diff options
Diffstat (limited to 't/recipes/checks/binaries')
428 files changed, 6891 insertions, 0 deletions
diff --git a/t/recipes/checks/binaries/architecture/binaries-misplaced/build-spec/debian/rules b/t/recipes/checks/binaries/architecture/binaries-misplaced/build-spec/debian/rules new file mode 100755 index 0000000..a3ab46d --- /dev/null +++ b/t/recipes/checks/binaries/architecture/binaries-misplaced/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +pkg=binaries-misplaced +%: + dh $@ + +override_dh_install: + mkdir -p debian/$(pkg)/etc/ + cp -a /bin/true debian/$(pkg)/etc/foo + # explicitly call dh_shlibdeps since debhelper is being + # "smart" and not calling it in newer versions (8.9.something) + dh_shlibdeps + dh_install diff --git a/t/recipes/checks/binaries/architecture/binaries-misplaced/build-spec/fill-values b/t/recipes/checks/binaries/architecture/binaries-misplaced/build-spec/fill-values new file mode 100644 index 0000000..6f79eab --- /dev/null +++ b/t/recipes/checks/binaries/architecture/binaries-misplaced/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: binaries-misplaced +Description: Test binaries in /etc diff --git a/t/recipes/checks/binaries/architecture/binaries-misplaced/eval/desc b/t/recipes/checks/binaries/architecture/binaries-misplaced/eval/desc new file mode 100644 index 0000000..4b25873 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/binaries-misplaced/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-misplaced +Check: binaries/architecture diff --git a/t/recipes/checks/binaries/architecture/binaries-misplaced/eval/hints b/t/recipes/checks/binaries/architecture/binaries-misplaced/eval/hints new file mode 100644 index 0000000..e724861 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/binaries-misplaced/eval/hints @@ -0,0 +1 @@ +binaries-misplaced (binary): arch-independent-package-contains-binary-or-object [etc/foo] diff --git a/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/debian/dumpobj b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/debian/dumpobj new file mode 100644 index 0000000..afdf68e --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/debian/dumpobj @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +DEB_BUILD_GNU_TYPE="$(dpkg-architecture -qDEB_BUILD_GNU_TYPE)" + +case $DEB_BUILD_GNU_TYPE in +i486-linux-gnu|i586-linux-gnu|i686-linux-gnu|x86_64-linux-gnu) + base64 -d <<DATA +f0VMRgEBAQAAAAAAAAAAAAIAKAABAAAAMIEAADQAAAA4bwkAAgAABDQAIAAGACgAGwAaAAEAAHDY +WgkA2NoJANjaCQBQCgAAUAoAAAQAAAAEAAAAAQAAAAAAAAAAgAAAAIAAAKhlCQCoZQkABQAAAACA +AAABAAAAqGUJAKhlCgCoZQoAIAgAAOwlAAAGAAAAAIAAAAQAAAD0AAAA9IAAAPSAAAAgAAAAIAAA +AAQAAAAEAAAABwAAAKhlCQCoZQoAqGUKABgAAAAwAAAABAAAAAQAAABR5XRkAAAAAAAAAAAAAAAA +AAAAAAAAAAAGAAAABAAAAAQAAAAQAAAAAQAAAEdOVQAAAAAAAgAAAAYAAAASAAAABOAt5QTQTeIR +AADrBNCN4gTgneQe/y/hAAAAACTAn+UAsKDjBBCd5A0goOEEIC3lBAAt5RAAn+UQMJ/lBMAt5dwS +DATA + ;; +*) + base64 -d <<DATA +f0VMRgEBMAAwMDAwMDAwMAIAAwABAAAA +DATA + ;; +esac diff --git a/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/debian/install b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/debian/install new file mode 100644 index 0000000..369fa72 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/debian/install @@ -0,0 +1,2 @@ +debian/elfobject usr/bin/ +debian/fake-guile-object.go usr/lib/foo/binaries-from-other-arch/guile/2.2/ diff --git a/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/debian/rules b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/debian/rules new file mode 100755 index 0000000..60907d2 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +DEB_BUILD_OPTIONS := nostrip +export DEB_BUILD_OPTIONS + +%: + dh $@ + +binary: + sh debian/dumpobj > debian/elfobject + sh debian/dumpobj > debian/fake-guile-object.go + dh binary diff --git a/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/fill-values b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/fill-values new file mode 100644 index 0000000..d765ecd --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: binaries-from-other-arch +Package-Architecture: any +Dh-Compat-Level: 10 +Description: Test package with a pseudo binary from a different architecture +# since debhelper 12.5.2, objdump no longer fails silently for compat > 10, need better binary diff --git a/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/eval/desc b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/eval/desc new file mode 100644 index 0000000..6f04e39 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/eval/desc @@ -0,0 +1,4 @@ +Testname: binaries-from-other-arch +Test-Architectures: amd64 i386 +Check: binaries/architecture/other +# since debhelper 12.5.2, objdump no longer fails silently for compat > 10, need better binary diff --git a/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/eval/hints b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/eval/hints new file mode 100644 index 0000000..fd7b1d8 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/binaries-from-other-arch/eval/hints @@ -0,0 +1 @@ +binaries-from-other-arch (binary): binary-from-other-architecture [usr/bin/elfobject] diff --git a/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/debian/install b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/debian/install new file mode 100644 index 0000000..c10e578 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/debian/install @@ -0,0 +1 @@ +foreign-binary usr/bin diff --git a/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/debian/rules b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/debian/rules new file mode 100755 index 0000000..2ce6f53 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/debian/rules @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + # do not try to strip cross-compiled binaries with native tooling + +override_dh_shlibdeps: + # do not try to include missing libraries + +override_dh_dwz: + # cross-compiled binaries do not always seem to have a debug section + +# In Ubuntu, dh does not catch this file by default. +# They have diffed it to reduce the size of packages. +ifneq (,$(strip $(wildcard Changes))) +override_dh_installchangelogs: + dh_installchangelogs Changes +endif diff --git a/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/fill-values b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/fill-values new file mode 100644 index 0000000..24f607a --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: wrong-binary-architecture +Description: Binary architecture does not match package declaration +Package-Architecture: any +Extra-Build-Depends: + gcc-arm-linux-gnueabihf [amd64 i386], gcc-x86-64-linux-gnu [!amd64 !i386] diff --git a/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/orig/Makefile b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/orig/Makefile new file mode 100644 index 0000000..bf92eaf --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/orig/Makefile @@ -0,0 +1,37 @@ +# This test works on amd64 when the cross-compiler for armhf is installed. +# +# The build prerequisite was not added to Lintian, however, since it was +# not clear how the architecture would be enabled in the Gitlab CI +# runner. +# +# On amd64 or i386, please follow these steps to run the test: +# +# dpkg --add-architecture armhf +# apt update +# apt install gcc-arm-linux-gnueabihf +# +# On all other architectures this may work, but was not tested: +# +# dpkg --add-architecture amd64 +# apt update +# apt install gcc-x86-64-linux-gnu +# +# (Taken from: https://wiki.debian.org/CrossToolchains) + +ARCH := $(shell dpkg-architecture -qDEB_HOST_ARCH) + +ifeq ($(ARCH),amd64) +CC := arm-linux-gnueabihf-gcc +else +CC := x86_64-linux-gnu-gcc +endif + +foreign-binary: hello.c + $(CC) $^ -o $@ + +.PHONY: clean +clean: + rm -f foreign-binary + +.PHONY: clean +distclean: clean diff --git a/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/orig/hello.c b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/orig/hello.c new file mode 100644 index 0000000..2fb04e1 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/build-spec/orig/hello.c @@ -0,0 +1,8 @@ +#include <stdio.h> +#include <stdlib.h> + +int main(int argc, char *argv[]) { + + printf("Hello, World!\n"); + exit(0); +} diff --git a/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/eval/desc b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/eval/desc new file mode 100644 index 0000000..8bd95a8 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/eval/desc @@ -0,0 +1,2 @@ +Testname: wrong-binary-architecture +Check: binaries/architecture/other diff --git a/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/eval/hints b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/eval/hints new file mode 100644 index 0000000..e2251b3 --- /dev/null +++ b/t/recipes/checks/binaries/architecture/other/wrong-binary-architecture/eval/hints @@ -0,0 +1 @@ +wrong-binary-architecture (binary): binary-from-other-architecture [usr/bin/foreign-binary] diff --git a/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/debian/dumpobj b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/debian/dumpobj new file mode 100644 index 0000000..afdf68e --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/debian/dumpobj @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +DEB_BUILD_GNU_TYPE="$(dpkg-architecture -qDEB_BUILD_GNU_TYPE)" + +case $DEB_BUILD_GNU_TYPE in +i486-linux-gnu|i586-linux-gnu|i686-linux-gnu|x86_64-linux-gnu) + base64 -d <<DATA +f0VMRgEBAQAAAAAAAAAAAAIAKAABAAAAMIEAADQAAAA4bwkAAgAABDQAIAAGACgAGwAaAAEAAHDY +WgkA2NoJANjaCQBQCgAAUAoAAAQAAAAEAAAAAQAAAAAAAAAAgAAAAIAAAKhlCQCoZQkABQAAAACA +AAABAAAAqGUJAKhlCgCoZQoAIAgAAOwlAAAGAAAAAIAAAAQAAAD0AAAA9IAAAPSAAAAgAAAAIAAA +AAQAAAAEAAAABwAAAKhlCQCoZQoAqGUKABgAAAAwAAAABAAAAAQAAABR5XRkAAAAAAAAAAAAAAAA +AAAAAAAAAAAGAAAABAAAAAQAAAAQAAAAAQAAAEdOVQAAAAAAAgAAAAYAAAASAAAABOAt5QTQTeIR +AADrBNCN4gTgneQe/y/hAAAAACTAn+UAsKDjBBCd5A0goOEEIC3lBAAt5RAAn+UQMJ/lBMAt5dwS +DATA + ;; +*) + base64 -d <<DATA +f0VMRgEBMAAwMDAwMDAwMAIAAwABAAAA +DATA + ;; +esac diff --git a/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/debian/install b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/debian/install new file mode 100644 index 0000000..369fa72 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/debian/install @@ -0,0 +1,2 @@ +debian/elfobject usr/bin/ +debian/fake-guile-object.go usr/lib/foo/binaries-from-other-arch/guile/2.2/ diff --git a/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/debian/rules b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/debian/rules new file mode 100755 index 0000000..60907d2 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +DEB_BUILD_OPTIONS := nostrip +export DEB_BUILD_OPTIONS + +%: + dh $@ + +binary: + sh debian/dumpobj > debian/elfobject + sh debian/dumpobj > debian/fake-guile-object.go + dh binary diff --git a/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/fill-values b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/fill-values new file mode 100644 index 0000000..d765ecd --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: binaries-from-other-arch +Package-Architecture: any +Dh-Compat-Level: 10 +Description: Test package with a pseudo binary from a different architecture +# since debhelper 12.5.2, objdump no longer fails silently for compat > 10, need better binary diff --git a/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/eval/desc b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/eval/desc new file mode 100644 index 0000000..65502f9 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/eval/desc @@ -0,0 +1,4 @@ +Testname: binaries-from-other-arch +Test-Architectures: amd64 i386 +Check: binaries/corrupted +# since debhelper 12.5.2, objdump no longer fails silently for compat > 10, need better binary diff --git a/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/eval/hints b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/eval/hints new file mode 100644 index 0000000..54909bb --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/binaries-from-other-arch/eval/hints @@ -0,0 +1,4 @@ +binaries-from-other-arch (binary): elf-error In ELF header: Section headers are not available! [usr/lib/foo/binaries-from-other-arch/guile/2.2/fake-guile-object.go] +binaries-from-other-arch (binary): elf-error In ELF header: Section headers are not available! [usr/bin/elfobject] +binaries-from-other-arch (binary): elf-error In ELF header: Reading 1080 bytes extends past end of file for section headers [usr/lib/foo/binaries-from-other-arch/guile/2.2/fake-guile-object.go] +binaries-from-other-arch (binary): elf-error In ELF header: Reading 1080 bytes extends past end of file for section headers [usr/bin/elfobject] diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/_symbols b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/_symbols new file mode 100644 index 0000000..46e6af1 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/_symbols @@ -0,0 +1,23 @@ + This line should flag a syntax error +# but this one shouldn't +| although this one should, but for a different reason + and so should this + +libhello.so.0 libhello0 #MINVER# +| libhello0c2 (>= 1.2) , libhelloc0c2 (<< 1.3) +| hello-dbg3| libhelloc0c3|foobar (= 1.2) |hello-dbg2 +| hello-dbg + hello@Base 1.0 +* Build-Dep-Foo: bar + hello2@Base 2.0 4 + hello3@Base 2.0 1 + hello3@Base 2.0 A + dummy + +libhello.so.2 libhello2 #MINVER# +* Build-Depends-Package: libbar +| libhello2 (>= 1:2.3) + hello@Base 2.0 + +libhello.so.0 libhello0 #MINVER# + duplicate@Base 1.0 diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/changelog.in b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/changelog.in new file mode 100644 index 0000000..02da925 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/changelog.in @@ -0,0 +1,13 @@ +debug ([% $version %]) [% $distribution %]; urgency=low + + * NMU. + (uploaded by the maintainer and with repeated version number) + + -- Russ Allbery <rra@debian.org> Tue, 4 Apr 2006 20:27:22 +0000 + +debug (1.0) unstable; urgency=low + + * Initial version. + + -- Russ Allbery <rra@debian.org> Sat, 4 Mar 2006 21:31:06 -0800 + diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/compat.in b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/control b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/control new file mode 100644 index 0000000..fcb2b86 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/control @@ -0,0 +1,85 @@ +Source: debug +Section: utils +Priority: optional +Maintainer: Russ Allbery <rra@debian.org> +Build-Depends: debhelper (>= 5.0.0) +Build-Depends-Indep: not-debhelper (>= 0.4.3) +Standards-Version: 3.7.0 + +Package: hello +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information + Lintian regression test for external debugging file handling. This test + contains the binary. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hello-dbg +Priority: optional +Section: debug +Architecture: any +Depends: hello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (symbols) + Lintian regression test for external debugging file handling. This test + contains the binary symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library) + Lintian regression test for external debugging file handling. This test + contains a library. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0-dbg +Section: debug +Priority: optional +Architecture: any +Depends: libhello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library symbols) + Lintian regression test for external debugging file handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hi-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0 +Description: Test for external debugging symbols + Lintian regression test for external debugging files handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + +Package: hello-hello-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0, hello +Description: Test for external debugging symbols - another try + Lintian regression test for external debugging files handling. This test + contains the library symbols. This package actually tests a combination of + the above. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/copyright b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/copyright new file mode 100644 index 0000000..5d4f6c2 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/copyright @@ -0,0 +1,4 @@ +Written Sat, 04 Mar 2006 21:30:01 -0800 by Russ Allbery <rra@debian.org>. + +Test for copyright in capital letters. (#464992) +COPYRIGHT RUSS ALLBERY 2006 diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/rules b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/rules new file mode 100755 index 0000000..b659895 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/debian/rules @@ -0,0 +1,99 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# This file is public domain software, originally written by Joey Hess. + +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +build-indep: + +build-arch: build-stamp + +build-stamp: + dh_testdir + $(CC) -D_REENTRANT -fPIC -c libhello.c + $(CC) -o libhello.so.0.0 -shared -Wl,-soname,libhello.so.0 libhello.o + ln -s libhello.so.0.0 libhello.so + $(CC) -o hello hello.c -L. -lhello + touch build-stamp + +build: build-arch build-indep + +clean: + dh_testdir + dh_testroot + rm -f build-stamp *.o libhello.so.0.0 libhello.so + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_clean -k + install -D hello $(CURDIR)/debian/hello/usr/bin/hello + install -D libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0.0 + ln -s libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0 + +# Build architecture-dependent files here. +export DH_OPTIONS +binary-arch: DH_OPTIONS=-a +binary-arch: build-stamp install + dh_testdir + dh_testroot + dh_installchangelogs -N hello-dbg + dh_installdocs + DH_OPTIONS= dh_strip -phello --dbg-package=hello-dbg + DH_OPTIONS= dh_strip -plibhello0 --dbg-package=libhello0-dbg + + # Now break a few things. Copy the debugging data into places it + # shouldn't be. + cp $(CURDIR)/debian/hello-dbg/usr/lib/debug/usr/bin/hello \ + $(CURDIR)/debian/hello/usr/bin/hello.dbg + cp $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/usr/lib/libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/libhello.so.dbg + + # Put a full copy of the library in libhello0-dbg in /usr/lib/debug, + # which is okay. + install -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/libhello.so.0.0 + + # Also put it in /usr/lib/debug/lib, which isn't. + install -D -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/lib/libhello.so.0.0 + + # Requires a versioned dependency. + dh_icons + + dh_link + dh_compress + dh_fixperms + dh_makeshlibs -X debug + dh_installdeb + dh_shlibdeps -X debug + + # We do this by hand as otherwise dpkg-gensymbols + # will error due to the broken symbols file + # and abort the build; similarly the file in + # the source tree is _symbols so that dpkg + # doesn't attempt to sanity check it + install -d $(CURDIR)/debian/libhello0/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/libhello0/DEBIAN/symbols + # hello doesn't contain any shlibs, but we + # make it contain a symbols file + install -d $(CURDIR)/debian/hello/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/hello/DEBIAN/symbols + + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: +binary: binary-indep binary-arch +.PHONY: build-arch build-indep build binary binary-indep binary-arch clean install diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/fill-values b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/fill-values new file mode 100644 index 0000000..e2f713c --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/fill-values @@ -0,0 +1,8 @@ +Skeleton: upload-native +Testname: legacy-debug +Source: debug +Default-Build-Depends: + debhelper (>= 9.20151004~), + binutils (>= 2.37.50.20211102) +Dh-Compat-Level: 7 +Description: Legacy test "debug" diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/orig/hello.c b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/orig/hello.c new file mode 100644 index 0000000..76f8337 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/orig/hello.c @@ -0,0 +1,9 @@ +#include <stdlib.h> +#include "libhello.h" + +int +main(void) +{ + hello(); + exit(0); +} diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/orig/libhello.c b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/orig/libhello.c new file mode 100644 index 0000000..e2f8409 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/orig/libhello.c @@ -0,0 +1,7 @@ +#include <stdio.h> + +void +hello(void) +{ + printf("Hello, World!\n"); +} diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/orig/libhello.h b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/orig/libhello.h new file mode 100644 index 0000000..ef77476 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/build-spec/orig/libhello.h @@ -0,0 +1 @@ +void hello(void); diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/eval/desc b/t/recipes/checks/binaries/corrupted/legacy-debug/eval/desc new file mode 100644 index 0000000..a55c905 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-debug +Check: binaries/corrupted diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/eval/hints b/t/recipes/checks/binaries/corrupted/legacy-debug/eval/hints new file mode 100644 index 0000000..0b0b081 --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/eval/hints @@ -0,0 +1,3 @@ +libhello0-dbg (binary): binary-with-bad-dynamic-table [usr/lib/libhello.so.dbg] +hello (binary): binary-with-bad-dynamic-table [usr/bin/hello.dbg] +hello (binary): elf-error In program headers: Unable to find program interpreter name [usr/bin/hello.dbg] diff --git a/t/recipes/checks/binaries/corrupted/legacy-debug/eval/post-test b/t/recipes/checks/binaries/corrupted/legacy-debug/eval/post-test new file mode 100644 index 0000000..fc97c5f --- /dev/null +++ b/t/recipes/checks/binaries/corrupted/legacy-debug/eval/post-test @@ -0,0 +1,2 @@ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ diff --git a/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/debian/rules b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/fill-values b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/fill-values new file mode 100644 index 0000000..a24247d --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-general +Description: Misc errors related to binaries +Package-Architecture: any diff --git a/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/Makefile b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/Makefile new file mode 100644 index 0000000..cf0f211 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,/usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,/usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,/usr/share/foo + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,/usr/lib/binaries-general:/usr/lib/binaries-general/bar + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/basic.c b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> +#include <string.h> + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/getbuildid b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/binaries-general/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include <stdio.h> + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/debug-symbols/binaries-general/eval/desc b/t/recipes/checks/binaries/debug-symbols/binaries-general/eval/desc new file mode 100644 index 0000000..3ead276 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/binaries-general/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-general +Check: binaries/debug-symbols diff --git a/t/recipes/checks/binaries/debug-symbols/binaries-general/eval/hints b/t/recipes/checks/binaries/debug-symbols/binaries-general/eval/hints new file mode 100644 index 0000000..5a3ede3 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/binaries-general/eval/hints @@ -0,0 +1 @@ +binaries-general (binary): unstripped-binary-or-object [usr/bin/unstripped] diff --git a/t/recipes/checks/binaries/debug-symbols/binaries-general/eval/post-test b/t/recipes/checks/binaries/debug-symbols/binaries-general/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/binaries-general/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d diff --git a/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/debian/rules b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/fill-values b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/fill-values new file mode 100644 index 0000000..a24247d --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-general +Description: Misc errors related to binaries +Package-Architecture: any diff --git a/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/Makefile b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/Makefile new file mode 100644 index 0000000..cf0f211 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,/usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,/usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,/usr/share/foo + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,/usr/lib/binaries-general:/usr/lib/binaries-general/bar + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/basic.c b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> +#include <string.h> + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/getbuildid b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include <stdio.h> + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/eval/desc b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/eval/desc new file mode 100644 index 0000000..e94b7c0 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-general +Check: binaries/debug-symbols/detached diff --git a/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/eval/hints b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/eval/hints new file mode 100644 index 0000000..849ff30 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/eval/hints @@ -0,0 +1,4 @@ +binaries-general (binary): debug-symbols-not-detached [usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug] +binaries-general (binary): debug-symbols-directly-in-usr-lib-debug [usr/lib/debug/basic] +binaries-general (binary): debug-symbols-directly-in-usr-lib-debug [usr/lib/debug/basic.static] +binaries-general (binary): debug-file-with-no-debug-symbols [usr/lib/debug/usr/share/foo/basic] diff --git a/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/eval/post-test b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/binaries-general/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/_symbols b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/_symbols new file mode 100644 index 0000000..46e6af1 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/_symbols @@ -0,0 +1,23 @@ + This line should flag a syntax error +# but this one shouldn't +| although this one should, but for a different reason + and so should this + +libhello.so.0 libhello0 #MINVER# +| libhello0c2 (>= 1.2) , libhelloc0c2 (<< 1.3) +| hello-dbg3| libhelloc0c3|foobar (= 1.2) |hello-dbg2 +| hello-dbg + hello@Base 1.0 +* Build-Dep-Foo: bar + hello2@Base 2.0 4 + hello3@Base 2.0 1 + hello3@Base 2.0 A + dummy + +libhello.so.2 libhello2 #MINVER# +* Build-Depends-Package: libbar +| libhello2 (>= 1:2.3) + hello@Base 2.0 + +libhello.so.0 libhello0 #MINVER# + duplicate@Base 1.0 diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/changelog.in b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/changelog.in new file mode 100644 index 0000000..02da925 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/changelog.in @@ -0,0 +1,13 @@ +debug ([% $version %]) [% $distribution %]; urgency=low + + * NMU. + (uploaded by the maintainer and with repeated version number) + + -- Russ Allbery <rra@debian.org> Tue, 4 Apr 2006 20:27:22 +0000 + +debug (1.0) unstable; urgency=low + + * Initial version. + + -- Russ Allbery <rra@debian.org> Sat, 4 Mar 2006 21:31:06 -0800 + diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/compat.in b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/control b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/control new file mode 100644 index 0000000..fcb2b86 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/control @@ -0,0 +1,85 @@ +Source: debug +Section: utils +Priority: optional +Maintainer: Russ Allbery <rra@debian.org> +Build-Depends: debhelper (>= 5.0.0) +Build-Depends-Indep: not-debhelper (>= 0.4.3) +Standards-Version: 3.7.0 + +Package: hello +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information + Lintian regression test for external debugging file handling. This test + contains the binary. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hello-dbg +Priority: optional +Section: debug +Architecture: any +Depends: hello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (symbols) + Lintian regression test for external debugging file handling. This test + contains the binary symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library) + Lintian regression test for external debugging file handling. This test + contains a library. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0-dbg +Section: debug +Priority: optional +Architecture: any +Depends: libhello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library symbols) + Lintian regression test for external debugging file handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hi-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0 +Description: Test for external debugging symbols + Lintian regression test for external debugging files handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + +Package: hello-hello-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0, hello +Description: Test for external debugging symbols - another try + Lintian regression test for external debugging files handling. This test + contains the library symbols. This package actually tests a combination of + the above. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/copyright b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/copyright new file mode 100644 index 0000000..5d4f6c2 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/copyright @@ -0,0 +1,4 @@ +Written Sat, 04 Mar 2006 21:30:01 -0800 by Russ Allbery <rra@debian.org>. + +Test for copyright in capital letters. (#464992) +COPYRIGHT RUSS ALLBERY 2006 diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/rules b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/rules new file mode 100755 index 0000000..b659895 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/debian/rules @@ -0,0 +1,99 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# This file is public domain software, originally written by Joey Hess. + +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +build-indep: + +build-arch: build-stamp + +build-stamp: + dh_testdir + $(CC) -D_REENTRANT -fPIC -c libhello.c + $(CC) -o libhello.so.0.0 -shared -Wl,-soname,libhello.so.0 libhello.o + ln -s libhello.so.0.0 libhello.so + $(CC) -o hello hello.c -L. -lhello + touch build-stamp + +build: build-arch build-indep + +clean: + dh_testdir + dh_testroot + rm -f build-stamp *.o libhello.so.0.0 libhello.so + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_clean -k + install -D hello $(CURDIR)/debian/hello/usr/bin/hello + install -D libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0.0 + ln -s libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0 + +# Build architecture-dependent files here. +export DH_OPTIONS +binary-arch: DH_OPTIONS=-a +binary-arch: build-stamp install + dh_testdir + dh_testroot + dh_installchangelogs -N hello-dbg + dh_installdocs + DH_OPTIONS= dh_strip -phello --dbg-package=hello-dbg + DH_OPTIONS= dh_strip -plibhello0 --dbg-package=libhello0-dbg + + # Now break a few things. Copy the debugging data into places it + # shouldn't be. + cp $(CURDIR)/debian/hello-dbg/usr/lib/debug/usr/bin/hello \ + $(CURDIR)/debian/hello/usr/bin/hello.dbg + cp $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/usr/lib/libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/libhello.so.dbg + + # Put a full copy of the library in libhello0-dbg in /usr/lib/debug, + # which is okay. + install -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/libhello.so.0.0 + + # Also put it in /usr/lib/debug/lib, which isn't. + install -D -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/lib/libhello.so.0.0 + + # Requires a versioned dependency. + dh_icons + + dh_link + dh_compress + dh_fixperms + dh_makeshlibs -X debug + dh_installdeb + dh_shlibdeps -X debug + + # We do this by hand as otherwise dpkg-gensymbols + # will error due to the broken symbols file + # and abort the build; similarly the file in + # the source tree is _symbols so that dpkg + # doesn't attempt to sanity check it + install -d $(CURDIR)/debian/libhello0/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/libhello0/DEBIAN/symbols + # hello doesn't contain any shlibs, but we + # make it contain a symbols file + install -d $(CURDIR)/debian/hello/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/hello/DEBIAN/symbols + + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: +binary: binary-indep binary-arch +.PHONY: build-arch build-indep build binary binary-indep binary-arch clean install diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/fill-values b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/fill-values new file mode 100644 index 0000000..79eebf1 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: legacy-debug +Source: debug +Default-Build-Depends: debhelper (>= 9.20151004~) +Dh-Compat-Level: 7 +Description: Legacy test "debug" diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/orig/hello.c b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/orig/hello.c new file mode 100644 index 0000000..76f8337 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/orig/hello.c @@ -0,0 +1,9 @@ +#include <stdlib.h> +#include "libhello.h" + +int +main(void) +{ + hello(); + exit(0); +} diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/orig/libhello.c b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/orig/libhello.c new file mode 100644 index 0000000..e2f8409 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/orig/libhello.c @@ -0,0 +1,7 @@ +#include <stdio.h> + +void +hello(void) +{ + printf("Hello, World!\n"); +} diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/orig/libhello.h b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/orig/libhello.h new file mode 100644 index 0000000..ef77476 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/build-spec/orig/libhello.h @@ -0,0 +1 @@ +void hello(void); diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/eval/desc b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/eval/desc new file mode 100644 index 0000000..d606fde --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-debug +Check: binaries/debug-symbols/detached diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/eval/hints b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/eval/hints new file mode 100644 index 0000000..d524d8e --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/eval/hints @@ -0,0 +1,5 @@ +libhello0-dbg (binary): debug-symbols-not-detached [usr/lib/debug/lib/libhello.so.0.0] +libhello0-dbg (binary): debug-symbols-directly-in-usr-lib-debug [usr/lib/debug/libhello.so.0.0] +libhello0-dbg (binary): debug-file-with-no-debug-symbols [usr/lib/debug/usr/lib/libhello.so.0.0] +libhello0-dbg (binary): debug-file-with-no-debug-symbols [usr/lib/debug/lib/libhello.so.0.0] +hello-dbg (binary): debug-file-with-no-debug-symbols [usr/lib/debug/usr/bin/hello] diff --git a/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/eval/post-test b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/eval/post-test new file mode 100644 index 0000000..fc97c5f --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/detached/legacy-debug/eval/post-test @@ -0,0 +1,2 @@ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/NEWS.Debian b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/NEWS.Debian new file mode 100644 index 0000000..29f561c --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/NEWS.Debian @@ -0,0 +1,12 @@ +binary (4-1.1) UNRELEASED; urgency=high + + This is a Debian NEWS entry that isn't encoded properly in UTF-8: ü. + It also has a usefull speling error. + + -- Russ Allbery <rra@debian.org> Sun, 14 Oct 2007 17:11:36 -0700 + +binary (1) unstable; urgency=low + + This is another entry but this one isn't syntactically valid. + + -- Russ Allbery 2007-10-14 diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/README.Debian b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/README.Debian new file mode 100644 index 0000000..94bcc0a --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/README.Debian @@ -0,0 +1,5 @@ +this is a binary package to test lintian's handling of bins. +Check handling of D-Bus and dbus (neither of which should produce +warnings). + + -- Russ Allbery <rra@debian.org>, Wed, 6 Feb 2008 18:35:11 -0800 diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/changelog.in b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/changelog.in new file mode 100644 index 0000000..39301d6 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/changelog.in @@ -0,0 +1,47 @@ +binary ([% $version %]) [% $distribution %]; urgency=low + + * I'm doing an comaintainer-upload, acknowledging a NMU, but with a version + number which suggests I'm doing a NMU myself. + + Lintian-maintainers: Please don't update this changelog, otherwise you'll + probably break the checks/nmu checks. + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Sun, 18 Apr 2004 01:49:42 +0200 + +binary (4-1) unstable; urgency=low + + * Weird version number for the new check for accidents with native + packaging. + * Date was fixed by BR and this test was put on changelog-file-strange-date + due to dpkg bug, see #794674. + + -- Marc 'HE' Brockschmidt <he@debian.org> Thu, 15 Apr 2004 23:33:51 +0200 + +binary (4) unstable; urgency=low + + * Add big file to /usr/share to trigger the big-usr-share check + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Fri, 27 Feb 2004 10:15:59 +0100 + +binary (3) unstable; urgency=unlimited + + * Add some bogus menu entries using su-to-root in a bogus way + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Thu, 12 Feb 2004 20:11:22 +0100 + +binary (2) unstable; urgency=low + + * Added an INSTALL document which policy 6.3 suggests not to do + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Tue, 30 Jan 2001 15:23:59 -0800 + +binary (1) unstable; urgency=low + + * hello.c added + * hello-static is same as hello, but compiled statically + * added a menu entry which lacks a Section + * added a postinst + * postinst calls suidregister which is no longer policy compliant + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Wed, 10 Jan 2001 08:55:34 -0800 + diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/conffiles b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/conffiles new file mode 100644 index 0000000..d1a0843 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/conffiles @@ -0,0 +1 @@ +/etc/menu-methods/lintian diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/control b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/control new file mode 100644 index 0000000..c797357 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/control @@ -0,0 +1,42 @@ +Source: binary +Section: misc +Priority: optional +Maintainer: Lintian Maintainers <lintian-maint@debian.org> +Uploaders: Co-maintainer one <one@debian.org>, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>, Co-maintainer three <three@debian.org> +Standards-Version: 3.2.1 +Homepage: http://lintian.debian.org/ +Vcs-Svn: http://svn.wolffelaar.nl/lintian/trunk +XS-Vcs-Browser: http://svn.wolffelaar.nl/lintian/trunk +XS-Dm-Upload-Allowed: yes + +Package: binary +Architecture: any +Pre-Depends: ${shlibs:Depends}, xorg, binary-data (= ${source:Version}), libssl0.9.8 +Homepage: <http://lintian.debian.org/> +Vcs-Svn: http://svn.wolffelaar.nl/lintian/trunk +Description: test handling of binary files + Regression test for lintian's handling of binary files for debian. This + is checked for picky spelling errors. + . + This package list [ subversion | gconf ] should not be flagged as a spelling + mistake. The spelling correction for dont should be correct. + . + Homepage: http://lintian.debian.org/ + +Package: binary-data +Architecture: all +Depends: binary (= ${source:Version}), libssl-not-openssl, + libssl0.9.8 | or-something-else +Description: test handling of binary relationships + Regression test for lintian's checking of package relationships between + arch:any and arch:all packages. + . + This mention of subversion should be flagged as a spelling mistake. + +#Package: binary-comment +#Architecture: space-almonds +#Depends: * +#Depends: * +#Description: test comment support +# Yes, comments are actually allowed in debian/control, so none of the +# above should produce errors. diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/copyright b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/copyright new file mode 100644 index 0000000..1d6806d --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/copyright @@ -0,0 +1,15 @@ +hello.c is released under public domain. This is distributed in the hope that +it will be useful, but without any warranty; without even the implied warranty +of merchantability or fitness for a particular purpose. + +A reference to /usr/share/common-licenses/GPL-2 to make it look like this +package is under the GPL and trigger the OpenSSL warning. + +Test for old FSF address: + +Free Software Foundation, Inc., 59 Temple Place - Suite 330, +Boston, MA 02111-1307, USA. + +Test for deprecated nätionäl äncoding. + +Improper capitalization of linux or debian isn't caught here. diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/doc-base b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/doc-base new file mode 100644 index 0000000..7e5b38f --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/doc-base @@ -0,0 +1,41 @@ +Document: binary!docs +Title: Broken debian binary doc-base control file +Author: Russ Allbery +Abstract: This control file exercises various tests of doc-base control + files, including several things that aren't tested yet. The third and + fourth one has trailing whitespace. + . + This section has a speling error and bad ® character. + . + The above separator was fine. +Section: Non/Existant +Unknown: Some field + + + +Format: debiandoc-sgML +Files: /usr/share/doc/binary/binary.sgml.gz +Unknown: Some field + +Format: ESP +Index: /usr/share/doc/binary/binary.txt + +Index: /usr/share/doc/binary/html/index.html + /usr/share/doc/binary/html/ch1.html + /usr/share/doc/binary/html/ch4.html + + +Format: HTML +Index: /usr/share/doc/binary/html/index.html +Files: /usr/share/doc/binary/html/ch?.h*l + /usr/share/doc/binary/hml/*.html + +Format: inFO +Files: /usr/share/info/binary.info.gz + +Format: HTML +Index: /usr/share/doc/binary/html/index.html +Files: /usr/share/doc/binary/html/ch5.html + /usr/share/doc/binary/html/ch6.html + + diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/goodbye.desktop b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/goodbye.desktop new file mode 100644 index 0000000..f6ce8e3 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/goodbye.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Name:Goodbye +# Name=Goodbye +Comment=Say hello! +SpecialTag=This doesn't exist! +Exec=goodbye +icon=hello +Terminal=true +Type=Application +Categories=WeirdStuff;Screensaver; +Encoding=ISO-10646-1 +[Other Entry] +Name=Goodbye diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/hello.desktop b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/hello.desktop new file mode 100644 index 0000000..f795468 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/hello.desktop @@ -0,0 +1,14 @@ +# some random comment + +# [Foo Bar] +[KDE Desktop Entry] +Name=Hello +Name[en_US]=Hello +Comment=Say hello!
+Exec=kdesu hello +Icon=hello +Terminal=true +Type=Application +Categories=GNOME;GTK;System;Applet;X-Foo;Settings; +Encoding=UTF-8 +OnlyShowIn=GNOME; diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/menu b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/menu new file mode 100644 index 0000000..e8972f4 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/menu @@ -0,0 +1,26 @@ +?package(binary):needs=text title="Hello World" command="/usr/bin/hello" +?package(binary):needs=text section="Applications/System" title="Run cfdisk (0)" command="/usr/bin/su-to-root cfdisk" +?package(binary):needs="text" section="Applications/System/Hardware" title="Run cfdisk (1)" command="sux -p cfdisk" +?package(binary):needs="x11" section="Window Managers" title="Run xfdisk" command="/usr/sbin/su-to-root -c xfdisk" +?package(binary):needs="wm" section="Applications/System/Administration" title="Run fdisk-wm" command="su-to-root -c hello" +?package(binary):section="Apps/Games" title="I'm not root!" command="su-to-root -c imnothere" +?package(binary):needs="text" section="Apps/System" title="I'm not here!" command="/imnothere" +?package(binary,other-binary):\ + needs="text"\ + section="Applications/Shells"\ + title="more than one required"\ + command="other-bin -s omething" +?package(binary):needs="wmmodule" section="WindowManagers/Modules" title="somemodule" command="ModuleCmd" +?package(binary):needs="wmmodule" section="FVWM Modules" title="somemodule" command="ModuleCmd" +?package(binary):needs="text" section="Applications/System/Administration" title="I'm not in /usr/bin!" command="iminusrbin" +?package(binary):needs="text"\ + section="Applications/System/Administration"\ + title="I'm not root!" command="su-to-root -c imnothere" +?package(binary):needs="text" section="Applications/System/Administration"\ + title="Run cfdisk (0)" command="cfdisk" +?package(binary):needs="text" section="Applications/System/Administration" title="Hello World" command="/usr/bin/hello" +?package(binary):needs="wm" section="FVWM Modules" title="Fake Module" command="hello" +?package(binary):needs="fvwmmodule" section="Window Maker" title="Fake Module"\ + command="hello" +?package(binary):needs="x11" section="Applications/System/Hardware" title="Run xfdisk" command="su-to-root -c 'xfdisk -f'" +?package(binary):needs="text" section="Applications/System/Administration" title="foo" command="sh /path/to/foo" diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/menu-method b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/menu-method new file mode 100644 index 0000000..9f07bd7 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/menu-method @@ -0,0 +1,22 @@ +#!/usr/bin/install-menu + +# -*- mode: shell-script; -*- +#I need menu-1! +# + +!include notmenu.h + +compat="menu-2" + +outputencoding="UTF-8"; +outputlanguage="C"; + +x11 = AppEntry("false"); +text = AppEntry("true"); + +startmenu = ""; +endmenu = ""; +submenutitle = ""; +rootprefix = "/var/lib/lintian/menu"; +userprefix = ".local/share/lintian/menu"; + diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/postinst b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/postinst new file mode 100644 index 0000000..29e1861 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/postinst @@ -0,0 +1,6 @@ +#! /bin/bash -e + +if [ $1 eq 'configure' ] +then + suidregister hello-static root root 4755 +fi diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/rules b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/rules new file mode 100755 index 0000000..a962ea9 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/rules @@ -0,0 +1,92 @@ +#!/usr/bin/make -f + +tmp=debian/tmp + +# This reference to $(PWD) should not cause an error but the one below +# should. +build-arch: + make + echo $(PWD) + +build: build-arch + +clean: + make -i clean + [ ! -f debian/files ] || rm -f debian/files + [ ! -f debian/substvars ] || rm -f debian/substvars + [ ! -d debian/tmp ] || rm -rf debian/tmp + [ ! -d debian/binary ] || rm -rf debian/binary + [ ! -d debian/binary-data ] || rm -rf debian/binary-data + +binary-arch: build + install -d $(tmp)/usr/bin + install -d $(tmp)/boot/hello + install -m 755 hello $(tmp)/usr/bin + touch $(tmp)/usr/bin/iminusrbin + chmod 755 $(tmp)/usr/bin/iminusrbin + install -m 755 hello-static $(tmp)/usr/bin + strip $(tmp)/usr/bin/hello-static + install -m 755 hello-static $(tmp)/usr/bin/hello.static + strip --remove-section=.comment --remove-section=.note $(tmp)/usr/bin/hello.static + ln $(tmp)/usr/bin/hello.static $(tmp)/usr/bin/static-hello + install -m 755 hello-static $(tmp)/boot/hello + strip --remove-section=.comment --remove-section=.note $(tmp)/boot/hello/hello-static + install -d $(tmp)/usr/share/doc/binary + install -m 644 INSTALL $(tmp)/usr/share/doc/binary + install -d $(tmp)/usr/share/doc/binary/html + echo '<html></html>' > $(tmp)/usr/share/doc/binary/html/index.html + echo '<html></html>' > $(tmp)/usr/share/doc/binary/html/ch1.html + ln -s ../html/./ch1.html $(tmp)/usr/share/doc/binary/html/ch2.html + ln -s /usr/share/doc/binary/htm/ch1.html $(tmp)/usr/share/doc/binary/html/ch3.html + echo '<html></html>' > $(tmp)/usr/share/doc/binary/html/ch5.html + ln $(tmp)/usr/share/doc/binary/html/ch5.html \ + $(tmp)/usr/share/doc/binary/html/ch6.html + install -d $(tmp)/usr/share/menu + install -d $(tmp)/usr/lib/menu + install -d $(tmp)/usr/share/binary + install -m 644 debian/menu $(tmp)/usr/share/menu/binary + install -m 644 debian/menu $(tmp)/usr/lib/menu/binary + install -d $(tmp)/etc/menu-methods + install -m 755 debian/menu-method $(tmp)/etc/menu-methods/lintian + install -d $(tmp)/usr/share/doc-base + install -m 644 debian/doc-base $(tmp)/usr/share/doc-base/binary + touch '$(tmp)/usr/share/doc-base/space ' + install -m 644 debian/README.Debian $(tmp)/usr/share/doc/binary + install -m 644 debian/NEWS.Debian $(tmp)/usr/share/doc/binary + gzip -n -9 $(tmp)/usr/share/doc/binary/NEWS.Debian + install -m 644 debian/copyright $(tmp)/usr/share/doc/binary + install -m 644 debian/changelog $(tmp)/usr/share/doc/binary + #gzip -n -9 $(tmp)/usr/share/doc/binary/changelog + install -d $(tmp)/DEBIAN + install -m 755 debian/postinst $(tmp)/DEBIAN + install -m 644 debian/conffiles $(tmp)/DEBIAN + + install -d $(tmp)/usr/share/applications + install -m 644 debian/hello.desktop \ + $(tmp)/usr/share/applications/hello.desktop + install -m 755 debian/goodbye.desktop \ + $(tmp)/usr/share/applications/goodbye.desktop + + # should be ok... + echo boe > $(tmp)/usr/bar + ln $(tmp)/usr/bar $(tmp)/usr/foo + # but this isn't + echo boe > $(tmp)/usr/bar2 + ln $(tmp)/usr/bar2 $(tmp)/usr/share/baz + + dd if=/dev/zero of=$(tmp)/usr/share/binary/largefile bs=1024 count=4000 + + install -d debian/binary-data/DEBIAN + install -d debian/binary-data/usr/share/doc + ln -s binary debian/binary-data/usr/share/doc/binary-data + + dpkg-shlibdeps $(tmp)/usr/bin/hello + dpkg-gencontrol -pbinary -isp + dpkg-gencontrol -pbinary-data -Pdebian/binary-data -isp + + dpkg --build debian/tmp .. + dpkg --build debian/binary-data .. + +binary: binary-arch + +.PHONY: build-arch build binary-arch binary clean diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/templates b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/templates new file mode 100644 index 0000000..3d92861 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/debian/templates @@ -0,0 +1,16 @@ +# The debconf templates defined here are the sort that you'd use if +# providing a wordlist and an ispell dictionary for the language +# "perl". This shouldn't trigger warnings about not using debconf-po. + +Template: shared/packages-ispell +Type: text +Description: + +Template: shared/packages-wordlist +Type: text +Description: + +Template: miscfiles/languages +Type: text +Default: perl (Pathologically Eclectic Rubbish Lister) +Description: diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/fill-values b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/fill-values new file mode 100644 index 0000000..b503871 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/fill-values @@ -0,0 +1,5 @@ +Skeleton: upload-non-native +Testname: legacy-binary +Source: binary +Version: 4-1.1 +Description: Legacy test "binary" diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/orig/INSTALL b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/orig/INSTALL new file mode 100644 index 0000000..3b50ea9 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/orig/INSTALL @@ -0,0 +1,176 @@ +Basic Installation +================== + + These are generic installation instructions. + + The `configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a `Makefile' in each directory of the package. +It may also create one or more `.h' files containing system-dependent +definitions. Finally, it creates a shell script `config.status' that +you can run in the future to recreate the current configuration, a file +`config.cache' that saves the results of its tests to speed up +reconfiguring, and a file `config.log' containing compiler output +(useful mainly for debugging `configure'). + + If you need to do unusual things to compile the package, please try +to figure out how `configure' could check whether to do them, and mail +diffs or instructions to the address given in the `README' so they can +be considered for the next release. If at some point `config.cache' +contains results you don't want to keep, you may remove or edit it. + + The file `configure.in' is used to create `configure' by a program +called `autoconf'. You only need `configure.in' if you want to change +it or regenerate `configure' using a newer version of `autoconf'. + +The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type + `./configure' to configure the package for your system. If you're + using `csh' on an old version of System V, you might need to type + `sh ./configure' instead to prevent `csh' from trying to execute + `configure' itself. + + Running `configure' takes a while. While running, it prints some + messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with + the package. + + 4. Type `make install' to install the programs and any data files and + documentation. + + 5. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is + also a `make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. You can give `configure' +initial values for variables by setting them in the environment. Using +a Bourne-compatible shell, you can do that on the command line like +this: + CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure + +Or on systems that have the `env' program, you can do it like this: + env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you must use a version of `make' that +supports the `VPATH' variable, such as GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. + + If you have to use a `make' that does not supports the `VPATH' +variable, you have to compile the package for one architecture at a time +in the source code directory. After you have installed the package for +one architecture, use `make distclean' before reconfiguring for another +architecture. + +Installation Names +================== + + By default, `make install' will install the package's files in +`/usr/local/bin', `/usr/local/man', etc. You can specify an +installation prefix other than `/usr/local' by giving `configure' the +option `--prefix=PATH'. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +give `configure' the option `--exec-prefix=PATH', the package will use +PATH as the prefix for installing programs and libraries. +Documentation and other data files will still use the regular prefix. + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + +Optional Features +================= + + Some packages pay attention to `--enable-FEATURE' options to +`configure', where FEATURE indicates an optional part of the package. +They may also pay attention to `--with-PACKAGE' options, where PACKAGE +is something like `gnu-as' or `x' (for the X Window System). The +`README' should mention any `--enable-' and `--with-' options that the +package recognizes. + + For packages that use the X Window System, `configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the `configure' options `--x-includes=DIR' and +`--x-libraries=DIR' to specify their locations. + +Specifying the System Type +========================== + + There may be some features `configure' can not figure out +automatically, but needs to determine by the type of host the package +will run on. Usually `configure' can figure that out, but if it prints +a message saying it can not guess the host type, give it the +`--host=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name with three fields: + CPU-COMPANY-SYSTEM + +See the file `config.sub' for the possible values of each field. If +`config.sub' isn't included in this package, then this package doesn't +need to know the host type. + + If you are building compiler tools for cross-compiling, you can also +use the `--target=TYPE' option to select the type of system they will +produce code for and the `--build=TYPE' option to select the type of +system on which you are compiling the package. + +Sharing Defaults +================ + + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. +`configure' looks for `PREFIX/share/config.site' if it exists, then +`PREFIX/etc/config.site' if it exists. Or, you can set the +`CONFIG_SITE' environment variable to the location of the site script. +A warning: not all `configure' scripts look for a site script. + +Operation Controls +================== + + `configure' recognizes the following options to control how it +operates. + +`--cache-file=FILE' + Use and save the results of the tests in FILE instead of + `./config.cache'. Set FILE to `/dev/null' to disable caching, for + debugging `configure'. + +`--help' + Print a summary of the options to `configure', and exit. + +`--quiet' +`--silent' +`-q' + Do not print messages saying which checks are being made. + +`--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + +`--version' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`configure' also accepts some other, not widely useful, options. + diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/orig/Makefile b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/orig/Makefile new file mode 100644 index 0000000..da1dc55 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/orig/Makefile @@ -0,0 +1,12 @@ +all: hello hello-static + +hello: hello.c + gcc hello.c -o hello + +hello-static: hello.c + gcc -static hello.c -o hello-static + +clean: + rm -f hello hello-static + +distclean: clean diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/orig/hello.c b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/orig/hello.c new file mode 100644 index 0000000..2fb04e1 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/build-spec/orig/hello.c @@ -0,0 +1,8 @@ +#include <stdio.h> +#include <stdlib.h> + +int main(int argc, char *argv[]) { + + printf("Hello, World!\n"); + exit(0); +} diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/eval/desc b/t/recipes/checks/binaries/debug-symbols/legacy-binary/eval/desc new file mode 100644 index 0000000..28e4772 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-binary +Check: binaries/debug-symbols diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/eval/hints b/t/recipes/checks/binaries/debug-symbols/legacy-binary/eval/hints new file mode 100644 index 0000000..19858fb --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/eval/hints @@ -0,0 +1 @@ +binary (binary): unstripped-binary-or-object [usr/bin/hello] diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-binary/eval/post-test b/t/recipes/checks/binaries/debug-symbols/legacy-binary/eval/post-test new file mode 100644 index 0000000..3deefd5 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-binary/eval/post-test @@ -0,0 +1,3 @@ +s/arch-dep-package-has-big-usr-share .*kB .*%/arch-dep-package-has-big-usr-share/ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/_symbols b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/_symbols new file mode 100644 index 0000000..46e6af1 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/_symbols @@ -0,0 +1,23 @@ + This line should flag a syntax error +# but this one shouldn't +| although this one should, but for a different reason + and so should this + +libhello.so.0 libhello0 #MINVER# +| libhello0c2 (>= 1.2) , libhelloc0c2 (<< 1.3) +| hello-dbg3| libhelloc0c3|foobar (= 1.2) |hello-dbg2 +| hello-dbg + hello@Base 1.0 +* Build-Dep-Foo: bar + hello2@Base 2.0 4 + hello3@Base 2.0 1 + hello3@Base 2.0 A + dummy + +libhello.so.2 libhello2 #MINVER# +* Build-Depends-Package: libbar +| libhello2 (>= 1:2.3) + hello@Base 2.0 + +libhello.so.0 libhello0 #MINVER# + duplicate@Base 1.0 diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/changelog.in b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/changelog.in new file mode 100644 index 0000000..02da925 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/changelog.in @@ -0,0 +1,13 @@ +debug ([% $version %]) [% $distribution %]; urgency=low + + * NMU. + (uploaded by the maintainer and with repeated version number) + + -- Russ Allbery <rra@debian.org> Tue, 4 Apr 2006 20:27:22 +0000 + +debug (1.0) unstable; urgency=low + + * Initial version. + + -- Russ Allbery <rra@debian.org> Sat, 4 Mar 2006 21:31:06 -0800 + diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/compat.in b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/control b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/control new file mode 100644 index 0000000..fcb2b86 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/control @@ -0,0 +1,85 @@ +Source: debug +Section: utils +Priority: optional +Maintainer: Russ Allbery <rra@debian.org> +Build-Depends: debhelper (>= 5.0.0) +Build-Depends-Indep: not-debhelper (>= 0.4.3) +Standards-Version: 3.7.0 + +Package: hello +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information + Lintian regression test for external debugging file handling. This test + contains the binary. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hello-dbg +Priority: optional +Section: debug +Architecture: any +Depends: hello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (symbols) + Lintian regression test for external debugging file handling. This test + contains the binary symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library) + Lintian regression test for external debugging file handling. This test + contains a library. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0-dbg +Section: debug +Priority: optional +Architecture: any +Depends: libhello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library symbols) + Lintian regression test for external debugging file handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hi-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0 +Description: Test for external debugging symbols + Lintian regression test for external debugging files handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + +Package: hello-hello-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0, hello +Description: Test for external debugging symbols - another try + Lintian regression test for external debugging files handling. This test + contains the library symbols. This package actually tests a combination of + the above. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/copyright b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/copyright new file mode 100644 index 0000000..5d4f6c2 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/copyright @@ -0,0 +1,4 @@ +Written Sat, 04 Mar 2006 21:30:01 -0800 by Russ Allbery <rra@debian.org>. + +Test for copyright in capital letters. (#464992) +COPYRIGHT RUSS ALLBERY 2006 diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/rules b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/rules new file mode 100755 index 0000000..b659895 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/debian/rules @@ -0,0 +1,99 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# This file is public domain software, originally written by Joey Hess. + +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +build-indep: + +build-arch: build-stamp + +build-stamp: + dh_testdir + $(CC) -D_REENTRANT -fPIC -c libhello.c + $(CC) -o libhello.so.0.0 -shared -Wl,-soname,libhello.so.0 libhello.o + ln -s libhello.so.0.0 libhello.so + $(CC) -o hello hello.c -L. -lhello + touch build-stamp + +build: build-arch build-indep + +clean: + dh_testdir + dh_testroot + rm -f build-stamp *.o libhello.so.0.0 libhello.so + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_clean -k + install -D hello $(CURDIR)/debian/hello/usr/bin/hello + install -D libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0.0 + ln -s libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0 + +# Build architecture-dependent files here. +export DH_OPTIONS +binary-arch: DH_OPTIONS=-a +binary-arch: build-stamp install + dh_testdir + dh_testroot + dh_installchangelogs -N hello-dbg + dh_installdocs + DH_OPTIONS= dh_strip -phello --dbg-package=hello-dbg + DH_OPTIONS= dh_strip -plibhello0 --dbg-package=libhello0-dbg + + # Now break a few things. Copy the debugging data into places it + # shouldn't be. + cp $(CURDIR)/debian/hello-dbg/usr/lib/debug/usr/bin/hello \ + $(CURDIR)/debian/hello/usr/bin/hello.dbg + cp $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/usr/lib/libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/libhello.so.dbg + + # Put a full copy of the library in libhello0-dbg in /usr/lib/debug, + # which is okay. + install -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/libhello.so.0.0 + + # Also put it in /usr/lib/debug/lib, which isn't. + install -D -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/lib/libhello.so.0.0 + + # Requires a versioned dependency. + dh_icons + + dh_link + dh_compress + dh_fixperms + dh_makeshlibs -X debug + dh_installdeb + dh_shlibdeps -X debug + + # We do this by hand as otherwise dpkg-gensymbols + # will error due to the broken symbols file + # and abort the build; similarly the file in + # the source tree is _symbols so that dpkg + # doesn't attempt to sanity check it + install -d $(CURDIR)/debian/libhello0/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/libhello0/DEBIAN/symbols + # hello doesn't contain any shlibs, but we + # make it contain a symbols file + install -d $(CURDIR)/debian/hello/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/hello/DEBIAN/symbols + + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: +binary: binary-indep binary-arch +.PHONY: build-arch build-indep build binary binary-indep binary-arch clean install diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/fill-values b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/fill-values new file mode 100644 index 0000000..79eebf1 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: legacy-debug +Source: debug +Default-Build-Depends: debhelper (>= 9.20151004~) +Dh-Compat-Level: 7 +Description: Legacy test "debug" diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/orig/hello.c b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/orig/hello.c new file mode 100644 index 0000000..76f8337 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/orig/hello.c @@ -0,0 +1,9 @@ +#include <stdlib.h> +#include "libhello.h" + +int +main(void) +{ + hello(); + exit(0); +} diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/orig/libhello.c b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/orig/libhello.c new file mode 100644 index 0000000..e2f8409 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/orig/libhello.c @@ -0,0 +1,7 @@ +#include <stdio.h> + +void +hello(void) +{ + printf("Hello, World!\n"); +} diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/orig/libhello.h b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/orig/libhello.h new file mode 100644 index 0000000..ef77476 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/build-spec/orig/libhello.h @@ -0,0 +1 @@ +void hello(void); diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/eval/desc b/t/recipes/checks/binaries/debug-symbols/legacy-debug/eval/desc new file mode 100644 index 0000000..2d3463a --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-debug +Check: binaries/debug-symbols diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/eval/hints b/t/recipes/checks/binaries/debug-symbols/legacy-debug/eval/hints new file mode 100644 index 0000000..44d7a55 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/eval/hints @@ -0,0 +1 @@ +hello (binary): unstripped-binary-or-object [usr/bin/hello.dbg] diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-debug/eval/post-test b/t/recipes/checks/binaries/debug-symbols/legacy-debug/eval/post-test new file mode 100644 index 0000000..fc97c5f --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-debug/eval/post-test @@ -0,0 +1,2 @@ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/changelog.in b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/changelog.in new file mode 100644 index 0000000..91a6bb5 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/changelog.in @@ -0,0 +1,6 @@ +libbaz ([% $version %]) [% $distribution %]; urgency=low + + * Initial setup + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Tue, 30 Jan 2001 15:23:59 -0800 + diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/compat.in b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/control b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/control new file mode 100644 index 0000000..1506687 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/control @@ -0,0 +1,58 @@ +Source: libbaz +Section: libs +Priority: optional +Maintainer: Lintian Maintainer <lintian-maint@debian.org> +Build-depends: debhelper (>=4) +Standards-Version: 3.2.1 + +Package: libbaz1 +Architecture: any +Provides: libbaz +Description: test handling of library packages + Regression test for lintian's handling of libraries. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz1-dev +Architecture: any +Depends: libbaz1 (= ${source:Version}), perlapi-5.8.8 +Description: development package + Regression test for lintian's handling of libraries (dev). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2 +Architecture: any +Depends: ${shlibs:Depends}, libssl0.9.8 +Description: test handling of library packages (good) + Regression test for lintian's handling of libraries (good). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2-dev +Architecture: any +Depends: ${shlibs:Depends}, libbaz2 (= ${source:Version}) +Description: development package (good) + Regression test for lintian's handling of libraries (dev good). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2-dbg +Architecture: any +Depends: libbaz2 (= ${binary:Version}) +Priority: optional +Description: debugging package + Regression test for lintian's handling of libraries (debug). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/copyright b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/copyright new file mode 100644 index 0000000..a874c87 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/copyright @@ -0,0 +1,8 @@ +This package is released under public domain. This is distributed in the hope +that it will be useful, but without any warranty; without even the implied +warranty of merchantability or fitness for a particular purpose. + +A reference to /usr/share/common-licenses/GPL-2 to make it look like this +package is under the GPL and trigger the OpenSSL warning. + +However, this has an OpenSSL exception. diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/dev.postinst b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/dev.postinst new file mode 100644 index 0000000..683e3cc --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/dev.postinst @@ -0,0 +1,4 @@ +#!/bin/sh -e + +$PKG=libbaz1-dev + diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/dev.prerm b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/dev.prerm new file mode 100644 index 0000000..683e3cc --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/dev.prerm @@ -0,0 +1,4 @@ +#!/bin/sh -e + +$PKG=libbaz1-dev + diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.postinst b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.postinst new file mode 100644 index 0000000..ec0b98a --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.postinst @@ -0,0 +1,10 @@ +#!/bin/sh -e + +$PKG=libbaz1 + +if [ "$1" = "configure" ]; then + if [ -d /usr/doc -a ! -e /usr/doc/$PKG -a -d /usr/share/doc/$PKG ] +; then + ln -sf ../share/doc/$PKG /usr/doc/$PKG + fi +fi diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.prerm b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.prerm new file mode 100644 index 0000000..50e37c3 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.prerm @@ -0,0 +1,7 @@ +#!/bin/sh -e + +$PKG=libbaz1 + +if [ \( "$1" = "upgrade" -o "$1" = "remove" \) -a -L /usr/doc/$PKG ]; then + rm -f /usr/doc/$PKG +fi diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.shlibs b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.shlibs new file mode 100644 index 0000000..b88e288 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.shlibs @@ -0,0 +1,8 @@ +libdoesntexist2 1.0 libbaz1 +libdoesntexist2 1.0 libbaz1 +libbaz2 1.1 libbaz +libbaz3 1 libbaz1 (>> 1-1) +libbaz4 1 libbaz1 (= 1-1) +libbaz5 1 libbaz2 +udeb: libdoesntexist2 1.0 libbaz2 +udeb: libdoesntexist2 1.0 libbaz2 diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.symbols b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.symbols new file mode 100644 index 0000000..72f9d8a --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/lib.symbols @@ -0,0 +1,3 @@ +libbaz.so.2 libbaz1 #MINVER# + pw 1-1 + foo 1.1-1 diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/rules b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/rules new file mode 100755 index 0000000..fa99bc8 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/rules @@ -0,0 +1,121 @@ +#!/usr/bin/make -f + +lib_tmp=debian/tmp-lib +dev_tmp=debian/tmp-dev + +LIB=libbaz1 +DEV=libbaz1-dev + +VENDORARCH := $(shell perl -MConfig -wE'say substr($$Config{vendorarch},1)') + +build-arch: + $(MAKE) + +build-indep: + +build: build-arch build-indep + +clean: + $(MAKE) clean + dh_clean -plibbaz2 -plibbaz2-dev + rm -f debian/files debian/substvars + rm -rf $(lib_tmp) $(dev_tmp) + +# Now the correct libbaz2-dev package +binary-correct: + install -d debian/libbaz2-dev/usr/lib + cp -a libbaz2.a libbaz2.so debian/libbaz2-dev/usr/lib + # usually, I'd also include some .h files to /usr/include + + # Now the correct libbaz2 package + install -d debian/libbaz2/usr/lib + cp -a libbaz2.so.* debian/libbaz2/usr/lib + chmod a-x debian/libbaz2/usr/lib/* + + # General stuff that is tested in other testsets: + dh_installdocs -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_compress -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + + # Mess up the libbaz2 changelog files to test the symlink handling. + ln -s /usr/share/doc/lintian/changelog.gz \ + debian/libbaz2/usr/share/doc/libbaz2/changelog.gz + install -m 644 debian/changelog \ + debian/libbaz2-dev/usr/share/doc/libbaz2-dev/foo + ln -s foo debian/libbaz2-dev/usr/share/doc/libbaz2-dev/changelog + + # Okay, if either line is omitted, it should be noted + dh_strip --dbg-package=libbaz2-dbg -plibbaz2 -plibbaz2-dev + dh_makeshlibs -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_shlibdeps -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + + # and again, regular packaging stuff + dh_installdeb -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + echo udeb: libbaz2 1.0 libbaz2 >> debian/libbaz2/DEBIAN/shlibs + dh_gencontrol -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_builddeb -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + +# and the incorrect one +binary-arch: build-arch binary-correct + # first, the lib package + install -d $(lib_tmp)/usr/lib + # resp. no soname (check), wrong soname (check), and no-pic (check) + cp -a libbaz1.so.1.0* $(lib_tmp)/usr/lib + cp -a libbaz2.so.1.0.3b $(lib_tmp)/usr/lib/libfoo2.so.1.0.3b + install -m644 libbaz3.so.1.0.3b $(lib_tmp)/usr/lib/libbaz3.so.1.0.3b + # let's include the .a in the non-dev too (TODO) + # Also, libbaz1.a hasn't a symbol table (TODO) + cp -a *.a $(lib_tmp)/usr/lib + # And a wrong .so symlink (wrong, only in -dev, TODO) + ln -s libfoo3.so.0.9 $(lib_tmp)/usr/lib/libfoo3.so + # And a wrong .so.X symlink (wrong, should point to a real existing + # shlib, TODO) + ln -s libfoo.so.0.9.1 $(lib_tmp)/usr/lib/libfoo.so.0.9 + # And a plain .so (wrong, TODO) + touch $(lib_tmp)/usr/lib/libbar2.so + # And a non-versioned SONAME. + install -m644 libbaz.so $(lib_tmp)/usr/lib/libbaz.so + strip --remove-section=.comment --strip-unneeded $(lib_tmp)/usr/lib/libbaz.so + # Pretend to be a Perl module to test a lack of Perl dependencies. + install -d $(lib_tmp)/$(VENDORARCH)/auto/Foo + install -m 644 libbaz2.so.1.0.3b $(lib_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + strip $(lib_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + + install -d $(lib_tmp)/usr/share/doc/$(LIB) + install -m 644 debian/copyright $(lib_tmp)/usr/share/doc/$(LIB) + install -m 644 debian/changelog $(lib_tmp)/usr/share/doc/$(LIB) + gzip -n -9 $(lib_tmp)/usr/share/doc/$(LIB)/changelog + install -d $(lib_tmp)/DEBIAN + install -m 755 debian/lib.postinst $(lib_tmp)/DEBIAN/postinst + install -m 755 debian/lib.prerm $(lib_tmp)/DEBIAN/prerm + touch $(lib_tmp)/usr/share/doc/README.Debian + #dpkg-shlibdeps $(lib_tmp)/usr/lib/libbaz.so.1.0 + install -m 755 debian/lib.shlibs $(lib_tmp)/DEBIAN/shlibs + install -m 755 debian/lib.symbols $(lib_tmp)/DEBIAN/symbols + dpkg-gencontrol -isp -p$(LIB) -P$(lib_tmp) + dpkg --build $(lib_tmp) .. + + # now the -dev package + install -d $(dev_tmp)/usr/include + install -d $(lib_tmp)/usr/lib + # let's also install the .so at the same time... (wrong, TODO) + cp -a *.a *.so.* $(lib_tmp)/usr/lib + # and fuck up permission (TODO) + chmod a+x $(lib_tmp)/usr/lib/*.a + # Pretend to be a Perl module to test a lack of Perl dependencies. + install -d $(dev_tmp)/$(VENDORARCH)/auto/Foo + install -m 644 libbaz2.so.1.0.3b $(dev_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + strip $(dev_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + install -d $(dev_tmp)/usr/share/doc + ln -s $(LIB) $(dev_tmp)/usr/share/doc/$(DEV) + install -d $(dev_tmp)/DEBIAN + install -m 755 debian/dev.postinst $(dev_tmp)/DEBIAN/postinst + install -m 755 debian/dev.prerm $(dev_tmp)/DEBIAN/prerm + dpkg-gencontrol -isp -p$(DEV) -P$(dev_tmp) + dpkg --build $(dev_tmp) .. + + +binary: binary-arch + +# The mention of binary-indep here should be sufficient to suppress the +# warning that it's not present. +.PHONY: build-arch build-indep build binary-arch binary-indep binary clean diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/source.lintian-overrides b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/source.lintian-overrides new file mode 100644 index 0000000..6008d27 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/debian/source.lintian-overrides @@ -0,0 +1 @@ +libbaz source: maintainer-script-lacks-debhelper-token diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/fill-values b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/fill-values new file mode 100644 index 0000000..7effe4f --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-non-native +Testname: legacy-libbaz +Source: libbaz +Version: 1-1 +Default-Build-Depends: debhelper (>= 9.20151004~) +Description: Legacy test "libbaz" diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/orig/Makefile b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/orig/Makefile new file mode 100644 index 0000000..657dc2a --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/orig/Makefile @@ -0,0 +1,55 @@ +# This is the correct way to build a lib + +CC=gcc +CFLAGS=-g -Wall -Winline -O2 +LDFLAGS=-Wl,--no-as-needed + +OBJS=baz.o extra.o +SHOBJS=baz.sho extra.sho +NOPICOBJS = $(SHOBJS) + +all: libbaz1.a libbaz2.a libbaz1.so.1.0.3b libbaz2.so libbaz3.so.1.0.3b \ + libbaz.so + +libbaz2.so: libbaz2.so.1.0 + ln -sf $^ $@ +libbaz2.so.1.0: libbaz2.so.1.0.3b + ln -sf $^ $@ + +# Oops, forget the soname altogether +libbaz1.so.1.0.3b: $(NOPICOBJS) + $(CC) $(LDFLAGS) -o $@ -shared $^ -lc + +libbaz2.so.1.0.3b: $(SHOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz2.so.1.0 $^ -lc + +# Non-PIC. We can't test this on all architectures +libbaz3.so.1.0.3b: $(NOPICOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz3.so.1 $^ -lc + +# Non-versioned SONAME. +libbaz.so: $(SHOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz.so $^ -lc + +#%.o-noreentrant: %.c +# $(CC) $(LDFLAGS) $(CFLAGS) -o $@ -c $< + +%.sho: %.c + $(CC) $(LDFLAGS) $(CFLAGS) -D_REENTRANT -fPIC -o $@ -c $< + +%.o: %.c + $(CC) $(LDFLAGS) $(CFLAGS) -D_REENTRANT -o $@ -c $< + +libbaz2.a: $(OBJS) + ar cq $@ $(OBJS) + strip --strip-unneeded --remove-section=.comment \ + --remove-section=-note $@ + ranlib $@ + +# The pic one in the .a (wrong), no archive table +libbaz1.a: $(SHOBJS) + ar cqS $@ $^ + strip --strip-unneeded --remove-section=.comment \ + --remove-section=-note $@ +clean: + rm -f *.a *.o *.so* *.sho diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/orig/baz.c b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/orig/baz.c new file mode 100644 index 0000000..4d5fc45 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/orig/baz.c @@ -0,0 +1,6 @@ +#include <math.h> + +double pw(double p) +{ + return exp(p); +} diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/orig/extra.c b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/orig/extra.c new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/build-spec/orig/extra.c diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/eval/desc b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/eval/desc new file mode 100644 index 0000000..27226a5 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-libbaz +Check: binaries/debug-symbols diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/eval/hints b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/eval/hints new file mode 100644 index 0000000..1215594 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/eval/hints @@ -0,0 +1,3 @@ +libbaz1 (binary): unstripped-binary-or-object [usr/lib/libfoo2.so.1.0.3b] +libbaz1 (binary): unstripped-binary-or-object [usr/lib/libbaz3.so.1.0.3b] +libbaz1 (binary): unstripped-binary-or-object [usr/lib/libbaz1.so.1.0.3b] diff --git a/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/eval/post-test b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/eval/post-test new file mode 100755 index 0000000..29dc3f4 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/legacy-libbaz/eval/post-test @@ -0,0 +1,4 @@ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ +s,usr/lib/([^\/]*/)?perl[0-9]*(/[0-9]*\.[0-9]*)?/,usr/lib/ma-dir/perl/version/,g +/: file-references-package-build-path / d diff --git a/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/debian/install b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/debian/install new file mode 100644 index 0000000..c10e578 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/debian/install @@ -0,0 +1 @@ +foreign-binary usr/bin diff --git a/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/debian/rules b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/debian/rules new file mode 100755 index 0000000..2ce6f53 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/debian/rules @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + # do not try to strip cross-compiled binaries with native tooling + +override_dh_shlibdeps: + # do not try to include missing libraries + +override_dh_dwz: + # cross-compiled binaries do not always seem to have a debug section + +# In Ubuntu, dh does not catch this file by default. +# They have diffed it to reduce the size of packages. +ifneq (,$(strip $(wildcard Changes))) +override_dh_installchangelogs: + dh_installchangelogs Changes +endif diff --git a/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/fill-values b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/fill-values new file mode 100644 index 0000000..24f607a --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: wrong-binary-architecture +Description: Binary architecture does not match package declaration +Package-Architecture: any +Extra-Build-Depends: + gcc-arm-linux-gnueabihf [amd64 i386], gcc-x86-64-linux-gnu [!amd64 !i386] diff --git a/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/orig/Makefile b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/orig/Makefile new file mode 100644 index 0000000..bf92eaf --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/orig/Makefile @@ -0,0 +1,37 @@ +# This test works on amd64 when the cross-compiler for armhf is installed. +# +# The build prerequisite was not added to Lintian, however, since it was +# not clear how the architecture would be enabled in the Gitlab CI +# runner. +# +# On amd64 or i386, please follow these steps to run the test: +# +# dpkg --add-architecture armhf +# apt update +# apt install gcc-arm-linux-gnueabihf +# +# On all other architectures this may work, but was not tested: +# +# dpkg --add-architecture amd64 +# apt update +# apt install gcc-x86-64-linux-gnu +# +# (Taken from: https://wiki.debian.org/CrossToolchains) + +ARCH := $(shell dpkg-architecture -qDEB_HOST_ARCH) + +ifeq ($(ARCH),amd64) +CC := arm-linux-gnueabihf-gcc +else +CC := x86_64-linux-gnu-gcc +endif + +foreign-binary: hello.c + $(CC) $^ -o $@ + +.PHONY: clean +clean: + rm -f foreign-binary + +.PHONY: clean +distclean: clean diff --git a/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/orig/hello.c b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/orig/hello.c new file mode 100644 index 0000000..2fb04e1 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/build-spec/orig/hello.c @@ -0,0 +1,8 @@ +#include <stdio.h> +#include <stdlib.h> + +int main(int argc, char *argv[]) { + + printf("Hello, World!\n"); + exit(0); +} diff --git a/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/eval/desc b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/eval/desc new file mode 100644 index 0000000..382b802 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/eval/desc @@ -0,0 +1,2 @@ +Testname: wrong-binary-architecture +Check: binaries/debug-symbols diff --git a/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/eval/hints b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/eval/hints new file mode 100644 index 0000000..1116da1 --- /dev/null +++ b/t/recipes/checks/binaries/debug-symbols/wrong-binary-architecture/eval/hints @@ -0,0 +1 @@ +wrong-binary-architecture (binary): unstripped-binary-or-object [usr/bin/foreign-binary] diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/fill-values b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/fill-values new file mode 100644 index 0000000..96dea07 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-hardening +Description: Check for missing hardening features +Package-Architecture: any diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/Makefile b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/Makefile new file mode 100644 index 0000000..f1e06f8 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/Makefile @@ -0,0 +1,35 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell ${CC} -no-pie 2>&1)),) + CCWEAK := ${CC} +else + CCWEAK := ${CC} -fno-pie -no-pie +endif + +all: weak.1 strong.1 + # Build without dpkg-buildflags. + $(CCWEAK) -o weak -g \ + -fno-stack-protector \ + -Wl,-z,norelro \ + -U_FORTIFY_SOURCE \ + hello.c + $(CC) -o strong \ + $(shell dpkg-buildflags --get CPPFLAGS) \ + $(shell dpkg-buildflags --get CFLAGS) \ + $(shell dpkg-buildflags --get LDFLAGS) \ + hello.c +%.1: base.pod + sed s/@NAME@/$(basename $@)/g < $< | \ + pod2man --name $(basename $@) --section 1 > $@ + +install: + install -d $(DESTDIR)/usr/bin/ + install -d $(DESTDIR)/usr/share/man/man1 + install -m 755 -c weak $(DESTDIR)/usr/bin/weak + install -m 755 -c strong $(DESTDIR)/usr/bin/strong + install -m 644 -c weak.1 $(DESTDIR)/usr/share/man/man1/weak.1 + install -m 644 -c strong.1 $(DESTDIR)/usr/share/man/man1/strong.1 + +clean distclean: + rm -f weak strong *.1 + +check test: diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/base.pod b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/base.pod new file mode 100644 index 0000000..1e900d7 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/base.pod @@ -0,0 +1,12 @@ +=head1 NAME + +@NAME@ -- binary that does something + +=head1 SYNOPSIS + + @NAME@ [options] + +=head1 DESCRIPTION + +@NAME@ does something very useful. + diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/hello.c b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/hello.c new file mode 100644 index 0000000..7b87bd7 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/build-spec/orig/hello.c @@ -0,0 +1,17 @@ +#include <stdio.h> + +void +report(char *string) +{ + char buf[80]; + int len; + + strcpy(buf, string); + fprintf(stdout, "Hello world from %s!\n%n", buf, &len); +} + +int +main(int argc, char *argv[]) +{ + report(argv[0]); +} diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/eval/desc b/t/recipes/checks/binaries/hardening/binaries-hardening/eval/desc new file mode 100644 index 0000000..92ef00e --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/eval/desc @@ -0,0 +1,3 @@ +Testname: binaries-hardening +Test-Architectures: amd64 i386 armhf arm64 +Check: binaries/hardening diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/eval/hints b/t/recipes/checks/binaries/hardening/binaries-hardening/eval/hints new file mode 100644 index 0000000..43f2544 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/eval/hints @@ -0,0 +1,4 @@ +binaries-hardening (binary): hardening-no-relro [usr/bin/weak] +binaries-hardening (binary): hardening-no-pie [usr/bin/weak] +binaries-hardening (binary): hardening-no-fortify-functions [usr/bin/weak] +binaries-hardening (binary): hardening-no-bindnow [usr/bin/weak] diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/eval/test-calibration b/t/recipes/checks/binaries/hardening/binaries-hardening/eval/test-calibration new file mode 100755 index 0000000..89c85ec --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/eval/test-calibration @@ -0,0 +1,53 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use lib "$ENV{LINTIAN_BASE}/lib"; + +use Lintian::Profile; + +my $PROFILE = Lintian::Profile->new; +$PROFILE->load('debian/main', [$ENV{'LINTIAN_BASE'}]); + +my %recommended_hardening_features + = %{$PROFILE->data->hardening_buildflags->recommended_features}; + +my ($expected, undef, $calibrated) = @ARGV; + +my $arch = `dpkg-architecture -qDEB_HOST_ARCH`; +chomp $arch; + +die "Unknown architecture: $arch" + unless exists $recommended_hardening_features{$arch}; + +open my $cfd, '>', $calibrated or die "open $calibrated: $!"; +open my $efd, '<', $expected or die "open $expected: $!"; + +while (my $line = <$efd>) { + my $dp = 0; + if ($line =~ m/^.: [^:]+: hardening-no-(\S+)/) { + + # hardening flag, but maybe not for this architecture + my $feature = $1; + + my %renames = ('fortify-functions' => 'fortify'); + my $renamed_feature = $renames{$feature} // $feature; + + $dp = 1 if $recommended_hardening_features{$arch}{$renamed_feature}; + } else { + # only calibrate hardening flags. + $dp = 1; + } + + print $cfd $line if $dp; +} + +close $efd; +close $cfd or die "close $expected: $!"; + +# Local Variables: +# indent-tabs-mode: nil +# cperl-indent-level: 4 +# End: +# vim: syntax=perl sw=4 sts=4 sr et diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/install b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/install new file mode 100644 index 0000000..c10e578 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/install @@ -0,0 +1 @@ +foreign-binary usr/bin diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/rules b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/rules new file mode 100755 index 0000000..2ce6f53 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/debian/rules @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + # do not try to strip cross-compiled binaries with native tooling + +override_dh_shlibdeps: + # do not try to include missing libraries + +override_dh_dwz: + # cross-compiled binaries do not always seem to have a debug section + +# In Ubuntu, dh does not catch this file by default. +# They have diffed it to reduce the size of packages. +ifneq (,$(strip $(wildcard Changes))) +override_dh_installchangelogs: + dh_installchangelogs Changes +endif diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/fill-values b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/fill-values new file mode 100644 index 0000000..24f607a --- /dev/null +++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: wrong-binary-architecture +Description: Binary architecture does not match package declaration +Package-Architecture: any +Extra-Build-Depends: + gcc-arm-linux-gnueabihf [amd64 i386], gcc-x86-64-linux-gnu [!amd64 !i386] diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/Makefile b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/Makefile new file mode 100644 index 0000000..bf92eaf --- /dev/null +++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/Makefile @@ -0,0 +1,37 @@ +# This test works on amd64 when the cross-compiler for armhf is installed. +# +# The build prerequisite was not added to Lintian, however, since it was +# not clear how the architecture would be enabled in the Gitlab CI +# runner. +# +# On amd64 or i386, please follow these steps to run the test: +# +# dpkg --add-architecture armhf +# apt update +# apt install gcc-arm-linux-gnueabihf +# +# On all other architectures this may work, but was not tested: +# +# dpkg --add-architecture amd64 +# apt update +# apt install gcc-x86-64-linux-gnu +# +# (Taken from: https://wiki.debian.org/CrossToolchains) + +ARCH := $(shell dpkg-architecture -qDEB_HOST_ARCH) + +ifeq ($(ARCH),amd64) +CC := arm-linux-gnueabihf-gcc +else +CC := x86_64-linux-gnu-gcc +endif + +foreign-binary: hello.c + $(CC) $^ -o $@ + +.PHONY: clean +clean: + rm -f foreign-binary + +.PHONY: clean +distclean: clean diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/hello.c b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/hello.c new file mode 100644 index 0000000..2fb04e1 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/build-spec/orig/hello.c @@ -0,0 +1,8 @@ +#include <stdio.h> +#include <stdlib.h> + +int main(int argc, char *argv[]) { + + printf("Hello, World!\n"); + exit(0); +} diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/desc b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/desc new file mode 100644 index 0000000..b5d2db5 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/desc @@ -0,0 +1,2 @@ +Testname: wrong-binary-architecture +Check: binaries/hardening diff --git a/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/hints b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/hints new file mode 100644 index 0000000..68d4010 --- /dev/null +++ b/t/recipes/checks/binaries/hardening/wrong-binary-architecture/eval/hints @@ -0,0 +1 @@ +wrong-binary-architecture (binary): hardening-no-bindnow [usr/bin/foreign-binary] diff --git a/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/debian/compat.in b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/debian/control.in b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/debian/control.in new file mode 100644 index 0000000..1c522b3 --- /dev/null +++ b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/debian/control.in @@ -0,0 +1,17 @@ +Source: [% $source %] +Priority: optional +Section: devel +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %], perl +Rules-Requires-Root: no + +Package: libbasic2 +Architecture: [% $package_architecture %] +Section: libs +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: [% $description %] + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/debian/libbasic2.symbols b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/debian/libbasic2.symbols new file mode 100644 index 0000000..c67f613 --- /dev/null +++ b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/debian/libbasic2.symbols @@ -0,0 +1,4 @@ +libbasic.so.2 libbasic2 #MINVER# + do_open@Base 1.0 + lib_interface@Base 1.0 + zz_open@Base 1.0 diff --git a/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/fill-values b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/fill-values new file mode 100644 index 0000000..b6b9ca6 --- /dev/null +++ b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: binaries-missing-lfs +Default-Build-Depends: debhelper (>= 9.20151004~) +Dh-Compat-Level: 9 +Description: Test for missing lfs +Package-Architecture: any diff --git a/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/orig/Makefile b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/orig/Makefile new file mode 100644 index 0000000..637a9ca --- /dev/null +++ b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/orig/Makefile @@ -0,0 +1,12 @@ +all: + gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -fPIC -shared -Wl,-z,defs -Wl,-soname,libbasic.so.2 -o libbasic.so.2 lfs.c basic.c + +install: + # install it under the correct triplet directory + install -d $(DESTDIR)/usr/lib/ + install -m 644 -c -s libbasic.so.2 $(DESTDIR)/usr/lib/libbasic.so.2 + +clean distclean: + rm -f libbasic.so.2 + +check test: diff --git a/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/orig/basic.c b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/orig/basic.c new file mode 100644 index 0000000..3d12fde --- /dev/null +++ b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/orig/basic.c @@ -0,0 +1,27 @@ +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +static void +hardening_trigger(char *p, int i, void (*f)(char *)) +{ + char test[10]; + memcpy(test, p, i); + f(test); + printf("%s", test); +} + +int +lib_interface(void) +{ + printf("Hello world!\n"); + hardening_trigger(NULL, 0, NULL); + return 0; +} + +int +do_open (char *file) { + return open (file, O_RDONLY); +} diff --git a/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/orig/lfs.c b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/orig/lfs.c new file mode 100644 index 0000000..04fe113 --- /dev/null +++ b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/build-spec/orig/lfs.c @@ -0,0 +1,10 @@ +#define _FILE_OFFSET_BITS 64 + +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +int +zz_open (char *file) { + return open (file, O_RDONLY); +} diff --git a/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/eval/desc b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/eval/desc new file mode 100644 index 0000000..65404ca --- /dev/null +++ b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/eval/desc @@ -0,0 +1,3 @@ +Testname: binaries-missing-lfs +Test-Architectures: i386 armhf +Check: binaries/large-file-support diff --git a/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/eval/hints b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/eval/hints new file mode 100644 index 0000000..beba8ae --- /dev/null +++ b/t/recipes/checks/binaries/large-file-support/binaries-missing-lfs/eval/hints @@ -0,0 +1 @@ +libbasic2 (binary): binary-file-built-without-LFS-support [usr/lib/libbasic.so.2] diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/NEWS.Debian b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/NEWS.Debian new file mode 100644 index 0000000..29f561c --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/NEWS.Debian @@ -0,0 +1,12 @@ +binary (4-1.1) UNRELEASED; urgency=high + + This is a Debian NEWS entry that isn't encoded properly in UTF-8: ü. + It also has a usefull speling error. + + -- Russ Allbery <rra@debian.org> Sun, 14 Oct 2007 17:11:36 -0700 + +binary (1) unstable; urgency=low + + This is another entry but this one isn't syntactically valid. + + -- Russ Allbery 2007-10-14 diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/README.Debian b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/README.Debian new file mode 100644 index 0000000..94bcc0a --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/README.Debian @@ -0,0 +1,5 @@ +this is a binary package to test lintian's handling of bins. +Check handling of D-Bus and dbus (neither of which should produce +warnings). + + -- Russ Allbery <rra@debian.org>, Wed, 6 Feb 2008 18:35:11 -0800 diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/changelog.in b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/changelog.in new file mode 100644 index 0000000..39301d6 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/changelog.in @@ -0,0 +1,47 @@ +binary ([% $version %]) [% $distribution %]; urgency=low + + * I'm doing an comaintainer-upload, acknowledging a NMU, but with a version + number which suggests I'm doing a NMU myself. + + Lintian-maintainers: Please don't update this changelog, otherwise you'll + probably break the checks/nmu checks. + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Sun, 18 Apr 2004 01:49:42 +0200 + +binary (4-1) unstable; urgency=low + + * Weird version number for the new check for accidents with native + packaging. + * Date was fixed by BR and this test was put on changelog-file-strange-date + due to dpkg bug, see #794674. + + -- Marc 'HE' Brockschmidt <he@debian.org> Thu, 15 Apr 2004 23:33:51 +0200 + +binary (4) unstable; urgency=low + + * Add big file to /usr/share to trigger the big-usr-share check + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Fri, 27 Feb 2004 10:15:59 +0100 + +binary (3) unstable; urgency=unlimited + + * Add some bogus menu entries using su-to-root in a bogus way + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Thu, 12 Feb 2004 20:11:22 +0100 + +binary (2) unstable; urgency=low + + * Added an INSTALL document which policy 6.3 suggests not to do + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Tue, 30 Jan 2001 15:23:59 -0800 + +binary (1) unstable; urgency=low + + * hello.c added + * hello-static is same as hello, but compiled statically + * added a menu entry which lacks a Section + * added a postinst + * postinst calls suidregister which is no longer policy compliant + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Wed, 10 Jan 2001 08:55:34 -0800 + diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/conffiles b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/conffiles new file mode 100644 index 0000000..d1a0843 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/conffiles @@ -0,0 +1 @@ +/etc/menu-methods/lintian diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/control b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/control new file mode 100644 index 0000000..c797357 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/control @@ -0,0 +1,42 @@ +Source: binary +Section: misc +Priority: optional +Maintainer: Lintian Maintainers <lintian-maint@debian.org> +Uploaders: Co-maintainer one <one@debian.org>, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>, Co-maintainer three <three@debian.org> +Standards-Version: 3.2.1 +Homepage: http://lintian.debian.org/ +Vcs-Svn: http://svn.wolffelaar.nl/lintian/trunk +XS-Vcs-Browser: http://svn.wolffelaar.nl/lintian/trunk +XS-Dm-Upload-Allowed: yes + +Package: binary +Architecture: any +Pre-Depends: ${shlibs:Depends}, xorg, binary-data (= ${source:Version}), libssl0.9.8 +Homepage: <http://lintian.debian.org/> +Vcs-Svn: http://svn.wolffelaar.nl/lintian/trunk +Description: test handling of binary files + Regression test for lintian's handling of binary files for debian. This + is checked for picky spelling errors. + . + This package list [ subversion | gconf ] should not be flagged as a spelling + mistake. The spelling correction for dont should be correct. + . + Homepage: http://lintian.debian.org/ + +Package: binary-data +Architecture: all +Depends: binary (= ${source:Version}), libssl-not-openssl, + libssl0.9.8 | or-something-else +Description: test handling of binary relationships + Regression test for lintian's checking of package relationships between + arch:any and arch:all packages. + . + This mention of subversion should be flagged as a spelling mistake. + +#Package: binary-comment +#Architecture: space-almonds +#Depends: * +#Depends: * +#Description: test comment support +# Yes, comments are actually allowed in debian/control, so none of the +# above should produce errors. diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/copyright b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/copyright new file mode 100644 index 0000000..1d6806d --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/copyright @@ -0,0 +1,15 @@ +hello.c is released under public domain. This is distributed in the hope that +it will be useful, but without any warranty; without even the implied warranty +of merchantability or fitness for a particular purpose. + +A reference to /usr/share/common-licenses/GPL-2 to make it look like this +package is under the GPL and trigger the OpenSSL warning. + +Test for old FSF address: + +Free Software Foundation, Inc., 59 Temple Place - Suite 330, +Boston, MA 02111-1307, USA. + +Test for deprecated nätionäl äncoding. + +Improper capitalization of linux or debian isn't caught here. diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/doc-base b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/doc-base new file mode 100644 index 0000000..7e5b38f --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/doc-base @@ -0,0 +1,41 @@ +Document: binary!docs +Title: Broken debian binary doc-base control file +Author: Russ Allbery +Abstract: This control file exercises various tests of doc-base control + files, including several things that aren't tested yet. The third and + fourth one has trailing whitespace. + . + This section has a speling error and bad ® character. + . + The above separator was fine. +Section: Non/Existant +Unknown: Some field + + + +Format: debiandoc-sgML +Files: /usr/share/doc/binary/binary.sgml.gz +Unknown: Some field + +Format: ESP +Index: /usr/share/doc/binary/binary.txt + +Index: /usr/share/doc/binary/html/index.html + /usr/share/doc/binary/html/ch1.html + /usr/share/doc/binary/html/ch4.html + + +Format: HTML +Index: /usr/share/doc/binary/html/index.html +Files: /usr/share/doc/binary/html/ch?.h*l + /usr/share/doc/binary/hml/*.html + +Format: inFO +Files: /usr/share/info/binary.info.gz + +Format: HTML +Index: /usr/share/doc/binary/html/index.html +Files: /usr/share/doc/binary/html/ch5.html + /usr/share/doc/binary/html/ch6.html + + diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/goodbye.desktop b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/goodbye.desktop new file mode 100644 index 0000000..f6ce8e3 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/goodbye.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Name:Goodbye +# Name=Goodbye +Comment=Say hello! +SpecialTag=This doesn't exist! +Exec=goodbye +icon=hello +Terminal=true +Type=Application +Categories=WeirdStuff;Screensaver; +Encoding=ISO-10646-1 +[Other Entry] +Name=Goodbye diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/hello.desktop b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/hello.desktop new file mode 100644 index 0000000..f795468 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/hello.desktop @@ -0,0 +1,14 @@ +# some random comment + +# [Foo Bar] +[KDE Desktop Entry] +Name=Hello +Name[en_US]=Hello +Comment=Say hello!
+Exec=kdesu hello +Icon=hello +Terminal=true +Type=Application +Categories=GNOME;GTK;System;Applet;X-Foo;Settings; +Encoding=UTF-8 +OnlyShowIn=GNOME; diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/menu b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/menu new file mode 100644 index 0000000..e8972f4 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/menu @@ -0,0 +1,26 @@ +?package(binary):needs=text title="Hello World" command="/usr/bin/hello" +?package(binary):needs=text section="Applications/System" title="Run cfdisk (0)" command="/usr/bin/su-to-root cfdisk" +?package(binary):needs="text" section="Applications/System/Hardware" title="Run cfdisk (1)" command="sux -p cfdisk" +?package(binary):needs="x11" section="Window Managers" title="Run xfdisk" command="/usr/sbin/su-to-root -c xfdisk" +?package(binary):needs="wm" section="Applications/System/Administration" title="Run fdisk-wm" command="su-to-root -c hello" +?package(binary):section="Apps/Games" title="I'm not root!" command="su-to-root -c imnothere" +?package(binary):needs="text" section="Apps/System" title="I'm not here!" command="/imnothere" +?package(binary,other-binary):\ + needs="text"\ + section="Applications/Shells"\ + title="more than one required"\ + command="other-bin -s omething" +?package(binary):needs="wmmodule" section="WindowManagers/Modules" title="somemodule" command="ModuleCmd" +?package(binary):needs="wmmodule" section="FVWM Modules" title="somemodule" command="ModuleCmd" +?package(binary):needs="text" section="Applications/System/Administration" title="I'm not in /usr/bin!" command="iminusrbin" +?package(binary):needs="text"\ + section="Applications/System/Administration"\ + title="I'm not root!" command="su-to-root -c imnothere" +?package(binary):needs="text" section="Applications/System/Administration"\ + title="Run cfdisk (0)" command="cfdisk" +?package(binary):needs="text" section="Applications/System/Administration" title="Hello World" command="/usr/bin/hello" +?package(binary):needs="wm" section="FVWM Modules" title="Fake Module" command="hello" +?package(binary):needs="fvwmmodule" section="Window Maker" title="Fake Module"\ + command="hello" +?package(binary):needs="x11" section="Applications/System/Hardware" title="Run xfdisk" command="su-to-root -c 'xfdisk -f'" +?package(binary):needs="text" section="Applications/System/Administration" title="foo" command="sh /path/to/foo" diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/menu-method b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/menu-method new file mode 100644 index 0000000..9f07bd7 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/menu-method @@ -0,0 +1,22 @@ +#!/usr/bin/install-menu + +# -*- mode: shell-script; -*- +#I need menu-1! +# + +!include notmenu.h + +compat="menu-2" + +outputencoding="UTF-8"; +outputlanguage="C"; + +x11 = AppEntry("false"); +text = AppEntry("true"); + +startmenu = ""; +endmenu = ""; +submenutitle = ""; +rootprefix = "/var/lib/lintian/menu"; +userprefix = ".local/share/lintian/menu"; + diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/postinst b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/postinst new file mode 100644 index 0000000..29e1861 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/postinst @@ -0,0 +1,6 @@ +#! /bin/bash -e + +if [ $1 eq 'configure' ] +then + suidregister hello-static root root 4755 +fi diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/rules b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/rules new file mode 100755 index 0000000..a962ea9 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/rules @@ -0,0 +1,92 @@ +#!/usr/bin/make -f + +tmp=debian/tmp + +# This reference to $(PWD) should not cause an error but the one below +# should. +build-arch: + make + echo $(PWD) + +build: build-arch + +clean: + make -i clean + [ ! -f debian/files ] || rm -f debian/files + [ ! -f debian/substvars ] || rm -f debian/substvars + [ ! -d debian/tmp ] || rm -rf debian/tmp + [ ! -d debian/binary ] || rm -rf debian/binary + [ ! -d debian/binary-data ] || rm -rf debian/binary-data + +binary-arch: build + install -d $(tmp)/usr/bin + install -d $(tmp)/boot/hello + install -m 755 hello $(tmp)/usr/bin + touch $(tmp)/usr/bin/iminusrbin + chmod 755 $(tmp)/usr/bin/iminusrbin + install -m 755 hello-static $(tmp)/usr/bin + strip $(tmp)/usr/bin/hello-static + install -m 755 hello-static $(tmp)/usr/bin/hello.static + strip --remove-section=.comment --remove-section=.note $(tmp)/usr/bin/hello.static + ln $(tmp)/usr/bin/hello.static $(tmp)/usr/bin/static-hello + install -m 755 hello-static $(tmp)/boot/hello + strip --remove-section=.comment --remove-section=.note $(tmp)/boot/hello/hello-static + install -d $(tmp)/usr/share/doc/binary + install -m 644 INSTALL $(tmp)/usr/share/doc/binary + install -d $(tmp)/usr/share/doc/binary/html + echo '<html></html>' > $(tmp)/usr/share/doc/binary/html/index.html + echo '<html></html>' > $(tmp)/usr/share/doc/binary/html/ch1.html + ln -s ../html/./ch1.html $(tmp)/usr/share/doc/binary/html/ch2.html + ln -s /usr/share/doc/binary/htm/ch1.html $(tmp)/usr/share/doc/binary/html/ch3.html + echo '<html></html>' > $(tmp)/usr/share/doc/binary/html/ch5.html + ln $(tmp)/usr/share/doc/binary/html/ch5.html \ + $(tmp)/usr/share/doc/binary/html/ch6.html + install -d $(tmp)/usr/share/menu + install -d $(tmp)/usr/lib/menu + install -d $(tmp)/usr/share/binary + install -m 644 debian/menu $(tmp)/usr/share/menu/binary + install -m 644 debian/menu $(tmp)/usr/lib/menu/binary + install -d $(tmp)/etc/menu-methods + install -m 755 debian/menu-method $(tmp)/etc/menu-methods/lintian + install -d $(tmp)/usr/share/doc-base + install -m 644 debian/doc-base $(tmp)/usr/share/doc-base/binary + touch '$(tmp)/usr/share/doc-base/space ' + install -m 644 debian/README.Debian $(tmp)/usr/share/doc/binary + install -m 644 debian/NEWS.Debian $(tmp)/usr/share/doc/binary + gzip -n -9 $(tmp)/usr/share/doc/binary/NEWS.Debian + install -m 644 debian/copyright $(tmp)/usr/share/doc/binary + install -m 644 debian/changelog $(tmp)/usr/share/doc/binary + #gzip -n -9 $(tmp)/usr/share/doc/binary/changelog + install -d $(tmp)/DEBIAN + install -m 755 debian/postinst $(tmp)/DEBIAN + install -m 644 debian/conffiles $(tmp)/DEBIAN + + install -d $(tmp)/usr/share/applications + install -m 644 debian/hello.desktop \ + $(tmp)/usr/share/applications/hello.desktop + install -m 755 debian/goodbye.desktop \ + $(tmp)/usr/share/applications/goodbye.desktop + + # should be ok... + echo boe > $(tmp)/usr/bar + ln $(tmp)/usr/bar $(tmp)/usr/foo + # but this isn't + echo boe > $(tmp)/usr/bar2 + ln $(tmp)/usr/bar2 $(tmp)/usr/share/baz + + dd if=/dev/zero of=$(tmp)/usr/share/binary/largefile bs=1024 count=4000 + + install -d debian/binary-data/DEBIAN + install -d debian/binary-data/usr/share/doc + ln -s binary debian/binary-data/usr/share/doc/binary-data + + dpkg-shlibdeps $(tmp)/usr/bin/hello + dpkg-gencontrol -pbinary -isp + dpkg-gencontrol -pbinary-data -Pdebian/binary-data -isp + + dpkg --build debian/tmp .. + dpkg --build debian/binary-data .. + +binary: binary-arch + +.PHONY: build-arch build binary-arch binary clean diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/debian/templates b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/templates new file mode 100644 index 0000000..3d92861 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/debian/templates @@ -0,0 +1,16 @@ +# The debconf templates defined here are the sort that you'd use if +# providing a wordlist and an ispell dictionary for the language +# "perl". This shouldn't trigger warnings about not using debconf-po. + +Template: shared/packages-ispell +Type: text +Description: + +Template: shared/packages-wordlist +Type: text +Description: + +Template: miscfiles/languages +Type: text +Default: perl (Pathologically Eclectic Rubbish Lister) +Description: diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/fill-values b/t/recipes/checks/binaries/legacy-binary/build-spec/fill-values new file mode 100644 index 0000000..b503871 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/fill-values @@ -0,0 +1,5 @@ +Skeleton: upload-non-native +Testname: legacy-binary +Source: binary +Version: 4-1.1 +Description: Legacy test "binary" diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/orig/INSTALL b/t/recipes/checks/binaries/legacy-binary/build-spec/orig/INSTALL new file mode 100644 index 0000000..3b50ea9 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/orig/INSTALL @@ -0,0 +1,176 @@ +Basic Installation +================== + + These are generic installation instructions. + + The `configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a `Makefile' in each directory of the package. +It may also create one or more `.h' files containing system-dependent +definitions. Finally, it creates a shell script `config.status' that +you can run in the future to recreate the current configuration, a file +`config.cache' that saves the results of its tests to speed up +reconfiguring, and a file `config.log' containing compiler output +(useful mainly for debugging `configure'). + + If you need to do unusual things to compile the package, please try +to figure out how `configure' could check whether to do them, and mail +diffs or instructions to the address given in the `README' so they can +be considered for the next release. If at some point `config.cache' +contains results you don't want to keep, you may remove or edit it. + + The file `configure.in' is used to create `configure' by a program +called `autoconf'. You only need `configure.in' if you want to change +it or regenerate `configure' using a newer version of `autoconf'. + +The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type + `./configure' to configure the package for your system. If you're + using `csh' on an old version of System V, you might need to type + `sh ./configure' instead to prevent `csh' from trying to execute + `configure' itself. + + Running `configure' takes a while. While running, it prints some + messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with + the package. + + 4. Type `make install' to install the programs and any data files and + documentation. + + 5. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is + also a `make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. You can give `configure' +initial values for variables by setting them in the environment. Using +a Bourne-compatible shell, you can do that on the command line like +this: + CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure + +Or on systems that have the `env' program, you can do it like this: + env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you must use a version of `make' that +supports the `VPATH' variable, such as GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. + + If you have to use a `make' that does not supports the `VPATH' +variable, you have to compile the package for one architecture at a time +in the source code directory. After you have installed the package for +one architecture, use `make distclean' before reconfiguring for another +architecture. + +Installation Names +================== + + By default, `make install' will install the package's files in +`/usr/local/bin', `/usr/local/man', etc. You can specify an +installation prefix other than `/usr/local' by giving `configure' the +option `--prefix=PATH'. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +give `configure' the option `--exec-prefix=PATH', the package will use +PATH as the prefix for installing programs and libraries. +Documentation and other data files will still use the regular prefix. + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + +Optional Features +================= + + Some packages pay attention to `--enable-FEATURE' options to +`configure', where FEATURE indicates an optional part of the package. +They may also pay attention to `--with-PACKAGE' options, where PACKAGE +is something like `gnu-as' or `x' (for the X Window System). The +`README' should mention any `--enable-' and `--with-' options that the +package recognizes. + + For packages that use the X Window System, `configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the `configure' options `--x-includes=DIR' and +`--x-libraries=DIR' to specify their locations. + +Specifying the System Type +========================== + + There may be some features `configure' can not figure out +automatically, but needs to determine by the type of host the package +will run on. Usually `configure' can figure that out, but if it prints +a message saying it can not guess the host type, give it the +`--host=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name with three fields: + CPU-COMPANY-SYSTEM + +See the file `config.sub' for the possible values of each field. If +`config.sub' isn't included in this package, then this package doesn't +need to know the host type. + + If you are building compiler tools for cross-compiling, you can also +use the `--target=TYPE' option to select the type of system they will +produce code for and the `--build=TYPE' option to select the type of +system on which you are compiling the package. + +Sharing Defaults +================ + + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. +`configure' looks for `PREFIX/share/config.site' if it exists, then +`PREFIX/etc/config.site' if it exists. Or, you can set the +`CONFIG_SITE' environment variable to the location of the site script. +A warning: not all `configure' scripts look for a site script. + +Operation Controls +================== + + `configure' recognizes the following options to control how it +operates. + +`--cache-file=FILE' + Use and save the results of the tests in FILE instead of + `./config.cache'. Set FILE to `/dev/null' to disable caching, for + debugging `configure'. + +`--help' + Print a summary of the options to `configure', and exit. + +`--quiet' +`--silent' +`-q' + Do not print messages saying which checks are being made. + +`--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + +`--version' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`configure' also accepts some other, not widely useful, options. + diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/orig/Makefile b/t/recipes/checks/binaries/legacy-binary/build-spec/orig/Makefile new file mode 100644 index 0000000..da1dc55 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/orig/Makefile @@ -0,0 +1,12 @@ +all: hello hello-static + +hello: hello.c + gcc hello.c -o hello + +hello-static: hello.c + gcc -static hello.c -o hello-static + +clean: + rm -f hello hello-static + +distclean: clean diff --git a/t/recipes/checks/binaries/legacy-binary/build-spec/orig/hello.c b/t/recipes/checks/binaries/legacy-binary/build-spec/orig/hello.c new file mode 100644 index 0000000..2fb04e1 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/build-spec/orig/hello.c @@ -0,0 +1,8 @@ +#include <stdio.h> +#include <stdlib.h> + +int main(int argc, char *argv[]) { + + printf("Hello, World!\n"); + exit(0); +} diff --git a/t/recipes/checks/binaries/legacy-binary/eval/desc b/t/recipes/checks/binaries/legacy-binary/eval/desc new file mode 100644 index 0000000..849f27d --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-binary +Check: binaries diff --git a/t/recipes/checks/binaries/legacy-binary/eval/hints b/t/recipes/checks/binaries/legacy-binary/eval/hints new file mode 100644 index 0000000..472a768 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/eval/hints @@ -0,0 +1 @@ +binary (binary): binary-has-unneeded-section .comment [usr/bin/hello-static] diff --git a/t/recipes/checks/binaries/legacy-binary/eval/post-test b/t/recipes/checks/binaries/legacy-binary/eval/post-test new file mode 100644 index 0000000..3deefd5 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-binary/eval/post-test @@ -0,0 +1,3 @@ +s/arch-dep-package-has-big-usr-share .*kB .*%/arch-dep-package-has-big-usr-share/ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/changelog.in b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/changelog.in new file mode 100644 index 0000000..91a6bb5 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/changelog.in @@ -0,0 +1,6 @@ +libbaz ([% $version %]) [% $distribution %]; urgency=low + + * Initial setup + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Tue, 30 Jan 2001 15:23:59 -0800 + diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/compat.in b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/control b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/control new file mode 100644 index 0000000..1506687 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/control @@ -0,0 +1,58 @@ +Source: libbaz +Section: libs +Priority: optional +Maintainer: Lintian Maintainer <lintian-maint@debian.org> +Build-depends: debhelper (>=4) +Standards-Version: 3.2.1 + +Package: libbaz1 +Architecture: any +Provides: libbaz +Description: test handling of library packages + Regression test for lintian's handling of libraries. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz1-dev +Architecture: any +Depends: libbaz1 (= ${source:Version}), perlapi-5.8.8 +Description: development package + Regression test for lintian's handling of libraries (dev). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2 +Architecture: any +Depends: ${shlibs:Depends}, libssl0.9.8 +Description: test handling of library packages (good) + Regression test for lintian's handling of libraries (good). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2-dev +Architecture: any +Depends: ${shlibs:Depends}, libbaz2 (= ${source:Version}) +Description: development package (good) + Regression test for lintian's handling of libraries (dev good). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2-dbg +Architecture: any +Depends: libbaz2 (= ${binary:Version}) +Priority: optional +Description: debugging package + Regression test for lintian's handling of libraries (debug). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/copyright b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/copyright new file mode 100644 index 0000000..a874c87 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/copyright @@ -0,0 +1,8 @@ +This package is released under public domain. This is distributed in the hope +that it will be useful, but without any warranty; without even the implied +warranty of merchantability or fitness for a particular purpose. + +A reference to /usr/share/common-licenses/GPL-2 to make it look like this +package is under the GPL and trigger the OpenSSL warning. + +However, this has an OpenSSL exception. diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/dev.postinst b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/dev.postinst new file mode 100644 index 0000000..683e3cc --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/dev.postinst @@ -0,0 +1,4 @@ +#!/bin/sh -e + +$PKG=libbaz1-dev + diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/dev.prerm b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/dev.prerm new file mode 100644 index 0000000..683e3cc --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/dev.prerm @@ -0,0 +1,4 @@ +#!/bin/sh -e + +$PKG=libbaz1-dev + diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.postinst b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.postinst new file mode 100644 index 0000000..ec0b98a --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.postinst @@ -0,0 +1,10 @@ +#!/bin/sh -e + +$PKG=libbaz1 + +if [ "$1" = "configure" ]; then + if [ -d /usr/doc -a ! -e /usr/doc/$PKG -a -d /usr/share/doc/$PKG ] +; then + ln -sf ../share/doc/$PKG /usr/doc/$PKG + fi +fi diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.prerm b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.prerm new file mode 100644 index 0000000..50e37c3 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.prerm @@ -0,0 +1,7 @@ +#!/bin/sh -e + +$PKG=libbaz1 + +if [ \( "$1" = "upgrade" -o "$1" = "remove" \) -a -L /usr/doc/$PKG ]; then + rm -f /usr/doc/$PKG +fi diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.shlibs b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.shlibs new file mode 100644 index 0000000..b88e288 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.shlibs @@ -0,0 +1,8 @@ +libdoesntexist2 1.0 libbaz1 +libdoesntexist2 1.0 libbaz1 +libbaz2 1.1 libbaz +libbaz3 1 libbaz1 (>> 1-1) +libbaz4 1 libbaz1 (= 1-1) +libbaz5 1 libbaz2 +udeb: libdoesntexist2 1.0 libbaz2 +udeb: libdoesntexist2 1.0 libbaz2 diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.symbols b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.symbols new file mode 100644 index 0000000..72f9d8a --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/lib.symbols @@ -0,0 +1,3 @@ +libbaz.so.2 libbaz1 #MINVER# + pw 1-1 + foo 1.1-1 diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/rules b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/rules new file mode 100755 index 0000000..fa99bc8 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/rules @@ -0,0 +1,121 @@ +#!/usr/bin/make -f + +lib_tmp=debian/tmp-lib +dev_tmp=debian/tmp-dev + +LIB=libbaz1 +DEV=libbaz1-dev + +VENDORARCH := $(shell perl -MConfig -wE'say substr($$Config{vendorarch},1)') + +build-arch: + $(MAKE) + +build-indep: + +build: build-arch build-indep + +clean: + $(MAKE) clean + dh_clean -plibbaz2 -plibbaz2-dev + rm -f debian/files debian/substvars + rm -rf $(lib_tmp) $(dev_tmp) + +# Now the correct libbaz2-dev package +binary-correct: + install -d debian/libbaz2-dev/usr/lib + cp -a libbaz2.a libbaz2.so debian/libbaz2-dev/usr/lib + # usually, I'd also include some .h files to /usr/include + + # Now the correct libbaz2 package + install -d debian/libbaz2/usr/lib + cp -a libbaz2.so.* debian/libbaz2/usr/lib + chmod a-x debian/libbaz2/usr/lib/* + + # General stuff that is tested in other testsets: + dh_installdocs -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_compress -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + + # Mess up the libbaz2 changelog files to test the symlink handling. + ln -s /usr/share/doc/lintian/changelog.gz \ + debian/libbaz2/usr/share/doc/libbaz2/changelog.gz + install -m 644 debian/changelog \ + debian/libbaz2-dev/usr/share/doc/libbaz2-dev/foo + ln -s foo debian/libbaz2-dev/usr/share/doc/libbaz2-dev/changelog + + # Okay, if either line is omitted, it should be noted + dh_strip --dbg-package=libbaz2-dbg -plibbaz2 -plibbaz2-dev + dh_makeshlibs -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_shlibdeps -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + + # and again, regular packaging stuff + dh_installdeb -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + echo udeb: libbaz2 1.0 libbaz2 >> debian/libbaz2/DEBIAN/shlibs + dh_gencontrol -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_builddeb -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + +# and the incorrect one +binary-arch: build-arch binary-correct + # first, the lib package + install -d $(lib_tmp)/usr/lib + # resp. no soname (check), wrong soname (check), and no-pic (check) + cp -a libbaz1.so.1.0* $(lib_tmp)/usr/lib + cp -a libbaz2.so.1.0.3b $(lib_tmp)/usr/lib/libfoo2.so.1.0.3b + install -m644 libbaz3.so.1.0.3b $(lib_tmp)/usr/lib/libbaz3.so.1.0.3b + # let's include the .a in the non-dev too (TODO) + # Also, libbaz1.a hasn't a symbol table (TODO) + cp -a *.a $(lib_tmp)/usr/lib + # And a wrong .so symlink (wrong, only in -dev, TODO) + ln -s libfoo3.so.0.9 $(lib_tmp)/usr/lib/libfoo3.so + # And a wrong .so.X symlink (wrong, should point to a real existing + # shlib, TODO) + ln -s libfoo.so.0.9.1 $(lib_tmp)/usr/lib/libfoo.so.0.9 + # And a plain .so (wrong, TODO) + touch $(lib_tmp)/usr/lib/libbar2.so + # And a non-versioned SONAME. + install -m644 libbaz.so $(lib_tmp)/usr/lib/libbaz.so + strip --remove-section=.comment --strip-unneeded $(lib_tmp)/usr/lib/libbaz.so + # Pretend to be a Perl module to test a lack of Perl dependencies. + install -d $(lib_tmp)/$(VENDORARCH)/auto/Foo + install -m 644 libbaz2.so.1.0.3b $(lib_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + strip $(lib_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + + install -d $(lib_tmp)/usr/share/doc/$(LIB) + install -m 644 debian/copyright $(lib_tmp)/usr/share/doc/$(LIB) + install -m 644 debian/changelog $(lib_tmp)/usr/share/doc/$(LIB) + gzip -n -9 $(lib_tmp)/usr/share/doc/$(LIB)/changelog + install -d $(lib_tmp)/DEBIAN + install -m 755 debian/lib.postinst $(lib_tmp)/DEBIAN/postinst + install -m 755 debian/lib.prerm $(lib_tmp)/DEBIAN/prerm + touch $(lib_tmp)/usr/share/doc/README.Debian + #dpkg-shlibdeps $(lib_tmp)/usr/lib/libbaz.so.1.0 + install -m 755 debian/lib.shlibs $(lib_tmp)/DEBIAN/shlibs + install -m 755 debian/lib.symbols $(lib_tmp)/DEBIAN/symbols + dpkg-gencontrol -isp -p$(LIB) -P$(lib_tmp) + dpkg --build $(lib_tmp) .. + + # now the -dev package + install -d $(dev_tmp)/usr/include + install -d $(lib_tmp)/usr/lib + # let's also install the .so at the same time... (wrong, TODO) + cp -a *.a *.so.* $(lib_tmp)/usr/lib + # and fuck up permission (TODO) + chmod a+x $(lib_tmp)/usr/lib/*.a + # Pretend to be a Perl module to test a lack of Perl dependencies. + install -d $(dev_tmp)/$(VENDORARCH)/auto/Foo + install -m 644 libbaz2.so.1.0.3b $(dev_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + strip $(dev_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + install -d $(dev_tmp)/usr/share/doc + ln -s $(LIB) $(dev_tmp)/usr/share/doc/$(DEV) + install -d $(dev_tmp)/DEBIAN + install -m 755 debian/dev.postinst $(dev_tmp)/DEBIAN/postinst + install -m 755 debian/dev.prerm $(dev_tmp)/DEBIAN/prerm + dpkg-gencontrol -isp -p$(DEV) -P$(dev_tmp) + dpkg --build $(dev_tmp) .. + + +binary: binary-arch + +# The mention of binary-indep here should be sufficient to suppress the +# warning that it's not present. +.PHONY: build-arch build-indep build binary-arch binary-indep binary clean diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/source.lintian-overrides b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/source.lintian-overrides new file mode 100644 index 0000000..6008d27 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/debian/source.lintian-overrides @@ -0,0 +1 @@ +libbaz source: maintainer-script-lacks-debhelper-token diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/fill-values b/t/recipes/checks/binaries/legacy-libbaz/build-spec/fill-values new file mode 100644 index 0000000..7effe4f --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-non-native +Testname: legacy-libbaz +Source: libbaz +Version: 1-1 +Default-Build-Depends: debhelper (>= 9.20151004~) +Description: Legacy test "libbaz" diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/orig/Makefile b/t/recipes/checks/binaries/legacy-libbaz/build-spec/orig/Makefile new file mode 100644 index 0000000..657dc2a --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/orig/Makefile @@ -0,0 +1,55 @@ +# This is the correct way to build a lib + +CC=gcc +CFLAGS=-g -Wall -Winline -O2 +LDFLAGS=-Wl,--no-as-needed + +OBJS=baz.o extra.o +SHOBJS=baz.sho extra.sho +NOPICOBJS = $(SHOBJS) + +all: libbaz1.a libbaz2.a libbaz1.so.1.0.3b libbaz2.so libbaz3.so.1.0.3b \ + libbaz.so + +libbaz2.so: libbaz2.so.1.0 + ln -sf $^ $@ +libbaz2.so.1.0: libbaz2.so.1.0.3b + ln -sf $^ $@ + +# Oops, forget the soname altogether +libbaz1.so.1.0.3b: $(NOPICOBJS) + $(CC) $(LDFLAGS) -o $@ -shared $^ -lc + +libbaz2.so.1.0.3b: $(SHOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz2.so.1.0 $^ -lc + +# Non-PIC. We can't test this on all architectures +libbaz3.so.1.0.3b: $(NOPICOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz3.so.1 $^ -lc + +# Non-versioned SONAME. +libbaz.so: $(SHOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz.so $^ -lc + +#%.o-noreentrant: %.c +# $(CC) $(LDFLAGS) $(CFLAGS) -o $@ -c $< + +%.sho: %.c + $(CC) $(LDFLAGS) $(CFLAGS) -D_REENTRANT -fPIC -o $@ -c $< + +%.o: %.c + $(CC) $(LDFLAGS) $(CFLAGS) -D_REENTRANT -o $@ -c $< + +libbaz2.a: $(OBJS) + ar cq $@ $(OBJS) + strip --strip-unneeded --remove-section=.comment \ + --remove-section=-note $@ + ranlib $@ + +# The pic one in the .a (wrong), no archive table +libbaz1.a: $(SHOBJS) + ar cqS $@ $^ + strip --strip-unneeded --remove-section=.comment \ + --remove-section=-note $@ +clean: + rm -f *.a *.o *.so* *.sho diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/orig/baz.c b/t/recipes/checks/binaries/legacy-libbaz/build-spec/orig/baz.c new file mode 100644 index 0000000..4d5fc45 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/orig/baz.c @@ -0,0 +1,6 @@ +#include <math.h> + +double pw(double p) +{ + return exp(p); +} diff --git a/t/recipes/checks/binaries/legacy-libbaz/build-spec/orig/extra.c b/t/recipes/checks/binaries/legacy-libbaz/build-spec/orig/extra.c new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/build-spec/orig/extra.c diff --git a/t/recipes/checks/binaries/legacy-libbaz/eval/desc b/t/recipes/checks/binaries/legacy-libbaz/eval/desc new file mode 100644 index 0000000..4f8811d --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-libbaz +Check: binaries diff --git a/t/recipes/checks/binaries/legacy-libbaz/eval/hints b/t/recipes/checks/binaries/legacy-libbaz/eval/hints new file mode 100644 index 0000000..7f3f70c --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/eval/hints @@ -0,0 +1,2 @@ +libbaz1-dev (binary): binary-has-unneeded-section .comment [usr/lib/ma-dir/perl/version/auto/Foo/Foo.so] +libbaz1 (binary): binary-has-unneeded-section .comment [usr/lib/ma-dir/perl/version/auto/Foo/Foo.so] diff --git a/t/recipes/checks/binaries/legacy-libbaz/eval/post-test b/t/recipes/checks/binaries/legacy-libbaz/eval/post-test new file mode 100755 index 0000000..29dc3f4 --- /dev/null +++ b/t/recipes/checks/binaries/legacy-libbaz/eval/post-test @@ -0,0 +1,4 @@ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ +s,usr/lib/([^\/]*/)?perl[0-9]*(/[0-9]*\.[0-9]*)?/,usr/lib/ma-dir/perl/version/,g +/: file-references-package-build-path / d diff --git a/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/debian/compat.in b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/debian/control.in b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/debian/control.in new file mode 100644 index 0000000..91b453f --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/debian/control.in @@ -0,0 +1,53 @@ +Source: [% $source %] +Priority: optional +Section: libs +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: no + +Package: libmultiarch-none-dev +Architecture: any +Section: libdevel +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: [% $description %] (M-A: none) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + This package does not specify a Multi-Arch field. + +Package: libmultiarch-foreign-dev +Architecture: any +Section: libdevel +Depends: ${shlibs:Depends}, ${misc:Depends} +Multi-Arch: foreign +Description: [% $description %] (M-A: foreign) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + This package specifies Multi-Arch: foreign. + +Package: libmultiarch-same-dev +Architecture: any +Section: libdevel +Depends: ${shlibs:Depends}, ${misc:Depends} +Multi-Arch: same +Description: [% $description %] (M-A: same) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + This package specifies Multi-Arch: same. + +Package: libmultiarch-contrib-dev +Architecture: any +Section: contrib/libdevel +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: [% $description %] (contrib) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + This package is in the contrib/libdevel section. diff --git a/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/debian/rules b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/debian/rules new file mode 100755 index 0000000..fe4db63 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/debian/rules @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +include /usr/share/dpkg/buildflags.mk + +%: + dh $@ + +override_dh_auto_install: + set -e; for X in none same foreign contrib; do \ + install -d debian/libmultiarch-$$X-dev/usr/bin; \ + install -d debian/libmultiarch-$$X-dev/var/lib/private; \ + install -m 755 true debian/libmultiarch-$$X-dev/usr/bin/$$X; \ + install -m 755 true debian/libmultiarch-$$X-dev/var/lib/private/$$X; \ + install -m 755 script debian/libmultiarch-$$X-dev/usr/bin/$$X-script; \ + install -m 755 script debian/libmultiarch-$$X-dev/var/lib/private/$$X-script; \ + done + +override_dh_strip: + # Avoid symbol conflicts warnings + dh_strip --no-automatic-dbgsym diff --git a/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/fill-values b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/fill-values new file mode 100644 index 0000000..929c501 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/fill-values @@ -0,0 +1,5 @@ +Skeleton: upload-native +Testname: binaries-development-package-ships-elf-binary-in-path +Description: Test for development packages shipping ELF binaries in $PATH +Default-Build-Depends: debhelper (>= 9.20160114~) +Dh-Compat-Level: 9 diff --git a/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/orig/Makefile b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/orig/Makefile new file mode 100644 index 0000000..a877dfd --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/orig/Makefile @@ -0,0 +1,7 @@ +all: + gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o true true.c + +clean distclean: + rm -f true + +check test: diff --git a/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/orig/script b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/orig/script new file mode 100755 index 0000000..c52d3c2 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/orig/script @@ -0,0 +1,3 @@ +#!/bin/sh + +exit 0 diff --git a/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/orig/true.c b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/orig/true.c new file mode 100644 index 0000000..8479e67 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/build-spec/orig/true.c @@ -0,0 +1,5 @@ +int +main(void) +{ + return 0; +} diff --git a/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/eval/desc b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/eval/desc new file mode 100644 index 0000000..0d0db95 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-development-package-ships-elf-binary-in-path +Check: binaries/location diff --git a/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/eval/hints b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/eval/hints new file mode 100644 index 0000000..ad80dad --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-development-package-ships-elf-binary-in-path/eval/hints @@ -0,0 +1,5 @@ +libmultiarch-same-dev (binary): development-package-ships-elf-binary-in-path [usr/bin/same] +libmultiarch-same-dev (binary): arch-dependent-file-not-in-arch-specific-directory [var/lib/private/same] +libmultiarch-same-dev (binary): arch-dependent-file-not-in-arch-specific-directory [usr/bin/same] +libmultiarch-none-dev (binary): development-package-ships-elf-binary-in-path [usr/bin/none] +libmultiarch-contrib-dev (binary): development-package-ships-elf-binary-in-path [usr/bin/contrib] diff --git a/t/recipes/checks/binaries/location/binaries-general/build-spec/debian/rules b/t/recipes/checks/binaries/location/binaries-general/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-general/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/location/binaries-general/build-spec/fill-values b/t/recipes/checks/binaries/location/binaries-general/build-spec/fill-values new file mode 100644 index 0000000..a24247d --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-general +Description: Misc errors related to binaries +Package-Architecture: any diff --git a/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/Makefile b/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/Makefile new file mode 100644 index 0000000..cf0f211 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,/usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,/usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,/usr/share/foo + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,/usr/lib/binaries-general:/usr/lib/binaries-general/bar + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/basic.c b/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> +#include <string.h> + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/getbuildid b/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-general/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include <stdio.h> + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/location/binaries-general/eval/desc b/t/recipes/checks/binaries/location/binaries-general/eval/desc new file mode 100644 index 0000000..74bbf38 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-general/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-general +Check: binaries/location diff --git a/t/recipes/checks/binaries/location/binaries-general/eval/hints b/t/recipes/checks/binaries/location/binaries-general/eval/hints new file mode 100644 index 0000000..ae43fff --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-general/eval/hints @@ -0,0 +1,2 @@ +binaries-general (binary): arch-dependent-file-in-usr-share [usr/share/foo/basicdebug] +binaries-general (binary): arch-dependent-file-in-usr-share [usr/share/foo/basic] diff --git a/t/recipes/checks/binaries/location/binaries-general/eval/post-test b/t/recipes/checks/binaries/location/binaries-general/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-general/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d diff --git a/t/recipes/checks/binaries/location/binaries-misplaced/build-spec/debian/rules b/t/recipes/checks/binaries/location/binaries-misplaced/build-spec/debian/rules new file mode 100755 index 0000000..a3ab46d --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-misplaced/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +pkg=binaries-misplaced +%: + dh $@ + +override_dh_install: + mkdir -p debian/$(pkg)/etc/ + cp -a /bin/true debian/$(pkg)/etc/foo + # explicitly call dh_shlibdeps since debhelper is being + # "smart" and not calling it in newer versions (8.9.something) + dh_shlibdeps + dh_install diff --git a/t/recipes/checks/binaries/location/binaries-misplaced/build-spec/fill-values b/t/recipes/checks/binaries/location/binaries-misplaced/build-spec/fill-values new file mode 100644 index 0000000..6f79eab --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-misplaced/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: binaries-misplaced +Description: Test binaries in /etc diff --git a/t/recipes/checks/binaries/location/binaries-misplaced/eval/desc b/t/recipes/checks/binaries/location/binaries-misplaced/eval/desc new file mode 100644 index 0000000..5e2795a --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-misplaced/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-misplaced +Check: binaries/location diff --git a/t/recipes/checks/binaries/location/binaries-misplaced/eval/hints b/t/recipes/checks/binaries/location/binaries-misplaced/eval/hints new file mode 100644 index 0000000..91f0ef7 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-misplaced/eval/hints @@ -0,0 +1 @@ +binaries-misplaced (binary): binary-in-etc [etc/foo] diff --git a/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/debian/compat.in b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/debian/control.in b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/debian/control.in new file mode 100644 index 0000000..2efaa33 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/debian/control.in @@ -0,0 +1,25 @@ +Source: [% $source %] +Priority: optional +Section: libs +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: no + +Package: libbasic2 +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends}, multiarch-support +Depends: ${misc:Depends}, ${shlibs:Depends} +Multi-Arch: same +Description: [% $description %] + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + Note there is an explicitly pre-depends on multiarch-support, since + older versions of debhelper might not use it yet. dpkg-dev will + remove the duplicate entry (if any). + + + diff --git a/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/debian/libbasic2.symbols b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/debian/libbasic2.symbols new file mode 100644 index 0000000..c2b8fb3 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/debian/libbasic2.symbols @@ -0,0 +1,2 @@ +libbasic.so.2 libbasic2 #MINVER# + lib_interface@Base 1.0 diff --git a/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/fill-values b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/fill-values new file mode 100644 index 0000000..c508b75 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: binaries-multiarch-same +Package-Architecture: any +Default-Build-Depends: debhelper (>= 9.20151004~) +Dh-Compat-Level: 9 +Description: Test of multiarch same package with unsafe binaries diff --git a/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/orig/Makefile b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/orig/Makefile new file mode 100644 index 0000000..ad7783b --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/orig/Makefile @@ -0,0 +1,12 @@ + +all: + gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -fPIC -shared -Wl,-z,defs -Wl,-soname,libbasic.so.2 -o libbasic.so.2 basic.c + +install: + install -d $(DESTDIR)/usr/lib/ + install -m 644 -c -s libbasic.so.2 $(DESTDIR)/usr/lib/libbasic.so.2 + +clean distclean: + rm -f libbasic.so.2 + +check test: diff --git a/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/orig/basic.c b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/orig/basic.c new file mode 100644 index 0000000..27e93fc --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-multiarch-same/build-spec/orig/basic.c @@ -0,0 +1,19 @@ +#include <stdio.h> +#include <string.h> + +static void +hardening_trigger(char *p, int i, void (*f)(char *)) +{ + char test[10]; + memcpy(test, p, i); + f(test); + printf("%s", test); +} + +int +lib_interface(void) +{ + printf("Hello world!\n"); + hardening_trigger(NULL, 0, NULL); + return 0; +} diff --git a/t/recipes/checks/binaries/location/binaries-multiarch-same/eval/desc b/t/recipes/checks/binaries/location/binaries-multiarch-same/eval/desc new file mode 100644 index 0000000..50a4f57 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-multiarch-same/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-multiarch-same +Check: binaries/location diff --git a/t/recipes/checks/binaries/location/binaries-multiarch-same/eval/hints b/t/recipes/checks/binaries/location/binaries-multiarch-same/eval/hints new file mode 100644 index 0000000..b482a07 --- /dev/null +++ b/t/recipes/checks/binaries/location/binaries-multiarch-same/eval/hints @@ -0,0 +1 @@ +libbasic2 (binary): arch-dependent-file-not-in-arch-specific-directory [usr/lib/libbasic.so.2] diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/fill-values b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/fill-values new file mode 100644 index 0000000..b7493a0 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-obsolete-des +Description: Check detection of obsolete DES functions +Package-Architecture: any diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/Makefile b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/Makefile new file mode 100644 index 0000000..99409d2 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/Makefile @@ -0,0 +1,52 @@ +# Makefile for the obsolete-des tests. + +# glibc 2.28 and greater try to prevent new programs from being linked +# against the obsolete functions we're testing for. This can be worked +# around, but we have to know the exact "symbol version" associated with +# the obsolete functions, which has to be dug out of libcrypt.so with nm. + +LIBCRYPT_FILE := $(shell $(CC) $(CFLAGS) $(LDFLAGS) -print-file-name=libcrypt.so) + +SYMVER := $(shell nm --dynamic --with-symbol-versions $(LIBCRYPT_FILE) | \ + grep ' setkey@' | cut -d@ -f2) + +# The output of the above nm | grep | cut pipeline will be the empty string +# if it is possible to link programs against 'setkey' without special magic, +# and a nonempty string if special magic is required. All five of the +# functions we are testing were introduced in the same release of glibc and +# disabled for new programs as a group in a single release of glibc, so it +# is only necessary to check how one of them is handled. +ifneq "$(SYMVER)" "" +SYMVER_DEFINE := -DSYMVER=\"$(SYMVER)\" +else +SYMVER_DEFINE := -USYMVER +endif + +CFLAGS := $(shell dpkg-buildflags --get CFLAGS) +CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) $(SYMVER_DEFINE) +LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) + +PROGRAMS := uses-fcrypt uses-encrypt uses-encrypt_r uses-setkey uses-setkey_r +MANPAGES := $(PROGRAMS:=.1) + +all: $(PROGRAMS) $(MANPAGES) + +uses-%: uses-%.o + $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ -lcrypt + +%.1: dummy.pod + sed s/@NAME@/$(@F)/g < $< | \ + pod2man --name $(@F) --section 1 > $@ + +install: all + $(INSTALL) -d $(DESTDIR)/usr/bin + $(INSTALL) -d $(DESTDIR)/usr/share/man/man1 + $(INSTALL) -m 755 $(PROGRAMS) $(DESTDIR)/usr/bin + $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)/usr/share/man/man1 + +clean distclean: + -rm -f *.o $(PROGRAMS) $(MANPAGES) + +check test: + +.PRECIOUS: $(PROGRAMS:=.o) diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/dummy.pod b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/dummy.pod new file mode 100644 index 0000000..224df4a --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/dummy.pod @@ -0,0 +1,11 @@ +=head1 NAME + +@NAME@ -- binary that does something + +=head1 SYNOPSIS + + @NAME@ [options] + +=head1 DESCRIPTION + +@NAME@ does something very useful. diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt.c new file mode 100644 index 0000000..b6ca062 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt.c @@ -0,0 +1,30 @@ +/* This program uses the obsolete function 'encrypt', which performs + DES encryption. */ + +#define _GNU_SOURCE 1 +#include <unistd.h> +#include <string.h> +#include <stdio.h> + +/* The prototype of 'encrypt' may already have been removed from + unistd.h. */ +extern void encrypt(char block[64], int edflag); + +/* It may already not be possible to link new programs that use + 'encrypt' without special magic. */ +#ifdef SYMVER +__asm__ (".symver encrypt, encrypt@" SYMVER); +#endif + +int +main(void) +{ + char block[64]; + memset(block, 0, sizeof block); + encrypt(block, 0); + for (size_t i = 0; i < sizeof block; i++) { + putchar(block[i] ? '1' : '0'); + } + putchar('\n'); + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt_r.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt_r.c new file mode 100644 index 0000000..a382624 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt_r.c @@ -0,0 +1,33 @@ +/* This program uses the obsolete function 'encrypt_r', which performs + DES encryption. */ + +#define _GNU_SOURCE 1 +#include <crypt.h> +#include <string.h> +#include <stdio.h> + +/* The prototype of 'encrypt_r' may already have been removed from + crypt.h. */ +extern void encrypt_r(char block[64], int edflag, struct crypt_data *data); + +/* It may already not be possible to link new programs that use + 'encrypt_r' without special magic. */ +#ifdef SYMVER +__asm__ (".symver encrypt_r, encrypt_r@" SYMVER); +#endif + +int +main(void) +{ + struct crypt_data data; + char block[64]; + + memset(&data, 0, sizeof data); + memset(block, 0, sizeof block); + encrypt_r(block, 0, &data); + for (size_t i = 0; i < sizeof block; i++) { + putchar(block[i] ? '1' : '0'); + } + putchar('\n'); + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-fcrypt.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-fcrypt.c new file mode 100644 index 0000000..d71a837 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-fcrypt.c @@ -0,0 +1,21 @@ +/* This program uses the obsolete function 'fcrypt', + which is an alias for 'crypt'. */ + +#include <crypt.h> +#include <stdio.h> + +/* The prototype may already have been removed from crypt.h. */ +extern char *fcrypt(const char *, const char *); + +/* It may already not be possible to link new programs that use + 'fcrypt' without special magic. */ +#ifdef SYMVER +__asm__ (".symver fcrypt, fcrypt@" SYMVER); +#endif + +int +main(void) +{ + puts(fcrypt("password", "Dn")); + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey.c new file mode 100644 index 0000000..bdf70b0 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey.c @@ -0,0 +1,45 @@ +/* This program uses the obsolete function 'setkey', which sets a key for + DES encryption. */ + +#define _GNU_SOURCE 1 +#include <stdlib.h> +#include <errno.h> +#include <stdio.h> + +/* The prototype of 'setkey' may already have been removed from + stdlib.h. */ +extern void setkey(const char *); + + +/* It may already not be possible to link new programs that use + 'setkey' without special magic. */ +#ifdef SYMVER +__asm__ (".symver setkey, setkey@" SYMVER); +#endif + +/* setkey uses a 1-bit-per-byte representation of a DES key. + Yes, really. */ +const char key[64] = { + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, +}; + +int +main(void) +{ + /* The primary effects of calling 'setkey' are only visible by + calling 'encrypt', and we don't want to call 'encrypt' in this + program because we want to make sure Lintian detects programs + that call 'setkey' but not 'encrypt', even though that doesn't + make a whole lot of sense. So we just call it and then check + whether it changed errno, which is the documented way to check + whether it failed. */ + errno = 0; + setkey(key); + if (errno) { + perror("setkey"); + } + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey_r.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey_r.c new file mode 100644 index 0000000..3ad3f35 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey_r.c @@ -0,0 +1,48 @@ +/* This program uses the obsolete function 'setkey_r', which sets a key for + DES encryption. */ + +#define _GNU_SOURCE 1 +#include <crypt.h> +#include <errno.h> +#include <stdio.h> +#include <string.h> + +/* The prototype of 'setkey_r' may already have been removed from + crypt.h. */ +extern void setkey_r(const char *, struct crypt_data *); + +/* It may already not be possible to link new programs that use + 'setkey_r' without special magic. */ +#ifdef SYMVER +__asm__ (".symver setkey_r, setkey_r@" SYMVER); +#endif + +/* setkey_r uses a 1-bit-per-byte representation of a DES key. + Yes, really. */ +const char key[64] = { + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, +}; + +int +main(void) +{ + struct crypt_data data; + memset(&data, 0, sizeof data); + + /* The primary effects of calling 'setkey_r' are only visible by + calling 'encrypt_r', and we don't want to call 'encrypt_r' in + this program because we want to make sure Lintian detects + programs that call 'setkey_r' but not 'encrypt_r', even though + that doesn't make a whole lot of sense. So we just call it and + then check whether it changed errno, which is the documented + way to check whether it failed. */ + errno = 0; + setkey_r(key, &data); + if (errno) { + perror("setkey_r"); + } + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/desc b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/desc new file mode 100644 index 0000000..0ceced0 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-obsolete-des +Check: binaries/obsolete/crypt diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/hints b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/hints new file mode 100644 index 0000000..a49c520 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/hints @@ -0,0 +1,5 @@ +binaries-obsolete-des (binary): obsolete-des-encryption setkey_r [usr/bin/uses-setkey_r] +binaries-obsolete-des (binary): obsolete-des-encryption setkey [usr/bin/uses-setkey] +binaries-obsolete-des (binary): obsolete-des-encryption encrypt_r [usr/bin/uses-encrypt_r] +binaries-obsolete-des (binary): obsolete-des-encryption encrypt [usr/bin/uses-encrypt] +binaries-obsolete-des (binary): obsolete-crypt-alias fcrypt [usr/bin/uses-fcrypt] diff --git a/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/debian/rules new file mode 100755 index 0000000..fab80fa --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/debian/rules @@ -0,0 +1,9 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +# dwz errors out; no .debug_info section present due to -nostdlib +override_dh_dwz: diff --git a/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/fill-values new file mode 100644 index 0000000..88f75cb --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-libc-link +Description: Binaries not linked against libc +Package-Architecture: any diff --git a/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/orig/Makefile b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/orig/Makefile new file mode 100644 index 0000000..daa4159 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/orig/Makefile @@ -0,0 +1,35 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +LINKER_FLAGS := -Wl,--no-copy-dt-needed-entries,--no-as-needed + +all: basic basic.1 libbasic-nodeps libbasic-nolibc + +basic.1: basic.pod + pod2man --section 1 $< > $@ + +basic: basic.o + $(CC) -nostdlib -o$@ $< $(LINKER_FLAGS) -lm $(LFLAGS) + +libbasic-nodeps: basic.o + $(CC) -nostdlib --shared -o$@ $< + +libbasic-nolibc: basic.o + $(CC) -nostdlib --shared -o$@ $< $(LINKER_FLAGS) -lm + +install: + install -d $(DESTDIR)/usr/bin + install -d $(DESTDIR)/usr/lib/basic + install -d $(DESTDIR)/usr/share/man/man1 + install -m 755 -c basic $(DESTDIR)/usr/bin/basic + install -m 755 -c libbasic-* $(DESTDIR)/usr/lib/basic + install -m 644 -c basic.1 $(DESTDIR)/usr/share/man/man1 + +clean distclean: + rm -f basic libbasic-* basic.1 + +check test: diff --git a/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/orig/basic.c b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/orig/basic.c new file mode 100644 index 0000000..77bc677 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/orig/basic.c @@ -0,0 +1,5 @@ +int +main(void) +{ + return 0; +} diff --git a/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/orig/basic.pod b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/orig/basic.pod new file mode 100644 index 0000000..d395e96 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/build-spec/orig/basic.pod @@ -0,0 +1,14 @@ +=head1 NAME + +basic -- segfaults + +=head1 SYNOPSIS + + basic + +=head1 DESCRIPTION + +It tends to seg. fault, but if it doesn't it will return 0 like +/bin/true. + +=cut diff --git a/t/recipes/checks/binaries/prerequisites/binaries-libc-link/eval/desc b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/eval/desc new file mode 100644 index 0000000..66097cf --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-libc-link +Check: binaries/prerequisites diff --git a/t/recipes/checks/binaries/prerequisites/binaries-libc-link/eval/hints b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/eval/hints new file mode 100644 index 0000000..59ab437 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/eval/hints @@ -0,0 +1,3 @@ +binaries-libc-link (binary): shared-library-lacks-prerequisites [usr/lib/basic/libbasic-nodeps] +binaries-libc-link (binary): program-not-linked-against-libc [usr/bin/basic] +binaries-libc-link (binary): library-not-linked-against-libc [usr/lib/basic/libbasic-nolibc] diff --git a/t/recipes/checks/binaries/prerequisites/binaries-libc-link/eval/post-test b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/eval/post-test new file mode 100644 index 0000000..c156be8 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-libc-link/eval/post-test @@ -0,0 +1,3 @@ +# The LDFLAGS parts of the hardening flags are a bit difficult to pass +# to the linker so just drop them. +/hardening-no-/ d diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/compat.in b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/control.in b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/control.in new file mode 100644 index 0000000..d8adb1b --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/control.in @@ -0,0 +1,17 @@ +Source: [% $source %] +Priority: optional +Section: devel +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %], perl +Rules-Requires-Root: no + +Package: libbasic2 +Section: libs +Architecture: [% $package_architecture %] +Depends: some-pkg, ${misc:Depends}, ${shlib:Depends} +Description: [% $description %] + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/libbasic2.symbols b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/libbasic2.symbols new file mode 100644 index 0000000..0119bca --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/libbasic2.symbols @@ -0,0 +1,4 @@ +libbasic.so.2 libbasic2 #MINVER# + lib_interface@Base 1.0 +libbasic++.so.2 libbasic2 #MINVER# + (c++)cxx_lib_interface@Base 1.0 diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/rules new file mode 100644 index 0000000..188f490 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/debian/rules @@ -0,0 +1,15 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +# Make sure the C++ library actually links to libc +export DEB_LDFLAGS_MAINT_APPEND=-Wl,--no-as-needed + +%: + dh $@ + +override_dh_gencontrol: + # Remove the shlib:Depends since it will contain libc + sed -i '/shlib:Depends=/ d' debian/libbasic2.substvars + echo "shlib:depends=" >> debian/libbasic2.substvars + dh_gencontrol diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/fill-values new file mode 100644 index 0000000..0f58398 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: binaries-missing-depends-on-libc +Default-Build-Depends: debhelper (>= 9.20151004~) +Dh-Compat-Level: 9 +Description: Test for missing libc depends +Package-Architecture: any diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/orig/Makefile b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/orig/Makefile new file mode 100644 index 0000000..fcf25f4 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/orig/Makefile @@ -0,0 +1,14 @@ +all: + gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -fPIC -shared -Wl,-z,defs -Wl,-soname,libbasic.so.2 -o libbasic.so.2 basic.c + g++ $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) -fPIC -shared -Wl,-z,defs \ + -Wl,-soname,libbasic++.so.2 -olibbasic++.so.2 cpp.cxx + +install: + install -d $(DESTDIR)/usr/lib/ + install -m 644 -c -s libbasic.so.2 $(DESTDIR)/usr/lib/libbasic.so.2 + install -m 644 -c -s libbasic++.so.2 $(DESTDIR)/usr/lib/libbasic++.so.2 + +clean distclean: + rm -f libbasic.so.2 libbasic++.so.2 + +check test: diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/orig/basic.c b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/orig/basic.c new file mode 100644 index 0000000..27e93fc --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/orig/basic.c @@ -0,0 +1,19 @@ +#include <stdio.h> +#include <string.h> + +static void +hardening_trigger(char *p, int i, void (*f)(char *)) +{ + char test[10]; + memcpy(test, p, i); + f(test); + printf("%s", test); +} + +int +lib_interface(void) +{ + printf("Hello world!\n"); + hardening_trigger(NULL, 0, NULL); + return 0; +} diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/orig/cpp.cxx b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/orig/cpp.cxx new file mode 100644 index 0000000..1338e40 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/build-spec/orig/cpp.cxx @@ -0,0 +1,14 @@ +#include <iostream> +#include <vector> + +using namespace std; + +template <class T> T +cxx_lib_interface(vector<T> &v) +{ + cout << ":-) hello world" << endl; + return v[0]; +} + + + diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/eval/desc b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/eval/desc new file mode 100644 index 0000000..88d5fa2 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-missing-depends-on-libc +Check: binaries/prerequisites diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/eval/hints b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/eval/hints new file mode 100644 index 0000000..5c512f2 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends-on-libc/eval/hints @@ -0,0 +1,2 @@ +libbasic2 (binary): missing-dependency-on-libstdc++ needed by usr/lib/libbasic++.so.2 +libbasic2 (binary): missing-dependency-on-libc needed by usr/lib/libbasic++.so.2 and 1 others diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/compat.in b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/control.in b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/control.in new file mode 100644 index 0000000..3b37179 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/control.in @@ -0,0 +1,17 @@ +Source: [% $source %] +Priority: optional +Section: devel +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %], perl +Rules-Requires-Root: no + +Package: libbasic2 +Architecture: [% $package_architecture %] +Section: libs +Depends: ${misc:Depends}, ${shlib:Depends} +Description: [% $description %] + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/libbasic2.symbols b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/libbasic2.symbols new file mode 100644 index 0000000..c2b8fb3 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/libbasic2.symbols @@ -0,0 +1,2 @@ +libbasic.so.2 libbasic2 #MINVER# + lib_interface@Base 1.0 diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/rules new file mode 100644 index 0000000..8a83255 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/debian/rules @@ -0,0 +1,10 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_builddeb: + sed -i '/Depends:/ d' debian/libbasic2/DEBIAN/control + dh_builddeb diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/fill-values new file mode 100644 index 0000000..b1caef8 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: binaries-missing-depends +Default-Build-Depends: debhelper (>= 9.20151004~) +Dh-Compat-Level: 9 +Description: Test for missing depends line +Package-Architecture: any diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/orig/Makefile b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/orig/Makefile new file mode 100644 index 0000000..6fc3968 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/orig/Makefile @@ -0,0 +1,12 @@ +all: + gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -fPIC -shared -Wl,-z,defs -Wl,-soname,libbasic.so.2 -o libbasic.so.2 basic.c + +install: + # install it under the correct triplet directory + install -d $(DESTDIR)/usr/lib/ + install -m 644 -c -s libbasic.so.2 $(DESTDIR)/usr/lib/libbasic.so.2 + +clean distclean: + rm -f libbasic.so.2 + +check test: diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/orig/basic.c b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/orig/basic.c new file mode 100644 index 0000000..27e93fc --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/build-spec/orig/basic.c @@ -0,0 +1,19 @@ +#include <stdio.h> +#include <string.h> + +static void +hardening_trigger(char *p, int i, void (*f)(char *)) +{ + char test[10]; + memcpy(test, p, i); + f(test); + printf("%s", test); +} + +int +lib_interface(void) +{ + printf("Hello world!\n"); + hardening_trigger(NULL, 0, NULL); + return 0; +} diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/eval/desc b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/eval/desc new file mode 100644 index 0000000..6ad9fdd --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-missing-depends +Check: binaries/prerequisites diff --git a/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/eval/hints b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/eval/hints new file mode 100644 index 0000000..db69d51 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/binaries-missing-depends/eval/hints @@ -0,0 +1 @@ +libbasic2 (binary): undeclared-elf-prerequisites (libc.so.6) [usr/lib/libbasic.so.2] diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/_symbols b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/_symbols new file mode 100644 index 0000000..46e6af1 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/_symbols @@ -0,0 +1,23 @@ + This line should flag a syntax error +# but this one shouldn't +| although this one should, but for a different reason + and so should this + +libhello.so.0 libhello0 #MINVER# +| libhello0c2 (>= 1.2) , libhelloc0c2 (<< 1.3) +| hello-dbg3| libhelloc0c3|foobar (= 1.2) |hello-dbg2 +| hello-dbg + hello@Base 1.0 +* Build-Dep-Foo: bar + hello2@Base 2.0 4 + hello3@Base 2.0 1 + hello3@Base 2.0 A + dummy + +libhello.so.2 libhello2 #MINVER# +* Build-Depends-Package: libbar +| libhello2 (>= 1:2.3) + hello@Base 2.0 + +libhello.so.0 libhello0 #MINVER# + duplicate@Base 1.0 diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/changelog.in b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/changelog.in new file mode 100644 index 0000000..02da925 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/changelog.in @@ -0,0 +1,13 @@ +debug ([% $version %]) [% $distribution %]; urgency=low + + * NMU. + (uploaded by the maintainer and with repeated version number) + + -- Russ Allbery <rra@debian.org> Tue, 4 Apr 2006 20:27:22 +0000 + +debug (1.0) unstable; urgency=low + + * Initial version. + + -- Russ Allbery <rra@debian.org> Sat, 4 Mar 2006 21:31:06 -0800 + diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/compat.in b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/control b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/control new file mode 100644 index 0000000..fcb2b86 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/control @@ -0,0 +1,85 @@ +Source: debug +Section: utils +Priority: optional +Maintainer: Russ Allbery <rra@debian.org> +Build-Depends: debhelper (>= 5.0.0) +Build-Depends-Indep: not-debhelper (>= 0.4.3) +Standards-Version: 3.7.0 + +Package: hello +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information + Lintian regression test for external debugging file handling. This test + contains the binary. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hello-dbg +Priority: optional +Section: debug +Architecture: any +Depends: hello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (symbols) + Lintian regression test for external debugging file handling. This test + contains the binary symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library) + Lintian regression test for external debugging file handling. This test + contains a library. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0-dbg +Section: debug +Priority: optional +Architecture: any +Depends: libhello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library symbols) + Lintian regression test for external debugging file handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hi-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0 +Description: Test for external debugging symbols + Lintian regression test for external debugging files handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + +Package: hello-hello-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0, hello +Description: Test for external debugging symbols - another try + Lintian regression test for external debugging files handling. This test + contains the library symbols. This package actually tests a combination of + the above. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/copyright b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/copyright new file mode 100644 index 0000000..5d4f6c2 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/copyright @@ -0,0 +1,4 @@ +Written Sat, 04 Mar 2006 21:30:01 -0800 by Russ Allbery <rra@debian.org>. + +Test for copyright in capital letters. (#464992) +COPYRIGHT RUSS ALLBERY 2006 diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/rules new file mode 100755 index 0000000..b659895 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/debian/rules @@ -0,0 +1,99 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# This file is public domain software, originally written by Joey Hess. + +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +build-indep: + +build-arch: build-stamp + +build-stamp: + dh_testdir + $(CC) -D_REENTRANT -fPIC -c libhello.c + $(CC) -o libhello.so.0.0 -shared -Wl,-soname,libhello.so.0 libhello.o + ln -s libhello.so.0.0 libhello.so + $(CC) -o hello hello.c -L. -lhello + touch build-stamp + +build: build-arch build-indep + +clean: + dh_testdir + dh_testroot + rm -f build-stamp *.o libhello.so.0.0 libhello.so + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_clean -k + install -D hello $(CURDIR)/debian/hello/usr/bin/hello + install -D libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0.0 + ln -s libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0 + +# Build architecture-dependent files here. +export DH_OPTIONS +binary-arch: DH_OPTIONS=-a +binary-arch: build-stamp install + dh_testdir + dh_testroot + dh_installchangelogs -N hello-dbg + dh_installdocs + DH_OPTIONS= dh_strip -phello --dbg-package=hello-dbg + DH_OPTIONS= dh_strip -plibhello0 --dbg-package=libhello0-dbg + + # Now break a few things. Copy the debugging data into places it + # shouldn't be. + cp $(CURDIR)/debian/hello-dbg/usr/lib/debug/usr/bin/hello \ + $(CURDIR)/debian/hello/usr/bin/hello.dbg + cp $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/usr/lib/libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/libhello.so.dbg + + # Put a full copy of the library in libhello0-dbg in /usr/lib/debug, + # which is okay. + install -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/libhello.so.0.0 + + # Also put it in /usr/lib/debug/lib, which isn't. + install -D -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/lib/libhello.so.0.0 + + # Requires a versioned dependency. + dh_icons + + dh_link + dh_compress + dh_fixperms + dh_makeshlibs -X debug + dh_installdeb + dh_shlibdeps -X debug + + # We do this by hand as otherwise dpkg-gensymbols + # will error due to the broken symbols file + # and abort the build; similarly the file in + # the source tree is _symbols so that dpkg + # doesn't attempt to sanity check it + install -d $(CURDIR)/debian/libhello0/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/libhello0/DEBIAN/symbols + # hello doesn't contain any shlibs, but we + # make it contain a symbols file + install -d $(CURDIR)/debian/hello/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/hello/DEBIAN/symbols + + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: +binary: binary-indep binary-arch +.PHONY: build-arch build-indep build binary binary-indep binary-arch clean install diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/fill-values new file mode 100644 index 0000000..79eebf1 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: legacy-debug +Source: debug +Default-Build-Depends: debhelper (>= 9.20151004~) +Dh-Compat-Level: 7 +Description: Legacy test "debug" diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/orig/hello.c b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/orig/hello.c new file mode 100644 index 0000000..76f8337 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/orig/hello.c @@ -0,0 +1,9 @@ +#include <stdlib.h> +#include "libhello.h" + +int +main(void) +{ + hello(); + exit(0); +} diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/orig/libhello.c b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/orig/libhello.c new file mode 100644 index 0000000..e2f8409 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/orig/libhello.c @@ -0,0 +1,7 @@ +#include <stdio.h> + +void +hello(void) +{ + printf("Hello, World!\n"); +} diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/orig/libhello.h b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/orig/libhello.h new file mode 100644 index 0000000..ef77476 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/build-spec/orig/libhello.h @@ -0,0 +1 @@ +void hello(void); diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/eval/desc b/t/recipes/checks/binaries/prerequisites/legacy-debug/eval/desc new file mode 100644 index 0000000..772ec4e --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-debug +Check: binaries/prerequisites diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/eval/hints b/t/recipes/checks/binaries/prerequisites/legacy-debug/eval/hints new file mode 100644 index 0000000..7cbded8 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/eval/hints @@ -0,0 +1,2 @@ +libhello0-dbg (binary): shared-library-lacks-prerequisites [usr/lib/libhello.so.dbg] +libhello0-dbg (binary): missing-dependency-on-libc needed by usr/lib/debug/lib/libhello.so.0.0 and 1 others diff --git a/t/recipes/checks/binaries/prerequisites/legacy-debug/eval/post-test b/t/recipes/checks/binaries/prerequisites/legacy-debug/eval/post-test new file mode 100644 index 0000000..fc97c5f --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-debug/eval/post-test @@ -0,0 +1,2 @@ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/changelog.in b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/changelog.in new file mode 100644 index 0000000..91a6bb5 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/changelog.in @@ -0,0 +1,6 @@ +libbaz ([% $version %]) [% $distribution %]; urgency=low + + * Initial setup + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Tue, 30 Jan 2001 15:23:59 -0800 + diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/compat.in b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/control b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/control new file mode 100644 index 0000000..1506687 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/control @@ -0,0 +1,58 @@ +Source: libbaz +Section: libs +Priority: optional +Maintainer: Lintian Maintainer <lintian-maint@debian.org> +Build-depends: debhelper (>=4) +Standards-Version: 3.2.1 + +Package: libbaz1 +Architecture: any +Provides: libbaz +Description: test handling of library packages + Regression test for lintian's handling of libraries. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz1-dev +Architecture: any +Depends: libbaz1 (= ${source:Version}), perlapi-5.8.8 +Description: development package + Regression test for lintian's handling of libraries (dev). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2 +Architecture: any +Depends: ${shlibs:Depends}, libssl0.9.8 +Description: test handling of library packages (good) + Regression test for lintian's handling of libraries (good). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2-dev +Architecture: any +Depends: ${shlibs:Depends}, libbaz2 (= ${source:Version}) +Description: development package (good) + Regression test for lintian's handling of libraries (dev good). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2-dbg +Architecture: any +Depends: libbaz2 (= ${binary:Version}) +Priority: optional +Description: debugging package + Regression test for lintian's handling of libraries (debug). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/copyright b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/copyright new file mode 100644 index 0000000..a874c87 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/copyright @@ -0,0 +1,8 @@ +This package is released under public domain. This is distributed in the hope +that it will be useful, but without any warranty; without even the implied +warranty of merchantability or fitness for a particular purpose. + +A reference to /usr/share/common-licenses/GPL-2 to make it look like this +package is under the GPL and trigger the OpenSSL warning. + +However, this has an OpenSSL exception. diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/dev.postinst b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/dev.postinst new file mode 100644 index 0000000..683e3cc --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/dev.postinst @@ -0,0 +1,4 @@ +#!/bin/sh -e + +$PKG=libbaz1-dev + diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/dev.prerm b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/dev.prerm new file mode 100644 index 0000000..683e3cc --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/dev.prerm @@ -0,0 +1,4 @@ +#!/bin/sh -e + +$PKG=libbaz1-dev + diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.postinst b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.postinst new file mode 100644 index 0000000..ec0b98a --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.postinst @@ -0,0 +1,10 @@ +#!/bin/sh -e + +$PKG=libbaz1 + +if [ "$1" = "configure" ]; then + if [ -d /usr/doc -a ! -e /usr/doc/$PKG -a -d /usr/share/doc/$PKG ] +; then + ln -sf ../share/doc/$PKG /usr/doc/$PKG + fi +fi diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.prerm b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.prerm new file mode 100644 index 0000000..50e37c3 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.prerm @@ -0,0 +1,7 @@ +#!/bin/sh -e + +$PKG=libbaz1 + +if [ \( "$1" = "upgrade" -o "$1" = "remove" \) -a -L /usr/doc/$PKG ]; then + rm -f /usr/doc/$PKG +fi diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.shlibs b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.shlibs new file mode 100644 index 0000000..b88e288 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.shlibs @@ -0,0 +1,8 @@ +libdoesntexist2 1.0 libbaz1 +libdoesntexist2 1.0 libbaz1 +libbaz2 1.1 libbaz +libbaz3 1 libbaz1 (>> 1-1) +libbaz4 1 libbaz1 (= 1-1) +libbaz5 1 libbaz2 +udeb: libdoesntexist2 1.0 libbaz2 +udeb: libdoesntexist2 1.0 libbaz2 diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.symbols b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.symbols new file mode 100644 index 0000000..72f9d8a --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/lib.symbols @@ -0,0 +1,3 @@ +libbaz.so.2 libbaz1 #MINVER# + pw 1-1 + foo 1.1-1 diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/rules new file mode 100755 index 0000000..fa99bc8 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/rules @@ -0,0 +1,121 @@ +#!/usr/bin/make -f + +lib_tmp=debian/tmp-lib +dev_tmp=debian/tmp-dev + +LIB=libbaz1 +DEV=libbaz1-dev + +VENDORARCH := $(shell perl -MConfig -wE'say substr($$Config{vendorarch},1)') + +build-arch: + $(MAKE) + +build-indep: + +build: build-arch build-indep + +clean: + $(MAKE) clean + dh_clean -plibbaz2 -plibbaz2-dev + rm -f debian/files debian/substvars + rm -rf $(lib_tmp) $(dev_tmp) + +# Now the correct libbaz2-dev package +binary-correct: + install -d debian/libbaz2-dev/usr/lib + cp -a libbaz2.a libbaz2.so debian/libbaz2-dev/usr/lib + # usually, I'd also include some .h files to /usr/include + + # Now the correct libbaz2 package + install -d debian/libbaz2/usr/lib + cp -a libbaz2.so.* debian/libbaz2/usr/lib + chmod a-x debian/libbaz2/usr/lib/* + + # General stuff that is tested in other testsets: + dh_installdocs -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_compress -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + + # Mess up the libbaz2 changelog files to test the symlink handling. + ln -s /usr/share/doc/lintian/changelog.gz \ + debian/libbaz2/usr/share/doc/libbaz2/changelog.gz + install -m 644 debian/changelog \ + debian/libbaz2-dev/usr/share/doc/libbaz2-dev/foo + ln -s foo debian/libbaz2-dev/usr/share/doc/libbaz2-dev/changelog + + # Okay, if either line is omitted, it should be noted + dh_strip --dbg-package=libbaz2-dbg -plibbaz2 -plibbaz2-dev + dh_makeshlibs -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_shlibdeps -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + + # and again, regular packaging stuff + dh_installdeb -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + echo udeb: libbaz2 1.0 libbaz2 >> debian/libbaz2/DEBIAN/shlibs + dh_gencontrol -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_builddeb -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + +# and the incorrect one +binary-arch: build-arch binary-correct + # first, the lib package + install -d $(lib_tmp)/usr/lib + # resp. no soname (check), wrong soname (check), and no-pic (check) + cp -a libbaz1.so.1.0* $(lib_tmp)/usr/lib + cp -a libbaz2.so.1.0.3b $(lib_tmp)/usr/lib/libfoo2.so.1.0.3b + install -m644 libbaz3.so.1.0.3b $(lib_tmp)/usr/lib/libbaz3.so.1.0.3b + # let's include the .a in the non-dev too (TODO) + # Also, libbaz1.a hasn't a symbol table (TODO) + cp -a *.a $(lib_tmp)/usr/lib + # And a wrong .so symlink (wrong, only in -dev, TODO) + ln -s libfoo3.so.0.9 $(lib_tmp)/usr/lib/libfoo3.so + # And a wrong .so.X symlink (wrong, should point to a real existing + # shlib, TODO) + ln -s libfoo.so.0.9.1 $(lib_tmp)/usr/lib/libfoo.so.0.9 + # And a plain .so (wrong, TODO) + touch $(lib_tmp)/usr/lib/libbar2.so + # And a non-versioned SONAME. + install -m644 libbaz.so $(lib_tmp)/usr/lib/libbaz.so + strip --remove-section=.comment --strip-unneeded $(lib_tmp)/usr/lib/libbaz.so + # Pretend to be a Perl module to test a lack of Perl dependencies. + install -d $(lib_tmp)/$(VENDORARCH)/auto/Foo + install -m 644 libbaz2.so.1.0.3b $(lib_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + strip $(lib_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + + install -d $(lib_tmp)/usr/share/doc/$(LIB) + install -m 644 debian/copyright $(lib_tmp)/usr/share/doc/$(LIB) + install -m 644 debian/changelog $(lib_tmp)/usr/share/doc/$(LIB) + gzip -n -9 $(lib_tmp)/usr/share/doc/$(LIB)/changelog + install -d $(lib_tmp)/DEBIAN + install -m 755 debian/lib.postinst $(lib_tmp)/DEBIAN/postinst + install -m 755 debian/lib.prerm $(lib_tmp)/DEBIAN/prerm + touch $(lib_tmp)/usr/share/doc/README.Debian + #dpkg-shlibdeps $(lib_tmp)/usr/lib/libbaz.so.1.0 + install -m 755 debian/lib.shlibs $(lib_tmp)/DEBIAN/shlibs + install -m 755 debian/lib.symbols $(lib_tmp)/DEBIAN/symbols + dpkg-gencontrol -isp -p$(LIB) -P$(lib_tmp) + dpkg --build $(lib_tmp) .. + + # now the -dev package + install -d $(dev_tmp)/usr/include + install -d $(lib_tmp)/usr/lib + # let's also install the .so at the same time... (wrong, TODO) + cp -a *.a *.so.* $(lib_tmp)/usr/lib + # and fuck up permission (TODO) + chmod a+x $(lib_tmp)/usr/lib/*.a + # Pretend to be a Perl module to test a lack of Perl dependencies. + install -d $(dev_tmp)/$(VENDORARCH)/auto/Foo + install -m 644 libbaz2.so.1.0.3b $(dev_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + strip $(dev_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + install -d $(dev_tmp)/usr/share/doc + ln -s $(LIB) $(dev_tmp)/usr/share/doc/$(DEV) + install -d $(dev_tmp)/DEBIAN + install -m 755 debian/dev.postinst $(dev_tmp)/DEBIAN/postinst + install -m 755 debian/dev.prerm $(dev_tmp)/DEBIAN/prerm + dpkg-gencontrol -isp -p$(DEV) -P$(dev_tmp) + dpkg --build $(dev_tmp) .. + + +binary: binary-arch + +# The mention of binary-indep here should be sufficient to suppress the +# warning that it's not present. +.PHONY: build-arch build-indep build binary-arch binary-indep binary clean diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/source.lintian-overrides b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/source.lintian-overrides new file mode 100644 index 0000000..6008d27 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/debian/source.lintian-overrides @@ -0,0 +1 @@ +libbaz source: maintainer-script-lacks-debhelper-token diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/fill-values new file mode 100644 index 0000000..7effe4f --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-non-native +Testname: legacy-libbaz +Source: libbaz +Version: 1-1 +Default-Build-Depends: debhelper (>= 9.20151004~) +Description: Legacy test "libbaz" diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/orig/Makefile b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/orig/Makefile new file mode 100644 index 0000000..657dc2a --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/orig/Makefile @@ -0,0 +1,55 @@ +# This is the correct way to build a lib + +CC=gcc +CFLAGS=-g -Wall -Winline -O2 +LDFLAGS=-Wl,--no-as-needed + +OBJS=baz.o extra.o +SHOBJS=baz.sho extra.sho +NOPICOBJS = $(SHOBJS) + +all: libbaz1.a libbaz2.a libbaz1.so.1.0.3b libbaz2.so libbaz3.so.1.0.3b \ + libbaz.so + +libbaz2.so: libbaz2.so.1.0 + ln -sf $^ $@ +libbaz2.so.1.0: libbaz2.so.1.0.3b + ln -sf $^ $@ + +# Oops, forget the soname altogether +libbaz1.so.1.0.3b: $(NOPICOBJS) + $(CC) $(LDFLAGS) -o $@ -shared $^ -lc + +libbaz2.so.1.0.3b: $(SHOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz2.so.1.0 $^ -lc + +# Non-PIC. We can't test this on all architectures +libbaz3.so.1.0.3b: $(NOPICOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz3.so.1 $^ -lc + +# Non-versioned SONAME. +libbaz.so: $(SHOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz.so $^ -lc + +#%.o-noreentrant: %.c +# $(CC) $(LDFLAGS) $(CFLAGS) -o $@ -c $< + +%.sho: %.c + $(CC) $(LDFLAGS) $(CFLAGS) -D_REENTRANT -fPIC -o $@ -c $< + +%.o: %.c + $(CC) $(LDFLAGS) $(CFLAGS) -D_REENTRANT -o $@ -c $< + +libbaz2.a: $(OBJS) + ar cq $@ $(OBJS) + strip --strip-unneeded --remove-section=.comment \ + --remove-section=-note $@ + ranlib $@ + +# The pic one in the .a (wrong), no archive table +libbaz1.a: $(SHOBJS) + ar cqS $@ $^ + strip --strip-unneeded --remove-section=.comment \ + --remove-section=-note $@ +clean: + rm -f *.a *.o *.so* *.sho diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/orig/baz.c b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/orig/baz.c new file mode 100644 index 0000000..4d5fc45 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/orig/baz.c @@ -0,0 +1,6 @@ +#include <math.h> + +double pw(double p) +{ + return exp(p); +} diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/orig/extra.c b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/orig/extra.c new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/build-spec/orig/extra.c diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/eval/desc b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/eval/desc new file mode 100644 index 0000000..f229b04 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-libbaz +Check: binaries/prerequisites diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/eval/hints b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/eval/hints new file mode 100644 index 0000000..0a04cbb --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/eval/hints @@ -0,0 +1,6 @@ +libbaz1-dev (binary): missing-dependency-on-libc needed by usr/lib/ma-dir/perl/version/auto/Foo/Foo.so +libbaz1 (binary): undeclared-elf-prerequisites (libc.so.6) [usr/lib/ma-dir/perl/version/auto/Foo/Foo.so] +libbaz1 (binary): undeclared-elf-prerequisites (libc.so.6) [usr/lib/libfoo2.so.1.0.3b] +libbaz1 (binary): undeclared-elf-prerequisites (libc.so.6) [usr/lib/libbaz3.so.1.0.3b] +libbaz1 (binary): undeclared-elf-prerequisites (libc.so.6) [usr/lib/libbaz1.so.1.0.3b] +libbaz1 (binary): undeclared-elf-prerequisites (libc.so.6) [usr/lib/libbaz.so] diff --git a/t/recipes/checks/binaries/prerequisites/legacy-libbaz/eval/post-test b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/eval/post-test new file mode 100755 index 0000000..29dc3f4 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/legacy-libbaz/eval/post-test @@ -0,0 +1,4 @@ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ +s,usr/lib/([^\/]*/)?perl[0-9]*(/[0-9]*\.[0-9]*)?/,usr/lib/ma-dir/perl/version/,g +/: file-references-package-build-path / d diff --git a/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/debian/rules new file mode 100644 index 0000000..f7cfef1 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/debian/rules @@ -0,0 +1,7 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +export DEB_LDFLAGS_MAINT_APPEND=-Wl,--no-as-needed + +%: + dh $@ --buildsystem pybuild diff --git a/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/fill-values new file mode 100644 index 0000000..a8b1cea --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/fill-values @@ -0,0 +1,5 @@ +Skeleton: upload-native +Testname: binaries-missing-depends-on-numpy-abi +Description: Test for missing dependency on python3-numpy-abiN +Package-Architecture: any +Extra-Build-Depends: python3-all-dev, python3-numpy, dh-python, python3-setuptools diff --git a/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/orig/basic.c b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/orig/basic.c new file mode 100644 index 0000000..9bb2221 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/orig/basic.c @@ -0,0 +1,21 @@ +#include <Python.h> +#include <numpy/arrayobject.h> +#include <stdio.h> +#include <string.h> + +#define NPY_NO_DEPRECATED_API NPY_1_7_API_VERSION + +static void +hardening_trigger(char *p, int i, void (*f)(char *)) +{ + char test[10]; + memcpy(test, p, i); + f(test); + printf("%s", test); +} + +void do_import_array(void) +{ + import_array(); + hardening_trigger(NULL, 0, NULL); +} diff --git a/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/orig/setup.py b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/orig/setup.py new file mode 100644 index 0000000..675a9ea --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/build-spec/orig/setup.py @@ -0,0 +1,9 @@ +import setuptools +import numpy + +setuptools.setup( + ext_modules=[ + setuptools.Extension('basic', ['basic.c'], + include_dirs=[numpy.get_include()]), + ], +) diff --git a/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/eval/desc b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/eval/desc new file mode 100644 index 0000000..2702447 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-missing-depends-on-numpy-abi +Check: binaries/prerequisites/numpy diff --git a/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/eval/hints b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/eval/hints new file mode 100644 index 0000000..feadb98 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/numpy/binaries-missing-depends-on-numpy-abi/eval/hints @@ -0,0 +1 @@ +binaries-missing-depends-on-numpy-abi (binary): missing-dependency-on-numpy-abi diff --git a/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/debian/rules new file mode 100644 index 0000000..7b55940 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/debian/rules @@ -0,0 +1,17 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_perl: + +override_dh_builddeb: + # Work around debhelper bug (triggers useless call to ldconfig) + rm -f debian/*/DEBIAN/postinst debian/*/DEBIAN/postrm + rm -f debian/*/DEBIAN/triggers + dh_builddeb + +# errors out with: objcopy: '.../binaries-missing-depends-on-xapi.debug': No such file +override_dh_dwz: diff --git a/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/fill-values new file mode 100644 index 0000000..bf3682a --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-missing-depends-on-xapi +Description: Test for missing perlapi depends +Package-Architecture: any diff --git a/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/orig/Makefile b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/orig/Makefile new file mode 100644 index 0000000..5c9cbaf --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/orig/Makefile @@ -0,0 +1,16 @@ +all: + gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -fPIC -shared -Wl,-z,defs -Wl,-soname,libbasic.so.2 -o libbasic.so basic.c + +VENDORARCH := $(shell perl -MConfig -wE'say substr($$Config{vendorarch},1)') + +install: + # install it under the correct triplet directory + install -d $(DESTDIR)/$(VENDORARCH) + install -m 644 -c -s libbasic.so $(DESTDIR)/$(VENDORARCH)/libbasic.so + install -d $(DESTDIR)/usr/lib/php5 + install -m 644 -c -s libbasic.so $(DESTDIR)/usr/lib/php5/libbasic.so + +clean distclean: + rm -f libbasic.so.2 + +check test: diff --git a/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/orig/basic.c b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/orig/basic.c new file mode 100644 index 0000000..27e93fc --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/build-spec/orig/basic.c @@ -0,0 +1,19 @@ +#include <stdio.h> +#include <string.h> + +static void +hardening_trigger(char *p, int i, void (*f)(char *)) +{ + char test[10]; + memcpy(test, p, i); + f(test); + printf("%s", test); +} + +int +lib_interface(void) +{ + printf("Hello world!\n"); + hardening_trigger(NULL, 0, NULL); + return 0; +} diff --git a/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/eval/desc b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/eval/desc new file mode 100644 index 0000000..288238f --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-missing-depends-on-xapi +Check: binaries/prerequisites/perl diff --git a/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/eval/hints b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/eval/hints new file mode 100644 index 0000000..6d97760 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/binaries-missing-depends-on-xapi/eval/hints @@ -0,0 +1 @@ +binaries-missing-depends-on-xapi (binary): missing-dependency-on-perlapi diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/changelog.in b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/changelog.in new file mode 100644 index 0000000..91a6bb5 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/changelog.in @@ -0,0 +1,6 @@ +libbaz ([% $version %]) [% $distribution %]; urgency=low + + * Initial setup + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Tue, 30 Jan 2001 15:23:59 -0800 + diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/compat.in b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/control b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/control new file mode 100644 index 0000000..1506687 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/control @@ -0,0 +1,58 @@ +Source: libbaz +Section: libs +Priority: optional +Maintainer: Lintian Maintainer <lintian-maint@debian.org> +Build-depends: debhelper (>=4) +Standards-Version: 3.2.1 + +Package: libbaz1 +Architecture: any +Provides: libbaz +Description: test handling of library packages + Regression test for lintian's handling of libraries. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz1-dev +Architecture: any +Depends: libbaz1 (= ${source:Version}), perlapi-5.8.8 +Description: development package + Regression test for lintian's handling of libraries (dev). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2 +Architecture: any +Depends: ${shlibs:Depends}, libssl0.9.8 +Description: test handling of library packages (good) + Regression test for lintian's handling of libraries (good). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2-dev +Architecture: any +Depends: ${shlibs:Depends}, libbaz2 (= ${source:Version}) +Description: development package (good) + Regression test for lintian's handling of libraries (dev good). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libbaz2-dbg +Architecture: any +Depends: libbaz2 (= ${binary:Version}) +Priority: optional +Description: debugging package + Regression test for lintian's handling of libraries (debug). + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/copyright b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/copyright new file mode 100644 index 0000000..a874c87 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/copyright @@ -0,0 +1,8 @@ +This package is released under public domain. This is distributed in the hope +that it will be useful, but without any warranty; without even the implied +warranty of merchantability or fitness for a particular purpose. + +A reference to /usr/share/common-licenses/GPL-2 to make it look like this +package is under the GPL and trigger the OpenSSL warning. + +However, this has an OpenSSL exception. diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/dev.postinst b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/dev.postinst new file mode 100644 index 0000000..683e3cc --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/dev.postinst @@ -0,0 +1,4 @@ +#!/bin/sh -e + +$PKG=libbaz1-dev + diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/dev.prerm b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/dev.prerm new file mode 100644 index 0000000..683e3cc --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/dev.prerm @@ -0,0 +1,4 @@ +#!/bin/sh -e + +$PKG=libbaz1-dev + diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.postinst b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.postinst new file mode 100644 index 0000000..ec0b98a --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.postinst @@ -0,0 +1,10 @@ +#!/bin/sh -e + +$PKG=libbaz1 + +if [ "$1" = "configure" ]; then + if [ -d /usr/doc -a ! -e /usr/doc/$PKG -a -d /usr/share/doc/$PKG ] +; then + ln -sf ../share/doc/$PKG /usr/doc/$PKG + fi +fi diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.prerm b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.prerm new file mode 100644 index 0000000..50e37c3 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.prerm @@ -0,0 +1,7 @@ +#!/bin/sh -e + +$PKG=libbaz1 + +if [ \( "$1" = "upgrade" -o "$1" = "remove" \) -a -L /usr/doc/$PKG ]; then + rm -f /usr/doc/$PKG +fi diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.shlibs b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.shlibs new file mode 100644 index 0000000..b88e288 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.shlibs @@ -0,0 +1,8 @@ +libdoesntexist2 1.0 libbaz1 +libdoesntexist2 1.0 libbaz1 +libbaz2 1.1 libbaz +libbaz3 1 libbaz1 (>> 1-1) +libbaz4 1 libbaz1 (= 1-1) +libbaz5 1 libbaz2 +udeb: libdoesntexist2 1.0 libbaz2 +udeb: libdoesntexist2 1.0 libbaz2 diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.symbols b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.symbols new file mode 100644 index 0000000..72f9d8a --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/lib.symbols @@ -0,0 +1,3 @@ +libbaz.so.2 libbaz1 #MINVER# + pw 1-1 + foo 1.1-1 diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/rules new file mode 100755 index 0000000..fa99bc8 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/rules @@ -0,0 +1,121 @@ +#!/usr/bin/make -f + +lib_tmp=debian/tmp-lib +dev_tmp=debian/tmp-dev + +LIB=libbaz1 +DEV=libbaz1-dev + +VENDORARCH := $(shell perl -MConfig -wE'say substr($$Config{vendorarch},1)') + +build-arch: + $(MAKE) + +build-indep: + +build: build-arch build-indep + +clean: + $(MAKE) clean + dh_clean -plibbaz2 -plibbaz2-dev + rm -f debian/files debian/substvars + rm -rf $(lib_tmp) $(dev_tmp) + +# Now the correct libbaz2-dev package +binary-correct: + install -d debian/libbaz2-dev/usr/lib + cp -a libbaz2.a libbaz2.so debian/libbaz2-dev/usr/lib + # usually, I'd also include some .h files to /usr/include + + # Now the correct libbaz2 package + install -d debian/libbaz2/usr/lib + cp -a libbaz2.so.* debian/libbaz2/usr/lib + chmod a-x debian/libbaz2/usr/lib/* + + # General stuff that is tested in other testsets: + dh_installdocs -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_compress -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + + # Mess up the libbaz2 changelog files to test the symlink handling. + ln -s /usr/share/doc/lintian/changelog.gz \ + debian/libbaz2/usr/share/doc/libbaz2/changelog.gz + install -m 644 debian/changelog \ + debian/libbaz2-dev/usr/share/doc/libbaz2-dev/foo + ln -s foo debian/libbaz2-dev/usr/share/doc/libbaz2-dev/changelog + + # Okay, if either line is omitted, it should be noted + dh_strip --dbg-package=libbaz2-dbg -plibbaz2 -plibbaz2-dev + dh_makeshlibs -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_shlibdeps -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + + # and again, regular packaging stuff + dh_installdeb -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + echo udeb: libbaz2 1.0 libbaz2 >> debian/libbaz2/DEBIAN/shlibs + dh_gencontrol -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + dh_builddeb -plibbaz2 -plibbaz2-dev -plibbaz2-dbg + +# and the incorrect one +binary-arch: build-arch binary-correct + # first, the lib package + install -d $(lib_tmp)/usr/lib + # resp. no soname (check), wrong soname (check), and no-pic (check) + cp -a libbaz1.so.1.0* $(lib_tmp)/usr/lib + cp -a libbaz2.so.1.0.3b $(lib_tmp)/usr/lib/libfoo2.so.1.0.3b + install -m644 libbaz3.so.1.0.3b $(lib_tmp)/usr/lib/libbaz3.so.1.0.3b + # let's include the .a in the non-dev too (TODO) + # Also, libbaz1.a hasn't a symbol table (TODO) + cp -a *.a $(lib_tmp)/usr/lib + # And a wrong .so symlink (wrong, only in -dev, TODO) + ln -s libfoo3.so.0.9 $(lib_tmp)/usr/lib/libfoo3.so + # And a wrong .so.X symlink (wrong, should point to a real existing + # shlib, TODO) + ln -s libfoo.so.0.9.1 $(lib_tmp)/usr/lib/libfoo.so.0.9 + # And a plain .so (wrong, TODO) + touch $(lib_tmp)/usr/lib/libbar2.so + # And a non-versioned SONAME. + install -m644 libbaz.so $(lib_tmp)/usr/lib/libbaz.so + strip --remove-section=.comment --strip-unneeded $(lib_tmp)/usr/lib/libbaz.so + # Pretend to be a Perl module to test a lack of Perl dependencies. + install -d $(lib_tmp)/$(VENDORARCH)/auto/Foo + install -m 644 libbaz2.so.1.0.3b $(lib_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + strip $(lib_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + + install -d $(lib_tmp)/usr/share/doc/$(LIB) + install -m 644 debian/copyright $(lib_tmp)/usr/share/doc/$(LIB) + install -m 644 debian/changelog $(lib_tmp)/usr/share/doc/$(LIB) + gzip -n -9 $(lib_tmp)/usr/share/doc/$(LIB)/changelog + install -d $(lib_tmp)/DEBIAN + install -m 755 debian/lib.postinst $(lib_tmp)/DEBIAN/postinst + install -m 755 debian/lib.prerm $(lib_tmp)/DEBIAN/prerm + touch $(lib_tmp)/usr/share/doc/README.Debian + #dpkg-shlibdeps $(lib_tmp)/usr/lib/libbaz.so.1.0 + install -m 755 debian/lib.shlibs $(lib_tmp)/DEBIAN/shlibs + install -m 755 debian/lib.symbols $(lib_tmp)/DEBIAN/symbols + dpkg-gencontrol -isp -p$(LIB) -P$(lib_tmp) + dpkg --build $(lib_tmp) .. + + # now the -dev package + install -d $(dev_tmp)/usr/include + install -d $(lib_tmp)/usr/lib + # let's also install the .so at the same time... (wrong, TODO) + cp -a *.a *.so.* $(lib_tmp)/usr/lib + # and fuck up permission (TODO) + chmod a+x $(lib_tmp)/usr/lib/*.a + # Pretend to be a Perl module to test a lack of Perl dependencies. + install -d $(dev_tmp)/$(VENDORARCH)/auto/Foo + install -m 644 libbaz2.so.1.0.3b $(dev_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + strip $(dev_tmp)/$(VENDORARCH)/auto/Foo/Foo.so + install -d $(dev_tmp)/usr/share/doc + ln -s $(LIB) $(dev_tmp)/usr/share/doc/$(DEV) + install -d $(dev_tmp)/DEBIAN + install -m 755 debian/dev.postinst $(dev_tmp)/DEBIAN/postinst + install -m 755 debian/dev.prerm $(dev_tmp)/DEBIAN/prerm + dpkg-gencontrol -isp -p$(DEV) -P$(dev_tmp) + dpkg --build $(dev_tmp) .. + + +binary: binary-arch + +# The mention of binary-indep here should be sufficient to suppress the +# warning that it's not present. +.PHONY: build-arch build-indep build binary-arch binary-indep binary clean diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/source.lintian-overrides b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/source.lintian-overrides new file mode 100644 index 0000000..6008d27 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/debian/source.lintian-overrides @@ -0,0 +1 @@ +libbaz source: maintainer-script-lacks-debhelper-token diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/fill-values new file mode 100644 index 0000000..7effe4f --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-non-native +Testname: legacy-libbaz +Source: libbaz +Version: 1-1 +Default-Build-Depends: debhelper (>= 9.20151004~) +Description: Legacy test "libbaz" diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/orig/Makefile b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/orig/Makefile new file mode 100644 index 0000000..657dc2a --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/orig/Makefile @@ -0,0 +1,55 @@ +# This is the correct way to build a lib + +CC=gcc +CFLAGS=-g -Wall -Winline -O2 +LDFLAGS=-Wl,--no-as-needed + +OBJS=baz.o extra.o +SHOBJS=baz.sho extra.sho +NOPICOBJS = $(SHOBJS) + +all: libbaz1.a libbaz2.a libbaz1.so.1.0.3b libbaz2.so libbaz3.so.1.0.3b \ + libbaz.so + +libbaz2.so: libbaz2.so.1.0 + ln -sf $^ $@ +libbaz2.so.1.0: libbaz2.so.1.0.3b + ln -sf $^ $@ + +# Oops, forget the soname altogether +libbaz1.so.1.0.3b: $(NOPICOBJS) + $(CC) $(LDFLAGS) -o $@ -shared $^ -lc + +libbaz2.so.1.0.3b: $(SHOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz2.so.1.0 $^ -lc + +# Non-PIC. We can't test this on all architectures +libbaz3.so.1.0.3b: $(NOPICOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz3.so.1 $^ -lc + +# Non-versioned SONAME. +libbaz.so: $(SHOBJS) + $(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,libbaz.so $^ -lc + +#%.o-noreentrant: %.c +# $(CC) $(LDFLAGS) $(CFLAGS) -o $@ -c $< + +%.sho: %.c + $(CC) $(LDFLAGS) $(CFLAGS) -D_REENTRANT -fPIC -o $@ -c $< + +%.o: %.c + $(CC) $(LDFLAGS) $(CFLAGS) -D_REENTRANT -o $@ -c $< + +libbaz2.a: $(OBJS) + ar cq $@ $(OBJS) + strip --strip-unneeded --remove-section=.comment \ + --remove-section=-note $@ + ranlib $@ + +# The pic one in the .a (wrong), no archive table +libbaz1.a: $(SHOBJS) + ar cqS $@ $^ + strip --strip-unneeded --remove-section=.comment \ + --remove-section=-note $@ +clean: + rm -f *.a *.o *.so* *.sho diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/orig/baz.c b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/orig/baz.c new file mode 100644 index 0000000..4d5fc45 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/orig/baz.c @@ -0,0 +1,6 @@ +#include <math.h> + +double pw(double p) +{ + return exp(p); +} diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/orig/extra.c b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/orig/extra.c new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/build-spec/orig/extra.c diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/eval/desc b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/eval/desc new file mode 100644 index 0000000..0b65f95 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-libbaz +Check: binaries/prerequisites/perl diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/eval/hints b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/eval/hints new file mode 100644 index 0000000..423e913 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/eval/hints @@ -0,0 +1 @@ +libbaz1 (binary): missing-dependency-on-perlapi diff --git a/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/eval/post-test b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/eval/post-test new file mode 100755 index 0000000..29dc3f4 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/perl/legacy-libbaz/eval/post-test @@ -0,0 +1,4 @@ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ +s,usr/lib/([^\/]*/)?perl[0-9]*(/[0-9]*\.[0-9]*)?/,usr/lib/ma-dir/perl/version/,g +/: file-references-package-build-path / d diff --git a/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/debian/rules new file mode 100644 index 0000000..7b55940 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/debian/rules @@ -0,0 +1,17 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_perl: + +override_dh_builddeb: + # Work around debhelper bug (triggers useless call to ldconfig) + rm -f debian/*/DEBIAN/postinst debian/*/DEBIAN/postrm + rm -f debian/*/DEBIAN/triggers + dh_builddeb + +# errors out with: objcopy: '.../binaries-missing-depends-on-xapi.debug': No such file +override_dh_dwz: diff --git a/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/fill-values new file mode 100644 index 0000000..bf3682a --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-missing-depends-on-xapi +Description: Test for missing perlapi depends +Package-Architecture: any diff --git a/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/orig/Makefile b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/orig/Makefile new file mode 100644 index 0000000..5c9cbaf --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/orig/Makefile @@ -0,0 +1,16 @@ +all: + gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -fPIC -shared -Wl,-z,defs -Wl,-soname,libbasic.so.2 -o libbasic.so basic.c + +VENDORARCH := $(shell perl -MConfig -wE'say substr($$Config{vendorarch},1)') + +install: + # install it under the correct triplet directory + install -d $(DESTDIR)/$(VENDORARCH) + install -m 644 -c -s libbasic.so $(DESTDIR)/$(VENDORARCH)/libbasic.so + install -d $(DESTDIR)/usr/lib/php5 + install -m 644 -c -s libbasic.so $(DESTDIR)/usr/lib/php5/libbasic.so + +clean distclean: + rm -f libbasic.so.2 + +check test: diff --git a/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/orig/basic.c b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/orig/basic.c new file mode 100644 index 0000000..27e93fc --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/build-spec/orig/basic.c @@ -0,0 +1,19 @@ +#include <stdio.h> +#include <string.h> + +static void +hardening_trigger(char *p, int i, void (*f)(char *)) +{ + char test[10]; + memcpy(test, p, i); + f(test); + printf("%s", test); +} + +int +lib_interface(void) +{ + printf("Hello world!\n"); + hardening_trigger(NULL, 0, NULL); + return 0; +} diff --git a/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/eval/desc b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/eval/desc new file mode 100644 index 0000000..1f5f111 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-missing-depends-on-xapi +Check: binaries/prerequisites/php diff --git a/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/eval/hints b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/eval/hints new file mode 100644 index 0000000..0791fd8 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/php/binaries-missing-depends-on-xapi/eval/hints @@ -0,0 +1 @@ +binaries-missing-depends-on-xapi (binary): missing-dependency-on-phpapi diff --git a/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/debian/install b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/debian/install new file mode 100644 index 0000000..c10e578 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/debian/install @@ -0,0 +1 @@ +foreign-binary usr/bin diff --git a/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/debian/rules b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/debian/rules new file mode 100755 index 0000000..2ce6f53 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/debian/rules @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + # do not try to strip cross-compiled binaries with native tooling + +override_dh_shlibdeps: + # do not try to include missing libraries + +override_dh_dwz: + # cross-compiled binaries do not always seem to have a debug section + +# In Ubuntu, dh does not catch this file by default. +# They have diffed it to reduce the size of packages. +ifneq (,$(strip $(wildcard Changes))) +override_dh_installchangelogs: + dh_installchangelogs Changes +endif diff --git a/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/fill-values b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/fill-values new file mode 100644 index 0000000..24f607a --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: wrong-binary-architecture +Description: Binary architecture does not match package declaration +Package-Architecture: any +Extra-Build-Depends: + gcc-arm-linux-gnueabihf [amd64 i386], gcc-x86-64-linux-gnu [!amd64 !i386] diff --git a/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/orig/Makefile b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/orig/Makefile new file mode 100644 index 0000000..bf92eaf --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/orig/Makefile @@ -0,0 +1,37 @@ +# This test works on amd64 when the cross-compiler for armhf is installed. +# +# The build prerequisite was not added to Lintian, however, since it was +# not clear how the architecture would be enabled in the Gitlab CI +# runner. +# +# On amd64 or i386, please follow these steps to run the test: +# +# dpkg --add-architecture armhf +# apt update +# apt install gcc-arm-linux-gnueabihf +# +# On all other architectures this may work, but was not tested: +# +# dpkg --add-architecture amd64 +# apt update +# apt install gcc-x86-64-linux-gnu +# +# (Taken from: https://wiki.debian.org/CrossToolchains) + +ARCH := $(shell dpkg-architecture -qDEB_HOST_ARCH) + +ifeq ($(ARCH),amd64) +CC := arm-linux-gnueabihf-gcc +else +CC := x86_64-linux-gnu-gcc +endif + +foreign-binary: hello.c + $(CC) $^ -o $@ + +.PHONY: clean +clean: + rm -f foreign-binary + +.PHONY: clean +distclean: clean diff --git a/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/orig/hello.c b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/orig/hello.c new file mode 100644 index 0000000..2fb04e1 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/build-spec/orig/hello.c @@ -0,0 +1,8 @@ +#include <stdio.h> +#include <stdlib.h> + +int main(int argc, char *argv[]) { + + printf("Hello, World!\n"); + exit(0); +} diff --git a/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/eval/desc b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/eval/desc new file mode 100644 index 0000000..5c454dc --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/eval/desc @@ -0,0 +1,2 @@ +Testname: wrong-binary-architecture +Check: binaries/prerequisites diff --git a/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/eval/hints b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/eval/hints new file mode 100644 index 0000000..d0ee0e7 --- /dev/null +++ b/t/recipes/checks/binaries/prerequisites/wrong-binary-architecture/eval/hints @@ -0,0 +1 @@ +wrong-binary-architecture (binary): undeclared-elf-prerequisites (libc.so.6) [usr/bin/foreign-binary] diff --git a/t/recipes/checks/binaries/profiling/binaries-general/build-spec/debian/rules b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/profiling/binaries-general/build-spec/fill-values b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/fill-values new file mode 100644 index 0000000..a24247d --- /dev/null +++ b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-general +Description: Misc errors related to binaries +Package-Architecture: any diff --git a/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/Makefile b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/Makefile new file mode 100644 index 0000000..cf0f211 --- /dev/null +++ b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,/usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,/usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,/usr/share/foo + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,/usr/lib/binaries-general:/usr/lib/binaries-general/bar + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/basic.c b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> +#include <string.h> + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/getbuildid b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/profiling/binaries-general/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include <stdio.h> + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/profiling/binaries-general/eval/desc b/t/recipes/checks/binaries/profiling/binaries-general/eval/desc new file mode 100644 index 0000000..8bbea38 --- /dev/null +++ b/t/recipes/checks/binaries/profiling/binaries-general/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-general +Check: binaries/profiling diff --git a/t/recipes/checks/binaries/profiling/binaries-general/eval/hints b/t/recipes/checks/binaries/profiling/binaries-general/eval/hints new file mode 100644 index 0000000..c85e300 --- /dev/null +++ b/t/recipes/checks/binaries/profiling/binaries-general/eval/hints @@ -0,0 +1 @@ +binaries-general (binary): binary-compiled-with-profiling-enabled [usr/share/foo/basic] diff --git a/t/recipes/checks/binaries/profiling/binaries-general/eval/post-test b/t/recipes/checks/binaries/profiling/binaries-general/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/profiling/binaries-general/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values new file mode 100644 index 0000000..a24247d --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-general +Description: Misc errors related to binaries +Package-Architecture: any diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile new file mode 100644 index 0000000..cf0f211 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,/usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,/usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,/usr/share/foo + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,/usr/lib/binaries-general:/usr/lib/binaries-general/bar + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> +#include <string.h> + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include <stdio.h> + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/rpath/binaries-general/eval/desc b/t/recipes/checks/binaries/rpath/binaries-general/eval/desc new file mode 100644 index 0000000..6e7e185 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-general +Check: binaries/rpath diff --git a/t/recipes/checks/binaries/rpath/binaries-general/eval/hints b/t/recipes/checks/binaries/rpath/binaries-general/eval/hints new file mode 100644 index 0000000..367a9a3 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/eval/hints @@ -0,0 +1,3 @@ +binaries-general (binary): custom-library-search-path RUNPATH /usr/share/foo [usr/lib/foo/basicshippedrpath] +binaries-general (binary): custom-library-search-path RUNPATH /usr/local/lib [usr/share/foo/basic] +binaries-general (binary): custom-library-search-path RUNPATH /usr/lib [usr/lib/foo/basiclibrpath] diff --git a/t/recipes/checks/binaries/rpath/binaries-general/eval/post-test b/t/recipes/checks/binaries/rpath/binaries-general/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/binaries-general/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/debian/rules b/t/recipes/checks/binaries/rpath/quoted/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/fill-values b/t/recipes/checks/binaries/rpath/quoted/build-spec/fill-values new file mode 100644 index 0000000..e5a7a3e --- /dev/null +++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: quoted +Description: RPATH in double quotes +Package-Architecture: any diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/Makefile b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/Makefile new file mode 100644 index 0000000..f2eed80 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,\"/usr/local/lib\" + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,\"/usr/lib\" + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,\"/usr/share/foo\" + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,\"/usr/lib/binaries-general\":\"/usr/lib/binaries-general/bar\" + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/basic.c b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> +#include <string.h> + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/getbuildid b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/rpath/quoted/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include <stdio.h> + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/rpath/quoted/eval/desc b/t/recipes/checks/binaries/rpath/quoted/eval/desc new file mode 100644 index 0000000..64ca820 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/quoted/eval/desc @@ -0,0 +1,2 @@ +Testname: quoted +Check: binaries/rpath diff --git a/t/recipes/checks/binaries/rpath/quoted/eval/hints b/t/recipes/checks/binaries/rpath/quoted/eval/hints new file mode 100644 index 0000000..074ceeb --- /dev/null +++ b/t/recipes/checks/binaries/rpath/quoted/eval/hints @@ -0,0 +1,5 @@ +quoted (binary): relative-library-search-path RUNPATH "/usr/share/foo" [usr/lib/foo/basicshippedrpath] +quoted (binary): relative-library-search-path RUNPATH "/usr/local/lib" [usr/share/foo/basic] +quoted (binary): relative-library-search-path RUNPATH "/usr/lib/binaries-general/bar" [usr/lib/foo/basicshippedrpathmore] +quoted (binary): relative-library-search-path RUNPATH "/usr/lib/binaries-general" [usr/lib/foo/basicshippedrpathmore] +quoted (binary): relative-library-search-path RUNPATH "/usr/lib" [usr/lib/foo/basiclibrpath] diff --git a/t/recipes/checks/binaries/rpath/quoted/eval/post-test b/t/recipes/checks/binaries/rpath/quoted/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/quoted/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules b/t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/fill-values b/t/recipes/checks/binaries/rpath/relative/build-spec/fill-values new file mode 100644 index 0000000..9d8fdc2 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: relative +Description: Relative RPATH +Package-Architecture: any diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile new file mode 100644 index 0000000..b7758c6 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,usr/share/foo + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,usr/lib/binaries-general:usr/lib/binaries-general/bar + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> +#include <string.h> + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include <stdio.h> + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/rpath/relative/eval/desc b/t/recipes/checks/binaries/rpath/relative/eval/desc new file mode 100644 index 0000000..159b77a --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/eval/desc @@ -0,0 +1,2 @@ +Testname: relative +Check: binaries/rpath diff --git a/t/recipes/checks/binaries/rpath/relative/eval/hints b/t/recipes/checks/binaries/rpath/relative/eval/hints new file mode 100644 index 0000000..3151df2 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/eval/hints @@ -0,0 +1,5 @@ +relative (binary): relative-library-search-path RUNPATH usr/share/foo [usr/lib/foo/basicshippedrpath] +relative (binary): relative-library-search-path RUNPATH usr/local/lib [usr/share/foo/basic] +relative (binary): relative-library-search-path RUNPATH usr/lib/binaries-general/bar [usr/lib/foo/basicshippedrpathmore] +relative (binary): relative-library-search-path RUNPATH usr/lib/binaries-general [usr/lib/foo/basicshippedrpathmore] +relative (binary): relative-library-search-path RUNPATH usr/lib [usr/lib/foo/basiclibrpath] diff --git a/t/recipes/checks/binaries/rpath/relative/eval/post-test b/t/recipes/checks/binaries/rpath/relative/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/rpath/relative/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d diff --git a/t/recipes/checks/binaries/spelling/binaries-spelling/build-spec/fill-values b/t/recipes/checks/binaries/spelling/binaries-spelling/build-spec/fill-values new file mode 100644 index 0000000..df21847 --- /dev/null +++ b/t/recipes/checks/binaries/spelling/binaries-spelling/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-spelling +Description: Spelling errors in binaries +Package-Architecture: any diff --git a/t/recipes/checks/binaries/spelling/binaries-spelling/build-spec/orig/Makefile b/t/recipes/checks/binaries/spelling/binaries-spelling/build-spec/orig/Makefile new file mode 100644 index 0000000..0c85616 --- /dev/null +++ b/t/recipes/checks/binaries/spelling/binaries-spelling/build-spec/orig/Makefile @@ -0,0 +1,11 @@ +all: + gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o basic basic.c + +install: + install -d $(DESTDIR)/usr/bin + install -m 755 -c basic $(DESTDIR)/usr/bin/basic + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/spelling/binaries-spelling/build-spec/orig/basic.c b/t/recipes/checks/binaries/spelling/binaries-spelling/build-spec/orig/basic.c new file mode 100644 index 0000000..2cec53e --- /dev/null +++ b/t/recipes/checks/binaries/spelling/binaries-spelling/build-spec/orig/basic.c @@ -0,0 +1,23 @@ +#include <stdio.h> +#include <string.h> + +static void +hardening_trigger(char *p, int i, void (*f)(char *)) +{ + char test[10]; + memcpy(test, p, i); + f(test); + printf("%s", test); +} + +int +main(void) +{ + printf("I iz an exprimental speling error!\n"); + printf("I also have teh broken teh!\n"); + printf("But tEH non-broken tEh needs to be on its own line!\n"); + printf("res.size is okay!\n"); /* #818003 */ + printf("Georg Nees was early pioneer of computer art and generative graphics.\n"); + hardening_trigger(NULL, 0, NULL); + return 0; +} diff --git a/t/recipes/checks/binaries/spelling/binaries-spelling/eval/desc b/t/recipes/checks/binaries/spelling/binaries-spelling/eval/desc new file mode 100644 index 0000000..527386d --- /dev/null +++ b/t/recipes/checks/binaries/spelling/binaries-spelling/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-spelling +Check: binaries/spelling diff --git a/t/recipes/checks/binaries/spelling/binaries-spelling/eval/hints b/t/recipes/checks/binaries/spelling/binaries-spelling/eval/hints new file mode 100644 index 0000000..49c0ea4 --- /dev/null +++ b/t/recipes/checks/binaries/spelling/binaries-spelling/eval/hints @@ -0,0 +1,3 @@ +binaries-spelling (binary): spelling-error-in-binary teh the [usr/bin/basic] +binaries-spelling (binary): spelling-error-in-binary speling spelling [usr/bin/basic] +binaries-spelling (binary): spelling-error-in-binary exprimental experimental [usr/bin/basic] diff --git a/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/debian/dumpobj b/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/debian/dumpobj new file mode 100644 index 0000000..afdf68e --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/debian/dumpobj @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +DEB_BUILD_GNU_TYPE="$(dpkg-architecture -qDEB_BUILD_GNU_TYPE)" + +case $DEB_BUILD_GNU_TYPE in +i486-linux-gnu|i586-linux-gnu|i686-linux-gnu|x86_64-linux-gnu) + base64 -d <<DATA +f0VMRgEBAQAAAAAAAAAAAAIAKAABAAAAMIEAADQAAAA4bwkAAgAABDQAIAAGACgAGwAaAAEAAHDY +WgkA2NoJANjaCQBQCgAAUAoAAAQAAAAEAAAAAQAAAAAAAAAAgAAAAIAAAKhlCQCoZQkABQAAAACA +AAABAAAAqGUJAKhlCgCoZQoAIAgAAOwlAAAGAAAAAIAAAAQAAAD0AAAA9IAAAPSAAAAgAAAAIAAA +AAQAAAAEAAAABwAAAKhlCQCoZQoAqGUKABgAAAAwAAAABAAAAAQAAABR5XRkAAAAAAAAAAAAAAAA +AAAAAAAAAAAGAAAABAAAAAQAAAAQAAAAAQAAAEdOVQAAAAAAAgAAAAYAAAASAAAABOAt5QTQTeIR +AADrBNCN4gTgneQe/y/hAAAAACTAn+UAsKDjBBCd5A0goOEEIC3lBAAt5RAAn+UQMJ/lBMAt5dwS +DATA + ;; +*) + base64 -d <<DATA +f0VMRgEBMAAwMDAwMDAwMAIAAwABAAAA +DATA + ;; +esac diff --git a/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/debian/install b/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/debian/install new file mode 100644 index 0000000..369fa72 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/debian/install @@ -0,0 +1,2 @@ +debian/elfobject usr/bin/ +debian/fake-guile-object.go usr/lib/foo/binaries-from-other-arch/guile/2.2/ diff --git a/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/debian/rules b/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/debian/rules new file mode 100755 index 0000000..60907d2 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +DEB_BUILD_OPTIONS := nostrip +export DEB_BUILD_OPTIONS + +%: + dh $@ + +binary: + sh debian/dumpobj > debian/elfobject + sh debian/dumpobj > debian/fake-guile-object.go + dh binary diff --git a/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/fill-values b/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/fill-values new file mode 100644 index 0000000..d765ecd --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-from-other-arch/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: binaries-from-other-arch +Package-Architecture: any +Dh-Compat-Level: 10 +Description: Test package with a pseudo binary from a different architecture +# since debhelper 12.5.2, objdump no longer fails silently for compat > 10, need better binary diff --git a/t/recipes/checks/binaries/static/binaries-from-other-arch/eval/desc b/t/recipes/checks/binaries/static/binaries-from-other-arch/eval/desc new file mode 100644 index 0000000..d599961 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-from-other-arch/eval/desc @@ -0,0 +1,4 @@ +Testname: binaries-from-other-arch +Test-Architectures: amd64 i386 +Check: binaries/static +# since debhelper 12.5.2, objdump no longer fails silently for compat > 10, need better binary diff --git a/t/recipes/checks/binaries/static/binaries-from-other-arch/eval/hints b/t/recipes/checks/binaries/static/binaries-from-other-arch/eval/hints new file mode 100644 index 0000000..1de058b --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-from-other-arch/eval/hints @@ -0,0 +1,2 @@ +binaries-from-other-arch (binary): statically-linked-binary [usr/lib/foo/binaries-from-other-arch/guile/2.2/fake-guile-object.go] +binaries-from-other-arch (binary): statically-linked-binary [usr/bin/elfobject] diff --git a/t/recipes/checks/binaries/static/binaries-general/build-spec/debian/rules b/t/recipes/checks/binaries/static/binaries-general/build-spec/debian/rules new file mode 100644 index 0000000..3ea7a63 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-general/build-spec/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_strip: + dh_strip -X usr/lib/debug -X unstripped -X ocaml + +override_dh_dwz: + # Can error with "deadbeefdeadbeef.debug: Found compressed .debug_info section, not attempting dwz compression" diff --git a/t/recipes/checks/binaries/static/binaries-general/build-spec/fill-values b/t/recipes/checks/binaries/static/binaries-general/build-spec/fill-values new file mode 100644 index 0000000..a24247d --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-general +Description: Misc errors related to binaries +Package-Architecture: any diff --git a/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/Makefile b/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/Makefile new file mode 100644 index 0000000..cf0f211 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/Makefile @@ -0,0 +1,64 @@ +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +COMPILE_NOPIE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) +# extract from readelf +GETBUILDID:=./getbuildid + +all: + # rpath not matching any of the exceptions to the rpath checks + # - with profiling enabled. + $(COMPILE_NOPIE) -o basic basic.c -pg -Wl,--rpath,/usr/local/lib + # rpath shipped in the package, but one of {/usr}?/lib + $(COMPILE) -o basiclibrpath basic.c -Wl,--rpath,/usr/lib + # non-special rpath shipped in the package + $(COMPILE) -o basicshippedrpath basic.c -Wl,--rpath,/usr/share/foo + # special rpath shipped in the package, multiple paths + $(COMPILE) -o basicshippedrpathmore basic.c -Wl,--rpath,/usr/lib/binaries-general:/usr/lib/binaries-general/bar + # static version of basic for debugging checks + $(COMPILE_NOPIE) -static -o basic.static basic.c + # static executable to trigger ocaml check + $(COMPILE_NOPIE) -o ocaml-exec ocaml.c + # version with debug + $(COMPILE) -o basicdebug -g3 -Wl,--build-id basic.c + +install: + # according to local debian rules /usr/lib/debug is unstripped + install -d $(DESTDIR)/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/debug/usr/share/foo/ + install -d $(DESTDIR)/usr/lib/foo/ + install -d $(DESTDIR)/usr/bin + + install -m 755 -c basic $(DESTDIR)/usr/share/foo/basic + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + strip -s $(DESTDIR)/usr/lib/debug/usr/share/foo/basic + install -m 755 -c basiclibrpath $(DESTDIR)/usr/lib/foo/basiclibrpath + install -m 755 -c basicshippedrpath $(DESTDIR)/usr/lib/foo/basicshippedrpath + install -m 755 -c ocaml-exec $(DESTDIR)/usr/lib/foo/ocaml-exec + install -m 744 -c basicshippedrpathmore $(DESTDIR)/usr/lib/foo/basicshippedrpathmore + objcopy --only-keep-debug basic $(DESTDIR)/usr/lib/debug/basic + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + install -m 755 -c basicdebug $(DESTDIR)/usr/share/foo/basicdebug + # force fake buildid in order to have tag matching ok (deadbeefdeadbeef) + install -d "$(DESTDIR)/usr/lib/debug/.build-id/de" + objcopy --compress-debug-sections basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/de/deadbeefdeadbeef.debug" + install -d "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug` + objcopy --compress-debug-sections --only-keep-debug basicdebug \ + "$(DESTDIR)/usr/lib/debug/.build-id/"`$(GETBUILDID) -s basicdebug`"/"`$(GETBUILDID) -f basicdebug`.debug + install -m 755 -c basic.static $(DESTDIR)/usr/lib/debug/ + # according to local debian rules unstripped in name avoid dh_strip to do the work + install -m 755 basicdebug $(DESTDIR)/usr/bin/unstripped + install -m 755 basic.static $(DESTDIR)/usr/bin/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/basic.c b/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/basic.c new file mode 100644 index 0000000..3618004 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> +#include <string.h> + +int +main(int argc, char *argv[]) +{ + char t[10]; + printf("Hello world!\n"); + /* forces a stack protector */ + (void) strcpy(t,argv[0]); + return (int) t[0]; +} diff --git a/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/getbuildid b/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/getbuildid new file mode 100755 index 0000000..0060d2b --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/getbuildid @@ -0,0 +1,30 @@ +#!/bin/sh +# get build-id of binary + +set -e + +usage() { + echo "Usage: getbuildid [flag] file"; + echo " print build-id of an object file" + echo "flags:" + echo " -f : full build-id (default)." + echo " -s : short build-id aka the first two characters." +} + +if test $# -lt 1; then usage; exit 77; fi +if test $# -gt 3; then usage; exit 77; fi + +if test $# -eq 1; then + LC_ALL=C readelf -n "$1" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' +else + case "x$1" in + 'x-f') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]*\).*/\1/g' ;; + 'x-s') + LC_ALL=C readelf -n "$2" | grep -i 'Build Id:' | sed 's/.*:[[:blank:]]*\([[:digit:]|abcdef]\{2\}\).*/\1/g' ;; + *) + exit 2; + esac +fi + +exit 0; diff --git a/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/ocaml.c b/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/ocaml.c new file mode 100644 index 0000000..370d17d --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-general/build-spec/orig/ocaml.c @@ -0,0 +1,11 @@ +#include <stdio.h> + +int +main(int argc, char **argv) +{ + if (argc > 2) { + puts("Caml1999X000"); + } + puts("\n"); + return 0; +} diff --git a/t/recipes/checks/binaries/static/binaries-general/eval/desc b/t/recipes/checks/binaries/static/binaries-general/eval/desc new file mode 100644 index 0000000..41f333c --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-general/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-general +Check: binaries/static diff --git a/t/recipes/checks/binaries/static/binaries-general/eval/hints b/t/recipes/checks/binaries/static/binaries-general/eval/hints new file mode 100644 index 0000000..3e9929d --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-general/eval/hints @@ -0,0 +1 @@ +binaries-general (binary): statically-linked-binary [usr/bin/static] diff --git a/t/recipes/checks/binaries/static/binaries-general/eval/post-test b/t/recipes/checks/binaries/static/binaries-general/eval/post-test new file mode 100755 index 0000000..11ad2c8 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-general/eval/post-test @@ -0,0 +1 @@ +/: hardening-.*/ d diff --git a/t/recipes/checks/binaries/static/binaries-golang/build-spec/fill-values b/t/recipes/checks/binaries/static/binaries-golang/build-spec/fill-values new file mode 100644 index 0000000..20669e9 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-golang/build-spec/fill-values @@ -0,0 +1,5 @@ +Skeleton: upload-native +Testname: binaries-golang +Extra-Build-Depends: golang-go (>= 2:1.1.1-4) +Description: Misc errors related to golang binaries +Package-Architecture: any diff --git a/t/recipes/checks/binaries/static/binaries-golang/build-spec/orig/Makefile b/t/recipes/checks/binaries/static/binaries-golang/build-spec/orig/Makefile new file mode 100644 index 0000000..f04b342 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-golang/build-spec/orig/Makefile @@ -0,0 +1,16 @@ +NOPIE_CFLAGS = $(filter-out -fPIE,$(CFLAGS)) +NOPIE_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) +COMPILE:= $(CC) $(NOPIE_CFLAGS) $(CPPFLAGS) $(NOPIE_LDFLAGS) + +all: + # static version + $(COMPILE) -static -o basic.static basic.c + +install: + install -d $(DESTDIR)/usr/lib/foo/ + install -m 755 basic.static $(DESTDIR)/usr/lib/foo/static + +clean distclean: + rm -f basic + +check test: diff --git a/t/recipes/checks/binaries/static/binaries-golang/build-spec/orig/basic.c b/t/recipes/checks/binaries/static/binaries-golang/build-spec/orig/basic.c new file mode 100644 index 0000000..7dea5a0 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-golang/build-spec/orig/basic.c @@ -0,0 +1,12 @@ +#include <stdio.h> + +int +main(void) +{ + char t[10]; + printf("Hello world!\n"); + /* Bad choice for reading from stdin, but it forces a stack + protector, so meh. + */ + gets (t); +} diff --git a/t/recipes/checks/binaries/static/binaries-golang/eval/desc b/t/recipes/checks/binaries/static/binaries-golang/eval/desc new file mode 100644 index 0000000..97800d6 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-golang/eval/desc @@ -0,0 +1,3 @@ +Testname: binaries-golang +Test-Against: statically-linked-binary +Check: binaries/static diff --git a/t/recipes/checks/binaries/static/binaries-golang/eval/hints b/t/recipes/checks/binaries/static/binaries-golang/eval/hints new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/t/recipes/checks/binaries/static/binaries-golang/eval/hints @@ -0,0 +1 @@ + diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/NEWS.Debian b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/NEWS.Debian new file mode 100644 index 0000000..29f561c --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/NEWS.Debian @@ -0,0 +1,12 @@ +binary (4-1.1) UNRELEASED; urgency=high + + This is a Debian NEWS entry that isn't encoded properly in UTF-8: ü. + It also has a usefull speling error. + + -- Russ Allbery <rra@debian.org> Sun, 14 Oct 2007 17:11:36 -0700 + +binary (1) unstable; urgency=low + + This is another entry but this one isn't syntactically valid. + + -- Russ Allbery 2007-10-14 diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/README.Debian b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/README.Debian new file mode 100644 index 0000000..94bcc0a --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/README.Debian @@ -0,0 +1,5 @@ +this is a binary package to test lintian's handling of bins. +Check handling of D-Bus and dbus (neither of which should produce +warnings). + + -- Russ Allbery <rra@debian.org>, Wed, 6 Feb 2008 18:35:11 -0800 diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/changelog.in b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/changelog.in new file mode 100644 index 0000000..39301d6 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/changelog.in @@ -0,0 +1,47 @@ +binary ([% $version %]) [% $distribution %]; urgency=low + + * I'm doing an comaintainer-upload, acknowledging a NMU, but with a version + number which suggests I'm doing a NMU myself. + + Lintian-maintainers: Please don't update this changelog, otherwise you'll + probably break the checks/nmu checks. + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Sun, 18 Apr 2004 01:49:42 +0200 + +binary (4-1) unstable; urgency=low + + * Weird version number for the new check for accidents with native + packaging. + * Date was fixed by BR and this test was put on changelog-file-strange-date + due to dpkg bug, see #794674. + + -- Marc 'HE' Brockschmidt <he@debian.org> Thu, 15 Apr 2004 23:33:51 +0200 + +binary (4) unstable; urgency=low + + * Add big file to /usr/share to trigger the big-usr-share check + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Fri, 27 Feb 2004 10:15:59 +0100 + +binary (3) unstable; urgency=unlimited + + * Add some bogus menu entries using su-to-root in a bogus way + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Thu, 12 Feb 2004 20:11:22 +0100 + +binary (2) unstable; urgency=low + + * Added an INSTALL document which policy 6.3 suggests not to do + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Tue, 30 Jan 2001 15:23:59 -0800 + +binary (1) unstable; urgency=low + + * hello.c added + * hello-static is same as hello, but compiled statically + * added a menu entry which lacks a Section + * added a postinst + * postinst calls suidregister which is no longer policy compliant + + -- Sean 'Shaleh' Perry <shaleh@debian.org> Wed, 10 Jan 2001 08:55:34 -0800 + diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/conffiles b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/conffiles new file mode 100644 index 0000000..d1a0843 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/conffiles @@ -0,0 +1 @@ +/etc/menu-methods/lintian diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/control b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/control new file mode 100644 index 0000000..c797357 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/control @@ -0,0 +1,42 @@ +Source: binary +Section: misc +Priority: optional +Maintainer: Lintian Maintainers <lintian-maint@debian.org> +Uploaders: Co-maintainer one <one@debian.org>, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>, Co-maintainer three <three@debian.org> +Standards-Version: 3.2.1 +Homepage: http://lintian.debian.org/ +Vcs-Svn: http://svn.wolffelaar.nl/lintian/trunk +XS-Vcs-Browser: http://svn.wolffelaar.nl/lintian/trunk +XS-Dm-Upload-Allowed: yes + +Package: binary +Architecture: any +Pre-Depends: ${shlibs:Depends}, xorg, binary-data (= ${source:Version}), libssl0.9.8 +Homepage: <http://lintian.debian.org/> +Vcs-Svn: http://svn.wolffelaar.nl/lintian/trunk +Description: test handling of binary files + Regression test for lintian's handling of binary files for debian. This + is checked for picky spelling errors. + . + This package list [ subversion | gconf ] should not be flagged as a spelling + mistake. The spelling correction for dont should be correct. + . + Homepage: http://lintian.debian.org/ + +Package: binary-data +Architecture: all +Depends: binary (= ${source:Version}), libssl-not-openssl, + libssl0.9.8 | or-something-else +Description: test handling of binary relationships + Regression test for lintian's checking of package relationships between + arch:any and arch:all packages. + . + This mention of subversion should be flagged as a spelling mistake. + +#Package: binary-comment +#Architecture: space-almonds +#Depends: * +#Depends: * +#Description: test comment support +# Yes, comments are actually allowed in debian/control, so none of the +# above should produce errors. diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/copyright b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/copyright new file mode 100644 index 0000000..1d6806d --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/copyright @@ -0,0 +1,15 @@ +hello.c is released under public domain. This is distributed in the hope that +it will be useful, but without any warranty; without even the implied warranty +of merchantability or fitness for a particular purpose. + +A reference to /usr/share/common-licenses/GPL-2 to make it look like this +package is under the GPL and trigger the OpenSSL warning. + +Test for old FSF address: + +Free Software Foundation, Inc., 59 Temple Place - Suite 330, +Boston, MA 02111-1307, USA. + +Test for deprecated nätionäl äncoding. + +Improper capitalization of linux or debian isn't caught here. diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/doc-base b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/doc-base new file mode 100644 index 0000000..7e5b38f --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/doc-base @@ -0,0 +1,41 @@ +Document: binary!docs +Title: Broken debian binary doc-base control file +Author: Russ Allbery +Abstract: This control file exercises various tests of doc-base control + files, including several things that aren't tested yet. The third and + fourth one has trailing whitespace. + . + This section has a speling error and bad ® character. + . + The above separator was fine. +Section: Non/Existant +Unknown: Some field + + + +Format: debiandoc-sgML +Files: /usr/share/doc/binary/binary.sgml.gz +Unknown: Some field + +Format: ESP +Index: /usr/share/doc/binary/binary.txt + +Index: /usr/share/doc/binary/html/index.html + /usr/share/doc/binary/html/ch1.html + /usr/share/doc/binary/html/ch4.html + + +Format: HTML +Index: /usr/share/doc/binary/html/index.html +Files: /usr/share/doc/binary/html/ch?.h*l + /usr/share/doc/binary/hml/*.html + +Format: inFO +Files: /usr/share/info/binary.info.gz + +Format: HTML +Index: /usr/share/doc/binary/html/index.html +Files: /usr/share/doc/binary/html/ch5.html + /usr/share/doc/binary/html/ch6.html + + diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/goodbye.desktop b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/goodbye.desktop new file mode 100644 index 0000000..f6ce8e3 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/goodbye.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Name:Goodbye +# Name=Goodbye +Comment=Say hello! +SpecialTag=This doesn't exist! +Exec=goodbye +icon=hello +Terminal=true +Type=Application +Categories=WeirdStuff;Screensaver; +Encoding=ISO-10646-1 +[Other Entry] +Name=Goodbye diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/hello.desktop b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/hello.desktop new file mode 100644 index 0000000..f795468 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/hello.desktop @@ -0,0 +1,14 @@ +# some random comment + +# [Foo Bar] +[KDE Desktop Entry] +Name=Hello +Name[en_US]=Hello +Comment=Say hello!
+Exec=kdesu hello +Icon=hello +Terminal=true +Type=Application +Categories=GNOME;GTK;System;Applet;X-Foo;Settings; +Encoding=UTF-8 +OnlyShowIn=GNOME; diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/menu b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/menu new file mode 100644 index 0000000..e8972f4 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/menu @@ -0,0 +1,26 @@ +?package(binary):needs=text title="Hello World" command="/usr/bin/hello" +?package(binary):needs=text section="Applications/System" title="Run cfdisk (0)" command="/usr/bin/su-to-root cfdisk" +?package(binary):needs="text" section="Applications/System/Hardware" title="Run cfdisk (1)" command="sux -p cfdisk" +?package(binary):needs="x11" section="Window Managers" title="Run xfdisk" command="/usr/sbin/su-to-root -c xfdisk" +?package(binary):needs="wm" section="Applications/System/Administration" title="Run fdisk-wm" command="su-to-root -c hello" +?package(binary):section="Apps/Games" title="I'm not root!" command="su-to-root -c imnothere" +?package(binary):needs="text" section="Apps/System" title="I'm not here!" command="/imnothere" +?package(binary,other-binary):\ + needs="text"\ + section="Applications/Shells"\ + title="more than one required"\ + command="other-bin -s omething" +?package(binary):needs="wmmodule" section="WindowManagers/Modules" title="somemodule" command="ModuleCmd" +?package(binary):needs="wmmodule" section="FVWM Modules" title="somemodule" command="ModuleCmd" +?package(binary):needs="text" section="Applications/System/Administration" title="I'm not in /usr/bin!" command="iminusrbin" +?package(binary):needs="text"\ + section="Applications/System/Administration"\ + title="I'm not root!" command="su-to-root -c imnothere" +?package(binary):needs="text" section="Applications/System/Administration"\ + title="Run cfdisk (0)" command="cfdisk" +?package(binary):needs="text" section="Applications/System/Administration" title="Hello World" command="/usr/bin/hello" +?package(binary):needs="wm" section="FVWM Modules" title="Fake Module" command="hello" +?package(binary):needs="fvwmmodule" section="Window Maker" title="Fake Module"\ + command="hello" +?package(binary):needs="x11" section="Applications/System/Hardware" title="Run xfdisk" command="su-to-root -c 'xfdisk -f'" +?package(binary):needs="text" section="Applications/System/Administration" title="foo" command="sh /path/to/foo" diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/menu-method b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/menu-method new file mode 100644 index 0000000..9f07bd7 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/menu-method @@ -0,0 +1,22 @@ +#!/usr/bin/install-menu + +# -*- mode: shell-script; -*- +#I need menu-1! +# + +!include notmenu.h + +compat="menu-2" + +outputencoding="UTF-8"; +outputlanguage="C"; + +x11 = AppEntry("false"); +text = AppEntry("true"); + +startmenu = ""; +endmenu = ""; +submenutitle = ""; +rootprefix = "/var/lib/lintian/menu"; +userprefix = ".local/share/lintian/menu"; + diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/postinst b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/postinst new file mode 100644 index 0000000..29e1861 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/postinst @@ -0,0 +1,6 @@ +#! /bin/bash -e + +if [ $1 eq 'configure' ] +then + suidregister hello-static root root 4755 +fi diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/rules b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/rules new file mode 100755 index 0000000..a962ea9 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/rules @@ -0,0 +1,92 @@ +#!/usr/bin/make -f + +tmp=debian/tmp + +# This reference to $(PWD) should not cause an error but the one below +# should. +build-arch: + make + echo $(PWD) + +build: build-arch + +clean: + make -i clean + [ ! -f debian/files ] || rm -f debian/files + [ ! -f debian/substvars ] || rm -f debian/substvars + [ ! -d debian/tmp ] || rm -rf debian/tmp + [ ! -d debian/binary ] || rm -rf debian/binary + [ ! -d debian/binary-data ] || rm -rf debian/binary-data + +binary-arch: build + install -d $(tmp)/usr/bin + install -d $(tmp)/boot/hello + install -m 755 hello $(tmp)/usr/bin + touch $(tmp)/usr/bin/iminusrbin + chmod 755 $(tmp)/usr/bin/iminusrbin + install -m 755 hello-static $(tmp)/usr/bin + strip $(tmp)/usr/bin/hello-static + install -m 755 hello-static $(tmp)/usr/bin/hello.static + strip --remove-section=.comment --remove-section=.note $(tmp)/usr/bin/hello.static + ln $(tmp)/usr/bin/hello.static $(tmp)/usr/bin/static-hello + install -m 755 hello-static $(tmp)/boot/hello + strip --remove-section=.comment --remove-section=.note $(tmp)/boot/hello/hello-static + install -d $(tmp)/usr/share/doc/binary + install -m 644 INSTALL $(tmp)/usr/share/doc/binary + install -d $(tmp)/usr/share/doc/binary/html + echo '<html></html>' > $(tmp)/usr/share/doc/binary/html/index.html + echo '<html></html>' > $(tmp)/usr/share/doc/binary/html/ch1.html + ln -s ../html/./ch1.html $(tmp)/usr/share/doc/binary/html/ch2.html + ln -s /usr/share/doc/binary/htm/ch1.html $(tmp)/usr/share/doc/binary/html/ch3.html + echo '<html></html>' > $(tmp)/usr/share/doc/binary/html/ch5.html + ln $(tmp)/usr/share/doc/binary/html/ch5.html \ + $(tmp)/usr/share/doc/binary/html/ch6.html + install -d $(tmp)/usr/share/menu + install -d $(tmp)/usr/lib/menu + install -d $(tmp)/usr/share/binary + install -m 644 debian/menu $(tmp)/usr/share/menu/binary + install -m 644 debian/menu $(tmp)/usr/lib/menu/binary + install -d $(tmp)/etc/menu-methods + install -m 755 debian/menu-method $(tmp)/etc/menu-methods/lintian + install -d $(tmp)/usr/share/doc-base + install -m 644 debian/doc-base $(tmp)/usr/share/doc-base/binary + touch '$(tmp)/usr/share/doc-base/space ' + install -m 644 debian/README.Debian $(tmp)/usr/share/doc/binary + install -m 644 debian/NEWS.Debian $(tmp)/usr/share/doc/binary + gzip -n -9 $(tmp)/usr/share/doc/binary/NEWS.Debian + install -m 644 debian/copyright $(tmp)/usr/share/doc/binary + install -m 644 debian/changelog $(tmp)/usr/share/doc/binary + #gzip -n -9 $(tmp)/usr/share/doc/binary/changelog + install -d $(tmp)/DEBIAN + install -m 755 debian/postinst $(tmp)/DEBIAN + install -m 644 debian/conffiles $(tmp)/DEBIAN + + install -d $(tmp)/usr/share/applications + install -m 644 debian/hello.desktop \ + $(tmp)/usr/share/applications/hello.desktop + install -m 755 debian/goodbye.desktop \ + $(tmp)/usr/share/applications/goodbye.desktop + + # should be ok... + echo boe > $(tmp)/usr/bar + ln $(tmp)/usr/bar $(tmp)/usr/foo + # but this isn't + echo boe > $(tmp)/usr/bar2 + ln $(tmp)/usr/bar2 $(tmp)/usr/share/baz + + dd if=/dev/zero of=$(tmp)/usr/share/binary/largefile bs=1024 count=4000 + + install -d debian/binary-data/DEBIAN + install -d debian/binary-data/usr/share/doc + ln -s binary debian/binary-data/usr/share/doc/binary-data + + dpkg-shlibdeps $(tmp)/usr/bin/hello + dpkg-gencontrol -pbinary -isp + dpkg-gencontrol -pbinary-data -Pdebian/binary-data -isp + + dpkg --build debian/tmp .. + dpkg --build debian/binary-data .. + +binary: binary-arch + +.PHONY: build-arch build binary-arch binary clean diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/templates b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/templates new file mode 100644 index 0000000..3d92861 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/debian/templates @@ -0,0 +1,16 @@ +# The debconf templates defined here are the sort that you'd use if +# providing a wordlist and an ispell dictionary for the language +# "perl". This shouldn't trigger warnings about not using debconf-po. + +Template: shared/packages-ispell +Type: text +Description: + +Template: shared/packages-wordlist +Type: text +Description: + +Template: miscfiles/languages +Type: text +Default: perl (Pathologically Eclectic Rubbish Lister) +Description: diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/fill-values b/t/recipes/checks/binaries/static/legacy-binary/build-spec/fill-values new file mode 100644 index 0000000..b503871 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/fill-values @@ -0,0 +1,5 @@ +Skeleton: upload-non-native +Testname: legacy-binary +Source: binary +Version: 4-1.1 +Description: Legacy test "binary" diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/orig/INSTALL b/t/recipes/checks/binaries/static/legacy-binary/build-spec/orig/INSTALL new file mode 100644 index 0000000..3b50ea9 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/orig/INSTALL @@ -0,0 +1,176 @@ +Basic Installation +================== + + These are generic installation instructions. + + The `configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a `Makefile' in each directory of the package. +It may also create one or more `.h' files containing system-dependent +definitions. Finally, it creates a shell script `config.status' that +you can run in the future to recreate the current configuration, a file +`config.cache' that saves the results of its tests to speed up +reconfiguring, and a file `config.log' containing compiler output +(useful mainly for debugging `configure'). + + If you need to do unusual things to compile the package, please try +to figure out how `configure' could check whether to do them, and mail +diffs or instructions to the address given in the `README' so they can +be considered for the next release. If at some point `config.cache' +contains results you don't want to keep, you may remove or edit it. + + The file `configure.in' is used to create `configure' by a program +called `autoconf'. You only need `configure.in' if you want to change +it or regenerate `configure' using a newer version of `autoconf'. + +The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type + `./configure' to configure the package for your system. If you're + using `csh' on an old version of System V, you might need to type + `sh ./configure' instead to prevent `csh' from trying to execute + `configure' itself. + + Running `configure' takes a while. While running, it prints some + messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with + the package. + + 4. Type `make install' to install the programs and any data files and + documentation. + + 5. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is + also a `make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. You can give `configure' +initial values for variables by setting them in the environment. Using +a Bourne-compatible shell, you can do that on the command line like +this: + CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure + +Or on systems that have the `env' program, you can do it like this: + env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you must use a version of `make' that +supports the `VPATH' variable, such as GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. + + If you have to use a `make' that does not supports the `VPATH' +variable, you have to compile the package for one architecture at a time +in the source code directory. After you have installed the package for +one architecture, use `make distclean' before reconfiguring for another +architecture. + +Installation Names +================== + + By default, `make install' will install the package's files in +`/usr/local/bin', `/usr/local/man', etc. You can specify an +installation prefix other than `/usr/local' by giving `configure' the +option `--prefix=PATH'. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +give `configure' the option `--exec-prefix=PATH', the package will use +PATH as the prefix for installing programs and libraries. +Documentation and other data files will still use the regular prefix. + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + +Optional Features +================= + + Some packages pay attention to `--enable-FEATURE' options to +`configure', where FEATURE indicates an optional part of the package. +They may also pay attention to `--with-PACKAGE' options, where PACKAGE +is something like `gnu-as' or `x' (for the X Window System). The +`README' should mention any `--enable-' and `--with-' options that the +package recognizes. + + For packages that use the X Window System, `configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the `configure' options `--x-includes=DIR' and +`--x-libraries=DIR' to specify their locations. + +Specifying the System Type +========================== + + There may be some features `configure' can not figure out +automatically, but needs to determine by the type of host the package +will run on. Usually `configure' can figure that out, but if it prints +a message saying it can not guess the host type, give it the +`--host=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name with three fields: + CPU-COMPANY-SYSTEM + +See the file `config.sub' for the possible values of each field. If +`config.sub' isn't included in this package, then this package doesn't +need to know the host type. + + If you are building compiler tools for cross-compiling, you can also +use the `--target=TYPE' option to select the type of system they will +produce code for and the `--build=TYPE' option to select the type of +system on which you are compiling the package. + +Sharing Defaults +================ + + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. +`configure' looks for `PREFIX/share/config.site' if it exists, then +`PREFIX/etc/config.site' if it exists. Or, you can set the +`CONFIG_SITE' environment variable to the location of the site script. +A warning: not all `configure' scripts look for a site script. + +Operation Controls +================== + + `configure' recognizes the following options to control how it +operates. + +`--cache-file=FILE' + Use and save the results of the tests in FILE instead of + `./config.cache'. Set FILE to `/dev/null' to disable caching, for + debugging `configure'. + +`--help' + Print a summary of the options to `configure', and exit. + +`--quiet' +`--silent' +`-q' + Do not print messages saying which checks are being made. + +`--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + +`--version' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`configure' also accepts some other, not widely useful, options. + diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/orig/Makefile b/t/recipes/checks/binaries/static/legacy-binary/build-spec/orig/Makefile new file mode 100644 index 0000000..da1dc55 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/orig/Makefile @@ -0,0 +1,12 @@ +all: hello hello-static + +hello: hello.c + gcc hello.c -o hello + +hello-static: hello.c + gcc -static hello.c -o hello-static + +clean: + rm -f hello hello-static + +distclean: clean diff --git a/t/recipes/checks/binaries/static/legacy-binary/build-spec/orig/hello.c b/t/recipes/checks/binaries/static/legacy-binary/build-spec/orig/hello.c new file mode 100644 index 0000000..2fb04e1 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/build-spec/orig/hello.c @@ -0,0 +1,8 @@ +#include <stdio.h> +#include <stdlib.h> + +int main(int argc, char *argv[]) { + + printf("Hello, World!\n"); + exit(0); +} diff --git a/t/recipes/checks/binaries/static/legacy-binary/eval/desc b/t/recipes/checks/binaries/static/legacy-binary/eval/desc new file mode 100644 index 0000000..cadb9b2 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-binary +Check: binaries/static diff --git a/t/recipes/checks/binaries/static/legacy-binary/eval/hints b/t/recipes/checks/binaries/static/legacy-binary/eval/hints new file mode 100644 index 0000000..6f29ed7 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/eval/hints @@ -0,0 +1 @@ +binary (binary): statically-linked-binary [usr/bin/static-hello] diff --git a/t/recipes/checks/binaries/static/legacy-binary/eval/post-test b/t/recipes/checks/binaries/static/legacy-binary/eval/post-test new file mode 100644 index 0000000..3deefd5 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-binary/eval/post-test @@ -0,0 +1,3 @@ +s/arch-dep-package-has-big-usr-share .*kB .*%/arch-dep-package-has-big-usr-share/ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/_symbols b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/_symbols new file mode 100644 index 0000000..46e6af1 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/_symbols @@ -0,0 +1,23 @@ + This line should flag a syntax error +# but this one shouldn't +| although this one should, but for a different reason + and so should this + +libhello.so.0 libhello0 #MINVER# +| libhello0c2 (>= 1.2) , libhelloc0c2 (<< 1.3) +| hello-dbg3| libhelloc0c3|foobar (= 1.2) |hello-dbg2 +| hello-dbg + hello@Base 1.0 +* Build-Dep-Foo: bar + hello2@Base 2.0 4 + hello3@Base 2.0 1 + hello3@Base 2.0 A + dummy + +libhello.so.2 libhello2 #MINVER# +* Build-Depends-Package: libbar +| libhello2 (>= 1:2.3) + hello@Base 2.0 + +libhello.so.0 libhello0 #MINVER# + duplicate@Base 1.0 diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/changelog.in b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/changelog.in new file mode 100644 index 0000000..02da925 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/changelog.in @@ -0,0 +1,13 @@ +debug ([% $version %]) [% $distribution %]; urgency=low + + * NMU. + (uploaded by the maintainer and with repeated version number) + + -- Russ Allbery <rra@debian.org> Tue, 4 Apr 2006 20:27:22 +0000 + +debug (1.0) unstable; urgency=low + + * Initial version. + + -- Russ Allbery <rra@debian.org> Sat, 4 Mar 2006 21:31:06 -0800 + diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/compat.in b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/compat.in new file mode 100644 index 0000000..640a566 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/compat.in @@ -0,0 +1 @@ +[% $dh_compat_level %] diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/control b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/control new file mode 100644 index 0000000..fcb2b86 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/control @@ -0,0 +1,85 @@ +Source: debug +Section: utils +Priority: optional +Maintainer: Russ Allbery <rra@debian.org> +Build-Depends: debhelper (>= 5.0.0) +Build-Depends-Indep: not-debhelper (>= 0.4.3) +Standards-Version: 3.7.0 + +Package: hello +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information + Lintian regression test for external debugging file handling. This test + contains the binary. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hello-dbg +Priority: optional +Section: debug +Architecture: any +Depends: hello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (symbols) + Lintian regression test for external debugging file handling. This test + contains the binary symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library) + Lintian regression test for external debugging file handling. This test + contains a library. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: libhello0-dbg +Section: debug +Priority: optional +Architecture: any +Depends: libhello (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: Test for external debugging information (library symbols) + Lintian regression test for external debugging file handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: hi-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0 +Description: Test for external debugging symbols + Lintian regression test for external debugging files handling. This test + contains the library symbols. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + +Package: hello-hello-dbg +Section: debug +Priority: optional +Architecture: any +Depends: foo-pkg, not-libhello0, hello +Description: Test for external debugging symbols - another try + Lintian regression test for external debugging files handling. This test + contains the library symbols. This package actually tests a combination of + the above. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/copyright b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/copyright new file mode 100644 index 0000000..5d4f6c2 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/copyright @@ -0,0 +1,4 @@ +Written Sat, 04 Mar 2006 21:30:01 -0800 by Russ Allbery <rra@debian.org>. + +Test for copyright in capital letters. (#464992) +COPYRIGHT RUSS ALLBERY 2006 diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/rules b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/rules new file mode 100755 index 0000000..b659895 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/debian/rules @@ -0,0 +1,99 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# This file is public domain software, originally written by Joey Hess. + +# turn off PIE in CC in case we have a PIEful toolchain: +ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),) + CC := gcc +else + CC := gcc -fno-pie -no-pie +endif + +build-indep: + +build-arch: build-stamp + +build-stamp: + dh_testdir + $(CC) -D_REENTRANT -fPIC -c libhello.c + $(CC) -o libhello.so.0.0 -shared -Wl,-soname,libhello.so.0 libhello.o + ln -s libhello.so.0.0 libhello.so + $(CC) -o hello hello.c -L. -lhello + touch build-stamp + +build: build-arch build-indep + +clean: + dh_testdir + dh_testroot + rm -f build-stamp *.o libhello.so.0.0 libhello.so + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_clean -k + install -D hello $(CURDIR)/debian/hello/usr/bin/hello + install -D libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0.0 + ln -s libhello.so.0.0 \ + $(CURDIR)/debian/libhello0/usr/lib/libhello.so.0 + +# Build architecture-dependent files here. +export DH_OPTIONS +binary-arch: DH_OPTIONS=-a +binary-arch: build-stamp install + dh_testdir + dh_testroot + dh_installchangelogs -N hello-dbg + dh_installdocs + DH_OPTIONS= dh_strip -phello --dbg-package=hello-dbg + DH_OPTIONS= dh_strip -plibhello0 --dbg-package=libhello0-dbg + + # Now break a few things. Copy the debugging data into places it + # shouldn't be. + cp $(CURDIR)/debian/hello-dbg/usr/lib/debug/usr/bin/hello \ + $(CURDIR)/debian/hello/usr/bin/hello.dbg + cp $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/usr/lib/libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/libhello.so.dbg + + # Put a full copy of the library in libhello0-dbg in /usr/lib/debug, + # which is okay. + install -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/libhello.so.0.0 + + # Also put it in /usr/lib/debug/lib, which isn't. + install -D -m 644 libhello.so.0.0 \ + $(CURDIR)/debian/libhello0-dbg/usr/lib/debug/lib/libhello.so.0.0 + + # Requires a versioned dependency. + dh_icons + + dh_link + dh_compress + dh_fixperms + dh_makeshlibs -X debug + dh_installdeb + dh_shlibdeps -X debug + + # We do this by hand as otherwise dpkg-gensymbols + # will error due to the broken symbols file + # and abort the build; similarly the file in + # the source tree is _symbols so that dpkg + # doesn't attempt to sanity check it + install -d $(CURDIR)/debian/libhello0/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/libhello0/DEBIAN/symbols + # hello doesn't contain any shlibs, but we + # make it contain a symbols file + install -d $(CURDIR)/debian/hello/DEBIAN + install -m 644 $(CURDIR)/debian/_symbols \ + $(CURDIR)/debian/hello/DEBIAN/symbols + + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: +binary: binary-indep binary-arch +.PHONY: build-arch build-indep build binary binary-indep binary-arch clean install diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/fill-values b/t/recipes/checks/binaries/static/legacy-debug/build-spec/fill-values new file mode 100644 index 0000000..79eebf1 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/fill-values @@ -0,0 +1,6 @@ +Skeleton: upload-native +Testname: legacy-debug +Source: debug +Default-Build-Depends: debhelper (>= 9.20151004~) +Dh-Compat-Level: 7 +Description: Legacy test "debug" diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/orig/hello.c b/t/recipes/checks/binaries/static/legacy-debug/build-spec/orig/hello.c new file mode 100644 index 0000000..76f8337 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/orig/hello.c @@ -0,0 +1,9 @@ +#include <stdlib.h> +#include "libhello.h" + +int +main(void) +{ + hello(); + exit(0); +} diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/orig/libhello.c b/t/recipes/checks/binaries/static/legacy-debug/build-spec/orig/libhello.c new file mode 100644 index 0000000..e2f8409 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/orig/libhello.c @@ -0,0 +1,7 @@ +#include <stdio.h> + +void +hello(void) +{ + printf("Hello, World!\n"); +} diff --git a/t/recipes/checks/binaries/static/legacy-debug/build-spec/orig/libhello.h b/t/recipes/checks/binaries/static/legacy-debug/build-spec/orig/libhello.h new file mode 100644 index 0000000..ef77476 --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/build-spec/orig/libhello.h @@ -0,0 +1 @@ +void hello(void); diff --git a/t/recipes/checks/binaries/static/legacy-debug/eval/desc b/t/recipes/checks/binaries/static/legacy-debug/eval/desc new file mode 100644 index 0000000..2ec70bd --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-debug +Check: binaries/static diff --git a/t/recipes/checks/binaries/static/legacy-debug/eval/hints b/t/recipes/checks/binaries/static/legacy-debug/eval/hints new file mode 100644 index 0000000..0e446ad --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/eval/hints @@ -0,0 +1 @@ +hello (binary): statically-linked-binary [usr/bin/hello.dbg] diff --git a/t/recipes/checks/binaries/static/legacy-debug/eval/post-test b/t/recipes/checks/binaries/static/legacy-debug/eval/post-test new file mode 100644 index 0000000..fc97c5f --- /dev/null +++ b/t/recipes/checks/binaries/static/legacy-debug/eval/post-test @@ -0,0 +1,2 @@ +/: hardening-.*/ d +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ |