/usr/share/lintian/checks/cruft.desc

Check-Script: cruft
Author: Sean 'Shaleh' Perry <shaleh@debian.org>
Abbrev: deb
Type: source
Info: This looks for cruft in Debian packaging or upstream source
Needs-Info: unpacked, debfiles, diffstat, file-info, index

Tag: native-package-with-dash-version
Severity: normal
Certainty: certain
Info: Native packaging should only be used if a piece of software was
 written specifically to be turned into a Debian package. In this case,
 the version number should not contain a Debian revision part.
 .
 Native source packages are sometimes created by accident. In most cases
 the reason is the location of the original source tarball. For version
 1.0 source packages, dpkg-source determines whether they're non-native by
 looking for a file named <tt>&lt;package&gt;_&lt;upversion&gt;.orig.tar.gz</tt>
 in the parent directory, where &lt;upversion&gt; is the upstream version
 from the most recent <tt>debian/changelog</tt> entry. For version 3.0
 packages, check <tt>debian/source/format</tt> for an erroneous
 "(native)" package format.

Tag: non-native-package-with-native-version
Severity: normal
Certainty: certain
Info: This package has a native version number (a version number
 without a dash and a Debian portion) but is built as a non-native
 package.  Usually this is an error caused by forgetting the Debian
 revision for a non-native package.  In this case the solution is to
 add a Debian revision.
 .
 This error can also happen if the package is a 1.0 source format and
 there is a stray <tt>*.orig.tar.gz</tt> file in the parent directory.
 The file will trick <tt>dpkg-source</tt> into believing it was
 supposed to be a non-native package.  Here the error can be solved by
 converting it to 3.0 (native) package or removing/renaming the
 <tt>*.orig.tar.gz</tt> file.
 .
 If you do not know what a "native" or a "non-native" package is, you are
 very likely working on a non-native package.

Tag: debian-files-list-in-source
Severity: important
Certainty: certain
Info: Leaving <tt>debian/files</tt> causes problems for the autobuilders,
 since that file will likely include the list of .deb files for another
 architecture, which will cause dpkg-buildpackage run by the buildd to fail.
 .
 The clean rule for the package should remove this file.
Ref: policy 4.12

Tag: diff-contains-cmake-cache-file
Severity: serious
Certainty: possible
Info: The Debian diff contains a CMake cache file.  These files embed the
 full path of the source tree in which they're created and cause build
 failures if they exist when the source is built under a different path,
 so they will always cause errors on the buildds.  The file was probably
 accidentally included.  If it is present in the upstream source, don't
 modify it in the Debian diff; instead, delete it before the build in
 <tt>debian/rules</tt>.

Tag: diff-contains-cvs-control-dir
Severity: normal
Certainty: certain
Info: The Debian diff or native package contains files in a CVS directory.
 These are usually artifacts of the revision control system used by the
 Debian maintainer and not useful in a diff or native package.
 <tt>dpkg-source</tt> will automatically exclude these if it is passed
 <tt>-I</tt> or <tt>-i</tt> for native and non-native packages respectively.
Ref: dpkg-source(1)

Tag: source-contains-cvs-control-dir
Severity: pedantic
Certainty: certain
Info: The upstream source contains a CVS directory.  It was most likely
 included by accident since CVS directories usually don't belong in
 releases.  When packaging a CVS snapshot, export from CVS rather than use
 a checkout.  If an upstream release tarball contains CVS directories, you
 usually should report this as a bug to upstream.

Tag: diff-contains-svn-control-dir
Severity: normal
Certainty: certain
Info: The Debian diff or native package contains files in an .svn
 directory.  These are usually artifacts of the revision control system
 used by the Debian maintainer and not useful in a diff or native package.
 <tt>dpkg-source</tt> will automatically exclude these if it is passed
 <tt>-I</tt> or <tt>-i</tt> for native and non-native packages respectively.
Ref: dpkg-source(1)

Tag: source-contains-svn-control-dir
Severity: pedantic
Certainty: certain
Info: The upstream source contains an .svn directory.  It was most likely
 included by accident since Subversion version control directories
 usually don't belong in releases.  When packaging a Subversion snapshot,
 export from subversion rather than checkout.  If an upstream release
 tarball contains .svn directories, this should be reported as a bug to
 upstream since it can double the size of the tarball to no purpose.

Tag: diff-contains-bzr-control-dir
Severity: normal
Certainty: certain
Info: The Debian diff or native package contains files in a .bzr
 directory.  These are usually artifacts of the revision control system
 used by the Debian maintainer and not useful in a diff or native package.
 <tt>dpkg-source</tt> will automatically exclude these if it is passed
 <tt>-I</tt> or <tt>-i</tt> for native and non-native packages respectively.
Ref: dpkg-source(1)

Tag: source-contains-bzr-control-dir
Severity: pedantic
Certainty: certain
Info: The upstream source contains a .bzr directory. It was most likely
 included by accident since bazaar-ng version control directories usually
 don't belong in releases and may contain the entire repository.  When
 packaging a bzr snapshot, use bzr export to create a clean tree.  If an
 upstream release tarball contains .bzr directories, you should usually
 report this as a bug upstream.

Tag: diff-contains-arch-control-dir
Severity: normal
Certainty: certain
Info: The Debian diff or native package contains files in an {arch} or
 .arch-ids directory or a directory starting with <tt>,,</tt> (used by baz
 for debugging traces).  These are usually artifacts of the revision
 control system used by the Debian maintainer and not useful in a diff or
 native package.  <tt>dpkg-source</tt> will automatically exclude these if
 it is passed <tt>-I</tt> or <tt>-i</tt> for native and non-native
 packages respectively.
Ref: dpkg-source(1)

Tag: source-contains-arch-control-dir
Severity: pedantic
Certainty: certain
Info: The upstream source contains an {arch} or .arch-ids directory or a
 directory starting with <tt>,,</tt> (used by baz for debugging traces).
 It was most likely included by accident since Arch version control
 directories usually don't belong in releases.  If an upstream release
 tarball contains these directories, you should usually report this as a
 bug upstream.

Tag: diff-contains-git-control-dir
Severity: normal
Certainty: certain
Info: The Debian diff or native package contains files in a .git
 directory.  These are usually artifacts of the revision control system
 used by the Debian maintainer and not useful in a diff or native package.
 <tt>dpkg-source</tt> will automatically exclude these if it is passed
 <tt>-I</tt> or <tt>-i</tt> for native and non-native packages respectively.
Ref: dpkg-source(1)

Tag: source-contains-git-control-dir
Severity: pedantic
Certainty: certain
Info: The upstream source contains a .git directory. It was most likely
 included by accident since git version control directories usually don't
 belong in releases and may contain a complete copy of the repository.  If
 an upstream release tarball contains .git directories, you should usually
 report this as a bug upstream.

Tag: diff-contains-hg-control-dir
Severity: normal
Certainty: certain
Info: The Debian diff or native package contains files in a .hg
 directory.  These are usually artifacts of the revision control system
 used by the Debian maintainer and not useful in a diff or native package.
 <tt>dpkg-source</tt> will automatically exclude these if it is passed
 <tt>-I</tt> or <tt>-i</tt> for native and non-native packages respectively.
Ref: dpkg-source(1)

Tag: source-contains-hg-control-dir
Severity: pedantic
Certainty: certain
Info: The upstream source contains a .hg directory. It was most likely
 included by accident since hg version control directories usually don't
 belong in releases and may contain a complete copy of the repository.  If
 an upstream release tarball contains .hg directories, you should usually
 report this as a bug upstream.

Tag: diff-contains-bts-control-dir
Severity: normal
Certainty: certain
Info: The Debian diff or native package contains files in a directory
 used by a bug tracking system, which are not useful in a diff or native
 package.  <tt>dpkg-source</tt> will automatically exclude these if it
 is passed <tt>-I</tt> or <tt>-i</tt> for native and non-native packages
 respectively.
Ref: dpkg-source(1)

Tag: source-contains-bts-control-dir
Severity: pedantic
Certainty: certain
Info: The upstream source contains a directory used by a bug tracking
 system. It was most likely included by accident since bug tracking system
 directories usually don't belong in releases.

Tag: diff-contains-svn-commit-file
Severity: minor
Certainty: certain
Info: The Debian diff or native package contains an
 <tt>svn-commit(.NNN).tmp</tt>, almost certainly a left-over from a failed
 Subversion commit by the Debian package maintainer.

Tag: source-contains-svn-commit-file
Severity: pedantic
Certainty: certain
Info: The upstream source contains an <tt>svn-commit(.NNN).tmp</tt>,
 almost certainly a left-over from a failed Subversion commit.  You may
 want to report this as an upstream bug.

Tag: diff-contains-svk-commit-file
Severity: minor
Certainty: certain
Info: The Debian diff or native package contains an
 <tt>svk-commitNNN.tmp</tt>, almost certainly a left-over from a failed
 svk commit by the Debian package maintainer.

Tag: source-contains-svk-commit-file
Severity: pedantic
Certainty: certain
Info: The upstream source contains an <tt>svk-commitNNN.tmp</tt>,
 almost certainly a left-over from a failed Subversion commit.  You may
 want to report this as an upstream bug.

Tag: diff-contains-arch-inventory-file
Severity: normal
Certainty: certain
Info: The Debian diff or native package contains an
 <tt>.arch-inventory</tt> file.  This is Arch metadata that should
 normally not be distributed.

Tag: source-contains-arch-inventory-file
Severity: pedantic
Certainty: certain
Info: The upstream source contains an <tt>.arch-inventory</tt> file.  This
 is Arch metadata that should normally not be distributed.  You may want
 to report this as an upstream bug.

Tag: diff-contains-hg-tags-file
Severity: normal
Certainty: certain
Info: The Debian diff or native package contains an <tt>.hgtags</tt>
 file.  This file is Mercurial metadata that should normally not be
 distributed.  It stores hashes of tagged commits in a Mercurial
 repository and isn't therefore useful without the repository.

Tag: source-contains-hg-tags-file
Severity: pedantic
Certainty: certain
Info: The upstream source contains an <tt>.hgtags</tt> file.  This file is
 Mercurial metadata that should normally not be distributed.  It stores
 hashes of tagged commits in a Mercurial repository and isn't therefore
 useful without the repository.  You may want to report this as an
 upstream bug.

Tag: diff-contains-cvs-conflict-copy
Severity: normal
Certainty: certain
info: The Debian diff or native package contains a CVS conflict copy.
 These have file names like <tt>.#file.version</tt> and are generated by
 CVS when a conflict was detected when merging local changes with updates
 from a source repository.  They're useful only while resolving the
 conflict and should not be included in the package.

Tag: source-contains-cvs-conflict-copy
Severity: pedantic
Certainty: certain
info: The upstream source contains a CVS conflict copy.  These have file
 names like <tt>.#file.version</tt> and are generated by CVS when a
 conflict was detected when merging local changes with updates from a
 source repository.  They're useful only while resolving the conflict and
 were probably included by accident.  You may want to report this as an
 upstream bug.

Tag: diff-contains-svn-conflict-file
Severity: normal
Certainty: certain
info: The Debian diff or native package contains a file that looks like a
 Subversion conflict file.  These are generated by Subversion when a
 conflict was detected while merging local changes with updates from a
 source repository.  Use <tt>svn resolved</tt> to remove them and clear
 the Subversion conflict state after you have resolved the conflict.

Tag: source-contains-svn-conflict-file
Severity: pedantic
Certainty: certain
info: The upstream source contains a file that looks like a Subversion
 conflict file.  These are generated by Subversion when a conflict was
 detected while merging local changes with updates from a source
 repository.  They're useful only while resolving the conflict and
 were probably included by accident.  You may want to report this as an
 upstream bug.

Tag: diff-contains-patch-failure-file
Severity: normal
Certainty: possible
Info: The Debian diff or native package contains a file that looks like
 the files left behind by the <tt>patch</tt> utility when it cannot
 completely apply a diff.  This may be left over from a patch applied by
 the maintainer.  Normally such files should not be included in the
 package.

Tag: diff-contains-editor-backup-file
Severity: minor
Certainty: certain
Info: The Debian diff or native package contains a file ending in
 <tt>~</tt> or of the form <tt>.xxx.swp</tt>, which is normally either an
 Emacs or vim backup file or a backup file created by programs such as
 <tt>autoheader</tt> or <tt>debconf-updatepo</tt>.  This usually causes no
 harm, but it's messy and bloats the size of the Debian diff to no useful
 purpose.

Tag: diff-contains-substvars
Severity: normal
Certainty: certain
Info: Lintian found a substvars file in the Debian diff for this source 
 package. The debian/substvars (or debian/<tt>package</tt>.substvars) file
 is usually generated and modified dynamically by debian/rules targets, in
 which case it must be removed by the clean target.
Ref: policy 4.9

Tag: empty-debian-diff
Severity: normal
Certainty: possible
Info: The Debian diff of this non-native package appears to be completely
 empty.  This usually indicates a mistake when generating the upstream
 tarball, or it may mean that this was intended to be a native package and
 was built non-native by mistake.
 .
 If the Debian packaging is maintained in conjunction with upstream, this
 may be intentional, but it's not recommended best practice.  If the
 software is only for Debian, it should be a native package; otherwise,
 it's better to omit the <tt>debian</tt> directory from upstream releases
 and add it in the Debian diff.  Otherwise, it can cause problems for some
 package updates in Debian (files can't be removed from the
 <tt>debian</tt> directory via the diff, for example).

Tag: configure-generated-file-in-source
Severity: normal
Certainty: possible
Info: Leaving config.cache/status causes autobuilders problems.
 config.cache and config.status are produced by GNU autoconf's configure
 scripts. If they are left in the source package, autobuilders may pick
 up settings for the wrong architecture.
 .
 The clean rule in <tt>debian/rules</tt> should remove this file. This
 should ideally be done by fixing the upstream build system to do it when
 you run the appropriate cleaning command (and don't forget to forward the
 fix to the upstream authors so it doesn't happen in the next release). If
 that is already implemented, then make sure you are indeed cleaning it in
 the clean rule. If all else fails, a simple rm -f should work.
 .
 Note that Lintian cannot reliably detect the removal in the clean rule,
 so once you fix this, please ignore or override this warning.

Tag: ancient-autotools-helper-file
Severity: important
Certainty: possible
Info: The referenced file has a time stamp older than year 2004 and the
 package does not build-depend on autotools-dev or automake and therefore
 apparently does not update it.  This usually means that the source
 package will not build correctly on all currently released architectures.
 .
 Read /usr/share/doc/autotools-dev/README.Debian.gz (from the
 autotools-dev package) for information on how to fix this problem.  cdbs
 will automatically update these files if autotools-dev is installed
 during build, but the build dependency on autotools-dev is still
 necessary.

Tag: outdated-autotools-helper-file
Severity: normal
Certainty: possible
Info: The referenced file has a time stamp older than June of 2006 and the
 package does not build-depend on autotools-dev or automake and therefore
 apparently does not update it.  This usually means that the source
 package will not build correctly on AVR32, for which a Debian port is
 currently in progress, and may not support other newer architectures.
 .
 Read /usr/share/doc/autotools-dev/README.Debian.gz (from the
 autotools-dev package) for information on how to fix this problem.  cdbs
 will automatically update these files if autotools-dev is installed
 during build, but the build dependency on autotools-dev is still
 necessary.

Tag: ancient-libtool
Severity: normal
Certainty: possible
Info: The referenced file seems to be from a libtool version older than
 1.5.2-2.  This might lead to build errors on some newer architectures not
 known to this libtool.
 .
 Please ask your upstream maintainer to re-libtoolize the package or do it
 yourself if there is no active upstream.  You will also need to run
 Autoconf to regenerate the configure script.  Usually it is best to do
 this during the build by depending on autoconf, libtool, and automake if
 it is used, and then running:
 .
  autoreconf -i --force
 .
 before running configure.  Depending on how old the package is, this may
 require additional modifications to <tt>configure.ac</tt> or
 <tt>configure.in</tt> or other work.  If you do this during the build,
 determine which files it will add or update and be sure to remove those
 files in the clean target.
 .
 If you have fixed architecture-specific issues with minimal patches,
 rather than updating libtool, and verified that it builds correctly,
 please override this tag.  Lintian will not be able to verify that.

Tag: source-contains-prebuilt-binary
Severity: pedantic
Certainty: certain
Info: The source tarball contains a prebuilt ELF object.  They are usually
 left by mistake when generating the tarball by not cleaning the source
 directory first.  You may want to report this as an upstream bug, in case
 there is no sign that this was intended.

Tag: source-contains-prebuilt-windows-binary
Severity: pedantic
Certainty: certain
Info: The source tarball contains a prebuilt binary for Microsoft Windows.
 They are usually provided for the convenience of users.  These files
 usually just take up space in the tarball and are of no use in Debian.
 .
 Check if upstream also provides source-only tarballs that you can use as
 the upstream distribution instead.  If not, you may want to ask upstream
 to provide source-only tarballs.

Tag: source-contains-waf-binary
Severity: important
Certainty: certain
Info: The source tarball contains a waf binary. This file is a Python
 script with an embedded bzip2 archive, which is uncompressed and unpacked
 at runtime.
 .
 Although corresponding sources can be easily extracted, FTP Team does not
 consider waf binary as the preferred form of modification; it should be
 provided unpacked instead, or completely removed, if possible.
 .
 You might want to follow these guidelines to obtain an unpacked waf:
 http://wiki.debian.org/UnpackWaf
Ref: http://wiki.debian.org/UnpackWaf, #654523

Tag: tar-errors-from-source
Severity: normal
Certainty: wild-guess
Info: tar produced an error while unpacking this source package.  This
 probably means there's something broken or at least strange about the way
 the upstream tar file was constructed.  You may want to report this as an
 upstream bug.

Tag: control-file-with-CRLF-EOLs
Severity: important
Certainty: possible
Info: The given control file uses <tt>CRLF</tt> as line terminator
 instead of the traditional UNIX <tt>LF</tt> terminator.  Since some
 tools were only designed with the UNIX end-of-line terminators in mind,
 it is possible that they misbehave or lead to unexpected results.
 .
 Running the following command against the given file removes any
 <tt>CR</tt> character in the file:
 .
 <tt>sed -i 's/\r//g' path/to/file</tt>
lintian 2.5.6 / usr / share / lintian / checks / cruft.desc
