2 Author: Richard Braakman <dark@xs4all.nl>
6 Info: This script checks the #! lines of scripts in a package.
7 Needs-Info: file-info, scripts
9 Tag: script-without-interpreter
11 Info: This file starts with the #! sequence that identifies scripts, but
12 it does not name an interpreter.
14 Tag: executable-not-elf-or-script
16 Info: This executable file is not an ELF format binary, and does not start
17 with the #! sequence that marks interpreted scripts. It might be a sh script
18 that fails to name /bin/sh as its shell.
21 Tag: script-not-executable
23 Info: This file starts with the #! sequence that marks interpreted scripts,
24 but it is not executable.
26 Tag: interpreter-not-absolute
28 Info: This script uses a relative path to locate its interpreter.
29 This path will be taken relative to the caller's current directory, not
30 the script's, so it is not likely to be what was intended.
32 Tag: unusual-interpreter
34 Info: This package contains a script for an interpreter that the Lintian
35 maintainers have not heard of. It could be a typo for a common
36 interpreter. If not, please file a wishlist bug on lintian so that the
37 Lintian maintainers can add this interpreter to their list.
39 Tag: script-uses-bin-env
41 Info: This script uses /bin/env as its interpreter (used to find the
42 actual interpreter on the user's path). There is no /bin/env on Debian
43 systems; env is instead installed as /usr/bin/env. Usually, the path to
44 env in the script should be changed.
46 Tag: forbidden-config-interpreter
48 Info: This package contains a <tt>config</tt> script for pre-configuring
49 the package. During pre-configuration, however, only essential packages
50 are guaranteed to be installed, so you cannot use a non-essential
53 Tag: unusual-control-interpreter
55 Info: This package contains a control script for an interpreter that is
56 not normally used for control scripts.
58 Tag: interpreter-in-usr-local
60 Info: This package contains a script that looks for an interpreter in a
61 directory in /usr/local. Since Debian does not install anything in
62 /usr/local, this is the wrong place to look.
64 Tag: interpreter-without-predep
66 Info: The package contains a control script that uses an unusual
67 interpreter, but does not declare a pre-dependency on the package that
68 provides this interpreter.
70 A perusal of &packaging; section 6.2 shows that any of the control
71 scripts can be called while the package is not configured. Therefore, a
72 pre-dependency is required to ensure that the interpreter is always
73 available when the script is invoked.
75 Please do not add a pre-dependency without following the policy for doing
76 so. (Policy section 3.5).
78 Tag: missing-dep-for-interpreter
80 Info: You used an interpreter for a script that is not in an essential
81 package. In most cases, you will need to add a Dependency on the
82 package that contains the interpreter. If the dependency is already
83 present, please file a bug against Lintian with the details of your
84 package so that its database can be updated.
86 In some cases a weaker relationship, such as Suggests or Recommends, will
89 Tag: csh-considered-harmful
91 Info: The Debian policy for scripts explicitly warns against using csh
92 and tcsh as scripting languages.
95 Tag: suid-perl-script-but-no-perl-suid-dep
97 Info: Packages that use perl scripts that are suid must depend on the
100 In some cases a weaker relationship, such as Suggests or Recommends, will
103 Tag: wrong-path-for-interpreter
105 Info: The interpreter you used is installed at another location on Debian
108 Tag: gawk-script-but-no-gawk-dep
110 Info: Packages that use gawk scripts must depend on the gawk package.
111 If they don't need gawk-specific features, and can just as easily work
112 with mawk, then they should be awk scripts instead.
114 In some cases a weaker relationship, such as Suggests or Recommends, will
117 Tag: mawk-script-but-no-mawk-dep
119 Info: Packages that use mawk scripts must depend on the mawk package.
120 If they don't need mawk-specific features, and can just as easily work
121 with gawk, then they should be awk scripts instead.
123 In some cases a weaker relationship, such as Suggests or Recommends, will
126 Tag: php-script-but-no-phpX-cli-dep
128 Info: Packages with PHP scripts must depend on a phpX-cli package such as
129 php5-cli. Note that a dependency on a php-cgi package (such as php5-cgi)
130 is needlessly strict and forces the user to install a package that isn't
133 In some cases a weaker relationship, such as Suggests or Recommends, will
136 Lintian can only recognize phpX-cli dependencies for values of X that it
137 knows are available in the archive. If this package depends on a php-cli
138 package that Lintian doesn't know about, please file a bug against
139 Lintian so that it can be updated.
141 Tag: python-script-but-no-python-dep
143 Info: Packages with Python scripts must depend on the package python.
144 Those that have scripts executed with a versioned python package need a
145 dependency on the equivalent version of python.
147 For example, if a script in the package uses <tt>#!/usr/bin/python</tt>,
148 the package needs a dependency on "python". If a script uses
149 <tt>#!/usr/bin/python2.5</tt>, the package need a dependency on
152 In some cases a weaker relationship, such as Suggests or Recommends, will
155 Tag: ruby-script-but-no-ruby-dep
157 Info: Packages with Ruby scripts must depend on the package ruby. Those
158 that have Ruby scripts that run under a specific version of Ruby need a
159 dependency on the equivalent version of Ruby.
161 For example, if a script in the package uses <tt>#!/usr/bin/ruby</tt>,
162 the package needs a dependency on "ruby". If a script uses
163 <tt>#!/usr/bin/ruby1.9</tt>, then the package need a dependency on
166 In some cases a weaker relationship, such as Suggests or Recommends, will
169 Tag: wish-script-but-no-wish-dep
171 Info: Packages that include wish scripts must depend on the virtual
172 package wish or, if they require a specific version of wish or tk, that
175 In some cases a weaker relationship, such as Suggests or Recommends, will
178 Tag: tclsh-script-but-no-tclsh-dep
180 Info: Packages that include tclsh scripts must depend on the virtual
181 package tclsh or, if they require a specific version of tcl, that
184 In some cases a weaker relationship, such as Suggests or Recommends, will
187 Tag: calls-suidperl-directly
189 Info: Since perl version 5.8.3-3, /usr/bin/suidperl shouldn't be called
190 directly anymore (and doing so will lead to errors in most cases) but the
191 script should just use /usr/bin/perl as interpreter which will call
192 suidperl automatically if the script has the suid permission bit set.
194 Tag: shell-script-fails-syntax-check
196 Info: Running this shell script with the shell's -n option set fails,
197 which means that the script has syntax errors.
199 Run e.g. <tt>sh -n yourscript</tt> to see the errors yourself.
201 Tag: maintainer-shell-script-fails-syntax-check
203 Info: Running this shell script with the shell's -n option set fails,
204 which means that the script has syntax errors. This will likely make
205 the package uninstallable.
207 Run e.g. <tt>sh -n yourscript</tt> to see the errors yourself.
209 Tag: possibly-insecure-handling-of-tmp-files-in-maintainer-script
211 Info: The maintainer script seems to access a file in <tt>/tmp</tt> or
212 some other temporary directory. Since creating temporary files in a
213 world-writable directory is very dangerous, this is likely to be a
214 security bug. Use the <tt>tempfile</tt> or <tt>mktemp</tt> utilities to
215 create temporary files in these directories.
218 Tag: killall-is-dangerous
220 Info: The maintainer script seems to call <tt>killall</tt>. Since this
221 utility kills processes by name, it may well end up killing unrelated
222 processes. Most uses of <tt>killall</tt> should use <tt>invoke-rc.d</tt>
225 Tag: mknod-in-maintainer-script
228 Info: Maintainer scripts must not create device files directly. They
229 should call MAKEDEV instead.
231 Tag: start-stop-daemon-in-maintainer-script
233 Info: The maintainer script seems to calll <tt>start-stop-daemon</tt>
234 directly. Long-running daemons should be started and stopped via init
235 scripts using <tt>invoke-rc.d</tt> rather than directly in maintainer
238 Tag: maintainer-script-removes-device-files
241 Info: Maintainer scripts must not remove device files. This is left to
242 the system administrator.
244 Tag: read-in-maintainer-script
247 Info: This maintainer script appears to use read to get information from
248 the user. Prompting in maintainer scripts should be done by
249 communicating through a program such as debconf which conforms to the
250 Debian Configuration management specification, version 2 or higher.
252 Tag: possible-bashism-in-maintainer-script
255 Info: This script is marked as running under <tt>/bin/sh</tt>, but it seems
256 to use a feature found in bash but not in the SUSv3 or POSIX shell
260 '==' in a test, it should use '=' instead
261 'read' without a variable in the argument
262 'function' to define a function
263 'source' instead of '.'
264 '. command args', passing arguments to commands via 'source' is not supported
265 '{foo,bar}' instead of 'foo bar'
266 '[[ test ]]' instead of '[ test ]' (requires a Korn shell)
268 Tag: suidregister-used-in-maintainer-script
270 Info: This script calls suidregister, a long-obsolete program that has
271 been replaced by dpkg-statoverride.
273 Tag: maintainer-script-needs-depends-on-update-inetd
275 Info: This script calls update-inetd, but the package does not depend or
276 pre-depend on inet-superserver, any of the providers of inet-superserver
277 which provide it, or update-inetd.
279 update-inetd has been moved from netbase into a separate package, so a
280 dependency on netbase should be updated to depend on "openbsd-inetd |
283 Tag: maintainer-script-needs-depends-on-adduser
285 Info: This script calls adduser, but the package does not depend or
286 pre-depend on the adduser package.
288 Tag: maintainer-script-needs-depends-on-gconf2
290 Info: This script calls gconf-schemas, which comes from the gconf2 package,
291 but does not depend or pre-depend on gconf2. If you are using dh_gconf,
292 add a dependency on ${misc:Depends} and dh_gconf will take care of this
295 Tag: maintainer-script-needs-depends-on-ucf
297 Info: This script calls ucf, but the package does not depend or pre-depend
300 Tag: maintainer-script-needs-depends-on-xml-core
302 Info: This script calls update-xmlcatalog, which comes from the xml-core
303 package, but does not depend or pre-depend on xml-core. Packages that call
304 update-xmlcatalog need to depend on xml-core. If you are using
305 dh_installxmlcatalogs, add a dependency on ${misc:Depends} and
306 dh_installxmlcatalogs will take care of this for you.
308 Tag: update-alternatives-remove-called-in-postrm
310 Info: <tt>update-alternatives --remove <alternative> foo</tt> is
311 called in the postrm. This can be dangerous because at the time the
312 postrm is executed foo has already been deleted and update-alternatives
313 will ignore it while constructing its list of available alternatives.
314 Then, if the /etc/alternatives symlink points at foo, update-alternatives
315 won't recognize it and will mark the symlink as something site-specific.
316 As such, the symlink will no longer be updated automatically and will be
317 left dangling until <tt>update-alternatives --auto
318 <alternative></tt> is run by hand.
320 <tt>update-alternatives --remove</tt> should be called in the prerm
323 Tag: deprecated-chown-usage
325 Info: <tt>chown user.group</tt> is called in one of the maintainer
326 scripts. The correct syntax is <tt>chown user:group</tt>. Using "." as a
327 separator is still supported by the GNU tools, but it will fail as soon
328 as a system uses the "." in user or group names.
330 Tag: maintainer-script-hides-init-failure
332 Info: This script calls invoke-rc.d to run an init script but then, if the
333 init script fails, exits successfully (using || exit 0). If the init
334 script fails, the maintainer script should probably fail.
336 The most likely cause of this problem is that the package was built with
337 a debhelper version suffering from Bug#337664 that inserted incorrect
338 invoke-rc.d code in the generated maintainer script. The package needs to
339 be reuploaded (could be bin-NMUd, no source changes needed).
341 Tag: maintainer-script-calls-init-script-directly
343 Info: This script apparently runs an init script directly rather than
344 using invoke-rc.d. The use of invoke-rc.d to invoke the /etc/init.d/*
345 initscripts instead of calling them directly is required. Maintainer
346 scripts may call the init script directly only if invoke-rc.d is not
350 Tag: gconftool-used-in-maintainer-script
352 Info: This script apparently runs gconftool or gconftool-2. It should
353 probably be calling gconf-schemas or update-gconf-defaults instead.
355 Tag: maintainer-script-uses-dpkg-status-directly
357 Info: The file /var/lib/dpkg/status is internal to dpkg, may disappear or
358 change formats, and is not always a correct and complete record of
359 installed packages while dpkg is running. Maintainer scripts should use
360 dpkg-query instead. For the most common case of retrieving conffile
363 dpkg-query -W -f='${Conffiles}' <package>
366 Ref: http://wiki.debian.org/DpkgConffileHandling
368 Tag: maintainer-script-modifies-netbase-managed-file
370 Info: The maintainer script modifies at least one of the files
371 <tt>/etc/services</tt>, <tt>/etc/protocols</tt>, and <tt>/etc/rpc</tt>,
372 which are managed by the netbase package. Instead of doing this, please
373 file a wishlist bug against netbase to have an appropriate entry added.
376 Tag: maintainer-script-modifies-inetd-conf
378 Info: The maintainer script modifies <tt>/etc/inetd.conf</tt> directly.
379 This file must not be modified directly; instead, use the
380 <tt>update-inetd</tt> script or the <tt>DebianNet.pm</tt> Perl module.
383 Tag: install-sgmlcatalog-deprecated
385 Info: The maintainer script apparently runs install-sgmlcatalog with flags
386 other than <tt>--quiet</tt> and <tt>--remove</tt> or in a maintainer
387 script other than postinst or prerm. install-sgmlcatalog is deprecated
388 and should only be used in postinst or prerm to remove the entries from
389 earlier packages. Given how long ago this transition was, consider
390 removing it entirely.
392 Tag: maintainer-script-empty
394 Info: The maintainer script doesn't seem to contain any code other than
395 comments and boilerplate (set -e, exit statements, and the case statement
396 to parse options). While this is harmless in most cases, it is probably
397 not what you wanted, may mean the package will leave unnecessary files
398 behind until purged, and may even lead to problems in rare situations
399 where dpkg would fail if no maintainer script was present.
401 If the package currently doesn't need to do anything in this maintainer
402 script, it shouldn't be included in the package.
404 Tag: ancient-dpkg-predepends-check
406 Info: The package calls dpkg --assert-support-predepends in a maintainer
407 script. This check is obsolete and has always returned true since dpkg
408 1.1.0, released 1996-02-11.
410 Tag: ancient-dpkg-epoch-check
412 Info: The package calls dpkg --assert-working-epoch in a maintainer
413 script. This check is obsolete and has always returned true since dpkg
414 1.4.0.7, released 1997-01-25.
416 Tag: ancient-dpkg-long-filenames-check
418 Info: The package calls dpkg --assert-long-filenames in a maintainer
419 script. This check is obsolete and has always returned true since dpkg
420 1.4.1.17, released 1999-10-21.
422 Tag: ancient-dpkg-multi-conrep-check
424 Info: The package calls dpkg --assert-multi-conrep in a maintainer
425 script. This check is obsolete and has always returned true since dpkg
426 1.4.1.19, released 1999-10-30.