Bug#704197: Please review: systemd checks
Package: lintian Version: 2.5.10.4 Severity: wishlist Attached you can find my first stab at systemd-related checks for lintian. While some details in parsing the service files are not implemented (see the TODOs in the code), I’d like you to have a look at the checks in general. Is there anything that needs to be improved before these can be shipped with lintian? Thanks! Check-Script: systemd Author: Michael Stapelberg stapelb...@debian.org Abbrev: systemd Type: binary Info: Checks various systemd policy things Needs-Info: scripts, index, unpacked, file-info Tag: systemd-service-file-outside-lib Severity: serious Certainty: certain Info: The package ships a systemd service file outside tt/lib/systemd/system//tt . System administrators should have the possibility to overwrite a service file (or parts of it, in newer systemd versions) by placing a file in tt/etc/systemd/system/tt, so the canonical location we use for service files is tt/lib/systemd/system//tt. Tag: systemd-tmpfiles.d-outside-usr-lib Severity: serious Certainty: certain Info: The package ships a systemd tmpfiles.d(5) conf file outside tt/usr/lib/tmpfiles.d//tt Tag: systemd-service-file-refers-to-obsolete-target Severity: normal Certainty: certain Info: The systemd service file refers to an obsolete target. . Some targets are obsolete by now, e.g. syslog.target or dbus.target. For example, declaring ttAfter=syslog.target/tt is unnecessary by now because syslog is socket-activated and will therefore be started when needed. Tag: systemd-no-service-for-init-script Severity: serious Certainty: certain Info: The listed init.d script has no systemd equivalent. . Systemd has a SysV init.d script compatibility mode. It provides access to each SysV init.d script as long as there is no native service file with the same name (e.g. tt/lib/systemd/system/rsyslog.service/tt corresponds to tt/etc/init.d/rsyslog/tt). . Your package ships a service file, but for the listed init.d script, there is no corresponding systemd service file. Tag: init.d-script-does-not-source-init-functions Severity: normal Certainty: certain Info: The tt/etc/init.d/tt script does not source tt/lib/lsb/init-functions/tt. The ttsystemd/tt package provides tt/lib/lsb/init-functions.d/40-systemd/tt to redirect tt/etc/init.d/$script/tt calls to systemctl. . Please add a line like this to your tt/etc/init.d/tt script: . . /lib/lsb/init-functions Tag: maintainer-script-calls-systemctl Severity: normal Certainty: certain Info: The maintainer script calls systemctl directly. Actions such as enabling or starting a service have to be done via ttupdate-rc.d/tt or ttinvoke-rc.d/tt, respectively, which both do the right thing when systemd is installed/running. # systemd -- lintian check script -*- perl -*- # # Copyright © 2013 Michael Stapelberg # # based on the apache2 checks file by: # Copyright © 2012 Arno Töll # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free # Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, # MA 02110-1301, USA. package Lintian::systemd; use strict; use warnings; use File::Basename; use Lintian::Collect::Binary (); use Lintian::Tags qw(tag); use Lintian::Relation qw(:constants); use Lintian::Util qw(fail); use Data::Dumper; sub run { my ($pkg, $type, $info) = @_; if ($type eq 'binary') { # Figure out whether the maintainer of this package did any effort to # make the package work with systemd. If not, we will not warn in case # of an init script that has no systemd equivalent, for example. my $ships_systemd_file = (scalar ( grep { m,/systemd/, } $info-sorted_index ) 0); # An array of names which are provided by the service files. # This includes Alias= directives, so after parsing # NetworkManager.service, it will contain NetworkManager and # network-manager. my @systemd_targets; for my $file ($info-sorted_index) { if ($file =~ m,^etc/tmpfiles\.d/.*\.conf$,) { tag('systemd-tmpfiles.d-outside-usr-lib', $file); } if ($file =~ m,^etc/systemd/system/.*\.service$,) { tag('systemd-service-file-outside-lib', $file); } if ($file =~ m,/systemd/system/.*\.service
Bug#704197: Please review: systemd checks
Hi Niels, Thanks for the super-fast review. New version is attached, I have fixed everything you mentioned, and for the other things I commented inline: Niels Thykier ni...@thykier.net writes: guidelines. I know Lintian's code style is a mess in general, so it describes the style I hope we will eventually reach[1]. :) Have you tried using perltidy for Lintian? I loathe manual source code formatting after working with gofmt and subsequently perltidy. I noticed that there appear to be no use of references (Ref: URL, #bug, policy X.Y ...). I would recommend finding such so people can quickly find more information. Links to systemd documentation, specification or even just a Debian wiki page. Will do once we’ve put up some wiki pages on that. If you do not need $pkg or $type, then you can replace them with undef. E.g. my (undef, undef, $info) = @_; I prefer to have the variables around, just in case the code needs to be changed to use those. That has the advantage that we know that argument is unused. I don’t understand what the advantage of knowing that is :-). Secondly, there is no check for file type. If someone (deliberately) creates $file as a fifo-pipe or a symlink it will DoS or (possibly) read host system files (respectively). Usually, a $info-index ($file)-is_regular_file should do (if symlinks/hardlinks can be ignored). Alternatively, (for symlinks) please check that the symlink can be safely resolved before opening the file (e.g. via the link_resolved method). For more information, please see the Lintian::Path module's API. I came up with this: sub check_init_script { my ($pkg, $info, $file) = @_; my $lsb_source_seen; my $path = $info-index ($file); fail $file is neither a regular file nor a resolvable symlink unless ($path-is_regular_file || defined($path-link_resolved)); open(my $fh, '', $info-unpacked($file)) or fail cannot open $file: $!; # … } Does that seem alright to you? sub split_quoted { [...] } Is this something that could be done by Text::ParseWords? I’m not entirely sure about it. The code I’m using is a 1:1 port of the corresponding systemd C code. This obviously has the benefit that there are no subtle differences between what we do and what systemd does. -- Best regards, Michael systemd Description: Binary data systemd.desc Description: Binary data
Bug#704197: Please review: systemd checks
Hi Niels, Niels Thykier ni...@thykier.net writes: sub check_init_script { my ($pkg, $info, $file) = @_; my $lsb_source_seen; my $path = $info-index ($file); fail $file is neither a regular file nor a resolvable symlink unless ($path-is_regular_file || defined($path-link_resolved)); open(my $fh, '', $info-unpacked($file)) or fail cannot open $file: $!; # … } Does that seem alright to you? Almost; it definitely plugs the issues I mentioned. That said, I believe we prefer to emit tags instead of erroring out when we see an unexpected file type (e.g. see control-file-is-not-a-file). Secondly, there is a bug in that link_resolved is only applicable to links. So if it is not a regular file and not a link, the code will croak in $path-link_resolved[2]. Okay, so how about this? sub check_init_script { my ($pkg, $info, $file) = @_; my $lsb_source_seen; my $path = $info-index ($file); unless ($path-is_regular_file || ($path-is_symlink defined($path-link_resolved))) { tag 'init-script-is-not-a-file', $file; } open(my $fh, '', $info-unpacked($file)) or fail cannot open $file: $!; # … } It really looks like a implementation of Text::ParseWords's shellwords[3]. If so, we can get that entire sub as a oneliner (we already use Text::ParseWords elsewhere). I switched to shellwords. We can always rever to the code we’ve had before, but in my tests, shellwords works fine. Find the new files attached. -- Best regards, Michael systemd Description: Binary data systemd.desc Description: Binary data
Bug#704197: Please review: systemd checks
Hi Niels, Niels Thykier ni...@thykier.net writes: I think you are missing a return here? Indeed, thanks. New files are attached, here is the list of things that I know need to be fixed: 1) We don’t have any documentation references in the .desc file yet. 2) I need to switch to lab_data_path in check_maintainer_scripts(). Could you please also say a few words on how the usual inclusion process works? I.e., what are the next steps after there are no more things left to fix? Also, do I need to mark the checks as experimental because they are new? -- Best regards, Michael systemd Description: Binary data systemd.desc Description: Binary data
Bug#704197: Please review: systemd checks
Hi Niels, Thanks for your prompt reply. Niels Thykier ni...@thykier.net writes: Tests! Once there are tests for all the new tags (and none of the existing tests breaks) we are usually ready to accept the checks. Cool. Find attached two git format-patch files. The first adds the latest version of my systemd checks, the second one adds tests. Could you please have a look at the tests? Please note that I did not run the whole testsuite because it fails on my machine (see my IRC query). It’d be great if you could run it for me. -- Best regards, Michael From eb5c8b33019e1b838f675bd455052b3d1347fe75 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg mich...@stapelberg.de Date: Sat, 13 Apr 2013 23:14:31 +0200 Subject: [PATCH 1/2] add systemd checks --- checks/systemd | 252 +++ checks/systemd.desc | 76 2 files changed, 328 insertions(+) create mode 100644 checks/systemd create mode 100644 checks/systemd.desc diff --git a/checks/systemd b/checks/systemd new file mode 100644 index 000..866110c --- /dev/null +++ b/checks/systemd @@ -0,0 +1,252 @@ +# systemd -- lintian check script -*- perl -*- +# +# Copyright © 2013 Michael Stapelberg +# +# based on the apache2 checks file by: +# Copyright © 2012 Arno Töll +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, you can find it on the World Wide +# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. + +package Lintian::systemd; + +use strict; +use warnings; + +use File::Basename; +use Text::ParseWords qw(shellwords); + +use Lintian::Tags qw(tag); +use Lintian::Util qw(fail); + +sub run { +my ($pkg, $type, $info) = @_; + +# Figure out whether the maintainer of this package did any effort to +# make the package work with systemd. If not, we will not warn in case +# of an init script that has no systemd equivalent, for example. +my $ships_systemd_file = (scalar ( grep { m,/systemd/, } $info-sorted_index ) 0); + +# An array of names which are provided by the service files. +# This includes Alias= directives, so after parsing +# NetworkManager.service, it will contain NetworkManager and +# network-manager. +my @systemd_targets; + +for my $file ($info-sorted_index) { +if ($file =~ m,^etc/tmpfiles\.d/.*\.conf$,) { +tag 'systemd-tmpfiles.d-outside-usr-lib', $file; +} +if ($file =~ m,^etc/systemd/system/.*\.service$,) { +tag 'systemd-service-file-outside-lib', $file; +} +if ($file =~ m,/systemd/system/.*\.service$,) { +check_systemd_service_file ($pkg, $info, $file); +for my $name (extract_service_file_names ($pkg, $info, $file)) { +push @systemd_targets, $name; +} +} +} + +my @init_scripts = grep { m,^etc/init\.d/.+, } $info-sorted_index; + +# Verify that each init script includes /lib/lsb/init-functions, +# because that is where the systemd diversion happens. +for my $init_script (@init_scripts) { +check_init_script ($pkg, $info, $init_script); +} + +@init_scripts = map { basename($_) } @init_scripts; + +if ($ships_systemd_file) { +for my $init_script (@init_scripts) { +tag 'systemd-no-service-for-init-script', $init_script +unless grep /\Q$init_script\E\.service/, @systemd_targets; +} +} + +check_maintainer_scripts ($info); +} + +sub check_init_script { +my ($pkg, $info, $file) = @_; + +my $lsb_source_seen; +my $path = $info-index ($file); +unless ($path-is_regular_file || +($path-is_symlink defined($path-link_resolved))) { +tag 'init-script-is-not-a-file', $file; +return; +} +open(my $fh, '', $info-unpacked ($file)) +or fail cannot open $file: $!; +while ($fh) { +s/^\s+//; +next if /^#/; +if (m,^(?:\.|source)\s+/lib/lsb/init-functions,) { +$lsb_source_seen = 1; +last; +} +} +close($fh); + +if (!$lsb_source_seen) { +tag 'init.d-script-does-not-source-init-functions', $file; +} +} + +sub check_systemd_service_file { +my ($pkg, $info, $file) = @_; + +my @values = extract_service_file_values ($pkg, $info, $file, 'Unit', 'After
Bug#704197: Please review: systemd checks
Hi Niels, Niels Thykier ni...@thykier.net writes: I thought this was safe, but it does have an issue as well. Consider symlink chaining: safe-symlink - unsafe-symlink unsafe-symlink - ../../../../etc/passwd $path-link_resolved will approve safe-symlink because it can be resolved safely. However, it does not check that the target is also a safe symlink - so a loop/recursion is needed. That said, using the new is_ancestor_of (from L::Util) is probably a lot easier to use correctly. Basically: Thanks for the explanation and the example. I have updated my code and the tests still work. Find the updated patches attached (rebased against current master). -- Best regards, Michael From ceb4afecf02c6c1a1277ad69bb2d3430baed6fa9 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg mich...@stapelberg.de Date: Sat, 13 Apr 2013 23:14:31 +0200 Subject: [PATCH 1/3] add systemd checks --- checks/systemd | 252 +++ checks/systemd.desc | 76 2 files changed, 328 insertions(+) create mode 100644 checks/systemd create mode 100644 checks/systemd.desc diff --git a/checks/systemd b/checks/systemd new file mode 100644 index 000..866110c --- /dev/null +++ b/checks/systemd @@ -0,0 +1,252 @@ +# systemd -- lintian check script -*- perl -*- +# +# Copyright © 2013 Michael Stapelberg +# +# based on the apache2 checks file by: +# Copyright © 2012 Arno Töll +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, you can find it on the World Wide +# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. + +package Lintian::systemd; + +use strict; +use warnings; + +use File::Basename; +use Text::ParseWords qw(shellwords); + +use Lintian::Tags qw(tag); +use Lintian::Util qw(fail); + +sub run { +my ($pkg, $type, $info) = @_; + +# Figure out whether the maintainer of this package did any effort to +# make the package work with systemd. If not, we will not warn in case +# of an init script that has no systemd equivalent, for example. +my $ships_systemd_file = (scalar ( grep { m,/systemd/, } $info-sorted_index ) 0); + +# An array of names which are provided by the service files. +# This includes Alias= directives, so after parsing +# NetworkManager.service, it will contain NetworkManager and +# network-manager. +my @systemd_targets; + +for my $file ($info-sorted_index) { +if ($file =~ m,^etc/tmpfiles\.d/.*\.conf$,) { +tag 'systemd-tmpfiles.d-outside-usr-lib', $file; +} +if ($file =~ m,^etc/systemd/system/.*\.service$,) { +tag 'systemd-service-file-outside-lib', $file; +} +if ($file =~ m,/systemd/system/.*\.service$,) { +check_systemd_service_file ($pkg, $info, $file); +for my $name (extract_service_file_names ($pkg, $info, $file)) { +push @systemd_targets, $name; +} +} +} + +my @init_scripts = grep { m,^etc/init\.d/.+, } $info-sorted_index; + +# Verify that each init script includes /lib/lsb/init-functions, +# because that is where the systemd diversion happens. +for my $init_script (@init_scripts) { +check_init_script ($pkg, $info, $init_script); +} + +@init_scripts = map { basename($_) } @init_scripts; + +if ($ships_systemd_file) { +for my $init_script (@init_scripts) { +tag 'systemd-no-service-for-init-script', $init_script +unless grep /\Q$init_script\E\.service/, @systemd_targets; +} +} + +check_maintainer_scripts ($info); +} + +sub check_init_script { +my ($pkg, $info, $file) = @_; + +my $lsb_source_seen; +my $path = $info-index ($file); +unless ($path-is_regular_file || +($path-is_symlink defined($path-link_resolved))) { +tag 'init-script-is-not-a-file', $file; +return; +} +open(my $fh, '', $info-unpacked ($file)) +or fail cannot open $file: $!; +while ($fh) { +s/^\s+//; +next if /^#/; +if (m,^(?:\.|source)\s+/lib/lsb/init-functions,) { +$lsb_source_seen = 1; +last; +} +} +close($fh); + +if (!$lsb_source_seen) { +tag 'init.d-script-does-not-source-init-functions', $file; +} +} + +sub
Bug#718404: [PATCH] Don’t generate statically-linked-binary for golang packages
Package: lintian Version: 2.5.15 Severity: wishlist Tags: patch The attached patch modifies lintian so that it will not generate statically-linked-binary for every package built with golang-go. This is preferable to adding override files in every package. From 05208d99ddb0afb68ae8affa1a7552231ed6276d Mon Sep 17 00:00:00 2001 From: Michael Stapelberg mich...@stapelberg.de Date: Wed, 31 Jul 2013 10:28:10 +0200 Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20generate=20statically-linked-bina?= =?UTF-8?q?ry=20for=20binary=20packages=20built=20with=20golang-go?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- checks/binaries.pm|8 + t/tests/binaries-golang/debian/Makefile | 48 + t/tests/binaries-golang/debian/basic.c| 12 +++ t/tests/binaries-golang/debian/debian/control | 15 t/tests/binaries-golang/debian/debian/rules |7 t/tests/binaries-golang/debian/getbuildid | 30 t/tests/binaries-golang/desc | 14 t/tests/binaries-golang/tags | 13 +++ 8 files changed, 147 insertions(+) create mode 100644 t/tests/binaries-golang/debian/Makefile create mode 100644 t/tests/binaries-golang/debian/basic.c create mode 100644 t/tests/binaries-golang/debian/debian/control create mode 100644 t/tests/binaries-golang/debian/debian/rules create mode 100755 t/tests/binaries-golang/debian/getbuildid create mode 100644 t/tests/binaries-golang/desc create mode 100644 t/tests/binaries-golang/tags diff --git a/checks/binaries.pm b/checks/binaries.pm index 80f0637..f26e809 100644 --- a/checks/binaries.pm +++ b/checks/binaries.pm @@ -225,6 +225,12 @@ for my $file ($info-sorted_index) { $directories{/$name}++; } +my $src = $group-get_source_processable(); +my $built_with_golang; +if (defined($src)) { +$built_with_golang = $src-info-relation('build-depends')-implies('golang-go'); +} + # process all files in package foreach my $file ($info-sorted_index) { my $fileinfo = $info-file_info ($file); @@ -393,6 +399,8 @@ foreach my $file ($info-sorted_index) { next if ($file =~ m%^boot/%); next if ($file =~ /[\.-]static$/); next if ($pkg =~ /-static$/); +# Binaries built by the Go compiler are statically linked by default. +next if ($built_with_golang); # klibc binaries appear to be static. next if (exists $objdump-{INTERP} $objdump-{INTERP} =~ m,/lib/klibc-\S+\.so,); diff --git a/t/tests/binaries-golang/debian/Makefile b/t/tests/binaries-golang/debian/Makefile new file mode 100644 index 000..ac5bd0f --- /dev/null +++ b/t/tests/binaries-golang/debian/Makefile @@ -0,0 +1,48 @@ +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE) -o basic basic.c -pg -Wl,--rpath,/usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,/usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,/usr/share/foo + # static version of basic for debugging checks + $(COMPILE) -static -o basic.static basic.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d $(DESTDIR)/usr/lib/debug/.build-id/`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d $(DESTDIR)/usr/lib/debug/.build-id/de + objcopy --compress-debug-sections basicdebug \ + $(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug + install -d $(DESTDIR)/usr/lib/debug/.build-id/`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + $(DESTDIR)/usr/lib/debug/.build-id/`$(GETBUILDID) -s basicdebug`/`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped
Bug#795667: Suppress hardening-{no-relro,no-fortify-functions}
Package: lintian Version: 2.5.33 Severity: normal Tags: patch From the patch description: [PATCH] Suppress hardening-{no-relro,no-fortify-functions} for Go binaries. The Go compiler (gc) does not currently support these features, so don’t warn about them on _every_ binary which is implemented in Go. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.0.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.25-10 ii bzip2 1.0.6-8 ii diffstat 1.58-1 ii file 1:5.22+15-2 ii gettext0.19.4-1 ii hardening-includes 2.7 ii intltool-debian0.35.0+20060710.2 ii libapt-pkg-perl0.1.29+b2 ii libarchive-zip-perl1.48-1 ii libclass-accessor-perl 0.34-1 ii libclone-perl 0.38-1 ii libdpkg-perl 1.18.1 ii libemail-valid-perl1.196-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl0.94-1 ii liblist-moreutils-perl 0.413-1 ii libparse-debianchangelog-perl 1.2.0-4 ii libtext-levenshtein-perl 0.12-1 ii libtimedate-perl 2.3000-2 ii liburi-perl1.64-1 ii man-db 2.7.0.2-5 ii patchutils 0.3.4-1 ii perl [libdigest-sha-perl] 5.20.2-6 ii t1utils1.38-4 ii xz-utils 5.1.1alpha+20120614-2.1 Versions of packages lintian recommends: ii dpkg1.18.1 pn libperlio-gzip-perl none ii perl5.20.2-6 ii perl-modules [libautodie-perl] 5.20.2-6 Versions of packages lintian suggests: pn binutils-multiarch none ii dpkg-dev 1.18.1 ii libhtml-parser-perl3.71-2 ii libtext-template-perl 1.46-1 pn libyaml-perl none -- no debconf information From 87e1d19a9cb2dfdfd1b23108bdff89d264102a3c Mon Sep 17 00:00:00 2001 From: Michael Stapelberg stapelb...@debian.org Date: Sun, 16 Aug 2015 09:52:24 +0200 Subject: [PATCH] Suppress hardening-{no-relro,no-fortify-functions} for Go binaries. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Go compiler (gc) does not currently support these features, so don’t warn about them on _every_ binary which is implemented in Go. --- checks/binaries.pm | 5 + 1 file changed, 5 insertions(+) diff --git a/checks/binaries.pm b/checks/binaries.pm index 1ad6282..3542611 100644 --- a/checks/binaries.pm +++ b/checks/binaries.pm @@ -547,6 +547,11 @@ sub run { if ($flags) { foreach my $t (@{$info-hardening_info-{$fname}}) { my $tag = hardening-$t; +# Binaries built by the Go compiler do not support all +# hardening measures. +next if ($t eq 'no-relro' || + $t eq 'no-fortify-functions') + $built_with_golang; tag $tag, $file if $flags-{$tag}; } } -- 2.1.4
Bug#795614: [PATCH] fix false-positive spelling-error-in-binary affecting many Go binaries
On Sun, Aug 16, 2015 at 10:11 AM, Niels Thykier ni...@thykier.net wrote: On 2015-08-15 21:59, Michael Stapelberg wrote: Package: lintian Version: 2.5.33 Severity: normal Tags: patch From the patch description: [PATCH] spelling-error-in-binary: ignore ang/and The Go stdlib html/ package contains the string ang; (for the ang; entity). Every program which directly or indirectly imports the html/ package will hence end up with an unuseful spelling-error-in-binary lintian warning. [...] Hi Michael, Thanks for the patch. I was wondering, have you tried something like? $ git diff diff --git a/lib/Lintian/Check.pm b/lib/Lintian/Check.pm index 4b08fae..0b11477 100644 --- a/lib/Lintian/Check.pm +++ b/lib/Lintian/Check.pm @@ -301,6 +301,7 @@ sub check_spelling { $text =~ s/(\w-)\s*\n\s*/$1/; $text =~ tr/\r\n \t/ /s; $text =~ s/\s++/ /g; +$text =~ s/\[a-zA-Z0-9_-]+\;//g; # Ignore XML entities strip($text); for my $word (split(' ', $text)) { AFAICT, it should strip out all XML entities (untested though), which should be a more generic solution. Does this work for you? I think your patch does indeed strip out XML entities, but it doesn’t quite work for our use-case: note that the string that’s found in the binary is “ang;”, not “ang;”. -- Best regards, Michael
Bug#795614: [PATCH] fix false-positive spelling-error-in-binary affecting many Go binaries
Package: lintian Version: 2.5.33 Severity: normal Tags: patch From the patch description: [PATCH] spelling-error-in-binary: ignore ang/and The Go stdlib html/ package contains the string ang; (for the ang; entity). Every program which directly or indirectly imports the html/ package will hence end up with an unuseful spelling-error-in-binary lintian warning. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.0.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.25-10 ii bzip2 1.0.6-8 ii diffstat 1.58-1 ii file 1:5.22+15-2 ii gettext0.19.4-1 ii hardening-includes 2.7 ii intltool-debian0.35.0+20060710.2 ii libapt-pkg-perl0.1.29+b2 ii libarchive-zip-perl1.48-1 ii libclass-accessor-perl 0.34-1 ii libclone-perl 0.38-1 ii libdpkg-perl 1.18.1 ii libemail-valid-perl1.196-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl0.94-1 ii liblist-moreutils-perl 0.413-1 ii libparse-debianchangelog-perl 1.2.0-4 ii libtext-levenshtein-perl 0.12-1 ii libtimedate-perl 2.3000-2 ii liburi-perl1.64-1 ii man-db 2.7.0.2-5 ii patchutils 0.3.4-1 ii perl [libdigest-sha-perl] 5.20.2-6 ii t1utils1.38-4 ii xz-utils 5.1.1alpha+20120614-2.1 Versions of packages lintian recommends: ii dpkg1.18.1 pn libperlio-gzip-perl none ii perl5.20.2-6 ii perl-modules [libautodie-perl] 5.20.2-6 Versions of packages lintian suggests: pn binutils-multiarch none ii dpkg-dev 1.18.1 ii libhtml-parser-perl3.71-2 ii libtext-template-perl 1.46-1 pn libyaml-perl none -- no debconf information From 9e94af4f6d4bc0169fd3de6073707e4ce4e94c04 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg stapelb...@debian.org Date: Sat, 15 Aug 2015 21:54:16 +0200 Subject: [PATCH] spelling-error-in-binary: ignore ang/and The Go stdlib html/ package contains the string ang; (for the ang; entity). Every program which directly or indirectly imports the html/ package will hence end up with an unuseful spelling-error-in-binary lintian warning. --- checks/binaries.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/checks/binaries.pm b/checks/binaries.pm index 94197b6..1ad6282 100644 --- a/checks/binaries.pm +++ b/checks/binaries.pm @@ -364,6 +364,7 @@ sub run { 'teH' = 1, # From #711207 'tEH' = 1, # From #782902 'tEh' = 1, # From #782902, too +'ang' = 1, # The Go stdlib html/ package contains ang; }; my $tag_emitter = spelling_tag_emitter('spelling-error-in-binary', $file); -- 2.1.4
Bug#857656: [PATCH] c/binaries: amend go whitelist to cover all errors
Package: lintian Version: 2.5.51 Severity: normal Tags: patch Please consider merging the attached patch. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.27.90.20170124-2 ii bzip2 1.0.6-8.1 ii diffstat 1.61-1 ii file 1:5.29-3 ii gettext 0.19.8.1-2 ii intltool-debian 0.35.0+20060710.4 ii libapt-pkg-perl 0.1.30 ii libarchive-zip-perl 1.59-1 ii libclass-accessor-perl0.34-1 ii libclone-perl 0.38-2+b1 ii libdpkg-perl 1.18.22 ii libemail-valid-perl 1.202-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.94-1 ii liblist-moreutils-perl0.416-1+b1 ii libparse-debianchangelog-perl 1.2.0-12 ii libperl5.22 [libdigest-sha-perl] 5.22.2-5 ii libperl5.24 [libdigest-sha-perl] 5.24.1-1 ii libtext-levenshtein-perl 0.13-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.71-1 ii libyaml-libyaml-perl 0.63-2 ii man-db2.7.6.1-2 ii patchutils0.3.4-2 ii perl 5.24.1-1 ii t1utils 1.39-2 ii xz-utils 5.2.2-1.2+b1 Versions of packages lintian recommends: ii dpkg 1.18.22 pn libperlio-gzip-perl ii perl 5.24.1-1 ii perl-modules-5.22 [libautodie-perl] 5.22.2-5 ii perl-modules-5.24 [libautodie-perl] 5.24.1-1 Versions of packages lintian suggests: pn binutils-multiarch ii dpkg-dev 1.18.22 ii libhtml-parser-perl3.72-3 ii libtext-template-perl 1.46-1 -- no debconf information >From a6a605806a0c52f723879eaf2f3ace92c46ec2b4 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg <stapelb...@debian.org> Date: Mon, 13 Mar 2017 20:30:40 +0100 Subject: [PATCH 3/3] c/binaries: amend go whitelist to cover all errors --- checks/binaries.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/checks/binaries.pm b/checks/binaries.pm index 5870dd9bd..a0d57bc83 100644 --- a/checks/binaries.pm +++ b/checks/binaries.pm @@ -586,11 +586,13 @@ sub run { } if ($arch_hardening->{'hardening-no-bindnow'} +and not $built_with_golang and not exists($objdump->{'FLAGS_1'}{'NOW'})) { tag 'hardening-no-bindnow', $file; } if ($arch_hardening->{'hardening-no-pie'} +and not $built_with_golang and $objdump->{'ELF-TYPE'} eq 'EXEC') { tag 'hardening-no-pie', $file; } -- 2.11.0
Bug#857654: [PATCH] c/binaries: whitelist go spelling false-positives
Package: lintian Version: 2.5.51 Severity: normal Tags: patch Please consider merging the attached patch. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.27.90.20170124-2 ii bzip2 1.0.6-8.1 ii diffstat 1.61-1 ii file 1:5.29-3 ii gettext 0.19.8.1-2 ii intltool-debian 0.35.0+20060710.4 ii libapt-pkg-perl 0.1.30 ii libarchive-zip-perl 1.59-1 ii libclass-accessor-perl0.34-1 ii libclone-perl 0.38-2+b1 ii libdpkg-perl 1.18.22 ii libemail-valid-perl 1.202-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.94-1 ii liblist-moreutils-perl0.416-1+b1 ii libparse-debianchangelog-perl 1.2.0-12 ii libperl5.22 [libdigest-sha-perl] 5.22.2-5 ii libperl5.24 [libdigest-sha-perl] 5.24.1-1 ii libtext-levenshtein-perl 0.13-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.71-1 ii libyaml-libyaml-perl 0.63-2 ii man-db2.7.6.1-2 ii patchutils0.3.4-2 ii perl 5.24.1-1 ii t1utils 1.39-2 ii xz-utils 5.2.2-1.2+b1 Versions of packages lintian recommends: ii dpkg 1.18.22 pn libperlio-gzip-perl ii perl 5.24.1-1 ii perl-modules-5.22 [libautodie-perl] 5.22.2-5 ii perl-modules-5.24 [libautodie-perl] 5.24.1-1 Versions of packages lintian suggests: pn binutils-multiarch ii dpkg-dev 1.18.22 ii libhtml-parser-perl3.72-3 ii libtext-template-perl 1.46-1 -- no debconf information >From 9e97ab66304c2d98d381394606bab5374c7908fc Mon Sep 17 00:00:00 2001 From: Michael Stapelberg <stapelb...@debian.org> Date: Mon, 13 Mar 2017 20:29:48 +0100 Subject: [PATCH 1/3] c/binaries: whitelist go spelling false-positives --- checks/binaries.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/checks/binaries.pm b/checks/binaries.pm index 50545a5ac..10edfc5f2 100644 --- a/checks/binaries.pm +++ b/checks/binaries.pm @@ -381,6 +381,9 @@ sub run { 'tEH' => 1, # From #782902 'tEh' => 1, # From #782902, too 'ang' => 1, # The Go stdlib html/ package contains "ang;" +'writeN' => 1, # The Go stdlib text/tabwriter pkg contains "writeN" +'writeN' => 1, # The Go stdlib text/tabwriter pkg contains "writeN" +'ot' => 1, # The Go stdlib runtime/ package contains "ot" }; my $tag_emitter = spelling_tag_emitter('spelling-error-in-binary', $file); -- 2.11.0
Bug#857655: [PATCH] c/binaries: fix go whitelist by moving variable
Package: lintian Version: 2.5.51 Severity: normal Tags: patch Please consider merging the attached patch. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.27.90.20170124-2 ii bzip2 1.0.6-8.1 ii diffstat 1.61-1 ii file 1:5.29-3 ii gettext 0.19.8.1-2 ii intltool-debian 0.35.0+20060710.4 ii libapt-pkg-perl 0.1.30 ii libarchive-zip-perl 1.59-1 ii libclass-accessor-perl0.34-1 ii libclone-perl 0.38-2+b1 ii libdpkg-perl 1.18.22 ii libemail-valid-perl 1.202-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.94-1 ii liblist-moreutils-perl0.416-1+b1 ii libparse-debianchangelog-perl 1.2.0-12 ii libperl5.22 [libdigest-sha-perl] 5.22.2-5 ii libperl5.24 [libdigest-sha-perl] 5.24.1-1 ii libtext-levenshtein-perl 0.13-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.71-1 ii libyaml-libyaml-perl 0.63-2 ii man-db2.7.6.1-2 ii patchutils0.3.4-2 ii perl 5.24.1-1 ii t1utils 1.39-2 ii xz-utils 5.2.2-1.2+b1 Versions of packages lintian recommends: ii dpkg 1.18.22 pn libperlio-gzip-perl ii perl 5.24.1-1 ii perl-modules-5.22 [libautodie-perl] 5.22.2-5 ii perl-modules-5.24 [libautodie-perl] 5.24.1-1 Versions of packages lintian suggests: pn binutils-multiarch ii dpkg-dev 1.18.22 ii libhtml-parser-perl3.72-3 ii libtext-template-perl 1.46-1 -- no debconf information >From 5e485d8396e2c3a041c5ecb8ec90f81579cf182a Mon Sep 17 00:00:00 2001 From: Michael Stapelberg <stapelb...@debian.org> Date: Mon, 13 Mar 2017 20:30:24 +0100 Subject: [PATCH 2/3] c/binaries: fix go whitelist by moving variable --- checks/binaries.pm | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/checks/binaries.pm b/checks/binaries.pm index 10edfc5f2..5870dd9bd 100644 --- a/checks/binaries.pm +++ b/checks/binaries.pm @@ -126,6 +126,13 @@ sub run { $arch_hardening = $HARDENING->value($arch) if $arch ne 'all'; +my $src = $group->get_source_processable; +if (defined($src)) { +$built_with_golang + = $src->info->relation('build-depends') + ->implies('golang-go | golang-any'); +} + foreach my $file (sort keys %{$info->objdump_info}) { my $objdump = $info->objdump_info->{$file}; my ($has_lfs, %unharded_functions, @hardened_functions); @@ -273,13 +280,6 @@ sub run { tag 'package-name-doesnt-match-sonames', "@sonames" if @sonames && !$match_found; -my $src = $group->get_source_processable; -if (defined($src)) { -$built_with_golang - = $src->info->relation('build-depends') - ->implies('golang-go | golang-any'); -} - # process all files in package foreach my $file ($info->sorted_index) { my ($fileinfo, $objdump, $fname); -- 2.11.0
Bug#870829: Contradicting warnings/errors: useless-autoreconf-build-depends vs. missing-build-dependency-for-dh-addon
On Sat, Aug 5, 2017 at 6:25 PM, Mattia Rizzolo <mat...@debian.org> wrote: > On Sat, Aug 05, 2017 at 05:47:39PM +0200, Michael Stapelberg wrote: > > build-dependency was unnecessary with debhelper ≥ 10 and should be > removed: > > > > W: mdocml source: useless-autoreconf-build-depends autotools-dev > > > > After doing that, lintian noted that the autotools_dev addon was missing > a > > dependency on autotools-dev: > > > > E: mdocml source: missing-build-dependency-for-dh-addon autotools_dev > => autotools-dev > > > > This error seems to directly contradict the earlier warning. > > > > Not only src:mdocml is affected: e.g. src:teg removed the build > dependency in > > https://anonscm.debian.org/viewvc/pkg-games/packages/ > trunk/teg/debian/control?r1=15952=15990 > > and now shows up in > > https://lintian.debian.org/tags/missing-build-dependency- > for-dh-addon.html. > > > > What course of action is correct? Which warning should be removed from > lintian? > > > Neither of them. The description might be a bit misleading, but it's an > actual "problem" in your package: you need not use > --with autotools_dev > anymore, as starting with debhelper version 9.20160114 debhelper > includes an dh_update_autotools_config helper that is run for all > debhelper compat level. > Wow, I would have never guessed that. Can we add a more specific warning to lintian for this case? I expect the maintainers of all 372 source packages found by the search https://codesearch.debian.net/search?q=path%3Adebian%2Frules+with.*autotools_dev=1 to eventually face this problem. > > Also, dropping that `--with autotools_dev` switch will cast away all the > lintian warnings. > Done with https://anonscm.debian.org/git/collab-maint/mdocml.git/commit/?id=e655a7998c6e4b32c4cb55d48366f74e1bb1a194, thanks! > > -- > regards, > Mattia Rizzolo > > GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. > more about me: https://mapreri.org : :' : > Launchpad user: https://launchpad.net/~mapreri `. `'` > Debian QA page: https://qa.debian.org/developer.php?login=mattia `- > -- Best regards, Michael
Bug#870829: Contradicting warnings/errors: useless-autoreconf-build-depends vs. missing-build-dependency-for-dh-addon
Package: lintian Version: 2.5.52 Severity: normal When packaging mdocml 1.14.3, lintian noted that the autotools-dev build-dependency was unnecessary with debhelper ≥ 10 and should be removed: W: mdocml source: useless-autoreconf-build-depends autotools-dev After doing that, lintian noted that the autotools_dev addon was missing a dependency on autotools-dev: E: mdocml source: missing-build-dependency-for-dh-addon autotools_dev => autotools-dev This error seems to directly contradict the earlier warning. Not only src:mdocml is affected: e.g. src:teg removed the build dependency in https://anonscm.debian.org/viewvc/pkg-games/packages/trunk/teg/debian/control?r1=15952=15990 and now shows up in https://lintian.debian.org/tags/missing-build-dependency-for-dh-addon.html. What course of action is correct? Which warning should be removed from lintian? -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.11.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.28-6 ii bzip2 1.0.6-8.1 ii diffstat 1.61-1+b1 ii dpkg 1.18.24 ii file 1:5.30-1 ii gettext 0.19.8.1-2+b1 ii intltool-debian 0.35.0+20060710.4 ii libapt-pkg-perl 0.1.32+b2 ii libarchive-zip-perl 1.59-1 ii libclass-accessor-perl0.34-1 ii libclone-perl 0.38-2+b2 ii libdpkg-perl 1.18.24 ii libemail-valid-perl 1.202-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.94-1 ii liblist-moreutils-perl0.416-1+b3 ii libparse-debianchangelog-perl 1.2.0-12 ii libperl5.22 [libdigest-sha-perl] 5.22.2-5 ii libperl5.26 [libdigest-sha-perl] 5.26.0-4 ii libtext-levenshtein-perl 0.13-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.71-1 ii libxml-simple-perl2.22-1 ii libyaml-libyaml-perl 0.63-2+b2 ii man-db2.7.6.1-2 ii patchutils0.3.4-2 ii perl 5.26.0-4 ii t1utils 1.39-2 ii xz-utils 5.2.2-1.3 Versions of packages lintian recommends: pn libperlio-gzip-perl Versions of packages lintian suggests: pn binutils-multiarch ii dpkg-dev 1.18.24 ii libhtml-parser-perl3.72-3+b2 ii libtext-template-perl 1.46-1 -- no debconf information
Bug#877802: include file name and line number in output
Sorry for not being more clear: when I run lintian (notably, without -i), I get output such as: % lintian dunst_1.2.0-1_amd64.changes I: dunst source: testsuite-autopkgtest-missing P: dunst source: debian-watch-may-check-gpg-signature I: dunst: dbus-session-service-wrong-name org.freedesktop.Notifications.service usr/share/dbus-1/services/org.knopwob.dunst.service I: dunst: spelling-error-in-manpage usr/share/man/man1/dunst.1.gz verticaly vertically W: dunst: manpage-has-errors-from-man usr/share/man/man1/dunst.1.gz 476: warning [p 5, 8.7i, div `an-div', 0.2i]: can't break line What I’d like is to output to look like this (possibly only after specifying a flag in case it causes breakage): % lintian dunst_1.2.0-1_amd64.changes debian/watch:1: P: dunst source: debian-watch-may-check-gpg-signature I: dunst: dbus-session-service-wrong-name org.freedesktop.Notifications.service usr/share/dbus-1/services/org.knopwob.dunst.service I: dunst: spelling-error-in-manpage usr/share/man/man1/dunst.1.gz verticaly vertically […] I realize that for some of the messages, like the manpage-related ones, we don’t have the mapping between binary artifact and source file (maybe debhelper could be extended to store it). But many other warnings that I run into can be tied to a specific source file. On Fri, Oct 6, 2017 at 2:40 AM, Chris Lambwrote: > Hi Michael, > >> It would be great if lintian could include the relevant file name and line >> number in each line of output > > Lintian does do this in many cases; do you have any specific examples where > it doesn't right now? > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org / chris-lamb.co.uk >`- -- Best regards, Michael
Bug#877802: include file name and line number in output
Package: lintian Version: 2.5.54 Severity: wishlist It would be great if lintian could include the relevant file name and line number in each line of output. That way, users could easily jump to the issue at hand by using their editor’s “compilation mode” (Emacs), quickfix (Vim) or similar feature. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.12.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.29-9 ii bzip2 1.0.6-8.1 ii diffstat 1.61-1+b1 ii dpkg 1.18.24 ii file 1:5.32-1 ii gettext 0.19.8.1-4 ii intltool-debian 0.35.0+20060710.4 ii libapt-pkg-perl 0.1.33 ii libarchive-zip-perl 1.59-1 ii libclass-accessor-perl0.34-1 ii libclone-perl 0.38-2+b2 ii libdpkg-perl 1.18.24 ii libemail-valid-perl 1.202-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.96-1 ii liblist-moreutils-perl0.416-1+b3 ii libparse-debianchangelog-perl 1.2.0-12 ii libperl5.22 [libdigest-sha-perl] 5.22.2-5 ii libperl5.26 [libdigest-sha-perl] 5.26.0-5 ii libtext-levenshtein-perl 0.13-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.72-1 ii libxml-simple-perl2.24-1 ii libyaml-libyaml-perl 0.63-2+b2 ii man-db2.7.6.1-2 ii patchutils0.3.4-2 ii perl 5.26.0-5 ii t1utils 1.40-2 ii xz-utils 5.2.2-1.3 Versions of packages lintian recommends: pn libperlio-gzip-perl Versions of packages lintian suggests: pn binutils-multiarch ii dpkg-dev 1.18.24 ii libhtml-parser-perl3.72-3+b2 ii libtext-template-perl 1.46-1 -- no debconf information
Bug#891072: [PATCH] Add golang-missing-built-using and golang-built-using-on-arch-all
Package: lintian Version: 2.5.72 Severity: wishlist Tags: patch Please review and merge the attached patch. Thanks! -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.13.0-1-amd64 (SMP w/12 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.29.1-6 ii bzip2 1.0.6-8.1 ii diffstat 1.61-1+b1 ii dpkg 1.19.0.5 ii file 1:5.32-1 ii gettext 0.19.8.1-4 ii intltool-debian 0.35.0+20060710.4 ii libapt-pkg-perl 0.1.33 ii libarchive-zip-perl 1.59-1 ii libclass-accessor-perl0.51-1 ii libclone-perl 0.38-2+b2 ii libdpkg-perl 1.19.0.5 ii libemail-valid-perl 1.202-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.96-1 ii liblist-moreutils-perl0.416-1+b3 ii libparse-debianchangelog-perl 1.2.0-12 ii libperl5.22 [libdigest-sha-perl] 5.22.2-5 ii libperl5.26 [libdigest-sha-perl] 5.26.1-3 ii libtext-levenshtein-perl 0.13-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.72-2 ii libxml-simple-perl2.24-1 ii libyaml-libyaml-perl 0.63-2+b2 ii man-db2.7.6.1-2 ii patchutils0.3.4-2 ii perl 5.26.1-3 ii t1utils 1.41-1 ii xz-utils 5.2.2-1.3 Versions of packages lintian recommends: pn libperlio-gzip-perl Versions of packages lintian suggests: pn binutils-multiarch ii dpkg-dev 1.19.0.5 ii libhtml-parser-perl3.72-3+b2 ii libtext-template-perl 1.47-1 -- no debconf information >From 7318d47e2caff903267d0235d7ef3069d74041a5 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg <stapelb...@debian.org> Date: Thu, 22 Feb 2018 09:11:20 +0100 Subject: [PATCH] Add golang-missing-built-using and golang-built-using-on-arch-all --- checks/control-file.desc | 17 + checks/control-file.pm | 15 .../binaries-golang-built-using/debian/Makefile| 16 + t/tests/binaries-golang-built-using/debian/basic.c | 12 +++ .../debian/debian/control.in | 40 ++ t/tests/binaries-golang-built-using/desc | 6 t/tests/binaries-golang-built-using/tags | 1 + t/tests/binaries-golang/desc | 1 + t/tests/binaries-golang/tags | 1 + 9 files changed, 109 insertions(+) create mode 100644 t/tests/binaries-golang-built-using/debian/Makefile create mode 100644 t/tests/binaries-golang-built-using/debian/basic.c create mode 100644 t/tests/binaries-golang-built-using/debian/debian/control.in create mode 100644 t/tests/binaries-golang-built-using/desc create mode 100644 t/tests/binaries-golang-built-using/tags diff --git a/checks/control-file.desc b/checks/control-file.desc index 2b2516bfc..9743aad81 100644 --- a/checks/control-file.desc +++ b/checks/control-file.desc @@ -350,3 +350,20 @@ Info: This package builds a binary package containing at least one path Please specify (eg.) Rules-Requires-Root: binary-targets in the debian/control source stanza. Ref: /usr/share/doc/dpkg-dev/rootless-builds.txt.gz + +Tag: golang-missing-built-using +Severity: wishlist +Certainty: certain +Info: This package builds a binary package which is not including + ${misc:Built-Using} in its Built-Using control field. + . + The ${misc:Built-Using} substvar is populated by dh-golang(1) + and used for scheduling binNMUs. + +Tag: golang-built-using-on-arch-all +Severity: wishlist +Certainty: certain +Info: This package builds a binary arch:all package which incorrectly + specifies a Built-Using control field. + . + Built-Using only applies to architecture-specific packages. diff --git a/checks/control-file.pm b/checks/control-file.pm index f2a97b24d..8d8a1caac 100644 --- a/checks/control-file.pm +++ b/checks/control-file.pm @@ -427,6 +427,21 @@ sub run { unless $relation->implies('${gir:Depends}'); } +# Verify that golang binary packages set Built-Using (except for arch:all +# library packages). +if ($info->relation('build-depends')->implies('golang-go | golang-any')) { +foreach my $bin (@package_names) { +my $bu = $info->binary_fie
Bug#891072: [PATCH] Add golang-missing-built-using and golang-built-using-on-arch-all
Thanks for the quick review! Comments inline: On Thu, Feb 22, 2018 at 9:31 AM, Chris Lamb <la...@debian.org> wrote: > tags 891072 - patch > thanks > > Dear Michael, > > > Please review and merge the attached patch. Thanks! > > Thank you so much for your patch. Can you fix up the following small > things? Naturally, please re-add the "patch" tag when ready :) > > > +Tag: golang-missing-built-using > +Tag: golang-built-using-on-arch-all > > These seem quite "clumsy" wordings and difficult to understand when > out of context - can you try expanding them a little? > Can you make a suggestion as to how they would be clearer please? I can’t come up with anything. Probably I’m stuck too deep in the subject matter :). > > In addition, please make it very explicit about what them maintainer > should do if they see this message. For example, something phrased > along the lines of "please add..." > Done. > > > +Info: This package builds a binary package which is not including > ^ > does not include > > + ${misc:Built-Using} in its Built-Using control field. > ^^^^^^ > …… > > > Done. > +if ($arch eq 'all > […] > +if ($arch ne 'all' > > Is there a cleaner way of structuring these? > What would you consider cleaner? It seems fine to me. > > +++ a/t/tests/binaries-golang-built-using/desc > ^ > This probably should be prefixed with "control-file-" as that's the > name of checks/foo.pm. > Done. > > Are we missing a Test-Depends in the "desc" file too? :) > Not sure what you mean? > > Thanks again! > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org / chris-lamb.co.uk >`- > -- Best regards, Michael From c04498f4c71d62cac9e3760c395ae847bf5f5040 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg <stapelb...@debian.org> Date: Thu, 22 Feb 2018 09:11:20 +0100 Subject: [PATCH] Add golang-missing-built-using and golang-built-using-on-arch-all --- checks/control-file.desc | 23 + checks/control-file.pm | 15 t/tests/binaries-golang/desc | 1 + t/tests/binaries-golang/tags | 1 + .../debian/Makefile| 16 + .../control-file-golang-built-using/debian/basic.c | 12 +++ .../debian/debian/control.in | 40 ++ t/tests/control-file-golang-built-using/desc | 6 t/tests/control-file-golang-built-using/tags | 1 + 9 files changed, 115 insertions(+) create mode 100644 t/tests/control-file-golang-built-using/debian/Makefile create mode 100644 t/tests/control-file-golang-built-using/debian/basic.c create mode 100644 t/tests/control-file-golang-built-using/debian/debian/control.in create mode 100644 t/tests/control-file-golang-built-using/desc create mode 100644 t/tests/control-file-golang-built-using/tags diff --git a/checks/control-file.desc b/checks/control-file.desc index 2b2516bfc..a1399ec9a 100644 --- a/checks/control-file.desc +++ b/checks/control-file.desc @@ -350,3 +350,26 @@ Info: This package builds a binary package containing at least one path Please specify (eg.) Rules-Requires-Root: binary-targets in the debian/control source stanza. Ref: /usr/share/doc/dpkg-dev/rootless-builds.txt.gz + +Tag: golang-missing-built-using +Severity: wishlist +Certainty: certain +Info: This package builds a binary package which does not include + ${misc:Built-Using} in its Built-Using control field. + . + The ${misc:Built-Using} substvar is populated by dh-golang(1) + and used for scheduling binNMUs. + . + Please add the following line to your package definition: + . + Built-Using: ${misc:Built-Using} + +Tag: golang-built-using-on-arch-all +Severity: wishlist +Certainty: certain +Info: This package builds a binary arch:all package which incorrectly + specifies a Built-Using control field. + . + Built-Using only applies to architecture-specific packages. + . + Please remove the Built-Using line from your package definition. \ No newline at end of file diff --git a/checks/control-file.pm b/checks/control-file.pm index f2a97b24d..8d8a1caac 100644 --- a/checks/control-file.pm +++ b/checks/control-file.pm @@ -427,6 +427,21 @@ sub run { unless $relation->implies('${gir:Depends}'); } +# Verify that golang binary packages set Built-Using (except for arch:all +# library packages). +if ($info->relation('build-depends')->implies('golang-go | golang-any'))
Bug#891072: [PATCH] Add golang-missing-built-using and golang-built-using-on-arch-all
control: tags -1 + patch On Thu, Feb 22, 2018 at 9:58 AM, Chris Lamb <la...@debian.org> wrote: > Hi Michael, > > > > > > > +Tag: golang-missing-built-using > > > +Tag: golang-built-using-on-arch-all > > > > > > These seem quite "clumsy" wordings and difficult to understand when > > > out of context - can you try expanding them a little? > > > > Can you make a suggestion as to how they would be clearer please? > > Hm. The difficult part of parsing it is the "built using" proper noun. > I don't have any thing I love but have you tried adding more nouns, > etc.? For example, golang-package-missing-built-using-{header,field}? > Or missing-built-using-X-for-golang-package. Or golang-built-using- > field-on-arch-all-package? Or arch-all-golang-package-{with,but}-built- > using-{field,header}. Or something. :) > Thanks, done. > > > > +if ($arch eq 'all > > > […] > > > +if ($arch ne 'all' > […] > > What would you consider cleaner? It seems fine to me. > > I don't have a concrete example but my gut tells me there is a cleaner > structure that uses the fact that if $arch is "all", we don't need to > check 2 lines down that it is not "all". Again, nothing concrete but > some kind of "else" statement? :p > Done. > > > > Are we missing a Test-Depends in the "desc" file too? :) > > > > > Not sure what you mean? > > Tests have a "/desc" file with Test-For, Test-Against etc. I am > querying whether this file should also have something along the > lines of: > > t/tests/elpa/desc: > 5:Test-Depends: dh-elpa > > (Just a question, I don't have the answer to hand..!) > The README file states: --- Sometimes tests requires certain packages that are not available in the current stable. In this case, you can use: Test-Depends: --- I don’t think that applies to this change. > > > Best wishes, > > -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org / chris-lamb.co.uk >`- > -- Best regards, Michael From f82f483a31ed1b66102d0ab52e1a2a3ba6bb9cce Mon Sep 17 00:00:00 2001 From: Michael Stapelberg <stapelb...@debian.org> Date: Thu, 22 Feb 2018 09:11:20 +0100 Subject: [PATCH] Add built-using checks --- checks/control-file.desc | 23 + checks/control-file.pm | 18 ++ t/tests/binaries-golang/desc | 1 + t/tests/binaries-golang/tags | 1 + .../debian/Makefile| 16 + .../control-file-golang-built-using/debian/basic.c | 12 +++ .../debian/debian/control.in | 40 ++ t/tests/control-file-golang-built-using/desc | 6 t/tests/control-file-golang-built-using/tags | 1 + 9 files changed, 118 insertions(+) create mode 100644 t/tests/control-file-golang-built-using/debian/Makefile create mode 100644 t/tests/control-file-golang-built-using/debian/basic.c create mode 100644 t/tests/control-file-golang-built-using/debian/debian/control.in create mode 100644 t/tests/control-file-golang-built-using/desc create mode 100644 t/tests/control-file-golang-built-using/tags diff --git a/checks/control-file.desc b/checks/control-file.desc index 2b2516bfc..49c8a8c0b 100644 --- a/checks/control-file.desc +++ b/checks/control-file.desc @@ -350,3 +350,26 @@ Info: This package builds a binary package containing at least one path Please specify (eg.) Rules-Requires-Root: binary-targets in the debian/control source stanza. Ref: /usr/share/doc/dpkg-dev/rootless-builds.txt.gz + +Tag: missing-built-using-field-for-golang-package +Severity: wishlist +Certainty: certain +Info: This package builds a binary package which does not include + ${misc:Built-Using} in its Built-Using control field. + . + The ${misc:Built-Using} substvar is populated by dh-golang(1) + and used for scheduling binNMUs. + . + Please add the following line to your package definition: + . + Built-Using: ${misc:Built-Using} + +Tag: built-using-field-on-arch-all-package +Severity: wishlist +Certainty: certain +Info: This package builds a binary arch:all package which incorrectly + specifies a Built-Using control field. + . + Built-Using only applies to architecture-specific packages. + . + Please remove the Built-Using line from your package definition. diff --git a/checks/control-file.pm b/checks/control-file.pm index f2a97b24d..e1b117471 100644 --- a/checks/control-file.pm +++ b/checks/control-file.pm
Bug#891184: [PATCH] Add missing-xs-go-import-path-for-golang-package
Package: lintian Version: 2.5.72 Severity: wishlist Tags: patch Please review and merge the attached patch. Thanks! -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.13.0-1-amd64 (SMP w/12 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.29.1-6 ii bzip2 1.0.6-8.1 ii diffstat 1.61-1+b1 ii dpkg 1.19.0.5 ii file 1:5.32-1 ii gettext 0.19.8.1-4 ii intltool-debian 0.35.0+20060710.4 ii libapt-pkg-perl 0.1.33 ii libarchive-zip-perl 1.59-1 ii libclass-accessor-perl0.51-1 ii libclone-perl 0.38-2+b2 ii libdpkg-perl 1.19.0.5 ii libemail-valid-perl 1.202-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.96-1 ii liblist-moreutils-perl0.416-1+b3 ii libparse-debianchangelog-perl 1.2.0-12 ii libperl5.22 [libdigest-sha-perl] 5.22.2-5 ii libperl5.26 [libdigest-sha-perl] 5.26.1-3 ii libtext-levenshtein-perl 0.13-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.72-2 ii libxml-simple-perl2.24-1 ii libyaml-libyaml-perl 0.63-2+b2 ii man-db2.7.6.1-2 ii patchutils0.3.4-2 ii perl 5.26.1-3 ii t1utils 1.41-1 ii xz-utils 5.2.2-1.3 Versions of packages lintian recommends: pn libperlio-gzip-perl Versions of packages lintian suggests: pn binutils-multiarch ii dpkg-dev 1.19.0.5 ii libhtml-parser-perl3.72-3+b2 ii libtext-template-perl 1.47-1 -- no debconf information >From 17d3d7cfde705c91b39d09aef556705f340fbd05 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg <stapelb...@debian.org> Date: Fri, 23 Feb 2018 08:38:27 +0100 Subject: [PATCH] add missing-xs-go-import-path-for-golang-package --- checks/control-file.desc | 25 ++ checks/control-file.pm | 8 +++-- t/tests/binaries-golang/desc | 4 ++- t/tests/binaries-golang/tags | 1 + .../debian/Makefile| 16 + .../debian/basic.c | 12 +++ .../debian/debian/control.in | 40 ++ t/tests/control-file-golang-xs-go-import-path/desc | 5 +++ t/tests/control-file-golang-xs-go-import-path/tags | 0 9 files changed, 108 insertions(+), 3 deletions(-) create mode 100644 t/tests/control-file-golang-xs-go-import-path/debian/Makefile create mode 100644 t/tests/control-file-golang-xs-go-import-path/debian/basic.c create mode 100644 t/tests/control-file-golang-xs-go-import-path/debian/debian/control.in create mode 100644 t/tests/control-file-golang-xs-go-import-path/desc create mode 100644 t/tests/control-file-golang-xs-go-import-path/tags diff --git a/checks/control-file.desc b/checks/control-file.desc index 3e6485f79..6e6963690 100644 --- a/checks/control-file.desc +++ b/checks/control-file.desc @@ -374,3 +374,28 @@ Info: This package builds a binary arch:all package which incorrectly . Please remove the Built-Using line from your package definition. + +Tag: missing-xs-go-import-path-for-golang-package +Severity: wishlist +Certainty: certain +Info: This source package does not specify a XS-Go-Import-Path + control field. + . + The XS-Go-Import-Path makes available the import path of the Go + package to the Debian archive in an easily machine-readable form. + . + This is used in various tooling, such as dh-make-golang(1) to + resolve dependencies and avoid accidental duplication in the archive, + or in https://pkg-go.alioth.debian.org/ci.html. + . + For packages using dh-golang, the field should be set to the same + value as the DH_GOPKG variable in debian/rules. In fact, + dh-golang will automatically set DH_GOPKG to the + XS-Go-Import-Path value. + . + For packages which do not use dh-golang, or whose upstream does + not publish the source in a way that is compatible with go get + and hence does not have a canonical import path, it is preferred to + set a fake import path. Contact the pkg-go team at + https://pkg-go.alioth.debian.org/ for more specific advice in your + specific situation. diff --git a/checks/control-file.pm b/checks/control-file
Bug#891072: Please add golang-missing-built-using and golang-built-using-on-arch-all tags
Thank you for the quick turnaround on this! On Thu, Feb 22, 2018 at 2:55 PM, Chris Lambwrote: > tags 891072 + pending > thanks > > Dear Michael, > > I've applied this in git with a few (extremely minor) changes. Thanks! > > https://anonscm.debian.org/git/lintian/lintian.git/commit/?id= > e83f69fd2f1ea31ce0ecc2d86f55ad9ef0dfded3 > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org / chris-lamb.co.uk >`- > -- Best regards, Michael