[dpkg] 09/56: debian: Include a bug-script to report on tainted merged-usr-via-symlinks

Sat, 23 Feb 2019 09:53:34 -0800 

This is an automated email from the git hooks/post-receive script.

guillem pushed a commit to branch master
in repository dpkg.

View the commit online:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=db3872abfb48ff4a5393f3c2fe343a63d90395f6

commit db3872abfb48ff4a5393f3c2fe343a63d90395f6
Author: Guillem Jover <[email protected]>
AuthorDate: Tue Feb 19 05:53:04 2019 +0100

    debian: Include a bug-script to report on tainted merged-usr-via-symlinks
    
    Systems deployed with that method bypass the package manager and its
    understanding of the filesystem, create aliasing problems, and break
    all kinds of expectations for any program that uses pathnames as key
    into their database, such as u-a.
---
 Makefile.am       |  1 +
 debian/bug-script | 10 ++++++++++
 debian/changelog  |  1 +
 debian/rules      |  2 ++
 4 files changed, 14 insertions(+)

diff --git a/Makefile.am b/Makefile.am
index d77292da7..f9bfee9ba 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -45,6 +45,7 @@ EXTRA_DIST = \
        doc/lcov-inject.pl \
        doc/rootless-builds.txt \
        doc/triggers.txt \
+       debian/bug-script \
        debian/changelog \
        debian/compat \
        debian/control \
diff --git a/debian/bug-script b/debian/bug-script
new file mode 100644
index 000000000..56d654818
--- /dev/null
+++ b/debian/bug-script
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+for d in /bin /sbin /lib /lib32 /libo32 /libx32 /lib64; do
+  if [ "$(readlink $d)" = "usr$d" ]; then
+    echo "System tainted due to merged-usr-via-symlinks." >&3
+    break
+  fi
+done
diff --git a/debian/changelog b/debian/changelog
index 0ceef6a69..6d95110ae 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,7 @@ dpkg (1.19.5) UNRELEASED; urgency=medium
     - Remove now unused assert usertag description.
     - Remove trailing whitespace from changelog.
     - Remove Origin and Bugs fields from control file.
+    - Include a bug-script to report on tainted merged-usr-via-symlinks.
 
   [ Updated programs translations ]
   * German (Sven Joachim).
diff --git a/debian/rules b/debian/rules
index 09dc6e65e..65e6006d1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -117,6 +117,7 @@ binary-arch: install
        $(call dpkg-installmanl10n,dselect)
        dh_installman -a
        dh_link -a
+       dh_bugfiles -a -A
        dh_lintian -a
        dh_strip -a
        dh_compress -a
@@ -138,6 +139,7 @@ binary-indep: install
        $(call dpkg-installmanl10n,dpkg-dev)
        dh_installman -i
        dh_link -i
+       dh_bugfiles -i -A
        dh_lintian -i
        # The perl modules should not depend on a specific interpreter.
        dh_perl -i -Nlibdpkg-perl

-- 
Dpkg.Org's dpkg

Reply via email to