Check-Script: binaries Author: Christian Schwarz Abbrev: bin Type: binary, udeb Needs-Info: objdump-info, file-info, strings, index Info: This script checks binaries and object files for bugs. Tag: arch-independent-package-contains-binary-or-object Severity: serious Certainty: possible Info: The package contains a binary or object file but is tagged Architecture: all. . If this package contains binaries or objects for cross-compiling or binary blobs for other purposes independent of the host architecture (such as BIOS updates or firmware), please add a Lintian override. Tag: unstripped-binary-or-object Severity: important Certainty: certain Ref: policy 10.1, policy 10.2 Info: The package installs an unstripped binary or object file. . Please note, that shared libraries have to be stripped with the --strip-unneeded option. Tag: library-in-debug-or-profile-should-not-be-stripped Severity: serious Certainty: certain Info: Libraries in .../lib/debug or in .../lib/profile must not be stripped; this defeats the whole point of the separate library. Tag: statically-linked-binary Severity: important Certainty: possible Info: The package installs a statically linked binary or object file. . Usually this is a bug. Otherwise, please add an override if your package is an exception. Binaries named *-static and *.static are automatically excluded, as are any binaries in packages named *-static. Tag: library-not-linked-against-libc Severity: minor Certainty: certain Info: The package installs a library which is not dynamically linked against libc. Tag: program-not-linked-against-libc Severity: minor Certainty: certain Info: The package installs a binary which is not dynamically linked against libc. Tag: binary-or-shlib-defines-rpath Severity: serious Certainty: possible Ref: http://wiki.debian.org/RpathIssue Info: The binary or shared library sets RPATH. This overrides the normal library search path, possibly interfering with local policy and causing problems for multilib, among other issues. . The only time a binary or shared library in a Debian package should set RPATH is if it is linked to private shared libraries in the same package. In that case, place those private shared libraries in /usr/lib/package. Libraries used by binaries in other packages should be placed in /lib or /usr/lib as appropriate, with a proper SONAME, in which case RPATH is unnecessary. . To fix this problem, look for link lines like: gcc test.o -o test -Wl,--rpath,/usr/local/lib or gcc test.o -o test -R/usr/local/lib and remove the -Wl,--rpath or -R argument. You can also use the chrpath utility to remove the RPATH. Tag: binary-has-unneeded-section Severity: wishlist Certainty: certain Info: The binary or shared library is stripped, but still contains a section that is not useful. You should call strip with --remove-section=.comment --remove-section=.note to remove the .note and .comment sections. . dh_strip will do this automatically for you, but install -s not because it calls strip without any arguments. Tag: missing-depends-line Severity: normal Certainty: certain Info: The package contains an ELF binary with dynamic dependencies, but does not have a Depends line in its control file. This usually means that a call to dpkg-shlibdeps is missing from the package's debian/rules file. Tag: shared-lib-without-dependency-information Severity: normal Certainty: certain Info: The listed shared library doesn't include information about which other libraries the library was linked against. (When running "ldd foo.so" ldd should report about these other libraries. In your case, ldd just reports "statically linked".) . To fix this, you should explicitly specify the libraries which are used (e.g., "-lc") when building the shared library with "ld". . If you have questions about this, please contact &debdev;. Tag: arch-dependent-file-in-usr-share Severity: serious Certainty: certain Ref: fhs usrsharearchitectureindependentdata Info: This package installs an ELF binary in the /usr/share hierarchy, which is reserved for architecture-independent files. Tag: arch-dependent-file-not-in-arch-specific-directory Severity: serious Certainty: possible Ref: https://wiki.ubuntu.com/MultiarchSpec Info: This package is Multi-Arch "same", but it installs an ELF binary in the directory that is not architecture-specific. Tag: binary-in-etc Severity: serious Certainty: certain Ref: fhs etchostspecificsystemconfiguration Info: This package installs an ELF binary in /etc. The Filesystem Hierarchy Standard forbids this. Tag: binary-compiled-with-profiling-enabled Severity: normal Certainty: certain Info: While profiling is useful for testing and debugging purposes, enabling it causes a program to leave gmon.out files whenever a user runs it. Tag: binary-file-compressed-with-upx Severity: serious Certainty: certain Info: Debian does not allow binaries to be compressed by UPX. Tag: package-name-doesnt-match-sonames Severity: normal Certainty: possible Info: The package name of a library package should usually reflect the soname of the included library. The package name can determined from the library file name with the following code snippet: . $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | sed -e's/\([0-9]\)\.so\./\1-/; s/\.so\.//' Tag: binary-with-bad-dynamic-table Severity: serious Certainty: possible Info: This appears to be an ELF file but objdump -T cannot parse it. If it is external debugging symbols for another file, it should be installed under /usr/lib/debug. Tag: apparently-corrupted-elf-binary Severity: normal Certainty: possible Info: This appears to be an ELF file but objdump -T doesn't recognize it as valid. This may be a mistake or a corrupted file, you may need to install binutils-multiarch on the system running lintian so that non-native binaries are handled correctly, or it may be a misidentification of a file as ELF that actually isn't. Tag: apparently-truncated-elf-binary Severity: normal Certainty: possible Info: This appears to be an ELF file, but objdump believes it is truncated. This may be a mistake or a corrupted file, or it may be a misidentification of a file as ELF that actually isn't. Tag: missing-dependency-on-libc Severity: serious Certainty: possible Ref: policy 8.6 Info: The listed file appears to be linked against the C library, but the package doesn't depend on the C library package. Normally this indicates that ${shlibs:Depends} was omitted from the Depends line for this package in debian/control. . All shared libraries and compiled binaries must be run through dpkg-shlibdeps to find out any libraries they are linked against (often via the dh_shlibdeps debhelper command). The package containing these files must then depend on ${shlibs:Depends} in debian/control to get the proper package dependencies for those libraries. Tag: missing-dependency-on-perlapi Severity: serious Certainty: certain Ref: perl-policy 4.4.2 Info: This package includes a *.so file in /usr/lib/perl5, normally indicating that it includes a binary Perl module. Binary Perl modules must depend on perlapi-$Config{version} (from the Config module). If the package is using debhelper, this problem is usually due to a missing dh_perl call in debian/rules or a missing ${perl:Depends} substitution variable in the Depends line in debian/control. Tag: missing-dependency-on-phpapi Severity: serious Certainty: certain Info: This package includes a *.so file in /usr/lib/phpN (where N is a number representing the major PHP version), normally indicating that it includes a PHP extension. PHP extensions must depend on phpapi-$(php-configN --phpapi), without adding an alternative package with the OR operator. . This can usually be achieved by, for example, adding the following code to the binary-arch target of the rules file and adding ${php:Depends} to the Depends field of the binary package shipping the extension: . echo "php:Depends=phpapi-$(php-config5 --phpapi)" > debian/substvars Tag: missing-dependency-on-numpy-abi Severity: serious Certainty: possible Info: This package includes a Python extension module, which uses Numpy via its binary interface. Such packages must depend on python-numpy-abiN. . If the package is using debhelper, this problem is usually due to a missing dh_numpy call in debian/rules. Ref: /usr/share/doc/python-numpy/README.DebianMaints Tag: debug-file-should-use-detached-symbols Severity: normal Certainty: certain Ref: devref 6.7.9 Info: This file is in a location generally used for detached debugging symbols, but it appears to contain a complete copy of the executable or library instead of only the debugging symbols. Files in subdirectories of /usr/lib/debug mirroring the main file system should contain only debugging information generated by objcopy --only-keep-debug. Binaries or shared objects built with extra debugging should be installed directly in /usr/lib/debug or in subdirectories corresponding to the package, not in the directories that mirror the main file system. . If you are using dh_strip with the --dbg-package flag, don't also install the library in /usr/lib/debug. dh_strip does all the work for you. Tag: binary-from-other-architecture Severity: serious Certainty: possible Info: This ELF binary appears to have been built for an architecture other than the one of the binary package being tested. This may occur when a pre-built binary is shipped in the package or when an attempt to cross-compile didn't work. Tag: spelling-error-in-binary Severity: minor Certainty: wild-guess Info: Lintian found a spelling error in the given binary. Lintian has a list of common misspellings that it looks for. It does not have a dictionary like a spelling checker does. . If the string containing the spelling error is translated with the help of gettext or a similar tool, please fix the error in the translations as well as the English text to avoid making the translations fuzzy. With gettext, for example, this means you should also fix the spelling mistake in the corresponding msgids in the *.po files. . You can often find the word in the source code by running: . grep -rw <word> <source-tree> . This tag may produce false positives for words that contain non-ASCII characters due to limitations in strings. Tag: embedded-library Severity: serious Certainty: possible Ref: policy 4.13 Info: The given ELF object appears to have been statically linked to a library. Doing this is strongly discouraged due to the extra work needed by the security team to fix all the extra embedded copies or trigger the package rebuilds, as appropriate. . If the package uses a modified version of the given library it is highly recommended to coordinate with the library's maintainer to include the changes on the system version of the library. Tag: debug-symbols-directly-in-usr-lib-debug Severity: important Certainty: certain Info: The given debugging symbols-only object is installed directly in /usr/lib/debug, although it should be installed in a subdirectory. For example, debug symbols of a binary in /usr/bin should be placed in /usr/lib/debug/usr/bin. gdb, when looking for debugging symbols, prepends /usr/lib/debug to the path of the original binary. Tag: ocaml-custom-executable Severity: normal Certainty: possible Info: This package provides an OCaml bytecode executable linked with a custom runtime. Such executables cannot be stripped and require special care. Their usage is deprecated in favour of shared libraries for C stubs (dll*.so).