#976 Warnings re 64-bit package quality on Ubuntu 11.04

Linux (83)

I downloaded passwordsafe-ubuntu-0.6.0BETA.amd64.deb on Ubuntu 11.04 (64-bit) and did "gnome-open ./passwordsafe-ubuntu-0.6.0BETA.amd64.deb" (note: no sudo used). That opened up Ubuntu Software Centre which had an "Install" button, clicking on which nothing happened. I saw some policykit related errors in the console.

Then I ran the same command with "sudo" and the Install button worked, but threw up the attached warning. I also saw these in the terminal:

2011-07-24 12:04:31,456 - softwarecenter.backend - ERROR - error in _on_trans_finished 'Error: The package is of bad quality
The installation of a package which violates the quality standards isn't allowed. This could cause serious problems on your computer. Please contact the person or organisation who provided this package file and include the details beneath.

Lintian check results for /home/saurav/work/passwordsafe-ubuntu-0.6.0BETA.amd64.deb:
warning: the authors of lintian do not recommend running it with root privileges!
E: passwordsafe: dir-or-file-in-tmp tmp/pwsafe.desktop
E: passwordsafe: dir-or-file-in-tmp tmp/pwsafe.png


  • Andrew Rakowski

    Andrew Rakowski - 2011-10-11

    Just as a follow up, this same error occurs on the i686 version as well. I would post a screen shot, but it looks identical (other than home directory path).

    It looks like the postinst script runs xdg-icon-resource and xdg-desktop-menu commands to install these files, followed by a rm to remove them. Lintian doesn't like that (http://lintian.debian.org/tags/dir-or-file-in-tmp.html), and there is a potential for a nefarious person to pre-position files / links with those names to attempt overwrites or deletions of other files.

    I don't know what the correct method is (perhaps use a temp directory in the install user's home directory?), but I suspect many Debian / Ubuntu packages do this in some safer fashion, and that method should be used.

    In any case, thanks for working on passwordsafe - I use it everywhere. -ar


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks