Added lots more modules from lintian. Maemian appears to work.

[maemian] / checks / scripts.desc

Check-Script: scripts
Author: Richard Braakman <dark@xs4all.nl>
Abbrev: scr
Type: binary
Unpack-Level: 2
Info: This script checks the #! lines of scripts in a package.
Needs-Info: file-info, scripts

Tag: script-without-interpreter
Severity: important
Certainty: certain
Info: This file starts with the #! sequence that identifies scripts, but
 it does not name an interpreter.

Tag: executable-not-elf-or-script
Severity: normal
Certainty: certain
Info: This executable file is not an ELF format binary, and does not start
 with the #! sequence that marks interpreted scripts.  It might be a sh script
 that fails to name /bin/sh as its shell.
Ref: policy 10.4

Tag: script-not-executable
Severity: normal
Certainty: certain
Info: This file starts with the #! sequence that marks interpreted scripts,
 but it is not executable.

Tag: interpreter-not-absolute
Severity: normal
Certainty: certain
Info: This script uses a relative path to locate its interpreter.
 This path will be taken relative to the caller's current directory, not
 the script's, so it is not likely to be what was intended.

Tag: unusual-interpreter
Severity: normal
Certainty: possible
Info: This package contains a script for an interpreter that the Maemian
 maintainers have not heard of.  It could be a typo for a common
 interpreter.  If not, please file a wishlist bug on lintian so that the
 Maemian maintainers can add this interpreter to their list.

Tag: script-uses-bin-env
Severity: normal
Certainty: certain
Info: This script uses /bin/env as its interpreter (used to find the
 actual interpreter on the user's path).  There is no /bin/env on Debian
 systems; env is instead installed as /usr/bin/env.  Usually, the path to
 env in the script should be changed.

Tag: forbidden-config-interpreter
Severity: important
Certainty: certain
Info: This package contains a <tt>config</tt> script for pre-configuring
 the package.  During pre-configuration, however, only essential packages
 are guaranteed to be installed, so you cannot use a non-essential
 interpreter.

Tag: forbidden-postrm-interpreter
Severity: serious
Certainty: certain
Info: This package contains a <tt>postrm</tt> maintainer script that uses
 an interpreter that isn't essential.  The <tt>purge</tt> action of
 <tt>postrm</tt> can only rely on essential packages, which means the
 interpreter used by <tt>postrm</tt> must be one of the essential ones
 (<tt>sh</tt>, <tt>bash</tt>, or <tt>perl</tt>).
Ref: policy 7.2

Tag: unusual-control-interpreter
Severity: minor
Certainty: certain
Info: This package contains a control script for an interpreter that is
 not normally used for control scripts.  This is permissible but not
 recommended.  It makes it harder for other developers to understand your
 package.

Tag: unknown-control-interpreter
Severity: important
Certainty: possible
Info: This package contains a maintainer script that uses an interpreter
 that the Maemian maintainers have not heard of.  This is usually a typo
 for a common interpreter.  If not, please file a wishlist bug on lintian
 so that the Maemian maintainers can add this interpreter to their list.

Tag: interpreter-in-usr-local
Severity: important
Certainty: certain
Info: This package contains a script that looks for an interpreter in a
 directory in /usr/local.  Since Debian does not install anything in
 /usr/local, this is the wrong place to look.

Tag: control-interpreter-in-usr-local
Severity: serious
Certainty: certain
Info: A control script for this package references an interpreter in a
 directory in <tt>/usr/local</tt>.  Control scripts must use interpreters
 provided by Debian packages, and Debian packages do not install anything
 in <tt>/usr/local</tt>.

Tag: preinst-interpreter-without-predepends
Severity: serious
Certainty: certain
Info: The package contains a <tt>preinst</tt> maintainer script that uses
 an unusual and non-essential interpreter but does not declare a
 pre-dependency on the package that provides this interpreter.
 .
 <tt>preinst</tt> scripts should be written using only essential
 interpreters to avoid additional dependency complexity.  Please do not
 add a pre-dependency without following the policy for doing so (Policy
 section 3.5).
Ref: policy 7.2

Tag: control-interpreter-without-depends
Severity: serious
Certainty: possible
Info: The package contains a maintainer script that uses an unusual and
 non-essential interpreter but does not declare a dependency on the
 package that provides this interpreter.
Ref: policy 7.2

Tag: missing-dep-for-interpreter
Severity: important
Certainty: possible
Info: You used an interpreter for a script that is not in an essential
 package.  In most cases, you will need to add a Dependency on the
 package that contains the interpreter.  If the dependency is already
 present, please file a bug against Maemian with the details of your
 package so that its database can be updated.
 .
 In some cases a weaker relationship, such as Suggests or Recommends, will
 be more appropriate.

Tag: csh-considered-harmful
Severity: normal
Certainty: certain
Info: The Debian policy for scripts explicitly warns against using csh
 and tcsh as scripting languages.
Ref: policy 10.4

Tag: suid-perl-script-but-no-perl-suid-dep
Severity: important
Certainty: certain
Info: Packages that use perl scripts that are suid must depend on the
 perl-suid package.
 .
 In some cases a weaker relationship, such as Suggests or Recommends, will
 be more appropriate.

Tag: wrong-path-for-interpreter
Severity: important
Certainty: certain
Info: The interpreter you used is installed at another location on Debian
 systems.

Tag: gawk-script-but-no-gawk-dep
Severity: important
Certainty: certain
Info: Packages that use gawk scripts must depend on the gawk package.
 If they don't need gawk-specific features, and can just as easily work
 with mawk, then they should be awk scripts instead.
 .
 In some cases a weaker relationship, such as Suggests or Recommends, will
 be more appropriate.

Tag: mawk-script-but-no-mawk-dep
Severity: important
Certainty: certain
Info: Packages that use mawk scripts must depend on the mawk package.
 If they don't need mawk-specific features, and can just as easily work
 with gawk, then they should be awk scripts instead.
 .
 In some cases a weaker relationship, such as Suggests or Recommends, will
 be more appropriate.

Tag: php-script-but-no-phpX-cli-dep
Severity: important
Certainty: certain
Info: Packages with PHP scripts must depend on a phpX-cli package such as
 php5-cli.  Note that a dependency on a php-cgi package (such as php5-cgi)
 is needlessly strict and forces the user to install a package that isn't
 needed.
 .
 In some cases a weaker relationship, such as Suggests or Recommends, will
 be more appropriate.
 .
 Maemian can only recognize phpX-cli dependencies for values of X that it
 knows are available in the archive.  You will get this warning if you
 allow, as alternatives, versions of PHP that are so old they're not
 available in stable.  The correct fix in those cases is probably to drop
 the old alternative.  If this package depends on a newer php-cli package
 that Maemian doesn't know about, please file a bug against Maemian so
 that it can be updated.

Tag: python-script-but-no-python-dep
Severity: important
Certainty: certain
Info: Packages with Python scripts must depend on the package python.
 Those that have scripts executed with a versioned python package need a
 dependency on the equivalent version of python. 
 .
 For example, if a script in the package uses <tt>#!/usr/bin/python</tt>,
 the package needs a dependency on "python".  If a script uses
 <tt>#!/usr/bin/python2.5</tt>, the package need a dependency on
 "python2.5".
 .
 In some cases a weaker relationship, such as Suggests or Recommends, will
 be more appropriate.

Tag: ruby-script-but-no-ruby-dep
Severity: important
Certainty: certain
Info: Packages with Ruby scripts must depend on the package ruby. Those
 that have Ruby scripts that run under a specific version of Ruby need a
 dependency on the equivalent version of Ruby.
 .
 For example, if a script in the package uses <tt>#!/usr/bin/ruby</tt>,
 the package needs a dependency on "ruby".  If a script uses
 <tt>#!/usr/bin/ruby1.9</tt>, then the package need a dependency on
 "ruby1.9".
 .
 In some cases a weaker relationship, such as Suggests or Recommends, will
 be more appropriate.

Tag: wish-script-but-no-wish-dep
Severity: important
Certainty: certain
Info: Packages that include wish scripts must depend on the virtual
 package wish or, if they require a specific version of wish or tk, that
 version of tk.
 .
 In some cases a weaker relationship, such as Suggests or Recommends, will
 be more appropriate.

Tag: tclsh-script-but-no-tclsh-dep
Severity: important
Certainty: certain
Info: Packages that include tclsh scripts must depend on the virtual
 package tclsh or, if they require a specific version of tcl, that
 version of tcl.
 .
 In some cases a weaker relationship, such as Suggests or Recommends, will
 be more appropriate.

Tag: calls-suidperl-directly
Severity: important
Certainty: certain
Info: Since perl version 5.8.3-3, /usr/bin/suidperl shouldn't be called
 directly anymore (and doing so will lead to errors in most cases) but the
 script should just use /usr/bin/perl as interpreter which will call
 suidperl automatically if the script has the suid permission bit set.

Tag: shell-script-fails-syntax-check
Severity: important
Certainty: certain
Info: Running this shell script with the shell's -n option set fails,
 which means that the script has syntax errors.
 .
 Run e.g. <tt>sh -n yourscript</tt> to see the errors yourself.

Tag: maintainer-shell-script-fails-syntax-check
Severity: serious
Certainty: certain
Info: Running this shell script with the shell's -n option set fails,
 which means that the script has syntax errors. This will likely make
 the package uninstallable.
 .
 Run e.g. <tt>sh -n yourscript</tt> to see the errors yourself.

Tag: possibly-insecure-handling-of-tmp-files-in-maintainer-script
Severity: normal
Certainty: possible
Info: The maintainer script seems to access a file in <tt>/tmp</tt> or
 some other temporary directory. Since creating temporary files in a
 world-writable directory is very dangerous, this is likely to be a
 security bug. Use the <tt>tempfile</tt> or <tt>mktemp</tt> utilities to
 create temporary files in these directories.
Ref: policy 10.4

Tag: killall-is-dangerous
Severity: normal
Certainty: possible
Info: The maintainer script seems to call <tt>killall</tt>.  Since this
 utility kills processes by name, it may well end up killing unrelated
 processes.  Most uses of <tt>killall</tt> should use <tt>invoke-rc.d</tt>
 instead.

Tag: mknod-in-maintainer-script
Severity: serious
Certainty: certain
Ref: policy 10.6
Info: Maintainer scripts must not create device files directly.  They
 should call MAKEDEV instead.

Tag: start-stop-daemon-in-maintainer-script
Severity: normal
Certainty: certain
Info: The maintainer script seems to call <tt>start-stop-daemon</tt>
 directly.  Long-running daemons should be started and stopped via init
 scripts using <tt>invoke-rc.d</tt> rather than directly in maintainer
 scripts.
Ref: policy 9.3.3.2

Tag: maintainer-script-removes-device-files
Severity: serious
Certainty: certain
Ref: policy 10.6
Info: Maintainer scripts must not remove device files.  This is left to
 the system administrator.

Tag: read-in-maintainer-script
Severity: normal
Certainty: certain
Ref: policy 3.9.1 
Info: This maintainer script appears to use read to get information from
 the user.  Prompting in maintainer scripts should be done by
 communicating through a program such as debconf which conforms to the
 Debian Configuration management specification, version 2 or higher.

Tag: possible-bashism-in-maintainer-script
Severity: normal
Certainty: possible
Ref: policy 10.4
Info: This script is marked as running under <tt>/bin/sh</tt>, but it seems
 to use a feature found in bash but not in the SUSv3 or POSIX shell
 specification.
 .
 Examples:
  '==' in a test, it should use '=' instead
  'read' without a variable in the argument
  'function' to define a function
  'source' instead of '.'
  '. command args', passing arguments to commands via 'source' is not supported
  '{foo,bar}' instead of 'foo bar'
  '[[ test ]]' instead of '[ test ]' (requires a Korn shell)
  'type' instead of 'which' or 'command -v'

Tag: suidregister-used-in-maintainer-script
Severity: important
Certainty: certain
Info: This script calls suidregister, a long-obsolete program that has
 been replaced by dpkg-statoverride.

Tag: maintainer-script-needs-depends-on-update-inetd
Severity: normal
Certainty: certain
Info: This script calls update-inetd, but the package does not depend or
 pre-depend on inet-superserver, any of the providers of inet-superserver
 which provide it, or update-inetd.
 .
 update-inetd has been moved from netbase into a separate package, so a
 dependency on netbase should be updated to depend on "openbsd-inetd |
 inet-superserver".

Tag: maintainer-script-needs-depends-on-adduser
Severity: normal
Certainty: certain
Info: This script calls adduser, but the package does not depend or
 pre-depend on the adduser package.

Tag: maintainer-script-needs-depends-on-gconf2
Severity: normal
Certainty: certain
Info: This script calls gconf-schemas, which comes from the gconf2 package,
 but does not depend or pre-depend on gconf2.  If you are using dh_gconf,
 add a dependency on ${misc:Depends} and dh_gconf will take care of this
 for you.

Tag: maintainer-script-needs-depends-on-ucf
Severity: normal
Certainty: certain
Info: This script calls ucf, but the package does not depend or pre-depend
 on the ucf package.

Tag: maintainer-script-needs-depends-on-xml-core
Severity: normal
Certainty: certain
Info: This script calls update-xmlcatalog, which comes from the xml-core
 package, but does not depend or pre-depend on xml-core.  Packages that call
 update-xmlcatalog need to depend on xml-core.  If you are using
 dh_installxmlcatalogs, add a dependency on ${misc:Depends} and
 dh_installxmlcatalogs will take care of this for you.

Tag: update-alternatives-remove-called-in-postrm
Severity: normal
Certainty: certain
Info: <tt>update-alternatives --remove &lt;alternative&gt; foo</tt> is
 called in the postrm.  This can be dangerous because at the time the
 postrm is executed foo has already been deleted and update-alternatives
 will ignore it while constructing its list of available alternatives.
 Then, if the /etc/alternatives symlink points at foo, update-alternatives
 won't recognize it and will mark the symlink as something site-specific.
 As such, the symlink will no longer be updated automatically and will be
 left dangling until <tt>update-alternatives --auto
 &lt;alternative&gt;</tt> is run by hand.
 .
 <tt>update-alternatives --remove</tt> should be called in the prerm
 instead.
Ref: policy F, update-alternatives(8)

Tag: deprecated-chown-usage
Severity: normal
Certainty: certain
Info: <tt>chown user.group</tt> is called in one of the maintainer
 scripts.  The correct syntax is <tt>chown user:group</tt>. Using "." as a
 separator is still supported by the GNU tools, but it will fail as soon
 as a system uses the "." in user or group names.
Ref: chown(1)

Tag: maintainer-script-hides-init-failure
Severity: normal
Certainty: certain
Info: This script calls invoke-rc.d to run an init script but then, if the
 init script fails, exits successfully (using || exit 0).  If the init
 script fails, the maintainer script should probably fail.
 .
 The most likely cause of this problem is that the package was built with
 a debhelper version suffering from Bug#337664 that inserted incorrect
 invoke-rc.d code in the generated maintainer script. The package needs to
 be reuploaded (could be bin-NMUd, no source changes needed).

Tag: maintainer-script-calls-init-script-directly
Severity: serious
Certainty: certain
Info: This script apparently runs an init script directly rather than
 using invoke-rc.d.  The use of invoke-rc.d to invoke the /etc/init.d/*
 initscripts instead of calling them directly is required.  Maintainer
 scripts may call the init script directly only if invoke-rc.d is not
 available.
Ref: policy 9.3.3.2

Tag: script-calls-init-script-directly
Severity: normal
Certainty: possible
Info: This script apparently runs an init script directly rather than
 using <tt>invoke-rc.d</tt>.  While use of <tt>invoke-rc.d</tt> is only
 required for maintainer scripts, supporting the policy layer that it
 implements is a good idea in any script.
Ref: policy 9.3.3.2

Tag: gconftool-used-in-maintainer-script
Severity: normal
Certainty: possible
Info: This script apparently runs gconftool or gconftool-2.  It should
 probably be calling gconf-schemas or update-gconf-defaults instead.

Tag: maintainer-script-uses-dpkg-status-directly
Severity: important
Certainty: certain
Info: The file /var/lib/dpkg/status is internal to dpkg, may disappear or
 change formats, and is not always a correct and complete record of
 installed packages while dpkg is running.  Maintainer scripts should use
 dpkg-query instead.  For the most common case of retrieving conffile
 information, use:
 .
  dpkg-query -W -f='${Conffiles}' &lt;package&gt;
 .
 instead.
Ref: http://wiki.debian.org/DpkgConffileHandling

Tag: maintainer-script-modifies-netbase-managed-file
Severity: serious
Certainty: certain
Info: The maintainer script modifies at least one of the files
 <tt>/etc/services</tt>, <tt>/etc/protocols</tt>, and <tt>/etc/rpc</tt>,
 which are managed by the netbase package. Instead of doing this, please
 file a wishlist bug against netbase to have an appropriate entry added.
Ref: policy 11.2

Tag: maintainer-script-modifies-inetd-conf
Severity: serious
Certainty: certain
Info: The maintainer script modifies <tt>/etc/inetd.conf</tt> directly.
 This file must not be modified directly; instead, use the
 <tt>update-inetd</tt> script or the <tt>DebianNet.pm</tt> Perl module.
Ref: policy 11.2

Tag: install-sgmlcatalog-deprecated
Severity: important
Certainty: certain
Info: The maintainer script apparently runs install-sgmlcatalog with flags
 other than <tt>--quiet</tt> and <tt>--remove</tt> or in a maintainer
 script other than postinst or prerm.  install-sgmlcatalog is deprecated
 and should only be used in postinst or prerm to remove the entries from
 earlier packages.  Given how long ago this transition was, consider
 removing it entirely.

Tag: maintainer-script-empty
Severity: minor
Certainty: certain
Info: The maintainer script doesn't seem to contain any code other than
 comments and boilerplate (set -e, exit statements, and the case statement
 to parse options).  While this is harmless in most cases, it is probably
 not what you wanted, may mean the package will leave unnecessary files
 behind until purged, and may even lead to problems in rare situations
 where dpkg would fail if no maintainer script was present.
 .
 If the package currently doesn't need to do anything in this maintainer
 script, it shouldn't be included in the package.

Tag: maintainer-script-ignores-errors
Severity: normal
Certainty: certain
Ref: policy 10.4
Info: The maintainer script doesn't seem to set the <tt>-e</tt> flag which
 ensures that the script's execution is aborted when any executed command
 fails.

Tag: maintainer-script-without-set-e
Severity: pedantic
Certainty: certain
Ref: policy 10.4
Info: The maintainer script passes <tt>-e</tt> to the shell on the
 <tt>#!</tt> line rather than using <tt>set -e</tt> in the body of the
 script.  This is fine for normal operation, but if the script is run by
 hand with <tt>sh /path/to/script</tt> (common in debugging), <tt>-e</tt>
 will not be in effect.  It's therefore better to use <tt>set -e</tt> in
 the body of the script.

Tag: command-with-path-in-maintainer-script
Severity: normal
Certainty: certain
Info: The indicated program run in a maintainer script has a prepended
 path.  Programs called from maintainer scripts normally should not have a
 path prepended.  dpkg ensures that the PATH is set to a reasonable value,
 and prepending a path may prevent the local administrator from using a
 replacement version of a command for some local reason.
Ref: policy 6.1

Tag: ancient-dpkg-predepends-check
Severity: minor
Certainty: certain
Info: The package calls dpkg --assert-support-predepends in a maintainer
 script.  This check is obsolete and has always returned true since dpkg
 1.1.0, released 1996-02-11.

Tag: ancient-dpkg-epoch-check
Severity: minor
Certainty: certain
Info: The package calls dpkg --assert-working-epoch in a maintainer
 script.  This check is obsolete and has always returned true since dpkg
 1.4.0.7, released 1997-01-25.

Tag: ancient-dpkg-long-filenames-check
Severity: minor
Certainty: certain
Info: The package calls dpkg --assert-long-filenames in a maintainer
 script.  This check is obsolete and has always returned true since dpkg
 1.4.1.17, released 1999-10-21.

Tag: ancient-dpkg-multi-conrep-check
Severity: minor
Certainty: certain
Info: The package calls dpkg --assert-multi-conrep in a maintainer
 script.  This check is obsolete and has always returned true since dpkg
 1.4.1.19, released 1999-10-30.

Tag: package-uses-local-diversion
Severity: serious
Certainty: certain
Info: The maintainer script calls dpkg-divert with <tt>--local</tt> or
 without <tt>--package</tt>.  This option is reserved for local
 administrators and must never be used by a Debian package.

Tag: diversion-for-unknown-file
Severity: important
Certainty: certain
Info: The maintainer script adds a diversion for a file that is not
 provided by this package.

Tag: orphaned-diversion
Severity: important
Certainty: certain
Info: A diversion was added for the file, but not removed. This means
 your package doesn't restore the previous state after removal.

Tag: remove-of-unknown-diversion
Severity: important
Certainty: certain
Info: The maintainer script removes a diversion that it didn't add.  If
 you're cleaning up unnecessary diversions from older versions of the
 package, remove them in <tt>preinst</tt> or <tt>postinst</tt> instead of
 waiting for <tt>postrm</tt> to do it.