[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#817170: marked as done (lintian: warn when (systemd) service units install themselves into an unusual target)

Your message dated Thu, 08 Feb 2018 18:06:39 +0000
with message-id <E1ejqal-0002ZE-6g@fasolo.debian.org>
and subject line Bug#817170: fixed in lintian 2.5.74
has caused the Debian Bug report #817170,
regarding lintian: warn when (systemd) service units install themselves into an unusual target
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
817170: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817170
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: lintian
Version: 2.5.42
Severity: wishlist
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I noticed that haveged.service installs itself with
WantedBy=default.target, rather than multi-user.target.

This lintian check warns when a service unit is WantedBy= something other
than {sysinit,multi-user,graphical}.target.

Would pkg-systemd-maintainers care to comment on whether this is a good
idea and/or whether there are likely to be too many false positives? I
ran the following on my system:

    systemctl --no-legend list-unit-files -t service | while read unit rest; do w=$(systemctl cat "$unit" | grep ^WantedBy=); for x in $w; do printf '%s %s\n' $x "$unit"; done; done

and the false positives were from systemd itself, bluez and anacron.

- -- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (550, 'stable-updates'), (550, 'stable'), (530, 'testing'), (520, 'unstable'), (510, 'experimental'), (500, 'unstable-debug'), (500, 'testing-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lintian depends on:
ii  binutils                          2.26-5
ii  bzip2                             1.0.6-7+b3
ii  diffstat                          1.58-1
ii  file                              1:5.22+15-2+deb8u1
ii  gettext                           0.19.3-2
ii  hardening-includes                2.6
ii  intltool-debian                   0.35.0+20060710.1
ii  libapt-pkg-perl                   0.1.29+b5
ii  libarchive-zip-perl               1.39-1
ii  libclass-accessor-perl            0.34-1
ii  libclone-perl                     0.38-1+b1
ii  libdata-alias-perl                1.20-1+b1
ii  libdpkg-perl                      1.18.4
ii  libemail-valid-perl               1.195-1
ii  libfile-basedir-perl              0.03-1
ii  libipc-run-perl                   0.92-1
ii  liblist-moreutils-perl            0.413-1+b1
ii  libparse-debianchangelog-perl     1.2.0-1.1
ii  libperl5.22 [libdigest-sha-perl]  5.22.1-8
ii  libtext-levenshtein-perl          0.11-1
ii  libtimedate-perl                  2.3000-2
ii  liburi-perl                       1.64-1
ii  libyaml-libyaml-perl              0.41-6+b1
ii  man-db                            2.7.0.2-5
ii  patchutils                        0.3.3-1
ii  perl                              5.22.1-8
ii  t1utils                           1.38-4
ii  xz-utils                          5.1.1alpha+20120614-2+b3

Versions of packages lintian recommends:
ii  dpkg                                 1.18.4
ii  libautodie-perl                      2.29-2
ii  libperlio-gzip-perl                  0.19-1+b1
ii  perl                                 5.22.1-8
ii  perl-modules-5.22 [libautodie-perl]  5.22.1-8

Versions of packages lintian suggests:
pn  binutils-multiarch     <none>
ii  dpkg-dev               1.18.4
ii  libhtml-parser-perl    3.72-1
ii  libtext-template-perl  1.46-1

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJW3wuNAAoJENILQgJc2ie553sP/1uc3IiFkVw0HRj0ZCul000o
v5qPEXj/Z8ahzw5+JDeklzkmATMA8C4Ickdjhc65Qk/b4MdmqSKplkbqbVZhcqeB
1beWkA+jXNfcVjAGP5lqdA5CTvZ1u7xKhaRMiQ2O3O8hlX0zgk7eEUCTML0czwUx
4Oeo4TtkEnwyVmPOorEbixvyz7VENHHR7G2g6xbed2LlGqSZWJ1aTgqRawEssM9O
LPK1yo0XbTEFNFZ1CFgqLPVlpj/OFnkQJQgnSPDyo4fpiB3IJ4qbJLOXPWxWfGHG
iieVaQGA+KSq0c4FnSyfEz3DDDC17cS1uiCYEZrBldKIOzmootpPXXLKDa4aiDi7
c7XpLFCEExW6WM+Jn3iS5OMXINld1NqdWLvQgjfhSKe6em69NlXsdW3PojcaVHIK
xDLoQRujy4PWowVJGDpKjETeJQKhP9RnCHiXpmKEfjOrRnUAzUeBi7SIZcmb3IvS
esMpSCqlwI5yuspH3bsGUouuW2AMM2ANUSmCv6gW1emSuF2nZBzE9bhXDPSfdBC9
+SZiow546wv0qOOpRsIF8PE3TzW2z6mAnfPb3FFLB7QGCbSQ7Ll8fFR++2ghiu9y
QkqQSgGq1VpDr4lSaIopOMPFGmk5KUAkEZXzi6AX7x1i2l3lutjxeZ0I0cLL3hzw
db/vH9LV5UNwBFzIycy9
=ZGO7
-----END PGP SIGNATURE-----

>From 13fe1c75dae2d64d61adf765478990d5c2c84d4a Mon Sep 17 00:00:00 2001
From: Sam Morris <sam@robots.org.uk>
Date: Tue, 8 Mar 2016 16:11:18 +0000
Subject: [PATCH] systemd: warn if services are WantedBy= an unusual target

---
 checks/systemd.desc | 11 +++++++++++
 checks/systemd.pm   |  7 +++++++
 2 files changed, 18 insertions(+)

diff --git a/checks/systemd.desc b/checks/systemd.desc
index 7c8eddb..dc8ec73 100644
--- a/checks/systemd.desc
+++ b/checks/systemd.desc
@@ -126,3 +126,14 @@ Info: The systemd service file does not contain a <tt>Documentation</tt> key.
  Documentation for systemd service files can be automatically viewed using
  <tt>systemctl help servicename</tt> if this field is present.
 Ref: systemd.unit(5)
+
+Tag: systemd-service-wantedby-unusual-target
+Severity: normal
+Certainty: certain
+Info: The systemd service file declares an unusual WantedBy= relationship.
+ .
+ Most services that want to be started automatically at boot should use
+ WantedBy=multi-user.target or WantedBy=graphical.target. Services that want to
+ be started in rescue or single-user mode should instead use
+ WantedBy=sysinit.target.
+Ref: https://wiki.debian.org/Teams/pkg-systemd/rcSMigration
diff --git a/checks/systemd.pm b/checks/systemd.pm
index 69092be..225f153 100644
--- a/checks/systemd.pm
+++ b/checks/systemd.pm
@@ -195,6 +195,13 @@ sub check_systemd_service_file {
           unless extract_service_file_values($file, 'Unit', 'Documentation',1);
     }
 
+    if ($file =~ /\.service$/) {
+        my @wantedby = extract_service_file_values($file, 'Install', 'WantedBy');
+        my @unusual_wantedby = grep { /(?<!^sysinit)(?<!^multi-user)(?<!^graphical)\.target$/ } @wantedby;
+        tag 'systemd-service-wantedby-unusual-target', $file, $_
+            for @unusual_wantedby;
+    }
+
     return 1;
 }
 
-- 
2.7.0

--- End Message ---
--- Begin Message --- 
Source: lintian
Source-Version: 2.5.74

We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 817170@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated lintian package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 08 Feb 2018 17:41:55 +0000
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.74
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 lintian    - Debian package checker
Closes: 679124 738442 756130 762113 817170 858588 869547 889102 889486 889489 889535 889591 889592 889628 889638 889639 889746 889760 889814 889856
Changes:
 lintian (2.5.74) unstable; urgency=medium
 .
   * Summary of tag changes:
     + Added:
       - control-tarball-compression-format
       - data-tarball-compression-format
       - debian-rules-is-dh_make-template
       - init.d-script-should-always-start-service
       - jar-contains-source
       - missing-systemd-service-for-init.d-script
       - override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS
       - source-contains-prebuilt-wasm-binary
       - spelling-error-in-patch-description
       - systemd-service-file-refers-to-unusual-wantedby-target
     + Renamed:
       - systemd-no-service-for-init-script ->
         omitted-systemd-service-for-init.d-script
       - systemd-no-service-for-init-rcS-script ->
         missing-systemd-service-for-init.d-rcS-script
     + Removed:
       - override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES
 .
   * checks/changelog-file.desc:
     + [CL] Improve the long description of epoch-change-without-comment.
       Based on suggestions by Raphael Hertzog and Ian Jackson - thanks!
       (Closes: #889814)
   * checks/cruft.desc:
     + [BR] Check for wasm files.  (Closes: #889102)
     + [CL] Factor out call to _ships_examples to avoid excessive looping
       over $sorted_index.
     + [CL] Do not emit package-does-not-install-examples if we don't have
       any binary packages in our laboratory.  (Closes: #889591)
     + [CL] Improve the description of package-does-not-install-examples to
       give more debhelper advice.
     + [CL] Assume that if a source package generates a binary ending in
       "-examples" then it does ship examples.
   * checks/deb-format.{desc,pm}:
     + [CL] Add a classification tag for the .deb data tarball compression
       format.  (Closes: #738442)
     + [CL] Add a classification tag for the control tarball compression
       format.  (Closes: #889856)
   * checks/fields.pm:
     + [CL] Avoid false positives when checking binary packages depending on
       toolchain packages by ignoring packages starting with "dh-" or ending
       with "-source". Thanks to Josh Triplett for the report.
       (Closes: #889486)
   * checks/files.pm:
     + [BR] Add context for privacy breach in order to improve debugging.
   * checks/fields.desc:
     + [CL] Downgrade severity of build-depends-on-obsolete-package from
       error to warning.  (Closes: #889638)
   * checks/java.{desc,pm}:
     + [CL] Only warn about bad-jar-name for "public" .jar files.
       (Closes: #889628)
     + [CL] Check for .jar files that embed Foo.java alongside a Foo.class
       file.  (Closes: #762113)
   * checks/init.d.{desc,pm}:
     + [CL] Warn about packages that use ENABLED="true" (etc.) in
       /etc/default files.
   * checks/patch-systems.{desc,pm}:
     + [CL] Avoid emitting "Can't use an undefined value as an ARRAY
       reference" warnings when debian/patches is a file, not a directory.
       (Closes: #889535)
     + [CL] Check spelling of patch headers.  (Closes: #756130)
   * checks/rules.{desc,pm}:
     + [CL] Fix a number of false-positives when checking the
       "override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES" tag
       (Closes: #889592)
     + [CL] Make a large number of changes suggested by Mattia Rizzolo to
       the override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES tag,
       renaming it to reference DEB_BUILD_OPTIONS throughout, add Debian
       Policy 4.9.1 to the tag's Ref, lower "Certanty" to "wild-guess" and
       mark the tag as experimental, updating the tests to match.
       (Closes: #889746)
     + [CL] Check for debian/rules files that are dh_make templates.
       (Closes: #679124)
   * checks/scripts.desc:
     + [CL] Improve, elaborate and tidy the long description of the
       maintainer-script-should-not-use-recursive-chown-or-chmod tag.
       Heavily based on a patch by Daniel Kahn Gillmor - thanks!
       (Closes: #889489)
   * checks/source-copyright.pm:
     + [CL] Prevent false positives when checking for missing NOTICE.txt
       files by looking inside .jar archives.  (Closes: #889760)
   * checks/systemd.{desc,pm}:
     + [CL] Warn about unit files that install to usual WantedBy= targets.
       Thanks to Sam Morris for the initial patch.  (Closes: #817170)
     + [CL] Rework the no service detection, improving the (rarely
       overridden) tag names to better match what they detect as well as
       adding a new "missing-systemd-service-for-init.d-script" pedantic tag
       where we do not have an equivalent unit as this implies missing
       bespoke security hardening support, etc. Thanks to Lucas Nussbaum for
       his input.  (Closes: #858588)
   * checks/udev.pm:
     + [CL] Add simple GOTO parsing to avoid false positives when checking
       for udev rules for SUBSYSTEM specifiers.  (Closes: #869547, #889639)
 .
   * commands/reporting-{html-reports,lintian-harness}.pm:
     + [NT] Register packages that fail during archive wide processing.
 .
   * data/files/privacy-breaker-fragments:
     + [BR] Detect new fragments for Google CSE.
   * data/spelling/corrections:
     + [PW] Add a number of corrections.
 .
   * lib/Lintian/Util.pm:
     + [NT] Give lower processing priority to packages that repeatedly
       trigger errors during archive-wide processing.
 .
   * reporting/templates/index.tmpl:
     + [NT] Display summary of how many groups had errors during their
       last processing.
   * reporting/templates/{lintian.css,maintainer}.tmpl:
     + [NT] Use a distinct error status instead of "Outdated" for
       packages with errors during their last processing.
Checksums-Sha1:
 0acdfd1029057b3db40203d97e6b4271fee20e95 3505 lintian_2.5.74.dsc
 3b6d9daa7eb6ce8ae2c6e35acf94d6e1f0be397d 1479936 lintian_2.5.74.tar.xz
 cf0a6e3875994c42d5721025470cbc869f2bbcae 1100980 lintian_2.5.74_all.deb
 a6ee207b9b6dcfa92a7d1edf109627e97ab2006e 15989 lintian_2.5.74_amd64.buildinfo
Checksums-Sha256:
 e13f7a748cc513435119e0eb20e50a6612600c6ce57179262ce90b25f440323c 3505 lintian_2.5.74.dsc
 7bc82aeddd3092b48a357a7c877d9dc5d49b8c16af8b50f25de80b3f6f9ef847 1479936 lintian_2.5.74.tar.xz
 fe39422089d32f2e6bb010c7ff03f013ab56f2bc0b7a398972625d74c405ddf7 1100980 lintian_2.5.74_all.deb
 f7967fbf4ca5ee4c901be34aa0b2f940704bc46bdae56fb7f0df698a9f7011b5 15989 lintian_2.5.74_amd64.buildinfo
Files:
 a93cb16d31e53f38073ab6af042d5299 3505 devel optional lintian_2.5.74.dsc
 34e57c8fbbda0693bf901a4fe7f26903 1479936 devel optional lintian_2.5.74.tar.xz
 77baff5d246ff4f9ac449146c88116ff 1100980 devel optional lintian_2.5.74_all.deb
 3c9622e2cbdc75c505cef7afa3793cd0 15989 devel optional lintian_2.5.74_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlp8kDAACgkQHpU+J9Qx
Hliavg/5AV0Rc8AC70iDmi51z4lo6lweqk0usfwiEc7nw6eQUJYsguKs4sZFmiRM
1BrtvcG+XPOXt5BtjdPvpjRW4C9rIk63JMJT5iO/RzWxu94z3iDuie4RDZxFWAoB
gtMlBRMz475/LWsaXBFGzLW3z/yj1qLnXUuza/X7fy8sIRdun94RKObMXvfRksd3
dcxpaqpiKZ966DvZTYsR7Lc5ajOMS7gDpxSO5c1WY9VJGmThgpaWI5+dAVSfoVcj
I9tnqmX1HfuqVGCVFutKKiRbZ6Uoxg2y/cITlqYotD0xx/UnrjJ/O0E2jrV5a+WW
xVD/DqW53Q+wM8T7uaglFlGYbvnJHz/J/L2fSstcCmJcBii6fbXgsSdts0FPUKrf
xWvHokw3Ndz9mlNGTOlnwFOCCyXEQms+vBsKlkX/E088Bc5UZdaeszaWYpu5Ym/P
mT6TDgun1K6uKHiBxhZv+hWf0omyyMYMl6+FAX/NE/R6fQKJ479VUd+keXYsfn3y
/dbfV4pNI0GLEwhWEL7b85GWzd2BHFiDlekax9+wLXZgM97BRn/ievldNf5hbp5W
Wv9r/2yl1eF9x03ao6JG/9YbBEeLvzjYdEFibcgp5f6IJt7kBU07mgCX/dwaCrbL
T7gbeW+xdnnRQz/Z8968bU2fOynAOumR6/rXZutp5839OXJoVPM=
=ocH3
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: