diff options
Diffstat (limited to 't/recipes/checks/scripts/scripts-maintainer-general')
8 files changed, 376 insertions, 0 deletions
diff --git a/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/maintscript b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/maintscript new file mode 100644 index 0000000..c3dcfac --- /dev/null +++ b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/maintscript @@ -0,0 +1 @@ +mv_conffile /etc/foo/old.conf /etc/foo/new.conf 0~ diff --git a/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/postinst b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/postinst new file mode 100755 index 0000000..492f84a --- /dev/null +++ b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/postinst @@ -0,0 +1,255 @@ +#!/bin/sh + +# This file contains a pile of random junk in maintainer scripts that we +# should be checking for in checks/scripts. Don't put bashisms in this file, +# though; those should go into scripts-bashisms. + +set -e + +print "Hit enter to continue" +read foo + +echo Please use update-rc.d or invoke-rc.d to set up blah blah. + +chown root.root /usr/share/doc/maintainer-scripts/changelog +chown root:root /usr/share/doc/maintainer-scripts/changelog + +# valid +FOO=/tmp +FOO=/var/tmp +: ${FOO:=/tmp} +FOO=`mktemp /tmp/scripts.XXXXXX` +rm "$FOO" +FOO=`tempfile -n/tmp/scripts.tmp` +mkdir /var/tmp/scripts +# invalid +echo foo >>/tmp/scripts.tmp +rm /tmp/scripts.tmp +rmdir /var/tmp/scripts + +# invalid, maintainer-script-hides-init-failure +invoke-rc.d foo start || exit 0 + +# The right way to invoke an rc script +if which invoke-rc.d >/dev/null 2>&1; then + invoke-rc.d package start +else + /etc/init.d/package start +fi + +# Example ucf invocation. +ucf /usr/share/foo/configuration /etc/foo.conf + +# Calling gconftool directly. +gconftool-2 --makefile-install-rule foo.schema + +# Calling gconf-schemas with no dependency. +gconf-schemas --register foo.schema + +# Calling update-xmlcatalog with no dependency. +update-xmlcatalog --add --type system --id "/usr/share/sgml/dtd/foo" \ + --package maintainer-scripts --root + +# Maintainer scripts shouldn't touch /var/lib/dpkg/status. This is the old +# recipe from the dpkg wiki that should be replaced with dpkg-query. +sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' /etc/conffile'{s/.* //;p}}\" \ + /var/lib/dpkg/status + +# Don't modify these files. +echo 'broken 6714/tcp' >> /etc/services +cp /nonexistent /etc/protocols +mv /usr/share/doc/rpc /etc/rpc + +# But this is okay. +cp /etc/protocols /etc/protocols.new + +# This is also wrong. +echo 'broken' > /etc/inetd.conf +cp /etc/inetd.conf.new /etc/inetd.conf + +# But this is fine. +cp /etc/inetd.conf /srv/chroot/etc/inetd.conf + +# Deprecated and not allowed except the second one. +install-sgmlcatalog --install package +install-sgmlcatalog --remove package + +# Calling start-stop-daemon directly in an init script. +start-stop-daemon --start --quiet --name foo --startas /usr/bin/foo + +# But stopping it is fine -- we may be working around something else. +start-stop-daemon --stop --quiet --name foo --startas /usr/bin/foo + +# Deprecated chown use with flags. +chown -R root.root /usr/share/doc/maintainer-scripts + +# The first should not trigger an error about a command with a path, but the +# second should. +case $mainscript in + /usr/bin/foo) foobarbaz;; +esac +/usr/bin/baz; echo bar + +# fc-cache shouldn't be called directly, but make sure we don't see it in a +# heredoc. +fc-cache +cat <<EOF +fc-cache +EOF + +# Obsolete suidregister program. +suidregister /usr/bin/foo + +# install-info is now handled through triggers. +install-info --quiet --section Development Development \ + /usr/share/info/foobar.info + +# Packages don't get to modify /etc/ld.so.conf +echo '/usr/local/lib' >> /etc/ld.so.conf +( cat /etc/ld.so.conf ; echo '/usr/local/lib' ) > /etc/ld.so.conf.new +mv /etc/ld.so.conf.new /etc/ld.so.conf + +# Further tests for commands with paths in maintainer scripts. The following +# should not trigger a tag (Bug#536397). +chmod `dpkg-statoverride --list /usr/sbin/apache2 | cut -f 3` /usr/sbin/apache2 + +# These, however, should. +true `basename "$0"` `/usr/bin/foo bar` +true `/usr/bin/foo "$0"` + +# This line should not trigger a warning about no dependency on ucf because of +# the || true. (Bug#541372) +ucf -p /etc/sensors3.conf || true + +if false ; then + mknod some thing +fi + +# Calling update alternative --set see #643602 +update-alternatives --set editor /usr/bin/nano + +# false positive +start-stop-daemon--stop --quiet --name foo --startas /usr/bin/foo + +# false positive +start-stop-daemon --quiet --stop --name foo --startas /usr/bin/foo + +# false negative +start-stop-daemon --quiet --start --name foo --startas /usr/bin/foo + +# remove device file +rm /dev/null + +# false positive +rm /dev/shm/test +rm /dev/.hiddenfile + +# adduser system +adduser --system foo +adduser --system foo2 --home /home/foo2 +adduser --system bar --home /var/lib/bar +adduser --home /var/lib/fnord --system fnord +adduser --home /home/fnord2 --system fnord2 + +# other test case for gconftool +/usr/bin/gconftool-2 --makefile-install-rule foo.schema + +# service +service apache2 start + +# adduser through variable +DEVNULL=/dev/null +adduser --system bar1 --home $DEVNULL +adduser --system bar2 --home ${DEVNULL} + +# this is a false positive due to quoting +adduser --system bar2 --home "${DEVNULL}" +adduser --system --ingroup smmta --home "/var/lib/sendmail" \ + --disabled-password \ + --quiet --gecos 'Mail Transfer Agent' smmta; + +# false positive +echo "You can use update-alternatives --config runsystem to select" +echo "the runsystem to use." + +# false negative +DIVERSIONS=`env LC_ALL=C /usr/sbin/dpkg-divert --list | grep -E 'by amule(-utils)?$'` || true +DIVERSIONS=`env LC_ALL="C" /usr/sbin/dpkg-divert --list | grep -E 'by amule(-utils)?$'` || true +DIVERSIONS=`env LC_ALL='C' /usr/sbin/dpkg-divert --list | grep -E 'by amule(-utils)?$'` || true + +if [ ! -x /usr/sbin/dpkg-state-override ] || \ + ! dpkg-state-override > /dev/null +then + true; +fi + +# bad +dpkg-maintscript-helper symlink_to_dir \ + /usr/share/autoconf-archive/html/ \ + ../../autoconf-archive/html \ + 20111221-2~ -- "$@" + +# good +dpkg-maintscript-helper symlink_to_dir \ + /usr/share/autoconf-archive/html \ + ../../autoconf-archive/html \ + 20111221-2~ -- "$@" + +# true positive +adduser --system --quiet --ingroup ntp --no-create-home ntp +adduser festival --quiet --system --ingroup audio --no-create-home + +# detect usage that could be replaced by dpkg-maintscript-helper +if [ -d /usr/share/doc/tworld ]; then + if rmdir /usr/share/doc/tworld 2>/dev/null; then + ln -s tworld-data /usr/share/doc/tworld + fi +fi + +chown root:root /good +chmod 777 /good +chown -R root:root /bad +chown root:root -R /bad +chown root:root --recursive /bad +chown --recursive root:root /bad +chmod -R 777 /bad +chmod 777 -R /bad +chmod 777 --recursive /bad +chmod --recursive 777 /bad +find /bad -maxdepth 2 -type d -exec chown root:root {} \; # (#895370) +find /bad -maxdepth 2 -type d -exec chmod 777 # (#895370) + +echo /var/lib/dpkg/info/other-package.conffiles +echo /var/lib/dpkg/info/other-package.md5sums +echo /var/lib/dpkg/info/other-package.shlibs +echo /var/lib/dpkg/info/other-package.postinst +echo /var/lib/dpkg/info/other-package.preinst +echo /var/lib/dpkg/info/other-package.list +echo /var/lib/dpkg/triggers/other-package + +getent passwd good || true +getent group good || true +getent passwd good || true # grep /etc/passwd false-positive +getent group good || true # grep /etc/group false-positive +grep bad /etc/passwd || true +grep bad /etc/group || true +grep -E bad /etc/passwd || true +grep -E bad /etc/passwd || true +grep -F bad /etc/group || true +grep -F bad /etc/group || true +# grep /etc/passwd false-positive +# grep /etc/group false-positive + +echo $PIUPARTS_TEST # bad +echo ${PIUPARTS_OBJECTS} +echo ${PIUPARTS_PHASE} +echo ${PIUPARTS_DISTRIBUTION} +echo ${PIUPARTS_DISTRIBUTION_NEXT} +echo ${PIUPARTS_DISTRIBUTION_PREV} +echo $PIUPARTS_IS_AWESOME # good + +#DEBHELPER# + +# Automatically added by dh_dummy/12 +true `/usr/bin/false-positive "$0"` +# End automatically added section diff --git a/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/postrm b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/postrm new file mode 100644 index 0000000..21ce89e --- /dev/null +++ b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/postrm @@ -0,0 +1,9 @@ +#!/bin/sh +# we do not set -e + +echo "ok" > /dev/null + +# not allowed +update-alternatives --remove foo + +#DEBHELPER#
\ No newline at end of file diff --git a/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/prerm b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/prerm new file mode 100644 index 0000000..fcbd64e --- /dev/null +++ b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/prerm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +# This script should fail a syntax check + +if [ "$1" = configure ] then # oh look - I forgot a ; + echo "Hallo world" +fi + +#DEBHELPER# diff --git a/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/rules b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/rules new file mode 100644 index 0000000..6f66b82 --- /dev/null +++ b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/debian/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +%: + dh $@ + +override_dh_installdeb: + dh_installdeb + echo "#DEBHELPER#" >> debian/$(shell dh_listpackages)/DEBIAN/postinst diff --git a/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/fill-values b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/fill-values new file mode 100644 index 0000000..111edec --- /dev/null +++ b/t/recipes/checks/scripts/scripts-maintainer-general/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: scripts-maintainer-general +Distribution: precise +Description: Check general problems in maintainer scripts diff --git a/t/recipes/checks/scripts/scripts-maintainer-general/eval/desc b/t/recipes/checks/scripts/scripts-maintainer-general/eval/desc new file mode 100644 index 0000000..1d06365 --- /dev/null +++ b/t/recipes/checks/scripts/scripts-maintainer-general/eval/desc @@ -0,0 +1,5 @@ +Testname: scripts-maintainer-general +Profile: ubuntu/main +Check: scripts +See-Also: + Bug#532984 diff --git a/t/recipes/checks/scripts/scripts-maintainer-general/eval/hints b/t/recipes/checks/scripts/scripts-maintainer-general/eval/hints new file mode 100644 index 0000000..c8e171c --- /dev/null +++ b/t/recipes/checks/scripts/scripts-maintainer-general/eval/hints @@ -0,0 +1,83 @@ +scripts-maintainer-general (binary): trailing-slash-for-dpkg-maintscript-helper-symlink_to_dir "dpkg-maintscript-helper symlink_to_dir /usr/share/autoconf-archive/html/" [postinst:190] +scripts-maintainer-general (binary): recursive-privilege-change "find /bad -maxdepth 2 -type d -exec chown" [postinst:219] +scripts-maintainer-general (binary): recursive-privilege-change "find /bad -maxdepth 2 -type d -exec chmod" [postinst:220] +scripts-maintainer-general (binary): recursive-privilege-change "chown root:root -R" [postinst:212] +scripts-maintainer-general (binary): recursive-privilege-change "chown root:root --recursive" [postinst:213] +scripts-maintainer-general (binary): recursive-privilege-change "chown -R" [postinst:84] +scripts-maintainer-general (binary): recursive-privilege-change "chown -R" [postinst:211] +scripts-maintainer-general (binary): recursive-privilege-change "chown --recursive" [postinst:214] +scripts-maintainer-general (binary): recursive-privilege-change "chmod 777 -R" [postinst:216] +scripts-maintainer-general (binary): recursive-privilege-change "chmod 777 --recursive" [postinst:217] +scripts-maintainer-general (binary): recursive-privilege-change "chmod -R" [postinst:215] +scripts-maintainer-general (binary): recursive-privilege-change "chmod --recursive" [postinst:218] +scripts-maintainer-general (binary): read-in-maintainer-script [postinst:10] +scripts-maintainer-general (binary): postrm-removes-alternative "update-alternatives --remove" [postrm:7] +scripts-maintainer-general (binary): maintainer-script-updates-fontconfig-cache-improperly "fc-cache" [postinst:97] +scripts-maintainer-general (binary): maintainer-script-updates-fontconfig-cache-improperly "fc-cache" [postinst:95] +scripts-maintainer-general (binary): maintainer-script-switches-dir-to-symlink-unsafely "ln -s tworld-data /usr/share/doc" [postinst:205] +scripts-maintainer-general (binary): maintainer-script-should-not-use-piuparts-variable "PIUPARTS_TEST" [postinst:243] +scripts-maintainer-general (binary): maintainer-script-should-not-use-piuparts-variable "PIUPARTS_PHASE" [postinst:245] +scripts-maintainer-general (binary): maintainer-script-should-not-use-piuparts-variable "PIUPARTS_OBJECTS" [postinst:244] +scripts-maintainer-general (binary): maintainer-script-should-not-use-piuparts-variable "PIUPARTS_DISTRIBUTION_PREV" [postinst:248] +scripts-maintainer-general (binary): maintainer-script-should-not-use-piuparts-variable "PIUPARTS_DISTRIBUTION_NEXT" [postinst:247] +scripts-maintainer-general (binary): maintainer-script-should-not-use-piuparts-variable "PIUPARTS_DISTRIBUTION" [postinst:246] +scripts-maintainer-general (binary): maintainer-script-should-not-use-dpkg-maintscript-helper "dpkg-maintscript-helper" [postinst:196] +scripts-maintainer-general (binary): maintainer-script-should-not-use-dpkg-maintscript-helper "dpkg-maintscript-helper" [postinst:190] +scripts-maintainer-general (binary): maintainer-script-should-not-parse-etc-passwd-or-group "grep bad /etc/passwd" [postinst:234] +scripts-maintainer-general (binary): maintainer-script-should-not-parse-etc-passwd-or-group "grep bad /etc/group" [postinst:235] +scripts-maintainer-general (binary): maintainer-script-should-not-parse-etc-passwd-or-group "grep -F bad /etc/group" [postinst:239] +scripts-maintainer-general (binary): maintainer-script-should-not-parse-etc-passwd-or-group "grep -F bad /etc/group" [postinst:238] +scripts-maintainer-general (binary): maintainer-script-should-not-parse-etc-passwd-or-group "grep -E bad /etc/passwd" [postinst:237] +scripts-maintainer-general (binary): maintainer-script-should-not-parse-etc-passwd-or-group "grep -E bad /etc/passwd" [postinst:236] +scripts-maintainer-general (binary): maintainer-script-sets-alternative-improperly "update-alternatives --set" [postinst:129] +scripts-maintainer-general (binary): maintainer-script-removes-device-files "rm /dev/null" [postinst:141] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-xml-core update-xmlcatalog (does not satisfy xml-core) [postinst:51] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-ucf ucf (does not satisfy ucf) [postinst:41] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-gconf2 gconf-schemas (does not satisfy gconf2) [postinst:47] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:200] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:199] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:169] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:166] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:163] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:162] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:152] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:151] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:150] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:149] +scripts-maintainer-general (binary): maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:148] +scripts-maintainer-general (binary): maintainer-script-modifies-inetd-conf [postinst:68] +scripts-maintainer-general (binary): maintainer-script-modifies-inetd-conf [postinst:67] +scripts-maintainer-general (binary): maintainer-script-lacks-home-in-adduser "adduser festival --quiet --system --ingroup audio --no-create-home" [postinst:200] +scripts-maintainer-general (binary): maintainer-script-lacks-home-in-adduser "adduser --system foo2 --home /home/foo2" [postinst:149] +scripts-maintainer-general (binary): maintainer-script-lacks-home-in-adduser "adduser --system foo" [postinst:148] +scripts-maintainer-general (binary): maintainer-script-lacks-home-in-adduser "adduser --system --quiet --ingroup ntp --no-create-home ntp" [postinst:199] +scripts-maintainer-general (binary): maintainer-script-lacks-home-in-adduser "adduser --home /home/fnord2 --system fnord2" [postinst:152] +scripts-maintainer-general (binary): maintainer-script-interpreter /bin/sh [prerm] +scripts-maintainer-general (binary): maintainer-script-interpreter /bin/sh [preinst] +scripts-maintainer-general (binary): maintainer-script-interpreter /bin/sh [postrm] +scripts-maintainer-general (binary): maintainer-script-interpreter /bin/sh [postinst] +scripts-maintainer-general (binary): maintainer-script-ignores-errors [postrm] +scripts-maintainer-general (binary): maintainer-script-hides-init-failure "invoke-rc.d foo start || exit 0" [postinst:31] +scripts-maintainer-general (binary): maintainer-script-changes-netbase "mv /usr/share/doc/rpc /etc/rpc" [postinst:61] +scripts-maintainer-general (binary): maintainer-script-changes-netbase "cp /nonexistent /etc/protocols" [postinst:60] +scripts-maintainer-general (binary): maintainer-script-changes-netbase "> /etc/services" [postinst:59] +scripts-maintainer-general (binary): maintainer-script-changes-ld-so-conf "mv /etc/ld.so.conf.new /etc/ld.so.conf" [postinst:110] +scripts-maintainer-general (binary): maintainer-script-changes-ld-so-conf "> /etc/ld.so.conf" [postinst:108] +scripts-maintainer-general (binary): maintainer-script-calls-start-stop-daemon "start-stop-daemon" [postinst:78] +scripts-maintainer-general (binary): maintainer-script-calls-start-stop-daemon "start-stop-daemon" [postinst:138] +scripts-maintainer-general (binary): maintainer-script-calls-service "service" [postinst:158] +scripts-maintainer-general (binary): maintainer-script-calls-install-sgmlcatalog "install-sgmlcatalog" [postinst:75] +scripts-maintainer-general (binary): maintainer-script-calls-install-sgmlcatalog "install-sgmlcatalog" [postinst:74] +scripts-maintainer-general (binary): maintainer-script-calls-gconftool "gconftool-2" [postinst:44] +scripts-maintainer-general (binary): maintainer-script-calls-gconftool "/usr/bin/gconftool-2" [postinst:155] +scripts-maintainer-general (binary): maintainer-script-calls-chown-improperly "chown root.root" [postinst:14] +scripts-maintainer-general (binary): maintainer-script-calls-chown-improperly "chown -R root.root" [postinst:84] +scripts-maintainer-general (binary): install-info-used-in-maintainer-script "install-info" [postinst:105] +scripts-maintainer-general (binary): command-with-path-in-maintainer-script /usr/sbin/dpkg-state-override (in test syntax) [postinst:181] +scripts-maintainer-general (binary): command-with-path-in-maintainer-script /usr/sbin/dpkg-divert (in backticks) [postinst:178] +scripts-maintainer-general (binary): command-with-path-in-maintainer-script /usr/sbin/dpkg-divert (in backticks) [postinst:177] +scripts-maintainer-general (binary): command-with-path-in-maintainer-script /usr/sbin/dpkg-divert (in backticks) [postinst:176] +scripts-maintainer-general (binary): command-with-path-in-maintainer-script /usr/bin/gconftool-2 (plain script) [postinst:155] +scripts-maintainer-general (binary): command-with-path-in-maintainer-script /usr/bin/foo (in backticks) [postinst:118] +scripts-maintainer-general (binary): command-with-path-in-maintainer-script /usr/bin/foo (in backticks) [postinst:117] +scripts-maintainer-general (binary): command-with-path-in-maintainer-script /usr/bin/baz (plain script) [postinst:91] |