts
+++ b/collection/scripts
@@ -69,8 +69,17 @@ sub collect {
     open(my $ctrl_fd, '>', "$dir/control-scripts");
     for my $path ($info->control_index('')->children) {
         next unless $path->is_open_ok;
-        my $scriptpath = shebang_line($path);
-        next unless defined($scriptpath);
+        # Only collect maintainer scripts
+        next unless $path =~ m/^(?:(?:pre|post)(?:inst|rm)|config)$/;
+
+        # Allow ELF binaries
+        my $magic;
+        my $fd = $path->open;
+        if (read($fd, $magic, 4)) {
+            next if $magic eq "\x7FELF";
+        }
+        close($fd);
+        my $scriptpath = shebang_line($path) // '';
 
         # Remove everything after the first space (i.e. any options)
         $scriptpath =~ s/\s++ .++ \Z//xsm;
diff --git a/debian/changelog b/debian/changelog
index e549e03..9782aa6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -82,6 +82,10 @@ lintian (2.5.52) UNRELEASED; urgency=medium
     + [CL] Factor out hard-coded list of possible upstream key locations
       to the "common/signing-key-filenames" Lintian::Data resource.
 
+  * collection/scripts:
+    + [CL] Check that non-ELF maintainer scripts start with #!.
+      (Closes: #843428)
+
   * commands/lintian.pm:
     + [NT] Attempt to clean up on SIGTERM (like with SIGINT).
     + [CL] Allow the use of suppress-tags=<tag>[,<tag>[,<tag>]] in
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
index 2fffaab..d0db12e 100644
--- a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
@@ -1,3 +1,7 @@
+#!/bin/sh
+
+set -e
+
 if [ "$1" = 'configure' ] ; then
         a2disconf -q phpmyfoo
 fi
diff --git a/t/tests/apache2-webapplications-general/tags b/t/tests/apache2-webapplications-general/tags
index 725895b..3f2bb1c 100644
--- a/t/tests/apache2-webapplications-general/tags
+++ b/t/tests/apache2-webapplications-general/tags
@@ -12,7 +12,9 @@ W: phpmyfoo: apache2-deprecated-auth-config </Limit>
 W: phpmyfoo: apache2-deprecated-auth-config <Limit POST PUT DELETE>
 W: phpmyfoo: apache2-deprecated-auth-config Order
 W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postinst
+W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postrm
 W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postinst a2enconf
+W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postrm a2disconf
 W: phpmyfoo: apache2-unparsable-dependency etc/apache2/conf-available/phpmyfoo.conf bar2.conf
 W: phpmyfoo: apache2-unsupported-dependency etc/apache2/conf-available/phpmyfoo.conf Conflicts
 W: phpmyfoo: web-application-depends-on-apache2-data-package apache2-bin
diff --git a/t/tests/legacy-scripts/tags b/t/tests/legacy-scripts/tags
index 913844d..2feeb5d 100644
--- a/t/tests/legacy-scripts/tags
+++ b/t/tests/legacy-scripts/tags
@@ -21,6 +21,7 @@ E: scripts: php-script-but-no-php-cli-dep usr/share/scripts/phpenvfoo
 E: scripts: php-script-but-no-php-cli-dep usr/share/scripts/phpfoo
 E: scripts: python-script-but-no-python-dep usr/bin/py2.Xfoo
 E: scripts: python-script-but-no-python-dep usr/bin/pyfoo
+E: scripts: script-without-interpreter control/prerm
 E: scripts: shell-script-fails-syntax-check usr/bin/sh-broken
 E: scripts: wrong-path-for-interpreter usr/bin/lefty-foo (#!/usr/local/bin/lefty != /usr/bin/lefty)
 E: scripts: wrong-path-for-interpreter usr/bin/rubyfoo (#!/bin/ruby1.8 != /usr/bin/ruby1.8)
diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/debian/postinst b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postinst
new file mode 100644
index 0000000..9438152
--- /dev/null
+++ b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postinst
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# This file should not be triggered by script-without-interpreter
+
+set -e
+
+true
+
+#DEBHELPER#
diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/debian/postrm b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postrm
new file mode 100644
index 0000000..5a2a7e7
--- /dev/null
+++ b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postrm
@@ -0,0 +1,7 @@
+# This file should be triggered by script-without-interpreter
+
+set -e
+
+true
+
+#DEBHELPER#
diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/debian/rules b/t/tests/scripts-does-not-start-with-shebang/debian/debian/rules
new file mode 100755
index 0000000..84ab89a
--- /dev/null
+++ b/t/tests/scripts-does-not-start-with-shebang/debian/debian/rules
@@ -0,0 +1,8 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+override_dh_installdeb:
+	dh_installdeb
+	gcc -o debian/$(shell dh_listpackages)/DEBIAN/preinst true.c
diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/true.c b/t/tests/scripts-does-not-start-with-shebang/debian/true.c
new file mode 100644
index 0000000..8479e67
--- /dev/null
+++ b/t/tests/scripts-does-not-start-with-shebang/debian/true.c
@@ -0,0 +1,5 @@
+int
+main(void)
+{
+    return 0;
+}
diff --git a/t/tests/scripts-does-not-start-with-shebang/desc b/t/tests/scripts-does-not-start-with-shebang/desc
new file mode 100644
index 0000000..f999796
--- /dev/null
+++ b/t/tests/scripts-does-not-start-with-shebang/desc
@@ -0,0 +1,6 @@
+Testname: scripts-does-not-start-with-shebang
+Type: native
+Version: 1.0
+Description: Check for maintainer scripts that do not start with #!
+Test-For:
+ script-without-interpreter
diff --git a/t/tests/scripts-does-not-start-with-shebang/tags b/t/tests/scripts-does-not-start-with-shebang/tags
new file mode 100644
index 0000000..c93921a
--- /dev/null
+++ b/t/tests/scripts-does-not-start-with-shebang/tags
@@ -0,0 +1 @@
+E: scripts-does-not-start-with-shebang: script-without-interpreter control/postrm

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git