Re: Mass-filing bug against use of '/usr/bin/env perl' shebang line
* [Tue, Jul 31, 2012 at 04:44:17PM +0200] Gian Piero Carrubba:
I'm looking for some advice about filing a (more or less) mass-bug
report against perl scripts using /usr/bin/env in the shebang line.
Hi all,
sorry for the really long silence. I'm still interested in the matter,
but I don't think I can look at it again anytime soon. Anyway I had a
quick patch for lintian for implementing the check, and it's really time
to share it and asking for comments (logic/wording/whatever).
If there's some consensus, I'll submit the patch to lintian maintainers
and post-pone the bug reporting phase to a not-so-foreseeable future (or
simply wait for lintian check to do its work).
Thanks,
Gian Piero.
Mon Aug 6 18:19:49 CEST 2012 "Gian Piero Carrubba" <gpiero@rm-rf.it>
* Add tag perl-script-uses-env
diff -rN -u old-lintian-2.5.10.1/checks/scripts new-lintian-2.5.10.1/checks/scripts
--- old-lintian-2.5.10.1/checks/scripts 2012-08-06 18:20:38.001889753 +0200
+++ new-lintian-2.5.10.1/checks/scripts 2012-08-06 18:20:38.169891072 +0200
@@ -260,6 +260,11 @@
# Either they use an absolute path or they use '/usr/bin/env interp'.
script_tag('interpreter-not-absolute', $filename, "#!$interpreter")
unless $is_absolute;
+ script_tag( 'perl-script-uses-env', $filename )
+ if ($executable{$filename}
+ and $base eq 'perl'
+ and defined $calls_env
+ and $filename !~ m,^usr/(lib|share)/.*\.pm,);
tag 'script-not-executable', $filename
unless ($executable{$filename}
or $filename =~ m,^usr/(lib|share)/.*\.pm,
diff -rN -u old-lintian-2.5.10.1/checks/scripts.desc new-lintian-2.5.10.1/checks/scripts.desc
--- old-lintian-2.5.10.1/checks/scripts.desc 2012-08-06 18:20:38.001889753 +0200
+++ new-lintian-2.5.10.1/checks/scripts.desc 2012-08-06 18:20:38.169891072 +0200
@@ -680,3 +680,21 @@
are likely to be removed from the core in perl 5.16. Please either
remove references to these libraries, or add a dependency on
<tt>libperl4-corelibs-perl | perl (<< 5.12.3-7)</tt> to this package.
+
+Tag: perl-script-uses-env
+Severity: normal
+Certainty: possible
+Info: This perl script uses env in the she-bang line in order to locate the
+ perl binary interpreting it. This means the invoked perl binary is located via
+ the calling user's $PATH and could not be the intended one. Please use
+ /usr/bin/perl instead.
+Ref: policy 10.4
+
+Tag: example-perl-script-uses-env
+Severity: pedantic
+Certainty: possible
+Info: This example perl script uses env in the she-bang line in order to locate
+ the perl binary interpreting it. This means the invoked perl binary is located
+ via the calling user's $PATH and could not be the intended one. Please use
+ /usr/bin/perl instead.
+Ref: policy 10.4
Reply to: