rpms/rpmlint
7
0
Fork 0
Code Issues Pull Requests Releases Activity

2.0.0

Browse Source
This commit is contained in:
Tom spot Callaway 2021-06-03 14:59:34 -04:00
parent 65f8e57bd5
commit 096bf89341
12 changed files with 745 additions and 302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

355
fedora.toml Normal file
View File

@ -0,0 +1,355 @@
# Fedora's configuration for the rpmlint utility.
# When checking that various files that should be compressed are
# indeed compressed, look for this filename extension
CompressExtension = "gz"
# simple error is enough; warnings are fine
BadnessThreshold = -1
# Whether to allow packaging kernel modules in non-kernel packages.
KernelModuleRPMsOK = false
# Maximum allowed line length for Summary and Description tags
MaxLineLength = 80
# Assumed default version of Python if one cannot be determined from files
# FIXME this should be sys.version[:3] but I have no idea how to implement it
# here without changing it every other release
PythonDefaultVersion = ""
# Regexp string with expected suffix in Release tags.
ReleaseExtension = '\.(fc|rhe?l|el)\d+(?=\.|$)'
# Whether to want default start/stop runlevels specified in init scripts
UseDefaultRunlevels = false
ValidSrcPerms = [
"0o644",
"0o664",
]
# List of directories considered to be system default library search paths.
SystemLibPaths = [
"/lib",
"/usr/lib",
"/lib64",
"/usr/lib64",
]
# Enabled checks for the rpmlint to be run (besides the default set)
Checks = [
"BashismsCheck",
"PAMModulesCheck",
"TmpFilesCheck",
"SysVInitOnSystemdCheck",
"SharedLibraryPolicyCheck",
]
# Interpreters whose scriptlets are allowed to be empty
ValidEmptyShells = [
"/usr/sbin/ldconfig",
]
# Package scriptlet interpreters
ValidShells = [
"<lua>",
"/usr/bin/sh",
"/usr/bin/bash",
"/usr/sbin/ldconfig",
"/usr/bin/perl",
"/usr/bin/python",
"/usr/bin/python3",
]
Filters = [
# FIXME - the commented lines are from openSUSE config
# Are they relevant for Fedora too?
# PR which enables them or remove them is welcome
## Stuff autobuild takes care about
# '.*invalid-version.*',
# '.*invalid-packager.*',
'.*not-standard-release-extension.*',
# '.*invalid-buildhost.*',
'.*executable-in-library-package.*',
'.*non-versioned-file-in-library-package.*',
# '.*shlib-policy-name-error.*',
# '.*hardcoded-path-in-buildroot-tag.*',
'.*no-buildroot-tag.*',
# '.*cross-directory-hard-link.*',
# Do not validate package rpm groups
'.*devel-package-with-non-devel-group.*',
'.*no-group-tag.*',
'.*non-standard-group.*',
# Output filters
# '.*spurious-bracket-in-.*',
# '.*one-line-command-in-.*',
# ' dir-or-file-in-opt ', # handled by CheckFilelist.py
# ' dir-or-file-in-usr-local ', # handled by CheckFilelist.py
' non-standard-dir-in-usr ', # handled by CheckFilelist.py
' no-signature',
# ' symlink-crontab-file', #bnc591431
# ' without-chkconfig',
# 'unstripped-binary-or-object.*\.ko',
# ' no-chkconfig',
# ' subsys-not-used',
# ' dangerous-command.*',
# ' setuid-binary.*',
# 'subdir-in-bin /sbin/conf.d/',
# '.* nss_db non-standard-dir-in-var db',
# 'non-standard-dir-in-usr openwin',
# 'ibcs2 non-standard-dir-in-usr i486-sysv4',
# 'shlibs5 non-standard-dir-in-usr i486-linux-libc5',
# 'explicit-lib-dependency libtool',
#
## Filesystem package needs special exceptions
# '^filesystem\..*: dir-or-file-in-var-run',
# '^filesystem\..*: dir-or-file-in-var-lock',
# '^filesystem\..*: dir-or-file-in-var-tmp',
# '^filesystem\..*: dir-or-file-in-var-run',
# '^filesystem\..*: dir-or-file-in-var-lock',
# '^filesystem\..*: dir-or-file-in-usr-tmp',
# '^filesystem\..*: dir-or-file-in-tmp',
# '^filesystem\..*: dir-or-file-in-mnt',
# '^filesystem\..*: dir-or-file-in-home',
# '^filesystem\..*: hidden-file-or-dir /root/.gnupg',
# '^filesystem\..*: hidden-file-or-dir /root/.gnupg',
# '^filesystem\..*: hidden-file-or-dir /etc/skel/.config',
# '^filesystem\..*: hidden-file-or-dir /etc/skel/.local',
# '^filesystem\..*: hidden-file-or-dir /tmp/.X11-unix',
# '^filesystem\..*: hidden-file-or-dir /tmp/.ICE-unix',
# '^filesystem\..*: hidden-file-or-dir /etc/skel/.fonts',
# '^filesystem\..*: filelist-forbidden-fhs23',
# '^filesystem\..*: filelist-forbidden-opt',
# '^filesystem\..*: non-standard-uid /var/lib/nobody nobody',
# '^filesystem\..*: missing-dependency-to-cron',
## has arch specific dirs in /usr
# '^filesystem\..*: no-binary',
#
## Suppress any errors about internal packages
# '^qa\S+: [EWI]:',
# '^\S*(?:INTERNAL|internal)\.\S+: [EWI]:',
#
## Exceptions for devel-files
# 'devel-file-in-non-devel-package.*/boot/vmlinuz-.*autoconf.h',
# 'devel-file-in-non-devel-package.*/usr/src/linux-',
# 'devel-file-in-non-devel-package.*/usr/share/systemtap',
# '-(?:examples|doc)\.\S+: \w: devel-file-in-non-devel-package',
# 'java\S+-demo\.\S+: \w: devel-file-in-non-devel-package',
# 'avr-libc\.\S+: \w: devel-file-in-non-devel-package',
# 'cross-.*devel-file-in-non-devel-package',
# 'cmake.*devel-file-in-non-devel-package',
# 'gcc\d\d.*devel-file-in-non-devel-package',
# 'OpenOffice_org-sdk\.\S+: \w: devel-file-in-non-devel-package',
# 'wnn-sdk\.\S+: \w: devel-file-in-non-devel-package',
# 'ocaml\.\S+: \w: devel-file-in-non-devel-package',
# 'xorg-x11-server-sdk\.\S+: \w: devel-file-in-non-devel-package',
# 'linux-kernel-headers\.\S+: \w: devel-file-in-non-devel-package',
# ' devel-file-in-non-devel-package.*-config',
# 'libtool\.\S+: \w: devel-file-in-non-devel-package',
# 'sdb.* dangling-relative-symlink /usr/share/doc/sdb/.*/gifs ../gifs',
# 'kernel-modules-not-in-kernel-packages',
#
## SUSE kmp's don't need manual depmod (bnc#456048)
# 'module-without-depmod-postin',
# 'postin-with-wrong-depmod',
# 'module-without-depmod-postun',
# 'postun-with-wrong-depmod',
# 'configure-without-libdir-spec',
# 'conffile-without-noreplace-flag /etc/init.d',
# 'use-of-RPM_SOURCE_DIR',
# 'use-tmp-in-',
# 'symlink-contains-up-and-down-segments /var/lib/named',
# 'no-ldconfig-symlink',
# 'aaa_base\.\S+: \w: use-of-home-in-%post',
# 'description-line-too-long',
'hardcoded-library-path',
#
## Doesn't seem to make sense
# 'invalid-ldconfig-symlink',
# 'invalid-soname',
# 'library-not-linked-against-libc',
# 'only-non-binary-in-usr-lib',
'outside-libdir-files',
#
## We want these files
# ' perl-temp-file ',
# ' hidden-file-or-dir .*/\.packlist',
# ' hidden-file-or-dir .*/\.directory',
# 'perl-.*no-binary',
' no-major-in-name ',
#
## We check for that already
# 'dangling-relative-symlink',
' lib-package-without-%mklibname',
' requires-on-release',
# ' non-executable-script /etc/profile.d/',
# ' non-executable-script /var/adm/fillup-templates/',
# ' init-script-name-with-dot ',
# '.* statically-linked-binary /sbin/ldconfig',
# '.* statically-linked-binary /sbin/init',
# 'valgrind.* statically-linked-binary',
# 'ldconfig-post.*/ddiwrapper/wine/',
# 'glibc\.\S+: \w: statically-linked-binary /usr/sbin/glibc_post_upgrade',
' symlink-should-be-relative ',
# ' binary-or-shlib-defines-rpath .*ORIGIN',
# 'libzypp.*shlib-policy-name-error.*libzypp',
# 'libtool.*shlib-policy.*',
#
## Stuff that is currently too noisy, but might become relevant in the future
# ' prereq-use',
# ' file-not-utf8',
# ' tag-not-utf8',
# ' setup-not-quiet',
# ' mixed-use-of-spaces-and-tabs ',
# ' prereq-use ',
#
## An issue with OBS, works with autobuild
' no-packager-tag',
# ' unversioned-explicit-provides ',
# ' unversioned-explicit-obsoletes ',
# ' service-default-enabled ',
# ' non-standard-dir-perm ',
# ' conffile-without-noreplace-flag ',
# ' non-standard-executable-perm ',
' jar-not-indexed ',
# ' uncompressed-zip ',
# ' %ifarch-applied-patch ',
# ' read-error ',
# ' init-script-without-chkconfig-postin ',
# ' init-script-without-chkconfig-preun ',
# ' postin-without-chkconfig ',
# ' preun-without-chkconfig ',
' no-dependency-on locales',
' no-dependency-on perl-base',
' no-dependency-on python-base',
' python-naming-policy-not-applied',
# FIXME does this really exists?
' perl-naming-policy-not-applied',
# ' shlib-policy-name-error',
# ' binary-or-shlib-defines-rpath',
# ' executable-marked-as-config-file',
# ' log-files-without-logrotate',
# ' hardcoded-prefix-tag',
' -debug(info|source).* no-documentation',
# ' multiple-specfiles',
# ' no-default-runlevel ',
# ' setgid-binary ',
# ' non-readable ',
' postin-without-ghost-file-creation ',
#
## Exceptions for filelist checks
# 'nfs-client\.\S+: \w: filelist-forbidden-backup-file /var/lib/nfs/sm.bak',
# 'perl\.\S+: \w: filelist-forbidden-perl-dir ',
# 'info\.\S+: \w: info-dir-file .*/usr/share/info/dir',
#
## These packages are used for CD creation and are not supposed to be
## installed. It's still a dirty hack to make an exception. The
## packages should either be built in a separate project with
## different config or file be put somewhere below /opt/suse/*
# '(?:dosutils|skelcd|installation-images|yast2-slide-show|instlux|skelcd-.*|patterns-.*)\.\S+: \w: filelist-forbidden-fhs23 /CD1',
#
## Too noisy, and usually not something downstream packagers can fix
# ' incorrect-fsf-address ',
# ' no-manual-page-for-binary ',
# ' static-library-without-debuginfo /usr/lib(?:64)?/ghc-[\d\.]+/',
#
## Many places have shorter paths
# ' non-coherent-filename ',
# Mandriva specific stuff that Fedora do not want either
' invalid-build-requires ',
# Fedora specific stuff that we don't want
' ghost-files-without-postin',
' no-provides ',
' -debuginfo.* /usr/lib/debug/',
' -debugsource.* /usr/src/debug/',
'^gpg-pubkey:',
' doc-file-dependency .* /bin/sh$',
'explicit-lib-dependency (liberation-fonts|libertas-.*-firmware|libvirt$|.*-(java|python|utils)$)',
'explicit-lib-dependency (python-.*lib.*|python2-.*lib.*|python3-.*lib.*)$',
'explicit-lib-dependency libreoffice.*$',
'dangling-\S*symlink /usr/share/doc/HTML/\S+/common .+/common$',
'hidden-file-or-dir .*/man5/\.k5login\.5[^/]+$',
'blender.+ (wrong-script-interpreter|non-executable-script) .+/blender/.+\.py.*BPY.*',
# Fedora 12 and newer no longer need a buildroot defined, to have the buildroot cleaned at the beginning
# of %install, and do not need to define a %clean section unless the default is invalid.
' no-cleaning-of-buildroot ',
# Only EL4 needs the files-attr-not-set check, because rpm 4.4 and newer no longer need a %defattr line
# (it automatically provides one).
'files-attr-not-set',
# Don't bother with the non-ghost-in-run checks, /var/lock and /var/run are
# symlinks to /run/lock and /run respectively, and /run is a tmpfs
'non-ghost-in-run',
# Someone thought it was a good idea to make .desktop files executable. They were wrong.
# Nevertheless, I do not yet control the universe, so we squelch the error here.
'script-without-shebang .*\.desktop$',
# Some files in /etc/ are not meant to be modified by the sysadmin
'non-conffile-in-etc /etc/rpm/.*$',
# Files that are intentionally not supposed to be readable
# Contains passwords
'non-readable /etc/ovirt-engine/isouploader.conf',
## Ignore webservers which are just broken.
'invalid-url .*\.googlecode\.com/.*HTTP Error 404',
'invalid-url .*\.jboss\.org/.*HTTP Error 403',
'invalid-url .*bitbucket\.org/.*HTTP Error 403',
'invalid-url .*github\.com/.*HTTP Error 403',
# Don't care about long descriptions on debuginfo packages
# They automatically include the package name and are always
# quite long.
'-debuginfo.* description-line-too-long',
# ignore "common" jargon words
# https://bugzilla.redhat.com/show_bug.cgi?id=1424684#c9
'spelling-error.* \b(runtime|Runtime|metadata|cryptographic|multi|linux|filesystem|filesystems|backend|backends|userspace|addon|wayland|Wayland|util|utils|lossless|virtualization|toolkits|libvirtd|crypto|glyphs|GStreamer|http|extensibility|codec|codecs|truetype|scalable|pluggable|pixbuf|Kerberos|customizable|bitstream|tcp|libXss|libs|libc|encodings|GLib|udev|posix|libpng|glapi|gbm|freedesktop|spi|realtime|preprocessor|libaudit|hypervisor|embeddable|distributable|devel|config|cairo|bootloader|adaptors|pragma|passphrase|malloc|libvirt|libmagic|io|datetime|boolean|argparse|py|pinentry|namespace|middleware|lowlevel|libxcb|libudev|libsoup|libgcrypt|libcom|iSCSI|initramfs|GObject|executables|dialogs|checkpolicy|bitmapped|assistive|btrfs|crypttab|defrag|dracut|hostname|luks|mountpoints|netdev|rpmnew|rpmsave|storaged|tss|unlocker)\b',
# Fedora no longer uses explicit ldconfig %post/%postun as of Fedora 28
'library-without-ldconfig-postin',
'library-without-ldconfig-postun',
# Ignore 700 dir perms here
'non-standard-dir-perm /etc/.* 700',
'non-standard-dir-perm /var/lib/.* 700',
# pip 20.2 generates PEP 376 "REQUESTED" marker (empty)
'zero-length .+/site-packages/.+\.dist-info/REQUESTED\b',
# py.typed files are empty
'zero-length .+/site-packages/.+/py\.typed\b',
# https://bugzilla.redhat.com/496737, https://bugzilla.redhat.com/646455
'coreutils.* (setuid-binary|non-standard-executable-perm) /bin/su (root )?04',
'krb5-workstation.* (setuid-binary|non-standard-executable-perm) /usr/kerberos/bin/ksu (root )?04',
'passwd.* (setuid-binary|non-standard-executable-perm) /usr/bin/passwd (root )?04',
'sudo.* (setuid-binary|non-standard-executable-perm) /usr/bin/sudo(edit)? (root )?04',
'upstart.* (setuid-binary|non-standard-executable-perm) /sbin/initctl (root )?04',
'usermode.* (setuid-binary|non-standard-executable-perm) /usr/sbin/userhelper (root )?04',
## Bash completion files are not scripts, do not require them marked as %config
# 'W: non-conffile-in-etc /etc/bash_completion.d/',
#
# Info uses file triggers now (boo#1152169)
' info-files-without-install-info-postin',
' info-files-without-install-info-postun ',
' postin-without-install-info ',
]
[DanglingSymlinkExceptions."/usr/share/doc/licenses/"]
path = "/usr/share/doc/licenses/"
name = "licenses"
[DanglingSymlinkExceptions."consolehelper$"]
path = "consolehelper$"
name = "usermode"
[DanglingSymlinkExceptions."consolehelper-gtk$"]
path = "consolehelper-gtk$"
name = "usermode-gtk"
[Descriptions]
non-standard-uid = '''A file in this package is owned by an unregistered user id.
To register the user, please make a pull request to the rpmlint config file
configs/Fedora/fedora.toml in the rpmlint repository.
'''
non-standard-gid = '''A file in this package is owned by an unregistered group id.
To register the group, please make a pull request to the rpmlint config file
configs/Fedora/fedora.toml in the rpmlint repository.
'''
no-changelogname-tag = '''There is no changelog. Please insert a '%changelog' section heading in your
spec file and prepare your changes file using e.g. the 'osc vc' command.'''

314
licenses.toml Normal file
View File

@ -0,0 +1,314 @@
# taken from Fedora's rpmlint 1.11
# FIXME should be revisited and updated
# Package scriptlet interpreters
ValidLicenses = [
# These are the short names for all of the Fedora approved licenses.
# The master list is kept here: http://fedoraproject.org/wiki/Licensing
# Last synced with revision "2.53, May 27, 2021" of that page.
# Note that Bcotton is no longer bumping revision.
'0BSD',
'AAL',
'Abstyles',
'Adobe',
'ADSL',
'AFL',
'Afmparse',
'AGPLv1',
'AGPLv3',
'AGPLv3+',
'AGPLv3 with exceptions',
'AMDPLPA',
'AML',
'AMPAS BSD',
'ANTLR-PD',
'APAFML',
'App-s2p',
'APSL 2.0',
'ARL',
'Array',
'Artistic 2.0',
'Artistic clarified',
'ASL 1.0',
'ASL 1.1',
'ASL 2.0',
'Bahyph',
'Barr',
'Beerware',
'BeOpen',
'Bibtex',
'BitTorrent',
'Boost',
'Borceux',
'BSD',
'BSD-2-Clause-Patent',
'BSD Protection',
'BSD with advertising',
'BSD with attribution',
'CATOSL',
'CC0',
'CeCILL',
'CeCILL-B',
'CeCILL-C',
'CDDL-1.0',
'CDDL-1.1',
'CNRI',
'Condor',
'Copyright only',
'CPAL',
'CPL',
'CPM',
'CRC32',
'Crossword',
'Crystal Stacker',
'Cube',
'diffmark',
'DMIT',
'DOC',
'Dotseqn',
'DSDP',
'dvipdfm',
'DWPL',
'ECL 1.0',
'ECL 2.0',
'eCos',
'EFL 2.0',
'eGenix',
'Entessa',
'EPICS',
'EPL-1.0',
'EPL-2.0',
'ERPL',
'EU Datagrid',
'EUPL 1.1',
'EUPL 1.2',
'Eurosym',
'Fair',
'FDK-AAC',
'FSFAP',
'FSFUL',
'FSFULLR',
'FTL',
'Giftware',
'GL2PS',
'Glide',
'Glulxe',
'gnuplot',
'GPL+',
'GPL+ or Artistic',
'GPL+ with exceptions',
'GPLv1',
'GPLv2 or Artistic',
'GPLv2+ or Artistic',
'GPLv2',
'GPLv2 with exceptions',
'GPLv2+',
'GPLv2+ with exceptions',
'GPLv3',
'GPLv3 with exceptions',
'GPLv3+',
'GPLv3+ with exceptions',
'HaskellReport',
'HSRL',
'IBM',
'IJG',
'ImageMagick',
'iMatix',
'Imlib2',
'Inner-Net',
'Intel ACPI',
'Interbase',
'ISC',
'Jabber',
'JasPer',
'JPython',
'Julius',
'Knuth',
'Latex2e',
'LBNL BSD',
'Leptonica',
'LGPLv2',
'LGPLv2 with exceptions',
'LGPLv2+',
'LGPLv2+ or Artistic',
'LGPLv2+ with exceptions',
'LGPLv3',
'LGPLv3 with exceptions',
'LGPLv3+',
'LGPLv3+ with exceptions',
'Lhcyr',
'libtiff',
'LLGPL',
'Logica',
'LOSLA',
'LPL',
'LPPL',
'MakeIndex',
'mecab-ipadic',
'midnight',
'Minpack',
'MirOS',
'MIT',
'MIT-0',
'MITNFA',
'MIT with advertising',
'mod_macro',
'Motosoto',
'MPLv1.0',
'MPLv1.1',
'MPLv2.0',
'MS-PL',
'MS-RL',
'MTLL',
'Mup',
'Naumen',
'NCSA',
'NetCDF',
'Netscape',
'Newmat',
'Newsletr',
'NGPL',
'NISTSL',
'NLPL',
'Nmap',
'Nokia',
'NOSL',
'Noweb',
'OGL',
'OML',
'OpenLDAP',
'OpenPBS',
'OpenSSL',
'OReilly',
'OSL 1.0',
'OSL 1.1',
'OSL 2.0',
'OSL 2.1',
'OSL 3.0',
'Par',
'Phorum',
'PHP',
'PlainTeX',
'Plexus',
'PostgreSQL',
'psfrag',
'psutils',
'Public Domain',
'Python',
'Qhull',
'QPL',
'radvd',
'Rdisc',
'REX',
'RiceBSD',
'Romio',
'RPSL',
'RSA',
'Rsfs',
'Ruby',
'Saxpath',
'Sequence',
'SCEA',
'SCRIP',
'Sendmail',
'Sleepycat',
'SISSL',
'SLIB',
'SNIA',
'softSurfer',
'SPL',
'STMPL',
'SWL',
'TCGL',
'TCL',
'Teeworlds',
'TGPPL',
'TGPPL with exceptions',
'Threeparttable',
'TMate',
'Tolua',
'TORQUEv1.1',
'TOSL',
'TPDL',
'TPL',
'TTWL',
'Tumbolia',
'UCAR',
'UCD',
'Unicode',
'Unlicense',
'UPL',
'Vim',
'VNLSL',
'VOSTROM',
'VSL',
'W3C',
'Webmin',
'Wsuipa',
'WTFPL',
'wxWidgets',
'wxWindows',
'Xerox',
'xinetd',
'xpp',
'XSkat',
'YPLv1.1',
'Zed',
'Zend',
'zlib',
'zlib with acknowledgement',
'ZPLv1.0',
'ZPLv2.0',
'ZPLv2.1',
# Documentation licenses
'CDL',
'FBSDDL',
'GFDL',
'IEEE',
'LDPL',
'OFSFDL',
'Open Publication',
'Public Use',
'Verbatim',
# Content licenses
'CC-BY',
'CC-BY-ND',
'CC-BY-SA',
'DL-DE-BY',
'DMTF',
'DSL',
'EFML',
'Free Art',
'GeoGratis',
'Green OpenMusic',
'OAL',
'Ouverte',
'PDDL-1.0',
# Font licenses
'AMS',
'Arphic',
'AHFL',
'Baekmuk',
'Bitstream Vera',
'Charter',
'DoubleStroke',
'ec',
'Elvish',
'Hershey',
'HOFL',
'IPA',
'Liberation',
'Lucida',
'MgOpen',
'mplus',
'OFL',
'PTFL',
'Punknova',
'STIX',
'Utopia',
'Wadalab',
'XANO',
# Others
'Redistributable, no modification permitted',
'Freely redistributable without restriction',
]

38
rpmlint-1.10-suppress-locale-error.patch
View File

@ -1,38 +0,0 @@
From 30290f021b58d381ce2baaa393a4902fb69e624a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Sun, 10 Mar 2019 11:54:59 +0100
Subject: [PATCH] Suppress errors when setting LC_COLLATE, the problem is not
fatal
Fixes https://github.com/rpm-software-management/rpmlint/issues/198
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1668400
---
rpmlint | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/rpmlint b/rpmlint
index dd835ba..cc8f327 100755
--- a/rpmlint
+++ b/rpmlint
@@ -9,6 +9,7 @@
# the checks.
#############################################################################
+import contextlib
import getopt
import glob
import locale
@@ -89,7 +90,9 @@ def loadCheck(name):
#############################################################################
def main():
- locale.setlocale(locale.LC_COLLATE, '')
+ # we'll try to sort with locale settings, but we don't fail if not possible
+ with contextlib.suppress(locale.Error):
+ locale.setlocale(locale.LC_COLLATE, '')
# Add check dirs to the front of load path
sys.path[0:0] = Config.checkDirs()
--
2.20.1

16
rpmlint-1.11-libc-warnings.patch
View File

@ -1,16 +0,0 @@
diff -up rpmlint-rpmlint-1.11/BinariesCheck.py.libcwarn rpmlint-rpmlint-1.11/BinariesCheck.py
--- rpmlint-rpmlint-1.11/BinariesCheck.py.libcwarn 2020-06-16 10:51:01.531299081 -0400
+++ rpmlint-rpmlint-1.11/BinariesCheck.py 2020-06-16 10:51:18.978910827 -0400
@@ -557,10 +557,10 @@ class BinariesCheck(AbstractCheck.Abstra
if not found_libc:
if is_shobj:
- printError(pkg, 'library-not-linked-against-libc',
+ printWarning(pkg, 'library-not-linked-against-libc',
fname)
else:
- printError(pkg, 'program-not-linked-against-libc',
+ printWarning(pkg, 'program-not-linked-against-libc',
fname)
if bin_info.stack:

13
rpmlint-1.11-no-python-macro.patch
View File

@ -1,13 +0,0 @@
diff --git a/TagsCheck.py b/TagsCheck.py
index 4e32520..a30b485 100644
--- a/TagsCheck.py
+++ b/TagsCheck.py
@@ -437,7 +437,7 @@ oldest_changelog_timestamp = calendar.timegm(time.strptime("1995-01-01", "%Y-%m-
private_so_paths = set()
for path in ('%perl_archlib', '%perl_vendorarch', '%perl_sitearch',
- '%python_sitearch', '%python2_sitearch', '%python3_sitearch',
+ '%python2_sitearch', '%python3_sitearch',
'%ruby_sitearch', '%php_extdir'):
epath = rpm.expandMacro(path)
if epath and epath != path:

34
rpmlint-1.11-rpm4.15.patch
View File

@ -1,34 +0,0 @@
From 8fd904b53c028dded0b308ee95f1a5ff998584fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Thu, 4 Jul 2019 00:31:49 +0200
Subject: [PATCH] Ugly workaround for RPM 4.14 vs 4.15 python3 bindings
incompatibility
Fixes https://github.com/rpm-software-management/rpmlint/issues/202
---
Pkg.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/Pkg.py b/Pkg.py
index 8d01f301..1b257716 100644
--- a/Pkg.py
+++ b/Pkg.py
@@ -143,8 +143,17 @@ def is_utf8(fname):
def is_utf8_bytestr(s):
+ """Returns True whether the given text is UTF-8.
+ Due to changes in rpm, needs to handle both bytes and unicode."""
try:
- s.decode('UTF-8')
+ if hasattr(s, 'decode'):
+ s.decode('utf-8')
+ elif hasattr(s, 'encode'):
+ s.encode('utf-8')
+ else:
+ unexpected = type(s).__name__
+ raise TypeError(
+ 'Expected str/unicode/bytes, not {}'.format(unexpected))
except UnicodeError:
return False
return True

48
rpmlint-1.11-use-proper-folder-_sourcedir-for-spec-files.patch
View File

@ -1,48 +0,0 @@
From 8b7bcfad4fa8ee2577210f9e03c093d4e127b6fd Mon Sep 17 00:00:00 2001
From: Martin Liska <mliska@suse.cz>
Date: Tue, 11 May 2021 09:43:03 +0200
Subject: [PATCH] Use proper folder _sourcedir for spec files.
Fixes #632.
---
SpecCheck.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/SpecCheck.py b/SpecCheck.py
index 6b74e7f..bf21ed8 100644
--- a/SpecCheck.py
+++ b/SpecCheck.py
@@ -9,6 +9,7 @@
import re
import sys
+from pathlib import Path
try:
from urlparse import urlparse
except ImportError: # Python 3
@@ -155,6 +156,7 @@ class SpecCheck(AbstractCheck.AbstractCheck):
def check_spec(self, pkg, spec_file, spec_lines=None):
self._spec_file = spec_file
+ self._spec_file_dir = str(Path(self._spec_file).parent)
spec_only = isinstance(pkg, Pkg.FakePkg)
if not spec_lines:
spec_lines = Pkg.readlines(spec_file)
@@ -553,7 +555,7 @@ class SpecCheck(AbstractCheck.AbstractCheck):
# capture and print them nicely, so we do it once each way :P
out = Pkg.getstatusoutput(
- ('rpm', '-q', '--qf=', '-D', '_sourcedir %s' % pkg.dirName(), '--specfile', self._spec_file))
+ ('rpm', '-q', '--qf=', '-D', '_sourcedir %s' % self._spec_file_dir, '--specfile', self._spec_file))
parse_error = False
for line in out[1].splitlines():
# No such file or dir hack: https://bugzilla.redhat.com/487855
@@ -566,7 +568,7 @@ class SpecCheck(AbstractCheck.AbstractCheck):
# them with macros expanded for URL checking
spec_obj = None
- rpm.addMacro('_sourcedir', pkg.dirName())
+ rpm.addMacro('_sourcedir', self._spec_file_dir)
try:
ts = rpm.TransactionSet()
spec_obj = ts.parseSpec(self._spec_file)

191
rpmlint.spec
View File

@ -1,175 +1,62 @@
%if 0%{?fedora} || 0%{?rhel} > 7
%bcond_without python3
%else
%bcond_with python3
%endif
# Disable automatic compilation of Python files in /usr/share/rpmlint
%global _python_bytecompile_extra 0
%if %{with python3}
%global python %{__python3}
%global pytest pytest-3
%else
%global python %{__python2}
%global pytest py.test
%endif
# linitng is flaky, so we fake it
%global flake8 true
Name: rpmlint
Version: 1.11
Release: 17%{?dist}
Summary: Tool for checking common errors in RPM packages
License: GPLv2
URL: https://github.com/rpm-software-management/rpmlint
Source0: %{url}/archive/rpmlint-%{version}.tar.gz
Source1: %{name}.config
Source3: %{name}-etc.config
# https://github.com/rpm-software-management/rpmlint/pull/199
Patch199: rpmlint-1.10-suppress-locale-error.patch
# https://github.com/rpm-software-management/rpmlint/pull/212
Patch212: rpmlint-1.11-rpm4.15.patch
# Upstream changed to a warning here
# https://github.com/rpm-software-management/rpmlint/pull/363
# This patch does the same on the 1.11 code
Patch213: rpmlint-1.11-libc-warnings.patch
# Don't use the %%python_sitelib macro, because it errors
# See https://fedoraproject.org/wiki/Changes/PythonMacroError
Patch214: rpmlint-1.11-no-python-macro.patch
# Use proper folder _sourcedir for spec files
# https://bugzilla.redhat.com/1959363
# https://github.com/rpm-software-management/rpmlint/pull/633
Patch215: rpmlint-1.11-use-proper-folder-_sourcedir-for-spec-files.patch
BuildArch: noarch
BuildRequires: make
%if %{with python3}
BuildRequires: python3-devel
BuildRequires: python3-rpm >= 4.4.2.2
BuildRequires: python3-pytest
#BuildRequires: python3-flake8-import-order
Requires: python3
Requires: python3-rpm >= 4.4.2.2
%else
BuildRequires: python >= 2.6
BuildRequires: rpm-python >= 4.4.2.2
BuildRequires: pytest
#BuildRequires: python2-flake8-import-order
Requires: python >= 2.6
Requires: rpm-python >= 4.4.2.2
%endif
BuildRequires: sed >= 3.95
%if ! 0%{?rhel}
# no bash-completion for RHEL
BuildRequires: bash-completion
%endif
# python-magic and python-enchant are actually optional dependencies, but
# they bring quite desirable features.
%if %{with python3}
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
Requires: python3-file-magic
BuildRequires: python3-file-magic
%else
Requires: python3-magic
BuildRequires: python3-magic
%endif
Requires: python3-enchant
%else
%if 0%{?rhel} == 7
# RHEL 6 has 5.04
Requires: python-magic > 5.05
BuildRequires: python-magic > 5.05
Requires: python-enchant
%endif
%endif
Requires: /usr/bin/appstream-util
Requires: /usr/bin/cpio
Requires: /usr/bin/bzip2
Requires: /usr/bin/desktop-file-validate
BuildRequires: /usr/bin/desktop-file-validate
Requires: /usr/bin/groff
Requires: /usr/bin/gtbl
Requires: /usr/bin/man
Requires: /usr/bin/perl
BuildRequires: /usr/bin/perl
Requires: /usr/bin/readelf
Requires: /usr/bin/xz
Name: rpmlint
Version: 2.0.0
Release: 1%{?dist}
Summary: Tool for checking common errors in RPM packages
License: GPLv2
URL: https://github.com/rpm-software-management/rpmlint
Source0: %{url}/archive/%{version}/rpmlint-%{version}.tar.gz
# Taken from https://github.com/rpm-software-management/rpmlint/tree/main/configs/Fedora
Source1: fedora.toml
Source2: licenses.toml
Source3: scoring.toml
Source4: users-groups.toml
Source5: warn-on-functions.toml
BuildArch: noarch
BuildRequires: python3-devel
BuildRequires: %{py3_dist setuptools}
BuildRequires: %{py3_dist pybeam}
BuildRequires: %{py3_dist pyxdg}
BuildRequires: %{py3_dist rpm}
BuildRequires: %{py3_dist toml}
BuildRequires: %{py3_dist zstd}
# tests
BuildRequires: %{py3_dist pytest}
BuildRequires: %{py3_dist pytest-cov}
BuildRequires: %{py3_dist pytest-flake8}
BuildRequires: %{py3_dist pytest-xdist}
BuildRequires: devscripts-checkbashisms, dash, hunspell-cs, hunspell-en-US
%description
rpmlint is a tool for checking common errors in RPM packages. Binary
and source packages as well as spec files can be checked.
%prep
%setup -q -n %{name}-%{name}-%{version}
%if %{with python3}
%patch199 -p1
%patch212 -p1
%patch213 -p1
%patch214 -p1
%patch215 -p1
sed -i 's|1.10|%{version}|g' Makefile
%if 0%{?fedora} >= 31 || 0%{?rhel} >= 9
# TODO, take upstream (RPM 4.15 related)
sed -i "s/'wb'/'w'/" PostCheck.py
%endif
%endif
sed -i -e /MenuCheck/d Config.py
cp -p config config.example
install -pm 644 %{SOURCE3} config
%setup -q -n %{name}-%{version}
%build
make COMPILE_PYC=1 PYTHON=%{python}
%py3_build
%install
touch rpmlint.pyc rpmlint.pyo # just for the %%exclude to work everywhere
make install DESTDIR=$RPM_BUILD_ROOT ETCDIR=%{_sysconfdir} MANDIR=%{_mandir} \
LIBDIR=%{_datadir}/rpmlint BINDIR=%{_bindir} PYTHON=%{python}
install -pm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/rpmlint/config
%if 0%{?rhel}
rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
%endif
%py3_install
mkdir -p %{buildroot}%{_sysconfdir}/xdg/rpmlint/
cp -a %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{buildroot}%{_sysconfdir}/xdg/rpmlint/
%check
%if 0%{?rhel} == 6
# EPEL6 pytest doesn't support -k, so we sed the test names to skip them
# TestPythonBytecodeMtime.test_pyc_mtime/magic_from_chunk has 2.6 incompatible code
sed -i 's/test_pyc_m/xxx_pyc_m/' test/test_files.py
# TestSourceCheck.test_inconsistent_file_extension only works with magic >= 5.05
sed -i 's/test_inconsistent_file_extension/xxx_inconsistent_file_extension/' test/test_sources.py
%endif
make check PYTHON=%{python} PYTEST=%{pytest} FLAKE8=%{flake8}
%pytest
%files
%license COPYING
%doc README.md config.example
%config(noreplace) %{_sysconfdir}/rpmlint/
%if 0%{?fedora}
%{_datadir}/bash-completion/
%else
%if ! 0%{?rhel}
%{_sysconfdir}/bash_completion.d/
%endif
%endif
%doc README.md
%config(noreplace) %{_sysconfdir}/xdg/rpmlint/*.toml
%{_bindir}/rpmdiff
%{_bindir}/rpmlint
%{_datadir}/rpmlint/
%{_mandir}/man1/rpmdiff.1*
%{_mandir}/man1/rpmlint.1*
%{python3_sitelib}/rpmlint*
%changelog
* Thu Jun 3 2021 Tom Callaway <spot@fedoraproject.org> - 2.0.0-1
- update to 2.0.0
* Tue May 11 2021 Todd Zullinger <tmz@pobox.com> - 1.11-17
- use proper folder _sourcedir for spec files (upstream PR#633)
Resolves: rhbz#1959363

6
scoring.toml Normal file
View File

@ -0,0 +1,6 @@
[Scoring]
# This can set how bad each error is.
# But we set BadnessThreshold to -1 so anything above 0
# is actually fatal.
# You can check configs/openSUSE/scoring.toml for more fine graded scoring.
no-group-tag = 1

2
sources
View File

@ -1 +1 @@
SHA512 (rpmlint-1.11.tar.gz) = bff01e742103fa030996e7198e58f41a4ede8ae650b4a4835dbf9c7b9edc3838f6867414cc758978ec865113caa00b19bb8189ac887f31261d541b74d2a9c51b
SHA512 (rpmlint-2.0.0.tar.gz) = f8f65ec90306bf59c0e31a8a3434477c38b8fb08aa2798b805afd57a506b00110797d514431e69dcb8dde5a54afad8606d8e1c973b8584c47cebed1420d6d61c

5
users-groups.toml Normal file
View File

@ -0,0 +1,5 @@
# generated using tools/generate-fedora-users-groups.py on 2021-03-23
StandardUsers = ['pkiuser', 'sshd', 'cyrus', 'keystone', 'squid', 'lp', 'root', 'dovecot', 'oprofile', 'ldap', 'arpwatch', 'retrace', 'vdsm', 'nut', 'hacluster', 'polkituser', 'mailman', 'saned', 'adm', 'mailnull', 'rtkit', 'postfix', 'cimsrvr', 'postgres', 'vhostmd', 'smmsp', 'dbus', 'rpcuser', 'nslcd', 'named', 'radvd', 'ntp', 'systemd-resolve', 'nova', 'tss', 'wildfly', 'ricci', 'mysql', 'apache', 'usbmuxd', 'systemd-network', 'vcsa', 'sabayon', 'quantum', 'katello', 'xfs', 'halt', 'tomcat', 'beagleindex', 'jbosson-agent', 'fax', 'haldaemon', 'pulse', 'hsqldb', 'cassandra', 'pegasus', 'clamav', 'piranha', 'mongodb', 'netdump', 'activemq', 'ovirtagent', 'bin', 'aeolus', 'sync', 'radiusd', 'rpm', 'webalizer', 'nocpulse', 'elasticsearch', 'games', 'pvm', 'wnn', 'snortd', 'privoxy', 'nscd', 'gdm', 'prelude-manager', 'cinder', 'shutdown', 'rpc', 'condor', '#systemd-journal-gateway', 'heat', 'qemu', 'myproxy', 'avahi', 'operator', 'majordomo', 'puppet', 'exim', 'sanlock', 'rhevm', 'swift', 'wallaby', 'ftp', 'ident', 'frontpage', 'ats', 'mail', 'ceilometer', 'news', 'distcache', 'ovirt', 'ceph', 'desktop', 'uucp', 'glance', 'jonas', 'haproxy', 'abrt', 'quagga', 'stap-server', 'dhcpd', 'nobody', 'luci', 'bacula', 'avahi-autoipd', 'gopher', 'tcpdump', 'daemon', 'amandabackup', 'jetty']
StandardGroups = ['pkiuser', 'sshd', 'keystone', 'squid', 'pppusers', 'kvm', 'popusers', 'lp', 'root', 'dovecot', 'oprofile', 'disk', 'ldap', 'arpwatch', 'retrace', 'nut', 'polkituser', 'audio', 'mailman', 'stapusr', 'saned', 'adm', 'mailnull', 'rtkit', 'postfix', 'utmp', 'cimsrvr', 'wheel', 'postgres', 'vhostmd', 'smmsp', 'realtime', 'kmem', 'rpcuser', 'dbus', 'screen', 'utempter', 'video', 'named', 'radvd', 'ntp', 'man', 'systemd-resolve', 'nova', 'tss', 'sys', 'cdrom', 'wildfly', 'ricci', 'mysql', 'apache', 'usbmuxd', 'jbosson', 'systemd-network', 'vcsa', 'console', 'sabayon', 'quantum', 'katello', 'haclient', 'xfs', 'tomcat', 'beagleindex', 'fax', 'haldaemon', 'systemd-journal', 'pulse', 'hsqldb', 'cassandra', 'pegasus', 'clamav', 'piranha', 'mongodb', 'netdump', 'activemq', 'ovirtagent', 'bin', 'saslauth', 'aeolus', 'radiusd', 'mem', 'rpm', 'webalizer', 'floppy', 'nocpulse', 'elasticsearch', 'games', 'pvm', 'wnn', 'tty', 'snortd', 'slipusers', 'nscd', 'gdm', 'privoxy', 'mock', 'prelude-manager', 'cinder', 'dialout', 'rpc', 'condor', '#systemd-journal-gateway', 'heat', 'qemu', 'stapsys', 'avahi', 'myproxy', 'majordomo', 'tape', 'puppet', 'exim', 'sanlock', 'rhevm', 'swift', 'wallaby', 'ftp', 'ident', 'frontpage', 'ats', 'mail', 'ceilometer', 'news', 'distcache', 'stapdev', 'users', 'ovirt', 'ceph', 'desktop', 'uucp', 'glance', 'jonas', 'postdrop', 'haproxy', 'abrt', 'quagga', 'stap-server', 'lock', 'dhcpd', 'nobody', 'wbpriv', 'luci', 'quaggavt', 'bacula', 'avahi-autoipd', 'gopher', 'wine', 'tcpdump', 'dip', 'daemon', 'slocate', 'jetty']

25
warn-on-functions.toml Normal file
View File

@ -0,0 +1,25 @@
# Additional warnings on specific function calls
[WarnOnFunction]
[WarnOnFunction.crypto-policy-non-compliance-openssl]
f_name = "SSL_CTX_set_cipher_list"
good_param = "PROFILE=SYSTEM"
description = """This application package calls a function to explicitly set crypto ciphers
for SSL/TLS. That may cause the application not to use the system-wide set
cryptographic policy and should be modified in accordance to:
https://fedoraproject.org/wiki/Packaging:CryptoPolicies"""
[WarnOnFunction.crypto-policy-non-compliance-gnutls-1]
f_name = "gnutls_priority_set_direct"
description = """This application package calls a function to explicitly set crypto ciphers
for SSL/TLS. That may cause the application not to use the system-wide set
cryptographic policy and should be modified in accordance to:
https://fedoraproject.org/wiki/Packaging:CryptoPolicies"""
[WarnOnFunction.crypto-policy-non-compliance-gnutls-2]
f_name = "gnutls_priority_init"
good_param = "SYSTEM"
description = """This application package calls a function to explicitly set crypto ciphers
for SSL/TLS. That may cause the application not to use the system-wide set
cryptographic policy and should be modified in accordance to:
https://fedoraproject.org/wiki/Packaging:CryptoPolicies"""