lintian
Static analysis tool for Debian packages
see also :
lintian-info - dpkg-buildpackage
Synopsis
lintian
[action] [options] [packages] ...
add an example, a script, a trick and tips
examples
$ lintian foo.changes
Check the changes file itself and any (binary, udeb or source)
package listed in it.
$ lintian foo.deb
Check binary package foo given by foo.deb.
$ lintian foo.dsc
Check source package foo given by foo.dsc.
$ lintian foo.dsc -L +minor/possible
Check source package foo given by foo.dsc, including
minor/possible tags.
$ lintian -i foo.changes
Check the changes file and, if listed, the source and binary
package of the upload. The output will contain detailed
information about the reported tags.
$ lintian -c --binary foo
Check the binary package foo in the Lintian laboratory.
$ lintian -C cpy --source foo
Run the copyright checks on source package foo. The package foo
must be in the Lintian laboratory.
$ lintian -u foo -U unpacked
Unpack all packages named foo in the Lintian laboratory.
$ lintian -r foo
Remove all packages named foo from the Lintian laboratory.
$ lintian
Assuming debian/changelog exists, look for a changes file
for the source in the parent dir. Otherwise, print usage
information and exit.
description
Lintian
dissects Debian packages and reports bugs and policy
violations. It contains automated checks for many aspects of
Debian policy as well as some checks for common errors.
It uses an
archive directory, called laboratory, in which it
stores information about the packages it examines. It can
keep this information between multiple invocations in order
to avoid repeating expensive data-collection operations.
There are three
ways to specify binary, udeb or source packages for Lintian
to process: by file name (the .deb file for a binary package
or the .dsc file for a source package), by naming a
.changes file, or by using a lab query (see "
LAB QUERY " below).
If you specify
a .changes file, Lintian will process all packages
listed in that file. This is convenient when checking a new
package before uploading it.
If you specify
packages to be checked or use one of the options
--all,
--packages-from-file or
--packages-file, the packages
requested will be processed. Otherwise, if
debian/changelog exists, it is parsed to determine
the name of the .changes file to look for in the parent
directory (when using the actions --check
or --unpack). See " CHECKING
LAST BUILD " for more information.
options
Actions of the
lintian command: (Only one action can be specified per
invocation)
-c, --check
Run all checks over the
specified packages. This is the default action.
-C chk1,chk2,...,
--check-part chk1,chk2,...
Run only the specified checks.
You can either specify the name of the check script or the
abbreviation. For details, see the "
CHECKS " section below.
-F,
--ftp-master-rejects
Run only the checks that issue
tags that result in automatic rejects from the Debian upload
queue. The list of such tags is refreshed with each Lintian
release, so may be slightly out of date if it has changed
recently.
This is
implemented via a profile and thus this option cannot be
used together with --profile.
-r,
--remove
Removed the specified packages
from the lintian lab. This is only useful with static
labs.
-R,
--remove-lab
Remove the laboratory
directory. This is only useful with static labs.
-S,
--setup-lab
Set up or update a static
lintian laboratory.
-T tag1,tag2,...,
--tags tag1,tag2,...
Run only the checks that issue
the requested tags. The tests for other tags within the
check scripts will be run but the tags will not be
issued.
With this
options all tags listed will be displayed regardless of the
display settings.
--tags-from-file
filename
Same functionality as
--tags, but read the list of tags from a
file. Blank lines and lines beginning with # are ignored.
All other lines are taken to be tag names or comma-separated
lists of tag names to (potentially) issue.
With this
options all tags listed will be displayed regardless of the
display settings.
-u,
--unpack
Unpacks the package will all
collections. See the " COLLECTION "
section below.
Note in this
option will also run all collections. See the "
COLLECTION " section below.
-X chk1,chk2,...,
--dont-check-part
chk1,chk2,...
Run all but the the specified
checks. You can either specify the name of the check script
or the abbreviation. For details, see the "
CHECKS " section below.
General
options:
-d, --debug
Display debugging messages.
(Implies -v and overrules any
-q).
Can be used
multiple times to increase the debug information. If passed
twice or more, Lintian will emit approximate run times for
collections and checks (if Time::HiRes can be loaded).
This option
cannot be specified in the config file. If used on the
command line it will override the verbose and the
quiet options in the config file.
-h,
--help
Display usage information and
exit.
-q,
--quiet
Suppress all informational
messages including override comments (normally shown with
--show-overrides).
This option is
silently ignored if --debug is given.
Otherwise, if both --verbose and
--quiet is used, the last of these two
options take effect.
This option
overrides the verbose and the quiet variable
in the configuration file. In the configuration file, this
option is enabled by using quiet variable. The
verbose and quiet variables may not both
appear in the config file.
-v,
--verbose
Display verbose messages.
If
--debug is used this option is always
enabled. Otherwise, if both --verbose and
--quiet is used (and
--debug is not used), the last of these
two options take effect.
This option
overrides the quiet variable in the configuration
file. In the configuration file, this option is enabled by
using verbose variable. The verbose and
quiet variables may not both appear in the config
file.
-V,
--version
Display lintian version number
and exit.
--print-version
Print unadorned version number
and exit.
Behaviour
options for lintian.
--allow-root
Override lintian’s
warning when it is run with superuser privileges.
--color
(never|always|auto|html)
Whether to colorize tags in
lintian output based on their severity. The default is
"never", which never uses color.
"always" will always use color, "auto"
will use color only if the output is going to a terminal,
and "html" will use HTML
<span> tags with a color style attribute (instead of
ANSI color escape sequences).
This option
overrides the color variable in the configuration
file.
--display-source
X
Only display tags from the
source X (e.g. the Policy Manual or the Developer
Reference). This option can be used multiple times to add
additional sources. Example sources are "policy"
or "devref" being the Policy Manual and the
Developer Reference (respectively).
The entire list
of sources can be found in
$LINTIAN_ROOT/data/output/manual-references
-E,
--display-experimental
Display experimental
("X:") tags as well. They are normally
suppressed.
If a tag is
marked experimental, this means that the code that generates
this message is not as well tested as the rest of Lintian,
and might still give surprising results. Feel free to ignore
Experimental messages that do not seem to make sense, though
of course bug reports are always welcomed (particularly if
they include fixes).
This option
overrides the display-experimental variable in the
configuration file.
--fail-on-warnings
By default, lintian
exits with 0 status if only warnings were found. If this
flag is given, exit with a status of 1 if either warnings or
errors are found.
This option
overrides the fail-on-warnings variable in the
configuration file.
-i,
--info
Print explanatory information
about each problem discovered in addition to the lintian
error tags. To print a long tag description without running
lintian, see lintian-info(1).
This option
overrides info variable in the configuration
file.
-I,
--display-info
Display informational
("I:") tags as well. They are normally suppressed.
(This is equivalent to -L
">=wishlist").
This option
overrides the display-info variable in the
configuration file.
Note:
display-level and display-info may not both
appear in the configuration file.
--keep-lab
By default, temporary labs will
be removed after lintian is finished. Specifying this
options will leave the lab behind, which might be useful for
debugging purposes. You can find out where the temporary lab
is located by running lintian with the
--verbose option.
For static
(non-temporary) labs this option causes Lintian to skip the
automatic clean up of some collections.
-L
[+|-|=][>=|>|<|<=][S|C|S/C],
--display-level
[+|-|=][>=|>|<|<=][S|C|S/C]
Fine-grained selection of tags
to be displayed. It is possible to add, remove or set the
levels to display, specifying a severity (S: serious,
important, normal, minor, wishlist, pedantic), a certainty
(C: certain, possible, wild-guess), or both (S/C). The
default settings are equivalent to -L
">=important" -L
"+>=normal/possible" -L
+minor/certain).
This option
overrides the display-level variable in the
configuration file. The value of the display-level in
configuration file should be space separated entries in the
same format as passed via command-line.
Note:
display-level may not be used with
display-info or pedantic in the configuration
file.
-o,
--no-override
Don’t use the overrides
file.
This option
overrides the override variable in the configuration
file.
--pedantic
Display pedantic
("P:") tags as well. They are normally
suppressed.
Pedantic tags
are Lintian at its most pickiest and include checks for
particular Debian packaging styles and checks that many
people disagree with. Expect false positives and Lintian
tags that you don’t consider useful if you use this
option. Adding overrides for pedantic tags is probably not
worth the effort.
This option
overrides the pedantic variable in the configuration
file.
Note:
pedantic and display-info may not both appear
in the configuration file.
--profile
vendor[/prof]
Use the profile from vendor (or
the profile with that name). If the profile name does not
contain a slash, the default profile for than vendor is
chosen.
If not
specified, lintian loads the best profile for the
current vendor.
Please Refer to
the Lintian User Manual for the full documentation of
profiles.
--show-overrides
Output tags that have been
overridden. The related override comments will also be
printed (unless --quiet is used). Please refer
to the Lintian User Manual for the documentation on how
lintian relates comments to a given override.
This option
overrides the show-overrides variable in the
configuration file.
--suppress-tags
tag1,tag2,...
Suppress the listed tags. They
will not be reported if they occur and will not affect the
exit status of Lintian.
--suppress-tags-from-file
file
Suppress all tags listed in the
given file. Blank lines and lines beginning with # are
ignored. All other lines are taken to be tag names or
comma-separated lists of tag names to suppress. The
suppressed tags will not be reported if they occur and will
not affect the exit status of Lintian.
-U
info1,info2,..., --unpack-info
info1,info2,...
Collect information info1,
info2, etc. even if these are not required by the checks.
Collections requested by this option are also not
auto-removed (in this run).
This option is
mostly useful for debugging or special purpose setups.
It is allowed
to give this option more than once. The following two lines
of arguments are semantically equivalent:
-U info1 -U info2
-U info1,info2
Configuration
options:
--cfg configfile
Read the configuration from
configfile rather than the default locations. This option
overrides the LINTIAN_CFG environment
variable.
--no-cfg
Do not read any configuration
file. This option overrides the --cfg
above.
--lab
labdir
Use labdir as the permanent
laboratory. This is where Lintian keeps information about
the packages it checks. This option overrides the
LINTIAN_LAB environment variable and
the configuration file entry of the same name.
-j [X],
--jobs[=X]
Set the limit for how many
unpacking jobs Lintian will run in parallel. If X is not
given, Lintian will not limit the number of unpacking jobs
run that can run in parallel.
This option
overrides the jobs variable in the configuration
file.
By default
Lintian will use nproc to determine a reasonable
default (or 2, if the nproc fails).
--root
rootdir
Look for lintian’s
support files (such as check scripts and collection scripts)
in rootdir. This overrides the
LINTIAN_ROOT environment variable. The
default location is /usr/share/lintian.
Package
selection options:
-a, --all
Check all packages in the
laboratory.
Note: If
--binary, --udeb or
--source is specified, then only packages
of that type is considered.
-b,
--binary
The lab-queries listed on the
command line are by default binary packages.
With
--all this means check all binary
packages in the lab.
--packages-from-file
X
Process the packages listed in
X. If the line starts with "!query:", then the
rest of that line is processed as a lab query (see "
LAB QUERY ").
Otherwise the
line is read as the path to a file to process (all
whitespace is included!).
If X is
"-", Lintian will read the packages from
STDIN .
-s,
--source
The lab-queries listed on the
command line are by default source packages.
With
--all this means check all source
packages in the lab.
The following
packages listed on the command line are source packages.
--udeb
The lab-queries listed on the
command line are by default udeb packages.
With
--all this means check all udeb packages
in the lab.
checking last build
When run in an unpacked package dir (with no package selection
arguments), Lintian will use debian/changelog to determine
the source and version of the package. Lintian will then attempt
to find a matching .changes file for this source and
version combination.
Lintian will (in order) search the following directories:
..
Used by dpkg-buildpackage(1).
../build-area
Used by svn-buildpackage(1).
/var/cache/pbuilder/result
Used by pbuilder(1) and cowbuilder(1).
In each directory, Lintian will attempt to find a .changes
file using the following values as architectecture (in order):
$DEB_BUILD_ARCH
The environment variable DEB_BUILD_ARCH .
$DEB_HOST_ARCH (or dpkg --print-architecture)
The environment variable DEB_HOST_ARCH (if not
set, "dpkg --print-architecture" will be used instead)
dpkg --print-foreign-architectures
If dpkg(1) appears to support multi-arch, then any
architecture listed by "dpkg --print-foreign-architectures" will
be used (in the order returned by dpkg).
multi
Pseudo architecture used by mergechanges(1).
all
Used when building architecture indep packages only (e.g
dpkg-buildpackage -A).
source
Used for "source only" builds (e.g. dpkg-buildpackage -S).
If a .changes file matches any combination above exists,
Lintian will process the first match as if you had passed it per
command line. If no .changes file can be found, Lintian
will print a list of attempted locations on STDERR
and exit 0.
checks
apache2 (apache2)
Checks various build mistakes in Apache2 reverse dependencies
binaries (bin)
This script checks binaries and object files for bugs.
changelog-file (chg)
This script checks if a binary package conforms to policy with
regards to changelog files.
Each binary package with a /usr/share/doc/<foo>
directory must have a Debian changelog file in
changelog.Debian.gz unless the Debian changelog and the
upstream one is the same file; in this case, it must be in
changelog.gz.
If there is an upstream changelog file, it must be named
"changelog.gz".
Both changelog files should be compressed using "gzip -9". Even
if they start out small, they will become large with time.
changes-file (chng)
This script checks for various problems with .changes files
conffiles (cnf)
This script checks if the conffiles control file of a binary
package is correct.
control-file (dctl)
This script checks debian/control files in source packages
control-files (ctl)
Check for unknown control files in the binary package.
copyright-file (cpy)
This script checks if a binary package conforms to policy with
regard to copyright files.
Each binary package must either have a
/usr/share/doc/<foo>/copyright file or must have a
symlink /usr/share/doc/<foo> -> <bar>,
where <bar> comes from the same source package and pkg foo
declares a "Depends" relation on bar.
cruft (deb)
This looks for cruft in Debian packaging or upstream source
deb-format (dfmt)
This script checks the format of the deb ar archive itself.
debconf (dc)
This looks for common mistakes in packages using debconf.
debhelper (dh)
This looks for common mistakes in debhelper source packages.
debian-readme (drm)
This script checks the README .Debian file
for various problems.
debian-source-dir (dsd)
This script looks for mistakes in debian/source/* files.
description (des)
Check if the Description control field of a binary package
conforms to the rules in the Policy Manual (section 3.4).
duplicate-files (dupf)
This script checks for duplicate files using checksums
fields (fld)
This script checks the syntax of the fields in package control
files, as described in the Policy Manual.
filename-length (flen)
This script checks for long package file names
files (fil)
This script checks if a binary package conforms to policy
WRT to files and directories.
group-checks (gchck)
This script checks for some issues that may appear in packages
built from the same source. This includes intra-source circular
dependencies and intra-source priority checks.
huge-usr-share (hus)
This script checks whether an architecture-dependent package has
large amounts of data in /usr/share.
infofiles (info)
This script checks if a binary package conforms to info document
policy.
init.d (ini)
Check if a binary package conforms to policy with respect to
scripts in /etc/init.d.
java (java)
This script checks if the packages comply with various aspects of
the debian Java policy.
manpages (man)
This script checks if a binary package conforms to manual page
policy.
md5sums (md5)
This script checks if md5sum control files are valid, if they are
provided by a binary package.
menu-format (mnf)
This script validates the format of menu files.
menus (men)
Check if a binary package conforms to policy with respect to
menu and doc-base files.
nmu (nmu)
This script checks if a source package is consistent about its
NMU-ness.
ocaml (ocaml)
This looks for common mistakes in OCaml binary packages.
patch-systems (pat)
This script checks for various possible problems when using patch
systems
po-debconf (pd)
This looks for common mistakes in packages using
po-debconf(7).
rules (rul)
Check targets and actions in debian/rules.
scripts (scr)
This script checks the #! lines of scripts in a package.
shared-libs (shl)
This script checks if a binary package conforms to shared library
policy.
source-copyright (scpy)
This script checks if a source package conforms to policy with
regard to copyright files.
Each source package should have a debian/copyright file.
standards-version (std)
This script checks if a source package contains a valid
Standards-Version field.
symlinks (sym)
This script checks for broken symlinks.
version-substvars (v-s)
This script checks for correct use of the various *Version
substvars, e.g. deprecated substvars, or usage that can cause
un-binNMUability
watch-file (watch)
Check debian/watch files in source packages.
collection
ar-info
This script runs the "ar t" command over all .a files of package.
bin-pkg-control
This script extracts the contents of control.tar into the
control/ and creates control-index as well.
changelog-file
This script copies the changelog file and
NEWS .Debian file (if any) of a package
into the lintian directory.
copyright-file
This script copies the copyright file of a package into
the lintian directory.
debfiles
This script collects files shipped in the source of the package.
debian-readme
This script copies the README .Debian file
of a package into the lintian directory.
diffstat
This script extracts the Debian diff of a source package, and
runs diffstat on it, leaving the result in the diffstat output
file
doc-base-files
This script copies the contents of /usr/share/doc-base
into the lintian doc-base/ directory.
file-info
This script runs the file(1) command over all files of any
kind of package.
hardening-info
This script runs hardening-check(1) over all
ELF binaries of a binary package.
index
This script create an index file of the contents of a package.
init.d
This script copies the etc/init.d directory into the
lintian directory.
java-info
This script extracts information from manifests of
JAR files
md5sums
This script runs the md5sums(1) over all files in a binary
package.
menu-files
This script copies the contents of /usr/lib/menu into the
lintian menu/ directory.
objdump-info
This script runs objdump(1) over all binaries and object
files of a binary package.
override-file
This script copies the override file of a package into the
lintian directory.
scripts
This script scans a binary package for scripts that start with #!
and lists their filenames together with the interpreter named by
their first line.
The format is: scriptpath filename
Note that the filename might contain spaces, but the scriptpath
will not, because linux only looks at the first word when
executing a script.
src-orig-index
This script create an index file of the contents of the orig
tarballs.
strings
This script runs the strings(1) command over all files of
a binary package.
unpacked
This script unpacks the package under the unpacked/
directory
This collection is auto-removed by default in static labs.
configuration file
The configuration file can be used to specify default values for
some options. The general format is:
option = value
All whitespace adjacent to the "=" sign as well as leading and
trailing whitespace is ignored. However whitespace within the
value is respected, as demonstrated by this example:
# Parsed as "opt1" with value "val1"
opt1 = val1
# Parsed as "opt2" with value "val2.1 val2.2 val2.3"
opt2 = val2.1 val2.2 val2.3
Unless otherwise specified, no option may appear more than once.
Lintian will ignore empty lines or lines starting with the
#-character.
Generally options will be the long form of the command-line
option without the leading dashes. There some exceptions (such as
--profile), where Lintian uses the same name as the environment
variable.
Lintian only allows a subset of the options specified in the
configuration file; please refer to the individual options in "
OPTIONS ".
In the configuration file, all options listed must have a value,
even if they do not accept a value on command line (e.g.
--pedantic). The values "yes", "y", "1", or "true" will enable
such a option and "no", "n", "0" or "false" will disable it.
Prior to the 2.5.2 release, these values were case sensitive.
For other options, they generally take the same values as they do
on the command line. Though some options allow a slightly
different format (e.g. --display-level). These exceptions are
explained for the relevant options in " OPTIONS ".
Beyond command line options, it is also allowed to specify the
environment variable " TMPDIR " in the
configuration file.
A sample configuration file could look like:
# Sample configuration file for lintian
# Set the default profile (--profile)
LINTIAN_PROFILE = debian
# Set the default TMPDIR for lintian to /var/tmp/lintian
# - useful if /tmp is tmpfs with "limited" size.
TMPDIR = /var/tmp/lintian/
# Show info (I:) tags by default (--display-info)
# NB: this cannot be used with display-level
display-info=yes
# Ignore all overrides (--no-override)
# NB: called "overrides" in the config file
# and has inverted value!
overrides = no
# Automatically determine if color should be used
color = auto
exit status
0
No policy violations or major errors detected. (There may have
been warnings, though.)
1
Policy violations or major errors detected.
2
Lintian run-time error. An error message is sent to stderr.
files
Lintian looks for its configuration file in the following
locations:
The file name given with the --cfg option
$LINTIAN_CFG
$LINTIAN_ROOT/lintianrc
$HOME/.lintianrc
/etc/lintianrc
Lintian uses the following directories:
/tmp
If no lab location is specified via the
LINTIAN_LAB environment variable, configuration,
or the --lab command-line option, lintian defaults to
creating a temporary lab directory in /tmp. To change the
directory used, set the TMPDIR environment
variable to a suitable directory. TMPDIR can be
set in the configuration file.
/usr/share/lintian/checks
Scripts that check aspects of a package.
/usr/share/lintian/collection
Scripts that collect information about a package and store it for
use by the check scripts.
/usr/share/lintian/data
Supporting data used by Lintian checks and for output formatting.
/usr/share/lintian/lib
Utility scripts used by the other lintian scripts.
/usr/share/lintian/unpack
Scripts that manage the laboratory.
The /usr/share/lintian directory can be overridden with
the LINTIAN_ROOT environment variable or
the --root option.
For binary packages, Lintian looks for overrides in a file named
usr/share/lintian/overrides/<package> inside the
binary package, where <package> is the name of the
binary package. For source packages, Lintian looks for overrides
in debian/source/lintian-overrides and then in
debian/source.lintian-overrides if the first file is not
found. The first path is preferred. See the Lintian User’s Manual
for the syntax of overrides.
lab query
A lab query can be used to refer to a (set of) package(s) in the
Lintian Laboratory. The general format of a query is:
[type:]package[/version[/arch]]
Where:
type
This is the type of the package and (if present) must be one of "
ALL ", " GROUP ", "binary", "udeb",
"source" or "changes". This is case sensitive.
If omitted this defaults to " ALL " unless another
default has been specified (see --binary, --udeb or
--source). The pseudo type " ALL " acts as
a wildcard for any real package type.
The special type " GROUP " can be used to match
all packages related to a given source package. For more info,
please see "Group query" below.
package
This is the name of the package. This is mandatory and must match
exactly.
version
This is the version of the package, if left out (or if it is "_")
then any version will do. Otherwise the version must match
exactly.
arch
This is the architecture of the package, if left out (or it is
"_") then any architecture will do. Otherwise the architecture
must match exactly.
Note: This is completely ignored when matching against
source packages or when type is " GROUP ".
Note: For changes packages, this must match the contents of the
architecture field in the changes. This field may contain a space
(e.g. "source all") and therefore may also need proper shell
escape.
Group query
A group query can be used to (re-)process all packages in a given
group. The package and version part will be used to
look up one or more source packages. The binaries, udebs and
changes files for each matching source package will also be
activated.
bugs
Lintian does
not have any locking mechanisms yet. (Running several
Lintian processes on the same laboratory simultaneously is
likely to fail or corrupt the laboratory.)
If you discover
any other bugs in lintian, please contact the authors.
see also
lintian-info ,
Lintian User Manual
(file:/usr/share/doc/lintian/lintian.html/index.html)
Packaging
tools: debhelper, dh_make,
dpkg-buildpackage .
authors
Niels Thykier
<niels[:at:]thykier[:dot:]net>
Richard
Braakman <dark[:at:]xs4all[:dot:]nl>
Christian
Schwarz <schwarz[:at:]monet.m.isar[:dot:]de>
Please use the
email address <lintian-maint[:at:]debian[:dot:]org> for
Lintian related comments.