Your message dated Thu, 09 Aug 2018 14:40:32 +0000 with message-id <[email protected]> and subject line Bug#905469: fixed in lintian 2.5.96 has caused the Debian Bug report #905469, regarding lintian: warn against direct access to the dpkg database to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 905469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905469 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: lintian Version: 2.5.94 Severity: wishlist Hi! The entire dpkg database, its layout and files are an internal interface to dpkg, no program or package (in theory) should be accessing it other than dpkg itself and any of the dpkg suite tools. While by design the database is all editable by the admin, that's a supported property intended and reserved for sentient beings, not for automatic tools, even though it's not a practice that should be recommended. AFAIR this was communicated in the past (but cannot find references now) as part of the multiarch database layout change, and there's even already a test to detect direct accesses to dpkg's status files. This is one blocker that is getting in the way of deploying mtree support as the dpkg database store, because .list, .md5sums and .conffiles are intended to disappear from under /var/lib/dpkg/info/, and that will break all these packages and programs. I think currently the only exceptions that might be allowed are: * Any package modifying (harmful) prerm scripts in the database, because we do not currently have any way to mark this yet. <https://wiki.debian.org/Teams/Dpkg/FAQ#Q:_Can_dpkg_be_told_to_avoid_invoking_a_harmful_prerm_from_an_installed_package_on_upgrade.3F> * And any frontend that might currently be accessing /var/lib/dpkg/info, because libdpkg-dev was neither a PIC library until PIE was globally enabled in dpkg, nor did it contain the db handling code, which was restricted to the dpkg binary itself. I think apt/cupt and similar would be grandfathered for now, until both libdpkg-dev contains such support (should come in dpkg 1.19.1) and these have switched over. Anything else, should be: * Using «dpkg --status» for package status. * Using «dpkg --status» for Conffiles field. * Using «dpkg-query --listfiles» for file lists. * Using «dpkg-query --control-(list|show)» to get control file information. * etc, happy to provide more alternatives to current uses. Thanks, Guillem
--- End Message ---
--- Begin Message ---Source: lintian Source-Version: 2.5.96 We believe that the bug you reported is fixed in the latest version of lintian, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <[email protected]> (supplier of updated lintian package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 09 Aug 2018 13:44:29 +0000 Source: lintian Binary: lintian Architecture: source all Version: 2.5.96 Distribution: unstable Urgency: medium Maintainer: Debian Lintian Maintainers <[email protected]> Changed-By: Chris Lamb <[email protected]> Description: lintian - Debian package checker Closes: 513544 646192 903470 904852 905469 Changes: lintian (2.5.96) unstable; urgency=medium . * Summary of tag changes: + Added: - incomplete-creative-commons-license - maintainer-script-should-not-use-dpkg-database-directly - package-contains-upstream-installation-documentation + Removed: - no-upstream-changelog - package-contains-upstream-install-documentation . * checks/changelog-file.{desc,pm}: + [CL] Drop no-upstream-changelog; it is rarely actionable and simply introduces unnecessary noise and/or requiring an override. It had additionally been disabled in the Ubuntu profile since 2011. (Closes: #513544, #646192) * checks/cruft.desc: + [CL] Tidy the description of the license-problem-cc-by-nc-sa and license-problem-non-free-img-lenna tags. * checks/files.{desc,pm}: + [BR] Improve package-contains-documentation-outside-usr-share-doc by checking if README includes 'this directory' (Closes: #904852) + [CL] Rename package-contains-upstream-install-documentation tag to package-contains-upstream-installation-documentation. * checks/source-copyright.{desc,pm}: + [CL] Check for Creative Commons license texts that use the incomplete "human-readable" summary. (Closes: #903470) . * data/scripts/maintainer-script-bad-command: + [CL] Warn about packages that directly query the dpkg database in their maintainer scripts. Thanks, Guillem Jover! (Closes: #905469) * data/spelling/corrections: + [PW] Add a number of corrections. Checksums-Sha1: 69f4faf0502d70bf084a15dcb876324362596a68 3511 lintian_2.5.96.dsc 6bd43967ed23395447f29d0a7e065d67d63af293 1579988 lintian_2.5.96.tar.xz f0776f6cf180d5645b9b9adcfb2ad40f9f3de50d 1129268 lintian_2.5.96_all.deb 7860707b49e1ab92d129c9c6af78e1387b8a477c 16193 lintian_2.5.96_amd64.buildinfo Checksums-Sha256: 34f9655d125bdd923a40015a86c63c82d627466e20ac96b44d5c4dd313692779 3511 lintian_2.5.96.dsc ca8ff33feeac6fc8c0379998fecd613cefb58a493a6565e7ec5312462f678897 1579988 lintian_2.5.96.tar.xz 4feceb58d2d925256453682a9ece7315134f7788859a3329313fe0a5a6f665f9 1129268 lintian_2.5.96_all.deb 3c3061e13b8ec8ad83f745a0737aa4c4bf134a93555f9fcd477667c2d02fc131 16193 lintian_2.5.96_amd64.buildinfo Files: 601e7f42cbd464de381d228e400f68c1 3511 devel optional lintian_2.5.96.dsc 1d3e0b8fc26f83502b8fa968456185b7 1579988 devel optional lintian_2.5.96.tar.xz f4e62b5137c3c302a0863c1a43d1f149 1129268 devel optional lintian_2.5.96_all.deb 0a5f04e7849f1d3cbf2d1313115610a3 16193 devel optional lintian_2.5.96_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltsSfYACgkQHpU+J9Qx HlhSmQ/9GEsRg2ozNO37dOLioiYyb8639OAF981G0pOQw0aYHPZs7MswBk1Weg6/ msy/K9opp+iEomqJ3y5oARghWZWrg5XoLzED3LgV5sTtS7brXDavQ/xjobMiGCLO zNxYutbLRMxaoTcjQ0OciFd5DhUAKSCbzS1sSqM+obEs5IElxmgO+EIyipG0/2t+ T4RNQOW7ZTaYYvvPqv3V8lsKnjFxWXsIWtqYuc1JWUEvCjD7lSbfxHWf8FhC+dJW IrbqVMvgK2RLEkB/DbzAMLEDmexbBPstKTwDJFSttIN7No+7QGGefwR4Bd8omGrF tn+oXL/rlw2EJQkTvC09UFaqEAD64TeYieNfFzRaW0y9PZGvNhlT20Fm44CK/N5a nL4pIRyC3hX+f+xCyDTp9bCurJuoMuQ60jUiM050/rRsslRhB8GzLcRrJhroIDQF zCrXQU7r39whq/w+iP11OJ8Oso+sYE7LrbzKFMwx8jZtOgifrljhb7XR2kKMlIRC IftxVqIAaYVlgKi0s/thE3GMwXimwcSLJrt1NW5AFf2pVwGUVWfTzIemsTprjSz2 soeH+N2hP78x23dWvX2KAqFr8g/AgDHfa4n+ggblyeBI1UA0vB9P1m7T20YLg+Kr xlLdR/LnKUG2XWLsgAtLSaoDsuNAp3hxNKVDXz8+IyQ0+U5To0I= =2o+U -----END PGP SIGNATURE-----
--- End Message ---
