diff options
Diffstat (limited to 't/recipes/checks/systemd')
151 files changed, 2074 insertions, 0 deletions
diff --git a/t/recipes/checks/systemd/init.d-general/build-spec/debian/control.in b/t/recipes/checks/systemd/init.d-general/build-spec/debian/control.in new file mode 100644 index 0000000..80dcc37 --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/build-spec/debian/control.in @@ -0,0 +1,61 @@ +Source: [% $source %] +Priority: optional +Section: [% $section %] +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: no + +Package: [% $source %] +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-6) +Description: [% $description %] + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: [% $source %]-bugs +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-6) +Description: [% $description %] -- bugs + Test some simple bugs in the check + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: [% $source %]-interpreter-in-usr-dir +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: [% $description %] -- bad script interpreter + Test a check for a /usr dir interpreter used in an init script + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: [% $source %]-sourcing-without-test +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-6) +Description: [% $description %] -- sourcing without test + Test a check for . /etc/default/foo without checking the existence of + the file beforehand. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + +Package: [% $source %]-new-style +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: [% $description %] -- "new style" + New style of init.d. (#919604) + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. diff --git a/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-bugs.init b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-bugs.init new file mode 100644 index 0000000..55305ab --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-bugs.init @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +### BEGIN INIT INFO +# Provides: init.d-general-bugs +# Required-Start: +# Required-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: Do nothing at all +# Description: The short description pretty much covers it. +### END INIT INFO + +# start stop force-reload restart status + +. /lib/lsb/init-functions diff --git a/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-bugs.postinst b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-bugs.postinst new file mode 100644 index 0000000..e3bb515 --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-bugs.postinst @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" = "configure" ] ; then + # duplicate call as debhelper will add one for us + update-rc.d init.d-general-bugs word +fi diff --git a/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-interpreter-in-usr-dir.init b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-interpreter-in-usr-dir.init new file mode 100644 index 0000000..ff7698c --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-interpreter-in-usr-dir.init @@ -0,0 +1,14 @@ +#!/usr/bin/perl -w + +### BEGIN INIT INFO +# Provides: init.d-general-interpreter-in-usr-dir +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO + +printf "start status stop reload restart force-reload\n"; + diff --git a/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-new-style.init b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-new-style.init new file mode 100644 index 0000000..e815337 --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-new-style.init @@ -0,0 +1,31 @@ +#!/usr/bin/env /lib/init/init-d-script +### BEGIN INIT INFO +# Provides: init.d-general-new-style +# Should-Start: $syslog +# Required-Start: $time $local_fs +# Required-Stop: $time +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: init.d-general-new-style +### END INIT INFO +NAME='init.d-general-new-style' +DESC='init.d-general-new-style description here' +DAEMON=/usr/sbin/init.d-general-new-styl + +daemon_ () { /usr/bin/daemon --noconfig --name "${NAME}" "$@"; } +if ! test -x '/usr/bin/daemon' ; then + log_failure_msg "install \`daemon' package to use ${NAME} script" + exit 1 +fi + +do_start_cmd_override () { + daemon_ "${DAEMON}" +} + +do_stop_cmd_override () { + if daemon_ --running ; then + daemon_ --stop + fi +} + +# vim: ft=sh diff --git a/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-sourcing-without-test.init b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-sourcing-without-test.init new file mode 100644 index 0000000..7046ed9 --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general-sourcing-without-test.init @@ -0,0 +1,52 @@ +#!/bin/sh -e + +### BEGIN INIT INFO +# Provides: init.d-general-sourcing-without-test +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO + +echo start stop reload restart force-reload status + +. /lib/lsb/init-functions + +. /etc/default/rcS + +[ ! -f /etc/default/foo ] || . /etc/default/foo + +[ -f /etc/default/bar ] && . /etc/default/bar + +if [ -e /etc/default/locale ]; then + . /etc/default/locale +fi + +if [ -f /etc/default/moo ]; then + . /etc/default/moo +fi + +if [ -r /etc/default/tmpfs ]; then + . /etc/default/tmpfs +fi + +PACKAGE=moo +[ -f /etc/default/$PACKAGE ] && . /etc/default/$PACKAGE + +if [ -f /etc/default/$PACKAGE ]; then + . /etc/default/$PACKAGE +fi + +if test -f /etc/default/$PACKAGE; then + . /etc/default/$PACKAGE +fi + +# This is not sourcing without a test and shouldn't produce an error. +if [ ! -f /etc/default/$PACKAGE ] ; then + # do something else + : +else + . /etc/default/$PACKAGE +fi diff --git a/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general.default b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general.default new file mode 100644 index 0000000..c1d7f21 --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general.default @@ -0,0 +1,17 @@ +ENABLED="false" +ENABLED=false +DISABLED="true" +DISABLED=true +RUN="true" +RUN=true +PREFIXRUN="true" +PREFIXRUN=true + +# ENABLED="false" +# ENABLED=false +# DISABLED="true" +# DISABLED=true +# RUN="true" +# RUN=true +# PREFIXRUN="true" +# PREFIXRUN=true diff --git a/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general.init b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general.init new file mode 100644 index 0000000..b3e8ae7 --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/build-spec/debian/init.d-general.init @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +. /lib/lsb/init-functions + +### BEGIN INIT INFO +# Provides: init.d-general +# Required-Start: +# Required-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: Do nothing at all +# Description: The short description pretty much covers it. +### END INIT INFO + +case "$1" in + start|stop|force-reload|restart|status|*) + echo hello world! + ;; +esac diff --git a/t/recipes/checks/systemd/init.d-general/build-spec/fill-values b/t/recipes/checks/systemd/init.d-general/build-spec/fill-values new file mode 100644 index 0000000..e567c49 --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: init.d-general +Description: Test tags related to the init.d checks diff --git a/t/recipes/checks/systemd/init.d-general/eval/desc b/t/recipes/checks/systemd/init.d-general/eval/desc new file mode 100644 index 0000000..9f2f714 --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/eval/desc @@ -0,0 +1,2 @@ +Testname: init.d-general +Check: systemd diff --git a/t/recipes/checks/systemd/init.d-general/eval/hints b/t/recipes/checks/systemd/init.d-general/eval/hints new file mode 100644 index 0000000..e13be56 --- /dev/null +++ b/t/recipes/checks/systemd/init.d-general/eval/hints @@ -0,0 +1,6 @@ +init.d-general-sourcing-without-test (binary): missing-systemd-service-for-init.d-script init.d-general-sourcing-without-test [etc/init.d/init.d-general-sourcing-without-test] +init.d-general-new-style (binary): missing-systemd-service-for-init.d-script init.d-general-new-style [etc/init.d/init.d-general-new-style] +init.d-general-interpreter-in-usr-dir (binary): missing-systemd-service-for-init.d-script init.d-general-interpreter-in-usr-dir [etc/init.d/init.d-general-interpreter-in-usr-dir] +init.d-general-interpreter-in-usr-dir (binary): init.d-script-does-not-source-init-functions [etc/init.d/init.d-general-interpreter-in-usr-dir] +init.d-general-bugs (binary): missing-systemd-service-for-init.d-script init.d-general-bugs [etc/init.d/init.d-general-bugs] +init.d-general (binary): missing-systemd-service-for-init.d-script init.d-general [etc/init.d/init.d-general] diff --git a/t/recipes/checks/systemd/kill-mode-none/build-spec/debian/service b/t/recipes/checks/systemd/kill-mode-none/build-spec/debian/service new file mode 100644 index 0000000..62e8eda --- /dev/null +++ b/t/recipes/checks/systemd/kill-mode-none/build-spec/debian/service @@ -0,0 +1,13 @@ +[Unit] +After=network.target +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test +PIDFile=/run/$NAME.pid +StandardOutput=null +StandardError=null +KillMode=none + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/kill-mode-none/build-spec/fill-values b/t/recipes/checks/systemd/kill-mode-none/build-spec/fill-values new file mode 100644 index 0000000..0b884f1 --- /dev/null +++ b/t/recipes/checks/systemd/kill-mode-none/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: kill-mode-none +Description: KKillMode=none in systemd service file diff --git a/t/recipes/checks/systemd/kill-mode-none/eval/desc b/t/recipes/checks/systemd/kill-mode-none/eval/desc new file mode 100644 index 0000000..0061a5b --- /dev/null +++ b/t/recipes/checks/systemd/kill-mode-none/eval/desc @@ -0,0 +1,2 @@ +Testname: kill-mode-none +Check: systemd diff --git a/t/recipes/checks/systemd/kill-mode-none/eval/hints b/t/recipes/checks/systemd/kill-mode-none/eval/hints new file mode 100644 index 0000000..2b96e3f --- /dev/null +++ b/t/recipes/checks/systemd/kill-mode-none/eval/hints @@ -0,0 +1,2 @@ +kill-mode-none (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/kill-mode-none.service] +kill-mode-none (binary): kill-mode-none usr/lib/systemd/system/kill-mode-none.service [usr/lib/systemd/system/kill-mode-none.service] diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/changelog.in b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/changelog.in new file mode 100644 index 0000000..935c633 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/changelog.in @@ -0,0 +1,41 @@ +scripts ([% $version %]) [% $distribution %]; urgency=low + + * I'm also not able to write my name. + * Added a script in /etc/Xsession.d + * Bizarre version number courtesy of + https://wiki.ubuntu.com/SecurityUpdateProcedures#Prepare + + -- Mark 'HE' Brokschmitt <he@debian.org> Thu, 23 Jun 2005 14:32:39 +0200 + +scripts (5-1) unstable; urgency=low + + * I'm making a typo in my own name... And I want lintian to warn me about + it. + + -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Sun, 18 Apr 2004 02:26:34 +0200 + +scripts (4-1) unstable; urgency=low + + * Add new example to check that not executable files with a shebang line + called *in don't trigger the script-not-executable warning. + + -- Marc 'HE' Brockschmidt <he@debian.org> Wed, 14 Apr 2004 19:44:04 +0200 + +scripts (3-3) unstable; urgency=low + + * Add suidperlfoo and some code in debian/rules to + check the new suidperl checks + + -- Frank Lichtenheld <djpig@debian.org> Wed, 31 Mar 2004 21:06:20 +0000 + +scripts (2-1) unstable; urgency=low + + * Add tkfoo script for tk checkings + + -- Lintian Maintainers <lintian-maint@debian.org> Sat, 21 Feb 2004 17:13:36 +0100 + +scripts (1-0) unstable; urgency=low + + * Initial version + + -- Lintian Maintainers <lintian-maint@debian.org> Sat, 10 Feb 2001 15:37:31 -0800 diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/control.in b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/control.in new file mode 100644 index 0000000..75a521f --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/control.in @@ -0,0 +1,16 @@ +Source: scripts +Section: interpreters +Priority: optional +Maintainer: Lintian Maintainers <lintian-maint@debian.org> +Uploaders: Jeroen van Wolfelaar <jeroen@wolffelaar.nl>, Marc 'HE' Brockschmidt <he@debian.org> +Build-Depends-Indep: dpatch +Standards-Version: 3.2.1 + +Package: scripts +Architecture: [% $package_architecture %] +Depends: test, ruby1.8, build-essential, libssl0.9.7, php7.0-cli +Recommends: tk8.4 | wish +Description: test lintian's script file checks + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/copyright b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/copyright new file mode 100644 index 0000000..ad8a119 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/copyright @@ -0,0 +1,5 @@ +This file contains the phrase "under the same terms as Perl itself" to +trigger warnings about not having common-licenses references. + +This file contains the phrase "public domain" which should suppress +warnings about no copyright date. diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/00list b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/00list new file mode 100644 index 0000000..3b9d37e --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/00list @@ -0,0 +1,11 @@ +01_not_here_right_now.dpatch + +# some comment +/* some more + elaborate comment + which needs DPATCH_OPTION_CPP=1 + */02_i_dont_have_a_description.patch 03_specified_without_dpatch + +// and again a comment + +04_i_dont_have_a_description_either.patch diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/00list.sparc b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/00list.sparc new file mode 100644 index 0000000..8b47ab3 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/00list.sparc @@ -0,0 +1 @@ +01_some_other_patch_thats_not_in_the_package.dpatch diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/00options b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/00options new file mode 100644 index 0000000..57ffeb6 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/00options @@ -0,0 +1 @@ +DPATCH_OPTION_CPP=1 diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/02_i_dont_have_a_description.patch b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/02_i_dont_have_a_description.patch new file mode 100644 index 0000000..9279c1b --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/02_i_dont_have_a_description.patch @@ -0,0 +1,7 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02_i_dont_have_a_description.patch.dpatch by Marc 'HE' Brockschmidt <Marc 'HE' Brockschmidt <he@debian.org>> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/03_specified_without_dpatch.dpatch b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/03_specified_without_dpatch.dpatch new file mode 100644 index 0000000..8303ac6 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/03_specified_without_dpatch.dpatch @@ -0,0 +1,5 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## All lines beginning with `## DP:' are a description of the patch. +## DP: Listed in 00list without .dpatch suffix. + +@DPATCH@ diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/04_i_dont_have_a_description_either.patch b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/04_i_dont_have_a_description_either.patch new file mode 100644 index 0000000..b603f16 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/patches/04_i_dont_have_a_description_either.patch @@ -0,0 +1,7 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_i_dont_have_a_description_either.patch by Adam D. Barratt <adam@adam-barratt.org.uk> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: + +@DPATCH@ diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/postinst b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/postinst new file mode 100644 index 0000000..7c5baf1 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/postinst @@ -0,0 +1,14 @@ +#!/bin/sh + +if [ -x "/etc/init.d/lsb-broken" ] ; then + update-rc.d lsb-broken defaults >/dev/null +fi +if [ -x "/etc/init.d/no-lsb" ] ; then + update-rc.d no-lsb defaults >/dev/null +fi +if [ -x "/etc/init.d/skeleton" ] ; then + update-rc.d skeleton defaults >/dev/null +fi +if [ -x "/etc/init.d/lsb-other" ] ; then + update-rc.d lsb-other defaults >/dev/null +fi diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/postrm b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/postrm new file mode 100644 index 0000000..8fa75a2 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/postrm @@ -0,0 +1,9 @@ +#!/bin/sh -e + +if [ "$1" = purge ] ; then + update-rc.d lsb-broken remove >/dev/null + update-rc.d no-lsb remove >/dev/null + update-rc.d skeleton remove >/dev/null + update-rc.d lsb-other remove >/dev/null + update-rc.d lsb-other remove >/dev/null +fi diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/preinst b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/preinst new file mode 100644 index 0000000..0799557 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/preinst @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e +set -x + +# +# Some comments here +# + +# This serves as an example of an "empty" script, so +# please do not add any real code here, thank you :) + +#DEBHELPER# + +exit 0 diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/rules b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/rules new file mode 100755 index 0000000..ee3677e --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/rules @@ -0,0 +1,105 @@ +#!/usr/bin/make -f + +tmp=debian/tmp + +build-arch: + echo "Hi, in an arch: all package, I am a bug!" + +build-indep: + +build: build-arch build-indep + +binary-arch: + echo "Hi, in an arch: all package, I am a bug!" + +binary-indep: + install -d $(tmp)/usr/bin/ + install -d $(tmp)/etc/X11/Xsession.d/ + install -d $(tmp)/etc/init.d/ + install -d $(tmp)/etc/csh/login.d/ + install -d $(tmp)/etc/fish.d/ + install -d $(tmp)/usr/share/scripts/ + install -d $(tmp)/usr/share/doc/scripts/ + install -d $(tmp)/usr/lib/cgi-bin + install -d $(tmp)/usr/src/scripts + install -d $(tmp)/DEBIAN + + install -m 755 csh-foo $(tmp)/etc/csh/login.d/ + install -m 755 envfoo $(tmp)/usr/bin/ + install -m 755 fish-foo $(tmp)/etc/fish.d/ + install -m 755 jruby-broken $(tmp)/usr/bin/ + install -m 755 perlfoo $(tmp)/usr/bin/ + install -m 755 rubyfoo $(tmp)/usr/bin/ +# This doesn't use "env" but should also trigger script-in-usr-share-doc + install -m 755 rubyfoo $(tmp)/usr/share/doc/scripts/ + install -m 755 make-foo $(tmp)/usr/bin/ + install -m 755 lefty-foo $(tmp)/usr/bin/ + install -m 4751 perlfoo $(tmp)/usr/bin/suidperlfoo2 + install -m 755 sh-broken $(tmp)/usr/bin/ + install -m 4555 suidperlfoo $(tmp)/usr/bin/ + install -m 755 tkfoo $(tmp)/usr/bin/ + install -m 755 wishfoo $(tmp)/usr/bin/ + install -m 644 xsession-test $(tmp)/etc/X11/Xsession.d/ + +# Permissions here aren't part of what's being tested, but let us exercise +# some other errors. + install -m 755 perl-bizarre-1 $(tmp)/usr/bin/ + install -m 750 perl-bizarre-2 $(tmp)/usr/bin/ + install -m 754 perl-bizarre-3 $(tmp)/usr/bin/ + install -m 705 guile-bizarre $(tmp)/usr/bin/ + +# First one should produce a warning; second one shouldn't. + install -m 755 gccbug.dpatch $(tmp)/usr/share/scripts/ + install -m 755 gccbug.dpatch $(tmp)/usr/src/scripts/ + + install -m 644 init-skeleton $(tmp)/etc/init.d/skeleton + install -m 755 init-no-lsb $(tmp)/etc/init.d/no-lsb + install -m 755 init-lsb-broken $(tmp)/etc/init.d/lsb-broken + install -m 755 init-lsb-other $(tmp)/etc/init.d/lsb-other + + install -m 755 phpfoo $(tmp)/usr/share/scripts/ + sed 's/php$$/php7.0/' phpfoo > $(tmp)/usr/share/scripts/php7.0foo + chmod 755 $(tmp)/usr/share/scripts/php7.0foo + + install -m 755 phpenvfoo $(tmp)/usr/share/scripts/ + sed 's/php$$/php7.0/' phpenvfoo > $(tmp)/usr/share/scripts/php7.0envfoo + chmod 755 $(tmp)/usr/share/scripts/php7.0envfoo + + echo "#!/usr/bin/perl" >> $(tmp)/usr/share/scripts/foobar.in + chmod 644 $(tmp)/usr/share/scripts/foobar.in + + touch $(tmp)/usr/share/scripts/mono.exe + chmod 755 $(tmp)/usr/share/scripts/mono.exe + + echo "#!/bin/sh" > $(tmp)/usr/share/scripts/foo\$$bar + chmod 755 $(tmp)/usr/share/scripts/foo\$$bar + + echo "#!/bin/sh" > $(tmp)/usr/lib/cgi-bin/cgi-script + chmod 755 $(tmp)/usr/lib/cgi-bin/cgi-script + + echo "#!/bin/sh" > $(tmp)/usr/bin/test.sh + chmod 755 $(tmp)/usr/bin/test.sh + + + dh_testroot # dummy to test missing debhelper dependency + + + install -m 644 debian/changelog $(tmp)/usr/share/doc/scripts/changelog.Debian + gzip -n -9 $(tmp)/usr/share/doc/scripts/changelog.Debian + install -m 644 debian/copyright $(tmp)/usr/share/doc/scripts/copyright + + install -m 644 debian/scripts.conffiles $(tmp)/DEBIAN/conffiles + install -m 755 debian/preinst $(tmp)/DEBIAN/preinst + install -m 755 debian/postinst $(tmp)/DEBIAN/postinst + install -m 755 debian/postrm $(tmp)/DEBIAN/postrm + touch $(tmp)/DEBIAN/prerm + chmod 755 $(tmp)/DEBIAN/prerm + dpkg-gencontrol -isp + dpkg --build $(tmp) .. + +binary: binary-arch binary-indep + +clean: + rm -rf debian/files $(tmp) debian/substvars + +.PHONY: build-arch build-indep build binary-arch binary-indep binary clean diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/scripts.conffiles b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/scripts.conffiles new file mode 100644 index 0000000..01a371a --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/scripts.conffiles @@ -0,0 +1,6 @@ +/etc/init.d/lsb-broken +/etc/init.d/lsb-other +/etc/init.d/no-lsb +/etc/X11/Xsession.d/xsession-test +/etc/csh/login.d/csh-foo +/etc/fish.d/fish-foo diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/watch b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/watch new file mode 100644 index 0000000..dba5815 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/debian/watch @@ -0,0 +1,8 @@ +# watch file with upstream version mangling + +version=2 +opts="uversionmangle=s/$/ds/" \ +http://qa.debian.org/watch/sf.php?project=foo scripts\.([\d.]+)\.tar\.gz debian uupdate + +version=3 +http://ftp.sf.net/foo/foo_bar(.+)\.Z 5 uupdate
\ No newline at end of file diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/fill-values b/t/recipes/checks/systemd/legacy-scripts/build-spec/fill-values new file mode 100644 index 0000000..8a68457 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/fill-values @@ -0,0 +1,6 @@ +Testname: legacy-scripts +Source: scripts +Version: 6ds-1ubuntu0.5.10.1 +Package-Architecture: all +Skeleton: upload-non-native +Description: Legacy test "scripts" diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/csh-foo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/csh-foo new file mode 100644 index 0000000..eaf47a1 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/csh-foo @@ -0,0 +1,2 @@ +#! /bin/csh + diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/envfoo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/envfoo new file mode 100755 index 0000000..e005037 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/envfoo @@ -0,0 +1,4 @@ +#! /bin/env python + +if __name__ == '__main__': + print 'Hi there' diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/fish-foo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/fish-foo new file mode 100644 index 0000000..7f59139 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/fish-foo @@ -0,0 +1,2 @@ +#! /usr/bin/fish + diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/gccbug.dpatch b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/gccbug.dpatch new file mode 100755 index 0000000..65cbf37 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/gccbug.dpatch @@ -0,0 +1,39 @@ +#! /bin/sh -e + +# DP: Use sensible-editor instead of vi as fallback editor + +# Taken from gcc-4.1-source. Chokes bash -n (due to the patch) despite being +# a valid dpatch, so don't warn about it if it's in /usr/src. + +dir= +if [ $# -eq 3 -a "$2" = '-d' ]; then + pdir="-d $3" + dir="$3/" +elif [ $# -ne 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) + patch $pdir -f --no-backup-if-mismatch -p0 < $0 + ;; + -unpatch) + patch $pdir -f --no-backup-if-mismatch -R -p0 < $0 + ;; + *) + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +esac +exit 0 + +--- gcc/gccbug.in~ 2003-03-01 00:51:42.000000000 +0100 ++++ gcc/gccbug.in 2003-03-02 12:08:36.000000000 +0100 +@@ -134,7 +134,7 @@ + # If they don't have a preferred editor set, then use + if [ -z "$VISUAL" ]; then + if [ -z "$EDITOR" ]; then +- EDIT=vi ++ EDIT=/usr/bin/sensible-editor + else + EDIT="$EDITOR" + fi diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/guile-bizarre b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/guile-bizarre new file mode 100644 index 0000000..70e2c74 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/guile-bizarre @@ -0,0 +1,6 @@ +#! /bin/sh +# -*- scheme -*- +exec guile -s $0 $* +# Seen in the wild as build-guile-gtk in libguilegtk-1.2-dev (0.31-5.1) +# Tests script_is_evil_and_wrong +!# diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-lsb-broken b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-lsb-broken new file mode 100644 index 0000000..e4dfa92 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-lsb-broken @@ -0,0 +1,34 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: bad-lsb +# Required-Start: $local_fs $remote_fs +# Required-Stop: +# Default-Start: 1 2 3 4 5 +# Default-Stop: S 0 1 6 X +# Short-Description: Example Lintian initscript +# but this can't be continued +# Description: An example of a bad LSB section in an init script. +# This continuation is allowed (with spaces). +# This one is too (with tabs). +# X-Debian-Foo: Some unknown but valid keyword. +# Foo: Some invalid keyword. + +# Whoops, no terminating line. + +# And then we have this duplicate section. +### BEGIN INIT INFO +# Required-Start: This one doesn't count. +### END INIT INFO + +# Hey, look at all of those missing actions! But stop isn't missing. +case "$1" in + start|stop) + echo "Blah" + ;; + *) + echo "Usage: foo start" >&2 + exit 3 + ;; +esac + +: diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-lsb-other b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-lsb-other new file mode 100644 index 0000000..adb4795 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-lsb-other @@ -0,0 +1,22 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: lsb-other +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Description: This is another LSB script test, which has a missing +# Short-Description. +### END INIT INFO + +case "$1" in + start|stop|restart|reload|force-reload) + echo "Blah" + ;; + *) + echo "Usage: foo start" >&2 + exit 3 + ;; +esac + +: diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-no-lsb b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-no-lsb new file mode 100644 index 0000000..6b994dd --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-no-lsb @@ -0,0 +1,17 @@ +#! /bin/sh +# No LSB section, but otherwise okay. (Well, the messages are bad, but we +# don't check that yet.) + +case "$1" in + start) + echo "Blah starting" + ;; + stop) + echo "Blah stopping" + ;; + restart|force-reload) + echo "Blah restarting" + ;; +esac + +: diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-skeleton b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-skeleton new file mode 100644 index 0000000..c868508 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/init-skeleton @@ -0,0 +1,150 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: skeleton +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: S 0 1 6 +# Short-Description: Example Lintian initscript +# Description: This file should be used to construct scripts to be +# placed in /etc/init.d. +### END INIT INFO + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/usr/sbin:/usr/bin:/sbin:/bin +DESC="Description of the service" +NAME=daemonexecutablename +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--options args" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +[ -f /etc/default/rcS ] && . /etc/default/rcS + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/jruby-broken b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/jruby-broken new file mode 100644 index 0000000..56f574d --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/jruby-broken @@ -0,0 +1,2 @@ +#!/usr/bin/jruby +# There's no non-versioned jruby, so this should be an error. diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/lefty-foo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/lefty-foo new file mode 100644 index 0000000..52c003e --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/lefty-foo @@ -0,0 +1,2 @@ +#!/usr/local/bin/lefty + diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/make-foo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/make-foo new file mode 100644 index 0000000..6b787b5 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/make-foo @@ -0,0 +1,3 @@ +#!/usr/bin/make + + diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perl-bizarre-1 b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perl-bizarre-1 new file mode 100644 index 0000000..fc632c8 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perl-bizarre-1 @@ -0,0 +1,11 @@ +#! /bin/sh +eval '(exit $?0)' && eval 'PERL_BADLANG=x;export PERL_BADLANG;: \ +;exec perl -x -S -- "$0" ${1+"$@"};#'if 0; +eval 'setenv PERL_BADLANG x;exec perl -x -S -- "$0" $argv:q;#'.q+ +#!perl -w +package Htex::a2ping; $0=~/(.*)/s;unshift@INC,'.';do($1);die$@if$@;__END__+if !1; +# This Perl script was generated by JustLib2 at Wed Apr 23 09:14:13 2003. +# Don't touch/remove any lines above; http://www.inf.bme.hu/~pts/justlib + +# The above was actually seen in the wild and stresses the +# script_is_evil_and_wrong test. diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perl-bizarre-2 b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perl-bizarre-2 new file mode 100644 index 0000000..afd9cfe --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perl-bizarre-2 @@ -0,0 +1,7 @@ +#!/bin/sh +eval 'exec /usr/bin/perl -wS $0 ${1+"$@"}' + if $running_under_some_shell; + +# I'm someone following perlrun except without using the Perl #! line. +# Now something to choke bash. +while (<>) { if (/%#/) { print } } diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perl-bizarre-3 b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perl-bizarre-3 new file mode 100644 index 0000000..44baf75 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perl-bizarre-3 @@ -0,0 +1,6 @@ +eval '(exit $?0)' && eval 'exec perl -wS $0 ${1+"$@"}' +& eval 'exec /usr/bin/perl -wS $0 $argv:q' + if $running_under_some_shell; + +# More utterly bizarreness from perlrun. This one even doesn't work if +# there's a valid #! line on the first line. I don't understand why.... diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perlfoo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perlfoo new file mode 100644 index 0000000..5b27ed0 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/perlfoo @@ -0,0 +1,3 @@ +#! /usr/bin/perl + +print "Hello, World!"; diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/phpenvfoo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/phpenvfoo new file mode 100644 index 0000000..cbbfb2e --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/phpenvfoo @@ -0,0 +1,7 @@ +#!/usr/bin/env php +<html> +<head> +<title>Dumb PHP script</title> +</head> +<body><? print(Date("l F d, Y")); ?></body> +</html> diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/phpfoo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/phpfoo new file mode 100644 index 0000000..e0595e6 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/phpfoo @@ -0,0 +1,7 @@ +#!/usr/bin/php +<html> +<head> +<title>Dumb PHP script</title> +</head> +<body><? print(Date("l F d, Y")); ?></body> +</html> diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/rubyfoo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/rubyfoo new file mode 100644 index 0000000..8024605 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/rubyfoo @@ -0,0 +1,4 @@ +#!/bin/ruby1.8 + +# Ok, that example is really pathetic, but until we have +# some better code in checks/scripts, it will do diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/sh-broken b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/sh-broken new file mode 100644 index 0000000..7b79074 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/sh-broken @@ -0,0 +1,2 @@ +#!/bin/sh +if fi diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/suidperlfoo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/suidperlfoo new file mode 100644 index 0000000..bcbc471 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/suidperlfoo @@ -0,0 +1,3 @@ +#! /usr/bin/suidperl + +print "Hello, World!"; diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/tkfoo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/tkfoo new file mode 100755 index 0000000..533595a --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/tkfoo @@ -0,0 +1,31 @@ +#!/bin/sh +# +# Insane amount of empty lines and comments + +# +# +# +# + +# +# + +# +# +# + +# +# + +# +# This line makes the next one a comment in Tcl \ +exec wish "$0" -- ${1+"$@"} + +# lintian should not check the following for syntax +# if it detects the line above correctly +# Code snippet taken from eTkTab + +if { [array names prefs keybindings] != "" } { + # Read in the file + array set unparsed_bindings [ read_settings_file $prefs(keybindings)] +} diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/wishfoo b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/wishfoo new file mode 100644 index 0000000..035c9ad --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/wishfoo @@ -0,0 +1,4 @@ +#!/usr/bin/wish +# +# This is not actually a wish script, here to force a test of wish +# dependencies. diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/xsession-test b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/xsession-test new file mode 100644 index 0000000..ca49d72 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/orig/xsession-test @@ -0,0 +1,3 @@ +#!/bin/sh + +echo "Foo." diff --git a/t/recipes/checks/systemd/legacy-scripts/build-spec/pre-build b/t/recipes/checks/systemd/legacy-scripts/build-spec/pre-build new file mode 100755 index 0000000..b5649a8 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/build-spec/pre-build @@ -0,0 +1,5 @@ +#!/bin/sh + +DIR="$1" + +rm -f "$DIR/debian/compat" diff --git a/t/recipes/checks/systemd/legacy-scripts/eval/desc b/t/recipes/checks/systemd/legacy-scripts/eval/desc new file mode 100644 index 0000000..32e5996 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/eval/desc @@ -0,0 +1,2 @@ +Testname: legacy-scripts +Check: systemd diff --git a/t/recipes/checks/systemd/legacy-scripts/eval/hints b/t/recipes/checks/systemd/legacy-scripts/eval/hints new file mode 100644 index 0000000..5351e04 --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/eval/hints @@ -0,0 +1,6 @@ +scripts (binary): missing-systemd-service-for-init.d-script no-lsb [etc/init.d/no-lsb] +scripts (binary): missing-systemd-service-for-init.d-script lsb-other [etc/init.d/lsb-other] +scripts (binary): missing-systemd-service-for-init.d-script lsb-broken [etc/init.d/lsb-broken] +scripts (binary): init.d-script-does-not-source-init-functions [etc/init.d/no-lsb] +scripts (binary): init.d-script-does-not-source-init-functions [etc/init.d/lsb-other] +scripts (binary): init.d-script-does-not-source-init-functions [etc/init.d/lsb-broken] diff --git a/t/recipes/checks/systemd/legacy-scripts/eval/post-test b/t/recipes/checks/systemd/legacy-scripts/eval/post-test new file mode 100644 index 0000000..faeef0b --- /dev/null +++ b/t/recipes/checks/systemd/legacy-scripts/eval/post-test @@ -0,0 +1 @@ +s/\(current is ([0-9]+\.)+[0-9]\)/(current is CURRENT)/ diff --git a/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/debian/control.in b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/debian/control.in new file mode 100644 index 0000000..ecbbc46 --- /dev/null +++ b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/debian/control.in @@ -0,0 +1,30 @@ +Source: [% $source %] +Priority: optional +Section: [% $section %] +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: no + +Package: [% $source %]-with +Architecture: [% $package_architecture %] +Depends: ${misc:Depends} +Pre-Depends: init-system-helpers (>= 1.54~) +Description: [% $description %] (with) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + This package has the dependency. + +Package: [% $source %]-without +Architecture: [% $package_architecture %] +Depends: ${misc:Depends} +Description: [% $description %] (without) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + This package is missing the dependency. diff --git a/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/debian/scripts-skip-systemd-native-with.postinst b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/debian/scripts-skip-systemd-native-with.postinst new file mode 100644 index 0000000..732f9fc --- /dev/null +++ b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/debian/scripts-skip-systemd-native-with.postinst @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +invoke-rc.d +invoke-rc.d --skip-systemd-native + +exit 0 diff --git a/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/debian/scripts-skip-systemd-native-without.postinst b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/debian/scripts-skip-systemd-native-without.postinst new file mode 100644 index 0000000..732f9fc --- /dev/null +++ b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/debian/scripts-skip-systemd-native-without.postinst @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +invoke-rc.d +invoke-rc.d --skip-systemd-native + +exit 0 diff --git a/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/fill-values b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/fill-values new file mode 100644 index 0000000..06a0533 --- /dev/null +++ b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: scripts-skip-systemd-native +Description: Test for packages that use --skip-systemd-native diff --git a/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/eval/desc b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/eval/desc new file mode 100644 index 0000000..e52ad20 --- /dev/null +++ b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/eval/desc @@ -0,0 +1,2 @@ +Testname: scripts-skip-systemd-native +Check: systemd/native/prerequisites diff --git a/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/eval/hints b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/eval/hints new file mode 100644 index 0000000..a40a9d1 --- /dev/null +++ b/t/recipes/checks/systemd/native/prerequisites/scripts-skip-systemd-native/eval/hints @@ -0,0 +1 @@ +scripts-skip-systemd-native-without (binary): skip-systemd-native-flag-missing-pre-depends (does not satisfy init-system-helpers:any) [postinst:8] diff --git a/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/control.in b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/control.in new file mode 100644 index 0000000..680c2f2 --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/control.in @@ -0,0 +1,18 @@ +Source: [% $source %] +Priority: [% $priority %] +Section: [% $section %] +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: [% $rules_requires_root %] +Homepage: [% $homepage %] + +Package: [% $source %] +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base +Description: [% $description %] + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. diff --git a/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/init b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/init new file mode 100644 index 0000000..54cb8b1 --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/init @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +. /lib/lsb/init-functions + +### BEGIN INIT INFO +# Provides: no-systemd-service-for-init-script +# Required-Start: +# Required-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: Do nothing at all +# Description: The short description pretty much covers it. +### END INIT INFO + +case "$1" in + start|stop|force-reload|restart|status|*) + echo hello world! + ;; +esac diff --git a/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/no-systemd-service-for-init-script.other.init b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/no-systemd-service-for-init-script.other.init new file mode 100644 index 0000000..217ea92 --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/no-systemd-service-for-init-script.other.init @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +. /lib/lsb/init-functions + +### BEGIN INIT INFO +# Provides: other +# Required-Start: +# Required-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: Do nothing at all +# Description: The short description pretty much covers it. +### END INIT INFO + +case "$1" in + start|stop|force-reload|restart|status|*) + echo hello world! + ;; +esac diff --git a/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/no-systemd-service-for-init-script.service b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/no-systemd-service-for-init-script.service new file mode 100644 index 0000000..7972526 --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/no-systemd-service-for-init-script.service @@ -0,0 +1,9 @@ +[Unit] +After=network.target +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/rules b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/rules new file mode 100755 index 0000000..d49d149 --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/debian/rules @@ -0,0 +1,17 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +override_dh_installinit: + dh_installinit + dh_installinit --name=other + +# In Ubuntu, dh does not catch this file by default. +# They have diffed it to reduce the size of packages. +ifneq (,$(strip $(wildcard Changes))) +override_dh_installchangelogs: + dh_installchangelogs Changes +endif diff --git a/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/fill-values b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/fill-values new file mode 100644 index 0000000..7f48d70 --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-service-for-init-script/build-spec/fill-values @@ -0,0 +1,3 @@ +Testname: no-systemd-service-for-init-script +Skeleton: upload-native +Description: Test package with init.d script but no systemd service file diff --git a/t/recipes/checks/systemd/no-systemd-service-for-init-script/eval/desc b/t/recipes/checks/systemd/no-systemd-service-for-init-script/eval/desc new file mode 100644 index 0000000..11df1f6 --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-service-for-init-script/eval/desc @@ -0,0 +1,2 @@ +Testname: no-systemd-service-for-init-script +Check: systemd diff --git a/t/recipes/checks/systemd/no-systemd-service-for-init-script/eval/hints b/t/recipes/checks/systemd/no-systemd-service-for-init-script/eval/hints new file mode 100644 index 0000000..64d8d8f --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-service-for-init-script/eval/hints @@ -0,0 +1,2 @@ +no-systemd-service-for-init-script (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/no-systemd-service-for-init-script.service] +no-systemd-service-for-init-script (binary): omitted-systemd-service-for-init.d-script other [etc/init.d/other] diff --git a/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/build-spec/debian/rules b/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/build-spec/debian/rules new file mode 100755 index 0000000..7e0203d --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/build-spec/debian/rules @@ -0,0 +1,10 @@ +#!/usr/bin/make -f + +%: + dh $@ + +override_dh_installcron: + set -e; for X in daily weekly monthly hourly; do \ + echo "#!/bin/sh\n\nexit 0" > debian/$(shell dh_listpackages).cron.$$X; \ + done + dh_installcron diff --git a/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/build-spec/fill-values b/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/build-spec/fill-values new file mode 100644 index 0000000..0d73f04 --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/build-spec/fill-values @@ -0,0 +1,3 @@ +Testname: no-systemd-timer-for-cron-script +Skeleton: upload-native +Description: Test package with cron scripts but no systemd timer file diff --git a/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/eval/desc b/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/eval/desc new file mode 100644 index 0000000..b720e7f --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/eval/desc @@ -0,0 +1,2 @@ +Testname: no-systemd-timer-for-cron-script +Check: systemd diff --git a/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/eval/hints b/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/eval/hints new file mode 100644 index 0000000..db8c71b --- /dev/null +++ b/t/recipes/checks/systemd/no-systemd-timer-for-cron-script/eval/hints @@ -0,0 +1,4 @@ +no-systemd-timer-for-cron-script (binary): missing-systemd-timer-for-cron-script [etc/cron.weekly/no-systemd-timer-for-cron-script] +no-systemd-timer-for-cron-script (binary): missing-systemd-timer-for-cron-script [etc/cron.monthly/no-systemd-timer-for-cron-script] +no-systemd-timer-for-cron-script (binary): missing-systemd-timer-for-cron-script [etc/cron.hourly/no-systemd-timer-for-cron-script] +no-systemd-timer-for-cron-script (binary): missing-systemd-timer-for-cron-script [etc/cron.daily/no-systemd-timer-for-cron-script] diff --git a/t/recipes/checks/systemd/service-file-no-install-key/build-spec/debian/install b/t/recipes/checks/systemd/service-file-no-install-key/build-spec/debian/install new file mode 100644 index 0000000..67712f2 --- /dev/null +++ b/t/recipes/checks/systemd/service-file-no-install-key/build-spec/debian/install @@ -0,0 +1 @@ +debian/no-install.service usr/lib/systemd/system/ diff --git a/t/recipes/checks/systemd/service-file-no-install-key/build-spec/debian/no-install.service b/t/recipes/checks/systemd/service-file-no-install-key/build-spec/debian/no-install.service new file mode 100644 index 0000000..80468ef --- /dev/null +++ b/t/recipes/checks/systemd/service-file-no-install-key/build-spec/debian/no-install.service @@ -0,0 +1,8 @@ +[Unit] +Documentation=https://www.freedesktop.org/wiki/Software/dbus/ + +[Service] +ExecStart=/usr/bin/test +PrivateNetwork=yes + +[Install] diff --git a/t/recipes/checks/systemd/service-file-no-install-key/build-spec/fill-values b/t/recipes/checks/systemd/service-file-no-install-key/build-spec/fill-values new file mode 100644 index 0000000..9cbed20 --- /dev/null +++ b/t/recipes/checks/systemd/service-file-no-install-key/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: service-file-no-install-key +Description: Service file lacks the required Install key diff --git a/t/recipes/checks/systemd/service-file-no-install-key/eval/desc b/t/recipes/checks/systemd/service-file-no-install-key/eval/desc new file mode 100644 index 0000000..d6651f0 --- /dev/null +++ b/t/recipes/checks/systemd/service-file-no-install-key/eval/desc @@ -0,0 +1,2 @@ +Testname: service-file-no-install-key +Check: systemd diff --git a/t/recipes/checks/systemd/service-file-no-install-key/eval/hints b/t/recipes/checks/systemd/service-file-no-install-key/eval/hints new file mode 100644 index 0000000..65448a8 --- /dev/null +++ b/t/recipes/checks/systemd/service-file-no-install-key/eval/hints @@ -0,0 +1 @@ +service-file-no-install-key (binary): systemd-service-file-missing-install-key [usr/lib/systemd/system/no-install.service] diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/install b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/install new file mode 100644 index 0000000..41c700e --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/install @@ -0,0 +1,6 @@ +debian/test.service usr/lib/systemd/system/ +debian/test2.service usr/lib/systemd/system/ +debian/test3.service usr/lib/systemd/system/ +debian/test4.service usr/lib/systemd/system/ +debian/test5.service usr/lib/systemd/system/ +debian/test@.service usr/lib/systemd/system/ diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test.service b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test.service new file mode 100644 index 0000000..60f401a --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test.service @@ -0,0 +1,9 @@ +[Unit] +After=dbus.target +Documentation=https://www.freedesktop.org/wiki/Software/dbus/ + +[Service] +ExecStart=/usr/bin/test + +[Install] +RequiredBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test2.service b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test2.service new file mode 100644 index 0000000..d98eb9f --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test2.service @@ -0,0 +1,4 @@ +[Unit] +After= +After=syslog.target +Documentation=https://www.freedesktop.org/wiki/Software/dbus/ diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test3.service b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test3.service new file mode 100644 index 0000000..88e5f4e --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test3.service @@ -0,0 +1,6 @@ +[Unit] +After= +After = syslog.target + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test4.service b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test4.service new file mode 100644 index 0000000..d63a719 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test4.service @@ -0,0 +1,8 @@ +[Unit] +Documentation=https://www.example.com/ + +[Service] +ExecStart=/usr/bin/test + +[Install] +Also=test3 diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test5.service b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test5.service new file mode 100644 index 0000000..d26713a --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test5.service @@ -0,0 +1,11 @@ +[Unit] +Documentation=https://www.example.com/ + +[Service] +Type=oneshot +ExecStart=/etc/init.d/test5 start +ExecStartPre=/etc/init.d/test5 start-pre +ExecStartPost=/etc/init.d/test5 start-post +ExecReload=/etc/init.d/test5 reload +ExecStop=/etc/init.d/test5 stop +ExecStopPost=/etc/init.d/test5 stop-post diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test@.service b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test@.service new file mode 100644 index 0000000..d54ea5d --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/debian/test@.service @@ -0,0 +1,5 @@ +[Unit] +Documentation=https://www.example.com/ + +[Service] +ExecStart=/usr/bin/test diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/fill-values b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/fill-values new file mode 100644 index 0000000..dad1cdf --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: systemd-complex-service-file +Dh-Compat-Level: 9 +Description: Long ago tested the dropped .include directive; now another general purpose test diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/eval/desc b/t/recipes/checks/systemd/systemd-complex-service-file/eval/desc new file mode 100644 index 0000000..1482531 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/eval/desc @@ -0,0 +1,2 @@ +Testname: systemd-complex-service-file +Check: systemd diff --git a/t/recipes/checks/systemd/systemd-complex-service-file/eval/hints b/t/recipes/checks/systemd/systemd-complex-service-file/eval/hints new file mode 100644 index 0000000..de49b8d --- /dev/null +++ b/t/recipes/checks/systemd/systemd-complex-service-file/eval/hints @@ -0,0 +1,15 @@ +systemd-complex-service-file (binary): systemd-service-file-wraps-init-script ExecStopPost [usr/lib/systemd/system/test5.service] +systemd-complex-service-file (binary): systemd-service-file-wraps-init-script ExecStop [usr/lib/systemd/system/test5.service] +systemd-complex-service-file (binary): systemd-service-file-wraps-init-script ExecStartPre [usr/lib/systemd/system/test5.service] +systemd-complex-service-file (binary): systemd-service-file-wraps-init-script ExecStartPost [usr/lib/systemd/system/test5.service] +systemd-complex-service-file (binary): systemd-service-file-wraps-init-script ExecStart [usr/lib/systemd/system/test5.service] +systemd-complex-service-file (binary): systemd-service-file-wraps-init-script ExecReload [usr/lib/systemd/system/test5.service] +systemd-complex-service-file (binary): systemd-service-file-refers-to-obsolete-target syslog.target [usr/lib/systemd/system/test2.service] +systemd-complex-service-file (binary): systemd-service-file-refers-to-obsolete-target dbus.target [usr/lib/systemd/system/test.service] +systemd-complex-service-file (binary): systemd-service-file-missing-install-key [usr/lib/systemd/system/test2.service] +systemd-complex-service-file (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/test@.service] +systemd-complex-service-file (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/test4.service] +systemd-complex-service-file (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/test3.service] +systemd-complex-service-file (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/test2.service] +systemd-complex-service-file (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/test.service] +systemd-complex-service-file (binary): systemd-service-file-missing-documentation-key [usr/lib/systemd/system/test3.service] diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/bootmisc.sh b/t/recipes/checks/systemd/systemd-general/build-spec/debian/bootmisc.sh new file mode 100755 index 0000000..5c73683 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/bootmisc.sh @@ -0,0 +1,59 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: bootmisc +# Required-Start: $remote_fs +# Required-Stop: +# Should-Start: udev +# Default-Start: S +# Default-Stop: +# Short-Description: Miscellaneous things to be done during bootup. +# Description: Some cleanup. Note, it need to run after mountnfs-bootclean.sh. +### END INIT INFO + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +[ "$DELAYLOGIN" ] || DELAYLOGIN=yes +. /lib/init/vars.sh + +do_start () { + # + # If login delaying is enabled then create the flag file + # which prevents logins before startup is complete + # + case "$DELAYLOGIN" in + Y*|y*) + echo "System bootup in progress - please wait" > /var/lib/initscripts/nologin + ;; + esac + + # Create /var/run/utmp so we can login. + : > /var/run/utmp + if grep -q ^utmp: /etc/group + then + chmod 664 /var/run/utmp + chgrp utmp /var/run/utmp + fi + + # Remove bootclean's flag files. + # Don't run bootclean again after this! + rm -f /tmp/.clean /run/.clean /run/lock/.clean + rm -f /tmp/.tmpfs /run/.tmpfs /run/lock/.tmpfs +} + +case "$1" in + start|"") + do_start + ;; + restart|reload|force-reload) + echo "Error: argument '$1' not supported" >&2 + exit 3 + ;; + stop|status) + # No-op + ;; + *) + echo "Usage: bootmisc.sh [start|stop]" >&2 + exit 3 + ;; +esac + +: diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/init b/t/recipes/checks/systemd/systemd-general/build-spec/debian/init new file mode 100644 index 0000000..96f6ed2 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/init @@ -0,0 +1,153 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: systemd-general +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: S 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Example Lintian initscript +# Description: This file should be used to construct scripts to be +# placed in /etc/init.d. +### END INIT INFO + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Description of the service" +NAME=daemonexecutablename +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--options args" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/install b/t/recipes/checks/systemd/systemd-general/build-spec/debian/install new file mode 100644 index 0000000..eb4680b --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/install @@ -0,0 +1,3 @@ +debian/systemd-general.test.service etc/systemd/system/ +debian/systemd-general.test.service usr/lib/systemd/system/ +debian/test.conf etc/tmpfiles.d/ diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/links b/t/recipes/checks/systemd/systemd-general/build-spec/debian/links new file mode 100644 index 0000000..c022cff --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/links @@ -0,0 +1 @@ +/dev/null /lib/systemd/system/masked.service diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/postrm b/t/recipes/checks/systemd/systemd-general/build-spec/debian/postrm new file mode 100644 index 0000000..6e5813a --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/postrm @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +if [ "$1" = "purge" ] && which systemctl >/dev/null 2>&1; then + systemctl || true +fi + +#DEBHELPER# + diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/rules b/t/recipes/checks/systemd/systemd-general/build-spec/debian/rules new file mode 100644 index 0000000..68b3e30 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/rules @@ -0,0 +1,30 @@ +#!/usr/bin/make -f + +ETC_DIR=debian/$(shell dh_listpackages)/etc/ +INITD_DIR=$(ETC_DIR)/init.d +SYSD_DIR=$(ETC_DIR)/systemd/system + +%: + dh $@ + +override_dh_install: + dh_install + install -m 0755 -d $(INITD_DIR) $(SYSD_DIR) + mkfifo $(INITD_DIR)/fifo-pipe-as-init + mkfifo $(SYSD_DIR)/fifo-pipe-as-init.service + install -m 0755 debian/bootmisc.sh $(INITD_DIR) + install -m 0755 debian/systemd-general.masked.init $(INITD_DIR)/masked + touch $(INITD_DIR)/README + +override_dh_fixperms: + dh_fixperms + chmod -x $(INITD_DIR)/README + +override_dh_installinit: + dh_installinit + dh_installinit --name systemd-aliasd + dh_installinit --name sourced.sh + +override_dh_installsystemd: + dh_installsystemd + dh_installsystemd --name sourced diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.masked.init b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.masked.init new file mode 100644 index 0000000..b884a82 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.masked.init @@ -0,0 +1,22 @@ +#!/bin/sh +# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. +if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then + set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script +fi +### BEGIN INIT INFO +# Provides: masked +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Example Lintian initscript +# Description: This file should be used to construct scripts to be +# placed in /etc/init.d. This example start a +# single forking daemon capable of writing a pid +# file. To get other behaviors, implement +# do_start(), do_stop() or other functions to +# override the defaults in /lib/init/init-d-script. +### END INIT INFO + +DESC="Description of the service" +DAEMON=/usr/sbin/daemonexecutablename diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.sourced.service b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.sourced.service new file mode 100644 index 0000000..f3775af --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.sourced.service @@ -0,0 +1,9 @@ +[Unit] +After=network.target +Documentation=man:sourced(1) + +[Service] +ExecStart=/usr/bin/test + +[Install] +WantedBy=sleep.target diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.sourced.sh.init b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.sourced.sh.init new file mode 100644 index 0000000..6657c99 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.sourced.sh.init @@ -0,0 +1,22 @@ +#!/bin/sh +# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. +if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then + set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script +fi +### BEGIN INIT INFO +# Provides: sourced +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Example Lintian initscript +# Description: This file should be used to construct scripts to be +# placed in /etc/init.d. This example start a +# single forking daemon capable of writing a pid +# file. To get other behaviors, implement +# do_start(), do_stop() or other functions to +# override the defaults in /lib/init/init-d-script. +### END INIT INFO + +DESC="Description of the service" +DAEMON=/usr/sbin/daemonexecutablename diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.systemd-aliasd.init b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.systemd-aliasd.init new file mode 100644 index 0000000..95e791c --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.systemd-aliasd.init @@ -0,0 +1,152 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: systemd-aliasd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Example Lintian initscript +# Description: This file should be used to construct scripts to be +# placed in /etc/init.d. +### END INIT INFO + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Description of the service" +NAME=daemonexecutablename +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--options args" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +. /lib/lsb/init-functionsh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.test.service b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.test.service new file mode 100644 index 0000000..a456a3d --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/systemd-general.test.service @@ -0,0 +1,13 @@ +[Unit] +After=network.target \ +syslog.target +BindTo=foo + +[Service] +ExecStartPre = /bin/true +ExecStart=/usr/bin/test + +[Install] +WantedBy=multi-user.target unusual.target +Alias=systemd-aliasd.service +Alias=anothertest diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/debian/test.conf b/t/recipes/checks/systemd/systemd-general/build-spec/debian/test.conf new file mode 100644 index 0000000..b0c4604 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/debian/test.conf @@ -0,0 +1,2 @@ +# See tmpfiles.d(5) for details +d /var/run/bacula 2775 bacula bacula - diff --git a/t/recipes/checks/systemd/systemd-general/build-spec/fill-values b/t/recipes/checks/systemd/systemd-general/build-spec/fill-values new file mode 100644 index 0000000..eee4826 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: systemd-general +Description: General systemd tests diff --git a/t/recipes/checks/systemd/systemd-general/eval/desc b/t/recipes/checks/systemd/systemd-general/eval/desc new file mode 100644 index 0000000..ea97618 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/eval/desc @@ -0,0 +1,4 @@ +Testname: systemd-general +Test-Against: + omitted-systemd-service-for-init.d-script +Check: systemd diff --git a/t/recipes/checks/systemd/systemd-general/eval/hints b/t/recipes/checks/systemd/systemd-general/eval/hints new file mode 100644 index 0000000..fee5413 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-general/eval/hints @@ -0,0 +1,19 @@ +systemd-general (binary): systemd-service-in-odd-location [etc/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-in-odd-location [etc/systemd/system/fifo-pipe-as-init.service] +systemd-general (binary): systemd-service-file-refers-to-unusual-wantedby-target unusual.target [usr/lib/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-file-refers-to-unusual-wantedby-target unusual.target [etc/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-file-refers-to-obsolete-target syslog.target [usr/lib/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-file-refers-to-obsolete-target syslog.target [etc/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-file-refers-to-obsolete-bindto [usr/lib/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-file-refers-to-obsolete-bindto [etc/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-file-missing-hardening-features [etc/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-file-missing-documentation-key [usr/lib/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-file-missing-documentation-key [etc/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-alias-without-extension [usr/lib/systemd/system/systemd-general.test.service] +systemd-general (binary): systemd-service-alias-without-extension [etc/systemd/system/systemd-general.test.service] +systemd-general (binary): service-file-is-not-a-file [etc/systemd/system/fifo-pipe-as-init.service] +systemd-general (binary): missing-systemd-service-for-init.d-rcS-script systemd-general [etc/init.d/systemd-general] +systemd-general (binary): init.d-script-does-not-source-init-functions [etc/init.d/systemd-general] +systemd-general (binary): init.d-script-does-not-source-init-functions [etc/init.d/bootmisc.sh] +systemd-general (binary): init-script-is-not-a-file [etc/init.d/fifo-pipe-as-init] diff --git a/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/control.in b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/control.in new file mode 100644 index 0000000..1b8c645 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/control.in @@ -0,0 +1,55 @@ +Source: [% $source %] +Priority: optional +Section: [% $section %] +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: no + +Package: [% $source %]-with +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, lsb-base (>= 3.0-6) +Description: [% $description %] - with .service file + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + This package has a .service file for its initscript. + +Package: [% $source %]-template +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, lsb-base (>= 3.0-6) +Description: [% $description %] - with @.service template file + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + This package has a @.service template file for its initscript. + +Package: [% $source %]-without +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, lsb-base (>= 3.0-6) +Description: [% $description %] - without .service file + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + This package does not have a .service file for its initscript. + +Package: [% $source %]-without-rcs +Architecture: [% $package_architecture %] +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, lsb-base (>= 3.0-6) +Description: [% $description %] - rcS script without .service file + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + This package does not have a .service file for its rcS initscript. diff --git a/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-template.init b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-template.init new file mode 100644 index 0000000..022b722 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-template.init @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +. /lib/lsb/init-functions + +### BEGIN INIT INFO +# Provides: systemd-missing-services-template +# Required-Start: +# Required-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: Do nothing at all +# Description: The short description pretty much covers it. +### END INIT INFO + +case "$1" in + start|stop|force-reload|restart|status|*) + echo hello world! + ;; +esac diff --git a/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-template@.service b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-template@.service new file mode 100644 index 0000000..01dc11d --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-template@.service @@ -0,0 +1,11 @@ +[Unit] +After=network.target +Description=Test %I +Documentation=https://example.com/%i/ + +[Service] +ExecStart=/bin/test %i +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-with.init b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-with.init new file mode 100644 index 0000000..cfecc36 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-with.init @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +. /lib/lsb/init-functions + +### BEGIN INIT INFO +# Provides: systemd-missing-services-with +# Required-Start: +# Required-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: Do nothing at all +# Description: The short description pretty much covers it. +### END INIT INFO + +case "$1" in + start|stop|force-reload|restart|status|*) + echo hello world! + ;; +esac diff --git a/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-with.service b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-with.service new file mode 100644 index 0000000..7972526 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-with.service @@ -0,0 +1,9 @@ +[Unit] +After=network.target +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-without-rcs.init b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-without-rcs.init new file mode 100644 index 0000000..2f93d19 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-without-rcs.init @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +. /lib/lsb/init-functions + +### BEGIN INIT INFO +# Provides: systemd-missing-services-without-rcs +# Required-Start: +# Required-Stop: +# Default-Start: S 2 3 4 5 +# Default-Stop: +# Short-Description: Do nothing at all +# Description: The short description pretty much covers it. +### END INIT INFO + +case "$1" in + start|stop|force-reload|restart|status|*) + echo hello world! + ;; +esac diff --git a/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-without.init b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-without.init new file mode 100644 index 0000000..1425d83 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/build-spec/debian/systemd-missing-services-without.init @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +. /lib/lsb/init-functions + +### BEGIN INIT INFO +# Provides: systemd-missing-services-without +# Required-Start: +# Required-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: Do nothing at all +# Description: The short description pretty much covers it. +### END INIT INFO + +case "$1" in + start|stop|force-reload|restart|status|*) + echo hello world! + ;; +esac diff --git a/t/recipes/checks/systemd/systemd-missing-services/build-spec/fill-values b/t/recipes/checks/systemd/systemd-missing-services/build-spec/fill-values new file mode 100644 index 0000000..879420a --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: systemd-missing-services +Description: Check for missing service files diff --git a/t/recipes/checks/systemd/systemd-missing-services/eval/desc b/t/recipes/checks/systemd/systemd-missing-services/eval/desc new file mode 100644 index 0000000..425a261 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/eval/desc @@ -0,0 +1,4 @@ +Testname: systemd-missing-services +Test-Against: + omitted-systemd-service-for-init.d-script +Check: systemd diff --git a/t/recipes/checks/systemd/systemd-missing-services/eval/hints b/t/recipes/checks/systemd/systemd-missing-services/eval/hints new file mode 100644 index 0000000..f32bba0 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-missing-services/eval/hints @@ -0,0 +1,4 @@ +systemd-missing-services-without-rcs (binary): missing-systemd-service-for-init.d-rcS-script systemd-missing-services-without-rcs [etc/init.d/systemd-missing-services-without-rcs] +systemd-missing-services-without (binary): missing-systemd-service-for-init.d-script systemd-missing-services-without [etc/init.d/systemd-missing-services-without] +systemd-missing-services-with (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-missing-services-with.service] +systemd-missing-services-template (binary): invalid-systemd-documentation https://example.com/%i/ [usr/lib/systemd/system/systemd-missing-services-template@.service] diff --git a/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/debian/control.in b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/debian/control.in new file mode 100644 index 0000000..d42ecbb --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/debian/control.in @@ -0,0 +1,27 @@ +Source: [% $source %] +Priority: optional +Section: misc +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: no + +Package: [% $source %]-good +Architecture: all +Depends: ${misc:Depends} +Description: [% $description %] (good) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + Good case. + +Package: [% $source %]-bad +Architecture: all +Depends: ${misc:Depends} +Description: [% $description %] (bad) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + Bad case. diff --git a/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/debian/systemd-service-file-refers-to-var-run-bad.service b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/debian/systemd-service-file-refers-to-var-run-bad.service new file mode 100644 index 0000000..9ee687e --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/debian/systemd-service-file-refers-to-var-run-bad.service @@ -0,0 +1,10 @@ +[Unit] +After=network.target +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test +PIDFile=/run/$NAME.pid + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/debian/systemd-service-file-refers-to-var-run-good.service b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/debian/systemd-service-file-refers-to-var-run-good.service new file mode 100644 index 0000000..b1eda4a --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/debian/systemd-service-file-refers-to-var-run-good.service @@ -0,0 +1,10 @@ +[Unit] +After=network.target +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test +PIDFile=/var/run/$NAME.pid + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/fill-values b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/fill-values new file mode 100644 index 0000000..fb822d7 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: systemd-service-file-refers-to-var-run +Description: Check for PIDFile=/var/run/foo diff --git a/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/eval/desc b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/eval/desc new file mode 100644 index 0000000..07b2247 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/eval/desc @@ -0,0 +1,2 @@ +Testname: systemd-service-file-refers-to-var-run +Check: systemd diff --git a/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/eval/hints b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/eval/hints new file mode 100644 index 0000000..40b11fc --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-refers-to-var-run/eval/hints @@ -0,0 +1,3 @@ +systemd-service-file-refers-to-var-run-good (binary): systemd-service-file-refers-to-var-run PIDFile /var/run/$NAME.pid [usr/lib/systemd/system/systemd-service-file-refers-to-var-run-good.service] +systemd-service-file-refers-to-var-run-good (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-service-file-refers-to-var-run-good.service] +systemd-service-file-refers-to-var-run-bad (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-service-file-refers-to-var-run-bad.service] diff --git a/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/debian/control.in b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/debian/control.in new file mode 100644 index 0000000..d42ecbb --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/debian/control.in @@ -0,0 +1,27 @@ +Source: [% $source %] +Priority: optional +Section: misc +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: no + +Package: [% $source %]-good +Architecture: all +Depends: ${misc:Depends} +Description: [% $description %] (good) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + Good case. + +Package: [% $source %]-bad +Architecture: all +Depends: ${misc:Depends} +Description: [% $description %] (bad) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + Bad case. diff --git a/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/debian/systemd-service-file-shutdown-problems-bad.service b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/debian/systemd-service-file-shutdown-problems-bad.service new file mode 100644 index 0000000..e9b1171 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/debian/systemd-service-file-shutdown-problems-bad.service @@ -0,0 +1,12 @@ +[Unit] +After=network.target +Before=shutdown.target +Conflicts=shutdown.target +DefaultDependencies=no +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/debian/systemd-service-file-shutdown-problems-good.service b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/debian/systemd-service-file-shutdown-problems-good.service new file mode 100644 index 0000000..b069d2b --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/debian/systemd-service-file-shutdown-problems-good.service @@ -0,0 +1,11 @@ +[Unit] +After=network.target +Conflicts=shutdown.target +DefaultDependencies=no +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/fill-values b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/fill-values new file mode 100644 index 0000000..6c4865d --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: systemd-service-file-shutdown-problems +Description: Check for DefaultDependencies=no and Conflicts=shutdown.target but not Before=shutdown.target diff --git a/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/eval/desc b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/eval/desc new file mode 100644 index 0000000..c89c800 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/eval/desc @@ -0,0 +1,2 @@ +Testname: systemd-service-file-shutdown-problems +Check: systemd diff --git a/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/eval/hints b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/eval/hints new file mode 100644 index 0000000..ba01ae3 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-shutdown-problems/eval/hints @@ -0,0 +1,3 @@ +systemd-service-file-shutdown-problems-good (binary): systemd-service-file-shutdown-problems [usr/lib/systemd/system/systemd-service-file-shutdown-problems-good.service] +systemd-service-file-shutdown-problems-good (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-service-file-shutdown-problems-good.service] +systemd-service-file-shutdown-problems-bad (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-service-file-shutdown-problems-bad.service] diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/debian/control.in b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/debian/control.in new file mode 100644 index 0000000..d42ecbb --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/debian/control.in @@ -0,0 +1,27 @@ +Source: [% $source %] +Priority: optional +Section: misc +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: no + +Package: [% $source %]-good +Architecture: all +Depends: ${misc:Depends} +Description: [% $description %] (good) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + Good case. + +Package: [% $source %]-bad +Architecture: all +Depends: ${misc:Depends} +Description: [% $description %] (bad) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + Bad case. diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/debian/systemd-service-file-uses-deprecated-syslog-facility-bad.service b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/debian/systemd-service-file-uses-deprecated-syslog-facility-bad.service new file mode 100644 index 0000000..748a16a --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/debian/systemd-service-file-uses-deprecated-syslog-facility-bad.service @@ -0,0 +1,12 @@ +[Unit] +After=network.target +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test +PIDFile=/run/$NAME.pid +StandardOutput=syslog +StandardError=syslog-console + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/debian/systemd-service-file-uses-deprecated-syslog-facility-good.service b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/debian/systemd-service-file-uses-deprecated-syslog-facility-good.service new file mode 100644 index 0000000..30adb06 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/debian/systemd-service-file-uses-deprecated-syslog-facility-good.service @@ -0,0 +1,12 @@ +[Unit] +After=network.target +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test +PIDFile=/run/$NAME.pid +StandardOutput=null +StandardError=null + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/fill-values b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/fill-values new file mode 100644 index 0000000..5e50e83 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: systemd-service-file-uses-deprecated-syslog-facility +Description: Check for StandardOutput=syslog etc. diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/eval/desc b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/eval/desc new file mode 100644 index 0000000..dc5a226 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/eval/desc @@ -0,0 +1,2 @@ +Testname: systemd-service-file-uses-deprecated-syslog-facility +Check: systemd diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/eval/hints b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/eval/hints new file mode 100644 index 0000000..41b3248 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-deprecated-syslog-facility/eval/hints @@ -0,0 +1,4 @@ +systemd-service-file-uses-deprecated-syslog-facility-good (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-service-file-uses-deprecated-syslog-facility-good.service] +systemd-service-file-uses-deprecated-syslog-facility-bad (binary): systemd-service-file-uses-deprecated-syslog-facility StandardOutput=syslog [usr/lib/systemd/system/systemd-service-file-uses-deprecated-syslog-facility-bad.service] +systemd-service-file-uses-deprecated-syslog-facility-bad (binary): systemd-service-file-uses-deprecated-syslog-facility StandardError=syslog-console [usr/lib/systemd/system/systemd-service-file-uses-deprecated-syslog-facility-bad.service] +systemd-service-file-uses-deprecated-syslog-facility-bad (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-service-file-uses-deprecated-syslog-facility-bad.service] diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/debian/control.in b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/debian/control.in new file mode 100644 index 0000000..d42ecbb --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/debian/control.in @@ -0,0 +1,27 @@ +Source: [% $source %] +Priority: optional +Section: misc +Maintainer: [% $author %] +Standards-Version: [% $standards_version %] +Build-Depends: [% $build_depends %] +Rules-Requires-Root: no + +Package: [% $source %]-good +Architecture: all +Depends: ${misc:Depends} +Description: [% $description %] (good) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + Good case. + +Package: [% $source %]-bad +Architecture: all +Depends: ${misc:Depends} +Description: [% $description %] (bad) + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. + . + Bad case. diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/debian/systemd-service-file-uses-nobody-or-nogroup-bad.service b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/debian/systemd-service-file-uses-nobody-or-nogroup-bad.service new file mode 100644 index 0000000..96ada25 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/debian/systemd-service-file-uses-nobody-or-nogroup-bad.service @@ -0,0 +1,12 @@ +[Unit] +After=network.target +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test +PIDFile=/run/$NAME.pid +User=nobody +Group=nogroup + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/debian/systemd-service-file-uses-nobody-or-nogroup-good.service b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/debian/systemd-service-file-uses-nobody-or-nogroup-good.service new file mode 100644 index 0000000..461e14b --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/debian/systemd-service-file-uses-nobody-or-nogroup-good.service @@ -0,0 +1,12 @@ +[Unit] +After=network.target +Documentation=https://example.com/ + +[Service] +ExecStart=/bin/test +PIDFile=/run/$NAME.pid +User=gooduser +Group=goodgroup + +[Install] +WantedBy=multi-user.target diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/fill-values b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/fill-values new file mode 100644 index 0000000..1b65cfa --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: systemd-service-file-uses-nobody-or-nogroup +Description: Check for User=nobody or Group=nogroup diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/eval/desc b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/eval/desc new file mode 100644 index 0000000..3e687ed --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/eval/desc @@ -0,0 +1,2 @@ +Testname: systemd-service-file-uses-nobody-or-nogroup +Check: systemd diff --git a/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/eval/hints b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/eval/hints new file mode 100644 index 0000000..f569899 --- /dev/null +++ b/t/recipes/checks/systemd/systemd-service-file-uses-nobody-or-nogroup/eval/hints @@ -0,0 +1,4 @@ +systemd-service-file-uses-nobody-or-nogroup-good (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-service-file-uses-nobody-or-nogroup-good.service] +systemd-service-file-uses-nobody-or-nogroup-bad (binary): systemd-service-file-uses-nobody-or-nogroup User=nobody [usr/lib/systemd/system/systemd-service-file-uses-nobody-or-nogroup-bad.service] +systemd-service-file-uses-nobody-or-nogroup-bad (binary): systemd-service-file-uses-nobody-or-nogroup Group=nogroup [usr/lib/systemd/system/systemd-service-file-uses-nobody-or-nogroup-bad.service] +systemd-service-file-uses-nobody-or-nogroup-bad (binary): systemd-service-file-missing-hardening-features [usr/lib/systemd/system/systemd-service-file-uses-nobody-or-nogroup-bad.service] diff --git a/t/recipes/checks/systemd/tmpfiles/declared-in-etc/build-spec/debian/install b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/build-spec/debian/install new file mode 100644 index 0000000..dacd7da --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/build-spec/debian/install @@ -0,0 +1 @@ +debian/test.conf etc/tmpfiles.d/ diff --git a/t/recipes/checks/systemd/tmpfiles/declared-in-etc/build-spec/debian/test.conf b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/build-spec/debian/test.conf new file mode 100644 index 0000000..81f27df --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/build-spec/debian/test.conf @@ -0,0 +1,2 @@ +# See tmpfiles.d(5) for details +d /run/bacula 2775 bacula bacula - diff --git a/t/recipes/checks/systemd/tmpfiles/declared-in-etc/build-spec/fill-values b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/build-spec/fill-values new file mode 100644 index 0000000..c35d14d --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: declared-in-etc +Description: Systemd tmpfiles declared in /etc diff --git a/t/recipes/checks/systemd/tmpfiles/declared-in-etc/eval/desc b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/eval/desc new file mode 100644 index 0000000..a64e115 --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/eval/desc @@ -0,0 +1,2 @@ +Testname: declared-in-etc +Check: systemd/tmpfiles diff --git a/t/recipes/checks/systemd/tmpfiles/declared-in-etc/eval/hints b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/eval/hints new file mode 100644 index 0000000..8f55abd --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/declared-in-etc/eval/hints @@ -0,0 +1 @@ +declared-in-etc (binary): misplaced-systemd-tmpfiles [etc/tmpfiles.d/test.conf] diff --git a/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/build-spec/debian/install b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/build-spec/debian/install new file mode 100644 index 0000000..6d21d99 --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/build-spec/debian/install @@ -0,0 +1 @@ +debian/test.conf usr/lib/tmpfiles.d/ diff --git a/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/build-spec/debian/test.conf b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/build-spec/debian/test.conf new file mode 100644 index 0000000..b0c4604 --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/build-spec/debian/test.conf @@ -0,0 +1,2 @@ +# See tmpfiles.d(5) for details +d /var/run/bacula 2775 bacula bacula - diff --git a/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/build-spec/fill-values b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/build-spec/fill-values new file mode 100644 index 0000000..6d66752 --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/build-spec/fill-values @@ -0,0 +1,5 @@ +Skeleton: upload-native +Testname: tmpfile-in-var-run +Description: Systemd places a teporary file in /var/run +See-Also: + Bug#984678 diff --git a/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/eval/desc b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/eval/desc new file mode 100644 index 0000000..9126436 --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/eval/desc @@ -0,0 +1,2 @@ +Testname: tmpfile-in-var-run +Check: systemd/tmpfiles diff --git a/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/eval/hints b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/eval/hints new file mode 100644 index 0000000..c5889a2 --- /dev/null +++ b/t/recipes/checks/systemd/tmpfiles/tmpfile-in-var-run/eval/hints @@ -0,0 +1 @@ +tmpfile-in-var-run (binary): systemd-tmpfile-in-var-run [usr/lib/tmpfiles.d/test.conf] |