Check-Script: scripts Author: Richard Braakman Abbrev: scr Type: binary Unpack-Level: 2 Info: This script checks the #! lines of scripts in a package. Needs-Info: file-info, scripts Tag: script-without-interpreter Type: error Info: This file starts with the #! sequence that identifies scripts, but it does not name an interpreter. Tag: executable-not-elf-or-script Type: warning Info: This executable file is not an ELF format binary, and does not start with the #! sequence that marks interpreted scripts. It might be a sh script that fails to name /bin/sh as its shell. Ref: policy 10.4 Tag: script-not-executable Type: warning Info: This file starts with the #! sequence that marks interpreted scripts, but it is not executable. Tag: interpreter-not-absolute Type: warning Info: This script uses a relative path to locate its interpreter. This path will be taken relative to the caller's current directory, not the script's, so it is not likely to be what was intended. Tag: unusual-interpreter Type: warning Info: This package contains a script for an interpreter that the Lintian maintainers have not heard of. It could be a typo for a common interpreter. If not, please file a wishlist bug on lintian so that the Lintian maintainers can add this interpreter to their list. Tag: script-uses-bin-env Type: warning Info: This script uses /bin/env as its interpreter (used to find the actual interpreter on the user's path). There is no /bin/env on Debian systems; env is instead installed as /usr/bin/env. Usually, the path to env in the script should be changed. Tag: forbidden-config-interpreter Type: error Info: This package contains a config script for pre-configuring the package. During pre-configuration, however, only essential packages are guaranteed to be installed, so you cannot use a non-essential interpreter. Tag: unusual-control-interpreter Type: info Info: This package contains a control script for an interpreter that is not normally used for control scripts. Tag: interpreter-in-usr-local Type: error Info: This package contains a script that looks for an interpreter in a directory in /usr/local. Since Debian does not install anything in /usr/local, this is the wrong place to look. Tag: interpreter-without-predep Type: error Info: The package contains a control script that uses an unusual interpreter, but does not declare a pre-dependency on the package that provides this interpreter. . A perusal of &packaging; section 6.2 shows that any of the control scripts can be called while the package is not configured. Therefore, a pre-dependency is required to ensure that the interpreter is always available when the script is invoked. . Please do not add a pre-dependency without following the policy for doing so. (Policy section 3.5). Tag: missing-dep-for-interpreter Type: error Info: You used an interpreter for a script that is not in an essential package. In most cases, you will need to add a Dependency on the package that contains the interpreter. If the dependency is already present, please file a bug against Lintian with the details of your package so that its database can be updated. . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. Tag: csh-considered-harmful Type: warning Info: The Debian policy for scripts explicitly warns against using csh and tcsh as scripting languages. Ref: policy 10.4 Tag: suid-perl-script-but-no-perl-suid-dep Type: error Info: Packages that use perl scripts that are suid must depend on the perl-suid package. . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. Tag: wrong-path-for-interpreter Type: error Info: The interpreter you used is installed at another location on Debian systems. Tag: gawk-script-but-no-gawk-dep Type: error Info: Packages that use gawk scripts must depend on the gawk package. If they don't need gawk-specific features, and can just as easily work with mawk, then they should be awk scripts instead. . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. Tag: mawk-script-but-no-mawk-dep Type: error Info: Packages that use mawk scripts must depend on the mawk package. If they don't need mawk-specific features, and can just as easily work with gawk, then they should be awk scripts instead. . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. Tag: php-script-but-no-phpX-cli-dep Type: error Info: Packages with PHP scripts must depend on a phpX-cli package such as php5-cli. Note that a dependency on a php-cgi package (such as php5-cgi) is needlessly strict and forces the user to install a package that isn't needed. . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. . Lintian can only recognize phpX-cli dependencies for values of X that it knows are available in the archive. If this package depends on a php-cli package that Lintian doesn't know about, please file a bug against Lintian so that it can be updated. Tag: python-script-but-no-python-dep Type: error Info: Packages with Python scripts must depend on the package python. Those that have scripts executed with a versioned python package need a dependency on the equivalent version of python. . For example, if a script in the package uses #!/usr/bin/python, the package needs a dependency on "python". If a script uses #!/usr/bin/python2.5, the package need a dependency on "python2.5". . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. Tag: ruby-script-but-no-ruby-dep Type: error Info: Packages with Ruby scripts must depend on the package ruby. Those that have Ruby scripts that run under a specific version of Ruby need a dependency on the equivalent version of Ruby. . For example, if a script in the package uses #!/usr/bin/ruby, the package needs a dependency on "ruby". If a script uses #!/usr/bin/ruby1.9, then the package need a dependency on "ruby1.9". . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. Tag: wish-script-but-no-wish-dep Type: error Info: Packages that include wish scripts must depend on the virtual package wish or, if they require a specific version of wish or tk, that version of tk. . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. Tag: tclsh-script-but-no-tclsh-dep Type: error Info: Packages that include tclsh scripts must depend on the virtual package tclsh or, if they require a specific version of tcl, that version of tcl. . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. Tag: calls-suidperl-directly Type: error Info: Since perl version 5.8.3-3, /usr/bin/suidperl shouldn't be called directly anymore (and doing so will lead to errors in most cases) but the script should just use /usr/bin/perl as interpreter which will call suidperl automatically if the script has the suid permission bit set. Tag: shell-script-fails-syntax-check Type: error Info: Running this shell script with the shell's -n option set fails, which means that the script has syntax errors. . Run e.g. sh -n yourscript to see the errors yourself. Tag: maintainer-shell-script-fails-syntax-check Type: error Info: Running this shell script with the shell's -n option set fails, which means that the script has syntax errors. This will likely make the package uninstallable. . Run e.g. sh -n yourscript to see the errors yourself. Tag: possibly-insecure-handling-of-tmp-files-in-maintainer-script Type: warning Info: The maintainer script seems to access a file in /tmp or some other temporary directory. Since creating temporary files in a world-writable directory is very dangerous, this is likely to be a security bug. Use the tempfile or mktemp utilities to create temporary files in these directories. Ref: policy 10.4 Tag: killall-is-dangerous Type: warning Info: The maintainer script seems to call killall. Since this utility kills processes by name, it may well end up killing unrelated processes. Most uses of killall should use invoke-rc.d instead. Tag: mknod-in-maintainer-script Type: error Ref: policy 10.6 Info: Maintainer scripts must not create device files directly. They should call MAKEDEV instead. Tag: start-stop-daemon-in-maintainer-script Type: warning Info: The maintainer script seems to calll start-stop-daemon directly. Long-running daemons should be started and stopped via init scripts using invoke-rc.d rather than directly in maintainer scripts. Tag: maintainer-script-removes-device-files Type: error Ref: policy 10.6 Info: Maintainer scripts must not remove device files. This is left to the system administrator. Tag: read-in-maintainer-script Type: warning Ref: policy 3.9.1 Info: This maintainer script appears to use read to get information from the user. Prompting in maintainer scripts should be done by communicating through a program such as debconf which conforms to the Debian Configuration management specification, version 2 or higher. Tag: possible-bashism-in-maintainer-script Type: warning Ref: policy 10.4 Info: This script is marked as running under /bin/sh, but it seems to use a feature found in bash but not in the SUSv3 or POSIX shell specification. . Examples: '==' in a test, it should use '=' instead 'read' without a variable in the argument 'function' to define a function 'source' instead of '.' '. command args', passing arguments to commands via 'source' is not supported '{foo,bar}' instead of 'foo bar' '[[ test ]]' instead of '[ test ]' (requires a Korn shell) Tag: suidregister-used-in-maintainer-script Type: error Info: This script calls suidregister, a long-obsolete program that has been replaced by dpkg-statoverride. Tag: maintainer-script-needs-depends-on-update-inetd Type: warning Info: This script calls update-inetd, but the package does not depend or pre-depend on inet-superserver, any of the providers of inet-superserver which provide it, or update-inetd. . update-inetd has been moved from netbase into a separate package, so a dependency on netbase should be updated to depend on "openbsd-inetd | inet-superserver". Tag: maintainer-script-needs-depends-on-adduser Type: warning Info: This script calls adduser, but the package does not depend or pre-depend on the adduser package. Tag: maintainer-script-needs-depends-on-gconf2 Type: warning Info: This script calls gconf-schemas, which comes from the gconf2 package, but does not depend or pre-depend on gconf2. If you are using dh_gconf, add a dependency on ${misc:Depends} and dh_gconf will take care of this for you. Tag: maintainer-script-needs-depends-on-ucf Type: warning Info: This script calls ucf, but the package does not depend or pre-depend on the ucf package. Tag: maintainer-script-needs-depends-on-xml-core Type: warning Info: This script calls update-xmlcatalog, which comes from the xml-core package, but does not depend or pre-depend on xml-core. Packages that call update-xmlcatalog need to depend on xml-core. If you are using dh_installxmlcatalogs, add a dependency on ${misc:Depends} and dh_installxmlcatalogs will take care of this for you. Tag: update-alternatives-remove-called-in-postrm Type: warning Info: update-alternatives --remove <alternative> foo is called in the postrm. This can be dangerous because at the time the postrm is executed foo has already been deleted and update-alternatives will ignore it while constructing its list of available alternatives. Then, if the /etc/alternatives symlink points at foo, update-alternatives won't recognize it and will mark the symlink as something site-specific. As such, the symlink will no longer be updated automatically and will be left dangling until update-alternatives --auto <alternative> is run by hand. . update-alternatives --remove should be called in the prerm instead. Tag: deprecated-chown-usage Type: warning Info: chown user.group is called in one of the maintainer scripts. The correct syntax is chown user:group. Using "." as a separator is still supported by the GNU tools, but it will fail as soon as a system uses the "." in user or group names. Tag: maintainer-script-hides-init-failure Type: warning Info: This script calls invoke-rc.d to run an init script but then, if the init script fails, exits successfully (using || exit 0). If the init script fails, the maintainer script should probably fail. . The most likely cause of this problem is that the package was built with a debhelper version suffering from Bug#337664 that inserted incorrect invoke-rc.d code in the generated maintainer script. The package needs to be reuploaded (could be bin-NMUd, no source changes needed). Tag: maintainer-script-calls-init-script-directly Type: error Info: This script apparently runs an init script directly rather than using invoke-rc.d. The use of invoke-rc.d to invoke the /etc/init.d/* initscripts instead of calling them directly is required. Maintainer scripts may call the init script directly only if invoke-rc.d is not available. Ref: policy 9.3.3.2 Tag: gconftool-used-in-maintainer-script Type: warning Info: This script apparently runs gconftool or gconftool-2. It should probably be calling gconf-schemas or update-gconf-defaults instead. Tag: maintainer-script-uses-dpkg-status-directly Type: error Info: The file /var/lib/dpkg/status is internal to dpkg, may disappear or change formats, and is not always a correct and complete record of installed packages while dpkg is running. Maintainer scripts should use dpkg-query instead. For the most common case of retrieving conffile information, use: . dpkg-query -W -f='${Conffiles}' <package> . instead. Ref: http://wiki.debian.org/DpkgConffileHandling Tag: maintainer-script-modifies-netbase-managed-file Type: error Info: The maintainer script modifies at least one of the files /etc/services, /etc/protocols, and /etc/rpc, which are managed by the netbase package. Instead of doing this, please file a wishlist bug against netbase to have an appropriate entry added. Ref: policy 10.7.4 Tag: maintainer-script-modifies-inetd-conf Type: error Info: The maintainer script modifies /etc/inetd.conf directly. This file must not be modified directly; instead, use the update-inetd script or the DebianNet.pm Perl module. Ref: policy 10.7.4 Tag: install-sgmlcatalog-deprecated Type: error Info: The maintainer script apparently runs install-sgmlcatalog with flags other than --quiet and --remove or in a maintainer script other than postinst or prerm. install-sgmlcatalog is deprecated and should only be used in postinst or prerm to remove the entries from earlier packages. Given how long ago this transition was, consider removing it entirely. Tag: maintainer-script-empty Type: warning Info: The maintainer script doesn't seem to contain any code other than comments and boilerplate (set -e, exit statements, and the case statement to parse options). While this is harmless in most cases, it is probably not what you wanted, may mean the package will leave unnecessary files behind until purged, and may even lead to problems in rare situations where dpkg would fail if no maintainer script was present. . If the package currently doesn't need to do anything in this maintainer script, it shouldn't be included in the package. Tag: ancient-dpkg-predepends-check Type: warning Info: The package calls dpkg --assert-support-predepends in a maintainer script. This check is obsolete and has always returned true since dpkg 1.1.0, released 1996-02-11. Tag: ancient-dpkg-epoch-check Type: warning Info: The package calls dpkg --assert-working-epoch in a maintainer script. This check is obsolete and has always returned true since dpkg 1.4.0.7, released 1997-01-25. Tag: ancient-dpkg-long-filenames-check Type: warning Info: The package calls dpkg --assert-long-filenames in a maintainer script. This check is obsolete and has always returned true since dpkg 1.4.1.17, released 1999-10-21. Tag: ancient-dpkg-multi-conrep-check Type: warning Info: The package calls dpkg --assert-multi-conrep in a maintainer script. This check is obsolete and has always returned true since dpkg 1.4.1.19, released 1999-10-30.