lintian(1) Debian Package Checker lintian(1)
NAME
lintian - Static analysis tool for Debian packages
SYNOPSIS
lintian [action] [options] [packages] ...
DESCRIPTION
Lintian dissects Debian packages and reports bugs and policy violations. It contains automated checks for many aspects of Debian policy as
well as some checks for common errors.
It uses an archive directory, called laboratory, in which it stores information about the packages it examines. It can keep this
information between multiple invocations in order to avoid repeating expensive data-collection operations.
There are three ways to specify binary, udeb or source packages for Lintian to process: by file name (the .deb file for a binary package or
the .dsc file for a source package), by naming a .changes file, or by using a lab query (see "LAB QUERY" below).
If you specify a .changes file, Lintian will process all packages listed in that file. This is convenient when checking a new package
before uploading it.
If you specify packages to be checked or use one of the options --all, --packages-from-file or --packages-file, the packages requested will
be processed. Otherwise, if debian/changelog exists, it is parsed to determine the name of the .changes file to look for in the parent
directory (when using the actions --check or --unpack). See "CHECKING LAST BUILD" for more information.
OPTIONS
Actions of the lintian command: (Only one action can be specified per invocation)
-c, --check
Run all checks over the specified packages. This is the default action.
-C chk1,chk2,..., --check-part chk1,chk2,...
Run only the specified checks. You can either specify the name of the check script or the abbreviation. For details, see the "CHECKS"
section below.
-F, --ftp-master-rejects
Run only the checks that issue tags that result in automatic rejects from the Debian upload queue. The list of such tags is refreshed
with each Lintian release, so may be slightly out of date if it has changed recently.
This is implemented via a profile and thus this option cannot be used together with --profile.
-r, --remove
Removed the specified packages from the lintian lab. This is only useful with static labs.
-R, --remove-lab
Remove the laboratory directory. This is only useful with static labs.
-S, --setup-lab
Set up or update a static lintian laboratory.
-T tag1,tag2,..., --tags tag1,tag2,...
Run only the checks that issue the requested tags. The tests for other tags within the check scripts will be run but the tags will not
be issued.
With this options all tags listed will be displayed regardless of the display settings.
--tags-from-file filename
Same functionality as --tags, but read the list of tags from a file. Blank lines and lines beginning with # are ignored. All other
lines are taken to be tag names or comma-separated lists of tag names to (potentially) issue.
With this options all tags listed will be displayed regardless of the display settings.
-u, --unpack
Unpacks the package will all collections. See the "COLLECTION" section below.
Note in this option will also run all collections. See the "COLLECTION" section below.
-X chk1,chk2,..., --dont-check-part chk1,chk2,...
Run all but the the specified checks. You can either specify the name of the check script or the abbreviation. For details, see the
"CHECKS" section below.
General options:
-d, --debug
Display debugging messages. (Implies -v and overrules any -q).
Can be used multiple times to increase the debug information. If passed twice or more, Lintian will emit approximate run times for
collections and checks (if Time::HiRes can be loaded).
This option cannot be specified in the config file. If used on the command line it will override the verbose and the quiet options in
the config file.
-h, --help
Display usage information and exit.
-q, --quiet
Suppress all informational messages including override comments (normally shown with --show-overrides).
This option is silently ignored if --debug is given. Otherwise, if both --verbose and --quiet is used, the last of these two options
take effect.
This option overrides the verbose and the quiet variable in the configuration file. In the configuration file, this option is enabled
by using quiet variable. The verbose and quiet variables may not both appear in the config file.
-v, --verbose
Display verbose messages.
If --debug is used this option is always enabled. Otherwise, if both --verbose and --quiet is used (and --debug is not used), the last
of these two options take effect.
This option overrides the quiet variable in the configuration file. In the configuration file, this option is enabled by using verbose
variable. The verbose and quiet variables may not both appear in the config file.
-V, --version
Display lintian version number and exit.
--print-version
Print unadorned version number and exit.
Behaviour options for lintian.
--allow-root
Override lintian's warning when it is run with superuser privileges.
--color (never|always|auto|html)
Whether to colorize tags in lintian output based on their severity. The default is "never", which never uses color. "always" will
always use color, "auto" will use color only if the output is going to a terminal, and "html" will use HTML <span> tags with a color
style attribute (instead of ANSI color escape sequences).
This option overrides the color variable in the configuration file.
--display-source X
Only display tags from the source X (e.g. the Policy Manual or the Developer Reference). This option can be used multiple times to add
additional sources. Example sources are "policy" or "devref" being the Policy Manual and the Developer Reference (respectively).
The entire list of sources can be found in $LINTIAN_ROOT/data/output/manual-references
-E, --display-experimental
Display experimental ("X:") tags as well. They are normally suppressed.
If a tag is marked experimental, this means that the code that generates this message is not as well tested as the rest of Lintian, and
might still give surprising results. Feel free to ignore Experimental messages that do not seem to make sense, though of course bug
reports are always welcomed (particularly if they include fixes).
This option overrides the display-experimental variable in the configuration file.
--fail-on-warnings
By default, lintian exits with 0 status if only warnings were found. If this flag is given, exit with a status of 1 if either warnings
or errors are found.
This option overrides the fail-on-warnings variable in the configuration file.
-i, --info
Print explanatory information about each problem discovered in addition to the lintian error tags. To print a long tag description
without running lintian, see lintian-info(1).
This option overrides info variable in the configuration file.
-I, --display-info
Display informational ("I:") tags as well. They are normally suppressed. (This is equivalent to -L ">=wishlist").
This option overrides the display-info variable in the configuration file.
Note: display-level and display-info may not both appear in the configuration file.
--keep-lab
By default, temporary labs will be removed after lintian is finished. Specifying this options will leave the lab behind, which might
be useful for debugging purposes. You can find out where the temporary lab is located by running lintian with the --verbose option.
For static (non-temporary) labs this option causes Lintian to skip the automatic clean up of some collections.
-L [+|-|=][>=|>|<|<=][S|C|S/C], --display-level [+|-|=][>=|>|<|<=][S|C|S/C]
Fine-grained selection of tags to be displayed. It is possible to add, remove or set the levels to display, specifying a severity (S:
serious, important, normal, minor, wishlist, pedantic), a certainty (C: certain, possible, wild-guess), or both (S/C). The default
settings are equivalent to -L ">=important" -L "+>=normal/possible" -L +minor/certain).
This option overrides the display-level variable in the configuration file. The value of the display-level in configuration file
should be space separated entries in the same format as passed via command-line.
Note: display-level may not be used with display-info or pedantic in the configuration file.
-m, --md5sums, --checksums
This has become redundant in lintian 2.5.1 and may be removed in a later release.
This option used to control whether Lintian would verify checksums in changes files. As of 2.5.1, Lintian always does this.
-o, --no-override
Don't use the overrides file.
This option overrides the override variable in the configuration file.
--pedantic
Display pedantic ("P:") tags as well. They are normally suppressed.
Pedantic tags are Lintian at its most pickiest and include checks for particular Debian packaging styles and checks that many people
disagree with. Expect false positives and Lintian tags that you don't consider useful if you use this option. Adding overrides for
pedantic tags is probably not worth the effort.
This option overrides the pedantic variable in the configuration file.
Note: pedantic and display-info may not both appear in the configuration file.
--profile vendor[/prof]
Use the profile from vendor (or the profile with that name). If the profile name does not contain a slash, the default profile for
than vendor is chosen.
If not specified, lintian loads the best profile for the current vendor.
Please Refer to the Lintian User Manual for the full documentation of profiles.
--show-overrides
Output tags that have been overridden. The related override comments will also be printed (unless --quiet is used). Please refer to
the Lintian User Manual for the documentation on how lintian relates comments to a given override.
This option overrides the show-overrides variable in the configuration file.
--suppress-tags tag1,tag2,...
Suppress the listed tags. They will not be reported if they occur and will not affect the exit status of Lintian.
--suppress-tags-from-file file
Suppress all tags listed in the given file. Blank lines and lines beginning with # are ignored. All other lines are taken to be tag
names or comma-separated lists of tag names to suppress. The suppressed tags will not be reported if they occur and will not affect
the exit status of Lintian.
-U info1,info2,..., --unpack-info info1,info2,...
Collect information info1, info2, etc. even if these are not required by the checks. Collections requested by this option are also not
auto-removed (in this run).
This option is mostly useful for debugging or special purpose setups.
It is allowed to give this option more than once. The following two lines of arguments are semantically equivalent:
-U info1 -U info2
-U info1,info2
Configuration options:
--arch arch
Deprecated, does nothing and may be removed in a later release.
--area area
Deprecated, does nothing and may be removed in a later release.
--archivedir archivedir
Deprecated, does nothing and may be removed in a later release.
--cfg configfile
Read the configuration from configfile rather than the default locations. This option overrides the LINTIAN_CFG environment variable.
--no-cfg
Do not read any configuration file. This option overrides the --cfg above.
--dist distdir
Deprecated, does nothing and may be removed in a later release.
--section area
Deprecated, does nothing and may be removed in a later release.
--lab labdir
Use labdir as the permanent laboratory. This is where Lintian keeps information about the packages it checks. This option overrides
the LINTIAN_LAB environment variable and the configuration file entry of the same name.
-j X, --jobs X
Limit the number of unpacking jobs Lintian will run in parallel.
This option overrides the jobs variable in the configuration file.
By default Lintian will use nproc to determine a reasonable default (or 2, if the nproc fails).
--root rootdir
Look for lintian's support files (such as check scripts and collection scripts) in rootdir. This overrides the LINTIAN_ROOT
environment variable. The default location is /usr/share/lintian.
Package selection options:
-a, --all
Check all packages in the laboratory.
Note: If --binary, --udeb or --source is specified, then only packages of that type is considered.
-b, --binary
The lab-queries listed on the command line are by default binary packages.
With --all this means check all binary packages in the lab.
-p X, --packages-file X
Process all packages which are listed in file X. Each package has to be listed in a single line using the following format:
type package version file
where type is either `b', `u', or `s' (binary, udeb, or source package), package is the package name, version is the package's version,
and file is the package file name (absolute path specification).
Please note this has been deprecated in favour --packages-from-file, which does not require a weird/special syntax.
--packages-from-file X
Process the packages listed in X. If the line starts with "!query:", then the rest of that line is processed as a lab query (see "LAB
QUERY").
Otherwise the line is read as the path to a file to process (all whitespace is included!).
If X is "-", Lintian will read the packages from STDIN.
-s, --source
The lab-queries listed on the command line are by default source packages.
With --all this means check all source packages in the lab.
The following packages listed on the command line are source packages.
--udeb
The lab-queries listed on the command line are by default udeb packages.
With --all this means check all udeb packages in the lab.
CHECKS
apache2 (apache2)
Checks various build mistakes in Apache2 reverse dependencies
binaries (bin)
This script checks binaries and object files for bugs.
changelog-file (chg)
This script checks if a binary package conforms to policy with regards to changelog files.
Each binary package with a /usr/share/doc/<foo> directory must have a Debian changelog file in changelog.Debian.gz unless the Debian
changelog and the upstream one is the same file; in this case, it must be in changelog.gz.
If there is an upstream changelog file, it must be named "changelog.gz".
Both changelog files should be compressed using "gzip -9". Even if they start out small, they will become large with time.
changes-file (chng)
This script checks for various problems with .changes files
conffiles (cnf)
This script checks if the conffiles control file of a binary package is correct.
control-file (dctl)
This script checks debian/control files in source packages
control-files (ctl)
Check for unknown control files in the binary package.
copyright-file (cpy)
This script checks if a binary package conforms to policy with regard to copyright files.
Each binary package must either have a /usr/share/doc/<foo>/copyright file or must have a symlink /usr/share/doc/<foo> -> <bar>, where
<bar> comes from the same source package and pkg foo declares a "Depends" relation on bar.
cruft (deb)
This looks for cruft in Debian packaging or upstream source
deb-format (dfmt)
This script checks the format of the deb ar archive itself.
debconf (dc)
This looks for common mistakes in packages using debconf.
debhelper (dh)
This looks for common mistakes in debhelper source packages.
debian-readme (drm)
This script checks the README.Debian file for various problems.
debian-source-dir (dsd)
This script looks for mistakes in debian/source/* files.
description (des)
Check if the Description control field of a binary package conforms to the rules in the Policy Manual (section 3.4).
duplicate-files (dupf)
This script checks for duplicate files using checksums
fields (fld)
This script checks the syntax of the fields in package control files, as described in the Policy Manual.
filename-length (flen)
This script checks for long package file names
files (fil)
This script checks if a binary package conforms to policy WRT to files and directories.
group-checks (gchck)
This script checks for some issues that may appear in packages built from the same source. This includes intra-source circular
dependencies and intra-source priority checks.
huge-usr-share (hus)
This script checks whether an architecture-dependent package has large amounts of data in /usr/share.
infofiles (info)
This script checks if a binary package conforms to info document policy.
init.d (ini)
Check if a binary package conforms to policy with respect to scripts in /etc/init.d.
java (java)
This script checks if the packages comply with various aspects of the debian Java policy.
manpages (man)
This script checks if a binary package conforms to manual page policy.
md5sums (md5)
This script checks if md5sum control files are valid, if they are provided by a binary package.
menu-format (mnf)
This script validates the format of menu files.
menus (men)
Check if a binary package conforms to policy with respect to menu and doc-base files.
nmu (nmu)
This script checks if a source package is consistent about its NMU-ness.
ocaml (ocaml)
This looks for common mistakes in OCaml binary packages.
patch-systems (pat)
This script checks for various possible problems when using patch systems
po-debconf (pd)
This looks for common mistakes in packages using po-debconf(7).
rules (rul)
Check targets and actions in debian/rules.
scripts (scr)
This script checks the #! lines of scripts in a package.
shared-libs (shl)
This script checks if a binary package conforms to shared library policy.
source-copyright (scpy)
This script checks if a source package conforms to policy with regard to copyright files.
Each source package should have a debian/copyright file.
standards-version (std)
This script checks if a source package contains a valid Standards-Version field.
symlinks (sym)
This script checks for broken symlinks.
version-substvars (v-s)
This script checks for correct use of the various *Version substvars, e.g. deprecated substvars, or usage that can cause un-
binNMUability
watch-file (watch)
Check debian/watch files in source packages.
COLLECTION
ar-info
This script runs the "ar t" command over all .a files of package.
bin-pkg-control
This script extracts the contents of control.tar into the control/ and creates control-index as well.
changelog-file
This script copies the changelog file and NEWS.Debian file (if any) of a package into the lintian directory.
copyright-file
This script copies the copyright file of a package into the lintian directory.
debfiles
This script collects files shipped in the source of the package.
debian-readme
This script copies the README.Debian file of a package into the lintian directory.
diffstat
This script extracts the Debian diff of a source package, and runs diffstat on it, leaving the result in the diffstat output file
doc-base-files
This script copies the contents of /usr/share/doc-base into the lintian doc-base/ directory.
file-info
This script runs the file(1) command over all files of any kind of package.
hardening-info
This script runs hardening-check(1) over all ELF binaries of a binary package.
index
This script create an index file of the contents of a package.
init.d
This script copies the etc/init.d directory into the lintian directory.
java-info
This script extracts information from manifests of JAR files
md5sums
This script runs the md5sums(1) over all files in a binary package.
menu-files
This script copies the contents of /usr/lib/menu into the lintian menu/ directory.
objdump-info
This script runs objdump(1) over all binaries and object files of a binary package.
override-file
This script copies the override file of a package into the lintian directory.
scripts
This script scans a binary package for scripts that start with #! and lists their filenames together with the interpreter named by
their first line.
The format is: scriptpath filename
Note that the filename might contain spaces, but the scriptpath will not, because linux only looks at the first word when executing a
script.
strings
This script runs the strings(1) command over all files of a binary package.
unpacked
This script unpacks the package under the unpacked/ directory
This collection is auto-removed by default in static labs.
FILES
Lintian looks for its configuration file in the following locations:
The file name given with the --cfg option
$LINTIAN_CFG
$LINTIAN_ROOT/lintianrc
$HOME/.lintianrc
/etc/lintianrc
Lintian uses the following directories:
/tmp
If no lab location is specified via the LINTIAN_LAB environment variable, configuration, or the --lab command-line option, lintian
defaults to creating a temporary lab directory in /tmp. To change the directory used, set the TMPDIR environment variable to a
suitable directory. TMPDIR can be set in the configuration file.
/usr/share/lintian/checks
Scripts that check aspects of a package.
/usr/share/lintian/collection
Scripts that collect information about a package and store it for use by the check scripts.
/usr/share/lintian/data
Supporting data used by Lintian checks and for output formatting.
/usr/share/lintian/lib
Utility scripts used by the other lintian scripts.
/usr/share/lintian/unpack
Scripts that manage the laboratory.
The /usr/share/lintian directory can be overridden with the LINTIAN_ROOT environment variable or the --root option.
For binary packages, Lintian looks for overrides in a file named usr/share/lintian/overrides/<package> inside the binary package, where
<package> is the name of the binary package. For source packages, Lintian looks for overrides in debian/source/lintian-overrides and then
in debian/source.lintian-overrides if the first file is not found. The first path is preferred. See the Lintian User's Manual for the
syntax of overrides.
CONFIGURATION FILE
The configuration file can be used to specify default values for some options. The general format is:
option = value
All whitespace adjacent to the "=" sign as well as leading and trailing whitespace is ignored. However whitespace within the value is
respected, as demonstrated by this example:
# Parsed as "opt1" with value "val1"
opt1 = val1
# Parsed as "opt2" with value "val2.1 val2.2 val2.3"
opt2 = val2.1 val2.2 val2.3
Unless otherwise specified, no option may appear more than once. Lintian will ignore empty lines or lines starting with the #-character.
Generally options will be the long form of the command-line option without the leading dashes. There some exceptions (such as --profile),
where Lintian uses the same name as the environment variable.
Lintian only allows a subset of the options specified in the configuration file; please refer to the individual options in "OPTIONS".
In the configuration file, all options listed must have a value, even if they do not accept a value on command line (e.g. --pedantic). The
values "yes", "y", "1", or "true" will enable such a option and "no", "n", "0" or "false" will disable it. Prior to the 2.5.2 release,
these values were case sensitive.
For other options, they generally take the same values as they do on the command line. Though some options allow a slightly different
format (e.g. --display-level). These exceptions are explained for the relevant options in "OPTIONS".
Beyond command line options, it is also allowed to specify the environment variable "TMPDIR" in the configuration file.
A sample configuration file could look like:
# Sample configuration file for lintian
#
# Set the default profile (--profile)
LINTIAN_PROFILE = debian
# Set the default TMPDIR for lintian to /var/tmp/lintian
# - useful if /tmp is tmpfs with "limited" size.
TMPDIR = /var/tmp/lintian/
# Show info (I:) tags by default (--display-info)
# NB: this cannot be used with display-level
display-info=yes
# Ignore all overrides (--no-override)
# NB: called "overrides" in the config file
# and has inverted value!
overrides = no
# Automatically determine if color should be used
color = auto
EXIT STATUS
0 No policy violations or major errors detected. (There may have been warnings, though.)
1 Policy violations or major errors detected.
2 Lintian run-time error. An error message is sent to stderr.
LAB QUERY
A lab query can be used to refer to a (set of) package(s) in the Lintian Laboratory. The general format of a query is:
[type:]package[/version[/arch]]
Where:
type
This is the type of the package and (if present) must be one of "ALL", "GROUP", "binary", "udeb", "source" or "changes". This is case
sensitive.
If omitted this defaults to "ALL" unless another default has been specified (see --binary, --udeb or --source). The pseudo type "ALL"
acts as a wildcard for any real package type.
The special type "GROUP" can be used to match all packages related to a given source package. For more info, please see "Group query"
below.
package
This is the name of the package. This is mandatory and must match exactly.
version
This is the version of the package, if left out (or if it is "_") then any version will do. Otherwise the version must match exactly.
arch
This is the architecture of the package, if left out (or it is "_") then any architecture will do. Otherwise the architecture must
match exactly.
Note: This is completely ignored when matching against source packages or when type is "GROUP".
Note: For changes packages, this must match the contents of the architecture field in the changes. This field may contain a space
(e.g. "source all") and therefore may also need proper shell escape.
Group query
A group query can be used to (re-)process all packages in a given group. The package and version part will be used to look up one or more
source packages. The binaries, udebs and changes files for each matching source package will also be activated.
CHECKING LAST BUILD
When run in an unpacked package dir (with no package selection arguments), Lintian will use debian/changelog to determine the source and
version of the package. Lintian will then attempt to find a matching .changes file for this source and version combination.
Lintian will (in order) search the following directories:
.. Used by dpkg-buildpackage(1).
../build-area
Used by svn-buildpackage(1).
/var/cache/pbuilder/result
Used by pbuilder(1) and cowbuilder(1).
In each directory, Lintian will attempt to find a .changes file using the following values as architectecture (in order):
$DEB_BUILD_ARCH
The environment variable DEB_BUILD_ARCH.
$DEB_HOST_ARCH (or dpkg --print-architecture)
The environment variable DEB_HOST_ARCH (if not set, "dpkg --print-architecture" will be used instead)
dpkg --print-foreign-architectures
If dpkg(1) appears to support multi-arch, then any architecture listed by "dpkg --print-foreign-architectures" will be used (in the
order returned by dpkg).
multi
Pseudo architecture used by mergechanges(1).
all Used when building architecture indep packages only (e.g dpkg-buildpackage -A).
source
Used for "source only" builds (e.g. dpkg-buildpackage -S).
If a .changes file matches any combination above exists, Lintian will process the first match as if you had passed it per command line. If
no .changes file can be found, Lintian will print a list of attempted locations on STDERR and exit 0.
EXAMPLES
$ lintian foo.changes
Check the changes file itself and any (binary, udeb or source) package listed in it.
$ lintian foo.deb
Check binary package foo given by foo.deb.
$ lintian foo.dsc
Check source package foo given by foo.dsc.
$ lintian foo.dsc -L +minor/possible
Check source package foo given by foo.dsc, including minor/possible tags.
$ lintian -i foo.changes
Check the changes file and, if listed, the source and binary package of the upload. The output will contain detailed information about
the reported tags.
$ lintian -c --binary foo
Check the binary package foo in the Lintian laboratory.
$ lintian -C cpy --source foo
Run the copyright checks on source package foo. The package foo must be in the Lintian laboratory.
$ lintian -u foo -U unpacked
Unpack all packages named foo in the Lintian laboratory.
$ lintian -r foo
Remove all packages named foo from the Lintian laboratory.
$ lintian
Assuming debian/changelog exists, look for a changes file for the source in the parent dir. Otherwise, print usage information and
exit.
BUGS
Lintian does not have any locking mechanisms yet. (Running several Lintian processes on the same laboratory simultaneously is likely to
fail or corrupt the laboratory.)
If you discover any other bugs in lintian, please contact the authors.
SEE ALSO
lintian-info(1), Lintian User Manual (file:/usr/share/doc/lintian/lintian.html/index.html)
Packaging tools: debhelper(7), dh_make(8), dpkg-buildpackage(1).
AUTHORS
Niels Thykier <niels@thykier.net>
Richard Braakman <dark@xs4all.nl>
Christian Schwarz <schwarz@monet.m.isar.de>
Please use the email address <lintian-maint@debian.org> for Lintian related comments.
perl v5.14.2 2013-02-16 lintian(1)