lintian: r605 - in trunk: checks debian testset testset/maintainer-scripts/debian

[rra]

Author: rra
Date: 2006-04-03 07:33:13 +0200 (Mon, 03 Apr 2006)
New Revision: 605

Modified:
   trunk/checks/scripts
   trunk/checks/scripts.desc
   trunk/debian/changelog
   trunk/testset/maintainer-scripts/debian/postinst
   trunk/testset/maintainer-scripts/debian/postrm
   trunk/testset/tags.maintainer-scripts
Log:
  + [RA] Find missing ucf dependencies and restructure the code to allow
    easier addition of similar checks.  (Closes: #261891)

Modified: trunk/checks/scripts
===================================================================
--- trunk/checks/scripts        2006-04-03 04:34:23 UTC (rev 604)
+++ trunk/checks/scripts        2006-04-03 05:33:13 UTC (rev 605)
@@ -151,6 +151,16 @@
                                'zsh' => 'zsh'
                               );
 
+# Appearance of one of these regexes in a maintainer script means that there
+# must be a dependency (or pre-dependency) on the given package.  The tag
+# reported is maintainer-script-needs-depends-on-%s, so be sure to update
+# scripts.desc when adding a new rule.
+my @depends_needed = (
+        [ adduser => '\badduser\b' ],
+        [ netbase => '\bupdate-inetd\b' ],
+        [ ucf => '\bucf\s' ],
+);
+
 my %executable = ();
 my %suid = ();
 my %ELF = ();
@@ -415,7 +425,7 @@
     open C, "$filename"
        or fail("cannot open maintainer script $filename for reading: $!");
 
-    my ($warned_tmp, $warned_killall, $warned_netbase, $warned_adduser);
+    my %warned;
     my ($saw_init, $saw_invoke);
     my $cat_string = "";
 
@@ -425,13 +435,13 @@
        chomp();
        if (m,[^\w=](/var)?/tmp\b, and not m/\bmktemp\b/ and not 
m/\btempfile\b/ and not m/\bmkdir\b/) {
            tag "possibly-insecure-handling-of-tmp-files-in-maintainer-script", 
"$file:$."
-               unless $warned_tmp;
-           $warned_tmp = 1;
+               unless $warned{tmp};
+           $warned{tmp} = 1;
        }
        if (m/^\s*killall(?:\s|$)/) {
            tag "killall-is-dangerous", "$file:$."
-               unless $warned_killall;
-           $warned_killall = 1;
+               unless $warned{killall};
+           $warned{killall} = 1;
        }
        if (m/^\s*mknod(?:\s|$)/ and not m/\sp\s/) {
            tag "mknod-in-maintainer-script", "$file:$.";
@@ -554,24 +564,21 @@
        if (m,\bsuidregister\b,) {
            tag "suidregister-used-in-maintainer-script", "$file";
        }
-       if (m,\bupdate-inetd\b, && !$warned_netbase) {
-           my $type = $deps{'netbase'};
-           unless ($type and ($type eq 'depends' or $type eq 'pre-depends')) {
-               tag "maintainer-script-needs-depends-on-netbase", "$file";
-               $warned_netbase = 1;
-           }
-       }
-       if (m,\badduser\b, && !$warned_adduser) {
-           my $type = $deps{'adduser'};
-           unless ($type and ($type eq 'depends' or $type eq 'pre-depends')) {
-               tag "maintainer-script-needs-depends-on-adduser", "$file";
-               $warned_adduser = 1;
-           }
-       }
        if ($file eq 'postrm') {
            if (m,update\-alternatives \-\-remove,) {
                tag "update-alternatives-remove-called-in-postrm", "";
            }
+       } else {
+           for my $rule (@depends_needed) {
+               my ($package, $regex) = @$rule;
+               if (/$regex/ && ! $warned{$package}) {
+                   my $type = $deps{$package};
+                   unless ($type and ($type eq 'depends' or $type eq 
'pre-depends')) {
+                       tag "maintainer-script-needs-depends-on-$package", 
"$file";
+                       $warned{$package} = 1;
+                   }
+               }
+           }
        }
        if (/invoke-rc.d.*\|\| exit 0/) {
            tag "maintainer-script-hides-init-failure", "$file:$.";

Modified: trunk/checks/scripts.desc
===================================================================
--- trunk/checks/scripts.desc   2006-04-03 04:34:23 UTC (rev 604)
+++ trunk/checks/scripts.desc   2006-04-03 05:33:13 UTC (rev 605)
@@ -266,6 +266,11 @@
 Info: This script calls adduser, but the package does not depend or
  pre-depend on the adduser package.
 
+Tag: maintainer-script-needs-depends-on-ucf
+Type: warning
+Info: This script calls ucf, but the package does not depend or pre-depend
+ on the ucf package.
+
 Tag: update-alternatives-remove-called-in-postrm
 Type: warning
 Info: 'update-alternatives --remove <alternative> foo' is called in the

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog      2006-04-03 04:34:23 UTC (rev 604)
+++ trunk/debian/changelog      2006-04-03 05:33:13 UTC (rev 605)
@@ -41,6 +41,8 @@
       a typo.  Thanks, Marc Haber.  (Closes: #360214, #360216)
     + [RA] Warn when maintainer scripts run init scripts directly and
       don't use invoke-rc.d.  Thanks, Lars Wirzenius.  (Closes: #353659)
+    + [RA] Find missing ucf dependencies and restructure the code to allow
+      easier addition of similar checks.  (Closes: #261891)
 
   * collection/objdump-info:
     + [RA] Unset CDPATH before running cd to avoid strange effects from
@@ -50,7 +52,7 @@
   * lib/Util.pm:
     + [RA] Add system_env, like system but sanitizing the environment.
 
- -- Russ Allbery <[EMAIL PROTECTED]>  Sun,  2 Apr 2006 15:40:00 -0700
+ -- Russ Allbery <[EMAIL PROTECTED]>  Sun,  2 Apr 2006 22:32:37 -0700
 
 lintian (1.23.16) unstable; urgency=low
 

Modified: trunk/testset/maintainer-scripts/debian/postinst
===================================================================
--- trunk/testset/maintainer-scripts/debian/postinst    2006-04-03 04:34:23 UTC 
(rev 604)
+++ trunk/testset/maintainer-scripts/debian/postinst    2006-04-03 05:33:13 UTC 
(rev 605)
@@ -60,3 +60,6 @@
 else
     /etc/init.d/package start
 fi
+
+# Example ucf invocation.
+ucf /usr/share/foo/configuration /etc/foo.conf

Modified: trunk/testset/maintainer-scripts/debian/postrm
===================================================================
--- trunk/testset/maintainer-scripts/debian/postrm      2006-04-03 04:34:23 UTC 
(rev 604)
+++ trunk/testset/maintainer-scripts/debian/postrm      2006-04-03 05:33:13 UTC 
(rev 605)
@@ -23,3 +23,10 @@
 
 # Shouldn't provoke an error despite no invoke-rc.d.
 echo "/etc/init.d/package stop to stop something"
+
+# Shouldn't require a ucf dependency.  Unfortunately, right now that's
+# just because postrm isn't checked, not because we ensure that the
+# invocation is conditional.
+if which ucf >/dev/null; then
+    ucf --purge /etc/foo.conf
+fi    

Modified: trunk/testset/tags.maintainer-scripts
===================================================================
--- trunk/testset/tags.maintainer-scripts       2006-04-03 04:34:23 UTC (rev 
604)
+++ trunk/testset/tags.maintainer-scripts       2006-04-03 05:33:13 UTC (rev 
605)
@@ -27,6 +27,7 @@
 W: maintainer-scripts: maintainer-script-calls-deprecated-wm-menu-config 
postinst:31
 W: maintainer-scripts: maintainer-script-calls-init-script-directly prerm:54
 W: maintainer-scripts: maintainer-script-hides-init-failure postinst:55
+W: maintainer-scripts: maintainer-script-needs-depends-on-ucf postinst
 W: maintainer-scripts: missing-debconf-dependency
 W: maintainer-scripts: no-debconf-templates
 W: maintainer-scripts: possible-bashism-in-maintainer-script postinst:15 '. 
/usr/share/lintian/shell foo'


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]