/usr/share/lintian/checks/shared-libs.desc is in lintian 2.5.10.4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 | Check-Script: shared-libs
Author: Christian Schwarz <schwarz@debian.org>
Abbrev: shl
Type: binary, udeb
Needs-Info: unpacked, file-info, objdump-info, bin-pkg-control, index
Info: This script checks if a binary package conforms to shared library policy.
Tag: shlib-with-executable-bit
Severity: important
Certainty: certain
Info: Shared libraries should be mode 0644.
Ref: policy 8.1
Tag: shlib-with-bad-permissions
Severity: normal
Certainty: certain
Info: Shared libraries should be mode 0644.
Ref: policy 8.1
Tag: shlib-with-non-pic-code
Severity: serious
Certainty: possible
Ref: policy 10.2
Info: The listed shared libraries contain object code that was compiled
without -fPIC. All object code in shared libraries should be recompiled
separately from the static libraries with the -fPIC option.
.
Another common mistake that causes this problem is linking with
<tt>gcc -Wl,-shared</tt> instead of <tt>gcc -shared</tt>.
.
In some cases, exceptions to this rule are warranted. If this is such a
case, follow the procedure outlined in Policy and then please document
the exception by adding a lintian override to this package.
.
To check whether a shared library has this problem, run <tt>readelf
-d</tt> on the shared library. If a tag of type TEXTREL is present, the
shared library contains non-PIC code.
Tag: shlib-without-versioned-soname
Severity: normal
Certainty: possible
Ref: policy 10.2, policy 8.6
Info: The listed shared library in a public library directory has an
SONAME that does not contain any versioning information, either after the
<tt>.so</tt> or before it and set off by a hyphen. It cannot therefore
be represented in the shlibs system, and if linked by binaries its
interface cannot safely change. There is no backward-compatible way to
migrate programs linked against it to a new ABI.
.
Normally, this means the shared library is a private library for a
particular application and is not meant for general use. Policy
recommends that such libraries be installed in a subdirectory of
<tt>/usr/lib</tt> rather than in a public shared library directory.
.
To view the SONAME of a shared library, run <tt>readelf -d</tt> on the
shared library and look for the tag of type SONAME.
.
There are some special stub libraries or special-purpose shared objects
for which an ABI version is not meaningful. If this is one of those
cases, please add an override.
Tag: ldconfig-symlink-missing-for-shlib
Severity: important
Certainty: certain
Info: The package should not only include the shared library itself, but also
the symbolic link which ldconfig would produce. (This is necessary, so
that the link gets removed by dpkg automatically when the package
gets removed.) If the symlink is in the package, check that the SONAME of the
library matches the info in the shlibs file.
Ref: policy 8.1
Tag: dev-pkg-without-shlib-symlink
Severity: normal
Certainty: certain
Info: A "-dev" package is supposed to install a "libsomething.so" symbolic
link referencing the corresponding shared library. Notice how the link name
doesn't include the version number -- this is because such a link is used
by the linker when other programs are built against this shared library.
.
Implementation detail: This tag is emitted for the library package and not
the "-dev" package.
Ref: policy 8.4
Tag: non-dev-pkg-with-shlib-symlink
Severity: normal
Certainty: possible
Info: Although this package is not a "-dev" package, it installs a
"libsomething.so" symbolic link referencing the corresponding shared
library. When the link doesn't include the version number, it is used by
the linker when other programs are built against this shared library.
.
Shared libraries are supposed to place such symbolic links in their
respective "-dev" packages, so it is a bug to include it with the main
library package.
.
However, if this is a small package which includes the runtime and the
development libraries, this is not a bug. In the latter case, please
override this warning.
Ref: policy 8.4
Tag: preinst-calls-ldconfig
Severity: normal
Certainty: certain
Info: The preinst script calls ldconfig. Calls to ldconfig should only be
in postinst and postrm scripts.
Ref: policy 8.1.1
Tag: prerm-calls-ldconfig
Severity: normal
Certainty: certain
Info: The prerm script calls ldconfig. Calls to ldconfig should only
be in postinst and postrm scripts.
Ref: policy 8.1.1
Tag: postrm-unsafe-ldconfig
Severity: normal
Certainty: certain
Info: The postrm script calls ldconfig unsafely. The postrm
must only call ldconfig when given the argument "remove".
Ref: policy 8.1.1
Tag: no-shlibs-control-file
Severity: serious
Certainty: possible
Info: Although the package includes a shared library, the package does not
have a shlibs control file. If this is intentional, please override this
error.
Ref: policy 8.6
Tag: pkg-has-shlibs-control-file-but-no-actual-shared-libs
Severity: important
Certainty: certain
Info: Although the package does not include any shared libraries, it does
have a shlibs control file. If you did include a shared library, check that
the SONAME of the library is set and that it matches the contents of the
shlibs file.
.
SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
where 0 is the major version of the library. If your package uses libtool,
then libtool invoked with the right options should be doing this.
.
Note this is sometimes triggered for packages with a private shared
library due to a bug in Debhelper.
Ref: #204975, #633853
Tag: duplicate-entry-in-shlibs-control-file
Severity: important
Certainty: certain
Info: The shlibs control file contains a duplicate entry.
Tag: shlib-missing-in-control-file
Severity: important
Certainty: possible
Info: The package contains a shared library that is not listed in the
shlibs control file. If this is intentional, please override this error.
Ref: policy 8.6
Tag: unused-shlib-entry-in-control-file
Severity: normal
Certainty: certain
Info: The shlibs control file contains an entry for a shared library that
is not installed by this package.
Ref: policy 8.6
Tag: shlibs-declares-dependency-on-other-package
Severity: normal
Certainty: possible
Info: This package declares in its shlibs control file either a dependency
on some other package not listed in the Provides of this package or on a
version of this package that the package version doesn't satisfy.
.
Packages should normally only list in their shlibs control file the
shared libraries included in that package, and therefore the dependencies
listed there should normally be satisfied by either the package itself or
one of its Provides.
.
In unusual circumstances where it's necessary to declare more complex
dependencies in the shlibs control file, please add a lintian override
for this warning.
Ref: policy 8.6
Tag: ldconfig-symlink-referencing-wrong-file
Severity: important
Certainty: certain
Info: The symbolic link references the wrong file. (It should reference
the shared library.)
Ref: policy 8.1
Tag: ldconfig-symlink-is-not-a-symlink
Severity: important
Certainty: certain
Info: The package installs a file with the name, ldconfig would use for
the symbolic link to reference the shared library.
Ref: policy 8.1
Tag: postinst-has-useless-call-to-ldconfig
Severity: minor
Certainty: certain
Info: The postinst script calls ldconfig even though no shared libraries are
installed in a directory controlled by the dynamic library loader.
.
Note this may be triggered by a bug in debhelper, that causes it to
auto-generate an ldconfig snippet for packages that does not need it.
Ref: policy 8.1.1, #204975
Tag: udeb-postinst-must-not-call-ldconfig
Severity: important
Certainty: certain
Info: The postinst script calls ldconfig, which is an error in udebs.
ldconfig is not available and not needed in debian-installer
Tag: postrm-has-useless-call-to-ldconfig
Severity: minor
Certainty: certain
Info: The postrm script calls ldconfig even though no shared libraries are
installed in a directory controlled by the dynamic library loader.
.
Note this may be triggered by a bug in debhelper, that causes it to
auto-generate an ldconfig snippet for packages that does not need it.
Ref: policy 8.1.1, #204975
Tag: postinst-must-call-ldconfig
Severity: serious
Certainty: certain
Info: The package installs shared libraries in a directory controlled by
the dynamic library loader. Therefore, the package must call "ldconfig" in
its postinst script.
Ref: policy 8.1.1
Tag: postrm-should-call-ldconfig
Severity: important
Certainty: certain
Info: The package installs shared libraries in a directory controlled by
the dynamic library loader. Therefore, the package should call "ldconfig"
in its postrm script.
Ref: policy 8.1.1
Tag: sharedobject-in-library-directory-missing-soname
Severity: important
Certainty: possible
Info: A shared object was identified in a library directory (a directory
in the standard linker path) which doesn't have a SONAME. This is
usually an error.
.
SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
where 0 is the major version of the library. If your package uses libtool,
then libtool invoked with the right options should be doing this.
.
To view the SONAME of a shared library, run <tt>readelf -d</tt> on the
shared library and look for the tag of type SONAME.
Tag: shlib-without-PT_GNU_STACK-section
Severity: important
Certainty: certain
Info: The listed shared libraries lacks a PT_GNU_STACK section. This forces
the dynamic linker to make the stack executable.
.
The shared lib is linked either with a non-GNU linker or a linker which is
very old. This problem can be fixed with a rebuild.
.
To see whether a shared library has this section, run <tt>readelf -l</tt>
on it and look for a program header of type GNU_STACK.
Tag: shlib-with-executable-stack
Severity: normal
Certainty: possible
Info: The listed shared libraries declares the stack as executable.
.
Executable stack is usually an error as it is only needed if the code
contains GCC trampolines or similar constructs which uses code on the
stack. One possible source for false positives are object files built
from assembler files which don't define a proper .note.GNU-stack
section.
.
To see the permissions on the stack, run <tt>readelf -l</tt> on the
shared library and look for the program header of type GNU_STACK. In the
flag column, there should not be an E flag set.
Tag: symbols-file-contains-current-version-with-debian-revision
Severity: important
Certainty: certain
Info: Debian revisions should be stripped from versions in symbols files.
Not doing so leads to dependencies unsatisfiable by backports (1.0-1~bpo
<< 1.0-1 while 1.0-1~bpo >= 1.0). If the debian revision can't
be stripped because the symbol really appeared between two specific
Debian revisions, you should postfix the version with a single "~"
(example: 1.0-3~ if the symbol appeared in 1.0-3).
.
This problem normally means that the symbols were added automatically by
dpkg-gensymbols. dpkg-gensymbols uses the full version number for the
dependency associated to any new symbol that it detects. The maintainer
must update the <tt>debian/<package>.symbols</tt> file by adding
the new symbols with the corresponding upstream version.
Tag: symbols-file-contains-debian-revision
Severity: normal
Certainty: certain
Info: Debian revisions should be stripped from versions in symbols files.
Not doing so leads to dependencies unsatisfiable by backports (1.0-1~bpo
<< 1.0-1 while 1.0-1~bpo >= 1.0). If the debian revision can't
be stripped because the symbol really appeared between two specific
Debian revisions, you should postfix the version with a single "~"
(example: 1.0-3~ if the symbol appeared in 1.0-3).
Ref: dpkg-gensymbols(1), http://wiki.debian.org/UsingSymbolsFiles
Tag: syntax-error-in-symbols-file
Severity: important
Certainty: certain
Info: The symbols file contains an entry that does not follow the syntax
rules for symbols files.
.
This may be due to the entry appearing out of sequence.
Ref: deb-symbols(5)
Tag: duplicate-entry-in-symbols-control-file
Severity: important
Certainty: certain
Info: The symbols control file contains a duplicate entry.
Tag: no-symbols-control-file
Severity: wishlist
Certainty: certain
Info: Although the package includes a shared library, the package does not
have a symbols control file.
.
dpkg can use symbols files in order to generate more accurate library
dependencies for applications, based on the symbols from the library that
are actually used by the application.
Ref: dpkg-gensymbols(1), http://wiki.debian.org/UsingSymbolsFiles
Tag: pkg-has-symbols-control-file-but-no-shared-libs
Severity: important
Certainty: certain
Info: Although the package does not include any shared libraries, it does
have a symbols control file. If you did include a shared library, check that
the SONAME of the library is set and that it matches the contents of the
symbols file.
.
SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
where 0 is the major version of the library. If your package uses libtool,
then libtool invoked with the right options should be doing this.
Tag: shlib-missing-in-symbols-control-file
Severity: normal
Certainty: possible
Info: The package contains a shared library that is not listed in the
symbols control file. This may not be a problem if, for example,
the library is a C++ library.
Tag: unused-shlib-entry-in-symbols-control-file
Severity: normal
Certainty: certain
Info: The symbols control file contains an entry for a shared library that
is not installed by this package.
Tag: symbols-declares-dependency-on-other-package
Severity: normal
Certainty: possible
Info: This package declares in its symbols control file a dependency on
some other package (and not one listed in the Provides of this package).
.
Packages should normally only list in their symbols control file the
shared libraries included in that package, and therefore the dependencies
listed there should normally be satisfied by either the package itself or
one of its Provides.
.
In unusual circumstances where it's necessary to declare more complex
dependencies in the symbols control file, please add a lintian override
for this warning.
Ref: policy 8.6
Tag: invalid-template-id-in-symbols-file
Severity: important
Certainty: certain
Info: The symbol definition refers to an alternative dependency template
which is not defined for the library containing the symbol.
.
The first alternative dependency template for a library the id number
of 1, with the ids of subsequent alternative templates increasing in
sequence.
Tag: unknown-meta-field-in-symbols-file
Severity: important
Certainty: certain
Info: The symbols control file contains an unknown meta-information field.
.
A list of currently supported fields may be found in deb-control(5).
Ref: deb-control(5)
Tag: symbols-declared-but-not-shlib
Severity: important
Certainty: certain
Info: The symbols control file contains dependency and symbol information
for a shared library which is not listed in the shlibs control file.
Tag: shlib-calls-exit
Severity: wishlist
Certainty: possible
Experimental: yes
Info: The listed shared library calls the C library exit() or _exit()
functions.
.
In the case of an error, the library should instead return an appropriate
error code to the calling program which can then determine how to handle
the error, including performing any required clean-up.
.
In most cases, removing the call should be discussed with upstream,
particularly as it may produce an ABI change.
Tag: incorrect-libdir-in-la-file
Severity: important
Certainty: possible
Info: The given .la file points to a libdir other than the path where it is
installed. This can be caused by resetting <tt>prefix</tt> at make install
time instead of using <tt>DESTDIR</tt>. The incorrect path will cause
packages linking to this library using libtool to build incorrectly (adding
incorrect paths to RPATH, for example).
Tag: non-empty-dependency_libs-in-la-file
Severity: serious
Certainty: certain
Info: The dependency_libs field in the .la file has not been cleared. It has
long been a release goal to get rid of unneeded .la files and clearing the
dependency_libs field from the rest of them.
.
A non-empty dependency_libs field will also stall the Multi-Arch
conversion.
.
The .la file in itself may be useful, if the library is loaded dynamically
via libltdl.
Ref: http://wiki.debian.org/ReleaseGoals/LAFileRemoval,
http://lists.debian.org/debian-devel/2011/05/msg01003.html,
http://lists.debian.org/debian-devel/2011/05/msg01146.html
Tag: shlib-in-multi-arch-foreign-package
Severity: serious
Certainty: certain
Ref: https://wiki.ubuntu.com/MultiarchSpec
Info: The package is marked as Multi-Arch: foreign, but it includes a shared
library in a public library directory.
|