diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:42:30 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:42:30 +0000 |
commit | 75808db17caf8b960b351e3408e74142f4c85aac (patch) | |
tree | 7989e9c09a4240248bf4658a22208a0a52d991c4 /t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general | |
parent | Initial commit. (diff) | |
download | lintian-75808db17caf8b960b351e3408e74142f4c85aac.tar.xz lintian-75808db17caf8b960b351e3408e74142f4c85aac.zip |
Adding upstream version 2.117.0.upstream/2.117.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 't/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general')
8 files changed, 299 insertions, 0 deletions
diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/maintscript b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/maintscript new file mode 100644 index 0000000..c3dcfac --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/maintscript @@ -0,0 +1 @@ +mv_conffile /etc/foo/old.conf /etc/foo/new.conf 0~ diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postinst b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postinst new file mode 100755 index 0000000..492f84a --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postinst @@ -0,0 +1,255 @@ +#!/bin/sh + +# This file contains a pile of random junk in maintainer scripts that we +# should be checking for in checks/scripts. Don't put bashisms in this file, +# though; those should go into scripts-bashisms. + +set -e + +print "Hit enter to continue" +read foo + +echo Please use update-rc.d or invoke-rc.d to set up blah blah. + +chown root.root /usr/share/doc/maintainer-scripts/changelog +chown root:root /usr/share/doc/maintainer-scripts/changelog + +# valid +FOO=/tmp +FOO=/var/tmp +: ${FOO:=/tmp} +FOO=`mktemp /tmp/scripts.XXXXXX` +rm "$FOO" +FOO=`tempfile -n/tmp/scripts.tmp` +mkdir /var/tmp/scripts +# invalid +echo foo >>/tmp/scripts.tmp +rm /tmp/scripts.tmp +rmdir /var/tmp/scripts + +# invalid, maintainer-script-hides-init-failure +invoke-rc.d foo start || exit 0 + +# The right way to invoke an rc script +if which invoke-rc.d >/dev/null 2>&1; then + invoke-rc.d package start +else + /etc/init.d/package start +fi + +# Example ucf invocation. +ucf /usr/share/foo/configuration /etc/foo.conf + +# Calling gconftool directly. +gconftool-2 --makefile-install-rule foo.schema + +# Calling gconf-schemas with no dependency. +gconf-schemas --register foo.schema + +# Calling update-xmlcatalog with no dependency. +update-xmlcatalog --add --type system --id "/usr/share/sgml/dtd/foo" \ + --package maintainer-scripts --root + +# Maintainer scripts shouldn't touch /var/lib/dpkg/status. This is the old +# recipe from the dpkg wiki that should be replaced with dpkg-query. +sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' /etc/conffile'{s/.* //;p}}\" \ + /var/lib/dpkg/status + +# Don't modify these files. +echo 'broken 6714/tcp' >> /etc/services +cp /nonexistent /etc/protocols +mv /usr/share/doc/rpc /etc/rpc + +# But this is okay. +cp /etc/protocols /etc/protocols.new + +# This is also wrong. +echo 'broken' > /etc/inetd.conf +cp /etc/inetd.conf.new /etc/inetd.conf + +# But this is fine. +cp /etc/inetd.conf /srv/chroot/etc/inetd.conf + +# Deprecated and not allowed except the second one. +install-sgmlcatalog --install package +install-sgmlcatalog --remove package + +# Calling start-stop-daemon directly in an init script. +start-stop-daemon --start --quiet --name foo --startas /usr/bin/foo + +# But stopping it is fine -- we may be working around something else. +start-stop-daemon --stop --quiet --name foo --startas /usr/bin/foo + +# Deprecated chown use with flags. +chown -R root.root /usr/share/doc/maintainer-scripts + +# The first should not trigger an error about a command with a path, but the +# second should. +case $mainscript in + /usr/bin/foo) foobarbaz;; +esac +/usr/bin/baz; echo bar + +# fc-cache shouldn't be called directly, but make sure we don't see it in a +# heredoc. +fc-cache +cat <<EOF +fc-cache +EOF + +# Obsolete suidregister program. +suidregister /usr/bin/foo + +# install-info is now handled through triggers. +install-info --quiet --section Development Development \ + /usr/share/info/foobar.info + +# Packages don't get to modify /etc/ld.so.conf +echo '/usr/local/lib' >> /etc/ld.so.conf +( cat /etc/ld.so.conf ; echo '/usr/local/lib' ) > /etc/ld.so.conf.new +mv /etc/ld.so.conf.new /etc/ld.so.conf + +# Further tests for commands with paths in maintainer scripts. The following +# should not trigger a tag (Bug#536397). +chmod `dpkg-statoverride --list /usr/sbin/apache2 | cut -f 3` /usr/sbin/apache2 + +# These, however, should. +true `basename "$0"` `/usr/bin/foo bar` +true `/usr/bin/foo "$0"` + +# This line should not trigger a warning about no dependency on ucf because of +# the || true. (Bug#541372) +ucf -p /etc/sensors3.conf || true + +if false ; then + mknod some thing +fi + +# Calling update alternative --set see #643602 +update-alternatives --set editor /usr/bin/nano + +# false positive +start-stop-daemon--stop --quiet --name foo --startas /usr/bin/foo + +# false positive +start-stop-daemon --quiet --stop --name foo --startas /usr/bin/foo + +# false negative +start-stop-daemon --quiet --start --name foo --startas /usr/bin/foo + +# remove device file +rm /dev/null + +# false positive +rm /dev/shm/test +rm /dev/.hiddenfile + +# adduser system +adduser --system foo +adduser --system foo2 --home /home/foo2 +adduser --system bar --home /var/lib/bar +adduser --home /var/lib/fnord --system fnord +adduser --home /home/fnord2 --system fnord2 + +# other test case for gconftool +/usr/bin/gconftool-2 --makefile-install-rule foo.schema + +# service +service apache2 start + +# adduser through variable +DEVNULL=/dev/null +adduser --system bar1 --home $DEVNULL +adduser --system bar2 --home ${DEVNULL} + +# this is a false positive due to quoting +adduser --system bar2 --home "${DEVNULL}" +adduser --system --ingroup smmta --home "/var/lib/sendmail" \ + --disabled-password \ + --quiet --gecos 'Mail Transfer Agent' smmta; + +# false positive +echo "You can use update-alternatives --config runsystem to select" +echo "the runsystem to use." + +# false negative +DIVERSIONS=`env LC_ALL=C /usr/sbin/dpkg-divert --list | grep -E 'by amule(-utils)?$'` || true +DIVERSIONS=`env LC_ALL="C" /usr/sbin/dpkg-divert --list | grep -E 'by amule(-utils)?$'` || true +DIVERSIONS=`env LC_ALL='C' /usr/sbin/dpkg-divert --list | grep -E 'by amule(-utils)?$'` || true + +if [ ! -x /usr/sbin/dpkg-state-override ] || \ + ! dpkg-state-override > /dev/null +then + true; +fi + +# bad +dpkg-maintscript-helper symlink_to_dir \ + /usr/share/autoconf-archive/html/ \ + ../../autoconf-archive/html \ + 20111221-2~ -- "$@" + +# good +dpkg-maintscript-helper symlink_to_dir \ + /usr/share/autoconf-archive/html \ + ../../autoconf-archive/html \ + 20111221-2~ -- "$@" + +# true positive +adduser --system --quiet --ingroup ntp --no-create-home ntp +adduser festival --quiet --system --ingroup audio --no-create-home + +# detect usage that could be replaced by dpkg-maintscript-helper +if [ -d /usr/share/doc/tworld ]; then + if rmdir /usr/share/doc/tworld 2>/dev/null; then + ln -s tworld-data /usr/share/doc/tworld + fi +fi + +chown root:root /good +chmod 777 /good +chown -R root:root /bad +chown root:root -R /bad +chown root:root --recursive /bad +chown --recursive root:root /bad +chmod -R 777 /bad +chmod 777 -R /bad +chmod 777 --recursive /bad +chmod --recursive 777 /bad +find /bad -maxdepth 2 -type d -exec chown root:root {} \; # (#895370) +find /bad -maxdepth 2 -type d -exec chmod 777 # (#895370) + +echo /var/lib/dpkg/info/other-package.conffiles +echo /var/lib/dpkg/info/other-package.md5sums +echo /var/lib/dpkg/info/other-package.shlibs +echo /var/lib/dpkg/info/other-package.postinst +echo /var/lib/dpkg/info/other-package.preinst +echo /var/lib/dpkg/info/other-package.list +echo /var/lib/dpkg/triggers/other-package + +getent passwd good || true +getent group good || true +getent passwd good || true # grep /etc/passwd false-positive +getent group good || true # grep /etc/group false-positive +grep bad /etc/passwd || true +grep bad /etc/group || true +grep -E bad /etc/passwd || true +grep -E bad /etc/passwd || true +grep -F bad /etc/group || true +grep -F bad /etc/group || true +# grep /etc/passwd false-positive +# grep /etc/group false-positive + +echo $PIUPARTS_TEST # bad +echo ${PIUPARTS_OBJECTS} +echo ${PIUPARTS_PHASE} +echo ${PIUPARTS_DISTRIBUTION} +echo ${PIUPARTS_DISTRIBUTION_NEXT} +echo ${PIUPARTS_DISTRIBUTION_PREV} +echo $PIUPARTS_IS_AWESOME # good + +#DEBHELPER# + +# Automatically added by dh_dummy/12 +true `/usr/bin/false-positive "$0"` +# End automatically added section diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postrm b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postrm new file mode 100644 index 0000000..21ce89e --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postrm @@ -0,0 +1,9 @@ +#!/bin/sh +# we do not set -e + +echo "ok" > /dev/null + +# not allowed +update-alternatives --remove foo + +#DEBHELPER#
\ No newline at end of file diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/prerm b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/prerm new file mode 100644 index 0000000..fcbd64e --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/prerm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +# This script should fail a syntax check + +if [ "$1" = configure ] then # oh look - I forgot a ; + echo "Hallo world" +fi + +#DEBHELPER# diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/rules b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/rules new file mode 100644 index 0000000..6f66b82 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +%: + dh $@ + +override_dh_installdeb: + dh_installdeb + echo "#DEBHELPER#" >> debian/$(shell dh_listpackages)/DEBIAN/postinst diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/fill-values b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/fill-values new file mode 100644 index 0000000..111edec --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: scripts-maintainer-general +Distribution: precise +Description: Check general problems in maintainer scripts diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/desc b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/desc new file mode 100644 index 0000000..9f14684 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/desc @@ -0,0 +1,5 @@ +Testname: scripts-maintainer-general +Profile: ubuntu/main +Check: maintainer-scripts/temporary-files +See-Also: + Bug#532984 diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/hints b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/hints new file mode 100644 index 0000000..4796720 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/hints @@ -0,0 +1,6 @@ +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:28] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:19] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:27] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:26] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:20] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:18] |