57 lines
4.0 KiB
Plaintext
57 lines
4.0 KiB
Plaintext
# Keep matching patterns enough not to hide unintended errors and warnings.
|
|
|
|
# There is no way to implement this with `%{SOURCE0}` without `%{_sourcedir}`.
|
|
# The order in the .spec file could be possibly different.
|
|
addFilter(r'ruby\.(spec|src):20: E: use-of-RPM_SOURCE_DIR$')
|
|
|
|
# The used version is not obvious.
|
|
addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-build_assert\)$')
|
|
addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-check_type\)$')
|
|
addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-container_of\)$')
|
|
addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-list\)$')
|
|
|
|
# The template files do not have to have executable bits.
|
|
addFilter(r'^rubygem-bundler\.noarch: E: non-executable-script /usr/share/gems/gems/bundler-[\d\.]+/lib/bundler/templates/[\w/\.]+ 644 /usr/bin/env ')
|
|
|
|
# The bundled gem files permissions are overridden as 644 by `make install`.
|
|
# https://bugs.ruby-lang.org/issues/17840
|
|
# power_assert
|
|
# https://github.com/ruby/power_assert/issues/35
|
|
addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/console 644 ')
|
|
addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/setup 644 ')
|
|
# rake
|
|
# https://github.com/ruby/rake/issues/385
|
|
addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/bundle 644 ')
|
|
addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/console 644 ')
|
|
addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rake 644 ')
|
|
addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rdoc 644 ')
|
|
addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rubocop 644 ')
|
|
addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/setup 644 ')
|
|
# rbs
|
|
# https://github.com/ruby/rbs/issues/673
|
|
addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/annotate-with-rdoc 644 ')
|
|
addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/console 644 ')
|
|
addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/query-rdoc 644 ')
|
|
addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/rbs-prof 644 ')
|
|
addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/setup 644 ')
|
|
addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/sort 644 ')
|
|
addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/steep 644 ')
|
|
addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/test_runner.rb 644 ')
|
|
# test-unit
|
|
addFilter(r'^rubygem-test-unit\.noarch: E: non-executable-script /usr/share/gems/gems/test-unit-[\d\.]+/test/run-test.rb 644 ')
|
|
|
|
# The function `chroot` without using `chdir` is detected by rpmlint with the
|
|
# following message. However it looks a false positive as the `chroot` in the
|
|
# `dir.c` is just used as a Ruby binding `Dir.chroot` for the function.
|
|
#
|
|
# ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1
|
|
# This executable appears to call chroot without using chdir to change the
|
|
# current directory. This is likely an error and permits an attacker to break
|
|
# out of the chroot by using fchdir. While that's not always a security issue,
|
|
# this has to be checked.
|
|
addFilter(r'^ruby-libs\.\w+: E: missing-call-to-chdir-with-chroot /usr/lib(64)?/libruby.so.[\d/.]+$')
|
|
|
|
# Nothing referred and no dependency information should be no problem.
|
|
# https://bugs.ruby-lang.org/issues/16558#note-2
|
|
addFilter(r'^ruby-libs\.\w+: E: shared-lib-without-dependency-information /usr/lib(64)?/ruby/enc/gb2312.so$')
|