forked from rpms/openssl
Silence rpmlint false positives
capi.so is only useful on Windows, it does not matter that it does not have dependency information. The invalid URL warnings are expected for packages with hobbled source code archives. We explicitly allow the use of SSL_CTX_set_cipher_list in the openssl(1) binary. Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
parent
432cfa2baa
commit
82a6212c47
9
openssl.rpmlintrc
Normal file
9
openssl.rpmlintrc
Normal file
@ -0,0 +1,9 @@
|
||||
# capi.so is a dummy only used on Windows, it doesn't need dependency information
|
||||
addFilter("E: shared-lib(rary)?-without-dependency-information /usr/lib64/engines-3/capi.so")
|
||||
|
||||
# The sources are hobbled and thus not a valid URL. That's expected.
|
||||
addFilter("W: invalid-url Source0: openssl-[0-9\\.]+-hobbled.tar.gz")
|
||||
|
||||
# Technically this warning is correct, but in the case of the openssl binary we
|
||||
# want to allow SSL_CTX_set_cipher_list
|
||||
addFilter("W: crypto-policy-non-compliance-openssl /usr/bin/openssl SSL_CTX_set_cipher_list")
|
@ -24,6 +24,7 @@ Source: openssl-%{version}-hobbled.tar.gz
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
Source3: genpatches
|
||||
Source4: openssl.rpmlintrc
|
||||
Source6: make-dummy-cert
|
||||
Source7: renew-dummy-cert
|
||||
Source9: configuration-switch.h
|
||||
@ -388,6 +389,9 @@ install -m644 %{SOURCE9} \
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
|
||||
- Silence a few rpmlint false positives.
|
||||
|
||||
* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
|
||||
- Allow disabling SHA1 signature creation and verification.
|
||||
Set rh-allow-sha1-signatures = no to disable.
|
||||
|
Loading…
Reference in New Issue
Block a user