[lintian] 01/01: Rework the no missing systemd .service detection. (Closes: #858588)
This is an automated email from the git hooks/post-receive script.
lamby pushed a commit to branch master
in repository lintian.
commit 0848266e444d029c6fa826f1a6d3e8dd2dad0739
Author: Chris Lamb <lamby@debian.org>
Date: Thu Feb 8 16:59:35 2018 +0000
Rework the no missing systemd .service detection. (Closes: #858588)
Rework the no service detection, improving the (rarely overridden) tag names to
better match what they detect as well as adding a new
"missing-systemd-service-for-init.d-script" pedantic tag where we do not have
an equivalent unit as this implies missing bespoke security hardening support,
etc. Thanks to Lucas Nussbaum for his input.
---
checks/systemd.desc | 23 ++++++++++---
checks/systemd.pm | 23 ++++++++-----
data/override/renamed-tags | 2 ++
debian/changelog | 6 ++++
t/tests/systemd-general/desc | 5 +--
t/tests/systemd-general/tags | 3 +-
.../debian/debian/control.in | 40 ++++++++++++++++++++++
.../debian/systemd-missing-services-with.init | 21 ++++++++++++
.../debian/systemd-missing-services-with.service | 9 +++++
.../systemd-missing-services-without-rcs.init | 21 ++++++++++++
.../debian/systemd-missing-services-without.init | 21 ++++++++++++
t/tests/systemd-missing-services/desc | 8 +++++
t/tests/systemd-missing-services/tags | 2 ++
13 files changed, 166 insertions(+), 18 deletions(-)
diff --git a/checks/systemd.desc b/checks/systemd.desc
index 44b36a4..e04c85e 100644
--- a/checks/systemd.desc
+++ b/checks/systemd.desc
@@ -43,20 +43,33 @@ Info: The systemd service file refers to the obsolete BindTo= option.
<tt>BindsTo=</tt> which should be used instead.
Ref: https://github.com/systemd/systemd/commit/7f2cddae09fd2579ae24434df577bb5e5a157d86
-Tag: systemd-no-service-for-init-script
+Tag: omitted-systemd-service-for-init.d-script
Severity: serious
Certainty: certain
-Info: The listed init.d script has no systemd equivalent.
+Info: The specified init.d script has no systemd equivalent and the
+ package ships other units.
+ .
+ This typically occurs when a maintainer missed script when adding
+ systemd integration, or a new init script was added in a new upstream
+ version.
.
Systemd has a SysV init.d script compatibility mode. It provides access to
each SysV init.d script as long as there is no native service file with the
same name (e.g. <tt>/lib/systemd/system/rsyslog.service</tt> corresponds to
<tt>/etc/init.d/rsyslog</tt>).
+
+Tag: missing-systemd-service-for-init.d-script
+Severity: pedantic
+Certainty: certain
+Info: The specified init.d script has no equivalent systemd service.
+ .
+ Whilst systemd has a SysV init.d script compatibility mode, providing
+ native systemd support has many advantages such as being able to specify
+ security hardening features.
.
- Your package ships a service file, but for the listed init.d script, there is
- no corresponding systemd service file.
+ Please provide a suitable .service file for this script.
-Tag: systemd-no-service-for-init-rcS-script
+Tag: missing-systemd-service-for-init.d-rcS-script
Severity: serious
Certainty: certain
Ref: https://wiki.debian.org/Teams/pkg-systemd/rcSMigration
diff --git a/checks/systemd.pm b/checks/systemd.pm
index a1a2b2c..3cc9913 100644
--- a/checks/systemd.pm
+++ b/checks/systemd.pm
@@ -131,15 +131,20 @@ sub check_init_script {
tag 'init.d-script-does-not-source-init-functions', $file
unless $lsb_source_seen;
- # Only tag if the maintainer of this package did any effort to
- # make the package work with systemd.
- tag 'systemd-no-service-for-init-script', $basename
- if (%{$services} and not $services->{$servicename});
-
- # rcS scripts are particularly bad, warn even if there is
- # no systemd integration
- tag 'systemd-no-service-for-init-rcS-script', $basename
- if (not $services->{$servicename} and $is_rcs_script);
+
+ if (!$services->{$servicename}) {
+ # rcS scripts are particularly bad; always tag
+ if ($is_rcs_script) {
+ tag 'missing-systemd-service-for-init.d-rcS-script', $basename;
+ } else {
+ if (%{$services}) {
+ tag 'omitted-systemd-service-for-init.d-script', $basename;
+ } else {
+ tag 'missing-systemd-service-for-init.d-script', $basename;
+ }
+ }
+ }
+
return;
}
diff --git a/data/override/renamed-tags b/data/override/renamed-tags
index 8d34609..0d21c5e 100644
--- a/data/override/renamed-tags
+++ b/data/override/renamed-tags
@@ -7,4 +7,6 @@ package-install-apt-sources => package-installs-apt-sources
package-install-ieee-data => package-installs-ieee-data
package-install-into-obsolete-dir => package-installs-into-obsolete-dir
privacy-breach-may-use-debian-package => privacy-breach-uses-embedded-file
+systemd-no-service-for-init-script => omitted-systemd-service-for-init.d-script
+systemd-no-service-for-init-rcS-script => missing-systemd-service-for-init.d-rcS-script
transitional-package-should-be-oldlibs-extra => transitional-package-should-be-oldlibs-optional
diff --git a/debian/changelog b/debian/changelog
index cf6b1ff..dbd6a29 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -67,6 +67,12 @@ lintian (2.5.74) UNRELEASED; urgency=medium
* checks/systemd.{desc,pm}:
+ [CL] Warn about unit files that install to usual WantedBy= targets.
Thanks to Sam Morris for the initial patch. (Closes: #817170)
+ + [CL] Rework the no service detection, improving the (rarely
+ overridden) tag names to better match what they detect as well as
+ adding a new "missing-systemd-service-for-init.d-script" pedantic tag
+ where we do not have an equivalent unit as this implies missing
+ bespoke security hardening support, etc. Thanks to Lucas Nussbaum for
+ his input. (Closes: #858588)
* checks/udev.pm:
+ [CL] Add simple GOTO parsing to avoid false positives when checking
for udev rules for SUBSYSTEM specifiers. (Closes: #869547, #889639)
diff --git a/t/tests/systemd-general/desc b/t/tests/systemd-general/desc
index f69798e..acff609 100644
--- a/t/tests/systemd-general/desc
+++ b/t/tests/systemd-general/desc
@@ -1,14 +1,15 @@
Testname: systemd-general
Version: 1.0
Description: General systemd tests
+Test-Against:
+ omitted-systemd-service-for-init.d-script
Test-For:
init-script-is-not-a-file
init.d-script-does-not-source-init-functions
maintainer-script-calls-systemctl
+ missing-systemd-service-for-init.d-rcS-script
service-file-is-not-a-file
service-key-has-whitespace
- systemd-no-service-for-init-script
- systemd-no-service-for-init-rcS-script
systemd-service-alias-without-extension
systemd-service-file-outside-lib
systemd-service-file-missing-documentation-key
diff --git a/t/tests/systemd-general/tags b/t/tests/systemd-general/tags
index 40032c5..3660b1a 100644
--- a/t/tests/systemd-general/tags
+++ b/t/tests/systemd-general/tags
@@ -1,11 +1,10 @@
E: systemd-general: init-script-is-not-a-file etc/init.d/fifo-pipe-as-init
+E: systemd-general: missing-systemd-service-for-init.d-rcS-script systemd-general
E: systemd-general: service-file-is-not-a-file etc/systemd/system/fifo-pipe-as-init.service
E: systemd-general: service-key-has-whitespace etc/systemd/system/test.service at line 4
E: systemd-general: service-key-has-whitespace usr/lib/systemd/system/test.service at line 4
E: systemd-general: special-file etc/init.d/fifo-pipe-as-init 0644
E: systemd-general: special-file etc/systemd/system/fifo-pipe-as-init.service 0644
-E: systemd-general: systemd-no-service-for-init-rcS-script systemd-general
-E: systemd-general: systemd-no-service-for-init-script systemd-general
E: systemd-general: systemd-service-file-outside-lib etc/systemd/system/fifo-pipe-as-init.service
E: systemd-general: systemd-service-file-outside-lib etc/systemd/system/test.service
E: systemd-general: systemd-service-file-outside-lib usr/lib/systemd/system/test.service
diff --git a/t/tests/systemd-missing-services/debian/debian/control.in b/t/tests/systemd-missing-services/debian/debian/control.in
new file mode 100644
index 0000000..e9af466
--- /dev/null
+++ b/t/tests/systemd-missing-services/debian/debian/control.in
@@ -0,0 +1,40 @@
+Source: {$source}
+Priority: optional
+Section: {$section}
+Maintainer: {$author}
+Standards-Version: {$standards_version}
+Build-Depends: {$build_depends}
+Rules-Requires-Root: no
+
+Package: {$source}-with
+Architecture: {$architecture}
+Depends: $\{misc:Depends\}, lsb-base (>= 3.0-6)
+Description: {$description} - with .service file
+ This is a test package designed to exercise some feature or tag of
+ Lintian. It is part of the Lintian test suite and may do very odd
+ things. It should not be installed like a regular package. It may
+ be an empty package.
+ .
+ This package has a .service file for its initscript.
+
+Package: {$source}-without
+Architecture: {$architecture}
+Depends: $\{misc:Depends\}, lsb-base (>= 3.0-6)
+Description: {$description} - without .service file
+ This is a test package designed to exercise some feature or tag of
+ Lintian. It is part of the Lintian test suite and may do very odd
+ things. It should not be installed like a regular package. It may
+ be an empty package.
+ .
+ This package does not have a .service file for its initscript.
+
+Package: {$source}-without-rcs
+Architecture: {$architecture}
+Depends: $\{misc:Depends\}, lsb-base (>= 3.0-6)
+Description: {$description} - rcS script without .service file
+ This is a test package designed to exercise some feature or tag of
+ Lintian. It is part of the Lintian test suite and may do very odd
+ things. It should not be installed like a regular package. It may
+ be an empty package.
+ .
+ This package does not have a .service file for its rcS initscript.
diff --git a/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-with.init b/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-with.init
new file mode 100644
index 0000000..cfecc36
--- /dev/null
+++ b/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-with.init
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+. /lib/lsb/init-functions
+
+### BEGIN INIT INFO
+# Provides: systemd-missing-services-with
+# Required-Start:
+# Required-Stop:
+# Default-Start:
+# Default-Stop:
+# Short-Description: Do nothing at all
+# Description: The short description pretty much covers it.
+### END INIT INFO
+
+case "$1" in
+ start|stop|force-reload|restart|status|*)
+ echo hello world!
+ ;;
+esac
diff --git a/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-with.service b/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-with.service
new file mode 100644
index 0000000..7972526
--- /dev/null
+++ b/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-with.service
@@ -0,0 +1,9 @@
+[Unit]
+After=network.target
+Documentation=https://example.com/
+
+[Service]
+ExecStart=/bin/test
+
+[Install]
+WantedBy=multi-user.target
diff --git a/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-without-rcs.init b/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-without-rcs.init
new file mode 100644
index 0000000..2f93d19
--- /dev/null
+++ b/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-without-rcs.init
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+. /lib/lsb/init-functions
+
+### BEGIN INIT INFO
+# Provides: systemd-missing-services-without-rcs
+# Required-Start:
+# Required-Stop:
+# Default-Start: S 2 3 4 5
+# Default-Stop:
+# Short-Description: Do nothing at all
+# Description: The short description pretty much covers it.
+### END INIT INFO
+
+case "$1" in
+ start|stop|force-reload|restart|status|*)
+ echo hello world!
+ ;;
+esac
diff --git a/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-without.init b/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-without.init
new file mode 100644
index 0000000..1425d83
--- /dev/null
+++ b/t/tests/systemd-missing-services/debian/debian/systemd-missing-services-without.init
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+. /lib/lsb/init-functions
+
+### BEGIN INIT INFO
+# Provides: systemd-missing-services-without
+# Required-Start:
+# Required-Stop:
+# Default-Start:
+# Default-Stop:
+# Short-Description: Do nothing at all
+# Description: The short description pretty much covers it.
+### END INIT INFO
+
+case "$1" in
+ start|stop|force-reload|restart|status|*)
+ echo hello world!
+ ;;
+esac
diff --git a/t/tests/systemd-missing-services/desc b/t/tests/systemd-missing-services/desc
new file mode 100644
index 0000000..3a3d5ec
--- /dev/null
+++ b/t/tests/systemd-missing-services/desc
@@ -0,0 +1,8 @@
+Testname: systemd-missing-services
+Version: 1.0
+Description: Check for missing service files
+Options: -I -E --pedantic
+Test-For:
+ missing-systemd-service-for-init.d-script
+Test-Against:
+ omitted-systemd-service-for-init.d-script
diff --git a/t/tests/systemd-missing-services/tags b/t/tests/systemd-missing-services/tags
new file mode 100644
index 0000000..579df2c
--- /dev/null
+++ b/t/tests/systemd-missing-services/tags
@@ -0,0 +1,2 @@
+E: systemd-missing-services-without-rcs: missing-systemd-service-for-init.d-rcS-script systemd-missing-services-without-rcs
+P: systemd-missing-services-without: missing-systemd-service-for-init.d-script systemd-missing-services-without
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: