This is an automated email from the git hooks/post-receive script. lamby pushed a commit to branch master in repository lintian.
commit 213777e48ba1ee4f1945bdb9eebefc74458df472 Author: Chris Lamb <la...@debian.org> Date: Tue Feb 13 16:37:02 2018 +0000 Check for maintainer scripts that call udevadm without a guard as it can fail within a chroot. (Closes: #890224) --- checks/scripts.desc | 14 ++++++++++++++ checks/scripts.pm | 16 +++++++++++++--- debian/changelog | 3 +++ .../debian/debian/postinst | 20 ++++++++++++++++++++ .../debian/debian/preinst | 18 ++++++++++++++++++ t/tests/scripts-udevadm-called-without-guard/desc | 5 +++++ t/tests/scripts-udevadm-called-without-guard/tags | 2 ++ 7 files changed, 75 insertions(+), 3 deletions(-) diff --git a/checks/scripts.desc b/checks/scripts.desc index b244bbb..eba0c8e 100644 --- a/checks/scripts.desc +++ b/checks/scripts.desc @@ -838,3 +838,17 @@ Info: The maintainer script appears to call <tt>chmod</tt> or - Use <tt>runuser(1)</tt> to perform any initialization work as the user you were previously <tt>chown</tt>ing to. Ref: #889060, #889488, runuser(1) + +Tag: udevadm-called-without-guard +Severity: normal +Certainty: possible +Info: The specified maintainer script uses <tt>set -e</tt> but seems to + call <tt>udevadm(8)</tt> without a conditional guard. + . + <tt>udevadm</tt> can exist but be non-functional (such as inside a + chroot) and thus can result in package installation or upgrade failure + if the call fails. + . + Please guard the return code of the call via wrapping it in a suitable + <tt>if</tt> construct or by appending <tt>|| true</tt>. +Ref: #890224, udevadm(8) diff --git a/checks/scripts.pm b/checks/scripts.pm index af08ad1..7021610 100644 --- a/checks/scripts.pm +++ b/checks/scripts.pm @@ -641,9 +641,13 @@ sub run { # now scan the file contents themselves my $fd = $path->open; - my ($saw_init, $saw_invoke, $saw_debconf, - $saw_bange, $saw_sete, $has_code, - $saw_statoverride_list, $saw_statoverride_add); + my ( + $saw_init, $saw_invoke, + $saw_debconf,$saw_bange, + $saw_sete, $has_code, + $saw_statoverride_list, $saw_statoverride_add, + $saw_udevadm_guard + ); my %warned; my $cat_string = ''; @@ -711,6 +715,12 @@ sub run { $seen_helper_cmds{$cmd}{$file} = 1; } + if (m,$LEADIN(?:/bin/)?udevadm\s, and $saw_sete) { + $saw_udevadm_guard = 1 if m/\bif\s+/g; + tag 'udevadm-called-without-guard', "$file:$." + unless $saw_udevadm_guard or m/\|\|/; + } + if ( m,[^\w](?:(?:/var)?/tmp|\$TMPDIR)/[^)\]}\s], and not m/\bmks?temp\b/ and not m/\btempfile\b/ diff --git a/debian/changelog b/debian/changelog index 1c499f8..aa5a74b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -25,6 +25,9 @@ lintian (2.5.75) UNRELEASED; urgency=medium + [CL] Underline that maintainers do not need to override the new-package-should-not-package-python2-module tag but rather leave a comment in debian/changelog. + * checks/scripts.{desc,pm}: + + [CL] Check for maintainer scripts that call udevadm without a guard + as it can fail within a chroot. (Closes: #890224) * commands/reporting-html-reports.html: + [NT] Minimize generated SVG files if scour is installed and diff --git a/t/tests/scripts-udevadm-called-without-guard/debian/debian/postinst b/t/tests/scripts-udevadm-called-without-guard/debian/debian/postinst new file mode 100644 index 0000000..ee508c4 --- /dev/null +++ b/t/tests/scripts-udevadm-called-without-guard/debian/debian/postinst @@ -0,0 +1,20 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +udevadm positive + +udevadm false-positive || true +udevadm false-positive || echo "Warning message" + +if udevadm false-positive +then + udevadm false-positive +fi + +# We don't actually catch this one as our test is too naive +udevadm positive + +exit 0 diff --git a/t/tests/scripts-udevadm-called-without-guard/debian/debian/preinst b/t/tests/scripts-udevadm-called-without-guard/debian/debian/preinst new file mode 100644 index 0000000..70e0741 --- /dev/null +++ b/t/tests/scripts-udevadm-called-without-guard/debian/debian/preinst @@ -0,0 +1,18 @@ +#!/bin/sh + +#DEBHELPER# + +udevadm positive + +udevadm false-positive || true +udevadm false-positive || echo "Warning message" + +if udevadm false-positive +then + udevadm false-positive +fi + +# We don't actually catch this one as our test is too naive +udevadm positive + +exit 0 diff --git a/t/tests/scripts-udevadm-called-without-guard/desc b/t/tests/scripts-udevadm-called-without-guard/desc new file mode 100644 index 0000000..61c7c4a --- /dev/null +++ b/t/tests/scripts-udevadm-called-without-guard/desc @@ -0,0 +1,5 @@ +Testname: scripts-udevadm-called-without-guard +Version: 1.0 +Description: Test for packages that call udevadm without a guard +Test-For: + udevadm-called-without-guard diff --git a/t/tests/scripts-udevadm-called-without-guard/tags b/t/tests/scripts-udevadm-called-without-guard/tags new file mode 100644 index 0000000..9db7f0f --- /dev/null +++ b/t/tests/scripts-udevadm-called-without-guard/tags @@ -0,0 +1,2 @@ +W: scripts-udevadm-called-without-guard: maintainer-script-ignores-errors preinst +W: scripts-udevadm-called-without-guard: udevadm-called-without-guard postinst:7 -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git