1 Check-Script: shared-libs
2 Author: Christian Schwarz <schwarz@debian.org>
6 Needs-Info: file-info, objdump-info
7 Info: This script checks if a binary package conforms to shared library policy.
9 Tag: shlib-with-executable-bit
12 Info: Shared libraries should be mode 0644.
15 Tag: shlib-with-bad-permissions
18 Info: Shared libraries should be mode 0644.
21 Tag: shlib-with-non-pic-code
25 Info: The listed shared libraries contain object code that was compiled
26 without -fPIC. All object code in shared libraries should be recompiled
27 separately from the static libraries with the -fPIC option.
29 Another common mistake that causes this problem is linking with
30 <tt>gcc -Wl,-shared</tt> instead of <tt>gcc -shared</tt>.
32 In some cases, exceptions to this rule are warranted. If this is such a
33 case, follow the procedure outlined in Policy and then please document
34 the exception by adding a lintian override to this package.
36 To check whether a shared library has this problem, run <tt>readelf
37 -d</tt> on the shared library. If a tag of type TEXTREL is present, the
38 shared library contains non-PIC code.
40 Tag: shlib-without-versioned-soname
43 Ref: policy 10.2, policy 8.6
44 Info: The listed shared library in a public library directory has an
45 SONAME that does not contain any versioning information, either after the
46 <tt>.so</tt> or before it and set off by a hyphen. It cannot therefore
47 be represented in the shlibs system, and if linked by binaries its
48 interface cannot safely change. There is no backward-compatible way to
49 migrate programs linked against it to a new ABI.
51 Normally, this means the shared library is a private library for a
52 particular application and is not meant for general use. Policy
53 recommends that such libraries be installed in a subdirectory of
54 <tt>/usr/lib</tt> rather than in a public shared library directory.
56 To view the SONAME of a shared library, run <tt>readelf -d</tt> on the
57 shared library and look for the tag of type SONAME.
59 There are some special stub libraries or special-purpose shared objects
60 for which an ABI version is not meaningful. If this is one of those
61 cases, please add an override.
63 Tag: ldconfig-symlink-missing-for-shlib
66 Info: The package should not only include the shared library itself, but also
67 the symbolic link which ldconfig would produce. (This is necessary, so
68 that the link gets removed by dpkg automatically when the package
69 gets removed.) If the symlink is in the package, check that the SONAME of the
70 library matches the info in the shlibs file.
73 Tag: ldconfig-symlink-before-shlib-in-deb
76 Info: In the package contents list, the shared library has to come before
77 any symbolic links referencing the shared library.
80 Tag: dev-pkg-without-shlib-symlink
83 Info: A "-dev" package is supposed to install a "libsomething.so" symbolic
84 link referencing the corresponding shared library. Notice how the link name
85 doesn't include the version number -- this is because such a link is used
86 by the linker when other programs are built against this shared library.
89 Tag: non-dev-pkg-with-shlib-symlink
92 Info: Although this package is not a "-dev" package, it installs a
93 "libsomething.so" symbolic link referencing the corresponding shared
94 library. When the link doesn't include the version number, it is used by
95 the linker when other programs are built against this shared library.
97 Shared libraries are supposed to place such symbolic links in their
98 respective "-dev" packages, so it is a bug to include it with the main
101 However, if this is a small package which includes the runtime and the
102 development libraries, this is not a bug. In the latter case, please
103 override this warning.
106 Tag: preinst-calls-ldconfig
109 Info: The preinst script calls ldconfig. Calls to ldconfig should only be
110 in postinst and postrm scripts.
113 Tag: prerm-calls-ldconfig
116 Info: The prerm script calls ldconfig. Calls to ldconfig should only
117 be in postinst and postrm scripts.
120 Tag: postrm-unsafe-ldconfig
123 Info: The postrm script calls ldconfig unsafely. The postrm
124 must only call ldconfig when given the argument "remove".
127 Tag: no-shlibs-control-file
130 Info: Although the package includes a shared library, the package does not
131 have a shlibs control file. If this is intentional, please override this
135 Tag: pkg-has-shlibs-control-file-but-no-actual-shared-libs
138 Info: Although the package does not include any shared libraries, it does
139 have a shlibs control file. If you did include a shared library, check that
140 the SONAME of the library is set and that it matches the contents of the
143 SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
144 where 0 is the major version of the library. If your package uses libtool,
145 then libtool invoked with the right options should be doing this.
147 Tag: duplicate-entry-in-shlibs-control-file
150 Info: The shlibs control file contains a duplicate entry.
152 Tag: shlib-missing-in-control-file
155 Info: The package contains a shared library that is not listed in the
156 shlibs control file. If this is intentional, please override this error.
159 Tag: unused-shlib-entry-in-control-file
162 Info: The shlibs control file contains an entry for a shared library that
163 is not installed by this package.
166 Tag: shlibs-declares-dependency-on-other-package
169 Info: This package declares in its shlibs control file either a dependency
170 on some other package not listed in the Provides of this package or on a
171 version of this package that the package version doesn't satisfy.
173 Packages should normally only list in their shlibs control file the
174 shared libraries included in that package, and therefore the dependencies
175 listed there should normally be satisfied by either the package itself or
178 In unusual circumstances where it's necessary to declare more complex
179 dependencies in the shlibs control file, please add a lintian override
183 Tag: ldconfig-symlink-referencing-wrong-file
186 Info: The symbolic link references the wrong file. (It should reference
190 Tag: ldconfig-symlink-is-not-a-symlink
193 Info: The package installs a file with the name, ldconfig would use for
194 the symbolic link to reference the shared library.
197 Tag: postinst-has-useless-call-to-ldconfig
200 Info: The postinst script calls ldconfig even though no shared libraries are
201 installed in a directory controlled by the dynamic library loader.
204 Tag: udeb-postinst-must-not-call-ldconfig
207 Info: The postinst script calls ldconfig, which is an error in udebs.
208 ldconfig is not available and not needed in debian-installer
210 Tag: postrm-has-useless-call-to-ldconfig
213 Info: The postrm script calls ldconfig even though no shared libraries are
214 installed in a directory controlled by the dynamic library loader.
217 Tag: postinst-must-call-ldconfig
220 Info: The package installs shared libraries in a directory controlled by
221 the dynamic library loader. Therefore, the package must call "ldconfig" in
225 Tag: postrm-should-call-ldconfig
228 Info: The package installs shared libraries in a directory controlled by
229 the dynamic library loader. Therefore, the package should call "ldconfig"
230 in its postrm script.
233 Tag: sharedobject-in-library-directory-missing-soname
236 Info: A shared object was identified in a library directory (a directory
237 in the standard linker path) which doesn't have a SONAME. This is
240 SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
241 where 0 is the major version of the library. If your package uses libtool,
242 then libtool invoked with the right options should be doing this.
244 To view the SONAME of a shared library, run <tt>readelf -d</tt> on the
245 shared library and look for the tag of type SONAME.
247 Tag: shlib-without-PT_GNU_STACK-section
250 Info: The listed shared libraries lacks a PT_GNU_STACK section. This forces
251 the dynamic linker to make the stack executable.
253 The shared lib is linked either with a non-GNU linker or a linker which is
254 very old. This problem can be fixed with a rebuild.
256 To see whether a shared library has this section, run <tt>readelf -l</tt>
257 on it and look for a program header of type GNU_STACK.
259 Tag: shlib-with-executable-stack
262 Info: The listed shared libraries declares the stack as executable.
264 Executable stack is usually an error as it is only needed if the code
265 contains GCC trampolines or similar constructs which uses code on the
266 stack. One possible source for false positives are object files built
267 from assembler files which don't define a proper .note.GNU-stack
270 To see the permissions on the stack, run <tt>readelf -l</tt> on the
271 shared library and look for the program header of type GNU_STACK. In the
272 flag column, there should not be an E flag set.
274 Tag: symbols-file-contains-current-version-with-debian-revision
277 Info: Debian revisions should be stripped from versions in symbols files.
278 Not doing so leads to dependencies unsatisfiable by backports (1.0-1~bpo
279 << 1.0-1 while 1.0-1~bpo >= 1.0). If the debian revision can't
280 be stripped because the symbol really appeared between two specific
281 Debian revisions, you should postfix the version with a single "~"
282 (example: 1.0-3~ if the symbol appeared in 1.0-3).
284 This problem normally means that the symbols were added automatically by
285 dpkg-gensymbols. dpkg-gensymbols uses the full version number for the
286 dependency associated to any new symbol that it detects. The maintainer
287 must update the <tt>debian/<package>.symbols</tt> file by adding
288 the new symbols with the corresponding upstream version.
290 Tag: symbols-file-contains-debian-revision
293 Info: Debian revisions should be stripped from versions in symbols files.
294 Not doing so leads to dependencies unsatisfiable by backports (1.0-1~bpo
295 << 1.0-1 while 1.0-1~bpo >= 1.0). If the debian revision can't
296 be stripped because the symbol really appeared between two specific
297 Debian revisions, you should postfix the version with a single "~"
298 (example: 1.0-3~ if the symbol appeared in 1.0-3).
299 Ref: dpkg-gensymbols(1), http://wiki.debian.org/UsingSymbolsFiles
301 Tag: syntax-error-in-symbols-file
304 Info: The symbols file contains an entry that does not follow the syntax
305 rules for symbols files.
307 This may be due to the entry appearing out of sequence.
310 Tag: duplicate-entry-in-symbols-control-file
313 Info: The symbols control file contains a duplicate entry.
315 Tag: no-symbols-control-file
318 Info: Although the package includes a shared library, the package does not
319 have a symbols control file.
321 dpkg can use symbols files in order to generate more accurate library
322 dependencies for applications, based on the symbols from the library that
323 are actually used by the application.
324 Ref: dpkg-gensymbols(1), http://wiki.debian.org/UsingSymbolsFiles
326 Tag: pkg-has-symbols-control-file-but-no-shared-libs
329 Info: Although the package does not include any shared libraries, it does
330 have a symbols control file. If you did include a shared library, check that
331 the SONAME of the library is set and that it matches the contents of the
334 SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
335 where 0 is the major version of the library. If your package uses libtool,
336 then libtool invoked with the right options should be doing this.
338 Tag: shlib-missing-in-symbols-control-file
341 Info: The package contains a shared library that is not listed in the
342 symbols control file. This may not be a problem if, for example,
343 the library is a C++ library.
345 Tag: unused-shlib-entry-in-symbols-control-file
348 Info: The symbols control file contains an entry for a shared library that
349 is not installed by this package.
351 Tag: symbols-declares-dependency-on-other-package
354 Info: This package declares in its symbols control file a dependency on
355 some other package (and not one listed in the Provides of this package).
357 Packages should normally only list in their symbols control file the
358 shared libraries included in that package, and therefore the dependencies
359 listed there should normally be satisfied by either the package itself or
362 In unusual circumstances where it's necessary to declare more complex
363 dependencies in the symbols control file, please add a lintian override
367 Tag: invalid-template-id-in-symbols-file
370 Info: The symbol definition refers to an alternative dependency template
371 which is not defined for the library containing the symbol.
373 The first alternative dependency template for a library the id number
374 of 1, with the ids of subsequent alternative templates increasing in
377 Tag: unknown-meta-field-in-symbols-file
380 Info: The symbols control file contains an unknown meta-information field.
382 A list of currently supported fields may be found in deb-control(5).
385 Tag: symbols-declared-but-not-shlib
388 Info: The symbols control file contains dependency and symbol information
389 for a shared library which is not listed in the shlibs control file.
391 Tag: shlib-calls-exit
395 Info: The listed shared library calls the C library exit() or _exit()
398 In the case of an error, the library should instead return an appropriate
399 error code to the calling program which can then determine how to handle
400 the error, including performing any required clean-up.
402 In most cases, removing the call should be discussed with upstream,
403 particularly as it may produce an ABI change.
405 Tag: incorrect-libdir-in-la-file
408 Info: The given .la file points to a libdir other than the path where it is
409 installed. This can be caused by resetting <tt>prefix</tt> at make install
410 time instead of using <tt>DESTDIR</tt>. The incorrect path will cause
411 packages linking to this library using libtool to build incorrectly (adding
412 incorrect paths to RPATH, for example).