[lintian] 01/01: Check for maintainer scripts that call udevadm without a guard as it can fail within a chroot. (Closes: #890224)
This is an automated email from the git hooks/post-receive script.
lamby pushed a commit to branch master
in repository lintian.
commit 213777e48ba1ee4f1945bdb9eebefc74458df472
Author: Chris Lamb <lamby@debian.org>
Date: Tue Feb 13 16:37:02 2018 +0000
Check for maintainer scripts that call udevadm without a guard as it can fail within a chroot. (Closes: #890224)
---
checks/scripts.desc | 14 ++++++++++++++
checks/scripts.pm | 16 +++++++++++++---
debian/changelog | 3 +++
.../debian/debian/postinst | 20 ++++++++++++++++++++
.../debian/debian/preinst | 18 ++++++++++++++++++
t/tests/scripts-udevadm-called-without-guard/desc | 5 +++++
t/tests/scripts-udevadm-called-without-guard/tags | 2 ++
7 files changed, 75 insertions(+), 3 deletions(-)
diff --git a/checks/scripts.desc b/checks/scripts.desc
index b244bbb..eba0c8e 100644
--- a/checks/scripts.desc
+++ b/checks/scripts.desc
@@ -838,3 +838,17 @@ Info: The maintainer script appears to call <tt>chmod</tt> or
- Use <tt>runuser(1)</tt> to perform any initialization work as the
user you were previously <tt>chown</tt>ing to.
Ref: #889060, #889488, runuser(1)
+
+Tag: udevadm-called-without-guard
+Severity: normal
+Certainty: possible
+Info: The specified maintainer script uses <tt>set -e</tt> but seems to
+ call <tt>udevadm(8)</tt> without a conditional guard.
+ .
+ <tt>udevadm</tt> can exist but be non-functional (such as inside a
+ chroot) and thus can result in package installation or upgrade failure
+ if the call fails.
+ .
+ Please guard the return code of the call via wrapping it in a suitable
+ <tt>if</tt> construct or by appending <tt>|| true</tt>.
+Ref: #890224, udevadm(8)
diff --git a/checks/scripts.pm b/checks/scripts.pm
index af08ad1..7021610 100644
--- a/checks/scripts.pm
+++ b/checks/scripts.pm
@@ -641,9 +641,13 @@ sub run {
# now scan the file contents themselves
my $fd = $path->open;
- my ($saw_init, $saw_invoke, $saw_debconf,
- $saw_bange, $saw_sete, $has_code,
- $saw_statoverride_list, $saw_statoverride_add);
+ my (
+ $saw_init, $saw_invoke,
+ $saw_debconf,$saw_bange,
+ $saw_sete, $has_code,
+ $saw_statoverride_list, $saw_statoverride_add,
+ $saw_udevadm_guard
+ );
my %warned;
my $cat_string = '';
@@ -711,6 +715,12 @@ sub run {
$seen_helper_cmds{$cmd}{$file} = 1;
}
+ if (m,$LEADIN(?:/bin/)?udevadm\s, and $saw_sete) {
+ $saw_udevadm_guard = 1 if m/\bif\s+/g;
+ tag 'udevadm-called-without-guard', "$file:$."
+ unless $saw_udevadm_guard or m/\|\|/;
+ }
+
if ( m,[^\w](?:(?:/var)?/tmp|\$TMPDIR)/[^)\]}\s],
and not m/\bmks?temp\b/
and not m/\btempfile\b/
diff --git a/debian/changelog b/debian/changelog
index 1c499f8..aa5a74b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,6 +25,9 @@ lintian (2.5.75) UNRELEASED; urgency=medium
+ [CL] Underline that maintainers do not need to override the
new-package-should-not-package-python2-module tag but rather leave a
comment in debian/changelog.
+ * checks/scripts.{desc,pm}:
+ + [CL] Check for maintainer scripts that call udevadm without a guard
+ as it can fail within a chroot. (Closes: #890224)
* commands/reporting-html-reports.html:
+ [NT] Minimize generated SVG files if scour is installed and
diff --git a/t/tests/scripts-udevadm-called-without-guard/debian/debian/postinst b/t/tests/scripts-udevadm-called-without-guard/debian/debian/postinst
new file mode 100644
index 0000000..ee508c4
--- /dev/null
+++ b/t/tests/scripts-udevadm-called-without-guard/debian/debian/postinst
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+udevadm positive
+
+udevadm false-positive || true
+udevadm false-positive || echo "Warning message"
+
+if udevadm false-positive
+then
+ udevadm false-positive
+fi
+
+# We don't actually catch this one as our test is too naive
+udevadm positive
+
+exit 0
diff --git a/t/tests/scripts-udevadm-called-without-guard/debian/debian/preinst b/t/tests/scripts-udevadm-called-without-guard/debian/debian/preinst
new file mode 100644
index 0000000..70e0741
--- /dev/null
+++ b/t/tests/scripts-udevadm-called-without-guard/debian/debian/preinst
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#DEBHELPER#
+
+udevadm positive
+
+udevadm false-positive || true
+udevadm false-positive || echo "Warning message"
+
+if udevadm false-positive
+then
+ udevadm false-positive
+fi
+
+# We don't actually catch this one as our test is too naive
+udevadm positive
+
+exit 0
diff --git a/t/tests/scripts-udevadm-called-without-guard/desc b/t/tests/scripts-udevadm-called-without-guard/desc
new file mode 100644
index 0000000..61c7c4a
--- /dev/null
+++ b/t/tests/scripts-udevadm-called-without-guard/desc
@@ -0,0 +1,5 @@
+Testname: scripts-udevadm-called-without-guard
+Version: 1.0
+Description: Test for packages that call udevadm without a guard
+Test-For:
+ udevadm-called-without-guard
diff --git a/t/tests/scripts-udevadm-called-without-guard/tags b/t/tests/scripts-udevadm-called-without-guard/tags
new file mode 100644
index 0000000..9db7f0f
--- /dev/null
+++ b/t/tests/scripts-udevadm-called-without-guard/tags
@@ -0,0 +1,2 @@
+W: scripts-udevadm-called-without-guard: maintainer-script-ignores-errors preinst
+W: scripts-udevadm-called-without-guard: udevadm-called-without-guard postinst:7
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: