Re: [lintian] 01/01: Check that non-ELF maintainer scripts start with #!. (Closes: #843428)

[Bastien ROUCARIES <roucaries.bastien@gmail.com>]

On Fri, Jul 21, 2017 at 7:52 PM, Chris Lamb <chris@chris-lamb.co.uk> wrote:
> This is an automated email from the git hooks/post-receive script.
>
> lamby pushed a commit to branch master
> in repository lintian.
>
> commit 9da2a1aceb5a4281a2a627d95f5c9288bab85038
> Author: Chris Lamb <lamby@debian.org>
> Date:   Thu Jul 20 22:58:44 2017 +0100
>
>     Check that non-ELF maintainer scripts start with #!. (Closes: #843428)
> ---
>  collection/scripts                                          | 13 +++++++++++--
>  debian/changelog                                            |  4 ++++
>  .../debian/debian/phpmyfoo.postrm                           |  4 ++++
>  t/tests/apache2-webapplications-general/tags                |  2 ++
>  t/tests/legacy-scripts/tags                                 |  1 +
>  .../debian/debian/postinst                                  |  9 +++++++++
>  .../debian/debian/postrm                                    |  7 +++++++
>  .../scripts-does-not-start-with-shebang/debian/debian/rules |  8 ++++++++
>  t/tests/scripts-does-not-start-with-shebang/debian/true.c   |  5 +++++
>  t/tests/scripts-does-not-start-with-shebang/desc            |  6 ++++++
>  t/tests/scripts-does-not-start-with-shebang/tags            |  1 +
>  11 files changed, 58 insertions(+), 2 deletions(-)
>
> diff --git a/collection/scripts b/collection/scripts
> index 1fabc86..1c4260a 100755
> --- a/collection/scripts
> +++ b/collection/scripts
> @@ -69,8 +69,17 @@ sub collect {
>      open(my $ctrl_fd, '>', "$dir/control-scripts");
>      for my $path ($info->control_index('')->children) {
>          next unless $path->is_open_ok;
> -        my $scriptpath = shebang_line($path);
> -        next unless defined($scriptpath);
> +        # Only collect maintainer scripts
> +        next unless $path =~ m/^(?:(?:pre|post)(?:inst|rm)|config)$/;
> +
> +        # Allow ELF binaries
> +        my $magic;
> +        my $fd = $path->open;
> +        if (read($fd, $magic, 4)) {
> +            next if $magic eq "\x7FELF";
> +        }
> +        close($fd);
> +        my $scriptpath = shebang_line($path) // '';


I will have tagged with an info tag the ELF maint script....


>
>          # Remove everything after the first space (i.e. any options)
>          $scriptpath =~ s/\s++ .++ \Z//xsm;
> diff --git a/debian/changelog b/debian/changelog
> index e549e03..9782aa6 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -82,6 +82,10 @@ lintian (2.5.52) UNRELEASED; urgency=medium
>      + [CL] Factor out hard-coded list of possible upstream key locations
>        to the "common/signing-key-filenames" Lintian::Data resource.
>
> +  * collection/scripts:
> +    + [CL] Check that non-ELF maintainer scripts start with #!.
> +      (Closes: #843428)
> +
>    * commands/lintian.pm:
>      + [NT] Attempt to clean up on SIGTERM (like with SIGINT).
>      + [CL] Allow the use of suppress-tags=<tag>[,<tag>[,<tag>]] in
> diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
> index 2fffaab..d0db12e 100644
> --- a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
> +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
> @@ -1,3 +1,7 @@
> +#!/bin/sh
> +
> +set -e
> +
>  if [ "$1" = 'configure' ] ; then
>          a2disconf -q phpmyfoo
>  fi
> diff --git a/t/tests/apache2-webapplications-general/tags b/t/tests/apache2-webapplications-general/tags
> index 725895b..3f2bb1c 100644
> --- a/t/tests/apache2-webapplications-general/tags
> +++ b/t/tests/apache2-webapplications-general/tags
> @@ -12,7 +12,9 @@ W: phpmyfoo: apache2-deprecated-auth-config </Limit>
>  W: phpmyfoo: apache2-deprecated-auth-config <Limit POST PUT DELETE>
>  W: phpmyfoo: apache2-deprecated-auth-config Order
>  W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postinst
> +W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postrm
>  W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postinst a2enconf
> +W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postrm a2disconf
>  W: phpmyfoo: apache2-unparsable-dependency etc/apache2/conf-available/phpmyfoo.conf bar2.conf
>  W: phpmyfoo: apache2-unsupported-dependency etc/apache2/conf-available/phpmyfoo.conf Conflicts
>  W: phpmyfoo: web-application-depends-on-apache2-data-package apache2-bin
> diff --git a/t/tests/legacy-scripts/tags b/t/tests/legacy-scripts/tags
> index 913844d..2feeb5d 100644
> --- a/t/tests/legacy-scripts/tags
> +++ b/t/tests/legacy-scripts/tags
> @@ -21,6 +21,7 @@ E: scripts: php-script-but-no-php-cli-dep usr/share/scripts/phpenvfoo
>  E: scripts: php-script-but-no-php-cli-dep usr/share/scripts/phpfoo
>  E: scripts: python-script-but-no-python-dep usr/bin/py2.Xfoo
>  E: scripts: python-script-but-no-python-dep usr/bin/pyfoo
> +E: scripts: script-without-interpreter control/prerm
>  E: scripts: shell-script-fails-syntax-check usr/bin/sh-broken
>  E: scripts: wrong-path-for-interpreter usr/bin/lefty-foo (#!/usr/local/bin/lefty != /usr/bin/lefty)
>  E: scripts: wrong-path-for-interpreter usr/bin/rubyfoo (#!/bin/ruby1.8 != /usr/bin/ruby1.8)
> diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/debian/postinst b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postinst
> new file mode 100644
> index 0000000..9438152
> --- /dev/null
> +++ b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postinst
> @@ -0,0 +1,9 @@
> +#!/bin/sh
> +
> +# This file should not be triggered by script-without-interpreter
> +
> +set -e
> +
> +true
> +
> +#DEBHELPER#
> diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/debian/postrm b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postrm
> new file mode 100644
> index 0000000..5a2a7e7
> --- /dev/null
> +++ b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postrm
> @@ -0,0 +1,7 @@
> +# This file should be triggered by script-without-interpreter
> +
> +set -e
> +
> +true
> +
> +#DEBHELPER#
> diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/debian/rules b/t/tests/scripts-does-not-start-with-shebang/debian/debian/rules
> new file mode 100755
> index 0000000..84ab89a
> --- /dev/null
> +++ b/t/tests/scripts-does-not-start-with-shebang/debian/debian/rules
> @@ -0,0 +1,8 @@
> +#!/usr/bin/make -f
> +
> +%:
> +       dh $@
> +
> +override_dh_installdeb:
> +       dh_installdeb
> +       gcc -o debian/$(shell dh_listpackages)/DEBIAN/preinst true.c
> diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/true.c b/t/tests/scripts-does-not-start-with-shebang/debian/true.c
> new file mode 100644
> index 0000000..8479e67
> --- /dev/null
> +++ b/t/tests/scripts-does-not-start-with-shebang/debian/true.c
> @@ -0,0 +1,5 @@
> +int
> +main(void)
> +{
> +    return 0;
> +}
> diff --git a/t/tests/scripts-does-not-start-with-shebang/desc b/t/tests/scripts-does-not-start-with-shebang/desc
> new file mode 100644
> index 0000000..f999796
> --- /dev/null
> +++ b/t/tests/scripts-does-not-start-with-shebang/desc
> @@ -0,0 +1,6 @@
> +Testname: scripts-does-not-start-with-shebang
> +Type: native
> +Version: 1.0
> +Description: Check for maintainer scripts that do not start with #!
> +Test-For:
> + script-without-interpreter
> diff --git a/t/tests/scripts-does-not-start-with-shebang/tags b/t/tests/scripts-does-not-start-with-shebang/tags
> new file mode 100644
> index 0000000..c93921a
> --- /dev/null
> +++ b/t/tests/scripts-does-not-start-with-shebang/tags
> @@ -0,0 +1 @@
> +E: scripts-does-not-start-with-shebang: script-without-interpreter control/postrm
>
> --
> Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
>