Check-Script: cruft Author: Sean 'Shaleh' Perry Abbrev: deb Type: source Info: This looks for cruft in Debian packaging or upstream source Needs-Info: unpacked, debfiles, diffstat, file-info, index Tag: native-package-with-dash-version Severity: normal Certainty: certain Info: Native packaging should only be used if a piece of software was written specifically to be turned into a Debian package. In this case, the version number should not contain a Debian revision part. . Native source packages are sometimes created by accident. In most cases the reason is the location of the original source tarball. For version 1.0 source packages, dpkg-source determines whether they're non-native by looking for a file named <package>_<upversion>.orig.tar.gz in the parent directory, where <upversion> is the upstream version from the most recent debian/changelog entry. For version 3.0 packages, check debian/source/format for an erroneous "(native)" package format. Tag: non-native-package-with-native-version Severity: normal Certainty: certain Info: This package has a native version number (a version number without a dash and a Debian portion) but is built as a non-native package. Usually this is an error caused by forgetting the Debian revision for a non-native package. In this case the solution is to add a Debian revision. . This error can also happen if the package is a 1.0 source format and there is a stray *.orig.tar.gz file in the parent directory. The file will trick dpkg-source into believing it was supposed to be a non-native package. Here the error can be solved by converting it to 3.0 (native) package or removing/renaming the *.orig.tar.gz file. . If you do not know what a "native" or a "non-native" package is, you are very likely working on a non-native package. Tag: debian-files-list-in-source Severity: important Certainty: certain Info: Leaving debian/files causes problems for the autobuilders, since that file will likely include the list of .deb files for another architecture, which will cause dpkg-buildpackage run by the buildd to fail. . The clean rule for the package should remove this file. Ref: policy 4.12 Tag: diff-contains-cmake-cache-file Severity: serious Certainty: possible Info: The Debian diff contains a CMake cache file. These files embed the full path of the source tree in which they're created and cause build failures if they exist when the source is built under a different path, so they will always cause errors on the buildds. The file was probably accidentally included. If it is present in the upstream source, don't modify it in the Debian diff; instead, delete it before the build in debian/rules. Tag: diff-contains-cvs-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a CVS directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. dpkg-source will automatically exclude these if it is passed -I or -i for native and non-native packages respectively. Ref: dpkg-source(1) Tag: source-contains-cvs-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a CVS directory. It was most likely included by accident since CVS directories usually don't belong in releases. When packaging a CVS snapshot, export from CVS rather than use a checkout. If an upstream release tarball contains CVS directories, you usually should report this as a bug to upstream. Tag: diff-contains-svn-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in an .svn directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. dpkg-source will automatically exclude these if it is passed -I or -i for native and non-native packages respectively. Ref: dpkg-source(1) Tag: source-contains-svn-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains an .svn directory. It was most likely included by accident since Subversion version control directories usually don't belong in releases. When packaging a Subversion snapshot, export from subversion rather than checkout. If an upstream release tarball contains .svn directories, this should be reported as a bug to upstream since it can double the size of the tarball to no purpose. Tag: diff-contains-bzr-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a .bzr directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. dpkg-source will automatically exclude these if it is passed -I or -i for native and non-native packages respectively. Ref: dpkg-source(1) Tag: source-contains-bzr-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a .bzr directory. It was most likely included by accident since bazaar-ng version control directories usually don't belong in releases and may contain the entire repository. When packaging a bzr snapshot, use bzr export to create a clean tree. If an upstream release tarball contains .bzr directories, you should usually report this as a bug upstream. Tag: diff-contains-arch-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in an {arch} or .arch-ids directory or a directory starting with ,, (used by baz for debugging traces). These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. dpkg-source will automatically exclude these if it is passed -I or -i for native and non-native packages respectively. Ref: dpkg-source(1) Tag: source-contains-arch-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains an {arch} or .arch-ids directory or a directory starting with ,, (used by baz for debugging traces). It was most likely included by accident since Arch version control directories usually don't belong in releases. If an upstream release tarball contains these directories, you should usually report this as a bug upstream. Tag: diff-contains-git-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a .git directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. dpkg-source will automatically exclude these if it is passed -I or -i for native and non-native packages respectively. Ref: dpkg-source(1) Tag: source-contains-git-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a .git directory. It was most likely included by accident since git version control directories usually don't belong in releases and may contain a complete copy of the repository. If an upstream release tarball contains .git directories, you should usually report this as a bug upstream. Tag: diff-contains-hg-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a .hg directory. These are usually artifacts of the revision control system used by the Debian maintainer and not useful in a diff or native package. dpkg-source will automatically exclude these if it is passed -I or -i for native and non-native packages respectively. Ref: dpkg-source(1) Tag: source-contains-hg-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a .hg directory. It was most likely included by accident since hg version control directories usually don't belong in releases and may contain a complete copy of the repository. If an upstream release tarball contains .hg directories, you should usually report this as a bug upstream. Tag: diff-contains-bts-control-dir Severity: normal Certainty: certain Info: The Debian diff or native package contains files in a directory used by a bug tracking system, which are not useful in a diff or native package. dpkg-source will automatically exclude these if it is passed -I or -i for native and non-native packages respectively. Ref: dpkg-source(1) Tag: source-contains-bts-control-dir Severity: pedantic Certainty: certain Info: The upstream source contains a directory used by a bug tracking system. It was most likely included by accident since bug tracking system directories usually don't belong in releases. Tag: diff-contains-svn-commit-file Severity: minor Certainty: certain Info: The Debian diff or native package contains an svn-commit(.NNN).tmp, almost certainly a left-over from a failed Subversion commit by the Debian package maintainer. Tag: source-contains-svn-commit-file Severity: pedantic Certainty: certain Info: The upstream source contains an svn-commit(.NNN).tmp, almost certainly a left-over from a failed Subversion commit. You may want to report this as an upstream bug. Tag: diff-contains-svk-commit-file Severity: minor Certainty: certain Info: The Debian diff or native package contains an svk-commitNNN.tmp, almost certainly a left-over from a failed svk commit by the Debian package maintainer. Tag: source-contains-svk-commit-file Severity: pedantic Certainty: certain Info: The upstream source contains an svk-commitNNN.tmp, almost certainly a left-over from a failed Subversion commit. You may want to report this as an upstream bug. Tag: diff-contains-arch-inventory-file Severity: normal Certainty: certain Info: The Debian diff or native package contains an .arch-inventory file. This is Arch metadata that should normally not be distributed. Tag: source-contains-arch-inventory-file Severity: pedantic Certainty: certain Info: The upstream source contains an .arch-inventory file. This is Arch metadata that should normally not be distributed. You may want to report this as an upstream bug. Tag: diff-contains-hg-tags-file Severity: normal Certainty: certain Info: The Debian diff or native package contains an .hgtags file. This file is Mercurial metadata that should normally not be distributed. It stores hashes of tagged commits in a Mercurial repository and isn't therefore useful without the repository. Tag: source-contains-hg-tags-file Severity: pedantic Certainty: certain Info: The upstream source contains an .hgtags file. This file is Mercurial metadata that should normally not be distributed. It stores hashes of tagged commits in a Mercurial repository and isn't therefore useful without the repository. You may want to report this as an upstream bug. Tag: diff-contains-cvs-conflict-copy Severity: normal Certainty: certain info: The Debian diff or native package contains a CVS conflict copy. These have file names like .#file.version and are generated by CVS when a conflict was detected when merging local changes with updates from a source repository. They're useful only while resolving the conflict and should not be included in the package. Tag: source-contains-cvs-conflict-copy Severity: pedantic Certainty: certain info: The upstream source contains a CVS conflict copy. These have file names like .#file.version and are generated by CVS when a conflict was detected when merging local changes with updates from a source repository. They're useful only while resolving the conflict and were probably included by accident. You may want to report this as an upstream bug. Tag: diff-contains-svn-conflict-file Severity: normal Certainty: certain info: The Debian diff or native package contains a file that looks like a Subversion conflict file. These are generated by Subversion when a conflict was detected while merging local changes with updates from a source repository. Use svn resolved to remove them and clear the Subversion conflict state after you have resolved the conflict. Tag: source-contains-svn-conflict-file Severity: pedantic Certainty: certain info: The upstream source contains a file that looks like a Subversion conflict file. These are generated by Subversion when a conflict was detected while merging local changes with updates from a source repository. They're useful only while resolving the conflict and were probably included by accident. You may want to report this as an upstream bug. Tag: diff-contains-patch-failure-file Severity: normal Certainty: possible Info: The Debian diff or native package contains a file that looks like the files left behind by the patch utility when it cannot completely apply a diff. This may be left over from a patch applied by the maintainer. Normally such files should not be included in the package. Tag: diff-contains-editor-backup-file Severity: minor Certainty: certain Info: The Debian diff or native package contains a file ending in ~ or of the form .xxx.swp, which is normally either an Emacs or vim backup file or a backup file created by programs such as autoheader or debconf-updatepo. This usually causes no harm, but it's messy and bloats the size of the Debian diff to no useful purpose. Tag: diff-contains-substvars Severity: normal Certainty: certain Info: Lintian found a substvars file in the Debian diff for this source package. The debian/substvars (or debian/package.substvars) file is usually generated and modified dynamically by debian/rules targets, in which case it must be removed by the clean target. Ref: policy 4.9 Tag: empty-debian-diff Severity: normal Certainty: possible Info: The Debian diff of this non-native package appears to be completely empty. This usually indicates a mistake when generating the upstream tarball, or it may mean that this was intended to be a native package and was built non-native by mistake. . If the Debian packaging is maintained in conjunction with upstream, this may be intentional, but it's not recommended best practice. If the software is only for Debian, it should be a native package; otherwise, it's better to omit the debian directory from upstream releases and add it in the Debian diff. Otherwise, it can cause problems for some package updates in Debian (files can't be removed from the debian directory via the diff, for example). Tag: configure-generated-file-in-source Severity: normal Certainty: possible Info: Leaving config.cache/status causes autobuilders problems. config.cache and config.status are produced by GNU autoconf's configure scripts. If they are left in the source package, autobuilders may pick up settings for the wrong architecture. . The clean rule in debian/rules should remove this file. This should ideally be done by fixing the upstream build system to do it when you run the appropriate cleaning command (and don't forget to forward the fix to the upstream authors so it doesn't happen in the next release). If that is already implemented, then make sure you are indeed cleaning it in the clean rule. If all else fails, a simple rm -f should work. . Note that Lintian cannot reliably detect the removal in the clean rule, so once you fix this, please ignore or override this warning. Tag: ancient-autotools-helper-file Severity: important Certainty: possible Info: The referenced file has a time stamp older than year 2004 and the package does not build-depend on autotools-dev or automake and therefore apparently does not update it. This usually means that the source package will not build correctly on all currently released architectures. . Read /usr/share/doc/autotools-dev/README.Debian.gz (from the autotools-dev package) for information on how to fix this problem. cdbs will automatically update these files if autotools-dev is installed during build, but the build dependency on autotools-dev is still necessary. Tag: outdated-autotools-helper-file Severity: normal Certainty: possible Info: The referenced file has a time stamp older than June of 2006 and the package does not build-depend on autotools-dev or automake and therefore apparently does not update it. This usually means that the source package will not build correctly on AVR32, for which a Debian port is currently in progress, and may not support other newer architectures. . Read /usr/share/doc/autotools-dev/README.Debian.gz (from the autotools-dev package) for information on how to fix this problem. cdbs will automatically update these files if autotools-dev is installed during build, but the build dependency on autotools-dev is still necessary. Tag: ancient-libtool Severity: normal Certainty: possible Info: The referenced file seems to be from a libtool version older than 1.5.2-2. This might lead to build errors on some newer architectures not known to this libtool. . Please ask your upstream maintainer to re-libtoolize the package or do it yourself if there is no active upstream. You will also need to run Autoconf to regenerate the configure script. Usually it is best to do this during the build by depending on autoconf, libtool, and automake if it is used, and then running: . autoreconf -i --force . before running configure. Depending on how old the package is, this may require additional modifications to configure.ac or configure.in or other work. If you do this during the build, determine which files it will add or update and be sure to remove those files in the clean target. . If you have fixed architecture-specific issues with minimal patches, rather than updating libtool, and verified that it builds correctly, please override this tag. Lintian will not be able to verify that. Tag: source-contains-prebuilt-binary Severity: pedantic Certainty: certain Info: The source tarball contains a prebuilt ELF object. They are usually left by mistake when generating the tarball by not cleaning the source directory first. You may want to report this as an upstream bug, in case there is no sign that this was intended. Tag: source-contains-prebuilt-windows-binary Severity: pedantic Certainty: certain Info: The source tarball contains a prebuilt binary for Microsoft Windows. They are usually provided for the convenience of users. These files usually just take up space in the tarball and are of no use in Debian. . Check if upstream also provides source-only tarballs that you can use as the upstream distribution instead. If not, you may want to ask upstream to provide source-only tarballs. Tag: source-contains-waf-binary Severity: important Certainty: certain Info: The source tarball contains a waf binary. This file is a Python script with an embedded bzip2 archive, which is uncompressed and unpacked at runtime. . Although corresponding sources can be easily extracted, FTP Team does not consider waf binary as the preferred form of modification; it should be provided unpacked instead, or completely removed, if possible. . You might want to follow these guidelines to obtain an unpacked waf: http://wiki.debian.org/UnpackWaf Ref: http://wiki.debian.org/UnpackWaf, #654523 Tag: tar-errors-from-source Severity: normal Certainty: wild-guess Info: tar produced an error while unpacking this source package. This probably means there's something broken or at least strange about the way the upstream tar file was constructed. You may want to report this as an upstream bug. Tag: control-file-with-CRLF-EOLs Severity: important Certainty: possible Info: The given control file uses CRLF as line terminator instead of the traditional UNIX LF terminator. Since some tools were only designed with the UNIX end-of-line terminators in mind, it is possible that they misbehave or lead to unexpected results. . Running the following command against the given file removes any CR character in the file: . sed -i 's/\r//g' path/to/file