Check-Script: cruft Author: Sean 'Shaleh' Perry Abbrev: deb Type: source Unpack-Level: 2 Info: This looks for cruft in Debian packaging or upstream source Needs-Info: debfiles, diffstat, file-info Tag: native-package-with-dash-version Severity: normal Certainty: certain Info: Native packaging should only be used if a piece of software was written specifically to be turned into a Debian package. In this case, the version number should not contain a Debian revision part. . Native source packages are sometimes created by accident. In most cases the reason is the location of the original source tarball. dpkg-source searches for this in ../package_upstream-version.orig.tar.gz. Tag: documentation-package-not-architecture-independent Severity: normal Certainty: certain Info: Documentation packages usually shouldn't carry anything that requires recompiling on various architectures, in order to save space on mirrors. Tag: debian-files-list-in-source Severity: important Certainty: certain Info: Leaving debian/files causes problems for the autobuilders, since that file will likely include the list of .deb files for another architecture, which will cause dpkg-buildpackage run by the buildd to fail. . The clean rule for the package should remove this file. Ref: policy 4.12 Tag: diff-contains-cmake-cache-file Severity: serious Certainty: possible Info: The Debian diff contains a CMake cache file. These files embed the full path of the source tree in which they're created and cause build failures if they exist when the source is built under a different path, so they will always cause errors on the buildds. The file was probably accidentally included. If it is present in the upstream source, don't modify it in the Debian diff; instead, delete it before the build in debian/rules. Tag: diff-contains-cvs-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a CVS directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. Passing -i to dpkg-buildpackage or the equivalent will automatically exclude them. Tag: source-contains-cvs-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a CVS directory. It was most likely included by accident since CVS directories usually don't belong in releases. When packaging a CVS snapshot, export from CVS rather than use a checkout. If an upstream release tarball contains CVS directories, you usually should report this as a bug to upstream. Tag: diff-contains-svn-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in an .svn directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. Passing -i to dpkg-buildpackage or the equivalent will automatically exclude them. Tag: source-contains-svn-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains an .svn directory. It was most likely included by accident since Subversion version control directories usually don't belong in releases. When packaging a Subversion snapshot, export from subversion rather than checkout. If an upstream release tarball contains .svn directories, this should be reported as a bug to upstream since it can double the size of the tarball to no purpose. Tag: diff-contains-bzr-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a .bzr directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. Passing -i to dpkg-buildpackage or the equivalent will automatically exclude them. Tag: source-contains-bzr-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a .bzr directory. It was most likely included by accident since bazaar-ng version control directories usually don't belong in releases and may contain the entire repository. When packaging a bzr snapshot, use bzr export to create a clean tree. If an upstream release tarball contains .bzr directories, you should usually report this as a bug upstream. Tag: diff-contains-arch-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in an {arch} or .arch-ids directory or a directory starting with ,, (used by baz for debugging traces). These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. Passing -i to dpkg-buildpackage or the equivalent will automatically exclude them. Tag: source-contains-arch-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains an {arch} or .arch-ids directory or a directory starting with ,, (used by baz for debugging traces). It was most likely included by accident since Arch version control directories usually don't belong in releases. If an upstream release tarball contains these directories, you should usually report this as a bug upstream. Tag: diff-contains-git-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a .git directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. Passing -i to dpkg-buildpackage or the equivalent will automatically exclude them. Tag: source-contains-git-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a .git directory. It was most likely included by accident since git version control directories usually don't belong in releases and may contain a complete copy of the repository. If an upstream release tarball contains .git directories, you should usually report this as a bug upstream. Tag: diff-contains-hg-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a .hg directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. Passing -i to dpkg-buildpackage or the equivalent will automatically exclude them. Tag: source-contains-hg-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a .hg directory. It was most likely included by accident since hg version control directories usually don't belong in releases and may contain a complete copy of the repository. If an upstream release tarball contains .hg directories, you should usually report this as a bug upstream. Tag: diff-contains-bts-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a directory used by a bug tracking system, which are not useful in a diff or native package. Passing -i to dpkg-buildpackage or the equivalent will automatically exclude them. Tag: source-contains-bts-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a directory used by a bug tracking system. It was most likely included by accident since bug tracking system directories usually don't belong in releases. Tag: diff-contains-svn-commit-file Severity: minor Certainty: certain Info: The Debian diff or native package contains an svn-commit(.NNN).tmp, almost certainly a left-over from a failed Subversion commit by the Debian package maintainer. Tag: source-contains-svn-commit-file Severity: pedantic Certainty: certain Info: The upstream source contains an svn-commit(.NNN).tmp, almost certainly a left-over from a failed Subversion commit. You may want to report this as an upstream bug. Tag: diff-contains-svk-commit-file Severity: minor Certainty: certain Info: The Debian diff or native package contains an svk-commitNNN.tmp, almost certainly a left-over from a failed svk commit by the Debian package maintainer. Tag: source-contains-svk-commit-file Severity: pedantic Certainty: certain Info: The upstream source contains an svk-commitNNN.tmp, almost certainly a left-over from a failed Subversion commit. You may want to report this as an upstream bug. Tag: diff-contains-arch-inventory-file Severity: normal Certainty: certain Info: The Debian diff or native package contains an .arch-inventory file. This is Arch metadata that should normally not be distributed. Tag: source-contains-arch-inventory-file Severity: pedantic Certainty: certain Info: The upstream source contains an .arch-inventory file. This is Arch metadata that should normally not be distributed. You may want to report this as an upstream bug. Tag: diff-contains-hg-tags-file Severity: normal Certainty: certain Info: The Debian diff or native package contains an .htgags file. This file is Mercurial metadata that should normally not be distributed. It stores hashes of tagged commits in a Mercurial repository and isn't therefore useful without the repository. Tag: source-contains-hg-tags-file Severity: pedantic Certainty: certain Info: The upstream source contains an .htgags file. This file is Mercurial metadata that should normally not be distributed. It stores hashes of tagged commits in a Mercurial repository and isn't therefore useful without the repository. You may want to report this as an upstream bug. Tag: diff-contains-cvs-conflict-copy Severity: normal Certainty: certain info: The Debian diff or native package contains a CVS conflict copy. These have file names like .#file.version and are generated by CVS when a conflict was detected when merging local changes with updates from a source repository. They're useful only while resolving the conflict and should not be included in the package. Tag: source-contains-cvs-conflict-copy Severity: pedantic Certainty: certain info: The upstream source contains a CVS conflict copy. These have file names like .#file.version and are generated by CVS when a conflict was detected when merging local changes with updates from a source repository. They're useful only while resolving the conflict and were probably included by accident. You may want to report this as an upstream bug. Tag: diff-contains-svn-conflict-file Severity: normal Certainty: certain info: The Debian diff or native package contains a file that looks like a Subversion conflict file. These are generated by Subversion when a conflict was detected while merging local changes with updates from a source repository. Use svn resolved to remove them and clear the Subversion conflict state after you have resolved the conflict. Tag: source-contains-svn-conflict-file Severity: pedantic Certainty: certain info: The upstream source contains a file that looks like a Subversion conflict file. These are generated by Subversion when a conflict was detected while merging local changes with updates from a source repository. They're useful only while resolving the conflict and were probably included by accident. You may want to report this as an upstream bug. Tag: diff-contains-patch-failure-file Severity: normal Certainty: possible Info: The Debian diff or native package contains a file that looks like the files left behind by the patch utility when it cannot completely apply a diff. This may be left over from a patch applied by the maintainer. Normally such files should not be included in the package. Tag: diff-contains-editor-backup-file Severity: minor Certainty: certain Info: The Debian diff or native package contains a file ending in ~ or of the form .xxx.swp, which is normally either an Emacs or vim backup file or a backup file created by programs such as autoheader or debconf-updatepo. This usually causes no harm, but it's messy and bloats the size of the Debian diff to no useful purpose. Tag: diff-contains-substvars Severity: normal Certainty: certain Info: Maemian found a substvars file in the Debian diff for this source package. The debian/substvars file is usually generated and modified dynamically by debian/rules targets, in which case it must be removed by the clean target. Ref: policy 4.9 Tag: empty-debian-diff Severity: normal Certainty: possible Info: The Debian diff of this non-native package appears to be completely empty. This usually indicates a mistake when generating the upstream tarball, or it may mean that this was intended to be a native package and was built non-native by mistake. . If the Debian packaging is maintained in conjunction with upstream, this may be intentional, but it's not recommended best practice. If the software is only for Debian, it should be a native package; otherwise, it's better to omit the debian directory from upstream releases and add it in the Debian diff. Otherwise, it can cause problems for some package updates in Debian (files can't be removed from the debian directory via the diff, for example). Tag: configure-generated-file-in-source Severity: normal Certainty: possible Info: Leaving config.cache/status causes autobuilders problems. config.cache and config.status are produced by GNU autoconf's configure scripts. If they are left in the source package, autobuilders may pick up settings for the wrong architecture. . The clean rule in debian/rules should remove this file. This should ideally be done by fixing the upstream build system to do it when you run the appropriate cleaning command (and don't forget to forward the fix to the upstream authors so it doesn't happen in the next release). If that is already implemented, then make sure you are indeed cleaning it in the clean rule. If all else fails, a simple rm -f should work. . Note that Maemian cannot reliably detect the removal in the clean rule, so once you fix this, please ignore or override this warning. Tag: ancient-autotools-helper-file Severity: important Certainty: possible Info: The referenced file has a time stamp older than year 2004 and the package does not build-depend on autotools-dev or automake and therefore apparently does not update it. This usually means that the source package will not build correctly on all currently released architectures. . Read /usr/share/doc/autotools-dev/README.Debian.gz (from the autotools-dev package) for information on how to fix this problem. cdbs will automatically update these files if autotools-dev is installed during build, but the build dependency on autotools-dev is still necessary. Tag: outdated-autotools-helper-file Severity: normal Certainty: possible Info: The referenced file has a time stamp older than June of 2006 and the package does not build-depend on autotools-dev or automake and therefore apparently does not update it. This usually means that the source package will not build correctly on AVR32, for which a Debian port is currently in progress, and may not support other newer architectures. . Read /usr/share/doc/autotools-dev/README.Debian.gz (from the autotools-dev package) for information on how to fix this problem. cdbs will automatically update these files if autotools-dev is installed during build, but the build dependency on autotools-dev is still necessary. Tag: ancient-libtool Severity: normal Certainty: possible Info: The referenced file seems to be from a libtool version older than 1.5.2-2. This might lead to build errors on some newer architectures not known to this libtool. . Please ask your upstream maintainer to re-libtoolize the package or do it yourself in case there is no active upstream anymore. Beware that might mean you need to update autoconf, too, if you use a very old version there as well. . If you have not updated the file but fixed architecture-specific issues with minimal patches and verified that it builds correctly please override this tag. lintian will not be able to verify that. Tag: source-contains-prebuilt-binary Severity: pedantic Certainty: certain Info: The source tarball contains a prebuilt ELF object. They are usually left by mistake when generating the tarball by not cleaning the source directory first. You may want to report this as an upstream bug, in case there is no sign that this was intended. Tag: source-contains-prebuilt-windows-binary Severity: pedantic Certainty: certain Info: The source tarball contains a prebuilt binary for Microsoft Windows. They are usually left by convenience for end users, although it is possible that upstream also provides tarballs source-only tarballs which you can use. These files usually just take up space in the tarball and are of no use in Debian. You may want to ask upstream to provide source-only tarballs. Tag: tar-errors-from-source Severity: normal Certainty: wild-guess Info: tar produced an error while unpacking this source package. This probably means there's something broken or at least strange about the way the upstream tar file was constructed. You may want to report this as an upstream bug.