diff options
Diffstat (limited to '')
144 files changed, 1460 insertions, 0 deletions
diff --git a/tags/s/script-in-etc-init.d-not-registered-via-update-rc.d.tag b/tags/s/script-in-etc-init.d-not-registered-via-update-rc.d.tag new file mode 100644 index 0000000..99a3a51 --- /dev/null +++ b/tags/s/script-in-etc-init.d-not-registered-via-update-rc.d.tag @@ -0,0 +1,7 @@ +Tag: script-in-etc-init.d-not-registered-via-update-rc.d +Severity: warning +Check: init-d +Explanation: The package installs an <code>/etc/init.d</code> script which is + not registered in the <code>postinst</code> script. This is usually a bug + (such as omitting the <code>#DEBHELPER#</code> token) unless you omit the links + intentionally for some reason or create the links some other way. diff --git a/tags/s/script-in-usr-share-doc.tag b/tags/s/script-in-usr-share-doc.tag new file mode 100644 index 0000000..fba5eb1 --- /dev/null +++ b/tags/s/script-in-usr-share-doc.tag @@ -0,0 +1,6 @@ +Tag: script-in-usr-share-doc +Severity: info +Check: documentation +Explanation: Scripts are usually not documentation files, unless they are + examples, in which case they should be in the + <code>/usr/share/doc/*pkg*/examples</code> directory. diff --git a/tags/s/script-not-executable.tag b/tags/s/script-not-executable.tag new file mode 100644 index 0000000..2507a30 --- /dev/null +++ b/tags/s/script-not-executable.tag @@ -0,0 +1,9 @@ +Tag: script-not-executable +Severity: warning +Check: scripts +Explanation: This file starts with the #! sequence that marks interpreted scripts, + but it is not executable. + . + There has been some discussion to allow such files in paths other than + <code>/usr/bin</code> but there was ultimately no broad support for it. +See-Also: Bug#368792 diff --git a/tags/s/script-uses-bin-env.tag b/tags/s/script-uses-bin-env.tag new file mode 100644 index 0000000..656ac5f --- /dev/null +++ b/tags/s/script-uses-bin-env.tag @@ -0,0 +1,7 @@ +Tag: script-uses-bin-env +Severity: warning +Check: scripts +Explanation: This script uses /bin/env as its interpreter (used to find the + actual interpreter on the user's path). There is no /bin/env on Debian + systems; env is instead installed as /usr/bin/env. Usually, the path to + env in the script should be changed. diff --git a/tags/s/script-uses-deprecated-nodejs-location.tag b/tags/s/script-uses-deprecated-nodejs-location.tag new file mode 100644 index 0000000..0e2c4bc --- /dev/null +++ b/tags/s/script-uses-deprecated-nodejs-location.tag @@ -0,0 +1,14 @@ +Tag: script-uses-deprecated-nodejs-location +Severity: warning +Check: scripts +Explanation: You used <code>/usr/bin/nodejs</code> or <code>/usr/bin/env nodejs</code> as an + interpreter for a script. + . + The <code>/usr/bin/node</code> binary was previously provided by + <code>ax25-node</code> and packages were required to use <code>/usr/bin/nodejs</code> + instead. <code>ax25-node</code> has since been removed from the archive and the + <code>nodejs</code> package now ships the <code>/usr/bin/node</code> binary to match + the rest of the Node.js ecosystem. + . + Please update your package to use the <code>node</code> variant. +See-Also: Bug#614907, Bug#862051 diff --git a/tags/s/script-uses-perl4-libs-without-dep.tag b/tags/s/script-uses-perl4-libs-without-dep.tag new file mode 100644 index 0000000..df85e0d --- /dev/null +++ b/tags/s/script-uses-perl4-libs-without-dep.tag @@ -0,0 +1,10 @@ +Tag: script-uses-perl4-libs-without-dep +Severity: warning +Check: languages/perl/perl4/prerequisites +Explanation: The named Perl script uses the named perl 4-era module, + which is obsolete. Those libraries were deprecated in perl in 5.14, + and will probably be removed from the core in perl 5.16. + . + Please remove the references to the module or add the prerequisite + <code>libperl4-corelibs-perl | perl (<< 5.12.3-7)</code> to + your package. diff --git a/tags/s/script-uses-unversioned-python-in-shebang.tag b/tags/s/script-uses-unversioned-python-in-shebang.tag new file mode 100644 index 0000000..7ae27f2 --- /dev/null +++ b/tags/s/script-uses-unversioned-python-in-shebang.tag @@ -0,0 +1,12 @@ +Tag: script-uses-unversioned-python-in-shebang +Severity: error +Check: languages/python/scripts +Explanation: This package contains a script with unversioned Python shebang. + . + This package contains a script with unversioned Python shebang and thus + defaults to using Python 2. The 2.x series of Python is deprecated and apart + from rare cases, will not be supported in Debian Bullseye. + . + If the script in question is compatible with Python 3, please modify it to use + <code>/usr/bin/python3</code> instead. If it only is Python 2 compatible, + please modify it to use <code>/usr/bin/python2</code>. diff --git a/tags/s/script-with-language-extension.tag b/tags/s/script-with-language-extension.tag new file mode 100644 index 0000000..5b3f92b --- /dev/null +++ b/tags/s/script-with-language-extension.tag @@ -0,0 +1,10 @@ +Tag: script-with-language-extension +Severity: warning +Check: files/scripts +Explanation: When scripts are installed into a directory in the system PATH, the + script name should not include an extension such as <code>.sh</code> or + <code>.pl</code> that denotes the scripting language currently used to + implement it. The implementation language may change; if it does, + leaving the name the same would be confusing and changing it would be + disruptive. +See-Also: debian-policy 10.4 diff --git a/tags/s/script-without-interpreter.tag b/tags/s/script-without-interpreter.tag new file mode 100644 index 0000000..b864087 --- /dev/null +++ b/tags/s/script-without-interpreter.tag @@ -0,0 +1,5 @@ +Tag: script-without-interpreter +Severity: error +Check: scripts +Explanation: This file starts with the #! sequence that identifies scripts, but + it does not name an interpreter. diff --git a/tags/s/section-is-dh_make-template.tag b/tags/s/section-is-dh_make-template.tag new file mode 100644 index 0000000..629f03d --- /dev/null +++ b/tags/s/section-is-dh_make-template.tag @@ -0,0 +1,8 @@ +Tag: section-is-dh_make-template +Severity: error +Check: fields/section +Explanation: The "Section:" field in this package's control file is set to + unknown. This is not a valid section, and usually means a dh_make + template control file was used and never modified to set the correct + section. +See-Also: debian-policy 2.4 diff --git a/tags/s/select-with-boolean-choices.tag b/tags/s/select-with-boolean-choices.tag new file mode 100644 index 0000000..0e4a855 --- /dev/null +++ b/tags/s/select-with-boolean-choices.tag @@ -0,0 +1,6 @@ +Tag: select-with-boolean-choices +Severity: warning +Check: debian/debconf +Explanation: Select templates with only yes and no choices should use the boolean + type instead. +See-Also: debconf-devel(7) diff --git a/tags/s/select-without-choices.tag b/tags/s/select-without-choices.tag new file mode 100644 index 0000000..9607070 --- /dev/null +++ b/tags/s/select-without-choices.tag @@ -0,0 +1,9 @@ +Tag: select-without-choices +Severity: error +Check: debian/debconf +Explanation: Templates using the <code>select</code> or <code>multiselect</code> + data types must provide a <code>Choices:</code> field that lists all possible + values. +See-Also: + debconf-specification 3.1, + debconf-devel(7) diff --git a/tags/s/service-file-is-not-a-file.tag b/tags/s/service-file-is-not-a-file.tag new file mode 100644 index 0000000..570548d --- /dev/null +++ b/tags/s/service-file-is-not-a-file.tag @@ -0,0 +1,5 @@ +Tag: service-file-is-not-a-file +Severity: error +Check: systemd +Explanation: The package contains a service file that is not a regular file or + resolvable symlink. diff --git a/tags/s/shared-library-is-executable.tag b/tags/s/shared-library-is-executable.tag new file mode 100644 index 0000000..1c01db1 --- /dev/null +++ b/tags/s/shared-library-is-executable.tag @@ -0,0 +1,8 @@ +Tag: shared-library-is-executable +Severity: error +Check: libraries/shared/file-permissions +Renamed-From: + shlib-with-executable-bit +Explanation: Shared libraries should be mode 0644. +See-Also: + debian-policy 8.1 diff --git a/tags/s/shared-library-is-multi-arch-foreign.tag b/tags/s/shared-library-is-multi-arch-foreign.tag new file mode 100644 index 0000000..410c69f --- /dev/null +++ b/tags/s/shared-library-is-multi-arch-foreign.tag @@ -0,0 +1,9 @@ +Tag: shared-library-is-multi-arch-foreign +Severity: error +Check: libraries/shared/multi-arch +Renamed-From: + shlib-in-multi-arch-foreign-package +Explanation: The package is marked as Multi-Arch: foreign, but it includes a shared + library in a public library directory. +See-Also: + https://wiki.ubuntu.com/MultiarchSpec diff --git a/tags/s/shared-library-lacks-prerequisites.tag b/tags/s/shared-library-lacks-prerequisites.tag new file mode 100644 index 0000000..f1684e1 --- /dev/null +++ b/tags/s/shared-library-lacks-prerequisites.tag @@ -0,0 +1,23 @@ +Tag: shared-library-lacks-prerequisites +Severity: warning +Check: binaries/prerequisites +Renamed-From: + shared-lib-without-dependency-information +Explanation: The listed shared library doesn't include information about the + other libraries against which it was linked. + . + More specifically, "<code>ldd foo.so</code>" should report such other + libraries. In your case, it reports "statically linked". + . + The fix is to specify the libraries. One way to do so is to add + something like "-lc" to the command-line options for "ld". + +Screen: coq/cmxs/prerequisites +Advocates: Julien Puydt <julien.puydt@gmail.com> +Reason: The Coq project comes with a kind of compiler that generates files + which are ELF shared objects. Unfortunately, they contain many undefined + symbols, but those are expected. + . + There are a lot of false positives. +See-Also: + Bug#999602 diff --git a/tags/s/shared-library-lacks-stack-section.tag b/tags/s/shared-library-lacks-stack-section.tag new file mode 100644 index 0000000..453fbd7 --- /dev/null +++ b/tags/s/shared-library-lacks-stack-section.tag @@ -0,0 +1,13 @@ +Tag: shared-library-lacks-stack-section +Severity: error +Check: libraries/shared/stack +Renamed-From: + shlib-without-PT_GNU_STACK-section +Explanation: The listed shared library lacks a PT_GNU_STACK section. This forces + the dynamic linker to make the stack executable. + . + The shared lib is linked either with a non-GNU linker or a linker which is + very old. This problem can be fixed with a rebuild. + . + To see whether a shared library has this section, run <code>readelf -l</code> + on it and look for a program header of type GNU_STACK. diff --git a/tags/s/shared-library-lacks-version.tag b/tags/s/shared-library-lacks-version.tag new file mode 100644 index 0000000..aebb8c6 --- /dev/null +++ b/tags/s/shared-library-lacks-version.tag @@ -0,0 +1,24 @@ +Tag: shared-library-lacks-version +Severity: warning +Check: debian/shlibs +Renamed-From: + shlib-without-versioned-soname +Explanation: The listed shared library in a public library directory has an + SONAME that does not contain any versioning information, either after the + <code>.so</code> or before it and set off by a hyphen. It cannot therefore + be represented in the shlibs system, and if linked by binaries its + interface cannot safely change. There is no backward-compatible way to + migrate programs linked against it to a new ABI. + . + Normally, this means the shared library is a private library for a + particular application and is not meant for general use. Policy + recommends that such libraries be installed in a subdirectory of + <code>/usr/lib</code> rather than in a public shared library directory. + . + To view the SONAME of a shared library, run <code>readelf -d</code> on the + shared library and look for the tag of type SONAME. + . + There are some special stub libraries or special-purpose shared objects + for which an ABI version is not meaningful. If this is one of those + cases, please add an override. +See-Also: debian-policy 10.2, debian-policy 8.6 diff --git a/tags/s/shared-library-not-shipped.tag b/tags/s/shared-library-not-shipped.tag new file mode 100644 index 0000000..0ad8bb7 --- /dev/null +++ b/tags/s/shared-library-not-shipped.tag @@ -0,0 +1,8 @@ +Tag: shared-library-not-shipped +Severity: warning +Check: debian/shlibs +Renamed-From: + unused-shlib-entry-in-control-file +Explanation: The shlibs control file contains an entry for a shared library that + is not installed by this package. +See-Also: debian-policy 8.6 diff --git a/tags/s/shared-library-symbols-not-tracked.tag b/tags/s/shared-library-symbols-not-tracked.tag new file mode 100644 index 0000000..0603165 --- /dev/null +++ b/tags/s/shared-library-symbols-not-tracked.tag @@ -0,0 +1,8 @@ +Tag: shared-library-symbols-not-tracked +Severity: warning +Check: debian/shlibs +Renamed-From: + shlib-missing-in-symbols-control-file +Explanation: The package contains a shared library that is not listed in the + symbols control file. This may not be a problem if, for example, + the library is a C++ library. diff --git a/tags/s/sharedobject-in-library-directory-missing-soname.tag b/tags/s/sharedobject-in-library-directory-missing-soname.tag new file mode 100644 index 0000000..82e4121 --- /dev/null +++ b/tags/s/sharedobject-in-library-directory-missing-soname.tag @@ -0,0 +1,13 @@ +Tag: sharedobject-in-library-directory-missing-soname +Severity: error +Check: libraries/shared/soname/missing +Explanation: A shared object was identified in a library directory (a directory + in the standard linker path) which doesn't have a SONAME. This is + usually an error. + . + SONAMEs are set with something like <code>gcc -Wl,-soname,libfoo.so.0</code>, + where 0 is the major version of the library. If your package uses libtool, + then libtool invoked with the right options should be doing this. + . + To view the SONAME of a shared library, run <code>readelf -d</code> on the + shared library and look for the tag of type SONAME. diff --git a/tags/s/shell-script-fails-syntax-check.tag b/tags/s/shell-script-fails-syntax-check.tag new file mode 100644 index 0000000..da2836c --- /dev/null +++ b/tags/s/shell-script-fails-syntax-check.tag @@ -0,0 +1,12 @@ +Tag: shell-script-fails-syntax-check +Severity: error +Check: script/syntax +Explanation: Running this shell script with the shell's -n option set fails, + which means that the script has syntax errors. The most common cause of + this problem is a script expecting <code>/bin/sh</code> to be bash checked on + a system using dash as <code>/bin/sh</code>. + . + Run e.g. <code>sh -n yourscript</code> to see the errors yourself. + . + Note this can have false-positives, for an example with bash scripts + using "extglob". diff --git a/tags/s/shipped-file-without-utf8-name.tag b/tags/s/shipped-file-without-utf8-name.tag new file mode 100644 index 0000000..f080955 --- /dev/null +++ b/tags/s/shipped-file-without-utf8-name.tag @@ -0,0 +1,13 @@ +Tag: shipped-file-without-utf8-name +Severity: error +Check: files/names +See-Also: debian-policy 10.10 +Explanation: The file name in the installed tree is not valid UTF-8. + As a shipped file in an installation package, the name of this file is + considered the responsibility of the package maintainer. Please + rename the file. + . + Unlike other file names in Lintian, which are printed in UTF-8, the + attached reference shows the bytes used by the file system. + Unprintable characters may have been replaced. +Renamed-From: file-name-is-not-valid-UTF-8 diff --git a/tags/s/ships-r-site-library.tag b/tags/s/ships-r-site-library.tag new file mode 100644 index 0000000..e882114 --- /dev/null +++ b/tags/s/ships-r-site-library.tag @@ -0,0 +1,6 @@ +Tag: ships-r-site-library +Severity: classification +Check: languages/r/site-library +Explanation: This package ships the named <code>R</code> programming + language site library. +See-Also: https://wiki.debian.org/Teams/r-pkg-team diff --git a/tags/s/ships-undeclared-shared-library.tag b/tags/s/ships-undeclared-shared-library.tag new file mode 100644 index 0000000..61b2f8f --- /dev/null +++ b/tags/s/ships-undeclared-shared-library.tag @@ -0,0 +1,8 @@ +Tag: ships-undeclared-shared-library +Severity: error +Check: debian/shlibs +Renamed-From: + shlib-missing-in-control-file +Explanation: The package contains a shared library that is not listed in the + shlibs control file. If this is intentional, please override this error. +See-Also: debian-policy 8.6 diff --git a/tags/s/silent-on-rules-requiring-root.tag b/tags/s/silent-on-rules-requiring-root.tag new file mode 100644 index 0000000..a80353f --- /dev/null +++ b/tags/s/silent-on-rules-requiring-root.tag @@ -0,0 +1,21 @@ +Tag: silent-on-rules-requiring-root +Severity: pedantic +Check: debian/control/field/rules-requires-root +Renamed-From: + rules-requires-root-missing +Explanation: The field <code>Rules-Requires-Root</code> is missing from the file + <code>debian/control</code>. + . + Over time, Debian has successively narrowed the steps for which elevated privileges + are required. It speeds up the building of installation packages in the archive. + Eventually, Debian will switch the default archive-wide behaviour to expedite the + build process further. + . + Please declare explicitly that the sources do not require root privileges. You can + use the setting <code>Rules-Requires-Root: no</code> in the source stanza of + <code>debian/control</code>, but please verify with <code>diffoscope(1)</code> that + the installation packages produced are in fact identical. +See-Also: + /usr/share/doc/dpkg/spec/rootless-builds.txt, + debian-policy 4.9.2, + debian-policy 5.6.31 diff --git a/tags/s/skip-systemd-native-flag-missing-pre-depends.tag b/tags/s/skip-systemd-native-flag-missing-pre-depends.tag new file mode 100644 index 0000000..d68ff26 --- /dev/null +++ b/tags/s/skip-systemd-native-flag-missing-pre-depends.tag @@ -0,0 +1,15 @@ +Tag: skip-systemd-native-flag-missing-pre-depends +Severity: warning +Check: systemd/native/prerequisites +Explanation: The named maintainer script uses the <code>--skip-systemd-native</code> + option to <code>invoke-rc.d</code> but does not declare a <code>Pre-Depends</code> + prerequisite on <code>init-system-helpers</code>. + . + The flag helps to defer <code>systemd</code> actions until + <code>deb-systemd-invoke(1p)</code> is called. + . + Please add <code>Pre-Depends: ${misc:Pre-Depends}</code> to your + <code>debian/control</code> file. +See-Also: + invoke-rc.d(8), + deb-systemd-invoke(1p) diff --git a/tags/s/source-contains-arch-control-dir.tag b/tags/s/source-contains-arch-control-dir.tag new file mode 100644 index 0000000..b672e6d --- /dev/null +++ b/tags/s/source-contains-arch-control-dir.tag @@ -0,0 +1,9 @@ +Tag: source-contains-arch-control-dir +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains an {arch} or .arch-ids directory or a + directory starting with <code>,,</code> (used by baz for debugging traces). + It was most likely included by accident since Arch version control + directories usually don't belong in releases. If an upstream release + tarball contains these directories, you should usually report this as a + bug upstream. diff --git a/tags/s/source-contains-arch-inventory-file.tag b/tags/s/source-contains-arch-inventory-file.tag new file mode 100644 index 0000000..ced8df4 --- /dev/null +++ b/tags/s/source-contains-arch-inventory-file.tag @@ -0,0 +1,6 @@ +Tag: source-contains-arch-inventory-file +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains an <code>.arch-inventory</code> file. This + is Arch metadata that should normally not be distributed. You may want + to report this as an upstream bug. diff --git a/tags/s/source-contains-autogenerated-gperf-data.tag b/tags/s/source-contains-autogenerated-gperf-data.tag new file mode 100644 index 0000000..4e1d881 --- /dev/null +++ b/tags/s/source-contains-autogenerated-gperf-data.tag @@ -0,0 +1,11 @@ +Tag: source-contains-autogenerated-gperf-data +Severity: pedantic +Check: cruft +Explanation: The following file is autogenerated by gperf + . + They are usually provided for the convenience of users. These files + usually just take up space in the tarball. + . + Check if upstream also provides source-only tarballs that you can use as + the upstream distribution instead. If not, you may want to ask upstream + to provide source-only tarballs. diff --git a/tags/s/source-contains-autogenerated-visual-c++-file.tag b/tags/s/source-contains-autogenerated-visual-c++-file.tag new file mode 100644 index 0000000..aede334 --- /dev/null +++ b/tags/s/source-contains-autogenerated-visual-c++-file.tag @@ -0,0 +1,11 @@ +Tag: source-contains-autogenerated-visual-c++-file +Severity: pedantic +Check: cruft +Explanation: The following file is autogenerated by Microsoft Visual C++. + . + They are usually provided for the convenience of users. These files + usually just take up space in the tarball and are of no use in Debian. + . + Check if upstream also provides source-only tarballs that you can use as + the upstream distribution instead. If not, you may want to ask upstream + to provide source-only tarballs. diff --git a/tags/s/source-contains-browserified-javascript.tag b/tags/s/source-contains-browserified-javascript.tag new file mode 100644 index 0000000..1482290 --- /dev/null +++ b/tags/s/source-contains-browserified-javascript.tag @@ -0,0 +1,9 @@ +Tag: source-contains-browserified-javascript +Severity: pedantic +Check: cruft +Explanation: The following file contains javascript built from browserify + . + This file may contain javascript that is build with the help of browserify + or webpack tools. + . + You should rebuilt this file from source. diff --git a/tags/s/source-contains-bts-control-dir.tag b/tags/s/source-contains-bts-control-dir.tag new file mode 100644 index 0000000..35c6906 --- /dev/null +++ b/tags/s/source-contains-bts-control-dir.tag @@ -0,0 +1,6 @@ +Tag: source-contains-bts-control-dir +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains a directory used by a bug tracking + system. It was most likely included by accident since bug tracking system + directories usually don't belong in releases. diff --git a/tags/s/source-contains-bzr-control-dir.tag b/tags/s/source-contains-bzr-control-dir.tag new file mode 100644 index 0000000..6d5a72e --- /dev/null +++ b/tags/s/source-contains-bzr-control-dir.tag @@ -0,0 +1,9 @@ +Tag: source-contains-bzr-control-dir +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains a .bzr directory. It was most likely + included by accident since bazaar-ng version control directories usually + don't belong in releases and may contain the entire repository. When + packaging a bzr snapshot, use bzr export to create a clean tree. If an + upstream release tarball contains .bzr directories, you should usually + report this as a bug upstream. diff --git a/tags/s/source-contains-cmake-cache-file.tag b/tags/s/source-contains-cmake-cache-file.tag new file mode 100644 index 0000000..fff5f27 --- /dev/null +++ b/tags/s/source-contains-cmake-cache-file.tag @@ -0,0 +1,14 @@ +Tag: source-contains-cmake-cache-file +Severity: error +Check: build-systems/cmake +Renamed-From: + diff-contains-cmake-cache-file +Explanation: This package ships a CMake cache file. + . + These files embed source paths from when they were built. They will cause + build failures when the source is subsequently built under different paths. + . + They always cause errors on the buildds. + . + The file was probably included by accident. If it came with the upstream + sources, please delete it before building in <code>debian/rules</code>. diff --git a/tags/s/source-contains-cvs-conflict-copy.tag b/tags/s/source-contains-cvs-conflict-copy.tag new file mode 100644 index 0000000..9a7b5c5 --- /dev/null +++ b/tags/s/source-contains-cvs-conflict-copy.tag @@ -0,0 +1,9 @@ +Tag: source-contains-cvs-conflict-copy +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains a CVS conflict copy. These have file + names like <code>.#file.version</code> and are generated by CVS when a + conflict was detected when merging local changes with updates from a + source repository. They're useful only while resolving the conflict and + were probably included by accident. You may want to report this as an + upstream bug. diff --git a/tags/s/source-contains-cvs-control-dir.tag b/tags/s/source-contains-cvs-control-dir.tag new file mode 100644 index 0000000..abd5dfe --- /dev/null +++ b/tags/s/source-contains-cvs-control-dir.tag @@ -0,0 +1,8 @@ +Tag: source-contains-cvs-control-dir +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains a CVS directory. It was most likely + included by accident since CVS directories usually don't belong in + releases. When packaging a CVS snapshot, export from CVS rather than use + a checkout. If an upstream release tarball contains CVS directories, you + usually should report this as a bug to upstream. diff --git a/tags/s/source-contains-data-from-ieee-data-oui-db.tag b/tags/s/source-contains-data-from-ieee-data-oui-db.tag new file mode 100644 index 0000000..4e9c48f --- /dev/null +++ b/tags/s/source-contains-data-from-ieee-data-oui-db.tag @@ -0,0 +1,9 @@ +Tag: source-contains-data-from-ieee-data-oui-db +Severity: pedantic +Check: cruft +Explanation: The following file contains data from the OUI database + . + This file contains a likely outdated copy of + Organizationally Unique Identifier (OUI) database from IEEE. + . + Please use the files from ieee-data package instead. diff --git a/tags/s/source-contains-debian-substvars.tag b/tags/s/source-contains-debian-substvars.tag new file mode 100644 index 0000000..bbf7406 --- /dev/null +++ b/tags/s/source-contains-debian-substvars.tag @@ -0,0 +1,10 @@ +Tag: source-contains-debian-substvars +Severity: warning +Check: debian/substvars +Renamed-From: + diff-contains-substvars +Explanation: Lintian found a substvars file in the Debian diff for this source + package. The debian/substvars (or debian/<code>package</code>.substvars) file + is usually generated and modified dynamically by debian/rules targets, in + which case it must be removed by the clean target. +See-Also: debian-policy 4.10 diff --git a/tags/s/source-contains-editor-backup-file.tag b/tags/s/source-contains-editor-backup-file.tag new file mode 100644 index 0000000..d3a6f33 --- /dev/null +++ b/tags/s/source-contains-editor-backup-file.tag @@ -0,0 +1,9 @@ +Tag: source-contains-editor-backup-file +Severity: warning +Check: files/artifact +Explanation: The Debian diff or native package contains a file ending in + <code>~</code> or of the form <code>.xxx.swp</code>, which is normally either an + Emacs or vim backup file or a backup file created by programs such as + <code>autoheader</code> or <code>debconf-updatepo</code>. This usually causes no + harm, but it's messy and bloats the size of the Debian diff to no useful + purpose. diff --git a/tags/s/source-contains-git-control-dir.tag b/tags/s/source-contains-git-control-dir.tag new file mode 100644 index 0000000..95172e8 --- /dev/null +++ b/tags/s/source-contains-git-control-dir.tag @@ -0,0 +1,8 @@ +Tag: source-contains-git-control-dir +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains a .git directory. It was most likely + included by accident since git version control directories usually don't + belong in releases and may contain a complete copy of the repository. If + an upstream release tarball contains .git directories, you should usually + report this as a bug upstream. diff --git a/tags/s/source-contains-hg-control-dir.tag b/tags/s/source-contains-hg-control-dir.tag new file mode 100644 index 0000000..b94c07c --- /dev/null +++ b/tags/s/source-contains-hg-control-dir.tag @@ -0,0 +1,8 @@ +Tag: source-contains-hg-control-dir +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains a .hg directory. It was most likely + included by accident since hg version control directories usually don't + belong in releases and may contain a complete copy of the repository. If + an upstream release tarball contains .hg directories, you should usually + report this as a bug upstream. diff --git a/tags/s/source-contains-hg-tags-file.tag b/tags/s/source-contains-hg-tags-file.tag new file mode 100644 index 0000000..b20c2c4 --- /dev/null +++ b/tags/s/source-contains-hg-tags-file.tag @@ -0,0 +1,8 @@ +Tag: source-contains-hg-tags-file +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains an <code>.hgtags</code> file. This file is + Mercurial metadata that should normally not be distributed. It stores + hashes of tagged commits in a Mercurial repository and isn't therefore + useful without the repository. You may want to report this as an + upstream bug. diff --git a/tags/s/source-contains-patch-failure-file.tag b/tags/s/source-contains-patch-failure-file.tag new file mode 100644 index 0000000..0aee47b --- /dev/null +++ b/tags/s/source-contains-patch-failure-file.tag @@ -0,0 +1,8 @@ +Tag: source-contains-patch-failure-file +Severity: warning +Check: files/artifact +Explanation: The Debian diff or native package contains a file that looks like + the files left behind by the <code>patch</code> utility when it cannot + completely apply a diff. This may be left over from a patch applied by + the maintainer. Normally such files should not be included in the + package. diff --git a/tags/s/source-contains-prebuilt-binary.tag b/tags/s/source-contains-prebuilt-binary.tag new file mode 100644 index 0000000..124ec16 --- /dev/null +++ b/tags/s/source-contains-prebuilt-binary.tag @@ -0,0 +1,7 @@ +Tag: source-contains-prebuilt-binary +Severity: pedantic +Check: files/source-missing +Explanation: The source tarball contains a prebuilt ELF object. They are usually + left by mistake when generating the tarball by not cleaning the source + directory first. You may want to report this as an upstream bug, in case + there is no sign that this was intended. diff --git a/tags/s/source-contains-prebuilt-doxygen-documentation.tag b/tags/s/source-contains-prebuilt-doxygen-documentation.tag new file mode 100644 index 0000000..80182a2 --- /dev/null +++ b/tags/s/source-contains-prebuilt-doxygen-documentation.tag @@ -0,0 +1,9 @@ +Tag: source-contains-prebuilt-doxygen-documentation +Severity: pedantic +Check: documentation/doxygen +Explanation: The source tarball contains prebuilt doxygen documentation. + This is usually left by mistake when generating the tarball without + first cleaning the source directory. You may want to report this as + an upstream bug if there is no sign that this was intended. + . + It is preferable to rebuild documentation directly from source. diff --git a/tags/s/source-contains-prebuilt-flash-object.tag b/tags/s/source-contains-prebuilt-flash-object.tag new file mode 100644 index 0000000..207fb90 --- /dev/null +++ b/tags/s/source-contains-prebuilt-flash-object.tag @@ -0,0 +1,15 @@ +Tag: source-contains-prebuilt-flash-object +Severity: pedantic +Check: files/source-missing +Explanation: The source tarball contains a prebuilt file in the Shockwave Flash (SWF) + or Flash Video (FLV) format. These are often included by mistake when + developers generate a tarball without cleaning the source directory + first. An exception is simple video files, which are their own + source. + . + If there is no sign this was intended, consider reporting it as an + upstream bug. + . + If the Flash file is not meant to be modified directly, please make + sure the package includes the source for the file and that the + packaging rebuilds it. diff --git a/tags/s/source-contains-prebuilt-flash-project.tag b/tags/s/source-contains-prebuilt-flash-project.tag new file mode 100644 index 0000000..74279a0 --- /dev/null +++ b/tags/s/source-contains-prebuilt-flash-project.tag @@ -0,0 +1,14 @@ +Tag: source-contains-prebuilt-flash-project +Severity: pedantic +Check: files/source-missing +Explanation: The source tarball contains a prebuilt file in the Shockwave Flash + project (FLA) format. These are often included by mistake when + developers generate a tarball without cleaning the source directory + first. + . + If there is no sign this was intended, consider reporting it as an + upstream bug. + . + If the Flash file is not meant to be modified directly, please make + sure the package includes the source for the file and that the + packaging rebuilds it. diff --git a/tags/s/source-contains-prebuilt-java-object.tag b/tags/s/source-contains-prebuilt-java-object.tag new file mode 100644 index 0000000..2a6eff6 --- /dev/null +++ b/tags/s/source-contains-prebuilt-java-object.tag @@ -0,0 +1,7 @@ +Tag: source-contains-prebuilt-java-object +Severity: pedantic +Check: languages/java +Explanation: The source tarball contains a prebuilt Java class file. These are often + included by mistake when developers generate a tarball without cleaning + the source directory first. If there is no sign this was intended, + consider reporting it as an upstream bug as it may be a DFSG violation. diff --git a/tags/s/source-contains-prebuilt-javascript-object.tag b/tags/s/source-contains-prebuilt-javascript-object.tag new file mode 100644 index 0000000..8ecac62 --- /dev/null +++ b/tags/s/source-contains-prebuilt-javascript-object.tag @@ -0,0 +1,7 @@ +Tag: source-contains-prebuilt-javascript-object +Severity: pedantic +Check: files/source-missing +Explanation: The source tarball contains a prebuilt (minified) JavaScript object. + They are usually left by mistake when generating the tarball by not + cleaning the source directory first. You may want to report this as + an upstream bug, in case there is no sign that this was intended. diff --git a/tags/s/source-contains-prebuilt-ms-help-file.tag b/tags/s/source-contains-prebuilt-ms-help-file.tag new file mode 100644 index 0000000..14c38f5 --- /dev/null +++ b/tags/s/source-contains-prebuilt-ms-help-file.tag @@ -0,0 +1,17 @@ +Tag: source-contains-prebuilt-ms-help-file +Severity: error +Check: files/banned/compiled-help +Explanation: The source tarball contains a prebuilt Microsoft precompiled help + file (CHM file). These are often included by mistake when developers generate + a tarball without cleaning the source directory first. + . + CHM files are mainly produced by proprietary, Windows-specific software. + They are also mainly consumed by the Microsoft HTML Help Workshop. + . + Whilst there is free software to read and write them, any + examples existing in source packages are likely to be created + by the proprietary Microsoft software and are probably missing + the source HTML and associated files. + . + If there is no sign this was intended, consider reporting it as + an upstream bug. diff --git a/tags/s/source-contains-prebuilt-pandoc-documentation.tag b/tags/s/source-contains-prebuilt-pandoc-documentation.tag new file mode 100644 index 0000000..382e0cd --- /dev/null +++ b/tags/s/source-contains-prebuilt-pandoc-documentation.tag @@ -0,0 +1,9 @@ +Tag: source-contains-prebuilt-pandoc-documentation +Severity: pedantic +Check: cruft +Explanation: The source tarball contains prebuilt pandoc documentation. + This is usually left by mistake when generating the tarball without + first cleaning the source directory. You may want to report this as + an upstream bug if there is no sign that this was intended. + . + It is preferable to rebuild documentation directly from source. diff --git a/tags/s/source-contains-prebuilt-python-object.tag b/tags/s/source-contains-prebuilt-python-object.tag new file mode 100644 index 0000000..b6f4242 --- /dev/null +++ b/tags/s/source-contains-prebuilt-python-object.tag @@ -0,0 +1,7 @@ +Tag: source-contains-prebuilt-python-object +Severity: pedantic +Check: files/source-missing +Explanation: The source tarball contains a prebuilt Python object. They are + usually left by mistake when generating the tarball by not cleaning the + source directory first. You may want to report this as an upstream bug, + in case there is no sign that this was intended. diff --git a/tags/s/source-contains-prebuilt-silverlight-object.tag b/tags/s/source-contains-prebuilt-silverlight-object.tag new file mode 100644 index 0000000..c135a7d --- /dev/null +++ b/tags/s/source-contains-prebuilt-silverlight-object.tag @@ -0,0 +1,7 @@ +Tag: source-contains-prebuilt-silverlight-object +Severity: error +Check: files/source-missing +Explanation: The source tarball contains a prebuilt Silverlight control. + Unfortunately, the tools used to build such files have non-free + dependencies and are not present in Debian. This file must be + completely removed. diff --git a/tags/s/source-contains-prebuilt-sphinx-documentation.tag b/tags/s/source-contains-prebuilt-sphinx-documentation.tag new file mode 100644 index 0000000..e7f2062 --- /dev/null +++ b/tags/s/source-contains-prebuilt-sphinx-documentation.tag @@ -0,0 +1,9 @@ +Tag: source-contains-prebuilt-sphinx-documentation +Severity: pedantic +Check: cruft +Explanation: The source tarball contains prebuilt Sphinx documentation. + This is usually left by mistake when generating the tarball without + first cleaning the source directory. You may want to report this as + an upstream bug if there is no sign that this was intended. + . + It is preferable to rebuild documentation directly from source. diff --git a/tags/s/source-contains-prebuilt-wasm-binary.tag b/tags/s/source-contains-prebuilt-wasm-binary.tag new file mode 100644 index 0000000..29e49e2 --- /dev/null +++ b/tags/s/source-contains-prebuilt-wasm-binary.tag @@ -0,0 +1,11 @@ +Tag: source-contains-prebuilt-wasm-binary +Severity: pedantic +Check: files/source-missing +Explanation: The source tarball contains a prebuilt binary wasm object. + They are usually provided for the convenience of users. These files + usually just take up space in the tarball and need to be rebuilt from + source. + . + Check if upstream also provides source-only tarballs that you can use as + the upstream distribution instead. If not, you may want to ask upstream + to provide source-only tarballs. diff --git a/tags/s/source-contains-prebuilt-windows-binary.tag b/tags/s/source-contains-prebuilt-windows-binary.tag new file mode 100644 index 0000000..20b7190 --- /dev/null +++ b/tags/s/source-contains-prebuilt-windows-binary.tag @@ -0,0 +1,13 @@ +Tag: source-contains-prebuilt-windows-binary +Severity: warning +Check: files/source-missing +Explanation: The source tarball contains a prebuilt binary for Microsoft Windows. + They are usually provided for the convenience of users. These files + usually just take up space in the tarball. + . + However, they may be a DFSG violation in that the corresponding source + and build system are not available. + . + Check if upstream also provides source-only tarballs that you can use as + the upstream distribution instead. If not, you may want to ask upstream + to provide source-only tarballs. diff --git a/tags/s/source-contains-prebuilt-yapp-parser.tag b/tags/s/source-contains-prebuilt-yapp-parser.tag new file mode 100644 index 0000000..eaeb0d0 --- /dev/null +++ b/tags/s/source-contains-prebuilt-yapp-parser.tag @@ -0,0 +1,10 @@ +Tag: source-contains-prebuilt-yapp-parser +Severity: pedantic +Check: languages/perl/yapp +Explanation: The source tarball contains a prebuilt Parse::Yapp parser. + This is usually left by mistake when generating the tarball without + first cleaning the source directory. You may want to report this as + an upstream bug if there is no sign that this was intended. + . + Please build the parser from source. +See-Also: Bug#921080 diff --git a/tags/s/source-contains-quilt-control-dir.tag b/tags/s/source-contains-quilt-control-dir.tag new file mode 100644 index 0000000..fc759c5 --- /dev/null +++ b/tags/s/source-contains-quilt-control-dir.tag @@ -0,0 +1,10 @@ +Tag: source-contains-quilt-control-dir +Severity: warning +Check: files/artifact +Explanation: The patched sources contains files in a directory + used by quilt, which are not useful in a diff or native package. + <code>dpkg-source</code> will automatically exclude these if it is passed + <code>-I</code> or <code>-i</code> for native and non-native packages + respectively. +See-Also: + dpkg-source(1) diff --git a/tags/s/source-contains-svk-commit-file.tag b/tags/s/source-contains-svk-commit-file.tag new file mode 100644 index 0000000..bab5a1d --- /dev/null +++ b/tags/s/source-contains-svk-commit-file.tag @@ -0,0 +1,6 @@ +Tag: source-contains-svk-commit-file +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains an <code>svk-commitNNN.tmp</code>, + almost certainly a left-over from a failed Subversion commit. You may + want to report this as an upstream bug. diff --git a/tags/s/source-contains-svn-commit-file.tag b/tags/s/source-contains-svn-commit-file.tag new file mode 100644 index 0000000..30cf964 --- /dev/null +++ b/tags/s/source-contains-svn-commit-file.tag @@ -0,0 +1,6 @@ +Tag: source-contains-svn-commit-file +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains an <code>svn-commit(.NNN).tmp</code>, + almost certainly a left-over from a failed Subversion commit. You may + want to report this as an upstream bug. diff --git a/tags/s/source-contains-svn-conflict-file.tag b/tags/s/source-contains-svn-conflict-file.tag new file mode 100644 index 0000000..1fc6659 --- /dev/null +++ b/tags/s/source-contains-svn-conflict-file.tag @@ -0,0 +1,9 @@ +Tag: source-contains-svn-conflict-file +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains a file that looks like a Subversion + conflict file. These are generated by Subversion when a conflict was + detected while merging local changes with updates from a source + repository. They're useful only while resolving the conflict and + were probably included by accident. You may want to report this as an + upstream bug. diff --git a/tags/s/source-contains-svn-control-dir.tag b/tags/s/source-contains-svn-control-dir.tag new file mode 100644 index 0000000..6069769 --- /dev/null +++ b/tags/s/source-contains-svn-control-dir.tag @@ -0,0 +1,9 @@ +Tag: source-contains-svn-control-dir +Severity: pedantic +Check: files/artifact +Explanation: The upstream source contains an .svn directory. It was most likely + included by accident since Subversion version control directories + usually don't belong in releases. When packaging a Subversion snapshot, + export from Subversion rather than checkout. If an upstream release + tarball contains .svn directories, this should be reported as a bug to + upstream since it can double the size of the tarball to no purpose. diff --git a/tags/s/source-contains-waf-binary.tag b/tags/s/source-contains-waf-binary.tag new file mode 100644 index 0000000..f339b95 --- /dev/null +++ b/tags/s/source-contains-waf-binary.tag @@ -0,0 +1,14 @@ +Tag: source-contains-waf-binary +Severity: error +Check: build-systems/waf +Explanation: The source tarball contains a waf binary. This file is a Python + script with an embedded bzip2 archive, which is uncompressed and unpacked + at runtime. + . + Although corresponding sources can be easily extracted, FTP Team does not + consider waf binary as the preferred form of modification; it should be + provided unpacked instead, or completely removed, if possible. + . + You might want to follow these guidelines to obtain an unpacked waf: + https://wiki.debian.org/UnpackWaf +See-Also: https://wiki.debian.org/UnpackWaf, Bug#654523 diff --git a/tags/s/source-field-malformed.tag b/tags/s/source-field-malformed.tag new file mode 100644 index 0000000..19ca1e5 --- /dev/null +++ b/tags/s/source-field-malformed.tag @@ -0,0 +1,12 @@ +Tag: source-field-malformed +Severity: error +Check: fields/source +Explanation: In <code>debian/control</code> or a <code>.dsc</code> file, the Source field + must contain only the name of the source package. In a binary package, + the Source field may also optionally contain the version number of the + corresponding source package in parentheses. + . + Source package names must consist only of lowercase letters, digits, + plus and minus signs, and periods. They must be at least two characters + long and must start with an alphanumeric character. +See-Also: debian-policy 5.6.1 diff --git a/tags/s/source-format.tag b/tags/s/source-format.tag new file mode 100644 index 0000000..a3108eb --- /dev/null +++ b/tags/s/source-format.tag @@ -0,0 +1,4 @@ +Tag: source-format +Severity: classification +Check: debian/source-dir +Explanation: This is the source format declared in the package. diff --git a/tags/s/source-is-missing.tag b/tags/s/source-is-missing.tag new file mode 100644 index 0000000..5a93f62 --- /dev/null +++ b/tags/s/source-is-missing.tag @@ -0,0 +1,12 @@ +Tag: source-is-missing +Severity: error +Check: files/source-missing +Explanation: The source of the following file is missing. Lintian checked a few + possible paths to find the source, and did not find it. + . + Please repack your package to include the source or add it to + "debian/missing-sources" directory. + . + Please note, that very-long-line-length-in-source-file tagged files + are likely tagged source-is-missing. It is a feature not + a bug. diff --git a/tags/s/source-nmu-has-incorrect-version-number.tag b/tags/s/source-nmu-has-incorrect-version-number.tag new file mode 100644 index 0000000..36e600d --- /dev/null +++ b/tags/s/source-nmu-has-incorrect-version-number.tag @@ -0,0 +1,14 @@ +Tag: source-nmu-has-incorrect-version-number +Severity: warning +Check: nmu +Explanation: A source NMU should have a Debian revision of "-x.x" (or "+nmuX" for a + native package). This is to prevent stealing version numbers from the + maintainer. + . + Maybe you didn't intend this upload to be a NMU, in that case, please + double-check that the most recent entry in the changelog is byte-for-byte + identical to the maintainer or one of the uploaders. If this is a local + package (not intended for Debian), you can suppress this warning by + putting "local" in the version number or "local package" on the first + line of the changelog entry. +See-Also: developer-reference 5.11.2 diff --git a/tags/s/source-only-upload-to-non-free-without-autobuild.tag b/tags/s/source-only-upload-to-non-free-without-autobuild.tag new file mode 100644 index 0000000..66b5ebe --- /dev/null +++ b/tags/s/source-only-upload-to-non-free-without-autobuild.tag @@ -0,0 +1,13 @@ +Tag: source-only-upload-to-non-free-without-autobuild +Severity: error +Check: archive/non-free/autobuild +Explanation: For licensing reasons, packages in the non-free section are by default + not built automatically. This source-upload to non-free will never result in built + packages appearing in the archive. + . + Please perform an upload that includes installable packages. After checking the + license, you can alternatively add <code>XS-Autobuild: yes</code> to the source + paragraph of <code>debian/control</code> and ask for the source to be added to the + <code>autobuild</code> whitelist. +See-Also: + developer-reference 5.10.5 diff --git a/tags/s/source-package-component-has-long-file-name.tag b/tags/s/source-package-component-has-long-file-name.tag new file mode 100644 index 0000000..a962c02 --- /dev/null +++ b/tags/s/source-package-component-has-long-file-name.tag @@ -0,0 +1,8 @@ +Tag: source-package-component-has-long-file-name +Severity: warning +Check: archive/file/name/length +Explanation: The source package has a component with a very long filename. + This may complicate shipping the package on some media that put + restrictions on the length of the filenames (such as CDs). +See-Also: + https://lists.debian.org/debian-devel/2011/03/msg00943.html diff --git a/tags/s/source-package-encodes-python-version.tag b/tags/s/source-package-encodes-python-version.tag new file mode 100644 index 0000000..35461f5 --- /dev/null +++ b/tags/s/source-package-encodes-python-version.tag @@ -0,0 +1,12 @@ +Tag: source-package-encodes-python-version +Severity: warning +Check: languages/python +Explanation: This source package encodes a Python version in its name such + as <code>python2-foo</code> or <code>python3-bar</code>. + . + This could result in a misleading future situation where this source + package supports multiple versions as well unnecessary given that the + binary package names will typically encode the supported versions. + . + Please override this tag with a suitably-commented override if + there is no single upstream codebase that supports both versions. diff --git a/tags/s/source-ships-excluded-file.tag b/tags/s/source-ships-excluded-file.tag new file mode 100644 index 0000000..15a5b8a --- /dev/null +++ b/tags/s/source-ships-excluded-file.tag @@ -0,0 +1,14 @@ +Tag: source-ships-excluded-file +Severity: error +Check: debian/copyright/dep5 +Renamed-From: + source-includes-file-in-files-excluded +Explanation: A file specified in the <code>Files-Excluded</code> field in + debian/copyright exists in the source tree. + . + This might be a DFSG violation, the referenced files are probably not + attributed in <code>debian/copyright</code>, or the upstream tarball was simply + not repacked as intended. Alternatively, the field is simply out of date. + . + mk-origtargz(1) is typically responsible for removing such files. Support + in <code>git-buildpackage</code> is being tracked in Bug#812721. diff --git a/tags/s/space-in-std-shortname-in-dep5-copyright.tag b/tags/s/space-in-std-shortname-in-dep5-copyright.tag new file mode 100644 index 0000000..2e7d8d9 --- /dev/null +++ b/tags/s/space-in-std-shortname-in-dep5-copyright.tag @@ -0,0 +1,6 @@ +Tag: space-in-std-shortname-in-dep5-copyright +Severity: warning +Check: debian/copyright/dep5 +See-Also: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Explanation: The “License” field contains a short name with a space, which + does not conform to the specification. diff --git a/tags/s/spare-manual-page.tag b/tags/s/spare-manual-page.tag new file mode 100644 index 0000000..982354f --- /dev/null +++ b/tags/s/spare-manual-page.tag @@ -0,0 +1,11 @@ +Tag: spare-manual-page +Severity: info +Check: documentation/manual +Renamed-From: manpage-without-executable +Explanation: Each manual page in <code>/usr/share/man</code> should have a reason to be + there. This manual page does not appear to have a valid reason to be shipped. + . + For manual pages in sections 1 and 8, an executable (or a link to one) should + exist. This check currently considers all installation packages created + by the same sources, as long as they are present. +See-Also: debian-policy 12.1, Bug#583125 diff --git a/tags/s/special-file.tag b/tags/s/special-file.tag new file mode 100644 index 0000000..edffb07 --- /dev/null +++ b/tags/s/special-file.tag @@ -0,0 +1,10 @@ +Tag: special-file +Severity: error +Check: files/special +Explanation: The package contains a so-called special file, like a device file. + That is forbidden by policy. + . + If your program needs the device file, you should create it by calling + <code>makedev</code> from the <code>postinst</code> maintainer script. +See-Also: + debian-policy 10.6 diff --git a/tags/s/specific-address-in-shared-library.tag b/tags/s/specific-address-in-shared-library.tag new file mode 100644 index 0000000..316fadf --- /dev/null +++ b/tags/s/specific-address-in-shared-library.tag @@ -0,0 +1,21 @@ +Tag: specific-address-in-shared-library +Severity: error +Check: libraries/shared/relocation +Renamed-From: + shlib-with-non-pic-code +Explanation: The listed shared libraries contain object code that was compiled + without -fPIC. All object code in shared libraries should be recompiled + separately from the static libraries with the -fPIC option. + . + Another common mistake that causes this problem is linking with + <code>gcc -Wl,-shared</code> instead of <code>gcc -shared</code>. + . + In some cases, exceptions to this rule are warranted. If this is such a + case, follow the procedure outlined in Policy and then please document + the exception by adding a Lintian override to this package. + . + To check whether a shared library has this problem, run <code>readelf + -d</code> on the shared library. If a tag of type TEXTREL is present, the + shared library contains non-PIC code. +See-Also: + debian-policy 10.2 diff --git a/tags/s/spelling-error-in-binary.tag b/tags/s/spelling-error-in-binary.tag new file mode 100644 index 0000000..f44b2f9 --- /dev/null +++ b/tags/s/spelling-error-in-binary.tag @@ -0,0 +1,19 @@ +Tag: spelling-error-in-binary +Severity: info +Check: binaries/spelling +Explanation: Lintian found a spelling error in the given binary. Lintian has a + list of common misspellings that it looks for. It does not have a + dictionary like a spelling checker does. + . + If the string containing the spelling error is translated with the help + of gettext or a similar tool, please fix the error in the translations as + well as the English text to avoid making the translations fuzzy. With + gettext, for example, this means you should also fix the spelling mistake + in the corresponding msgids in the *.po files. + . + You can often find the word in the source code by running: + . + grep -rw <word> <source-tree> + . + This tag may produce false positives for words that contain non-ASCII + characters due to limitations in <code>strings</code>. diff --git a/tags/s/spelling-error-in-changelog.tag b/tags/s/spelling-error-in-changelog.tag new file mode 100644 index 0000000..799de85 --- /dev/null +++ b/tags/s/spelling-error-in-changelog.tag @@ -0,0 +1,10 @@ +Tag: spelling-error-in-changelog +Severity: warning +Check: debian/changelog +Explanation: Lintian found a spelling error in the latest entry of the Debian + changelog. Lintian has a list of common misspellings that it looks for. + It does not have a dictionary like a spelling checker does. + . + When writing a changelog entry for a spelling fix that includes the + misspelling, ensure the word "spelling" is on the same line as the + misspelled word to avoid triggering this warning. diff --git a/tags/s/spelling-error-in-copyright.tag b/tags/s/spelling-error-in-copyright.tag new file mode 100644 index 0000000..8083e90 --- /dev/null +++ b/tags/s/spelling-error-in-copyright.tag @@ -0,0 +1,8 @@ +Tag: spelling-error-in-copyright +Severity: pedantic +Check: debian/copyright +Explanation: Lintian found a spelling error in the copyright file. Lintian has a + list of common misspellings that it looks for. It does not have a + dictionary like a spelling checker does. If this is a spelling error in + the upstream license, in supporting email messages, or a case of Lintian + being confused by non-English text, add an override. diff --git a/tags/s/spelling-error-in-description-synopsis.tag b/tags/s/spelling-error-in-description-synopsis.tag new file mode 100644 index 0000000..efe82bd --- /dev/null +++ b/tags/s/spelling-error-in-description-synopsis.tag @@ -0,0 +1,8 @@ +Tag: spelling-error-in-description-synopsis +Severity: info +Check: fields/description +Explanation: Lintian found a spelling error in the package synopsis. Lintian + has a list of common misspellings that it looks for. It does not have a + dictionary like a spelling checker does. It is particularly picky about + spelling and capitalization in package descriptions since they're very + visible to end users. diff --git a/tags/s/spelling-error-in-description.tag b/tags/s/spelling-error-in-description.tag new file mode 100644 index 0000000..7bd525c --- /dev/null +++ b/tags/s/spelling-error-in-description.tag @@ -0,0 +1,8 @@ +Tag: spelling-error-in-description +Severity: info +Check: fields/description +Explanation: Lintian found a spelling error in the package description. Lintian + has a list of common misspellings that it looks for. It does not have a + dictionary like a spelling checker does. It is particularly picky about + spelling and capitalization in package descriptions since they're very + visible to end users. diff --git a/tags/s/spelling-error-in-doc-base-abstract-field.tag b/tags/s/spelling-error-in-doc-base-abstract-field.tag new file mode 100644 index 0000000..df5ae00 --- /dev/null +++ b/tags/s/spelling-error-in-doc-base-abstract-field.tag @@ -0,0 +1,7 @@ +Tag: spelling-error-in-doc-base-abstract-field +Severity: pedantic +Check: menus +Explanation: Lintian found a spelling, grammar or capitalization error in the + <code>Abstract</code> field of the given <code>doc-base</code> control file. + . + Lintian looks for a list of common misspellings. It does not have a dictionary. diff --git a/tags/s/spelling-error-in-doc-base-title-field.tag b/tags/s/spelling-error-in-doc-base-title-field.tag new file mode 100644 index 0000000..9f83885 --- /dev/null +++ b/tags/s/spelling-error-in-doc-base-title-field.tag @@ -0,0 +1,7 @@ +Tag: spelling-error-in-doc-base-title-field +Severity: pedantic +Check: menus +Explanation: Lintian found a spelling, grammar or capitalization error in the + <code>Title</code> field of the given <code>doc-base</code> control file. + . + Lintian looks for a list of common misspellings. It does not have a dictionary. diff --git a/tags/s/spelling-error-in-news-debian.tag b/tags/s/spelling-error-in-news-debian.tag new file mode 100644 index 0000000..47e6ed7 --- /dev/null +++ b/tags/s/spelling-error-in-news-debian.tag @@ -0,0 +1,6 @@ +Tag: spelling-error-in-news-debian +Severity: pedantic +Check: debian/changelog +Explanation: Lintian found a spelling error in the latest entry of the + NEWS.Debian file. Lintian has a list of common misspellings that it + looks for. It does not have a dictionary like a spelling checker does. diff --git a/tags/s/spelling-error-in-patch-description.tag b/tags/s/spelling-error-in-patch-description.tag new file mode 100644 index 0000000..2cb3409 --- /dev/null +++ b/tags/s/spelling-error-in-patch-description.tag @@ -0,0 +1,10 @@ +Tag: spelling-error-in-patch-description +Severity: pedantic +Check: debian/patches/quilt +Explanation: Lintian found a spelling, grammar or capitalization error in the + description for this patch. Lintian has a list of common misspellings + that it looks for. It does not have a dictionary like a spelling checker + does. + . + Patch filenames or descriptions that refer to "spelling" or "typo" (or + similar) are ignored by Lintian. diff --git a/tags/s/spelling-error-in-readme-debian.tag b/tags/s/spelling-error-in-readme-debian.tag new file mode 100644 index 0000000..3c19576 --- /dev/null +++ b/tags/s/spelling-error-in-readme-debian.tag @@ -0,0 +1,6 @@ +Tag: spelling-error-in-readme-debian +Severity: pedantic +Check: debian/readme +Explanation: Lintian found a spelling error in the README.Debian file. Lintian + has a list of common misspellings that it looks for. It does not have a + dictionary like a spelling checker does. diff --git a/tags/s/spelling-error-in-rules-requires-root.tag b/tags/s/spelling-error-in-rules-requires-root.tag new file mode 100644 index 0000000..f9e0ad7 --- /dev/null +++ b/tags/s/spelling-error-in-rules-requires-root.tag @@ -0,0 +1,10 @@ +Tag: spelling-error-in-rules-requires-root +Severity: warning +Check: debian/control/field/rules-requires-root +Explanation: The sources attempt to declare a <code>Rules-Requires-Root</code> field + but the field name is misspelled. + . + This tag was necessary because Debian uses a non-standard grammar. The field should + be named <code>Rules-Require-Root</code> (with the verb in the singular). + . + For now, please rename the field to <code>Rules-Requires-Root</code>. diff --git a/tags/s/spelling-in-override-comment.tag b/tags/s/spelling-in-override-comment.tag new file mode 100644 index 0000000..52b4c52 --- /dev/null +++ b/tags/s/spelling-in-override-comment.tag @@ -0,0 +1,7 @@ +Tag: spelling-in-override-comment +Severity: pedantic +Check: debian/lintian-overrides/comments +Explanation: The comment attached to a Lintian override contains a spelling + error. + . + Lintian looks for common misspelling. It does not have a dictionary. diff --git a/tags/s/sphinxdoc-but-no-sphinxdoc-depends.tag b/tags/s/sphinxdoc-but-no-sphinxdoc-depends.tag new file mode 100644 index 0000000..1ad7690 --- /dev/null +++ b/tags/s/sphinxdoc-but-no-sphinxdoc-depends.tag @@ -0,0 +1,14 @@ +Tag: sphinxdoc-but-no-sphinxdoc-depends +Severity: warning +Check: debhelper +See-Also: dh_sphinxdoc(1) +Explanation: The source package uses Sphinx via <code>--with sphinxdoc</code> or + <code>dh_sphinxdoc</code> but no binary package specifies + <code>${sphinxdoc:Depends}</code> as a dependency. + . + The <code>sphinxdoc</code> helper is being used to make links to various + common files from other binary packages that are injected via the + <code>${sphinxdoc:Depends}</code> substitution variable. + . + Please add <code>${sphinxdoc:Depends}</code> to the relevant binary + package. diff --git a/tags/s/spurious-fields-in-upstream-signature.tag b/tags/s/spurious-fields-in-upstream-signature.tag new file mode 100644 index 0000000..deb3389 --- /dev/null +++ b/tags/s/spurious-fields-in-upstream-signature.tag @@ -0,0 +1,10 @@ +Tag: spurious-fields-in-upstream-signature +Severity: info +Check: upstream-signature +Explanation: The packaging includes a detached upstream signature file that contains + spurious fields like <code>Comment:</code> or <code>Version:</code>. They are + sometimes added by <code>gpg --enarmor</code>, especially if you have an older + version. Modern versions only add a <code>Comment:</code> field. + . + Please generate the signature with <code>gpg --armor --detach-sig</code> using a + modern version instead. diff --git a/tags/s/standards-version.tag b/tags/s/standards-version.tag new file mode 100644 index 0000000..2f993d8 --- /dev/null +++ b/tags/s/standards-version.tag @@ -0,0 +1,5 @@ +Tag: standards-version +Severity: classification +Check: fields/standards-version +Explanation: The standards version of the package according to + Standards-Version field in the <code>debian/control</code> file. diff --git a/tags/s/star-file.tag b/tags/s/star-file.tag new file mode 100644 index 0000000..fd8d5fb --- /dev/null +++ b/tags/s/star-file.tag @@ -0,0 +1,6 @@ +Tag: star-file +Severity: error +Check: files/names +Explanation: The given file is literally installed as <code>*</code> (star + symbol). Normally this indicates a mistake in the installation + process of the package either when creating symlinks or renaming files. diff --git a/tags/s/static-library-has-unneeded-sections.tag b/tags/s/static-library-has-unneeded-sections.tag new file mode 100644 index 0000000..b419e70 --- /dev/null +++ b/tags/s/static-library-has-unneeded-sections.tag @@ -0,0 +1,13 @@ +Tag: static-library-has-unneeded-sections +Severity: info +Check: libraries/static +Renamed-From: + static-library-has-unneeded-section +Explanation: The static library is stripped, but still contains a section + that is not useful. You should call strip with + <code>--remove-section=.comment --remove-section=.note</code> to remove the + <code>.note</code> and <code>.comment</code> sections. + . + <code>dh_strip</code> (after debhelper/9.20150811) will do this + automatically for you, but <code>install -s</code> will not because it calls + strip without any arguments. diff --git a/tags/s/static-link-time-optimization.tag b/tags/s/static-link-time-optimization.tag new file mode 100644 index 0000000..714bf12 --- /dev/null +++ b/tags/s/static-link-time-optimization.tag @@ -0,0 +1,18 @@ +Tag: static-link-time-optimization +Severity: info +Check: libraries/static/link-time-optimization +Explanation: + The named member of the static library ships ELF sections that indicate the + use of link-time-optimization (LTO). The use of LTO in static objects is + usually a bug. + . + In the milder case, the library will work but is larger than needed. The more + serious case is indicated by the distinct tag <code>no-code-sections</code>. + Those libraries cannot work in Debian. + . + An object file shown here was usually built with the command-line option + <code>-flto=auto</code>. +See-Also: + https://gcc.gnu.org/wiki/LinkTimeOptimization, + http://hubicka.blogspot.com/2014/04/linktime-optimization-in-gcc-2-firefox.html, + Bug#963057 diff --git a/tags/s/statically-linked-binary.tag b/tags/s/statically-linked-binary.tag new file mode 100644 index 0000000..60d3977 --- /dev/null +++ b/tags/s/statically-linked-binary.tag @@ -0,0 +1,8 @@ +Tag: statically-linked-binary +Severity: error +Check: binaries/static +Explanation: The package installs a statically linked binary or object file. + . + Usually this is a bug. Otherwise, please add an override if your package + is an exception. Binaries named *-static and *.static are automatically + excluded, as are any binaries in packages named *-static. diff --git a/tags/s/stray-devhelp-documentation.tag b/tags/s/stray-devhelp-documentation.tag new file mode 100644 index 0000000..3c5217b --- /dev/null +++ b/tags/s/stray-devhelp-documentation.tag @@ -0,0 +1,21 @@ +Tag: stray-devhelp-documentation +Severity: warning +Check: documentation/devhelp +Renamed-From: + package-contains-devhelp-file-without-symlink +Explanation: The named file is not in the Devhelp search path + (<code>/usr/share/devhelp/books</code> or <code>/usr/share/gtk-doc/html</code>) + and also not located in a directory that is accessible via a symbolic link from + that search path. Devhelp cannot find that file. + . + For Devhelp documentation installed outside the search path (such as + <code>/usr/share/doc</code>), create a symbolic link in + <code>/usr/share/gtk-doc/html</code> that points to the documentation directory. +See-Also: + https://apps.gnome.org/app/org.gnome.Devhelp/ + +Screen: examples/ship/devhelp +Advocates: Lintian Maintainers <lintian-maint@debian.org> +Reason: + Any Devhelp files shipped in the examples are not expected to be discoverable by + the Devhelp browsing tool. diff --git a/tags/s/stray-folder-in-manual.tag b/tags/s/stray-folder-in-manual.tag new file mode 100644 index 0000000..41c438d --- /dev/null +++ b/tags/s/stray-folder-in-manual.tag @@ -0,0 +1,7 @@ +Tag: stray-folder-in-manual +Severity: error +Check: documentation/manual +Renamed-Tag: stray-directory-in-manpage-directory +Explanation: This package installs a directory under <code>/usr/share/man</code> + that is not a manual section directory or locale directory. +See-Also: filesystem-hierarchy usrsharemanmanualpages diff --git a/tags/s/stray-translated-debconf-templates.tag b/tags/s/stray-translated-debconf-templates.tag new file mode 100644 index 0000000..3bda1c1 --- /dev/null +++ b/tags/s/stray-translated-debconf-templates.tag @@ -0,0 +1,8 @@ +Tag: stray-translated-debconf-templates +Severity: warning +Check: debian/po-debconf +Explanation: This package contains a file named *templates.XX or + *templates.XX_XX. This was the naming convention for the translated + templates merged using debconf-mergetemplate. Since the package is using + po-debconf, these files should be replaced by language-specific files in + the <code>debian/po</code> directory and should no longer be needed. diff --git a/tags/s/stripped-library.tag b/tags/s/stripped-library.tag new file mode 100644 index 0000000..bdb8c94 --- /dev/null +++ b/tags/s/stripped-library.tag @@ -0,0 +1,8 @@ +Tag: stripped-library +Severity: error +Check: libraries/debug-symbols +Renamed-From: + library-in-debug-or-profile-should-not-be-stripped +Explanation: Libraries in <code>.../lib/debug</code> or in + <code>.../lib/profile</code> must not be stripped; this defeats the whole + point of the separate library. diff --git a/tags/s/su-to-root-with-usr-sbin.tag b/tags/s/su-to-root-with-usr-sbin.tag new file mode 100644 index 0000000..acb4e5c --- /dev/null +++ b/tags/s/su-to-root-with-usr-sbin.tag @@ -0,0 +1,12 @@ +Tag: su-to-root-with-usr-sbin +Severity: warning +Check: menu-format +Explanation: The command in a <code>menu</code> item or in a Desktop file uses + refers to the full path <code>/usr/sbin/su-to-root</code>. + . + Since the sarge release (Debian 3.1) <code>su-to-root</code> is located in + <code>/usr/bin</code>. The location <code>/usr/sbin/su-to-root</code> is a + symbolic link to ensure compatibility. It may be dropped in the future. + . + Since <code>su-to-root</code> is now available in <code>/usr/bin</code> you + can use it without an absolute path. diff --git a/tags/s/su-wrapper-not-su-to-root.tag b/tags/s/su-wrapper-not-su-to-root.tag new file mode 100644 index 0000000..ec19bee --- /dev/null +++ b/tags/s/su-wrapper-not-su-to-root.tag @@ -0,0 +1,14 @@ +Tag: su-wrapper-not-su-to-root +Severity: warning +Check: menu-format +Explanation: The command in a <code>menu</code> item or in a Desktop file uses + a <code>su</code> wrapper other than <code>su-to-root</code>. + . + On Debian systems, please use <code>su-to-root -X</code>. That will pick the + best wrapper depending on which software is installed and which desktop + environment is being used. + . + Using <code>su-to-root</code> is especially important for Live CD systems. + They need to use <code>sudo</code> rather than <code>su</code>. The + <code>su-to-root</code> command can be configured to invoke only + <code>sudo</code>. diff --git a/tags/s/su-wrapper-without--c.tag b/tags/s/su-wrapper-without--c.tag new file mode 100644 index 0000000..a76bd24 --- /dev/null +++ b/tags/s/su-wrapper-without--c.tag @@ -0,0 +1,8 @@ +Tag: su-wrapper-without--c +Severity: error +Check: menu-format +Explanation: The command in a <code>menu</code> item or in a Desktop file uses + a <code>su</code> wrapper like <code>su-to-root</code> without the + <code>-c</code> flag. That is a syntax error. +See-Also: + su-to-root(1) diff --git a/tags/s/subdir-in-bin.tag b/tags/s/subdir-in-bin.tag new file mode 100644 index 0000000..c87fb16 --- /dev/null +++ b/tags/s/subdir-in-bin.tag @@ -0,0 +1,6 @@ +Tag: subdir-in-bin +Severity: error +Check: files/hierarchy/standard +Explanation: The Filesystem Hierarchy Standard forbids the installation of new + directories in <code>/bin</code>. +See-Also: filesystem-hierarchy binessentialusercommandbinaries diff --git a/tags/s/subdir-in-usr-bin.tag b/tags/s/subdir-in-usr-bin.tag new file mode 100644 index 0000000..17ff334 --- /dev/null +++ b/tags/s/subdir-in-usr-bin.tag @@ -0,0 +1,6 @@ +Tag: subdir-in-usr-bin +Severity: error +Check: files/hierarchy/standard +Explanation: The Filesystem Hierarchy Standard forbids the installation of new + directories in <code>/usr/bin</code> other than <code>/usr/bin/mh</code>. +See-Also: filesystem-hierarchy usrbinmostusercommands diff --git a/tags/s/substvar-source-version-is-deprecated.tag b/tags/s/substvar-source-version-is-deprecated.tag new file mode 100644 index 0000000..b010ab9 --- /dev/null +++ b/tags/s/substvar-source-version-is-deprecated.tag @@ -0,0 +1,8 @@ +Tag: substvar-source-version-is-deprecated +Severity: warning +Check: debian/version-substvars +Explanation: The package uses the now deprecated ${Source-Version} substvar, + which has misleading semantics. Please switch to ${binary:Version} or + ${source:Version} as appropriate (introduced in dpkg 1.13.19, released + with etch). Support for ${Source-Version} may be removed from dpkg-dev + in the future. diff --git a/tags/s/superficial-tests.tag b/tags/s/superficial-tests.tag new file mode 100644 index 0000000..83f4088 --- /dev/null +++ b/tags/s/superficial-tests.tag @@ -0,0 +1,12 @@ +Tag: superficial-tests +Severity: info +Check: testsuite +Explanation: The source package declares tests in the + <code>debian/tests/control</code> file but provides only tests + with a <code>superficial</code> restriction. + . + Please provide more meaningful tests. +See-Also: + https://lists.debian.org/debian-devel-announce/2019/08/msg00003.html, + Bug#932870, + https://salsa.debian.org/ci-team/autopkgtest/tree/master/doc/README.package-tests.rst diff --git a/tags/s/superfluous-clutter-in-homepage.tag b/tags/s/superfluous-clutter-in-homepage.tag new file mode 100644 index 0000000..644f414 --- /dev/null +++ b/tags/s/superfluous-clutter-in-homepage.tag @@ -0,0 +1,7 @@ +Tag: superfluous-clutter-in-homepage +Severity: warning +Check: fields/homepage +Explanation: The "Homepage:" field in this package's control file contains + superfluous markup around the URL, like enclosing < and >. + This is unnecessary and needlessly complicates using this information. +See-Also: debian-policy 5.6.23 diff --git a/tags/s/superfluous-file-pattern.tag b/tags/s/superfluous-file-pattern.tag new file mode 100644 index 0000000..1efd4d2 --- /dev/null +++ b/tags/s/superfluous-file-pattern.tag @@ -0,0 +1,12 @@ +Tag: superfluous-file-pattern +Severity: warning +Check: debian/copyright/dep5 +Rename-from: + wildcard-matches-nothing-in-dep5-copyright +Explanation: The wildcard that was specified matches no file in the source tree. + This either indicates that you should fix the wildcard so that it matches + the intended file or that you can remove the wildcard. Notice that in + contrast to shell globs, the "*" (star or asterisk) matches slashes and + leading dots. +See-Also: + https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ diff --git a/tags/s/surplus-shared-library-symbols.tag b/tags/s/surplus-shared-library-symbols.tag new file mode 100644 index 0000000..f209ddd --- /dev/null +++ b/tags/s/surplus-shared-library-symbols.tag @@ -0,0 +1,7 @@ +Tag: surplus-shared-library-symbols +Severity: warning +Check: debian/shlibs +Renamed-From: + unused-shlib-entry-in-symbols-control-file +Explanation: The symbols control file contains an entry for a shared library that + is not installed by this package. diff --git a/tags/s/svk-commit-file-in-package.tag b/tags/s/svk-commit-file-in-package.tag new file mode 100644 index 0000000..0d7e92c --- /dev/null +++ b/tags/s/svk-commit-file-in-package.tag @@ -0,0 +1,6 @@ +Tag: svk-commit-file-in-package +Severity: warning +Check: files/vcs +Explanation: The package contains an svk-commitNNN.tmp file. This file is almost + certainly a left-over from a failed Subversion commit, and does not + belong in a Debian package. diff --git a/tags/s/svn-commit-file-in-package.tag b/tags/s/svn-commit-file-in-package.tag new file mode 100644 index 0000000..7695b5e --- /dev/null +++ b/tags/s/svn-commit-file-in-package.tag @@ -0,0 +1,6 @@ +Tag: svn-commit-file-in-package +Severity: warning +Check: files/vcs +Explanation: The package contains an svn-commit(.NNN).tmp file. This file is + almost certainly a left-over from a failed Subversion commit, and does + not belong in a Debian package. diff --git a/tags/s/symbols-declares-dependency-on-other-package.tag b/tags/s/symbols-declares-dependency-on-other-package.tag new file mode 100644 index 0000000..5226cba --- /dev/null +++ b/tags/s/symbols-declares-dependency-on-other-package.tag @@ -0,0 +1,15 @@ +Tag: symbols-declares-dependency-on-other-package +Severity: warning +Check: debian/shlibs +Explanation: This package declares in its symbols control file a dependency on + some other package (and not one listed in the Provides of this package). + . + Packages should normally only list in their symbols control file the + shared libraries included in that package, and therefore the dependencies + listed there should normally be satisfied by either the package itself or + one of its Provides. + . + In unusual circumstances where it's necessary to declare more complex + dependencies in the symbols control file, please add a Lintian override + for this warning. +See-Also: debian-policy 8.6 diff --git a/tags/s/symbols-file-contains-current-version-with-debian-revision.tag b/tags/s/symbols-file-contains-current-version-with-debian-revision.tag new file mode 100644 index 0000000..266cad1 --- /dev/null +++ b/tags/s/symbols-file-contains-current-version-with-debian-revision.tag @@ -0,0 +1,15 @@ +Tag: symbols-file-contains-current-version-with-debian-revision +Severity: error +Check: debian/shlibs +Explanation: Debian revisions should be stripped from versions in symbols files. + Not doing so leads to dependencies unsatisfiable by backports (1.0-1~bpo + << 1.0-1 while 1.0-1~bpo >= 1.0). If the Debian revision can't + be stripped because the symbol really appeared between two specific + Debian revisions, you should postfix the version with a single "~" + (example: 1.0-3~ if the symbol appeared in 1.0-3). + . + This problem normally means that the symbols were added automatically by + dpkg-gensymbols. dpkg-gensymbols uses the full version number for the + dependency associated to any new symbol that it detects. The maintainer + must update the <code>debian/<package>.symbols</code> file by adding + the new symbols with the corresponding upstream version. diff --git a/tags/s/symbols-file-contains-debian-revision.tag b/tags/s/symbols-file-contains-debian-revision.tag new file mode 100644 index 0000000..c15a2fe --- /dev/null +++ b/tags/s/symbols-file-contains-debian-revision.tag @@ -0,0 +1,10 @@ +Tag: symbols-file-contains-debian-revision +Severity: warning +Check: debian/shlibs +Explanation: Debian revisions should be stripped from versions in symbols files. + Not doing so leads to dependencies unsatisfiable by backports (1.0-1~bpo + << 1.0-1 while 1.0-1~bpo >= 1.0). If the Debian revision can't + be stripped because the symbol really appeared between two specific + Debian revisions, you should postfix the version with a single "~" + (example: 1.0-3~ if the symbol appeared in 1.0-3). +See-Also: dpkg-gensymbols(1), https://wiki.debian.org/UsingSymbolsFiles diff --git a/tags/s/symbols-file-missing-build-depends-package-field.tag b/tags/s/symbols-file-missing-build-depends-package-field.tag new file mode 100644 index 0000000..f6433e7 --- /dev/null +++ b/tags/s/symbols-file-missing-build-depends-package-field.tag @@ -0,0 +1,25 @@ +Tag: symbols-file-missing-build-depends-package-field +Severity: info +Check: debian/shlibs +Explanation: The symbols file for this package does not contain a + <code>Build-Depends-Package</code> meta-information field. + . + This field specifies the name of the <code>-dev</code> package associated + to the library and is used by <code>dpkg-shlibdeps(1)</code> to make sure + that the dependency generated is at least as strict as the + corresponding build dependency. + . + This is useful as allows packages to not hardcode this information + multiple times. + . + Note that the format of <code>deb-symbols(5)</code> files requires that the + <code>* Build-Depends-Package:</code> line should start in column one of + the file and not be indented to align with the symbols themselves. + Please do not use the placeholder <code>#PACKAGE#</code>. The + development package for your shared library must be stated explicitly. +See-Also: + debian-policy 8.6.3.2, + deb-symbols(5), + dpkg-shlibdeps(1), + https://www.debian.org/doc/manuals/maint-guide/advanced.en.html#librarysymbols, + Bug#944047 diff --git a/tags/s/symbols-for-undeclared-shared-library.tag b/tags/s/symbols-for-undeclared-shared-library.tag new file mode 100644 index 0000000..3a2f53b --- /dev/null +++ b/tags/s/symbols-for-undeclared-shared-library.tag @@ -0,0 +1,7 @@ +Tag: symbols-for-undeclared-shared-library +Severity: error +Check: debian/shlibs +Renamed-From: + symbols-declared-but-not-shlib +Explanation: The symbols control file contains dependency and symbol information + for a shared library which is not listed in the shlibs control file. diff --git a/tags/s/symlink-contains-spurious-segments.tag b/tags/s/symlink-contains-spurious-segments.tag new file mode 100644 index 0000000..ab5ec2b --- /dev/null +++ b/tags/s/symlink-contains-spurious-segments.tag @@ -0,0 +1,14 @@ +Tag: symlink-contains-spurious-segments +Severity: error +Check: files/symbolic-links +Explanation: The symbolic link target contains superfluous path segments like + <code>..</code> or <code>.</code>. They are not needed and make the link longer + than necessary, which goes against Debian policy. + . + Such segments can also cause unexpected problems in the presence of symlinked + directories. + . + With Debhelper, running dh_link after creating the package structure + will fix this problem for you. +See-Also: + debian-policy 10.5 diff --git a/tags/s/symlink-ends-with-slash.tag b/tags/s/symlink-ends-with-slash.tag new file mode 100644 index 0000000..f58eb43 --- /dev/null +++ b/tags/s/symlink-ends-with-slash.tag @@ -0,0 +1,10 @@ +Tag: symlink-ends-with-slash +Severity: warning +Check: files/symbolic-links +Explanation: This symbolic link target ends with a slash (/). That geos against + Debian policy, which states that symbolic links should be as short as possible. + . + With Debhelper, running dh_link after creating the package structure + will fix this problem for you. +See-Also: + debian-policy 10.5 diff --git a/tags/s/symlink-has-double-slash.tag b/tags/s/symlink-has-double-slash.tag new file mode 100644 index 0000000..3dbe2e4 --- /dev/null +++ b/tags/s/symlink-has-double-slash.tag @@ -0,0 +1,11 @@ +Tag: symlink-has-double-slash +Severity: warning +Check: files/symbolic-links +Explanation: This symbolic link target contains two successive slashes (//). + That goes against Debian policy, which states that symbolic links should be + as short as possible. + . + With Debhelper, running dh_link after creating the package structure + will fix this problem for you. +See-Also: + debian-policy 10.5 diff --git a/tags/s/symlink-has-too-many-up-segments.tag b/tags/s/symlink-has-too-many-up-segments.tag new file mode 100644 index 0000000..86833db --- /dev/null +++ b/tags/s/symlink-has-too-many-up-segments.tag @@ -0,0 +1,5 @@ +Tag: symlink-has-too-many-up-segments +Severity: error +Check: files/symbolic-links +See-Also: debian-policy 10.5 +Explanation: The symlink references a directory beyond the root directory "/". diff --git a/tags/s/symlink-is-self-recursive.tag b/tags/s/symlink-is-self-recursive.tag new file mode 100644 index 0000000..0d37aa2 --- /dev/null +++ b/tags/s/symlink-is-self-recursive.tag @@ -0,0 +1,6 @@ +Tag: symlink-is-self-recursive +Severity: warning +Check: files/symbolic-links +Explanation: The symbolic link is recursive to a higher directory of the symlink + itself. This means, that you can infinitely chdir with this symlink. This is + usually not okay, but sometimes wanted behaviour. diff --git a/tags/s/symlink-target-in-build-tree.tag b/tags/s/symlink-target-in-build-tree.tag new file mode 100644 index 0000000..3953bd1 --- /dev/null +++ b/tags/s/symlink-target-in-build-tree.tag @@ -0,0 +1,9 @@ +Tag: symlink-target-in-build-tree +Severity: error +Check: files/symbolic-links +Explanation: The package sets a link with a target pointing to common + build paths. + . + This often occurs if the package uses regular expressions to + strip the build path without properly regex quoting the build + path. diff --git a/tags/s/symlink-target-in-tmp.tag b/tags/s/symlink-target-in-tmp.tag new file mode 100644 index 0000000..452f26b --- /dev/null +++ b/tags/s/symlink-target-in-tmp.tag @@ -0,0 +1,9 @@ +Tag: symlink-target-in-tmp +Severity: error +Check: files/symbolic-links +Explanation: Packages must not set links with targets pointing into <code>/tmp</code> or + <code>/var/tmp</code>. The File Hierarchy Standard specifies that such files + may be removed by the administrator and that programs may not depend on + any files in <code>/tmp</code> being preserved across invocations, which + combined mean that it makes no sense to ship files in these directories. +See-Also: filesystem-hierarchy tmptemporaryfiles, filesystem-hierarchy vartmptemporaryfilespreservedbetwee diff --git a/tags/s/synopsis-is-a-sentence.tag b/tags/s/synopsis-is-a-sentence.tag new file mode 100644 index 0000000..8a351a5 --- /dev/null +++ b/tags/s/synopsis-is-a-sentence.tag @@ -0,0 +1,15 @@ +Tag: synopsis-is-a-sentence +Severity: info +Check: fields/description +Renamed-From: description-synopsis-might-not-be-phrased-properly +Explanation: The package synopsis (also known as the "short" description, ie. the + first line in the package's "Description:" field) either ends with a full + stop "." character or starts another sentence. + . + This is not necessary as the synopsis does not need to be a full + sentence. It is recommended that a single descriptive phrase is used + instead. + . + Note also that the synopsis is not part of the rest of the "long" + Description: field. +See-Also: developer-reference 6.2.2 diff --git a/tags/s/synopsis-too-long.tag b/tags/s/synopsis-too-long.tag new file mode 100644 index 0000000..5ffa77a --- /dev/null +++ b/tags/s/synopsis-too-long.tag @@ -0,0 +1,6 @@ +Tag: synopsis-too-long +Severity: warning +Check: fields/description +Renamed-From: description-too-long +Explanation: The first line of the "Description:" must be less than 80 characters long. +See-Also: debian-policy 3.4.1 diff --git a/tags/s/syntax-error-in-debconf-template.tag b/tags/s/syntax-error-in-debconf-template.tag new file mode 100644 index 0000000..8c010ff --- /dev/null +++ b/tags/s/syntax-error-in-debconf-template.tag @@ -0,0 +1,7 @@ +Tag: syntax-error-in-debconf-template +Severity: error +Check: debian/debconf +Explanation: The template file contains a syntax error. + . + This issue may hide other issues as Lintian skips some checks on the + file in this case. diff --git a/tags/s/syntax-error-in-debian-changelog.tag b/tags/s/syntax-error-in-debian-changelog.tag new file mode 100644 index 0000000..a6b3522 --- /dev/null +++ b/tags/s/syntax-error-in-debian-changelog.tag @@ -0,0 +1,12 @@ +Tag: syntax-error-in-debian-changelog +Severity: warning +Check: debian/changelog +Explanation: While parsing the Debian changelog, a syntax error was found. If + you have old changelog entries that don't follow the current syntax but + that you want to keep as-is for the historical record, add the line: + . + Old Changelog: + . + with no leading whitespace before the legacy entries. This line and + everything after it will be ignored. +See-Also: debian-policy 4.4 diff --git a/tags/s/syntax-error-in-debian-news-file.tag b/tags/s/syntax-error-in-debian-news-file.tag new file mode 100644 index 0000000..557dff4 --- /dev/null +++ b/tags/s/syntax-error-in-debian-news-file.tag @@ -0,0 +1,5 @@ +Tag: syntax-error-in-debian-news-file +Severity: warning +Check: debian/changelog +Explanation: While parsing the NEWS.Debian file, a syntax error was found. +See-Also: developer-reference 6.3.4 diff --git a/tags/s/syntax-error-in-dep5-copyright.tag b/tags/s/syntax-error-in-dep5-copyright.tag new file mode 100644 index 0000000..1ec35c4 --- /dev/null +++ b/tags/s/syntax-error-in-dep5-copyright.tag @@ -0,0 +1,9 @@ +Tag: syntax-error-in-dep5-copyright +Severity: warning +Check: debian/copyright/dep5 +See-Also: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Explanation: The machine-readable copyright file didn't pass Debian control file + syntax check. + . + This issue may hide other issues as Lintian skips some checks on the + file in this case. diff --git a/tags/s/syntax-error-in-symbols-file.tag b/tags/s/syntax-error-in-symbols-file.tag new file mode 100644 index 0000000..b77ce22 --- /dev/null +++ b/tags/s/syntax-error-in-symbols-file.tag @@ -0,0 +1,8 @@ +Tag: syntax-error-in-symbols-file +Severity: error +Check: debian/shlibs +Explanation: The symbols file contains an entry that does not follow the syntax + rules for symbols files. + . + This may be due to the entry appearing out of sequence. +See-Also: deb-symbols(5) diff --git a/tags/s/systemd-service-alias-without-extension.tag b/tags/s/systemd-service-alias-without-extension.tag new file mode 100644 index 0000000..58fdc51 --- /dev/null +++ b/tags/s/systemd-service-alias-without-extension.tag @@ -0,0 +1,8 @@ +Tag: systemd-service-alias-without-extension +Severity: warning +Check: systemd +See-Also: http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Alias= +Explanation: The service file lists an alias without a file extension. + . + The spec mandates that the extension of the listed alias matches + the extension of the unit itself. diff --git a/tags/s/systemd-service-file-missing-documentation-key.tag b/tags/s/systemd-service-file-missing-documentation-key.tag new file mode 100644 index 0000000..896e36b --- /dev/null +++ b/tags/s/systemd-service-file-missing-documentation-key.tag @@ -0,0 +1,8 @@ +Tag: systemd-service-file-missing-documentation-key +Severity: info +Check: systemd +Explanation: The systemd service file does not contain a <code>Documentation</code> key. + . + Documentation for systemd service files can be automatically viewed using + <code>systemctl help servicename</code> if this field is present. +See-Also: systemd.unit(5) diff --git a/tags/s/systemd-service-file-missing-hardening-features.tag b/tags/s/systemd-service-file-missing-hardening-features.tag new file mode 100644 index 0000000..fe337af --- /dev/null +++ b/tags/s/systemd-service-file-missing-hardening-features.tag @@ -0,0 +1,15 @@ +Tag: systemd-service-file-missing-hardening-features +Severity: pedantic +Experimental: yes +Check: systemd +Explanation: The specified systemd <code>.service</code> file does not appear to + enable any hardening options. + . + systemd has support for many security-oriented features such as + isolating services from the network, private <code>/tmp</code> directories, + as well as control over making directories appear read-only or even + inaccessible, etc. + . + Please consider supporting some options, collaborating upstream where + necessary about any potential changes. +See-Also: systemd.service(5), http://0pointer.de/blog/projects/security.html diff --git a/tags/s/systemd-service-file-missing-install-key.tag b/tags/s/systemd-service-file-missing-install-key.tag new file mode 100644 index 0000000..0d5dbd6 --- /dev/null +++ b/tags/s/systemd-service-file-missing-install-key.tag @@ -0,0 +1,9 @@ +Tag: systemd-service-file-missing-install-key +Severity: info +Check: systemd +Explanation: The systemd service file does not contain a <code>WantedBy=</code> or + <code>RequiredBy=</code> key in its <code>[Install]</code> section. + . + Forgetting to add such a line (e.g. <code>WantedBy=multi-user.target</code>) + results in the service file not being started by default. +See-Also: systemd.unit(5) diff --git a/tags/s/systemd-service-file-refers-to-obsolete-bindto.tag b/tags/s/systemd-service-file-refers-to-obsolete-bindto.tag new file mode 100644 index 0000000..592c89a --- /dev/null +++ b/tags/s/systemd-service-file-refers-to-obsolete-bindto.tag @@ -0,0 +1,8 @@ +Tag: systemd-service-file-refers-to-obsolete-bindto +Severity: warning +Check: systemd +Explanation: The systemd service file refers to the obsolete BindTo= option. + . + The <code>BindTo=</code> option has been deprecated in favour of + <code>BindsTo=</code> which should be used instead. +See-Also: https://github.com/systemd/systemd/commit/7f2cddae09fd2579ae24434df577bb5e5a157d86 diff --git a/tags/s/systemd-service-file-refers-to-obsolete-target.tag b/tags/s/systemd-service-file-refers-to-obsolete-target.tag new file mode 100644 index 0000000..8986cc1 --- /dev/null +++ b/tags/s/systemd-service-file-refers-to-obsolete-target.tag @@ -0,0 +1,8 @@ +Tag: systemd-service-file-refers-to-obsolete-target +Severity: warning +Check: systemd +Explanation: The systemd service file refers to an obsolete target. + . + Some targets are obsolete by now, e.g. syslog.target or dbus.target. For + example, declaring <code>After=syslog.target</code> is unnecessary by now because + syslog is socket-activated and will therefore be started when needed. diff --git a/tags/s/systemd-service-file-refers-to-unusual-wantedby-target.tag b/tags/s/systemd-service-file-refers-to-unusual-wantedby-target.tag new file mode 100644 index 0000000..d2062e5 --- /dev/null +++ b/tags/s/systemd-service-file-refers-to-unusual-wantedby-target.tag @@ -0,0 +1,11 @@ +Tag: systemd-service-file-refers-to-unusual-wantedby-target +Severity: warning +Check: systemd +Explanation: The specified systemd service file declares an unusual + <code>WantedBy=</code> relationship. + . + Most services that want to be started automatically at boot should use + <code>WantedBy=multi-user.target</code> or <code>WantedBy=graphical.target</code>. + Services that want to be started in rescue or single-user mode should + instead use <code>WantedBy=sysinit.target</code> +See-Also: https://wiki.debian.org/Teams/pkg-systemd/rcSMigration diff --git a/tags/s/systemd-service-file-refers-to-var-run.tag b/tags/s/systemd-service-file-refers-to-var-run.tag new file mode 100644 index 0000000..2eb00d2 --- /dev/null +++ b/tags/s/systemd-service-file-refers-to-var-run.tag @@ -0,0 +1,13 @@ +Tag: systemd-service-file-refers-to-var-run +Severity: info +Check: systemd +Explanation: The specified systemd service file declares a <code>PIDFile=</code> + that references <code>/var/run</code>. + . + <code>/var/run</code> is now merely a symlink pointing to <code>/run</code> and + thus it is now considered best practice that packages use <code>/run</code> + directly. + . + Please update the specified service file. +Renamed-From: + systemd-service-file-pidfile-refers-to-var-run diff --git a/tags/s/systemd-service-file-shutdown-problems.tag b/tags/s/systemd-service-file-shutdown-problems.tag new file mode 100644 index 0000000..ffb9a49 --- /dev/null +++ b/tags/s/systemd-service-file-shutdown-problems.tag @@ -0,0 +1,18 @@ +Tag: systemd-service-file-shutdown-problems +Severity: warning +Experimental: no +Check: systemd +See-Also: https://github.com/systemd/systemd/issues/11821 +Explanation: The specified systemd <code>.service</code> file contains both + <code>DefaultDependencies=no</code> and <code>Conflicts=shutdown.target</code> + directives without <code>Before=shutdown.target</code>. + . + This can lead to problems during shutdown because the service may + linger until the very end of shutdown sequence as nothing requests to + stop it before (due to <code>DefaultDependencies=no</code>). + . + There is race condition between stopping units and systemd getting a + request to exit the main loop, so it may proceed with shutdown before + all pending stop jobs have been processed. + . + Please add <code>Before=shutdown.target</code>. diff --git a/tags/s/systemd-service-file-uses-deprecated-syslog-facility.tag b/tags/s/systemd-service-file-uses-deprecated-syslog-facility.tag new file mode 100644 index 0000000..71db78c --- /dev/null +++ b/tags/s/systemd-service-file-uses-deprecated-syslog-facility.tag @@ -0,0 +1,11 @@ +Tag: systemd-service-file-uses-deprecated-syslog-facility +Severity: warning +Check: systemd +Explanation: The specified systemd service file specifies + <code>StandardOutput=</code> or <code>StandardError=</code> that references + <code>syslog</code> or <code>syslog-console</code>. + . + This is discouraged, and systemd versions 246 and above will log a + warning about this. +See-Also: + https://github.com/systemd/systemd/blob/6706384a89ae0c462e7172588c80667190c4d9e2/NEWS#L724 diff --git a/tags/s/systemd-service-file-uses-nobody-or-nogroup.tag b/tags/s/systemd-service-file-uses-nobody-or-nogroup.tag new file mode 100644 index 0000000..d755ad5 --- /dev/null +++ b/tags/s/systemd-service-file-uses-nobody-or-nogroup.tag @@ -0,0 +1,10 @@ +Tag: systemd-service-file-uses-nobody-or-nogroup +Severity: warning +Check: systemd +Explanation: The specified <code>systemd</code> service file declares a <code>User=</code> + or <code>Group=</code> that references <code>nobody</code> or <code>nogroup</code>. + . + The practice is discouraged. Starting with version 246, <code>systemd</code> version will + log a warning about it. +See-Also: + https://github.com/systemd/systemd/blob/v246/NEWS#L106-L113 diff --git a/tags/s/systemd-service-file-wraps-init-script.tag b/tags/s/systemd-service-file-wraps-init-script.tag new file mode 100644 index 0000000..8a895e6 --- /dev/null +++ b/tags/s/systemd-service-file-wraps-init-script.tag @@ -0,0 +1,11 @@ +Tag: systemd-service-file-wraps-init-script +Severity: warning +Check: systemd +Explanation: The listed service file simply uses ths existing SysV init script + via ExecStart, ExecStop, etc. + . + The main logic of more complex init scripts should be moved into helper + scripts which can be used directly from both the .service file and the + init script. This will also make the init scripts more readable and easier + to support other alternatives. Note that as /etc/init.d/* files are + conffiles, such updates are not guaranteed to reach users. diff --git a/tags/s/systemd-service-in-odd-location.tag b/tags/s/systemd-service-in-odd-location.tag new file mode 100644 index 0000000..851d5ae --- /dev/null +++ b/tags/s/systemd-service-in-odd-location.tag @@ -0,0 +1,18 @@ +Tag: systemd-service-in-odd-location +Severity: error +Check: systemd +Explanation: The package ships a systemd service file in a location outside + <code>/usr/lib/systemd/system/</code> + . + Systemd in Debian looks for unit files in <code>/usr/lib/systemd/system/</code>. + <code>/lib/systemd/system/</code> and <code>/etc/systemd/system</code>, but the + first location is now standard in Debian. + . + System administrators have the possibility to override service files (or in newer + systemd versions, parts of them) by placing files in <code>/etc/systemd/system</code>. + The canonical location for service files in Debian is <code>/usr/lib/systemd/system/</code>. +See-Also: + Bug#992465, + Bug#987989, + https://salsa.debian.org/debian/debhelper/-/commit/d70caa69c64b124e3611c967cfab93aef48346d8, + https://lists.debian.org/debian-devel/2021/08/msg00275.html diff --git a/tags/s/systemd-tmpfile-in-var-run.tag b/tags/s/systemd-tmpfile-in-var-run.tag new file mode 100644 index 0000000..341a133 --- /dev/null +++ b/tags/s/systemd-tmpfile-in-var-run.tag @@ -0,0 +1,12 @@ +Tag: systemd-tmpfile-in-var-run +Severity: info +Check: systemd/tmpfiles +Explanation: The named systemd file declares a temporary file with a location + in <code>/var/run</code>. + . + <code>/var/run</code> is nowadays a just symbolic link to <code>/run</code>. + Packages should use <code>/run</code> instead. + . + Please update the named file. +See-Also: + Bug#984678 |