diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:42:30 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:42:30 +0000 |
| commit | 75808db17caf8b960b351e3408e74142f4c85aac (patch) | |
| tree | 7989e9c09a4240248bf4658a22208a0a52d991c4 /t/recipes/checks/maintainer-scripts/temporary-files | |
| parent | Initial commit. (diff) | |
| download | lintian-75808db17caf8b960b351e3408e74142f4c85aac.tar.xz lintian-75808db17caf8b960b351e3408e74142f4c85aac.zip | |
Adding upstream version 2.117.0.upstream/2.117.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 't/recipes/checks/maintainer-scripts/temporary-files')
22 files changed, 879 insertions, 0 deletions
diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/changelog.in b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/changelog.in new file mode 100644 index 0000000..a12fc8c --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/changelog.in @@ -0,0 +1,57 @@ +maintainer-scripts ([% $version %]) [% $distribution %]; urgency=low + + * Doing an upload for QA but I fail to give it a correct version number, + have some uploaders, and also fail to mention it... Bad me ;) + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Sun, 18 Apr 2004 02:05:29 +0200 + +maintainer-scripts (6.1) unstable; urgency=low + + * I made this entry on my local PC, oops ;) + + -- Jeroen van Wolffelaar <jeroen@mordor> Sat, 21 Feb 2004 18:29:37 +0100 + +maintainer-scripts (6) unstable; urgency=low + + * added ldconfig calls to postrm to check test the postrm tests + from shared-libs + + -- Frank Lichtenheld <djpig@debian.org> Sat, 21 Feb 2004 18:29:36 +0100 + +maintainer-scripts (5) unstable; urgency=low + + * added bash style arrays to postinst, this one is for you Torsten (-: + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Fri, 30 Mar 2001 23:27:06 -0800 + +maintainer-scripts (4) unstable; urgency=low + + * added a here document to the prerm, along with two more bashisms + * made postrm a bash script to check that bash scripts are not searched + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Mon, 26 Feb 2001 13:02:57 -0800 + +maintainer-scripts (3) unstable; urgency=low + + * Added check for '.' called as '. foo || bar', lintian 1.11.15 failed this + thinking the '||' was a argument. + * also added an invalid call to '. foo bar' + * postinst now has a space between the #! and /bin/sh to test the interpreter + checking code. + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Tue, 9 Jan 2001 23:06:25 -0800 + +maintainer-scripts (2) unstable; urgency=low + + * Fix location of changelog. + * prerm and postrm do 'update-alternatives --remove'; should only complain + about postrm. + + -- Colin Watson <cjw44@flatline.org.uk> Fri, 29 Dec 2000 06:01:24 +0000 + +maintainer-scripts (1) unstable; urgency=low + + * Initial version + * postinst and prerm set the usr/doc symlink + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Thu, 16 Nov 2000 09:11:40 -0800 diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/config b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/config new file mode 100644 index 0000000..29abeba --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/config @@ -0,0 +1,3 @@ +#!/usr/bin/python + +# I use python, but that's not what I'm supposed to be allowed to use diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/control.in b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/control.in new file mode 100644 index 0000000..63dd2db --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/control.in @@ -0,0 +1,18 @@ +Source: maintainer-scripts +Section: misc +Priority: optional +Maintainer: QA group <packages@qa.debian.org> +Uploaders: Anyone but Jeroen <jeroen@wolffelaar.nl> +Build-Depends: [% $build_depends %] +Standards-Version: 3.1.1 +Rules-Requires-Root: binary-targets +XS-Dm-Upload-Allowed: Yes + +Package: maintainer-scripts +Architecture: [% $package_architecture %] +Depends: test +Description: test lintian's maintainer script checks + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/postinst b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/postinst new file mode 100644 index 0000000..e56ed3b --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/postinst @@ -0,0 +1,181 @@ +#! /bin/sh -e + +if [ "$1" = "configure" ]; then + if [ -d /usr/doc -a ! -e /usr/doc/maintainer-scripts -a -d /usr/share/doc/maintainer-scripts ]; then + ln -sf ../share/doc/maintainer-scripts /usr/doc/maintainer-scripts + fi +fi + +# valid +. /usr/share/lintian/shell || exit 0 +. /usr/share/lintian/shell >/dev/null +. /usr/share/lintian/shell 2>/dev/null +. /usr/share/lintian/shell </dev/null +. "$(dirname $0)/shell" ; bar +# invalid +. /usr/share/lintian/shell foo +. "$(dirname $0)/shell" bar + +print "Hit enter to continue" +read + +H[0]='this is a string' +echo ${H[0]} +echo "Index 0's length is ${#H[0]}" +echo "All of the array is: ${H[@]}" + +install-info /usr/share/info/foo \ + --quiet \ # make it so + --section foo + +echo Please use update-rc.d or invoke-rc.d to set up blah blah. + +chown root.root /usr/share/doc/maintainer-scripts/changelog +chown root:root /usr/share/doc/maintainer-scripts/changelog + +$FOO=bar +update-rc.d foo defaults >/dev/null +update-rc.d $FOO defaults +update-rc.d foo remove + +# valid +FOO=/tmp +FOO=/var/tmp +: ${FOO:=/tmp} +FOO=`mktemp /tmp/scripts.XXXXXX` +rm "$FOO" +FOO=`tempfile -n/tmp/scripts.tmp` +mkdir /var/tmp/scripts +FOO="/tmp/false.positive.XXXXXX" +# invalid +echo foo >>/tmp/scripts.tmp +rm /tmp/scripts.tmp +rmdir /var/tmp/scripts + +# invalid, maintainer-script-hides-init-failure +invoke-rc.d foo start || exit 0 + +# The right way to invoke an rc script +if which invoke-rc.d >/dev/null 2>&1; then + invoke-rc.d package start +else + /etc/init.d/package start +fi + +# Example ucf invocation. +ucf /usr/share/foo/configuration /etc/foo.conf + +# Calling gconftool directly. +gconftool-2 --makefile-install-rule foo.schema + +# Calling gconf-schemas with no dependency. +gconf-schemas --register foo.schema + +# Calling update-xmlcatalog with no dependency. +update-xmlcatalog --add --type system --id "/usr/share/sgml/dtd/foo" \ + --package maintainer-scripts --root + +# Maintainer scripts shouldn't touch /var/lib/dpkg/status. This is the old +# recipe from the dpkg wiki that should be replaced with dpkg-query. +sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' /etc/conffile'{s/.* //;p}}\" \ + /var/lib/dpkg/status + +# Don't modify these files. +echo 'broken 6714/tcp' >> /etc/services +cp /nonexistent /etc/protocols +mv /usr/share/doc/rpc /etc/rpc + +# But this is okay. +cp /etc/protocols /etc/protocols.new + +# This is also wrong. +echo 'broken' > /etc/inetd.conf +cp /etc/inetd.conf.new /etc/inetd.conf + +# But this is fine. +cp /etc/inetd.conf /srv/chroot/etc/inetd.conf + +# Deprecated +install-sgmlcatalog --install package +install-sgmlcatalog --remove package + +# This too is a heredoc. +some-program > /etc/config-file <<'EOF' +echo "All of the array is: ${H[@]}" +EOF + +# But this isn't. +cat '<<EOF' +echo "All of the array is: ${H[@]}" +EOF + +# This is a heredoc +cat <<-EOF +echo "All of the array is ${H[@]}" +EOF + +# As is this +cat <<';' +echo "All of the array is ${H[@]}" +; + +# and this +cat <<foo +echo "All of the array is ${H[@]}" +foobar +echo $HOSTNAME +foo + +# and again +cat <<\bar +echo "All of the array is ${H[@]}" +bar + +# yet another +cat <<"x++" +echo "All of the array is ${H[@]}" +x++ + +# Recognize single quotes even if they start at the beginning of a line. +echo not a bashism \ +'/{ptex,tex}/{amstex,plain,generic,}' + +# More bashisms. +echo -e 'foo\n' +echo "${!foo}" +cat $(\< file) +select foo in a b ; do echo $foo ; done +cnt=$((cnt + 1)) +if false ; then + exec -l /bin/sh + exec -c /bin/sh + exec -a foo /bin/sh +fi +let cnt++ +if test -a /etc/default ; then + echo "$RANDOM|stuff" +fi + +# Calling start-stop-daemon directly in an init script. +start-stop-daemon --start --quiet --name foo --startas /usr/bin/foo + +# But stopping it is fine -- we may be working around something else. +start-stop-daemon --stop --quiet --name foo --startas /usr/bin/foo + +# Deprecated chown use with flags. +chown -R root.root /usr/share/doc/maintainer-scripts + +case $mainscript in + /usr/bin/foo) foobarbaz;; +esac + +/usr/bin/baz; echo bar + +# Some comment checking +# This should flag $RANDOM +test $# -gt 2 && echo $RANDOM +# But these shouldn't +test 1=1 # echo $RANDOM +(test 1=1)# echo $RANDOM +test 1=1;# echo $RANDOM +backgroundtask &#echo $RA diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/postrm b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/postrm new file mode 100644 index 0000000..c0aaf19 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/postrm @@ -0,0 +1,47 @@ +#!/bin/bash +#set -e + +update-alternatives --remove dummy /usr/bin/dummy-alternative + +# Normally read in a maintainer script is not kosher, but here we're going +# to do it only if debconf doesn't exist. +if ! test -f /usr/share/debconf/confmodule ; then + echo "Hit enter" + read +fi + +# neither of the following should be detected as postrm-unsafe-ldconfig +# intended, without quotes + if [ "$1" = remove ]; then + ldconfig + fi +# reversed, many whitespace +if [ 'remove' = "$1" ] +then + + ldconfig +fi + +[ "remove" ="$1" ] && ldconfig + +update-rc.d bar remove + +# Shouldn't provoke an error despite no invoke-rc.d. +echo "/etc/init.d/package stop to stop something" + +# Shouldn't require a ucf dependency. Unfortunately, right now that's +# just because postrm isn't checked, not because we ensure that the +# invocation is conditional. +if which ucf >/dev/null; then + ucf --purge /etc/foo.conf +fi + +# This isn't allowed. +rm /tmp/foo /dev/device +rm /dev/device1 + +# But this is okay. +rm /tmp/foo > /dev/null + +# Not allowed here even with remove. +install-sgmlcatalog --remove package diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/preinst b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/preinst new file mode 100644 index 0000000..6058978 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/preinst @@ -0,0 +1,18 @@ +#!/bin/sh + +update-rc.d foo remove +update-rc.d bar defaults + +# Obsolete dpkg assertions. +dpkg --assert-support-predepends || exit 1 +dpkg --assert-working-epoch || exit 1 +dpkg --assert-long-filenames || exit 1 +dpkg --assert-multi-conrep || exit 1 + +/bin/grep -E --mmap "^Package: foo$" /var/lib/dpkg/status + +# continuation lines +update-alternatives --install /usr/bin/fakeroot fakeroot \ + /usr/bin/fakeroot-ng 5 \ + --slave /usr/share/man/man1/fakeroot.1.gz \ + fakeroot.1.gz /usr/share/man/man1/fakeroot-ng.1.gz diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/prerm b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/prerm new file mode 100644 index 0000000..076ecaf --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/prerm @@ -0,0 +1,188 @@ +#!/bin/sh + +if [ "$1" != "upgrade" ]; then + update-alternatives --remove dummy /usr/bin/dummy-alternative +fi + +if ([ "$1" = "upgrade" ] || [ "$1" = "remove" ]) && [ -L /usr/doc/maintainer-scripts ]; the +n + rm -f /usr/doc/maintainer-scripts +fi + +cat <<EOF +This is all really bad bash specific code!!! +read +source /bar/baz/bat foo +EOF + +# ok, back to checking +if [ "$2" == "purge" ]; then + rm -r /bar/baz +fi + +function foo( ) { + # but not here: local + local bar + echo "foo" &>/dev/null +} + +source $FOO + +trap "echo hi" EXIT HUP 3 + +if [[ "$2" = "purge" ]]; then + kill -HUP $$ +fi + +#this is ok though +if test -n $(echo foo | perl -pe 's/[[:space:]]//go'); then + echo 1 +fi + +update-rc.d foo remove + +# More false positives for bashism checks. None of these are errors. +echo "$line" | grep -q '{fonts/map,}/{\$progname,pdftex,dvips,}//' +echo "$line" | grep -q "${fonts},${foo}" +echo '$[1+2]' +printf "foo |& bar" +perl -e "print q( kill -HUP $? )" + +# Still catch disallowed expansions in double-quotes, though. +echo "${line:3:1}" + +# The wrong way to run an init script (no invoke-rc.d). +/etc/init.d/package stop + +# This is the only install-sgmlcatalog call that's allowed. +install-sgmlcatalog --quiet --remove package + +# More bashisms checks + +read -x foo +read -x +read -r foo +read foo +read + +echo "a\\b" +echo 'a\nb' + +echo "${UID}" +echo "$EUID" +echo "$SHLVL" +echo "$DIRSTACK" +echo "$SECONDS" +echo "$BASH" +echo "$BASH_FOO" +echo "$SHELLOPTS" +echo "$PIPESTATUS" + +bar="$(cut '-d|' -f2 <<< "$foo")" + +VAR=1 +VAR+=a + +echos() { + echo -n -e "bar" + echo -e -n "bar" + echo -en "bar" + echo -ne "bar" + echo "bar" + echo "echo -e foo" +} + +ech.os() { + echo foo >& 2 + echo foo >&bar + echo foo >& bar +} + +echoes() { + echo "abc\nxyz" + echo 'xyz\rabc' + echo foo\cbar + + echo -e "abc\nxyz" + echo -net 'xyz\rabc' + echo -e foo\cbar +} + +foobar.() { + suspend x + suspended x + caller x + complete x + compgen x + declare -a foo +} + +.foobar() { + typeset -x bar + disown 1 + builtin foo + set -B + alias -p + unalias -a +} + +IFS="()" + +ulimit +shopt +type -v bar +time ls +dirs +diff <(tac a) <(tac b) + +pushd + +local foo=bar +local -x foo + +popd + +readonly -f + +echo bar > /dev/tcp +export x +export -x x +export -p x + +sh -x +sh -D +sh --foo +sh +O + +# Brace expansion checks +echo {a,b} +echo {abc},{bcd} + +foobar() +{ + # This is a function +} + + foo.bar() +( + # This is a function with a bad name +) + +foobar@() +{ + # As is this +} + +# This is ok +read -r foo +# but these aren't +read -r +read -p "Would you like to restart the service?" foo bar +read --fish + +set -e + +source "$BAR" +source '$BAR' +source ~/bar +source a diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/rules b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/rules new file mode 100755 index 0000000..de4161e --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/rules @@ -0,0 +1,36 @@ +#!/usr/bin/make -f + +build-arch: + +build-indep: + +build: build-arch build-indep + +binary-arch: + +binary-indep: + install -d debian/tmp/DEBIAN + install -m 0755 debian/config debian/tmp/DEBIAN + install -m 0755 debian/preinst debian/tmp/DEBIAN + install -m 0755 debian/postinst debian/tmp/DEBIAN + install -m 0755 debian/prerm debian/tmp/DEBIAN + install -m 0755 debian/postrm debian/tmp/DEBIAN + install -m 0644 debian/triggers debian/tmp/DEBIAN + install -d debian/tmp/usr/share/doc/maintainer-scripts + install -m 0644 debian/changelog \ + debian/tmp/usr/share/doc/maintainer-scripts/changelog + gzip -n -9 debian/tmp/usr/share/doc/maintainer-scripts/changelog + dpkg-gencontrol -isp + dpkg --build debian/tmp .. + +binary: binary-arch binary-indep + +# Make sure we see dh_clean even in a rule clean depends on. Not the point of +# this test suite, but a convenient place to put it. +clean: clean1 clean2 clean3 +clean1: +clean2: + dh_clean +clean3: + +.PHONY: build-arch build-indep build binary-arch binary-indep binary clean diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/triggers b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/triggers new file mode 100644 index 0000000..f627094 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/triggers @@ -0,0 +1,4 @@ +# Example triggers file +activate foo + +interest bar diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/watch b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/watch new file mode 100644 index 0000000..430eea3 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/debian/watch @@ -0,0 +1,11 @@ +# A whitespace is fine for uscan: + version=5 + +# Following line should not be matched: +#opts=uversionmangle=s/$/+debian/,dversionmangle=s/foo/bar/ \ +# Following one is incorrect, there's a missing backslash at the end +opts=uversionmangle=s/$/+dfsg/,dversionmangle=s/foo/bar/ + +# 'active' is useless here, but it works anyway +options=active \ +http://domain.tld/foo-(.+)\.tar\.gz
\ No newline at end of file diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/fill-values b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/fill-values new file mode 100644 index 0000000..c281e87 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-non-native +Testname: legacy-maintainer-scripts +Source: maintainer-scripts +Version: 7+dfsg-0.1 +Description: Legacy test "maintainer-scripts" +Extra-Build-Depends: dash (>= 0.5.10.2) diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/eval/desc b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/eval/desc new file mode 100644 index 0000000..047d119 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-maintainer-scripts +Check: maintainer-scripts/temporary-files diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/eval/hints b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/eval/hints new file mode 100644 index 0000000..7899e4f --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/eval/hints @@ -0,0 +1,8 @@ +maintainer-scripts (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:53] +maintainer-scripts (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:43] +maintainer-scripts (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postrm:44] +maintainer-scripts (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postrm:40] +maintainer-scripts (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:52] +maintainer-scripts (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:51] +maintainer-scripts (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:44] +maintainer-scripts (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:42] diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/eval/post-test b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/eval/post-test new file mode 100644 index 0000000..faeef0b --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/legacy-maintainer-scripts/eval/post-test @@ -0,0 +1 @@ +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/maintscript b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/maintscript new file mode 100644 index 0000000..c3dcfac --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/maintscript @@ -0,0 +1 @@ +mv_conffile /etc/foo/old.conf /etc/foo/new.conf 0~ diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postinst b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postinst new file mode 100755 index 0000000..492f84a --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postinst @@ -0,0 +1,255 @@ +#!/bin/sh + +# This file contains a pile of random junk in maintainer scripts that we +# should be checking for in checks/scripts. Don't put bashisms in this file, +# though; those should go into scripts-bashisms. + +set -e + +print "Hit enter to continue" +read foo + +echo Please use update-rc.d or invoke-rc.d to set up blah blah. + +chown root.root /usr/share/doc/maintainer-scripts/changelog +chown root:root /usr/share/doc/maintainer-scripts/changelog + +# valid +FOO=/tmp +FOO=/var/tmp +: ${FOO:=/tmp} +FOO=`mktemp /tmp/scripts.XXXXXX` +rm "$FOO" +FOO=`tempfile -n/tmp/scripts.tmp` +mkdir /var/tmp/scripts +# invalid +echo foo >>/tmp/scripts.tmp +rm /tmp/scripts.tmp +rmdir /var/tmp/scripts + +# invalid, maintainer-script-hides-init-failure +invoke-rc.d foo start || exit 0 + +# The right way to invoke an rc script +if which invoke-rc.d >/dev/null 2>&1; then + invoke-rc.d package start +else + /etc/init.d/package start +fi + +# Example ucf invocation. +ucf /usr/share/foo/configuration /etc/foo.conf + +# Calling gconftool directly. +gconftool-2 --makefile-install-rule foo.schema + +# Calling gconf-schemas with no dependency. +gconf-schemas --register foo.schema + +# Calling update-xmlcatalog with no dependency. +update-xmlcatalog --add --type system --id "/usr/share/sgml/dtd/foo" \ + --package maintainer-scripts --root + +# Maintainer scripts shouldn't touch /var/lib/dpkg/status. This is the old +# recipe from the dpkg wiki that should be replaced with dpkg-query. +sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' /etc/conffile'{s/.* //;p}}\" \ + /var/lib/dpkg/status + +# Don't modify these files. +echo 'broken 6714/tcp' >> /etc/services +cp /nonexistent /etc/protocols +mv /usr/share/doc/rpc /etc/rpc + +# But this is okay. +cp /etc/protocols /etc/protocols.new + +# This is also wrong. +echo 'broken' > /etc/inetd.conf +cp /etc/inetd.conf.new /etc/inetd.conf + +# But this is fine. +cp /etc/inetd.conf /srv/chroot/etc/inetd.conf + +# Deprecated and not allowed except the second one. +install-sgmlcatalog --install package +install-sgmlcatalog --remove package + +# Calling start-stop-daemon directly in an init script. +start-stop-daemon --start --quiet --name foo --startas /usr/bin/foo + +# But stopping it is fine -- we may be working around something else. +start-stop-daemon --stop --quiet --name foo --startas /usr/bin/foo + +# Deprecated chown use with flags. +chown -R root.root /usr/share/doc/maintainer-scripts + +# The first should not trigger an error about a command with a path, but the +# second should. +case $mainscript in + /usr/bin/foo) foobarbaz;; +esac +/usr/bin/baz; echo bar + +# fc-cache shouldn't be called directly, but make sure we don't see it in a +# heredoc. +fc-cache +cat <<EOF +fc-cache +EOF + +# Obsolete suidregister program. +suidregister /usr/bin/foo + +# install-info is now handled through triggers. +install-info --quiet --section Development Development \ + /usr/share/info/foobar.info + +# Packages don't get to modify /etc/ld.so.conf +echo '/usr/local/lib' >> /etc/ld.so.conf +( cat /etc/ld.so.conf ; echo '/usr/local/lib' ) > /etc/ld.so.conf.new +mv /etc/ld.so.conf.new /etc/ld.so.conf + +# Further tests for commands with paths in maintainer scripts. The following +# should not trigger a tag (Bug#536397). +chmod `dpkg-statoverride --list /usr/sbin/apache2 | cut -f 3` /usr/sbin/apache2 + +# These, however, should. +true `basename "$0"` `/usr/bin/foo bar` +true `/usr/bin/foo "$0"` + +# This line should not trigger a warning about no dependency on ucf because of +# the || true. (Bug#541372) +ucf -p /etc/sensors3.conf || true + +if false ; then + mknod some thing +fi + +# Calling update alternative --set see #643602 +update-alternatives --set editor /usr/bin/nano + +# false positive +start-stop-daemon--stop --quiet --name foo --startas /usr/bin/foo + +# false positive +start-stop-daemon --quiet --stop --name foo --startas /usr/bin/foo + +# false negative +start-stop-daemon --quiet --start --name foo --startas /usr/bin/foo + +# remove device file +rm /dev/null + +# false positive +rm /dev/shm/test +rm /dev/.hiddenfile + +# adduser system +adduser --system foo +adduser --system foo2 --home /home/foo2 +adduser --system bar --home /var/lib/bar +adduser --home /var/lib/fnord --system fnord +adduser --home /home/fnord2 --system fnord2 + +# other test case for gconftool +/usr/bin/gconftool-2 --makefile-install-rule foo.schema + +# service +service apache2 start + +# adduser through variable +DEVNULL=/dev/null +adduser --system bar1 --home $DEVNULL +adduser --system bar2 --home ${DEVNULL} + +# this is a false positive due to quoting +adduser --system bar2 --home "${DEVNULL}" +adduser --system --ingroup smmta --home "/var/lib/sendmail" \ + --disabled-password \ + --quiet --gecos 'Mail Transfer Agent' smmta; + +# false positive +echo "You can use update-alternatives --config runsystem to select" +echo "the runsystem to use." + +# false negative +DIVERSIONS=`env LC_ALL=C /usr/sbin/dpkg-divert --list | grep -E 'by amule(-utils)?$'` || true +DIVERSIONS=`env LC_ALL="C" /usr/sbin/dpkg-divert --list | grep -E 'by amule(-utils)?$'` || true +DIVERSIONS=`env LC_ALL='C' /usr/sbin/dpkg-divert --list | grep -E 'by amule(-utils)?$'` || true + +if [ ! -x /usr/sbin/dpkg-state-override ] || \ + ! dpkg-state-override > /dev/null +then + true; +fi + +# bad +dpkg-maintscript-helper symlink_to_dir \ + /usr/share/autoconf-archive/html/ \ + ../../autoconf-archive/html \ + 20111221-2~ -- "$@" + +# good +dpkg-maintscript-helper symlink_to_dir \ + /usr/share/autoconf-archive/html \ + ../../autoconf-archive/html \ + 20111221-2~ -- "$@" + +# true positive +adduser --system --quiet --ingroup ntp --no-create-home ntp +adduser festival --quiet --system --ingroup audio --no-create-home + +# detect usage that could be replaced by dpkg-maintscript-helper +if [ -d /usr/share/doc/tworld ]; then + if rmdir /usr/share/doc/tworld 2>/dev/null; then + ln -s tworld-data /usr/share/doc/tworld + fi +fi + +chown root:root /good +chmod 777 /good +chown -R root:root /bad +chown root:root -R /bad +chown root:root --recursive /bad +chown --recursive root:root /bad +chmod -R 777 /bad +chmod 777 -R /bad +chmod 777 --recursive /bad +chmod --recursive 777 /bad +find /bad -maxdepth 2 -type d -exec chown root:root {} \; # (#895370) +find /bad -maxdepth 2 -type d -exec chmod 777 # (#895370) + +echo /var/lib/dpkg/info/other-package.conffiles +echo /var/lib/dpkg/info/other-package.md5sums +echo /var/lib/dpkg/info/other-package.shlibs +echo /var/lib/dpkg/info/other-package.postinst +echo /var/lib/dpkg/info/other-package.preinst +echo /var/lib/dpkg/info/other-package.list +echo /var/lib/dpkg/triggers/other-package + +getent passwd good || true +getent group good || true +getent passwd good || true # grep /etc/passwd false-positive +getent group good || true # grep /etc/group false-positive +grep bad /etc/passwd || true +grep bad /etc/group || true +grep -E bad /etc/passwd || true +grep -E bad /etc/passwd || true +grep -F bad /etc/group || true +grep -F bad /etc/group || true +# grep /etc/passwd false-positive +# grep /etc/group false-positive + +echo $PIUPARTS_TEST # bad +echo ${PIUPARTS_OBJECTS} +echo ${PIUPARTS_PHASE} +echo ${PIUPARTS_DISTRIBUTION} +echo ${PIUPARTS_DISTRIBUTION_NEXT} +echo ${PIUPARTS_DISTRIBUTION_PREV} +echo $PIUPARTS_IS_AWESOME # good + +#DEBHELPER# + +# Automatically added by dh_dummy/12 +true `/usr/bin/false-positive "$0"` +# End automatically added section diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postrm b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postrm new file mode 100644 index 0000000..21ce89e --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/postrm @@ -0,0 +1,9 @@ +#!/bin/sh +# we do not set -e + +echo "ok" > /dev/null + +# not allowed +update-alternatives --remove foo + +#DEBHELPER#
\ No newline at end of file diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/prerm b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/prerm new file mode 100644 index 0000000..fcbd64e --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/prerm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +# This script should fail a syntax check + +if [ "$1" = configure ] then # oh look - I forgot a ; + echo "Hallo world" +fi + +#DEBHELPER# diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/rules b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/rules new file mode 100644 index 0000000..6f66b82 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/debian/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +%: + dh $@ + +override_dh_installdeb: + dh_installdeb + echo "#DEBHELPER#" >> debian/$(shell dh_listpackages)/DEBIAN/postinst diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/fill-values b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/fill-values new file mode 100644 index 0000000..111edec --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: scripts-maintainer-general +Distribution: precise +Description: Check general problems in maintainer scripts diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/desc b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/desc new file mode 100644 index 0000000..9f14684 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/desc @@ -0,0 +1,5 @@ +Testname: scripts-maintainer-general +Profile: ubuntu/main +Check: maintainer-scripts/temporary-files +See-Also: + Bug#532984 diff --git a/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/hints b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/hints new file mode 100644 index 0000000..4796720 --- /dev/null +++ b/t/recipes/checks/maintainer-scripts/temporary-files/scripts-maintainer-general/eval/hints @@ -0,0 +1,6 @@ +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:28] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:19] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:27] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:26] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:20] +scripts-maintainer-general (binary): possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:18] |