[lintian] 01/01: Detect installation of nodejs pacakge under naked root

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 01/01: Detect installation of nodejs pacakge under naked root
From: Bastien Roucariès <rouca@moszumanska.debian.org>
Date: Fri, 25 Aug 2017 20:57:35 +0000
Message-id: <[🔎] E1dlLfb-0004Ci-CB@moszumanska.debian.org>
Reply-to: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
In-reply-to: <[🔎] 20170825205734.16083.11147@moszumanska.debian.org>
References: <[🔎] 20170825205734.16083.11147@moszumanska.debian.org>

This is an automated email from the git hooks/post-receive script.

rouca pushed a commit to branch master
in repository lintian.

commit c7387c304f2b39d788cc106ee6a3588900fae866
Author: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
Date:   Fri Aug 25 22:57:17 2017 +0200

    Detect installation of nodejs pacakge under naked root
---
 checks/files.desc                          |  6 ++++++
 checks/files.pm                            |  8 ++++++++
 debian/changelog                           |  1 +
 t/tests/files-nodejs/debian/debian/install |  1 +
 t/tests/files-nodejs/debian/debian/rules   | 16 ++++++++++++++++
 t/tests/files-nodejs/debian/src/test.js    |  1 +
 t/tests/files-nodejs/debian/src/test.json  |  1 +
 t/tests/files-nodejs/desc                  |  5 +++++
 t/tests/files-nodejs/tags                  |  2 ++
 9 files changed, 41 insertions(+)

diff --git a/checks/files.desc b/checks/files.desc
index 639fe26..17888e1 100644
--- a/checks/files.desc
+++ b/checks/files.desc
@@ -1215,6 +1215,12 @@ Info: This package creates a potential privacy breach by fetching W3C
  Note that these icons are non-free and must not be copied into the
  package. You could safely delete this W3C validation badge.
 
+Tag: node-package-install-in-nodejs-rootdir
+Severity: important
+Certainty: certain
+Info: This package contains a file under /usr/lib/nodejs
+ instead to /usr/lib/nodejs/${package}
+
 Tag: embedded-feedparser-library
 Severity: normal
 Certainty: certain
diff --git a/checks/files.pm b/checks/files.pm
index b5dea67..0dfc84f 100644
--- a/checks/files.pm
+++ b/checks/files.pm
@@ -751,6 +751,14 @@ sub run {
             elsif ($fname =~ m,^usr/lib/sgml/\S,) {
                 tag 'file-in-usr-lib-sgml', $file;
             }
+            # ---------------- /usr/lib/node
+            elsif ($fname =~ m,^usr/lib/nodejs/,) {
+                if ($fname eq 'usr/lib/nodejs/package.json') {
+                    tag 'node-package-install-in-nodejs-rootdir', $fname;
+                }elsif ($fname =~m,usr/lib/nodejs/[^/]*\.js$,) {
+                    tag 'node-package-install-in-nodejs-rootdir', $fname;
+                }
+            }
             # ---------------- perllocal.pod
             elsif ($fname =~ m,^usr/lib/perl.*/perllocal.pod$,) {
                 tag 'package-installs-perllocal-pod', $file;
diff --git a/debian/changelog b/debian/changelog
index 5eedfcd..86ce822 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -46,6 +46,7 @@ lintian (2.5.53) UNRELEASED; urgency=medium
     + [BR] Use Lintian::Data for name/section mapping
   * checks/files.pm:
     + [BR] Avoid false positive privacy-breach-generic for legal.xml.
+    + [BR] Detect install to node package under /usr/lib/nodejs/[^/]*$
   * checks/init.d.desc:
     + [RG] Do not recommend a versioned dependency on lsb-base in
       init.d-script-needs-depends-on-lsb-base.  (Closes: #847144)
diff --git a/t/tests/files-nodejs/debian/debian/install b/t/tests/files-nodejs/debian/debian/install
new file mode 100644
index 0000000..1b91047
--- /dev/null
+++ b/t/tests/files-nodejs/debian/debian/install
@@ -0,0 +1 @@
+usr/
diff --git a/t/tests/files-nodejs/debian/debian/rules b/t/tests/files-nodejs/debian/debian/rules
new file mode 100755
index 0000000..fbfddee
--- /dev/null
+++ b/t/tests/files-nodejs/debian/debian/rules
@@ -0,0 +1,16 @@
+#!/usr/bin/make -f
+PKG:=files-nodejs
+INSTPATH:=$(CURDIR)/debian/tmp/usr/lib/nodejs
+
+
+%:
+	dh $@
+
+override_dh_install:
+	mkdir -p $(INSTPATH)
+	cp src/test.js $(INSTPATH)/test.js
+	cp src/test.json $(INSTPATH)/package.json
+	dh_install
+
+
+
diff --git a/t/tests/files-nodejs/debian/src/test.js b/t/tests/files-nodejs/debian/src/test.js
new file mode 100644
index 0000000..ca538a6
--- /dev/null
+++ b/t/tests/files-nodejs/debian/src/test.js
@@ -0,0 +1 @@
+/* test.js */
\ No newline at end of file
diff --git a/t/tests/files-nodejs/debian/src/test.json b/t/tests/files-nodejs/debian/src/test.json
new file mode 100644
index 0000000..f0a3f50
--- /dev/null
+++ b/t/tests/files-nodejs/debian/src/test.json
@@ -0,0 +1 @@
+/* json test */
\ No newline at end of file
diff --git a/t/tests/files-nodejs/desc b/t/tests/files-nodejs/desc
new file mode 100644
index 0000000..0b481b8
--- /dev/null
+++ b/t/tests/files-nodejs/desc
@@ -0,0 +1,5 @@
+Testname: files-nodejs
+Version: 1.0
+Description: Check for nodejs problems
+Test-For:
+ node-package-install-in-nodejs-rootdir
diff --git a/t/tests/files-nodejs/tags b/t/tests/files-nodejs/tags
new file mode 100644
index 0000000..7492f8e
--- /dev/null
+++ b/t/tests/files-nodejs/tags
@@ -0,0 +1,2 @@
+E: files-nodejs: node-package-install-in-nodejs-rootdir usr/lib/nodejs/package.json
+E: files-nodejs: node-package-install-in-nodejs-rootdir usr/lib/nodejs/test.js

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git

Reply to:

References:
- [lintian] branch master updated (313bc34 -> c7387c3)
  - From: Bastien Roucariès <rouca@moszumanska.debian.org>

Prev by Date: [lintian] branch master updated (87eafe4 -> 313bc34)
Next by Date: [lintian] branch master updated (313bc34 -> c7387c3)
Previous by thread: [lintian] branch master updated (313bc34 -> c7387c3)
Next by thread: Build failed in Jenkins: lintian-tests_sid #1869
Index(es):
- Date
- Thread