Quality-testing for Debian packages

Command Line – adequate

© Lead Image © rudall30, 123RF.com

© Lead Image © rudall30, 123RF.com

Article from Issue 275/2023
Author(s):

The adequate command-line tool helps users pinpoint problems with installed DEB packages.

Like less and most, adequate's [1] name is an both an understatement and a mild joke. A tool for analyzing the quality of installed DEB packages, adequate is actually a rigorous test of quality control based on the Debian Policy Manual [2], which makes its results far beyond adequate. Like many Debian packages, adequate was written for maintainers, but it is also a useful tool for cautious average users.

You can find adequate in the repositories of Debian, Ubuntu, and Linux Mint. Average users will find adequate useful because, as mentioned in a previous column [3], using a variety of repositories can be a gamble. You should rarely need adequate in Debian Stable, whose packages have been thoroughly tested by the time they are placed in the repository and may have been updated to fix bugs and plug security holes. Similarly, in most cases, packages from Testing should also be reasonably safe. However, packages in Unstable are much more of a gamble, not least because some developers place new packages directly into Unstable rather than introducing them into Experimental.

Outside the Debian structure, the risk is even higher, whether you are using packages that originate in a Debian derivative such as Ubuntu or a development platform such as Ubuntu's Personal Package Archives (PPA), GitHub, or GitLab. On such development platforms, any packages the developers take time to make is sometimes second in importance to coding, or they are made by someone with limited knowledge of Debian packaging. Any standards are a matter of personal preference. Not all the data provided by adequate is relevant to ordinary users (e.g., the absence of a copyright notice). Nonetheless, by running any package through adequate, average users can pinpoint the source of problems, possibly repair them, and file more meaningful bug reports. However adequate is used, it offers an insight into the structure of Debian and its derivatives.

The Debian Policy Manual, which adequate is based on, is a lengthy document that describes the structure of Debian packages and repositories. It has grown tremendously since first written in 1996 by Ian Jackson. Although little known to casual users or outsiders, the Debian Policy Manual has frequently been described by Debian members and officers as what makes Debian what it is, rather than the packaging system or any other core software. The Debian Policy Manual covers a wide variety of subjects, ranging from the naming of packages, versioning, package descriptions, dependencies, required fields, pre- and post-install scripts for both binary and source files, and breaking or conflicting packages. If adequate detects no violations of the Debian Policy Manual, you can be reasonably sure that installing a package will not cripple your system or require long hours to undo.

Using Adequate

You can use adequate in several ways. The structure

adequate PACKAGENAME

reports on a single package, using only the package name without a version number (i.e., coreutils, not coreutils-9.1-1). If no problems exist, adequate exits without feedback. More comprehensively,

adequate --all

reports on all the packages installed on a system (Figure 1). To be specific, you can use the option with the tags listed in the man page (see Table 1). If a tag identifies a problem, you may find an explanation in the corresponding section of the Debian Policy Manual or, occasionally, some other Debian documentation. Conversely,

--tags -TAG1,TAG2

Table 1

Tags to Pinpoint Specific Problems

Tag

Meaning

Debian Policy Manual Reference or Other

bin-or-sbin-binary-requires-usr-lib-library

The binary in /bin or /sbin that requires a library in /usr/lib. It is impossible to use this binary before /usr is mounted.

broken-binfmt-detector

The detector registered with update-binfmts(8) does not exist.

broken-binfmt-interpreter

The interpreter registered with update-binfmts(8) does not exist.

broken-symlink

A symlink points to a nonexistent file.

incompatible-licenses

The licenses of the libraries the binary is linked to are incompatible.

ldd-failure

Running ldd -r on the file failed unexpectedly.

https://bugs.debian.org/710521

library-not-found

Library missing, possibly because of a broken symlink

6.5: Summary of ways maintainer scripts are called; 12.5: Copyright information

missing-alternative

This package manager provides a terminal emulator, but it is not registered as an alternative or a virtual package.

11.8.3: Packages providing a terminal emulator; 11.8.4: Packages providing a window manager

missing-copyright-file

No copyright file provided

6.6: Details of unpack phase of installation or upgrade; 12.5: Copyright information

missing-pkgconfig-dependency

Dependency of a pkg-config (.pc) file not provided.

8.4: Development files

missing-symbol-version-information

The binary's library provides only unversioned symbols.

obsolete-conffile

The conffile that previously shipped with the package in no longer included in the current version, but the conffile has not been removed or updated.

https://wiki.debian.org/DpkgConffileHandling; dpkg-maintscript-helper(1)

program-name-collision

This package has the same name as another program.

10.1: Binaries

py-file-not-bytecompiled

This package ships Python modules that are not byte-compiled.

Python Policy 2.6

pyshared-file-not-bytecompiled

This package ships Python modules in /usr/share/pyshared that are not byte compiled.

Python Policy 1.5; Python Policy 2.6

symbol-size-mismatch

The symbol has changed size since the package was built.

undefined-symbol

The symbol has not been found in the libraries linked with the binary.

Figure 1: The start of adequate's report on all installed packages.

lists tags not to be checked (notice the minus sign before the list of tags). With any of these structures, the --debconf option displays any results using debconf, Debian's commmand-line GUI (Figure 2).

Figure 2: The debconf command-line GUI is one way to display adequate's results.

At least theoretically, false positives can occur. If, after reading the man page documentation, you are confident that adequate has uncovered a bug, you can paste adequate's results into a bug report. If you are uncertain, contact debian-qa@lists.debian.org first.

A Cautionary Note

Near its start, the Debian Policy Manual warns [4]: "This manual cannot and does not prohibit every possible bug or undesirable behaviour. The fact that something is not prohibited by Debian policy does not mean that it is not a bug, let alone that it is desirable."

A little further down, the manual lays out the terms used to describe what must be done, as opposed to best practices, and what is optional or discouraged.

The same limitations also apply to adequate. While adequate detects whether major requirements are followed, it may not detect optional or discouraged practices. Just as importantly, adequate does not detect whether a package does what it is supposed to do. All it detects is whether a package's structure conforms to the Debian Policy Manual's expectations. That is worth knowing, but it is not a comprehensive guarantee.

For that reason, adequate should be combined with a basic caution. Simply put, a package with few dependencies, or with no fixed, obsolete, or cutting-edge version requirements, is less likely to cause any systemic problems. This information can be easily found on the Debian packages' web pages for the Unstable or Experimental repositories, or, with exterior packages, by looking at the source code or using the --apt-preinst to view the preinstall scripts. What adequate provides is package data that can help users locate the source of any problems.

The Author

Bruce Byfield is a computer journalist and a freelance writer and editor specializing in free and open source software. In addition to his writing projects, he also teaches live and e-learning courses. In his spare time, Bruce writes about Northwest Coast art (http://brucebyfield.wordpress.com). He is also co-founder of Prentice Pieces, a blog about writing and fantasy at https://prenticepieces.com/.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News