addFilter(r'crypto-policy-non-compliance-openssl') # Ignore generated certificates addFilter(r'non-readable /etc/unbound/unbound_control.key') addFilter(r'non-readable /etc/unbound/unbound_control.pem') addFilter(r'non-readable /etc/unbound/unbound_server.key') addFilter(r'non-readable /etc/unbound/unbound_server.pem') addFilter(r'non-standard-gid /etc/unbound/unbound_control.pem') addFilter(r'non-standard-gid /etc/unbound/unbound_control.key') addFilter(r'non-standard-gid /etc/unbound/unbound_server.pem') addFilter(r'non-standard-gid /etc/unbound/unbound_server.key') # Yes, it is indeed certificate addFilter(r'pem-certificate /etc/unbound/icannbundle.pem') # These files are intentionally replaceable. addFilter(r'conffile-without-noreplace-flag /etc/unbound/icannbundle.pem') addFilter(r'conffile-without-noreplace-flag /etc/unbound/root.key') addFilter(r'conffile-without-noreplace-flag /var/lib/unbound/root.key') # ldconfig is no longer required addFilter(r'post[iu]n-without-ldconfig /usr/lib64/libunbound.so') # Ignore unbound owned files addFilter(r'non-standard-[ug]id (/var/lib|/etc|/run)/unbound') # Ignore spelling errors addFilter(r'spelling-error %description -l en_US ep ') addFilter(r'spelling-error %description -l en_US resolvers ')