[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-packaging
Subject:    Re: [opensuse-packaging] rpmlint status update
From:       Dave Plater <davejplater () gmail ! com>
Date:       2011-05-22 15:25:24
Message-ID: 4DD92AE4.6070904 () gmail ! com
[Download RAW message or body]

On 05/20/2011 01:39 PM, Ludwig Nussel wrote:
> Hi,
> 
> Heads up and status update from the rpmlint front.
> 
> rpmlint will soon be updated to version 1.2 in Factory. It brings
> one check that could turn out to be annoying:
> 'incorrect-fsf-address' warns about outdated or misspelled fsf
> addresses in files.  That's usually something for upstream to fix.
> We'll see how many packages it catches.
> 
> A new SUSE specific check warns about init scripts for runlevel 4.
> That runlevel is supposed to be admin defined so distro packages
> should not use it. Just remove the '4' from 'Default-Start'.
> 
> The /var/run check got accepted upstream as non-ghost-in-var-run
> (was dir-or-file-in-var-run before). I plan to mark that check fatal
> in near the future as aaa_base now actually mounts tmpfs on /var/run so
> anything in there must be created at run time. You need to create
> files in /var/run at run time and mark them as %ghost in the
> package.
> 
> Similarly 'non-ghost-in-var-lock' was introduced as /var/lock may
> use tmpfs too in the future. Packages should actually not use
> /var/lock at all. It's supposed to be only used for legacy device
> lock files (e.g. LCK..ttyS0).
> 
> The new check 'non-position-independent-executable' is a port of
> prp-pie which in turn got dropped. All setuid binaries as well as
> network facing daemons should be compiled as position independent
> executables to make exploits more difficult. The list of binaries
> where this applies is manually maintained. So if anything is missing
> please let us know.
> 
> Additionally we now have the possibility to make certain checks
> no longer filterable via package specific rpmlintrc. Initially that
> will be used for mandatory security checks. The shared library
> packaging policy is probably the next. If you are hit by this
> outside of Factory you can still get your package to build by
> setting the badness to zero ¹
> 
> cu
> Ludwig
> 
> [1] http://en.opensuse.org/openSUSE:Packaging_checks#Disarming_Fatal_Errors
> 
Just encountered the first error, it is caused by old GPLv2 licenses with an old fsf \
address. I've downloaded the license from gnu.org and  added it as a replacement.

Dave P
-- 
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-packaging+help@opensuse.org


[prev in list] [next in list] [prev in thread] [next in thread]