[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[lintian] 01/01: Check for maintainer scripts that call udevadm without a guard as it can fail within a chroot. (Closes: #890224)



This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository lintian.

commit 213777e48ba1ee4f1945bdb9eebefc74458df472
Author: Chris Lamb <lamby@debian.org>
Date:   Tue Feb 13 16:37:02 2018 +0000

    Check for maintainer scripts that call udevadm without a guard as it can fail within a chroot. (Closes: #890224)
---
 checks/scripts.desc                                  | 14 ++++++++++++++
 checks/scripts.pm                                    | 16 +++++++++++++---
 debian/changelog                                     |  3 +++
 .../debian/debian/postinst                           | 20 ++++++++++++++++++++
 .../debian/debian/preinst                            | 18 ++++++++++++++++++
 t/tests/scripts-udevadm-called-without-guard/desc    |  5 +++++
 t/tests/scripts-udevadm-called-without-guard/tags    |  2 ++
 7 files changed, 75 insertions(+), 3 deletions(-)

diff --git a/checks/scripts.desc b/checks/scripts.desc
index b244bbb..eba0c8e 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -838,3 +838,17 @@ Info: The maintainer script appears to call <tt>chmod</tt> or
   - Use <tt>runuser(1)</tt> to perform any initialization work as the
     user you were previously <tt>chown</tt>ing to.
 Ref: #889060, #889488, runuser(1)
+
+Tag: udevadm-called-without-guard
+Severity: normal
+Certainty: possible
+Info: The specified maintainer script uses <tt>set -e</tt> but seems to
+ call <tt>udevadm(8)</tt> without a conditional guard.
+ .
+ <tt>udevadm</tt> can exist but be non-functional (such as inside a
+ chroot) and thus can result in package installation or upgrade failure
+ if the call fails.
+ .
+ Please guard the return code of the call via wrapping it in a suitable
+ <tt>if</tt> construct or by appending <tt>|| true</tt>.
+Ref: #890224, udevadm(8)
diff --git a/checks/scripts.pm b/checks/scripts.pm
index af08ad1..7021610 100644
--- a/checks/scripts.pm
+++ b/checks/scripts.pm
@@ -641,9 +641,13 @@ sub run {
         # now scan the file contents themselves
         my $fd = $path->open;
 
-        my ($saw_init, $saw_invoke, $saw_debconf,
-            $saw_bange, $saw_sete, $has_code,
-            $saw_statoverride_list, $saw_statoverride_add);
+        my (
+            $saw_init, $saw_invoke,
+            $saw_debconf,$saw_bange,
+            $saw_sete, $has_code,
+            $saw_statoverride_list, $saw_statoverride_add,
+            $saw_udevadm_guard
+        );
         my %warned;
         my $cat_string = '';
 
@@ -711,6 +715,12 @@ sub run {
                 $seen_helper_cmds{$cmd}{$file} = 1;
             }
 
+            if (m,$LEADIN(?:/bin/)?udevadm\s, and $saw_sete) {
+                $saw_udevadm_guard = 1 if m/\bif\s+/g;
+                tag 'udevadm-called-without-guard', "$file:$."
+                  unless $saw_udevadm_guard or m/\|\|/;
+            }
+
             if (    m,[^\w](?:(?:/var)?/tmp|\$TMPDIR)/[^)\]}\s],
                 and not m/\bmks?temp\b/
                 and not m/\btempfile\b/
diff --git a/debian/changelog b/debian/changelog
index 1c499f8..aa5a74b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,6 +25,9 @@ lintian (2.5.75) UNRELEASED; urgency=medium
     + [CL] Underline that maintainers do not need to override the
       new-package-should-not-package-python2-module tag but rather leave a
       comment in debian/changelog.
+  * checks/scripts.{desc,pm}:
+    + [CL] Check for maintainer scripts that call udevadm without a guard
+      as it can fail within a chroot.  (Closes: #890224)
 
   * commands/reporting-html-reports.html:
     + [NT] Minimize generated SVG files if scour is installed and
diff --git a/t/tests/scripts-udevadm-called-without-guard/debian/debian/postinst b/t/tests/scripts-udevadm-called-without-guard/debian/debian/postinst
new file mode 100644
index 0000000..ee508c4
--- /dev/null
+++ b/t/tests/scripts-udevadm-called-without-guard/debian/debian/postinst
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+udevadm positive
+
+udevadm false-positive || true
+udevadm false-positive || echo "Warning message"
+
+if udevadm false-positive
+then
+	udevadm false-positive
+fi
+
+# We don't actually catch this one as our test is too naive
+udevadm positive
+
+exit 0
diff --git a/t/tests/scripts-udevadm-called-without-guard/debian/debian/preinst b/t/tests/scripts-udevadm-called-without-guard/debian/debian/preinst
new file mode 100644
index 0000000..70e0741
--- /dev/null
+++ b/t/tests/scripts-udevadm-called-without-guard/debian/debian/preinst
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#DEBHELPER#
+
+udevadm positive
+
+udevadm false-positive || true
+udevadm false-positive || echo "Warning message"
+
+if udevadm false-positive
+then
+	udevadm false-positive
+fi
+
+# We don't actually catch this one as our test is too naive
+udevadm positive
+
+exit 0
diff --git a/t/tests/scripts-udevadm-called-without-guard/desc b/t/tests/scripts-udevadm-called-without-guard/desc
new file mode 100644
index 0000000..61c7c4a
--- /dev/null
+++ b/t/tests/scripts-udevadm-called-without-guard/desc
@@ -0,0 +1,5 @@
+Testname: scripts-udevadm-called-without-guard
+Version: 1.0
+Description: Test for packages that call udevadm without a guard
+Test-For:
+ udevadm-called-without-guard
diff --git a/t/tests/scripts-udevadm-called-without-guard/tags b/t/tests/scripts-udevadm-called-without-guard/tags
new file mode 100644
index 0000000..9db7f0f
--- /dev/null
+++ b/t/tests/scripts-udevadm-called-without-guard/tags
@@ -0,0 +1,2 @@
+W: scripts-udevadm-called-without-guard: maintainer-script-ignores-errors preinst
+W: scripts-udevadm-called-without-guard: udevadm-called-without-guard postinst:7

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git


Reply to: