Check-Script: files Author: Christian Schwarz Abbrev: fil Type: binary, udeb Needs-Info: unpacked, objdump-info, scripts, file-info, index Info: This script checks if a binary package conforms to policy WRT to files and directories. Tag: package-contains-ancient-file Severity: serious Certainty: certain Info: Your package contains a file that claims to have been generated more than 20 years ago. This is most probably an error. Your package will be rejected by the Debian archive scripts if it contains a file with such a timestamp. Tag: old-app-defaults-directory Severity: important Certainty: certain Info: The app-defaults files have moved to /etc/X11/app-defaults/. Files in the old directory, /usr/X11R6/lib/X11/app-defaults/, will no longer be used by X. The old directory should not exist in packages at all; this prevents X from replacing it with a compatibility symlink. Ref: policy 11.8.6 Tag: package-installs-font-to-usr-x11r6 Severity: important Certainty: certain Info: The standard location for X fonts has moved to /usr/share/fonts/X11. Packages providing X fonts must install them into the new path. Fonts installed into the old /usr/X11R6/lib/X11/fonts path may not be seen by the X server. . If the package uses imake, it must build-depend on xutils-dev (>= 1:1.0.2-2) for the correct paths. If it uses dh_installxfonts to handle X font installation, it must build-depend on debhelper (>= 5.0.31). Ref: policy 11.8.5 Tag: package-installs-file-to-usr-x11r6-bin Severity: important Certainty: certain Info: Debian has switched to the modular X tree which now uses the regular FHS paths, and all packages must follow. All packages installing binaries must install them into /usr/bin (or some other appropriate location) instead of /usr/X11R6/bin. . The x11-common package attempts to change /usr/X11R6/bin into a symlink to /usr/bin, so if this migration has already occurred, a package installing files into /usr/X11R6/bin may appear to install successfully. However, such a package will be left in an inconsistent state and may orphan files when the compatibility link goes away. . If the package uses imake, it must build-depend on xutils-dev (>= 1:1.0.2-2) for the correct paths. Ref: policy 11.8.7 Tag: package-installs-file-to-usr-x11r6 Severity: important Certainty: certain Info: Packages using the X Window System should not be configured to install files under the /usr/X11R6/ directory. Debian has switched to the modular X tree which now uses regular FHS paths and all packages should follow. . Programs that use GNU autoconf and automake are usually easily configured at compile time to use /usr/ instead of /usr/X11R6/. Packages that use imake must build-depend on xutils-dev (>= 1:1.0.2-2) for the correct paths. Ref: policy 11.8.7 Tag: config-file-reserved Severity: important Certainty: certain Info: This file is reserved by a specific package. Please email the maintainer of the package in question if you have questions. Tag: package-uses-obsolete-file Severity: normal Certainty: certain Info: the file, /etc/nntpserver, is no longer recommenced. As of policy revision 2.5.1.0, /etc/news/server is the preferred file to use to specify a news server. Ref: policy 11.7 Tag: FSSTND-dir-in-usr Severity: serious Certainty: certain Info: As of policy version 3.0.0.0, Debian no longer follows the FSSTND. . Instead, the Filesystem Hierarchy Standard (FHS), version 2.3, is used. You can find it in /usr/share/doc/debian-policy/fhs/ . Ref: policy 9.1.1 Tag: FSSTND-dir-in-var Severity: serious Certainty: certain Info: As of policy version 3.0.0.0, Debian no longer follows the FSSTND. . Instead, the Filesystem Hierarchy Standard (FHS), version 2.3, is used. You can find it in /usr/share/doc/debian-policy/fhs/ . Ref: policy 9.1.1 Tag: package-installs-into-etc-gconf-schemas Severity: normal Certainty: certain Info: The package installs files into the /etc/gconf/schemas directory. No package should do this; this directory is reserved for local overrides. Instead, schemas should be installed into /usr/share/gconf/schemas. Tag: package-installs-into-etc-rc.d Severity: serious Certainty: certain Info: The package installs files into the /etc/rc.d or /etc/rc?.d which is not allowed. Ref: policy 9.3.3 Tag: package-installs-into-etc-rc.boot Severity: serious Certainty: certain Info: The package installs files in the /etc/rc.boot directory, which is obsolete. See rc.boot(5) for details. Ref: policy 9.3.4 Tag: non-standard-file-permissions-for-etc-init.d-script Severity: important Certainty: certain Info: Usually, scripts in the /etc/init.d directory should have mode 0755. Tag: file-directly-in-usr-share Severity: serious Certainty: certain Info: Packages should not install files directly in /usr/share, i.e., without a subdirectory. . You should either create a subdirectory /usr/share/... for your package or place the file in /usr/share/misc. Tag: file-in-usr-local Severity: serious Certainty: certain Info: The package installs a file in /usr/local/... which is not allowed. Ref: policy 9.1.2 Tag: stray-directory-in-manpage-directory Severity: important Certainty: certain Info: This package installs a directory under /usr/share/man or /usr/X11R6/man that isn't a manual section directory or locale directory. Ref: fhs usrsharemanmanualpages Tag: executable-manpage Severity: important Certainty: certain Info: Manual pages are not meant to be executed. Tag: dir-in-usr-local Severity: serious Certainty: certain Info: The package installs a directory in /usr/local/... which is not allowed. . If you want to provide an empty directory in /usr/local for convenience of the local system administrator, please follow the rules in the policy manual (section 9.1.2), i.e., create the directories in the postinst script but don't fail if this isn't possible (e.g., if /usr/local is mounted read-only). Ref: policy 9.1.2 Tag: non-standard-dir-perm Severity: normal Certainty: possible Info: The directory has a mode different from 0755, and it's not one of the known exceptions. Ref: policy 10.9 Tag: executable-is-not-world-readable Severity: normal Certainty: certain Info: All executables should be readable by any user. Since anyone can download the Debian package and obtain a copy of the executable, no security is gained by making the executable unreadable even for setuid binaries. If only members of a certain group may execute this file, remove execute permission for world, but leave read permission. Ref: policy 10.9 Tag: non-standard-executable-perm Severity: normal Certainty: certain Info: Executables that are not setuid or setgid should always have a mode of 0755. Since anyone can obtain the executable by downloading the Debian package and extracting it, restricting access serves little purpose. Ref: policy 10.9 Tag: non-standard-game-executable-perm Severity: normal Certainty: certain Info: The file is owned by the games group but is not mode 2755. If a game does not have to be setgid games, it should be owned by the root group like any other executable. This executable is either owned by the wrong group or is not setgid when it should be. Ref: policy 11.11 Tag: non-standard-setuid-executable-perm Severity: normal Certainty: certain Info: The file is setuid or setgid and has a mode different from any of 2755, 4755, 4754, or 6755. Any other permissions on setuid executables is probably a bug. In particular, removing root write privileges serves no purpose, group-writable setuid or setgid executables are probably bad ideas, and setgid executables that are not world-executable serve little purpose. Ref: policy 10.9 Tag: setuid-binary Severity: normal Certainty: possible Info: The file is tagged SETUID. In some cases this is intentional, but in other cases this is a bug. If this is intentional, please add a lintian override to document this fact. Tag: setgid-binary Severity: normal Certainty: possible Info: The file is tagged SETGID. In some cases this is intentional, but in other cases this is a bug. If this is intentional, please add a lintian override to document this fact. Tag: setuid-gid-binary Severity: normal Certainty: possible Info: The file is tagged SETUID and SETGID. In some cases this is intentional, but in other cases this is a bug. If this is intentional, please add a lintian override to document this fact. Tag: non-standard-file-perm Severity: normal Certainty: certain Info: The file has a mode different from 0644. In some cases this is intentional, but in other cases this is a bug. Ref: policy 10.9 Tag: bad-perm-for-file-in-etc-sudoers.d Severity: serious Certainty: certain Info: Files in /etc/sudoers.d/ must be 0440 or sudo will refuse to parse them. Ref: #588831, #576527 Tag: special-file Severity: serious Certainty: certain Info: The package contains a special file (e.g., a device file). This is forbidden by current policy. If your program needs this device, you should create it by calling makedev from the postinst script. Ref: policy 10.6 Tag: old-style-example-dir Severity: important Certainty: certain Info: The package installs some files into the old /usr/doc/examples directory. The new location for examples is /usr/share/doc/pkg/examples. Ref: policy 12.6 Tag: compressed-symlink-with-wrong-ext Severity: important Certainty: certain Info: The package installs a symbolic link pointing to a compressed file, but the symbolic link does not use the same file extension than the referenced file. In most cases, this can produce troubles when the user or a program tries to access the file through the link. Ref: policy 10.5 Tag: symlink-has-double-slash Severity: minor Certainty: certain Info: This symlink contains two successive slashes (//). This is in violation of policy, where it is stated that symlinks should be as short as possible . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: symlink-ends-with-slash Severity: minor Certainty: certain Info: This symlink ends with a slash (/). This is in violation of policy, where it is stated that symlinks should be as short as possible . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: symlink-should-be-relative Severity: normal Certainty: certain Info: Symlinks to files which are in the same top-level directory should be relative according to policy. (In other words, a link in /usr to another file in /usr should be relative, while a link in /usr to a file in /etc should be absolute.) . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: symlink-should-be-absolute Severity: important Certainty: certain Info: Symbolic links between different top-level directories should be absolute. . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: udeb-contains-documentation-file Severity: important Certainty: certain Info: udeb packages should not contain any documentation. Tag: executable-in-usr-share-doc Severity: important Certainty: certain Info: Usually, documentation files in /usr/share/doc should have mode 0644. If the executable is an example, it should go in /usr/share/doc/pkg/examples. Tag: script-in-usr-share-doc Severity: wishlist Certainty: certain Info: Scripts are usually not documentation files, unless they are examples, in which case they should be in the /usr/share/doc/pkg/examples directory. Tag: symlink-has-too-many-up-segments Severity: serious Certainty: certain Ref: policy 10.5 Info: The symlink references a directory beyond the root directory "/". Tag: lengthy-symlink Severity: important Certainty: certain Info: This link goes up, and then back down into the same subdirectory. Making it shorter will improve its chances of finding the right file if the user's system has lots of symlinked directories. . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: symlink-is-self-recursive Severity: normal Certainty: possible Info: The symbolic link is recursive to a higher directory of the symlink itself. This means, that you can infinitely chdir with this symlink. This is usually not okay, but sometimes wanted behaviour. Tag: symlink-contains-spurious-segments Severity: important Certainty: certain Info: The symbolic link has needless segments like ".." and "." in the middle. These are unneeded and make the link longer than it could be, which is in violation of policy. They can also cause problems in the presence of symlinked directories. . If you use debhelper, running dh_link after creating the package structure will fix this problem for you. Ref: policy 10.5 Tag: run-parts-cron-filename-contains-full-stop Severity: normal Certainty: certain Info: The script in /etc/cron.<time-interval> will not be executed by run-parts(8) because the filename contains a "." (full stop). Ref: run-parts(8) Tag: bad-permissions-for-etc-cron.d-script Severity: important Certainty: certain Info: Files in /etc/cron.d are configuration files for cron and not scripts. Thus, they should not be marked executable. Tag: bad-permissions-for-etc-emacs-script Severity: important Certainty: certain Info: Files in the /etc/emacs* directories should not be marked executable. Tag: image-file-in-usr-lib Severity: normal Certainty: certain Info: This package installs a pixmap or a bitmap within /usr/lib. According to the Filesystem Hierarchy Standard, architecture-independent files need to be placed within /usr/share instead. Tag: file-directly-in-usr-share-doc Severity: serious Certainty: certain Info: Documentation files have to be installed in /usr/share/doc/pkg. Ref: policy 12.3 Tag: bad-owner-for-doc-file Severity: important Certainty: certain Info: Documentation files should be owned by root/root. Tag: dir-or-file-in-var-lock Severity: serious Certainty: possible Info: /var/lock may be a temporary filesystem, so any directories or files needed there must be created dynamically at boot time. Ref: policy 9.3.2 Tag: dir-or-file-in-var-run Severity: serious Certainty: possible Info: /var/run may be a temporary filesystem, so any directories or files needed there must be created dynamically at boot time. Ref: policy 9.3.2 Tag: dir-or-file-in-run Severity: serious Certainty: possible Info: /run may be a temporary filesystem, so any directories or files needed there must be created dynamically at boot time. Ref: policy 9.3.2 Tag: dir-or-file-in-var-www Severity: serious Certainty: possible Ref: fhs thevarhierarchy Info: Debian packages should not install files under /var/www. This is not one of the /var directories in the File Hierarchy Standard and is under the control of the local administrator. Packages should not assume that it is the document root for a web server; it is very common for users to change the default document root and packages should not assume that users will keep any particular setting. . Packages that want to make files available via an installed web server should instead put instructions for the local administrator in a README.Debian file and ideally include configuration fragments for common web servers such as Apache. . As an exception, packages are permitted to create the /var/www directory due to its past history as the default document root, but should at most copy over a default file in postinst for a new install. In this case, please add a Lintian override. Tag: dir-or-file-in-tmp Severity: serious Certainty: certain Info: Packages must not install files into /tmp or /var/tmp. The File Hierarchy Standard specifies that such files may be removed by the administrator and that programs may not depend on any files in /tmp being preserved across invocations, which combined mean that it makes no sense to ship files in these directories. Ref: fhs tmptemporaryfiles, fhs vartmptemporaryfilespreservedbetwee Tag: dir-or-file-in-mnt Severity: serious Certainty: certain Info: Packages should not install into /mnt. The FHS states that this directory is reserved for the local system administrator for temporary mounts and that it must not be used by installation programs. Ref: fhs mntmountpointforatemporarilymount Tag: dir-or-file-in-opt Severity: serious Certainty: certain Info: Debian packages should not install into /opt, because it is reserved for add-on software. Ref: fhs optaddonapplicationsoftwarepackages Tag: dir-or-file-in-srv Severity: serious Certainty: certain Info: Debian packages should not install into /srv. The specification of /srv states that its structure is at the discretion of the local administrator and no package should rely on any particular structure. Debian packages that install files directly into /srv can't adjust for local policy about its structure and in essence force a particular structure. . If a package wishes to put its data in /srv, it must do this in a way that allows the local administrator to specify and preserve their chosen directory structure (such as through post-install configuration, setup scripts, debconf prompting, etc.). Ref: fhs srvdataforservicesprovidedbysystem Tag: third-party-package-in-python-dir Severity: normal Certainty: certain Info: Third-party Python packages should install their files in /usr/lib/pythonVERSION/site-packages for Python versions before 2.6 and /usr/lib/pythonVERSION/dist-packages for Python 2.6 and later. All other directories in /usr/lib/pythonVERSION are for use by the core python packages. Ref: python-policy 1.5 Tag: perl-module-in-core-directory Severity: important Certainty: certain Info: Packaged modules must not be installed into the core perl directories as those directories change with each upstream perl revision. The vendor directories are provided for this purpose. Ref: perl-policy 3.1 Tag: backup-file-in-package Severity: normal Certainty: certain Info: There is a file in the package whose name matches the format emacs or vim uses for backup and autosave files. It may have been installed by accident. Tag: nfs-temporary-file-in-package Severity: normal Certainty: certain Info: There is a file in the package whose name matches the format NFS uses to temporarily save files that were deleted while another process had them open. It may have been included in the package by accident while building the package in an NFS filesystem. Tag: windows-thumbnail-database-in-package Severity: normal Certainty: certain Info: There is a file in the package named Thumbs.db or Thumbs.db.gz, which is normally a Windows image thumbnail database. Such databases are generally useless in Debian packages and were usually accidentally included by copying complete directories from the source tarball. Tag: macos-ds-store-file-in-package Severity: normal Certainty: certain Info: There is a file in the package named .DS_Store or .DS_Store.gz, the file name used by Mac OS X to store folder attributes. Such files are generally useless in Debian packages and were usually accidentally included by copying complete directories from the source tarball. Tag: macos-resource-fork-file-in-package Severity: normal Certainty: certain Info: There is a file in the package with a name starting with ._, the file name pattern used by Mac OS X to store resource forks in non-native file systems. Such files are generally useless in Debian packages and were usually accidentally included by copying complete directories from the source tarball. Tag: package-installs-perllocal-pod Severity: normal Certainty: certain Info: This package installs a file perllocal.pod. Since that file is intended for local documentation, it is not likely that it is a good place for documentation supplied by a Debian package. In fact, installing this package will wipe out whatever local documentation existed there. Tag: extra-license-file Severity: normal Certainty: possible Ref: policy 12.5 Info: All license information should be collected in the debian/copyright file. This usually makes it unnecessary for the package to install this information in other places as well. Tag: non-standard-toplevel-dir Severity: important Certainty: certain Info: The Filesystem Hierarchy Standard forbids the installation of new files or directories in the root directory. Ref: fhs therootfilesystem Tag: subdir-in-bin Severity: serious Certainty: certain Info: The Filesystem Hierarchy Standard forbids the installation of new directories in /bin. Ref: fhs binessentialusercommandbinaries Tag: subdir-in-usr-bin Severity: serious Certainty: certain Info: The Filesystem Hierarchy Standard forbids the installation of new directories in /usr/bin other than /usr/bin/mh. Ref: fhs usrbinmostusercommands Tag: non-standard-dir-in-usr Severity: normal Certainty: certain Info: The FHS says "No large software packages should use a direct subdirectory under the /usr hierarchy". This package contains a directory in /usr that is not mentioned in the Filesystem Hierarchy Standard. Ref: fhs theusrhierarchy Tag: non-standard-dir-in-var Severity: important Certainty: certain Info: The FHS says "Applications should generally not add directories to the top level of /var. Such directories should only be added if they have some system-wide implication, and in consultation with the FHS mailing list." Ref: fhs thevarhierarchy Tag: use-of-compat-symlink Severity: important Certainty: certain Info: This package uses a directory that, according to the Filesystem Hierarchy Standard, should exist only as a compatibility symlink. Packages should not traverse such symlinks when installing files, they should use the standard directories instead. Tag: file-in-unusual-dir Severity: normal Certainty: certain Info: This file or symbolic link is in a directory where files are not normally installed by Debian packages. Tag: package-installs-packlist Severity: important Certainty: certain Info: Packages built using the perl MakeMaker package will have a file named .packlist in them. Those files are useless, and (in some cases) have the additional problem of creating an architecture-specific directory name in an architecture-independent package. . They can be suppressed by adding the following to debian/rules: . find debian/pkg -type f -name .packlist -delete . or by telling MakeMaker to use vendor install dirs; consult a recent version of Perl policy. Perl 5.6.0-12 or higher supports this. Ref: perl-policy 4.1 Tag: zero-byte-file-in-doc-directory Severity: normal Certainty: possible Info: The documentation directory for this package contains an empty file. This is often due to installing an upstream NEWS or README file without realizing it's empty and hence not useful. . Files in the examples subdirectory are excluded from this check, but there are some cases where empty files are legitimate parts of the documentation without being examples. In those cases, please add an override. Tag: override-file-in-wrong-location Severity: important Certainty: certain Info: Lintian overrides should be put in a regular file named /usr/share/lintian/overrides/package, not in a subdirectory named for the package or in the obsolete location under /usr/share/doc. See the Lintian documentation for more information on proper naming and format. Ref: lintian 2.4 Tag: package-contains-upstream-install-documentation Severity: normal Certainty: possible Ref: policy 12.3 Info: Binary packages do not need to contain the instructions for building and installing the package as this info is not needed by package users. If the info contained is important for configuration perhaps it could be summarized in README.Debian, otherwise an override may be added. Tag: package-contains-hardlink Severity: normal Certainty: certain Info: The package contains a hardlink in /etc or across different directories. This might not work at all if directories are on different filesystems (which can happen anytime as the system administrator sees fit), certain filesystems such as AFS don't even support cross-directory hardlinks at all. . For configuration files, certain editors might break hardlinks, and so does dpkg in certain cases. . A better solution might be using symlinks here. Ref: policy 10.7.3 Tag: package-contains-bts-control-dir Severity: normal Certainty: certain Info: The package contains a control directory for a bug tracking system. It was most likely installed by accident, since bug tracking directories usually don't belong in packages. Tag: package-contains-vcs-control-dir Severity: normal Certainty: certain Info: The package contains a control directory for a version control system. It was most likely installed by accident, since version control directories usually don't belong in packages. Tag: package-contains-xvpics-dir Severity: important Certainty: certain Info: Package contains a .xvpics directory. It was most likely installed by accident, since thumbnails usually don't belong in packages. Tag: package-contains-vcs-control-file Severity: normal Certainty: certain Info: The package contains a VCS control file such as .(cvs|git|hg)ignore. Files such as these are used by revision control systems to, for example, specify untracked files it should ignore or inventory files. This file is generally useless in an installed package and was probably installed by accident. Tag: svn-commit-file-in-package Severity: normal Certainty: certain Info: The package contains an svn-commit(.NNN).tmp file. This file is almost certainly a left-over from a failed Subversion commit, and does not belong in a Debian package. Tag: svk-commit-file-in-package Severity: normal Certainty: certain Info: The package contains an svk-commitNNN.tmp file. This file is almost certainly a left-over from a failed Subversion commit, and does not belong in a Debian package. Tag: nested-examples-directory Severity: important Certainty: certain Info: Package contains a usr/share/doc/something/examples/examples directory. It was most likely installed by accident, since one examples/ directory should be enough for everybody(tm). Tag: package-installs-nonbinary-perl-in-usr-lib-perl5 Severity: normal Certainty: certain Info: Architecture-independent Perl code should be placed in /usr/share/perl5, not /usr/lib/perl5 unless there is at least one architecture-dependent file in the module. Ref: perl-policy 2.3 Tag: file-in-usr-lib-site-python Severity: important Certainty: certain Ref: python-policy 1.5 Info: The directory /usr/lib/site-python has been deprecated as a location for installing Python modules and may be dropped from Python's module search path in a future version. Most likely this module is a private module and should be packaged in a directory outside of Python's default search path. Tag: python-module-in-wrong-location Severity: normal Certainty: possible Ref: python-policy 1.5, #576012 Info: The package installs a Python module or debug information for a Python module in the wrong location for the given version of Python. . dh_python3 can be used to fix this for Python 3 modules. Tag: python-debug-in-wrong-location Severity: normal Certainty: possible Ref: #576014 Info: The package appears to be installing debug modules in /usr/lib/debug/usr/lib/pyshared/pythonX.Y/. However, gdb(1) will not look for it there, making it less useful. The file should be installed in /usr/lib/debug/usr/lib/pymodules/pythonX.Y/ instead. Tag: missing-dependency-on-python-central Severity: important Certainty: possible Ref: #592533 Info: The package installs a file with the package name in /usr/share/pyshared-data/ without depending on python-central (>= 0.6). . This can happen if ${python:Depends} was omitted from the Depends field in debian/control. Tag: missing-dependency-on-python-support Severity: important Certainty: possible Info: The package installs a file in usr/share/python-support/ but does not declare the necessary dependency on python-support. . This can happen if ${python:Depends} was omitted from the Depends field in debian/control. Tag: package-installs-python-bytecode Severity: serious Certainty: certain Ref: python-policy 2.6 Info: Compiled python source files must not be included in the package. These files should be removed from the package and created at package installation time in the postinst. Tag: package-installs-python-egg Severity: serious Certainty: possible Ref: python-policy 2.6 Info: Python eggs should not be installed, since the Debian package is supposed to do the required steps for installing the Python code. . The egg may contain pre-compiled python bytecode or shared libraries. Tag: package-installs-python-pycache-dir Severity: serious Certainty: certain Ref: python-policy 2.6 Info: The package installs a __pycache__ directory, which is normally only used to store compiled python source files. Compiled python source files must not be included in the package, instead they should be generated at installation time in the postinst. . Note this tag is issues even if the directory is empty. Tag: bad-permissions-for-ali-file Severity: normal Certainty: certain Ref: policy 8.4 Info: Ada Library Information (*.ali) files are required to be read-only (mode 0444) by GNAT. . If at least one user can write the *.ali file, GNAT considers whether or not to recompile the corresponding source file. Such recompilation would fail because normal users don't have write permission on the files. Moreover, such recompilation would defeat the purpose of library packages, which provide *.a and *.so libraries to link against). Tag: package-contains-readme-for-other-platform-or-distro Severity: normal Certainty: certain Info: package contains a README.(platform) file that contains instructions specific to a platform or distribution other than Debian and thus can most likely be removed. If it contains information that pertains to Debian, please consider renaming it, or including it in an already existing README file. Tag: desktop-file-in-wrong-dir Severity: normal Certainty: certain Info: The package contains a .desktop file in an obsolete directory. According to the menu-spec draft on freedesktop.org, those .desktop files that are intended to create a menu should be placed in /usr/share/applications, not /usr/share/gnome/apps. Tag: script-with-language-extension Severity: normal Certainty: certain Info: When scripts are installed into a directory in the system PATH, the script name should not include an extension such as .sh or .pl that denotes the scripting language currently used to implement it. The implementation language may change; if it does, leaving the name the same would be confusing and changing it would be disruptive. Ref: policy 10.4 Tag: file-in-usr-lib-sgml Severity: normal Certainty: certain Ref: fhs theusrhierarchy Info: This package installs a file in /usr/lib/sgml. This was the old location for SGML catalogs and similar flies. All those files should now go into /usr/share/sgml. Tag: file-name-ends-in-whitespace Severity: normal Certainty: possible Info: This package installs a file or directory whose name ends in whitespace. This might be intentional but it's normally a mistake. If it is intentional, add a lintian override. . One possible cause is using debhelper 5.0.57 or earlier to install a doc-base file with a Document field that ends in whitespace. Tag: package-contains-empty-directory Severity: wishlist Certainty: possible Info: This package installs an empty directory. This might be intentional but it's normally a mistake. If it is intentional, add a lintian override. . If a package ships with or installs empty directories, you can remove them in debian/rules by calling: . $ find path/to/base/dir -type d -empty -delete Tag: package-section-games-but-contains-no-game Severity: important Certainty: certain Ref: policy 11.11 Info: This package is marked as part of the section games, but doesn't contain files in /usr/games. Binaries of games must be installed in /usr/games. Tag: package-section-games-but-has-usr-bin Severity: normal Certainty: possible Ref: policy 11.11 Info: This package is marked as part of the section games, but contains executables in /bin or /usr/bin/. This can be intentional, but is usually a mistake. Tag: games-package-should-be-section-games Severity: normal Certainty: possible Info: All the executables in this package are in /usr/games, but the package is not in section games. This can be intentional but is usually a mistake. Tag: package-contains-devhelp-file-without-symlink Severity: normal Certainty: certain Info: This package contains a *.devhelp or *.devhelp2 file which is not in the devhelp search path (/usr/share/devhelp/books and /usr/share/gtk-doc/html) and is apparently not in a directory linked into the devhelp search path. This will prevent devhelp from finding the documentation. . If the devhelp documentation is installed in a path outside the devhelp search path (such as /usr/share/doc), create a symlink in /usr/share/gtk-doc/html pointing to the documentation directory. Tag: debug-package-should-be-named-dbg Severity: normal Certainty: certain Info: This package provides at least one file in /usr/lib/debug, which is intended for detached debugging symbols, but the package name does not end in "-dbg". Detached debugging symbols should be put into a separate package, Priority: extra, with a package name ending in "-dbg". Ref: devref 6.7.9 Tag: package-contains-linda-override Severity: normal Certainty: certain Info: This package contains a linda override file in /usr/share/linda/overrides. Linda is obsolete and has been removed from the archive as of 2008-03-04. Linda overrides should probably be dropped from packages. Tag: wrong-file-owner-uid-or-gid Severity: serious Certainty: certain Info: The user or group ID of the owner of the file is invalid. The owner user and group IDs must be in the set of globally allocated IDs, because other IDs are dynamically allocated and might be used for varying purposes on different systems, or are reserved. The set of the allowed, globally allocated IDs consists of the ranges 0-99, 64000-64999 and 65534. . It's possible for a Policy-compliant package to trigger this bug if the user is created in the preinst maintainer script, but this is a very rare case and doesn't appear to be necessary. If you found yourself needing to create a package that works this way, please file a bug against Lintian to let the maintainers know. Ref: policy 9.2 Tag: embedded-javascript-library Severity: normal Certainty: possible Info: This package contains an embedded copy of JavaScript libraries that are now available in their own packages (for example, JQuery, Prototype, Mochikit or "Cropper"). Please depend on the appropriate package and symlink the library into the appropriate location. Ref: policy 4.13 Tag: embedded-feedparser-library Severity: normal Certainty: certain Info: This package contains an embedded copy of Mark Pilgrim's Universal Feed Parser. Please depend on the "python-feedparser" package and use the normal Python import mechanism to load it. Ref: policy 4.13 Tag: embedded-pear-module Severity: normal Certainty: possible Experimental: yes Info: This package appears to contain an embedded copy of a PEAR module. Please depend on the respective PEAR package providing the module and make sure the library can be found by the scripts via the include_path. Ref: policy 4.13 Tag: embedded-php-library Severity: normal Certainty: possible Info: This package appears to contain an embedded copy of a PHP library. Please depend on the respective package providing the library and make sure it can be found by the scripts via the include_path. Ref: policy 4.13 Tag: windows-devel-file-in-package Severity: normal Certainty: possible Info: This package appears to contain development files only meaningful to Windows environments. Such files are generally useless in Debian packages and were usually accidentally included by copying complete directories from the source tarball. Tag: font-in-non-font-package Severity: wishlist Certainty: possible Info: This package contains a *.ttf, *.otf, or *.pfb file, file extensions used by TrueType, OpenType, or Type 1 fonts, but the package does not appear to be a dedicated font package. Dedicated font package names should begin with fonts-. (Type 1 fonts are also allowed in packages starting with xfonts-.) If the font is already packaged, you should depend on that package instead. Otherwise, normally the font should be packaged separately, since fonts are usually useful outside of the package that embeds them. Tag: duplicate-font-file Severity: normal Certainty: possible Info: This package appears to include a font file that is already provided by another package in Debian. Ideally it should instead depend on the relevant font package. If the application in this package loads the font file by name, you may need to include a symlink pointing to the file name of the font in its Debian package. . Sometimes the font package containing the font is huge and you only need one font. In that case, you have a few options: modify the package (in conjunction with upstream) to use libfontconfig to find the font that you prefer but fall back on whatever installed font is available, ask that the font package be split apart into packages of a more reasonable size, or add an override and be aware of the duplication when new versions of the font are released. Tag: icon-size-and-directory-name-mismatch Severity: normal Certainty: certain Info: The icon has a size that differs from the size specified by the name of the directory under which it was installed. The icon was probably mistakenly installed into the wrong directory. Tag: gz-file-not-gzip Severity: normal Certainty: possible Info: The given file ends with .gz, which normally indicates it is compressed with gzip. However, it doesn't seem to be a gzip-compressed file. gzip will fail with an error on such files. Normally this indicates a mistake in the installation process of the package. Tag: non-free-flash Severity: serious Certainty: possible Info: The given Flash file has a filename which suggests that it may be one of a number of known Flash files with non-free content. Tag: non-conf-file-in-modprobe.d Severity: important Certainty: certain Ref: http://lists.debian.org/debian-devel/2009/03/msg00119.html Info: Files in /etc/modprobe.d should use filenames ending in .conf. modprobe currently warns about files which do not match this convention and at some point in the future the files will no longer be processed. . If the file is an example containing only comments, consider installing it in another location as files in /etc/modprobe.d are read each time modprobe is run (which is often at boot time). Tag: file-in-discouraged-x11-font-directory Severity: minor Certainty: certain Ref: policy 11.8.5 Info: For historical reasons, use of PEX, CID, Speedo, and cyrillic subdirectories of /usr/share/fonts/X11 are permitted, but installation of files into these directories is discouraged. Support for the first three font types is deprecated or no longer available, and Cyrillic fonts should use the normal font directories where possible. Tag: file-in-unknown-x11-font-directory Severity: serious Certainty: certain Ref: policy 11.8.5 Info: Subdirectories of /usr/share/fonts/X11 other than 100dpi, 75dpi, misc, Type1, and some historic exceptions must be neither created nor used. (The directories encodings and util, used by some X Window System packages, are also permitted by Lintian.) Tag: package-contains-multiple-dpi-fonts Severity: normal Certainty: certain Ref: policy 11.8.5 Info: This package contains both 100dpi and 75dpi bitmapped fonts. Both versions should not be included in a single package. If both resolutions are available, they should be provided in separate binary packages with -75dpi or -100dpi appended to the package name for the corresponding fonts. Tag: package-mixes-misc-and-dpi-fonts Severity: normal Certainty: certain Ref: policy 11.8.5 Info: This package contains both bitmapped fonts for a specific DPI (100dpi or 75dpi) and misc bitmapped fonts. These should not be combined in the same package. Instead, the misc bitmapped fonts should be provided in a separate package with -misc appended to its name. Tag: package-contains-info-dir-file Severity: serious Certainty: certain Info: This package contains a file named dir or dir.old, possibly compressed, in /usr/share/info. This is the directory (or backup) of info pages and is generated automatically by install-info when a package containing info documentation is installed. Some upstream build systems create it automatically, but it must not be included in a package since it needs to be generated dynamically based on the installed info files on the system. Tag: package-contains-mime-cache-file Severity: serious Certainty: certain Info: This package contains a cache file generated automatically by update-mime-database when a package containing MIME-Info Database files is installed. Some upstream build systems create them automatically, but they must not be included in a package since they need to be generated dynamically based on the installed MIME-Info Database files on the system. Tag: package-contains-mimeinfo.cache-file Severity: serious Certainty: certain Info: This package contains a file named mimeinfo.cache, possibly compressed, in /usr/share/applications. This file is generated automatically by update-desktop-database when a package containing .desktop files associated to MIME types is installed. Some upstream build systems create it automatically, but it must not be included in a package since it needs to be generated dynamically based on the installed .desktop files on the system. Tag: package-modifies-ld.so-search-path Severity: important Certainty: possible Ref: policy 10.2 Info: This package installs a file in /etc/ld.so.conf.d, presumably to modify the search path of the run-time linker, and does not appear to be part of libc. . Packages containing shared libraries should either install them into /usr/lib or should require binaries built against them to set RPATH to find the library at run-time. Installing libraries in a different directory and modifying the run-time linker path is equivalent to installing them into /usr/lib except now conflicting library packages may cause random segfaults and difficult-to-debug problems instead of conflicts in the package manager. Tag: global-data-in-games-directory Severity: important Certainty: certain Info: This package contains files under /usr/share/games, such as desktop files, icons, pixmaps, or MIME type entries, that are global system data. The user's desktop environment will only check in the directories directly under /usr/share and this information should be put in the global directory even if it is for games. . The most common cause of this problem is using a --datadir=/usr/share/games argument to configure or an equivalent and using the upstream installation rules. These files need to be moved into the corresponding directories directly under /usr/share. Tag: duplicated-compressed-file Severity: minor Certainty: possible Info: The given, apparently compressed, file is shipped in the package in addition to another file with the same name without the compression-method extension. Normally this indicates a mistake in the installation process of the package. Tag: udev-rule-in-etc Severity: important Certainty: certain Ref: #559208 Info: This package ships a udev rule and installs it under /etc/udev/rules.d, which is reserved for user-installed files. The correct directory for system rules is /lib/udev/rules.d. Tag: obsolete-comments-style-in-php-ini Severity: normal Certainty: certain Info: This package ships a .ini file used to configure php but it has comments using the old-style comment separator #. Instead, the ; separator should be used. . Since version 5.3, the PHP interpreter warns about the use of the old style of comment separator. Tag: triplet-dir-and-architecture-mismatch Severity: serious Certainty: possible Ref: policy 9.1.1 Info: This package contains a directory under /lib or /usr/lib which doesn't match the proper triplet for the binary package's architecture. This is very likely to be a mistake when indicating the underlying build system where the files should be installed. Tag: empty-binary-package Severity: important Certainty: wild-guess Info: This binary package appears to be empty, and its description does not say that it's a metapackage or a transitional package. This is often due to problems with updating debhelper *.install files during package renames or similar problems where installation rules don't put files in the correct place. . If the package is deliberately empty, please mention in the package long description one of the phrases "metapackage," "dummy," "dependency package," "empty package," or "virtual package." Tag: star-file Severity: important Certainty: possible Info: The given file is literally installed as * (star symbol). Normally this indicates a mistake in the installation process of the package either when creating symlinks or renaming files. Tag: incorrect-locale-code Severity: normal Certainty: possible Info: The package appears to ship locales for a language but uses an incorrect locale code as a subdirectory of /usr/share/locale. This usually results in users of the intended target language not finding the locale. The language codes used in the locale directories are those from the ISO 639-1 and ISO 639-2 standards, not those usually used as TLDs (which are from the ISO 3166 standard). . Lintian only knows about some commonly-mistaken set of incorrect locale codes. Tag: unknown-locale-code Severity: normal Certainty: certain Ref: http://www.loc.gov/standards/iso639-2/php/code_list.php Info: The package appears to ship locales for a language but uses an unknown locale code as a subdirectory of /usr/share/locale. This usually results in users of the intended target language not finding the locale. The language codes used in the locale directories are those from the ISO 639-1 and ISO 639-2 standards, not those usually used as TLDs (which are from the ISO 3166 standard). . It is possible that the language code was mistyped or incorrectly guessed from the language's or country's name. Tag: compressed-objects.inv Severity: normal Certainty: possible Info: The package appears to ship a gzip compressed objects.inv file in it's documentation. Unfortunately some tools do not cope with this file being compressed. . This file should be excluded from compression during build time. If using debhelper (<< 8.1.0), you may need to use the -X option to dh_compress. Newer versions of debhelper handle this correctly by default. Tag: missing-pre-dependency-on-multiarch-support Severity: serious Certainty: certain Info: The package ships a library in one of the multiarch lib directories, /lib/<triplet> and /usr/lib/<triplet>, but does not declare a pre-dependency on multiarch-support. Packages installing to these paths must Pre-Depend: multiarch-support to ensure the library can be found by the dynamic linker at every point during an upgrade. Tag: package-contains-no-arch-dependent-files Severity: minor Certainty: possible Experimental: yes Info: The package is not marked architecture all, but all the files it ships are installed in /usr/share. . Most likely this package should be marked architecture all, but there is a chance that the package is missing files. Ref: policy 5.6.8 Tag: vim-addon-within-vim-runtime-path Severity: normal Certainty: certain Info: Vim addons should not be installed directly under a directory contained in the Vim runtime path. Users shall be given the freedom to choose which addons they want to have enabled and which they don't. Ref: vim-policy 3.1 Tag: perl-module-uses-perl4-libs-without-dep Severity: normal Certainty: possible Info: This package includes perl modules using obsoleted perl 4-era libraries. These libraries have been deprecated in perl in 5.14, and are likely to be removed from the core in perl 5.16. Please either remove references to these libraries, or add a dependency on libperl4-corelibs-perl | perl (<< 5.12.3-7) to this package. Tag: gzip-file-is-not-multi-arch-same-safe Severity: important Certainty: certain Info: The gzip file contains a timestamp that will differ between architectures. Multi-Arch: same implies all shared files must be byte-for-byte identical. . This can usually be fixed by passing -n to gzip.