Check-Script: files Author: Christian Schwarz Abbrev: fil Type: binary, udeb Unpack-Level: 1 Needs-Info: objdump-info, scripts Info: This script checks if a binary package conforms to policy WRT to files and directories. Tag: package-contains-ancient-file Type: error Info: Your package contains a file that claims to been generated more than 20 years ago. This is most probably an error. Your package will be rejected by the Debian archive scripts if it contains a file with such a timestamp. Tag: old-app-defaults-directory Type: error Info: The app-defaults files have moved to /etc/X11/app-defaults/. Files in the old directory, /usr/X11R6/lib/X11/app-defaults/, will no longer be used by X. The old directory should not exist in packages at all; this prevents X from replacing it with a compatability symlink. Ref: policy 11.8.6 Tag: package-installs-font-to-usr-x11r6 Type: error Info: The standard location for X fonts has moved to /usr/share/fonts/X11. Packages providing X fonts must install them into the new path. Fonts installed into the old /usr/X11R6/lib/X11/fonts path may not be seen by the X server. . If the package uses imake, it must build-depend on xutils-dev (>= 1:1.0.2-2) for the correct paths. If it uses dh_installxfonts to handle X font installation, it must build-depend on debhelper (>= 5.0.31). Ref: policy 11.8.5 Tag: package-installs-file-to-usr-x11r6-bin Type: error Info: Debian has switched to the modular X tree which now uses the regular FHS paths, and all packages must follow. All packages installing binaries must install them into /usr/bin (or some other appropriate location) instead of /usr/X11R6/bin. . The x11-common package attempts to change /usr/X11R6/bin into a symlink to /usr/bin, so if this migration has already occurred, a package installing files into /usr/X11R6/bin may appear to install successfully. However, such a package will be left in an inconsistent state and may orphan files when the compatibility link goes away. . If the package uses imake, it must build-depend on xutils-dev (>= 1:1.0.2-2) for the correct paths. Ref: policy 11.8.7 Tag: file-in-usr-something-x11-without-pre-depends Type: info Info: Packages that install files into /usr/include/X11 or /usr/lib/X11 should pre-depend on at least x11-common (>= 1:7.0.0). These directories used to be symlinks and installing files in them while they are still symlinks will put files in the wrong locations and cause stranded files and other problems. x11-common is responsible for converting the symlinks to regular directories. . A fresh etch (or later) install will not have problems even without this dependency, but this dependency is needed for upgrades from sarge and is therefore still useful for backports. Ref: policy 11.8.7 Tag: package-installs-file-to-usr-x11r6 Type: error Info: Packages using the X Window System should not be configured to install files under the /usr/X11R6/ directory. Debian has switched to the modular X tree which now uses regular FHS paths and all packages should follow. . Programs that use GNU autoconf and automake are usually easily configured at compile time to use /usr/ instead of /usr/X11R6/. Packages that use imake must build-depend on xutils-dev (>= 1:1.0.2-2) for the correct paths. Ref: policy 11.8.7 Tag: config-file-reserved Type: error Info: This file is reserved by a specific package. Please email the maintainer of the package in question if you have questions. Tag: package-uses-obsolete-file Type: warning Info: the file, /etc/nntpserver, is no longer recommenced. As of policy revision 2.5.1.0, /etc/news/server is the preferred file to use to specify a news server. Ref: policy 11.7 Tag: FSSTND-dir-in-usr Type: error Info: As of policy version 3.0.0.0, Debian no longer follows the FSSTND. . Instead, the Filesystem Hierarchy Standard (FHS), version 2.3, is used. You can find it in /usr/share/doc/debian-policy/fhs/ . Tag: FSSTND-dir-in-var Type: error Info: As of policy version 3.0.0.0, Debian no longer follows the FSSTND. . Instead, the Filesystem Hierarchy Standard (FHS), version 2.3, is used. You can find it in /usr/share/doc/debian-policy/fhs/ . Tag: package-installs-into-etc-gconf-schemas Type: warning Info: The package installs files into the /etc/gconf/schemas directory. No package should do this; this directory is reserved for local overrides. Instead, schemas should be installed into /usr/share/gconf/schemas. Tag: package-installs-into-etc-rc.d Type: error Info: The package installs files into the /etc/rc.d or /etc/rc?.d which is not allowed. Ref: policy 9.3.3 Tag: package-installs-into-etc-rc.boot Type: error Info: The package installs files in the /etc/rc.boot directory, which is obsolete. See rc.boot(5) for details. Ref: policy 9.3.4 Tag: non-standard-file-permissions-for-etc-init.d-script Type: error Info: Usually, scripts in the /etc/init.d directory should have mode 0755. Tag: file-directly-in-usr-share Type: error Info: Packages should not install files directly in /usr/share, i.e., without a subdirectory. . You should either create a subdirectory /usr/share/... for your package or place the file in /usr/share/misc. Tag: file-in-usr-local Type: error Info: The package installs a file in /usr/local/... which is not allowed. Ref: policy 9.1.2 Tag: file-in-opt Type: error Info: The package installs a file in /opt/... which is not allowed. Tag: stray-directory-in-manpage-directory Type: error Info: This package installs a directory under /usr/share/man or /usr/X11R6/man that isn't a manual section directory or locale directory. Ref: fhs 4.11.5 Tag: executable-manpage Type: error Info: Manual pages are not meant to be executed. Tag: dir-in-usr-local Type: error Info: The package installs a directory in /usr/local/... which is not allowed. . If you want to provide an empty directory in /usr/local for convenience of the local system administrator, please follow the rules in the policy manual (section 9.1.2), i.e., create the directories in the postinst script but don't fail if this isn't possible (e.g., if /usr/local is mounted read-only). Ref: policy 9.1.2 Tag: possible-name-space-pollution Type: warning Info: The package installs a binary which uses a very short file name (one or two characters). This is not forbidden by policy, but short names should be reserved for the user. Unless this short name has been used for a while already (like the famous `ls', `rm', `cp' commands), you should consider giving these binaries a longer name. Tag: non-standard-dir-perm Type: warning Info: The directory has a mode different from 0755, and it's not one of the known exceptions. Ref: policy 10.9 Tag: executable-is-not-world-readable Type: warning Info: All executables should be readable by any user. Since anyone can download the Debian package and obtain a copy of the executable, no security is gained by making the executable unreadable even for setuid binaries. If only members of a certain group may execute this file, remove execute permission for world, but leave read permission. Ref: policy 10.9 Tag: non-standard-executable-perm Type: warning Info: Executables that are not setuid or setgid should always have a mode of 0755. Since anyone can obtain the executable by downloading the Debian package and extracting it, restricting access serves little purpose. Ref: policy 10.9 Tag: non-standard-game-executable-perm Type: warning Info: The file is owned by the games group but is not mode 2755. If a game does not have to be setgid games, it should be owned by the root group like any other executable. This executable is either owned by the wrong group or is not setgid when it should be. Tag: non-standard-setuid-executable-perm Type: warning Info: The file is setuid or setgid and has a mode different from any of 2755, 4755, 4754, or 6755. Any other permissions on setuid executables is probably a bug. In particular, removing root write privileges serves no purpose, group-writable setuid or setgid executables are probably bad ideas, and setgid executables that are not world-executable serve little purpose. Ref: policy 10.9 Tag: setuid-binary Type: warning Info: The file is tagged SETUID. In some cases this is intentional, but in other cases this is a bug. If this is intentional, please add a lintian override to document this fact. Tag: setgid-binary Type: warning Info: The file is tagged SETGID. In some cases this is intentional, but in other cases this is a bug. If this is intentional, please add a lintian override to document this fact. Tag: setuid-gid-binary Type: warning Info: The file is tagged SETUID and SETGID. In some cases this is intentional, but in other cases this is a bug. If this is intentional, please add a lintian override to document this fact. Tag: non-standard-file-perm Type: warning Info: The file has a mode different from 0644. In some cases this is intentional, but in other cases this is a bug. Ref: policy 10.9 Tag: special-file Type: error Info: The package contains a special file (e.g., a device file). This is forbidden by current policy. If your program needs this device, you should create it by calling makedev from the postinst script. Ref: policy 10.6 Tag: old-style-example-dir Type: error Info: The package installs some files into the old /usr/doc/examples directory. The new location for examples is /usr/share/doc/pkg/examples. Tag: compressed-symlink-with-wrong-ext Type: error Info: The package installs a symbolic link pointing to a compressed file, but the symbolic link does not use the same file extension than the referenced file. In most cases, this can produce troubles when the user or a program tries to access the file through the link. Ref: policy 10.5 Tag: symlink-has-double-slash Type: error Info: This symlink contains two successive slashes (//). This is in violation of policy, where it is stated that symlinks should be as short as possible . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: symlink-ends-with-slash Type: error Info: This symlink ends with a slash (/). This is in violation of policy, where it is stated that symlinks should be as short as possible . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: symlink-should-be-relative Type: warning Info: Symlinks to files which are in the same top-level directory should be relative according to policy. (In other words, a link in /usr to another file in /usr should be relative, while a link in /usr to a file in /etc should be absolute.) . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: symlink-should-be-absolute Type: error Info: Symbolic links between different top-level directories should be absolute. . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: udeb-contains-documentation-file Type: error Info: udeb packages should not contain any documentation. Tag: executable-in-usr-share-doc Type: error Info: Usually, documentation files in /usr/share/doc should have mode 0644. If the executable is an example, it should go in /usr/share/doc/pkg/examples. Tag: script-in-usr-share-doc Type: info Info: Scripts are usually not documentation files, unless they are examples, in which case they should be in the /usr/share/doc/pkg/examples directory. Tag: symlink-has-too-many-up-segments Type: error Info: The symlink references a directory beyond the root directory `/'. Tag: lengthy-symlink Type: error Info: This link goes up, and then back down into the same subdirectory. Making it shorter will improve its chances of finding the right file if the user's system has lots of symlinked directories. . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: symlink-is-self-recursive Type: warning Info: The symbolic link is recursive to a higher directory of the symlink itself. This means, that you can infinitely chdir with this symlink. This is usually not okay, but sometimes wanted behaviour. Tag: symlink-contains-spurious-segments Type: error Info: The symbolic link has needless segments like '..' and '.' in the middle. These are unneeded, and make the link longer than it could be, which is in violation of policy. . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: run-parts-cron-filename-contains-full-stop Type: warning Info: The script in /etc/cron.<time-interval> will not be executed by run-parts(8) because the filename contains a "." (full stop). Tag: bad-permissions-for-etc-cron.d-script Type: error Info: Files in /etc/cron.d are configuration files for cron and not scripts. Thus, they should not be marked executable. Tag: bad-permissions-for-etc-emacs-script Type: error Info: Files in the /etc/emacs* directories should not be marked executable. Tag: image-file-in-usr-lib Type: warning Info: This package installs a pixmap or a bitmap within /usr/lib. According to the Filesystem Hierarchy Standard, architecture-independent files need to be placed within /usr/share instead. Tag: file-directly-in-usr-share-doc Type: error Info: Documentation files have to be installed in /usr/share/doc/pkg. Ref: policy 12.3 Tag: bad-owner-for-doc-file Type: error Info: Documentation files should be owned by root/root. Tag: dir-or-file-in-var-www Type: error Ref: fhs 5 Info: Debian packages should not install files under /var/www. This is not one of the /var directories in the File Hierarchy Standard and is under the control of the local administrator. Packages should not assume that it is the document root for a web server; it is very common for users to change the default document root and packages should not assume that users will keep any particular setting. . Packages that want to make files available via an installed web server should instead put instructions for the local administrator in a README.Debian file and ideally include configuration fragments for common web servers such as Apache. . As an exception, packages are permitted to create the /var/www directory due to its past history as the default document root, but should at most copy over a default file in postinst for a new install. Tag: dir-or-file-in-tmp Type: error Info: Packages should not install into /tmp or /var/tmp. Tag: dir-or-file-in-mnt Type: error Info: Packages should not install into /mnt. The FHS states that the contents of this directory is a local issue. Tag: dir-or-file-in-opt Type: error Info: Debian packages should not install into /opt, because it is reserved for add-on software. Tag: dir-or-file-in-srv Type: error Ref: fhs 3 Info: Debian packages should not install into /srv. The specification of /srv states that its structure is at the discretion of the local administrator and no package should rely on any particular structure. Debian packages that install files directly into /srv can't adjust for local policy about its structure and in essence force a particular structure. . If a package wishes to put its data in /srv, it must do this in a way that allows the local administrator to specify and preserve their chosen directory structure (such as through post-install configuration, setup scripts, debconf prompting, etc.). Tag: third-party-package-in-python-dir Type: warning Info: According to http://www.python.org/doc/essays/packages.html, third-party python packages should install their files in /usr/lib/python1.5/site-packages. All other directories in /usr/lib/python1.5 are for use by the core python packages. Tag: perl-module-in-core-directory Type: error Info: Packaged modules must not be installed into the core perl directories as those directories change with each upstream perl revision. The vendor directories are provided for this purpose. Ref: perl-policy 3.1 Tag: backup-file-in-package Type: warning Info: There is a file in the package whose name matches the format emacs or vim uses for backup and autosave files. It may have been installed by accident. Tag: nfs-temporary-file-in-package Type: warning Info: There is a file in the package whose name matches the format NFS uses to temporarily save files that were deleted while another process had them open. It may have been included in the package by accident while building the package in an NFS filesystem. Tag: windows-thumbnail-database-in-package Type: warning Info: There is a file in the package named Thumbs.db or Thumbs.db.gz, which is normally a Windows image thumbnail database. Such databases are generally useless in Debian packages and were usually accidentally included by copying complete directories from the source tarball. Tag: macos-ds-store-file-in-package Type: warning Info: There is a file in the package named .DS_Store or .DS_Store.gz, the file name used by Mac OS X to store folder attributes. Such files are generally useless in Debian packages and were usually accidentally included by copying complete directories from the source tarball. Tag: macos-resource-fork-file-in-package Type: warning Info: There is a file in the package with a name starting with ._, the file name pattern used by Mac OS X to store resource forks in non-native file systems. Such files are generally useless in Debian packages and were usually accidentally included by copying complete directories from the source tarball. Tag: package-installs-perllocal-pod Type: warning Info: This package installs a file perllocal.pod. Since that file is intended for local documentation, it is not likely that it is a good place for documentation supplied by a Debian package. In fact, installing this package will wipe out whatever local documentation existed there. Tag: extra-license-file Type: warning Ref: policy 12.5 Info: All license information should be collected in the debian/copyright file. This usually makes it unnecessary for the package to install this information in other places as well. Tag: non-standard-toplevel-dir Type: error Info: The Filesystem Hierarchy Standard forbids the installation of new files or directories in the root directory, in section 3. Tag: subdir-in-bin Type: error Info: The Filesystem Hierarchy Standard forbids the installation of new directories in /bin. Tag: subdir-in-usr-bin Type: error Info: The Filesystem Hierarchy Standard forbids the installation of new directories in /usr/bin other than /usr/bin/mh. Tag: non-standard-dir-in-usr Type: warning Info: The FHS says "No large software packages should use a direct subdirectory under the /usr hierarchy". This package contains a directory in /usr that is not mentioned in the Filesystem Hierarchy Standard. Tag: non-standard-dir-in-var Type: error Info: The FHS says "Applications should generally not add directories to the top level of /var. Such directories should only be added if they have some system-wide implication, and in consultation with the FHS mailing list." Tag: use-of-compat-symlink Type: error Info: This package uses a directory that, according to the Filesystem Hierarchy Standard, should exist only as a compatibility symlink. Packages should not traverse such symlinks when installing files, they should use the standard directories instead. Tag: file-in-unusual-dir Type: warning Info: This file or symbolic link is in a directory where files are not normally installed by Debian packages. Tag: package-installs-packlist Type: error Info: Packages built using the perl MakeMaker package will have a file named .packlist in them. Those files are useless, and (in some cases) have the additional problem of creating an architecture-specific directory name in an architecture-independent package. . They can be suppressed by adding the following to debian/rules: . find debian/pkg -type f -name .packlist | xargs rm -f . or by telling MakeMaker to use vendor install dirs; consult a recent version of Perl policy. Perl 5.6.0-12 or higher supports this. Tag: zero-byte-file-in-doc-directory Type: warning Info: Package contains a file which is empty. Tag: override-file-in-wrong-location Type: error Info: Location of per package overrides the file /usr/share/lintian/overrides/package. See the lintian documentation for more info on proper naming and format. Tag: package-contains-upstream-install-documentation Type: warning Ref: policy 12.3 Info: Binary packages do not need to contain the instructions for building and installing the package as this info is not needed by package users. If the info contained is important for configuration perhaps it could be summarized in README.Debian, otherwise an override may be added. Tag: package-contains-hardlink Type: warning Info: The package contains a hardlink in /etc or across different directories. This might not work at all if directories are on different filesystems (which can happen anytime as the system administrator sees fit), certain filesystems such as AFS don't even support cross-directory hardlinks at all. . For configuration files, certain editors might break hardlinks, and so does dpkg in certain cases. . A better solution might be using symlinks here. Tag: package-contains-bts-control-dir Type: warning Info: The package contains a control directory for a bug tracking system. It was most likely installed by accident, since bug tracking directories usually don't belong in packages. Tag: package-contains-vcs-control-dir Type: warning Info: The package contains a control directory for a version control system. It was most likely installed by accident, since version control directories usually don't belong in packages. Tag: package-contains-xvpics-dir Type: error Info: Package contains a .xvpics directory. It was most likely installed by accident, since thumbnails usually don't belong in packages. Tag: package-contains-vcs-control-file Type: warning Info: The package contains a VCS control file such as .(cvs|git|hg)ignore. Files such as these are used by revision control systems to, for example, specify untracked files it should ignore or inventory files. This file is generally useless in an installed package and was probably installed by accident. Tag: svn-commit-file-in-package Type: warning Info: The package contains an svn-commit(.NNN).tmp file. This file is almost certainly a left-over from a failed Subversion commit, and does not belong in a Debian package. Tag: svk-commit-file-in-package Type: warning Info: The package contains an svk-commitNNN.tmp file. This file is almost certainly a left-over from a failed Subversion commit, and does not belong in a Debian package. Tag: nested-examples-directory Type: error Info: Package contains a usr/share/doc/something/examples/examples directory. It was most likely installed by accident, since one examples/ directory should be enough for everybody(tm). Tag: package-installs-nonbinary-perl-in-usr-lib-perl5 Type: warning Info: Architecture-independent Perl code should be placed in /usr/share/perl5, not /usr/lib/perl5 unless there is at least one architecture-dependent file in the module. Tag: file-in-usr-lib-site-python Type: error Ref: Python policy 1.4 Info: The directory /usr/lib/site-python has been deprecated as a location for installing Python modules and may be dropped from Python's module search path in a future version. Most likely this module is a private module and should be packaged in a directory outside of Python's default search path. Tag: package-installs-python-pyc Type: warning Info: Compiled python source files should not be included in the package. These files should be removed from the package and created at package installation time in the postinst. Tag: bad-permissions-for-ali-file Type: warning Info: Ada Library Information (*.ali) files are required to be read-only (mode 0444) by GNAT. . If at least one user can write the *.ali file, GNAT considers whether or not to recompile the corresponding source file. Such recompilation would fail because normal users don't have write permission on the files. Moreover, such recompilation would defeat the purpose of library packages, which provide *.a and *.so libraries to link against). Tag: package-contains-readme-for-other-platform-or-distro Type: warning Info: package contains a README.(platform) file that contains instructions specific to a platform or distribution other than Debian and thus can most likely be removed. If it contains information that pertains to Debian, please consider renaming it, or including it in an already existing README file. Tag: desktop-file-in-wrong-dir Type: warning Info: The package contains a .desktop file in an obsolete directory. According to the menu-spec draft on freedesktop.org, those .desktop files that are intended to create a menu should be placed in /usr/share/applications, not /usr/share/gnome/apps. Tag: file-in-usr-lib-cgi-bin Type: warning Info: Packages shipping web server CGI files should install them in /usr/lib/cgi-lib, not in /usr/lib/cgi-bin. This is done to avoid conflicts with the cgi-bin script alias, which is reserved for the local use of webmasters. Web servers should include /cgi-lib/ as a standard ScriptAlias pointing to that directory. Ref: policy 11.5 Tag: script-with-language-extension Type: warning Info: When scripts are installed into a directory in the system PATH, the script name should not include an extension such as .sh or .pl that denotes the scripting language currently used to implement it. The implementation language may change; if it does, leaving the name the same would be confusing and changing it would be disruptive. Ref: policy 10.4 Tag: file-in-usr-lib-sgml Type: warning Ref: fhs 4 Info: This package installs a file in /usr/lib/sgml. This was the old location for SGML catalogs and similar flies. All those files should now go into /usr/share/sgml. Tag: file-name-ends-in-whitespace Type: warning Info: This package installs a file or directory whose name ends in whitespace. This might be intentional but it's normally a mistake. If it is intentional, add a lintian override. . One possible cause is using debhelper 5.0.57 or earlier to install a doc-base file with a Document field that ends in whitespace. Tag: package-contains-empty-directory Type: warning Info: This package installs an empty directory. This might be intentional but it's normally a mistake. If it is intentional, add a lintian override. Tag: package-section-games-but-contains-no-game Type: error Ref: policy 11.11 Info: This package is marked as part of the section games, but doesn't contain files in /usr/games. Binaries of games must be installed in /usr/games. Tag: package-section-games-but-has-usr-bin Type: warning Ref: policy 11.11 Info: This package is marked as part of the section games, but contains exectuables in /bin or /usr/bin/. This can be intentional, but is usually a mistake. Tag: package-contains-devhelp-file-without-symlink Type: warning Info: This package contains a *.devhelp or *.devhelp2 file which is not in the devhelp search path (/usr/share/devhelp/books and /usr/share/gtk-doc/html) and is apparently not in a directory linked into the devhelp search path. This will prevent devhelp from finding the documentation. . If the devhelp documentation is installed in a path outside the devhelp search path (such as /usr/share/doc), create a symlink in /usr/share/gtk-doc/html pointing to the documentation directory. Tag: debug-package-should-be-named-dbg Type: warning Info: This package provides at least one file in /usr/lib/debug, which is intended for detached debugging symbols, but the package name does not end in "-dbg". Detached debugging symbols should be put into a separate package, Priority: extra, with a package name ending in "-dbg". Tag: package-contains-linda-override Type: warning Info: This package contains a linda override file in /usr/share/linda/overrides. Linda is obsolete and has been removed from the archive as of 2008-03-04. Linda overrides should probably be dropped from packages. Tag: wrong-file-owner-uid-or-gid Type: error Info: The user or group ID of the owner of the file is invalid. The owner user and group IDs must be in the set of globally allocated IDs, because other IDs are dynamically allocated and might be used for varying purposes on different systems, or are reserved. The set of the allowed, globally allocated IDs consists of the ranges 0-99, 64000-64999 and 65534. Ref: policy 9.2 Tag: embedded-javascript-library Type: warning Info: This package contains an embedded copy of the JQuery, Prototype, Mochikit or "Cropper" JavaScript libraries that are now available in their own packages. Please depend on the appropriate package and symlink the library into the appropriate location. Ref: policy 4.13