On Fri, Jul 21, 2017 at 7:52 PM, Chris Lamb <ch...@chris-lamb.co.uk> wrote: > This is an automated email from the git hooks/post-receive script. > > lamby pushed a commit to branch master > in repository lintian. > > commit 9da2a1aceb5a4281a2a627d95f5c9288bab85038 > Author: Chris Lamb <la...@debian.org> > Date: Thu Jul 20 22:58:44 2017 +0100 > > Check that non-ELF maintainer scripts start with #!. (Closes: #843428) > --- > collection/scripts | 13 > +++++++++++-- > debian/changelog | 4 ++++ > .../debian/debian/phpmyfoo.postrm | 4 ++++ > t/tests/apache2-webapplications-general/tags | 2 ++ > t/tests/legacy-scripts/tags | 1 + > .../debian/debian/postinst | 9 +++++++++ > .../debian/debian/postrm | 7 +++++++ > .../scripts-does-not-start-with-shebang/debian/debian/rules | 8 ++++++++ > t/tests/scripts-does-not-start-with-shebang/debian/true.c | 5 +++++ > t/tests/scripts-does-not-start-with-shebang/desc | 6 ++++++ > t/tests/scripts-does-not-start-with-shebang/tags | 1 + > 11 files changed, 58 insertions(+), 2 deletions(-) > > diff --git a/collection/scripts b/collection/scripts > index 1fabc86..1c4260a 100755 > --- a/collection/scripts > +++ b/collection/scripts > @@ -69,8 +69,17 @@ sub collect { > open(my $ctrl_fd, '>', "$dir/control-scripts"); > for my $path ($info->control_index('')->children) { > next unless $path->is_open_ok; > - my $scriptpath = shebang_line($path); > - next unless defined($scriptpath); > + # Only collect maintainer scripts > + next unless $path =~ m/^(?:(?:pre|post)(?:inst|rm)|config)$/; > + > + # Allow ELF binaries > + my $magic; > + my $fd = $path->open; > + if (read($fd, $magic, 4)) { > + next if $magic eq "\x7FELF"; > + } > + close($fd); > + my $scriptpath = shebang_line($path) // '';
I will have tagged with an info tag the ELF maint script.... > > # Remove everything after the first space (i.e. any options) > $scriptpath =~ s/\s++ .++ \Z//xsm; > diff --git a/debian/changelog b/debian/changelog > index e549e03..9782aa6 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -82,6 +82,10 @@ lintian (2.5.52) UNRELEASED; urgency=medium > + [CL] Factor out hard-coded list of possible upstream key locations > to the "common/signing-key-filenames" Lintian::Data resource. > > + * collection/scripts: > + + [CL] Check that non-ELF maintainer scripts start with #!. > + (Closes: #843428) > + > * commands/lintian.pm: > + [NT] Attempt to clean up on SIGTERM (like with SIGINT). > + [CL] Allow the use of suppress-tags=<tag>[,<tag>[,<tag>]] in > diff --git > a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm > b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm > index 2fffaab..d0db12e 100644 > --- a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm > +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm > @@ -1,3 +1,7 @@ > +#!/bin/sh > + > +set -e > + > if [ "$1" = 'configure' ] ; then > a2disconf -q phpmyfoo > fi > diff --git a/t/tests/apache2-webapplications-general/tags > b/t/tests/apache2-webapplications-general/tags > index 725895b..3f2bb1c 100644 > --- a/t/tests/apache2-webapplications-general/tags > +++ b/t/tests/apache2-webapplications-general/tags > @@ -12,7 +12,9 @@ W: phpmyfoo: apache2-deprecated-auth-config </Limit> > W: phpmyfoo: apache2-deprecated-auth-config <Limit POST PUT DELETE> > W: phpmyfoo: apache2-deprecated-auth-config Order > W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postinst > +W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postrm > W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postinst > a2enconf > +W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postrm a2disconf > W: phpmyfoo: apache2-unparsable-dependency > etc/apache2/conf-available/phpmyfoo.conf bar2.conf > W: phpmyfoo: apache2-unsupported-dependency > etc/apache2/conf-available/phpmyfoo.conf Conflicts > W: phpmyfoo: web-application-depends-on-apache2-data-package apache2-bin > diff --git a/t/tests/legacy-scripts/tags b/t/tests/legacy-scripts/tags > index 913844d..2feeb5d 100644 > --- a/t/tests/legacy-scripts/tags > +++ b/t/tests/legacy-scripts/tags > @@ -21,6 +21,7 @@ E: scripts: php-script-but-no-php-cli-dep > usr/share/scripts/phpenvfoo > E: scripts: php-script-but-no-php-cli-dep usr/share/scripts/phpfoo > E: scripts: python-script-but-no-python-dep usr/bin/py2.Xfoo > E: scripts: python-script-but-no-python-dep usr/bin/pyfoo > +E: scripts: script-without-interpreter control/prerm > E: scripts: shell-script-fails-syntax-check usr/bin/sh-broken > E: scripts: wrong-path-for-interpreter usr/bin/lefty-foo > (#!/usr/local/bin/lefty != /usr/bin/lefty) > E: scripts: wrong-path-for-interpreter usr/bin/rubyfoo (#!/bin/ruby1.8 != > /usr/bin/ruby1.8) > diff --git > a/t/tests/scripts-does-not-start-with-shebang/debian/debian/postinst > b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postinst > new file mode 100644 > index 0000000..9438152 > --- /dev/null > +++ b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postinst > @@ -0,0 +1,9 @@ > +#!/bin/sh > + > +# This file should not be triggered by script-without-interpreter > + > +set -e > + > +true > + > +#DEBHELPER# > diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/debian/postrm > b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postrm > new file mode 100644 > index 0000000..5a2a7e7 > --- /dev/null > +++ b/t/tests/scripts-does-not-start-with-shebang/debian/debian/postrm > @@ -0,0 +1,7 @@ > +# This file should be triggered by script-without-interpreter > + > +set -e > + > +true > + > +#DEBHELPER# > diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/debian/rules > b/t/tests/scripts-does-not-start-with-shebang/debian/debian/rules > new file mode 100755 > index 0000000..84ab89a > --- /dev/null > +++ b/t/tests/scripts-does-not-start-with-shebang/debian/debian/rules > @@ -0,0 +1,8 @@ > +#!/usr/bin/make -f > + > +%: > + dh $@ > + > +override_dh_installdeb: > + dh_installdeb > + gcc -o debian/$(shell dh_listpackages)/DEBIAN/preinst true.c > diff --git a/t/tests/scripts-does-not-start-with-shebang/debian/true.c > b/t/tests/scripts-does-not-start-with-shebang/debian/true.c > new file mode 100644 > index 0000000..8479e67 > --- /dev/null > +++ b/t/tests/scripts-does-not-start-with-shebang/debian/true.c > @@ -0,0 +1,5 @@ > +int > +main(void) > +{ > + return 0; > +} > diff --git a/t/tests/scripts-does-not-start-with-shebang/desc > b/t/tests/scripts-does-not-start-with-shebang/desc > new file mode 100644 > index 0000000..f999796 > --- /dev/null > +++ b/t/tests/scripts-does-not-start-with-shebang/desc > @@ -0,0 +1,6 @@ > +Testname: scripts-does-not-start-with-shebang > +Type: native > +Version: 1.0 > +Description: Check for maintainer scripts that do not start with #! > +Test-For: > + script-without-interpreter > diff --git a/t/tests/scripts-does-not-start-with-shebang/tags > b/t/tests/scripts-does-not-start-with-shebang/tags > new file mode 100644 > index 0000000..c93921a > --- /dev/null > +++ b/t/tests/scripts-does-not-start-with-shebang/tags > @@ -0,0 +1 @@ > +E: scripts-does-not-start-with-shebang: script-without-interpreter > control/postrm > > -- > Alioth's /usr/local/bin/git-commit-notice on > /srv/git.debian.org/git/lintian/lintian.git >