2 Author: Richard Braakman <dark@xs4all.nl>
6 Info: This script checks the #! lines of scripts in a package.
7 Needs-Info: file-info, scripts
9 Tag: script-without-interpreter
12 Info: This file starts with the #! sequence that identifies scripts, but
13 it does not name an interpreter.
15 Tag: executable-not-elf-or-script
18 Info: This executable file is not an ELF format binary, and does not start
19 with the #! sequence that marks interpreted scripts. It might be a sh script
20 that fails to name /bin/sh as its shell.
23 Tag: script-not-executable
26 Info: This file starts with the #! sequence that marks interpreted scripts,
27 but it is not executable.
29 Tag: interpreter-not-absolute
32 Info: This script uses a relative path to locate its interpreter.
33 This path will be taken relative to the caller's current directory, not
34 the script's, so it is not likely to be what was intended.
36 Tag: unusual-interpreter
39 Info: This package contains a script for an interpreter that the Maemian
40 maintainers have not heard of. It could be a typo for a common
41 interpreter. If not, please file a wishlist bug on lintian so that the
42 Maemian maintainers can add this interpreter to their list.
44 Tag: script-uses-bin-env
47 Info: This script uses /bin/env as its interpreter (used to find the
48 actual interpreter on the user's path). There is no /bin/env on Debian
49 systems; env is instead installed as /usr/bin/env. Usually, the path to
50 env in the script should be changed.
52 Tag: forbidden-config-interpreter
55 Info: This package contains a <tt>config</tt> script for pre-configuring
56 the package. During pre-configuration, however, only essential packages
57 are guaranteed to be installed, so you cannot use a non-essential
60 Tag: forbidden-postrm-interpreter
63 Info: This package contains a <tt>postrm</tt> maintainer script that uses
64 an interpreter that isn't essential. The <tt>purge</tt> action of
65 <tt>postrm</tt> can only rely on essential packages, which means the
66 interpreter used by <tt>postrm</tt> must be one of the essential ones
67 (<tt>sh</tt>, <tt>bash</tt>, or <tt>perl</tt>).
70 Tag: unusual-control-interpreter
73 Info: This package contains a control script for an interpreter that is
74 not normally used for control scripts. This is permissible but not
75 recommended. It makes it harder for other developers to understand your
78 Tag: unknown-control-interpreter
81 Info: This package contains a maintainer script that uses an interpreter
82 that the Maemian maintainers have not heard of. This is usually a typo
83 for a common interpreter. If not, please file a wishlist bug on lintian
84 so that the Maemian maintainers can add this interpreter to their list.
86 Tag: interpreter-in-usr-local
89 Info: This package contains a script that looks for an interpreter in a
90 directory in /usr/local. Since Debian does not install anything in
91 /usr/local, this is the wrong place to look.
93 Tag: control-interpreter-in-usr-local
96 Info: A control script for this package references an interpreter in a
97 directory in <tt>/usr/local</tt>. Control scripts must use interpreters
98 provided by Debian packages, and Debian packages do not install anything
99 in <tt>/usr/local</tt>.
101 Tag: preinst-interpreter-without-predepends
104 Info: The package contains a <tt>preinst</tt> maintainer script that uses
105 an unusual and non-essential interpreter but does not declare a
106 pre-dependency on the package that provides this interpreter.
108 <tt>preinst</tt> scripts should be written using only essential
109 interpreters to avoid additional dependency complexity. Please do not
110 add a pre-dependency without following the policy for doing so (Policy
114 Tag: control-interpreter-without-depends
117 Info: The package contains a maintainer script that uses an unusual and
118 non-essential interpreter but does not declare a dependency on the
119 package that provides this interpreter.
122 Tag: missing-dep-for-interpreter
125 Info: You used an interpreter for a script that is not in an essential
126 package. In most cases, you will need to add a Dependency on the
127 package that contains the interpreter. If the dependency is already
128 present, please file a bug against Maemian with the details of your
129 package so that its database can be updated.
131 In some cases a weaker relationship, such as Suggests or Recommends, will
134 Tag: csh-considered-harmful
137 Info: The Debian policy for scripts explicitly warns against using csh
138 and tcsh as scripting languages.
141 Tag: suid-perl-script-but-no-perl-suid-dep
144 Info: Packages that use perl scripts that are suid must depend on the
147 In some cases a weaker relationship, such as Suggests or Recommends, will
150 Tag: wrong-path-for-interpreter
153 Info: The interpreter you used is installed at another location on Debian
156 Tag: gawk-script-but-no-gawk-dep
159 Info: Packages that use gawk scripts must depend on the gawk package.
160 If they don't need gawk-specific features, and can just as easily work
161 with mawk, then they should be awk scripts instead.
163 In some cases a weaker relationship, such as Suggests or Recommends, will
166 Tag: mawk-script-but-no-mawk-dep
169 Info: Packages that use mawk scripts must depend on the mawk package.
170 If they don't need mawk-specific features, and can just as easily work
171 with gawk, then they should be awk scripts instead.
173 In some cases a weaker relationship, such as Suggests or Recommends, will
176 Tag: php-script-but-no-phpX-cli-dep
179 Info: Packages with PHP scripts must depend on a phpX-cli package such as
180 php5-cli. Note that a dependency on a php-cgi package (such as php5-cgi)
181 is needlessly strict and forces the user to install a package that isn't
184 In some cases a weaker relationship, such as Suggests or Recommends, will
187 Maemian can only recognize phpX-cli dependencies for values of X that it
188 knows are available in the archive. You will get this warning if you
189 allow, as alternatives, versions of PHP that are so old they're not
190 available in stable. The correct fix in those cases is probably to drop
191 the old alternative. If this package depends on a newer php-cli package
192 that Maemian doesn't know about, please file a bug against Maemian so
193 that it can be updated.
195 Tag: python-script-but-no-python-dep
198 Info: Packages with Python scripts must depend on the package python.
199 Those that have scripts executed with a versioned python package need a
200 dependency on the equivalent version of python.
202 For example, if a script in the package uses <tt>#!/usr/bin/python</tt>,
203 the package needs a dependency on "python". If a script uses
204 <tt>#!/usr/bin/python2.5</tt>, the package need a dependency on
207 In some cases a weaker relationship, such as Suggests or Recommends, will
210 Tag: ruby-script-but-no-ruby-dep
213 Info: Packages with Ruby scripts must depend on the package ruby. Those
214 that have Ruby scripts that run under a specific version of Ruby need a
215 dependency on the equivalent version of Ruby.
217 For example, if a script in the package uses <tt>#!/usr/bin/ruby</tt>,
218 the package needs a dependency on "ruby". If a script uses
219 <tt>#!/usr/bin/ruby1.9</tt>, then the package need a dependency on
222 In some cases a weaker relationship, such as Suggests or Recommends, will
225 Tag: wish-script-but-no-wish-dep
228 Info: Packages that include wish scripts must depend on the virtual
229 package wish or, if they require a specific version of wish or tk, that
232 In some cases a weaker relationship, such as Suggests or Recommends, will
235 Tag: tclsh-script-but-no-tclsh-dep
238 Info: Packages that include tclsh scripts must depend on the virtual
239 package tclsh or, if they require a specific version of tcl, that
242 In some cases a weaker relationship, such as Suggests or Recommends, will
245 Tag: calls-suidperl-directly
248 Info: Since perl version 5.8.3-3, /usr/bin/suidperl shouldn't be called
249 directly anymore (and doing so will lead to errors in most cases) but the
250 script should just use /usr/bin/perl as interpreter which will call
251 suidperl automatically if the script has the suid permission bit set.
253 Tag: shell-script-fails-syntax-check
256 Info: Running this shell script with the shell's -n option set fails,
257 which means that the script has syntax errors.
259 Run e.g. <tt>sh -n yourscript</tt> to see the errors yourself.
261 Tag: maintainer-shell-script-fails-syntax-check
264 Info: Running this shell script with the shell's -n option set fails,
265 which means that the script has syntax errors. This will likely make
266 the package uninstallable.
268 Run e.g. <tt>sh -n yourscript</tt> to see the errors yourself.
270 Tag: possibly-insecure-handling-of-tmp-files-in-maintainer-script
273 Info: The maintainer script seems to access a file in <tt>/tmp</tt> or
274 some other temporary directory. Since creating temporary files in a
275 world-writable directory is very dangerous, this is likely to be a
276 security bug. Use the <tt>tempfile</tt> or <tt>mktemp</tt> utilities to
277 create temporary files in these directories.
280 Tag: killall-is-dangerous
283 Info: The maintainer script seems to call <tt>killall</tt>. Since this
284 utility kills processes by name, it may well end up killing unrelated
285 processes. Most uses of <tt>killall</tt> should use <tt>invoke-rc.d</tt>
288 Tag: mknod-in-maintainer-script
292 Info: Maintainer scripts must not create device files directly. They
293 should call MAKEDEV instead.
295 Tag: start-stop-daemon-in-maintainer-script
298 Info: The maintainer script seems to call <tt>start-stop-daemon</tt>
299 directly. Long-running daemons should be started and stopped via init
300 scripts using <tt>invoke-rc.d</tt> rather than directly in maintainer
304 Tag: maintainer-script-removes-device-files
308 Info: Maintainer scripts must not remove device files. This is left to
309 the system administrator.
311 Tag: read-in-maintainer-script
315 Info: This maintainer script appears to use read to get information from
316 the user. Prompting in maintainer scripts should be done by
317 communicating through a program such as debconf which conforms to the
318 Debian Configuration management specification, version 2 or higher.
320 Tag: possible-bashism-in-maintainer-script
324 Info: This script is marked as running under <tt>/bin/sh</tt>, but it seems
325 to use a feature found in bash but not in the SUSv3 or POSIX shell
329 '==' in a test, it should use '=' instead
330 'read' without a variable in the argument
331 'function' to define a function
332 'source' instead of '.'
333 '. command args', passing arguments to commands via 'source' is not supported
334 '{foo,bar}' instead of 'foo bar'
335 '[[ test ]]' instead of '[ test ]' (requires a Korn shell)
336 'type' instead of 'which' or 'command -v'
338 Tag: suidregister-used-in-maintainer-script
341 Info: This script calls suidregister, a long-obsolete program that has
342 been replaced by dpkg-statoverride.
344 Tag: maintainer-script-needs-depends-on-update-inetd
347 Info: This script calls update-inetd, but the package does not depend or
348 pre-depend on inet-superserver, any of the providers of inet-superserver
349 which provide it, or update-inetd.
351 update-inetd has been moved from netbase into a separate package, so a
352 dependency on netbase should be updated to depend on "openbsd-inetd |
355 Tag: maintainer-script-needs-depends-on-adduser
358 Info: This script calls adduser, but the package does not depend or
359 pre-depend on the adduser package.
361 Tag: maintainer-script-needs-depends-on-gconf2
364 Info: This script calls gconf-schemas, which comes from the gconf2 package,
365 but does not depend or pre-depend on gconf2. If you are using dh_gconf,
366 add a dependency on ${misc:Depends} and dh_gconf will take care of this
369 Tag: maintainer-script-needs-depends-on-ucf
372 Info: This script calls ucf, but the package does not depend or pre-depend
375 Tag: maintainer-script-needs-depends-on-xml-core
378 Info: This script calls update-xmlcatalog, which comes from the xml-core
379 package, but does not depend or pre-depend on xml-core. Packages that call
380 update-xmlcatalog need to depend on xml-core. If you are using
381 dh_installxmlcatalogs, add a dependency on ${misc:Depends} and
382 dh_installxmlcatalogs will take care of this for you.
384 Tag: update-alternatives-remove-called-in-postrm
387 Info: <tt>update-alternatives --remove <alternative> foo</tt> is
388 called in the postrm. This can be dangerous because at the time the
389 postrm is executed foo has already been deleted and update-alternatives
390 will ignore it while constructing its list of available alternatives.
391 Then, if the /etc/alternatives symlink points at foo, update-alternatives
392 won't recognize it and will mark the symlink as something site-specific.
393 As such, the symlink will no longer be updated automatically and will be
394 left dangling until <tt>update-alternatives --auto
395 <alternative></tt> is run by hand.
397 <tt>update-alternatives --remove</tt> should be called in the prerm
399 Ref: policy F, update-alternatives(8)
401 Tag: deprecated-chown-usage
404 Info: <tt>chown user.group</tt> is called in one of the maintainer
405 scripts. The correct syntax is <tt>chown user:group</tt>. Using "." as a
406 separator is still supported by the GNU tools, but it will fail as soon
407 as a system uses the "." in user or group names.
410 Tag: maintainer-script-hides-init-failure
413 Info: This script calls invoke-rc.d to run an init script but then, if the
414 init script fails, exits successfully (using || exit 0). If the init
415 script fails, the maintainer script should probably fail.
417 The most likely cause of this problem is that the package was built with
418 a debhelper version suffering from Bug#337664 that inserted incorrect
419 invoke-rc.d code in the generated maintainer script. The package needs to
420 be reuploaded (could be bin-NMUd, no source changes needed).
422 Tag: maintainer-script-calls-init-script-directly
425 Info: This script apparently runs an init script directly rather than
426 using invoke-rc.d. The use of invoke-rc.d to invoke the /etc/init.d/*
427 initscripts instead of calling them directly is required. Maintainer
428 scripts may call the init script directly only if invoke-rc.d is not
432 Tag: script-calls-init-script-directly
435 Info: This script apparently runs an init script directly rather than
436 using <tt>invoke-rc.d</tt>. While use of <tt>invoke-rc.d</tt> is only
437 required for maintainer scripts, supporting the policy layer that it
438 implements is a good idea in any script.
441 Tag: gconftool-used-in-maintainer-script
444 Info: This script apparently runs gconftool or gconftool-2. It should
445 probably be calling gconf-schemas or update-gconf-defaults instead.
447 Tag: maintainer-script-uses-dpkg-status-directly
450 Info: The file /var/lib/dpkg/status is internal to dpkg, may disappear or
451 change formats, and is not always a correct and complete record of
452 installed packages while dpkg is running. Maintainer scripts should use
453 dpkg-query instead. For the most common case of retrieving conffile
456 dpkg-query -W -f='${Conffiles}' <package>
459 Ref: http://wiki.debian.org/DpkgConffileHandling
461 Tag: maintainer-script-modifies-netbase-managed-file
464 Info: The maintainer script modifies at least one of the files
465 <tt>/etc/services</tt>, <tt>/etc/protocols</tt>, and <tt>/etc/rpc</tt>,
466 which are managed by the netbase package. Instead of doing this, please
467 file a wishlist bug against netbase to have an appropriate entry added.
470 Tag: maintainer-script-modifies-inetd-conf
473 Info: The maintainer script modifies <tt>/etc/inetd.conf</tt> directly.
474 This file must not be modified directly; instead, use the
475 <tt>update-inetd</tt> script or the <tt>DebianNet.pm</tt> Perl module.
478 Tag: install-sgmlcatalog-deprecated
481 Info: The maintainer script apparently runs install-sgmlcatalog with flags
482 other than <tt>--quiet</tt> and <tt>--remove</tt> or in a maintainer
483 script other than postinst or prerm. install-sgmlcatalog is deprecated
484 and should only be used in postinst or prerm to remove the entries from
485 earlier packages. Given how long ago this transition was, consider
486 removing it entirely.
488 Tag: maintainer-script-empty
491 Info: The maintainer script doesn't seem to contain any code other than
492 comments and boilerplate (set -e, exit statements, and the case statement
493 to parse options). While this is harmless in most cases, it is probably
494 not what you wanted, may mean the package will leave unnecessary files
495 behind until purged, and may even lead to problems in rare situations
496 where dpkg would fail if no maintainer script was present.
498 If the package currently doesn't need to do anything in this maintainer
499 script, it shouldn't be included in the package.
501 Tag: maintainer-script-ignores-errors
505 Info: The maintainer script doesn't seem to set the <tt>-e</tt> flag which
506 ensures that the script's execution is aborted when any executed command
509 Tag: maintainer-script-without-set-e
513 Info: The maintainer script passes <tt>-e</tt> to the shell on the
514 <tt>#!</tt> line rather than using <tt>set -e</tt> in the body of the
515 script. This is fine for normal operation, but if the script is run by
516 hand with <tt>sh /path/to/script</tt> (common in debugging), <tt>-e</tt>
517 will not be in effect. It's therefore better to use <tt>set -e</tt> in
518 the body of the script.
520 Tag: command-with-path-in-maintainer-script
523 Info: The indicated program run in a maintainer script has a prepended
524 path. Programs called from maintainer scripts normally should not have a
525 path prepended. dpkg ensures that the PATH is set to a reasonable value,
526 and prepending a path may prevent the local administrator from using a
527 replacement version of a command for some local reason.
530 Tag: ancient-dpkg-predepends-check
533 Info: The package calls dpkg --assert-support-predepends in a maintainer
534 script. This check is obsolete and has always returned true since dpkg
535 1.1.0, released 1996-02-11.
537 Tag: ancient-dpkg-epoch-check
540 Info: The package calls dpkg --assert-working-epoch in a maintainer
541 script. This check is obsolete and has always returned true since dpkg
542 1.4.0.7, released 1997-01-25.
544 Tag: ancient-dpkg-long-filenames-check
547 Info: The package calls dpkg --assert-long-filenames in a maintainer
548 script. This check is obsolete and has always returned true since dpkg
549 1.4.1.17, released 1999-10-21.
551 Tag: ancient-dpkg-multi-conrep-check
554 Info: The package calls dpkg --assert-multi-conrep in a maintainer
555 script. This check is obsolete and has always returned true since dpkg
556 1.4.1.19, released 1999-10-30.
558 Tag: package-uses-local-diversion
561 Info: The maintainer script calls dpkg-divert with <tt>--local</tt> or
562 without <tt>--package</tt>. This option is reserved for local
563 administrators and must never be used by a Debian package.
565 Tag: diversion-for-unknown-file
568 Info: The maintainer script adds a diversion for a file that is not
569 provided by this package.
571 Tag: orphaned-diversion
574 Info: A diversion was added for the file, but not removed. This means
575 your package doesn't restore the previous state after removal.
577 Tag: remove-of-unknown-diversion
580 Info: The maintainer script removes a diversion that it didn't add. If
581 you're cleaning up unnecessary diversions from older versions of the
582 package, remove them in <tt>preinst</tt> or <tt>postinst</tt> instead of
583 waiting for <tt>postrm</tt> to do it.