2022-08-08 18:06:45 +00:00
|
|
|
# Keep matching patterns enough not to hide unintended errors and warnings.
|
|
|
|
|
|
|
|
# There is no way to implement this with `%{SOURCE0}` without `%{_sourcedir}`.
|
|
|
|
# The order in the .spec file could be possibly different.
|
|
|
|
addFilter(r'ruby\.(spec|src):20: E: use-of-RPM_SOURCE_DIR$')
|
|
|
|
|
|
|
|
# The used version is not obvious.
|
|
|
|
addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-build_assert\)$')
|
|
|
|
addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-check_type\)$')
|
|
|
|
addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-container_of\)$')
|
|
|
|
addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-list\)$')
|
|
|
|
|
|
|
|
# The template files do not have to have executable bits.
|
|
|
|
addFilter(r'^rubygem-bundler\.noarch: E: non-executable-script /usr/share/gems/gems/bundler-[\d\.]+/lib/bundler/templates/[\w/\.]+ 644 /usr/bin/env ')
|
2023-07-11 09:48:10 +00:00
|
|
|
# The template files can have /usr/bin/env
|
|
|
|
addFilter(r'^rubygem-bundler\.noarch: E: wrong-script-interpreter /usr/share/gems/gems/bundler-[\d\.]+/lib/bundler/templates/[\w/\.]+ /usr/bin/env ')
|
|
|
|
|
|
|
|
# Just a test script.
|
|
|
|
addFilter(r'^rubygem-rss\.noarch: E: wrong-script-interpreter /usr/share/gems/gems/rss-[\d\.]+/test/[\w\-\.]+ /usr/bin/env ')
|
2022-08-08 18:06:45 +00:00
|
|
|
|
|
|
|
# The bundled gem files permissions are overridden as 644 by `make install`.
|
|
|
|
# https://bugs.ruby-lang.org/issues/17840
|
2023-07-11 09:48:10 +00:00
|
|
|
# https://github.com/rubygems/rubygems/issues/5255
|
|
|
|
# https://github.com/ruby/debug/pull/481
|
|
|
|
# https://github.com/ruby/net-ftp/pull/12
|
|
|
|
# https://github.com/ruby/net-imap/pull/53
|
|
|
|
# https://github.com/ruby/net-pop/pull/7
|
|
|
|
# https://github.com/ruby/prime/pull/16
|
|
|
|
addFilter(r'^.*: E: non-executable-script /usr/share/gems/gems/(debug|net-(ftp|imap|pop)|prime)-[\d\.]+/bin/\w+ 644 ')
|
|
|
|
addFilter(r'^.*: E: wrong-script-interpreter /usr/share/gems/gems/(debug|net-(ftp|imap|pop)|prime)-[\d\.]+/bin/\w+ /usr/bin/env')
|
|
|
|
|
|
|
|
# Ruby provides API to set the cipher list.
|
|
|
|
addFilter(r'^ruby-libs\.\w+: W: crypto-policy-non-compliance-openssl /usr/lib(64)?/ruby/openssl.so SSL_CTX_set_cipher_list$')
|
|
|
|
|
|
|
|
# `gethostbyname` is part of deprecated Ruby API. There is also request to drop the API altogether:
|
|
|
|
# https://bugs.ruby-lang.org/issues/13097
|
|
|
|
# https://bugs.ruby-lang.org/issues/17944
|
|
|
|
addFilter(r'^ruby-libs\.\w+: W: binary-or-shlib-calls-gethostbyname /usr/lib(64)?/ruby/socket.so$')
|
|
|
|
|
|
|
|
# Nothing referred and no dependency information should be no problem.
|
|
|
|
# https://bugs.ruby-lang.org/issues/16558#note-2
|
|
|
|
addFilter(r'^ruby-libs\.\w+: E: shared-library-without-dependency-information /usr/lib(64)?/ruby/enc/gb2312.so$')
|
|
|
|
# Compatibility for rpmlint 1.11.
|
|
|
|
addFilter(r'^ruby-libs\.\w+: E: shared-lib-without-dependency-information /usr/lib(64)?/ruby/enc/gb2312.so$')
|
|
|
|
|
|
|
|
# These are Ruby plugins, where Ruby always load glibc prior the library.
|
|
|
|
addFilter(r'^ruby-libs\.\w+: W: library-not-linked-against-libc /usr/lib(64)?/ruby/.*.so$')
|
2022-08-08 18:06:45 +00:00
|
|
|
|
|
|
|
# The function `chroot` without using `chdir` is detected by rpmlint with the
|
|
|
|
# following message. However it looks a false positive as the `chroot` in the
|
|
|
|
# `dir.c` is just used as a Ruby binding `Dir.chroot` for the function.
|
|
|
|
#
|
2023-07-11 09:48:10 +00:00
|
|
|
# ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.N.N.N
|
2022-08-08 18:06:45 +00:00
|
|
|
# This executable appears to call chroot without using chdir to change the
|
|
|
|
# current directory. This is likely an error and permits an attacker to break
|
|
|
|
# out of the chroot by using fchdir. While that's not always a security issue,
|
|
|
|
# this has to be checked.
|
|
|
|
addFilter(r'^ruby-libs\.\w+: E: missing-call-to-chdir-with-chroot /usr/lib(64)?/libruby.so.[\d/.]+$')
|
|
|
|
|
2023-07-11 09:48:10 +00:00
|
|
|
# Rake ships some examples.
|
|
|
|
addFilter(r'^rubygem-rake.noarch: W: devel-file-in-non-devel-package /usr/share/gems/gems/rake-[\d\.]+/doc/example/\w+.c$')
|
|
|
|
|
|
|
|
# Some executables don't have their manual pages. Is it worth of use help2man?
|
|
|
|
addFilter(r'^.+: W: no-manual-page-for-binary (bundler|gem|rbs|rdbg|rdoc|ruby-mri|typeprof)$')
|
|
|
|
|
|
|
|
# Default gems does not come with any documentation.
|
|
|
|
addFilter(r'^rubygem-(bigdecimal|io-console|json|psych)\.\w+: W: no-documentation$')
|
|
|
|
|
|
|
|
# rubygems-devel ships only RPM macros and generators. Their placement is given
|
|
|
|
# by RPM and can't be modified.
|
|
|
|
addFilter(r'rubygems-devel.noarch: W: only-non-binary-in-usr-lib$')
|
|
|
|
|
|
|
|
# The empty gem.build_complete file is false positive. This error is gone in rpmlint 2.0+.
|
|
|
|
# https://github.com/rpm-software-management/rpmlint/commit/e34ce874f27d733628f51c9884ac951af072bed2
|
|
|
|
addFilter(r'^ruby(gem)?-(bigdecimal|bundled-gems|io-console|json|psych|rbs)\.\w+: E: zero-length /usr/lib(64)?/gems/ruby/.*/gem.build_complete')
|