Bug#508307: lintian: wrong interpreter-without-predep

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#508307: lintian: wrong interpreter-without-predep

Salvo Tomaselli-3
Package: lintian
Version: 2.1.1
Severity: normal

In a package i am using a python postinst script and lintian complains because python is not among the dependencies... But it is!

You can download the source from here
svn checkout http://galileo.dmi.unict.it/svn/relational/trunk/ relational
and "make debian" to generate the package.




-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.27-6.slh.5-sidux-686 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages lintian depends on:
ii  binutils            2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii  diffstat            1.46-1               produces graph of changes introduc
ii  dpkg-dev            1.14.23              Debian package development tools
pi  file                4.26-1               Determines file type using "magic"
ii  gettext             0.17-6               GNU Internationalization utilities
ii  intltool-debian     0.35.0+20060710.1    Help i18n of RFC822 compliant conf
ii  libipc-run-perl     0.80-2               Perl module for running processes
ii  libparse-debianchan 1.1.1-2              parse Debian changelogs and output
ii  libtimedate-perl    1.1600-9             Time and date functions for Perl
ii  liburi-perl         1.37+dfsg-1          Manipulates and accesses URI strin
ii  man-db              2.5.2-3              on-line manual pager
ii  perl [libdigest-sha 5.10.0-18            Larry Wall's Practical Extraction

lintian recommends no packages.

Versions of packages lintian suggests:
pn  binutils-multiarch            <none>     (no description available)
pn  libtext-template-perl         <none>     (no description available)
ii  man-db                        2.5.2-3    on-line manual pager

-- no debconf information



--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Bug#508307: lintian: wrong interpreter-without-predep

Adam D. Barratt
On Tue, 2008-12-09 at 21:36 +0100, Salvo Tomaselli wrote:
> In a package i am using a python postinst script and lintian
> complains because python is not among the dependencies... But it is!

Actually, the reported problem is that python isn't a *pre*dependency,
as the description of the tag indicates - and to which the "predep" in
the tag name is a clue. :-)

It might seem like Lintian is being overly picky here, as in the normal
case one can safely assume that dependencies are present when the
postinst is called, but there are cases where this is not true - where
there is a dependency loop between the packages and both have postinsts,
there is no guarantee as to which order the postinsts will be executed
in. Since Lintian checks packages in isolation, it has no way of knowing
whether such a loop exists (and of course a loop could be later
introduced by another package).

The description of that tag could do with some love, however; it
currently contains an attempted reference to the old Packaging Manual,
which was merged in to Policy several years ago.

Regards,

Adam



--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Bug#508307: wrong interpreter-without-predep

Russ Allbery-2
Policy folks,

The question here is about Lintian's check interpreter-without-predep,
which requires that any package that uses a non-base interpreter for any
maintainer script declare a pre-dependency, not just a dependency, on that
interpreter.

The current description of that tag says:

Info: The package contains a control script that uses an unusual
 interpreter, but does not declare a pre-dependency on the package that
 provides this interpreter.
 .
 A perusal of &packaging; section 6.2 shows that any of the control
 scripts can be called while the package is not configured.  Therefore, a
 pre-dependency is required to ensure that the interpreter is always
 available when the script is invoked.
 .
 Please do not add a pre-dependency without following the policy for doing
 so. (Policy section 3.5).

"Adam D. Barratt" <[hidden email]> writes:

> It might seem like Lintian is being overly picky here, as in the normal
> case one can safely assume that dependencies are present when the
> postinst is called, but there are cases where this is not true - where
> there is a dependency loop between the packages and both have postinsts,
> there is no guarantee as to which order the postinsts will be executed
> in. Since Lintian checks packages in isolation, it has no way of knowing
> whether such a loop exists (and of course a loop could be later
> introduced by another package).

I reviewed the section on maintainer scripts, and while preinst certainly
requires a Pre-Depends for any non-base interpreter and postrm can't use a
non-base interpreter at all (due to purge), I think dependency loop
breakage is the only case when postinst or prerm scripts can be called
without all dependencies being configured.

Given that, I think Lintian may be too conservative here.  Dependency
loops are an issue, but they're also rare and maintainers should have some
idea that they might exist.  When they exist, I think they can be treated
as normal bugs.  Adding Pre-Depends due to the possibility of loops
showing up someday seems like a bad idea.  Asking everyone to use standard
interpreters for maintainer scripts sounds like a better idea, but there's
a separate Lintian tag for that anyway which reflects it's not a
requirement.

Given that, my inclination here is to modify Lintian to ban unusual
interpreters for postrm scripts, require Pre-Depends for preinst scripts,
and only require Depends for postinst and prerm scripts.  However, I'd
like to have that checked by other people on the debian-policy list,
particularly those here who also work on dpkg.  Is my analysis correct?

--
Russ Allbery ([hidden email])               <http://www.eyrie.org/~eagle/>



--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Bug#508307: wrong interpreter-without-predep

Steve Langasek
On Fri, Dec 26, 2008 at 11:01:24PM -0800, Russ Allbery wrote:
> > It might seem like Lintian is being overly picky here, as in the normal
> > case one can safely assume that dependencies are present when the
> > postinst is called, but there are cases where this is not true - where
> > there is a dependency loop between the packages and both have postinsts,
> > there is no guarantee as to which order the postinsts will be executed
> > in. Since Lintian checks packages in isolation, it has no way of knowing
> > whether such a loop exists (and of course a loop could be later
> > introduced by another package).

> I reviewed the section on maintainer scripts, and while preinst certainly
> requires a Pre-Depends for any non-base interpreter and postrm can't use a
> non-base interpreter at all (due to purge), I think dependency loop
> breakage is the only case when postinst or prerm scripts can be called
> without all dependencies being configured.

> Given that, I think Lintian may be too conservative here.  Dependency
> loops are an issue, but they're also rare and maintainers should have some
> idea that they might exist.  When they exist, I think they can be treated
> as normal bugs.  Adding Pre-Depends due to the possibility of loops
> showing up someday seems like a bad idea.  Asking everyone to use standard
> interpreters for maintainer scripts sounds like a better idea, but there's
> a separate Lintian tag for that anyway which reflects it's not a
> requirement.

> Given that, my inclination here is to modify Lintian to ban unusual
> interpreters for postrm scripts, require Pre-Depends for preinst scripts,
> and only require Depends for postinst and prerm scripts.  However, I'd
> like to have that checked by other people on the debian-policy list,
> particularly those here who also work on dpkg.  Is my analysis correct?

I agree with this.  While a dependency loop can cause a package's postinst
to be called before its dependencies are configured, dpkg always breaks such
dependency loops in favor of packages without a postinst, and adding a
Pre-Depends would not fix this anyway if the nature of the circular
dependency is that the other package also needs this package in its own
postinst.  So lintian should not generally be advising to use Pre-Depends
for an interpreter used in the postinst.

--
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
[hidden email]                                     [hidden email]



--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Bug#508307: wrong interpreter-without-predep

Russ Allbery-2
Steve Langasek <[hidden email]> writes:

> I agree with this.  While a dependency loop can cause a package's
> postinst to be called before its dependencies are configured, dpkg
> always breaks such dependency loops in favor of packages without a
> postinst, and adding a Pre-Depends would not fix this anyway if the
> nature of the circular dependency is that the other package also needs
> this package in its own postinst.  So lintian should not generally be
> advising to use Pre-Depends for an interpreter used in the postinst.

Thanks!

I've overhauled this for the next version of Lintian and also reworked
some of the tags around maintainer script interpreters to fix severities
and add better and more relevant descriptions.

--
Russ Allbery ([hidden email])               <http://www.eyrie.org/~eagle/>



--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Bug#508307: marked as done (lintian: wrong interpreter-without-predep)

Debian Bug Tracking System
In reply to this post by Salvo Tomaselli-3

Your message dated Sun, 04 Jan 2009 01:02:07 +0000
with message-id <[hidden email]>
and subject line Bug#508307: fixed in lintian 2.1.4
has caused the Debian Bug report #508307,
regarding lintian: wrong interpreter-without-predep
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
508307: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508307
Debian Bug Tracking System
Contact [hidden email] with problems

Package: lintian
Version: 2.1.1
Severity: normal

In a package i am using a python postinst script and lintian complains because python is not among the dependencies... But it is!

You can download the source from here
svn checkout http://galileo.dmi.unict.it/svn/relational/trunk/ relational
and "make debian" to generate the package.




-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.27-6.slh.5-sidux-686 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages lintian depends on:
ii  binutils            2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii  diffstat            1.46-1               produces graph of changes introduc
ii  dpkg-dev            1.14.23              Debian package development tools
pi  file                4.26-1               Determines file type using "magic"
ii  gettext             0.17-6               GNU Internationalization utilities
ii  intltool-debian     0.35.0+20060710.1    Help i18n of RFC822 compliant conf
ii  libipc-run-perl     0.80-2               Perl module for running processes
ii  libparse-debianchan 1.1.1-2              parse Debian changelogs and output
ii  libtimedate-perl    1.1600-9             Time and date functions for Perl
ii  liburi-perl         1.37+dfsg-1          Manipulates and accesses URI strin
ii  man-db              2.5.2-3              on-line manual pager
ii  perl [libdigest-sha 5.10.0-18            Larry Wall's Practical Extraction

lintian recommends no packages.

Versions of packages lintian suggests:
pn  binutils-multiarch            <none>     (no description available)
pn  libtext-template-perl         <none>     (no description available)
ii  man-db                        2.5.2-3    on-line manual pager

-- no debconf information



Source: lintian
Source-Version: 2.1.4

We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive:

lintian_2.1.4.dsc
  to pool/main/l/lintian/lintian_2.1.4.dsc
lintian_2.1.4.tar.gz
  to pool/main/l/lintian/lintian_2.1.4.tar.gz
lintian_2.1.4_all.deb
  to pool/main/l/lintian/lintian_2.1.4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Russ Allbery <[hidden email]> (supplier of updated lintian package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 03 Jan 2009 16:40:30 -0800
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.1.4
Distribution: unstable
Urgency: low
Maintainer: Debian Lintian Maintainers <[hidden email]>
Changed-By: Russ Allbery <[hidden email]>
Description:
 lintian    - Debian package checker
Closes: 381485 480939 488832 496516 497347 497348 498875 498876 508307 509147 509286 510190 510398
Changes:
 lintian (2.1.4) unstable; urgency=low
 .
   * Summary of tag changes:
     + Added
       - binary-control-field-duplicates-source
       - brace-expansion-in-debhelper-config-file
       - control-interpreter-in-usr-local (split from
          interpreter-in-usr-local)
       - control-interpreter-without-depends
       - copyright-refers-to-bad-php-license
       - copyright-refers-to-problematic-php-license
       - copyright-with-old-dh-make-debian-copyright
       - dh-clean-k-is-deprecated
       - desktop-mimetype-without-update-call
       - forbidden-postrm-interpreter
       - games-package-should-be-section-games
       - preinst-interpreter-without-predepends
       - script-calls-init-script-directly
       - unknown-control-interpreter (split from unusual-interpreter)
       - version-refers-to-distribution
     + Removed
       - desktop-file-but-no-dh_desktop-call
       - interpreter-without-predep
 .
   * checks/changelog-file{,.desc}:
     + [RA] Warn of Debian version numbers containing "testing", "stable",
       or "unstable", or with release code names for uploads not targeted
       at that release, except in NMUs.  Based on a patch by Raphael
       Geissert.  (Closes: #498876)
   * checks/control-file{,.desc}:
     + [RA] Warn (severity: wishlist) of binary control stanzas duplicating
       fields of the source control stanza.  (Closes: #497348)
   * checks/copyright-file{,.desc}:
     + [RA] Warn (severity: wishlist) about the old dh_make packaging
       copyright, which used (C) without the word or symbol.  Based on a
       patch by Raphael Geissert.  (Closes: #497347)
     + [RA] Clean up checks of a symlinked /usr/share/doc directory and
       avoid making package info global.
     + [RA] Warn about older PHP licenses.  Based on a patch by Raphael
       Geissert.  (Closes: #498875)
   * checks/cruft:
     + [RA] Keep the hash of files for which warnings were already issued
       local to each package, reducing memory consumption and false
       negatives for archive-wide runs.
   * checks/debhelper{,.desc}:
     + [RA] Check for use of shell brace expansion in debhelper config
       files that list filenames, which is not supported.  Based on a patch
       from Raphael Geissert.  (Closes: #480939)
     + [RA] If dh is used, require debhelper tokens in maintainer scripts.
     + [ADB] Warn about packages declaring a debhelper compatibility level
       of 7 or above and using dh_clean -k, which has been deprecated in
       favour of dh_prep.
     + [RA] Add dh_auto_* and dh_prep to the debhelper scripts that require
       a particular version of debhelper.
     + [RA] De-duplicate the list of scripts with specific version
       requirements before issuing tags.
     + [RA] Upgrade package-lacks-versioned-build-depends-on-debhelper to
       certain (although still minor), making it a warning.  debhelper(7)
       explicitly recommends a versioned build dependency on debhelper.
       Rewrite the tag description accordingly.
   * checks/fields:
     + [RA] dh-make-php provides a CDBS rule fragment and hence should go
       into Build-Depends, not Build-Depends-Indep.  Thanks, Mathieu
       Parent.  (Closes: #509286)
   * checks/files{,.desc}:
     + [RA] Packages whose executables are all in /usr/games should
       probably be in section games.  (Closes: #509147)
   * checks/menu-format{,.desc}:
     + [RA] If a *.desktop file contains a MimeType key, check that the
       postinst calls update-desktop-database.  (Closes: #488832)
     + [RA] Stop keeping a separate hash of all files in the package and
       use Lintian::Collect information.  The hash was being reused across
       packages, possibly leading to excessive memory consumption and false
       negatives for archive-wide runs.
   * checks/menus:
     + [RA] Keep the hash of files and symlinks local to each package,
       reducing memory consumption and false negatives for archive-wide
       runs.
   * checks/patch-systems.desc:
     + [RA] Improve the patch-system-but-direct-changes-in-diff long
       description.  (Closes: #496516)
   * checks/rules{,.desc}:
     + [RA] Remove desktop-file-but-no-dh_desktop-call.  The only action of
       dh_desktop is now checked by desktop-mimetype-without-update-call;
       dh_desktop is unnecessary with other *.desktop files.
   * checks/scripts{,.desc}:
     + [RA] Overhaul checking of maintainer script and config interpreters:
       - postrm scripts must use an essential interpreter.
       - Only preinst scripts require Pre-Depends; Depends is sufficient for
         postinst and prerm scripts.  (Closes: #508307)
       - Separate unknown-control-interpreter from unusual-interpreter
         since it's much more likely to be an error.
       - Separate control-interpreter-in-usr-local from
         interpreter-in-usr-local since the severity is higher.
       - unusual-control-interpreter is certain, not possible.
       - Suppress some cases of multiple tags about the same basic problem.
     + [RA] Check for scripts in /etc that call init scripts directly
       without using invoke-rc.d.  Based on a patch by Raphael Geissert.
       (Closes: #381485)
     + [RA] Allow dpkg-dev to satisfy a make dependency.  (Closes: #510190)
     + [ADB] More intelligently remove comments from shell scripts, to avoid
       removing some constructs that aren't comments, such as those in
       [ $# -gt 2 ] and "foo # bar".
     + [ADB] Flag the source bashism when its argument is quoted or a bare
       filename.
   * checks/watch-file:
     + [RA] Recognize additional SourceForge URLs and recommend the
       redirector.  Thanks, Riccardo Stagni.  (Closes: #510398)
 .
   * collection/copyright-file:
     + [RA] Copy copyright files that are relative links, provided that the
       link is safe, and otherwise treat symlinked copyright files as if
       they were empty.  Fixes a Lintian crash on packages where the
       copyright file is a relative symlink.
 .
   * debian/copyright:
     + [RA] Add an explicit key to initials used in changelog entries.
   * debian/rules:
     + [RA] New check-tag target which runs all test cases in the new test
       suite that check for or against a particular tag.
 .
   * data/debhelper/filename-config-files:
     + [RA] New file listing debhelper config files containing filenames.
 .
   * frontend/lintian:
     + [RA] When processing the entire archive, do so in sorted order.
 .
   * private/update-never-seen:
     + [RA] Merge data from both test suites and use the tag files for the
       old test suite rather than relying on runtests -v.
 .
   * reporting/html_reports:
     + [RA] We only care about the first line of the archive timestamp.
 .
   * t/runtests:
     + [RA] Check that a test produces all tags listed in Test-For and
       doesn't produce any tages listed in Test-Against.
     + [RA] Support finding and running all tests for or against a
       particular tag.
     + [RA] Correctly set up non-native packages for dpkg-source.
   * t/tests/README:
     + [RA] Add documentation of the new test suite.
Checksums-Sha1:
 3db94386f888bbdcd20a83b480b3b300eae05926 1163 lintian_2.1.4.dsc
 be4d6cd82445f19f14d6aae9b1ad270b7987dbad 568542 lintian_2.1.4.tar.gz
 5da9d84aa8b9837120f96ff4941a216d5eb5a5bf 399044 lintian_2.1.4_all.deb
Checksums-Sha256:
 5e73d96a7f386080f41cd366b8e4b7baaf5489636e5803228c801801175b5488 1163 lintian_2.1.4.dsc
 d2055c69b7639f33696af1caf0ddf8feeaf3b07dc876fa5081f43dd44c0dd9d2 568542 lintian_2.1.4.tar.gz
 ac256fb25efb495b4b3d0e851449b855d32f8e62cf47f10fd8a4fa209d0dd480 399044 lintian_2.1.4_all.deb
Files:
 00f2accf567744721d411acb75a08fcd 1163 devel optional lintian_2.1.4.dsc
 f4f023b9f34e9e652bd486deb895bea0 568542 devel optional lintian_2.1.4.tar.gz
 be892a1671426e4342486af94392ab2a 399044 devel optional lintian_2.1.4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklgBvwACgkQ+YXjQAr8dHafMwCgloI1unmC3MjEccMdekyqv3de
Hx0AoMSe23dZofUKIQOv1eYdmqZT640A
=TZaj
-----END PGP SIGNATURE-----