Check-Script: binaries Author: Christian Schwarz Abbrev: bin Type: binary, udeb Unpack-Level: 1 Needs-Info: objdump-info, file-info, strings Info: This script checks binaries and object files for bugs. Tag: arch-independent-package-contains-binary-or-object Severity: serious Certainty: possible Info: The package contains a binary or object file but is tagged Architecture: all. . If this package contains binaries or objects for cross-compiling or binary blobs for other purposes independent of the host architecture (such as BIOS updates or firmware), please add a Maemian override. Tag: unstripped-binary-or-object Severity: important Certainty: certain Ref: policy 10.1, policy 10.2 Info: The package installs an unstripped binary or object file. . Please note, that shared libraries have to be stripped with the --strip-unneeded option. Tag: library-in-debug-or-profile-should-not-be-stripped Severity: important Certainty: certain Info: Libraries in .../lib/debug or in .../lib/profile usually should not be stripped. Tag: statically-linked-binary Severity: important Certainty: possible Info: The package installs a statically linked binary or object file. . Usually this is a bug. Otherwise, please install an override if your package is an exception. Note that binaries named *-static and *.static are already excluded, just as any binaries in packages named *-static. Tag: library-not-linked-against-libc Severity: minor Certainty: certain Info: The package installs a library which is not dynamically linked against libc. Tag: program-not-linked-against-libc Severity: minor Certainty: certain Info: The package installs a binary which is not dynamically linked against libc. Tag: binary-or-shlib-defines-rpath Severity: normal Certainty: certain Ref: http://wiki.debian.org/RpathIssue Info: The binary or shared library sets RPATH. This overrides the normal library search path, possibly interfering with local policy and causing problems for multilib, among other issues. . The only time a binary or shared library in a Debian package should set RPATH is if it is linked to private shared libraries in the same package. In that case, place those private shared libraries in /usr/lib/package. Libraries used by binaries in other packages should be placed in /lib or /usr/lib as appropriate, with a proper SONAME, in which case RPATH is unnecessary. . To fix this problem, look for link lines like: gcc test.o -o test -Wl,--rpath,/usr/local/lib or gcc test.o -o test -R/usr/local/lib and remove the -Wl,--rpath or -R argument. You can also use the chrpath utility to remove the RPATH. Tag: binary-has-unneeded-section Severity: wishlist Certainty: certain Info: The binary or shared library is stripped, but still contains a section that is not useful. You should call strip with --remove-section=.comment --remove-section=.note to remove the .note and .comment sections. . dh_strip will do this automatically for you, but install -s not because it calls strip without any arguments. Tag: missing-depends-line Severity: normal Certainty: certain Info: The package contains an ELF binary with dynamic dependencies, but does not have a Depends line in its control file. This usually means that a call to dpkg-shlibdeps is missing from the package's debian/rules file. Tag: shared-lib-without-dependency-information Severity: normal Certainty: certain Info: The listed shared library doesn't include information about which other libraries the library was linked against. (When running "ldd foo.so" ldd should report about these other libraries. In your case, ldd just reports "statically linked".) . To fix this, you should explicitly specify the libraries which are used (e.g., "-lc") when building the shared library with "ld". . If you have questions about this, please contact &debdev;. Tag: arch-dependent-file-in-usr-share Severity: important Certainty: certain Ref: fhs usrsharearchitectureindependentdata Info: This package installs an ELF binary in the /usr/share hierarchy, which is reserved for architecture-independent files. Tag: binary-in-etc Severity: important Certainty: certain Ref: fhs etchostspecificsystemconfiguration Info: This package installs an ELF binary in /etc. The Filesystem Hierarchy Standard forbids this. Tag: binary-compiled-with-profiling-enabled Severity: normal Certainty: certain Info: While profiling is useful for testing and debugging purposes, enabling it causes a program to leave gmon.out files whenever a user runs it. Tag: binary-file-compressed-with-upx Severity: important Certainty: certain Info: Debian does not allow binaries to be compressed by UPX. Tag: package-name-doesnt-match-sonames Severity: normal Certainty: possible Info: The package name of a library package should usually reflect the soname of the included library. The package name can determined from the library file name with the following code snippet: . $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | sed -e's/\([0-9]\)\.so\./\1-/; s/\.so\.//' Ref: libpkg-guide 5 Tag: binary-with-bad-dynamic-table Severity: important Certainty: possible Info: This appears to be an ELF file but objdump -T cannot parse it. If it is external debugging symbols for another file, it should be installed under /usr/lib/debug. Tag: apparently-corrupted-elf-binary Severity: normal Certainty: possible Info: This appears to be an ELF file but objdump -T doesn't recognize it as valid. This may be a mistake or a corrupted file, you may need to install binutils-multiarch on the system running lintian so that non-native binaries are handled correctly, or it may be a misidentification of a file as ELF that actually isn't. Tag: apparently-truncated-elf-binary Severity: normal Certainty: possible Info: This appears to be an ELF file, but objdump believes it is truncated. This may be a mistake or a corrupted file, or it may be a misidentification of a file as ELF that actually isn't. Tag: missing-dependency-on-libc Severity: serious Certainty: certain Ref: policy 8.6 Info: The listed file appears to be linked against the C library, but the package doesn't depend on the C library package. Normally this indicates that ${shlibs:Depends} was omitted from the Depends line for this package in debian/control. . All shared libraries and compiled binaries must be run through dpkg-shlibdeps to find out any libraries they are linked against (often via the dh_shlibdeps debhelper command). The package containing these files must then depend on ${shlibs:Depends} in debian/control to get the proper package dependencies for those libraries. Tag: missing-dependency-on-perlapi Severity: serious Certainty: certain Ref: perl-policy 4.4.2 Info: This package includes a *.so file in /usr/lib/perl5, normally indicating that it includes a binary Perl module. Binary Perl modules must depend on perlapi-$Config{version} (from the Config module). If the package is using debhelper, this problem is usually due to a missing dh_perl call in debian/rules or a missing ${perl:Depends} substitution variable in the Depends line in debian/control. Tag: debug-file-should-use-detached-symbols Severity: normal Certainty: certain Ref: devref 6.7.9 Info: This file is in a location generally used for detached debugging symbols, but it appears to contain a complete copy of the executable or library instead of only the debugging symbols. Files in subdirectories of /usr/lib/debug mirroring the main file system should contain only debugging information generated by objcopy --only-keep-debug. Binaries or shared objects built with extra debugging should be installed directly in /usr/lib/debug or in subdirectories corresponding to the package, not in the directories that mirror the main file system. . If you are using dh_strip with the --dbg-package flag, don't also install the library in /usr/lib/debug. dh_strip does all the work for you. Tag: binary-from-other-architecture Severity: serious Certainty: possible Info: This ELF binary appears to have been built for an architecture other than the one of the binary package being tested. This may occur when a pre-built binary is shipped in the package or when an attempt to cross-compile didn't work. Tag: spelling-error-in-binary Severity: normal Certainty: wild-guess Experimental: yes Info: Maemian found a spelling error in the given binary. Maemian has a list of common misspellings that it looks for. It does not have a dictionary like a spelling checker does. For Maemian's convenience all words are normalised to lower case. . If the string containing the spelling error is translated with the help of gettext or a similar tool, please fix the error in the translations as well as the English text to avoid making the translations fuzzy. With gettext, for example, this means you should also fix the spelling mistake in the corresponding msgids in the *.po files. . To find the original word you can run: . strings <binary> | grep -i <word> . You can often find the word in the source code by running: . grep -r '\b<original-word>\b' <source-tree> Tag: embedded-zlib Severity: important Certainty: certain Info: The given ELF object appears to have been statically linked to zlib. Doing this is discouraged due to the extra work needed by the security team to fix all the extra embedded copies or trigger the package rebuilds, as appropriate.