# Fedora's configuration for the rpmlint utility. # When checking that various files that should be compressed are # indeed compressed, look for this filename extension CompressExtension = "gz" # simple error is enough; warnings are fine BadnessThreshold = -1 # Whether to allow packaging kernel modules in non-kernel packages. KernelModuleRPMsOK = false # Maximum allowed line length for Summary and Description tags MaxLineLength = 80 # Assumed default version of Python if one cannot be determined from files # FIXME this should be sys.version[:3] but I have no idea how to implement it # here without changing it every other release PythonDefaultVersion = "" # Regexp string with expected suffix in Release tags. ReleaseExtension = '\.(fc|rhe?l|el)\d+(?=\.|$)' # Whether to want default start/stop runlevels specified in init scripts UseDefaultRunlevels = false ValidSrcPerms = [ "0o644", "0o664", ] # List of directories considered to be system default library search paths. SystemLibPaths = [ "/lib", "/usr/lib", "/lib64", "/usr/lib64", ] # Enabled checks for the rpmlint to be run (besides the default set) Checks = [ "BashismsCheck", "PAMModulesCheck", "TmpFilesCheck", "SysVInitOnSystemdCheck", "SharedLibraryPolicyCheck", ] # Interpreters whose scriptlets are allowed to be empty ValidEmptyShells = [ "/usr/sbin/ldconfig", ] # Package scriptlet interpreters ValidShells = [ "", "/usr/bin/sh", "/usr/bin/bash", "/usr/sbin/ldconfig", "/usr/bin/perl", "/usr/bin/python", "/usr/bin/python3", ] Filters = [ # FIXME - the commented lines are from openSUSE config # Are they relevant for Fedora too? # PR which enables them or remove them is welcome ## Stuff autobuild takes care about # '.*invalid-version.*', # '.*invalid-packager.*', '.*not-standard-release-extension.*', # '.*invalid-buildhost.*', '.*executable-in-library-package.*', '.*non-versioned-file-in-library-package.*', # '.*shlib-policy-name-error.*', # '.*hardcoded-path-in-buildroot-tag.*', '.*no-buildroot-tag.*', # '.*cross-directory-hard-link.*', # Do not validate package rpm groups '.*devel-package-with-non-devel-group.*', '.*no-group-tag.*', '.*non-standard-group.*', # Output filters # '.*spurious-bracket-in-.*', # '.*one-line-command-in-.*', # ' dir-or-file-in-opt ', # handled by CheckFilelist.py # ' dir-or-file-in-usr-local ', # handled by CheckFilelist.py ' non-standard-dir-in-usr ', # handled by CheckFilelist.py ' no-signature', # ' symlink-crontab-file', #bnc591431 # ' without-chkconfig', # 'unstripped-binary-or-object.*\.ko', # ' no-chkconfig', # ' subsys-not-used', # ' dangerous-command.*', # ' setuid-binary.*', # 'subdir-in-bin /sbin/conf.d/', # '.* nss_db non-standard-dir-in-var db', # 'non-standard-dir-in-usr openwin', # 'ibcs2 non-standard-dir-in-usr i486-sysv4', # 'shlibs5 non-standard-dir-in-usr i486-linux-libc5', # 'explicit-lib-dependency libtool', # ## Filesystem package needs special exceptions # '^filesystem\..*: dir-or-file-in-var-run', # '^filesystem\..*: dir-or-file-in-var-lock', # '^filesystem\..*: dir-or-file-in-var-tmp', # '^filesystem\..*: dir-or-file-in-var-run', # '^filesystem\..*: dir-or-file-in-var-lock', # '^filesystem\..*: dir-or-file-in-usr-tmp', # '^filesystem\..*: dir-or-file-in-tmp', # '^filesystem\..*: dir-or-file-in-mnt', # '^filesystem\..*: dir-or-file-in-home', # '^filesystem\..*: hidden-file-or-dir /root/.gnupg', # '^filesystem\..*: hidden-file-or-dir /root/.gnupg', # '^filesystem\..*: hidden-file-or-dir /etc/skel/.config', # '^filesystem\..*: hidden-file-or-dir /etc/skel/.local', # '^filesystem\..*: hidden-file-or-dir /tmp/.X11-unix', # '^filesystem\..*: hidden-file-or-dir /tmp/.ICE-unix', # '^filesystem\..*: hidden-file-or-dir /etc/skel/.fonts', # '^filesystem\..*: filelist-forbidden-fhs23', # '^filesystem\..*: filelist-forbidden-opt', # '^filesystem\..*: non-standard-uid /var/lib/nobody nobody', # '^filesystem\..*: missing-dependency-to-cron', ## has arch specific dirs in /usr # '^filesystem\..*: no-binary', # ## Suppress any errors about internal packages # '^qa\S+: [EWI]:', # '^\S*(?:INTERNAL|internal)\.\S+: [EWI]:', # ## Exceptions for devel-files # 'devel-file-in-non-devel-package.*/boot/vmlinuz-.*autoconf.h', # 'devel-file-in-non-devel-package.*/usr/src/linux-', # 'devel-file-in-non-devel-package.*/usr/share/systemtap', # '-(?:examples|doc)\.\S+: \w: devel-file-in-non-devel-package', # 'java\S+-demo\.\S+: \w: devel-file-in-non-devel-package', # 'avr-libc\.\S+: \w: devel-file-in-non-devel-package', # 'cross-.*devel-file-in-non-devel-package', # 'cmake.*devel-file-in-non-devel-package', # 'gcc\d\d.*devel-file-in-non-devel-package', # 'OpenOffice_org-sdk\.\S+: \w: devel-file-in-non-devel-package', # 'wnn-sdk\.\S+: \w: devel-file-in-non-devel-package', # 'ocaml\.\S+: \w: devel-file-in-non-devel-package', # 'xorg-x11-server-sdk\.\S+: \w: devel-file-in-non-devel-package', # 'linux-kernel-headers\.\S+: \w: devel-file-in-non-devel-package', # ' devel-file-in-non-devel-package.*-config', # 'libtool\.\S+: \w: devel-file-in-non-devel-package', # 'sdb.* dangling-relative-symlink /usr/share/doc/sdb/.*/gifs ../gifs', # 'kernel-modules-not-in-kernel-packages', # ## SUSE kmp's don't need manual depmod (bnc#456048) # 'module-without-depmod-postin', # 'postin-with-wrong-depmod', # 'module-without-depmod-postun', # 'postun-with-wrong-depmod', # 'configure-without-libdir-spec', # 'conffile-without-noreplace-flag /etc/init.d', # 'use-of-RPM_SOURCE_DIR', # 'use-tmp-in-', # 'symlink-contains-up-and-down-segments /var/lib/named', # 'no-ldconfig-symlink', # 'aaa_base\.\S+: \w: use-of-home-in-%post', # 'description-line-too-long', 'hardcoded-library-path', # ## Doesn't seem to make sense # 'invalid-ldconfig-symlink', # 'invalid-soname', # 'library-not-linked-against-libc', # 'only-non-binary-in-usr-lib', 'outside-libdir-files', # ## We want these files # ' perl-temp-file ', # ' hidden-file-or-dir .*/\.packlist', # ' hidden-file-or-dir .*/\.directory', # 'perl-.*no-binary', ' no-major-in-name ', # ## We check for that already # 'dangling-relative-symlink', ' lib-package-without-%mklibname', ' requires-on-release', # ' non-executable-script /etc/profile.d/', # ' non-executable-script /var/adm/fillup-templates/', # ' init-script-name-with-dot ', # '.* statically-linked-binary /sbin/ldconfig', # '.* statically-linked-binary /sbin/init', # 'valgrind.* statically-linked-binary', # 'ldconfig-post.*/ddiwrapper/wine/', # 'glibc\.\S+: \w: statically-linked-binary /usr/sbin/glibc_post_upgrade', ' symlink-should-be-relative ', # ' binary-or-shlib-defines-rpath .*ORIGIN', # 'libzypp.*shlib-policy-name-error.*libzypp', # 'libtool.*shlib-policy.*', # ## Stuff that is currently too noisy, but might become relevant in the future # ' prereq-use', # ' file-not-utf8', # ' tag-not-utf8', # ' setup-not-quiet', # ' mixed-use-of-spaces-and-tabs ', # ' prereq-use ', # ## An issue with OBS, works with autobuild ' no-packager-tag', # ' unversioned-explicit-provides ', # ' unversioned-explicit-obsoletes ', # ' service-default-enabled ', # ' non-standard-dir-perm ', # ' conffile-without-noreplace-flag ', # ' non-standard-executable-perm ', ' jar-not-indexed ', # ' uncompressed-zip ', # ' %ifarch-applied-patch ', # ' read-error ', # ' init-script-without-chkconfig-postin ', # ' init-script-without-chkconfig-preun ', # ' postin-without-chkconfig ', # ' preun-without-chkconfig ', ' no-dependency-on locales', ' no-dependency-on perl-base', ' no-dependency-on python-base', ' python-naming-policy-not-applied', # FIXME does this really exists? ' perl-naming-policy-not-applied', # ' shlib-policy-name-error', # ' binary-or-shlib-defines-rpath', # ' executable-marked-as-config-file', # ' log-files-without-logrotate', # ' hardcoded-prefix-tag', ' -debug(info|source).* no-documentation', # ' multiple-specfiles', # ' no-default-runlevel ', # ' setgid-binary ', # ' non-readable ', ' postin-without-ghost-file-creation ', # ## Exceptions for filelist checks # 'nfs-client\.\S+: \w: filelist-forbidden-backup-file /var/lib/nfs/sm.bak', # 'perl\.\S+: \w: filelist-forbidden-perl-dir ', # 'info\.\S+: \w: info-dir-file .*/usr/share/info/dir', # ## These packages are used for CD creation and are not supposed to be ## installed. It's still a dirty hack to make an exception. The ## packages should either be built in a separate project with ## different config or file be put somewhere below /opt/suse/* # '(?:dosutils|skelcd|installation-images|yast2-slide-show|instlux|skelcd-.*|patterns-.*)\.\S+: \w: filelist-forbidden-fhs23 /CD1', # ## Too noisy, and usually not something downstream packagers can fix # ' incorrect-fsf-address ', # ' no-manual-page-for-binary ', # ' static-library-without-debuginfo /usr/lib(?:64)?/ghc-[\d\.]+/', # ## Many places have shorter paths # ' non-coherent-filename ', # Mandriva specific stuff that Fedora do not want either ' invalid-build-requires ', # Fedora specific stuff that we don't want ' ghost-files-without-postin', ' no-provides ', ' -debuginfo.* /usr/lib/debug/', ' -debugsource.* /usr/src/debug/', '^gpg-pubkey:', ' doc-file-dependency .* /bin/sh$', 'explicit-lib-dependency (liberation-fonts|libertas-.*-firmware|libvirt$|.*-(java|python|utils)$)', 'explicit-lib-dependency (python-.*lib.*|python2-.*lib.*|python3-.*lib.*)$', 'explicit-lib-dependency libreoffice.*$', 'dangling-\S*symlink /usr/share/doc/HTML/\S+/common .+/common$', 'hidden-file-or-dir .*/man5/\.k5login\.5[^/]+$', 'blender.+ (wrong-script-interpreter|non-executable-script) .+/blender/.+\.py.*BPY.*', # Fedora 12 and newer no longer need a buildroot defined, to have the buildroot cleaned at the beginning # of %install, and do not need to define a %clean section unless the default is invalid. ' no-cleaning-of-buildroot ', # Only EL4 needs the files-attr-not-set check, because rpm 4.4 and newer no longer need a %defattr line # (it automatically provides one). 'files-attr-not-set', # Don't bother with the non-ghost-in-run checks, /var/lock and /var/run are # symlinks to /run/lock and /run respectively, and /run is a tmpfs 'non-ghost-in-run', # Someone thought it was a good idea to make .desktop files executable. They were wrong. # Nevertheless, I do not yet control the universe, so we squelch the error here. 'script-without-shebang .*\.desktop$', # Some files in /etc/ are not meant to be modified by the sysadmin 'non-conffile-in-etc /etc/rpm/.*$', # Files that are intentionally not supposed to be readable # Contains passwords 'non-readable /etc/ovirt-engine/isouploader.conf', ## Ignore webservers which are just broken. 'invalid-url .*\.googlecode\.com/.*HTTP Error 404', 'invalid-url .*\.jboss\.org/.*HTTP Error 403', 'invalid-url .*bitbucket\.org/.*HTTP Error 403', 'invalid-url .*github\.com/.*HTTP Error 403', # Don't care about long descriptions on debuginfo packages # They automatically include the package name and are always # quite long. '-debuginfo.* description-line-too-long', # ignore "common" jargon words # https://bugzilla.redhat.com/show_bug.cgi?id=1424684#c9 'spelling-error.* \b(runtime|Runtime|metadata|cryptographic|multi|linux|filesystem|filesystems|backend|backends|userspace|addon|wayland|Wayland|util|utils|lossless|virtualization|toolkits|libvirtd|crypto|glyphs|GStreamer|http|extensibility|codec|codecs|truetype|scalable|pluggable|pixbuf|Kerberos|customizable|bitstream|tcp|libXss|libs|libc|encodings|GLib|udev|posix|libpng|glapi|gbm|freedesktop|spi|realtime|preprocessor|libaudit|hypervisor|embeddable|distributable|devel|config|cairo|bootloader|adaptors|pragma|passphrase|malloc|libvirt|libmagic|io|datetime|boolean|argparse|py|pinentry|namespace|middleware|lowlevel|libxcb|libudev|libsoup|libgcrypt|libcom|iSCSI|initramfs|GObject|executables|dialogs|checkpolicy|bitmapped|assistive|btrfs|crypttab|defrag|dracut|hostname|luks|mountpoints|netdev|rpmnew|rpmsave|storaged|tss|unlocker)\b', # Fedora no longer uses explicit ldconfig %post/%postun as of Fedora 28 'library-without-ldconfig-postin', 'library-without-ldconfig-postun', # Ignore 700 dir perms here 'non-standard-dir-perm /etc/.* 700', 'non-standard-dir-perm /var/lib/.* 700', # pip 20.2 generates PEP 376 "REQUESTED" marker (empty) 'zero-length .+/site-packages/.+\.dist-info/REQUESTED\b', # py.typed files are empty 'zero-length .+/site-packages/.+/py\.typed\b', # https://bugzilla.redhat.com/496737, https://bugzilla.redhat.com/646455 'coreutils.* (setuid-binary|non-standard-executable-perm) /bin/su (root )?04', 'krb5-workstation.* (setuid-binary|non-standard-executable-perm) /usr/kerberos/bin/ksu (root )?04', 'passwd.* (setuid-binary|non-standard-executable-perm) /usr/bin/passwd (root )?04', 'sudo.* (setuid-binary|non-standard-executable-perm) /usr/bin/sudo(edit)? (root )?04', 'upstart.* (setuid-binary|non-standard-executable-perm) /sbin/initctl (root )?04', 'usermode.* (setuid-binary|non-standard-executable-perm) /usr/sbin/userhelper (root )?04', ## Bash completion files are not scripts, do not require them marked as %config # 'W: non-conffile-in-etc /etc/bash_completion.d/', # # Info uses file triggers now (boo#1152169) ' info-files-without-install-info-postin', ' info-files-without-install-info-postun ', ' postin-without-install-info ', ] [DanglingSymlinkExceptions."/usr/share/doc/licenses/"] path = "/usr/share/doc/licenses/" name = "licenses" [DanglingSymlinkExceptions."consolehelper$"] path = "consolehelper$" name = "usermode" [DanglingSymlinkExceptions."consolehelper-gtk$"] path = "consolehelper-gtk$" name = "usermode-gtk" [Descriptions] non-standard-uid = '''A file in this package is owned by an unregistered user id. To register the user, please make a pull request to the rpmlint config file configs/Fedora/fedora.toml in the rpmlint repository. ''' non-standard-gid = '''A file in this package is owned by an unregistered group id. To register the group, please make a pull request to the rpmlint config file configs/Fedora/fedora.toml in the rpmlint repository. ''' no-changelogname-tag = '''There is no changelog. Please insert a '%changelog' section heading in your spec file and prepare your changes file using e.g. the 'osc vc' command.'''