Package: devscripts
Version: 2.10.49
Severity: important
User: devscri...@packages.debian.org
Usertags: checkbashisms
Hi Adam et al,
After another archive-wide run, but now on i386 and with the latest version of
checkbashisms, here are some other FPs I found:
-------------------
bindgraph_0.2a-4_all.deb
possible bashism in ./DEBIAN/postinst line 66 ($"foo" should be
eval_gettext "foo"):
if [ -z "`egrep "^\s*DNS_LOG\s*=\s*$LOGFILE\s*$" $DEFAULTS`" ]; then
possible bashism in ./usr/share/bootcd/bootcdmk2diskconf line 83 ($"foo"
should be eval_gettext "foo"):
j="$(echo "$RILABEL" | grep ":$i$" | awk -F: '{print $1}')"
possible bashism in ./usr/share/doc/capi4hylafax/examples/sample_faxrcvd line
69 ($"foo" should be eval_gettext "...)
if [ -n "`echo "$SendFile" | grep "\.tif$"`" ] ; then
possible bashism in ./usr/share/debian-cd/tools/update_tasks line 30 ($"foo"
should be eval_gettext "foo"):
task_primary="$(grep -Ev "^(#.*)?(.*-)?[[:space:]]*$" $tasklist)"
-------------------
gjots2_2.3.4-2.1_all.deb
possible bashism in ./usr/bin/gjots2html line 76 (brace expansion):
m4_changequote({{{{,}}}})
Caused due to incorrectly counting the number quotation marks.
Fix:
@@ -265,7 +265,7 @@ foreach my $filename (@ARGV) {
$templine =~ s/$otherquote.*?$quote.*?$otherquote//g;
# "\""
$templine =~ s/(^|[^\\])$quote\\$quote$quote/$1/g;
- my $count = () = $templine =~ /(^|[^\\])$quote/g;
+ my $count = () = $templine =~ /(^|(?!\\))$quote/g;
# If there's an odd number of non-escaped
# quotes in the line it's almost certainly the
-------------------
> possible bashism in ./usr/bin/nws_html_hosts line 61 (should be '.', not
> 'source'):
> source destination | grep -v "^hostpair" | \
> possible bashism in ./usr/bin/nws_html_hosts line 64 (should be '.', not
> 'source'):
> source destination | grep -v "^hostpair" | \
l60: eval $searchCommand throughput throughput_prediction
throughput_mse \
l61: source destination | grep -v "^hostpair" | \
l62: awk ' {if(NF>1) {printf "%s ", $2; if($1=="destination")
print ""}}' > $bwFile
No idea why they are not being correctly parsed; but it isn't fixed by the
above patch :(
-------------------
possible bashism in ./usr/src/gcc-4.1/patches/pr9861-nojava.dpatch line 112
('function' is useless):
+#define DMGL_RET_POSTFIX (1 << 5) /* Print function return types (when
On IRC I said it should be enough to consider #!/bin/sh /path/to/foo scripts
as evil, but after reconsidering I don't think it is the right solution.
So far I came up with this workaround:
@@ -451,6 +451,9 @@ sub script_is_evil_and_wrong {
$ret = $. - 1;
last;
+ } elsif (m'@DPATCH@') {
+ $ret = $. - 1;
+ last;
}
}
-------------------
Misc corrections:
@@ -477,7 +480,5 @@ sub init_hashes {
$LEADIN . qr'exec\s+-[acl]' => q<exec -c/-l/-a name>,
$LEADIN . qr'let\s' => q<let ...>,
qr'(?<![\$\(])\(\(.*\)\)' => q<'((' should be '$(('>,
- qr'\$\[[^][]+\]' => q<'$[' should be '$(('>,
qr'(?:^|\s+)(\[|test)\s+-a' => q<test with unary -a (should
be -e)>,
qr'\&>' => q<should be \>word 2\>&1>,
qr'(<\&|>\&)\s*((-|\d+)[^\s;|)`&\\\\]|[^-\d\s]+)' =>
@@ -508,14 +510,15 @@ sub init_hashes {
$LEADIN . qr'time\s' => q<time>,
$LEADIN . qr'dirs(\s|\Z)' => q<dirs>,
qr'(?:^|\s+)[<>]\(.*?\)' => q<\<() process substituion>,
- qr'(?:^|\s+)readonly\s+-[af]' => q<readonly -[af]>,
+ $LEADIN . qr'readonly\s+-[af]' => q<readonly -[af]>,
$LEADIN . qr'(sh|\$\{?SHELL\}?) -[rD]' => q<sh -[rD]>,
$LEADIN . qr'(sh|\$\{?SHELL\}?) --\w+' => q<sh --long-option>,
$LEADIN . qr'(sh|\$\{?SHELL\}?) [-+]O' => q<sh [-+]O>,
);
%string_bashisms = (
- qr'\$\[\w+\]' => q<arithmetic not allowed>,
+ qr'\$\[[^][]+\]' => q<'$[' should be '$(('>,
qr'\$\{\w+\:\d+(?::\d+)?\}' => q<${foo:3[:1]}>,
qr'\$\{!\w...@*]\}' => q<${!prefix[*|@]>,
qr'\$\{!\w+\}' => q<${!name}>,
The "arithmetic not allowed" check was not matching all the cases, and since
echo "$[1 + 2]" works in bash, the working check should be moved to
string_bashisms.
And there's no reason (unless you refresh my mind :) not to use $LEADIN in
the 'readonly' check.
-------------------
@@ -533,11 +536,11 @@ sub init_hashes {
qr'\$\{?PIPESTATUS\}?\b' => q<$PIPESTATUS>,
qr'\$\{?SHLVL\}?\b' => q<$SHLVL>,
qr'<<<' => q<\<\<\< here string>,
- $LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\"[^\"]*(\\[\\abcEfnrtv0])+.*?
[\"]' => q<unsafe echo with backslash>,
+ $LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\"[^\"]*(\\[abcEfnrtv0])+.*?[\"]'
=> q<unsafe echo with backslash>,
);
%singlequote_bashisms = (
- $LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\'[^\']*(\\[\\abcEfnrtv0])+.*?
[\']' => q<unsafe echo with backslash>,
+ $LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\'[^\']*(\\[abcEfnrtv0])+.*?[\']'
=> q<unsafe echo with backslash>,
$LEADIN . qr'source\s+[\"\']?(?:\.\/|\/|\$|[\w.~-])[^\s]+' =>
q<should be '.', not 'source'>,
);
Stops warning about unsafe a backslashed backslash, since it works in all
shells and is used by libtool.
-------------------
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
diff --git a/tmp/checkbashisms b/usr/bin/checkbashisms
index ee31784..38e9858 100755
--- a/tmp/checkbashisms
+++ b/usr/bin/checkbashisms
@@ -265,7 +265,7 @@ foreach my $filename (@ARGV) {
$templine =~ s/$otherquote.*?$quote.*?$otherquote//g;
# "\""
$templine =~ s/(^|[^\\])$quote\\$quote$quote/$1/g;
- my $count = () = $templine =~ /(^|[^\\])$quote/g;
+ my $count = () = $templine =~ /(^|(?!\\))$quote/g;
# If there's an odd number of non-escaped
# quotes in the line it's almost certainly the
@@ -451,6 +451,9 @@ sub script_is_evil_and_wrong {
$ret = $. - 1;
last;
+ } elsif (m'@DPATCH@') {
+ $ret = $. - 1;
+ last;
}
}
@@ -461,7 +464,7 @@ sub script_is_evil_and_wrong {
sub init_hashes {
%bashisms = (
- qr'(?:^|\s+)function \w+(\s|\(|\Z)' => q<'function' is useless>,
+ $LEADIN . qr'function \w+(\s|\(|\Z)' => q<'function' is useless>,
$LEADIN . qr'select\s+\w+' => q<'select' is not POSIX>,
qr'(test|-o|-a)\s*[^\s]+\s+==\s' =>
q<should be 'b = a'>,
@@ -477,7 +480,6 @@ sub init_hashes {
$LEADIN . qr'exec\s+-[acl]' => q<exec -c/-l/-a name>,
$LEADIN . qr'let\s' => q<let ...>,
qr'(?<![\$\(])\(\(.*\)\)' => q<'((' should be '$(('>,
- qr'\$\[[^][]+\]' => q<'$[' should be '$(('>,
qr'(?:^|\s+)(\[|test)\s+-a' => q<test with unary -a (should be -e)>,
qr'\&>' => q<should be \>word 2\>&1>,
qr'(<\&|>\&)\s*((-|\d+)[^\s;|)`&\\\\]|[^-\d\s]+)' =>
@@ -508,14 +510,14 @@ sub init_hashes {
$LEADIN . qr'time\s' => q<time>,
$LEADIN . qr'dirs(\s|\Z)' => q<dirs>,
qr'(?:^|\s+)[<>]\(.*?\)' => q<\<() process substituion>,
- qr'(?:^|\s+)readonly\s+-[af]' => q<readonly -[af]>,
+ $LEADIN . qr'readonly\s+-[af]' => q<readonly -[af]>,
$LEADIN . qr'(sh|\$\{?SHELL\}?) -[rD]' => q<sh -[rD]>,
$LEADIN . qr'(sh|\$\{?SHELL\}?) --\w+' => q<sh --long-option>,
$LEADIN . qr'(sh|\$\{?SHELL\}?) [-+]O' => q<sh [-+]O>,
);
%string_bashisms = (
- qr'\$\[\w+\]' => q<arithmetic not allowed>,
+ qr'\$\[[^][]+\]' => q<'$[' should be '$(('>,
qr'\$\{\w+\:\d+(?::\d+)?\}' => q<${foo:3[:1]}>,
qr'\$\{!\w...@*]\}' => q<${!prefix[*|@]>,
qr'\$\{!\w+\}' => q<${!name}>,
@@ -533,11 +535,11 @@ sub init_hashes {
qr'\$\{?PIPESTATUS\}?\b' => q<$PIPESTATUS>,
qr'\$\{?SHLVL\}?\b' => q<$SHLVL>,
qr'<<<' => q<\<\<\< here string>,
- $LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\"[^\"]*(\\[\\abcEfnrtv0])+.*?[\"]' => q<unsafe echo with backslash>,
+ $LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\"[^\"]*(\\[abcEfnrtv0])+.*?[\"]' => q<unsafe echo with backslash>,
);
%singlequote_bashisms = (
- $LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\'[^\']*(\\[\\abcEfnrtv0])+.*?[\']' => q<unsafe echo with backslash>,
+ $LEADIN . qr'echo\s+(?:-[^e\s]+\s+)?\'[^\']*(\\[abcEfnrtv0])+.*?[\']' => q<unsafe echo with backslash>,
$LEADIN . qr'source\s+[\"\']?(?:\.\/|\/|\$|[\w.~-])[^\s]+' =>
q<should be '.', not 'source'>,
);
