Hello community, here is the log from the commit of package rpmlint for openSUSE:Factory checked in at 2014-05-22 20:38:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rpmlint (Old) and /work/SRC/openSUSE:Factory/.rpmlint.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rpmlint" Changes: -------- --- /work/SRC/openSUSE:Factory/rpmlint/rpmlint.changes 2014-04-25 16:11:55.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.rpmlint.new/rpmlint.changes 2014-05-22 20:38:59.000000000 +0200 @@ -1,0 +2,22 @@ +Mon May 19 13:20:06 UTC 2014 - meissner@suse.com + +- enable org.selinux.service and org.selinux.conf of policycoreutils + (pending more review) bnc#878631 + +------------------------------------------------------------------- +Thu May 8 08:52:02 UTC 2014 - dmueller@suse.com + +- add 0001-Set-Python-3.4-magic-number-to-3310.patch (bnc#876470) + +------------------------------------------------------------------- +Tue May 6 08:05:16 UTC 2014 - lnussel@suse.de + +- dd filter expections for filesystem package + +------------------------------------------------------------------- +Mon May 5 15:17:24 UTC 2014 - lnussel@suse.de + +- disallow /var/run and /var/lock + (rpmlint-1.5-disallow-var-run-and-var-lock.diff) + +------------------------------------------------------------------- @@ -4,0 +27 @@ + New: ---- 0001-Set-Python-3.4-magic-number-to-3310.patch rpmlint-1.5-disallow-var-run-and-var-lock.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rpmlint.spec ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -128,6 +128,9 @@ Patch95: invalid-filerequires.diff Patch96: rpmlint-decode-fix.diff Patch97: rpmlint-fix-unexpanded-macros-for-array-values.patch +# PATCH-FIX-UPSTREAM: lnussel@suse.de - disallow /var/run and /var/lock +Patch98: rpmlint-1.5-disallow-var-run-and-var-lock.diff +Patch99: 0001-Set-Python-3.4-magic-number-to-3310.patch %py_requires @@ -208,6 +211,8 @@ %patch95 %patch96 -p1 %patch97 -p1 +%patch98 -p1 +%patch99 -p1 cp -p %{SOURCE2} . # Only move top-level python files chmod 0755 rpmlint-checks-master/*.py ++++++ 0001-Set-Python-3.4-magic-number-to-3310.patch ++++++
From 0929683e2544813d65ef85ae49b52ccdc6662746 Mon Sep 17 00:00:00 2001 From: Sascha Peilicke
Date: Tue, 1 Apr 2014 12:47:30 +0200 Subject: [PATCH] Set Python-3.4 magic number to 3310
This is the final magic number of the 3.4 release. --- FilesCheck.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: rpmlint-1.5/FilesCheck.py =================================================================== --- rpmlint-1.5.orig/FilesCheck.py +++ rpmlint-1.5/FilesCheck.py @@ -741,7 +741,7 @@ _python_magic_values = { '3.1': 3150, '3.2': 3180, '3.3': 3230, - '3.4': 3260, + '3.4': 3310, } def get_expected_pyc_magic(path): ++++++ config ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -613,7 +613,10 @@ "nm-openswan-service.conf", # baloo, formerly nepomuk (bnc#866131) "org.kde.baloo.filewatch.conf", - "org.kde.baloo.filewatch.service" + "org.kde.baloo.filewatch.service", + # policycoreutils new service/config (bnc#878631) + "org.selinux.service", + "org.selinux.conf" )) setOption("PAMModules.WhiteList", ( @@ -755,10 +758,31 @@ addFilter("non-standard-dir-in-usr openwin") addFilter("ibcs2 non-standard-dir-in-usr i486-sysv4") addFilter("shlibs5 non-standard-dir-in-usr i486-linux-libc5") -addFilter("filesystem dir-or-file") -addFilter("filesystem hidden-") addFilter("explicit-lib-dependency libtool") +# filesystem package needs special exceptions +addFilter("^filesystem\..*: dir-or-file-in-var-run") +addFilter("^filesystem\..*: dir-or-file-in-var-lock") +addFilter("^filesystem\..*: dir-or-file-in-var-tmp") +addFilter("^filesystem\..*: dir-or-file-in-var-run") +addFilter("^filesystem\..*: dir-or-file-in-var-lock") +addFilter("^filesystem\..*: dir-or-file-in-usr-tmp") +addFilter("^filesystem\..*: dir-or-file-in-tmp") +addFilter("^filesystem\..*: dir-or-file-in-mnt") +addFilter("^filesystem\..*: dir-or-file-in-home") +addFilter("^filesystem\..*: hidden-file-or-dir /root/.gnupg") +addFilter("^filesystem\..*: hidden-file-or-dir /root/.gnupg") +addFilter("^filesystem\..*: hidden-file-or-dir /etc/skel/.config") +addFilter("^filesystem\..*: hidden-file-or-dir /etc/skel/.local") +addFilter("^filesystem\..*: hidden-file-or-dir /tmp/.X11-unix") +addFilter("^filesystem\..*: hidden-file-or-dir /tmp/.ICE-unix") +addFilter("^filesystem\..*: hidden-file-or-dir /etc/skel/.fonts") +addFilter("^filesystem\..*: suse-filelist-forbidden-fhs23") +addFilter("^filesystem\..*: suse-filelist-forbidden-opt") +addFilter("^filesystem\..*: non-standard-uid /var/lib/nobody nobody") +addFilter("^filesystem\..*: missing-dependency-to-cron") +# has arch specific dirs in /usr +addFilter("^filesystem\..*: no-binary") # suppress any errors about internal packages addFilter("^qa\S+: [EWI]:") ++++++ extend-suse-conffiles-check.diff ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- FilesCheck.py.orig +++ FilesCheck.py -@@ -1176,7 +1176,7 @@ class FilesCheck(AbstractCheck.AbstractC +@@ -1179,7 +1179,7 @@ class FilesCheck(AbstractCheck.AbstractC if nonexec_file and not docdir_examples_regex.search(f): printWarning(pkg, 'spurious-executable-perm', f) elif f.startswith('/etc/') and f not in config_files and \ ++++++ invalid-filerequires.diff ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- TagsCheck.py.orig +++ TagsCheck.py -@@ -420,6 +420,7 @@ invalid_version_regex = re.compile('([0- +@@ -421,6 +421,7 @@ invalid_version_regex = re.compile('([0- # () are here for grouping purpose in the regexp forbidden_words_regex = re.compile('(' + Config.getOption('ForbiddenWords') + ')', re.IGNORECASE) valid_buildhost_regex = re.compile(Config.getOption('ValidBuildHost')) @@ -10,7 +10,7 @@ use_epoch = Config.getOption('UseEpoch', False) use_utf8 = Config.getOption('UseUTF8', Config.USEUTF8_DEFAULT) max_line_len = Config.getOption('MaxLineLength', 79) -@@ -602,6 +603,9 @@ class TagsCheck(AbstractCheck.AbstractCh +@@ -599,6 +600,9 @@ class TagsCheck(AbstractCheck.AbstractCh if d[0].startswith('/usr/local/'): printError(pkg, 'invalid-dependency', d[0]) @@ -20,7 +20,7 @@ if is_source: if lib_devel_number_regex.search(d[0]): printError(pkg, 'invalid-build-requires', d[0]) -@@ -1090,6 +1094,12 @@ explicit Requires: tags.''', +@@ -1106,6 +1110,12 @@ explicit Requires: tags.''', '''This package provides 2 times the same capacity. It should only provide it once.''', ++++++ remove-expand-macros.diff ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -8,7 +8,7 @@ =================================================================== --- TagsCheck.py.orig +++ TagsCheck.py -@@ -432,15 +432,6 @@ so_dep_regex = re.compile(r'\.so(\.[0-9a +@@ -431,15 +431,6 @@ so_dep_regex = re.compile(r'\.so(\.[0-9a # we assume that no rpm packages existed before rpm itself existed... oldest_changelog_timestamp = calendar.timegm(time.strptime("1995-01-01", "%Y-%m-%d")) @@ -24,7 +24,7 @@ _enchant_checkers = {} def spell_check(pkg, str, fmt, lang, ignored): -@@ -857,30 +848,12 @@ class TagsCheck(AbstractCheck.AbstractCh +@@ -864,30 +855,12 @@ class TagsCheck(AbstractCheck.AbstractCh (apply(Pkg.formatRequire, obs), apply(Pkg.formatRequire, prov))) ++++++ rpmlint-1.5-Fix-setgroups-error-name.diff ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -11,7 +11,7 @@ =================================================================== --- rpmlint-1.5.orig/BinariesCheck.py +++ rpmlint-1.5/BinariesCheck.py -@@ -514,7 +514,7 @@ class BinariesCheck(AbstractCheck.Abstra +@@ -518,7 +518,7 @@ class BinariesCheck(AbstractCheck.Abstra printError(pkg, 'missing-PT_GNU_STACK-section', fname) if bin_info.setgid and bin_info.setuid and not bin_info.setgroups: ++++++ rpmlint-1.5-disallow-var-run-and-var-lock.diff ++++++
From c45057466e8e40bbb36fa90faa10a2b678c25ba2 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel
Date: Wed, 30 Apr 2014 16:35:20 +0200 Subject: [PATCH rpmlint] disallow /var/run and /var/lock
Distros moved to having /var/run and /var/lock as symlinks to /run resp /run/lock. Therefore packages must no longer put files there at all. Also, refactor the code for dir-or-file-in-* and make it configurable. --- FilesCheck.py | 77 +++++++++++++++++++++++------------------------------------ config | 4 ++++ 2 files changed, 34 insertions(+), 47 deletions(-) Index: rpmlint-1.5/FilesCheck.py =================================================================== --- rpmlint-1.5.orig/FilesCheck.py +++ rpmlint-1.5/FilesCheck.py @@ -559,12 +559,9 @@ STANDARD_DIRS = ( '/var/lib/nobody', '/var/lib/pam_devperm', '/var/lib/wwwrun', - '/var/lock', - '/var/lock/subsys', '/var/log', '/var/mail', '/var/opt', - '/var/run', '/var/spool', '/var/spool/clientmqueue', '/var/spool/locks', @@ -589,7 +586,19 @@ DEFAULT_STANDARD_GROUPS = ('root', 'bin' 'shutdown', 'halt', 'mail', 'news', 'uucp', 'man', 'nobody',) -tmp_regex = re.compile('^(/var|/usr)?/tmp/') +DEFAULT_DISALLOWED_DIRS = ( + '/home', + '/mnt', + '/opt', + '/tmp', + '/usr/local', + '/usr/tmp', + '/var/local', + '/var/lock', + '/var/run', + '/var/tmp', +) + sub_bin_regex = re.compile('^(/usr)?/s?bin/\S+/') backup_regex = re.compile('(~|\#[^/]+\#|\.orig|\.orig\.gz|\.rej)$') compr_regex = re.compile('\.(gz|z|Z|zip|bz2|lzma|xz)$') @@ -653,6 +662,8 @@ use_relative_symlinks = Config.getOption standard_groups = Config.getOption('StandardGroups', DEFAULT_STANDARD_GROUPS) standard_users = Config.getOption('StandardUsers', DEFAULT_STANDARD_USERS) +disallowed_dirs = Config.getOption('DisallowedDirs', DEFAULT_DISALLOWED_DIRS) + non_readable_regexs = (re.compile('^/var/log/'), re.compile('^/etc/(g?shadow-?|securetty)$')) @@ -871,19 +882,13 @@ class FilesCheck(AbstractCheck.AbstractC is_kernel_package: printError(pkg, "kernel-modules-not-in-kernel-packages", f) - for i in ['mnt','opt','usr-local','var-local','home']: - if f.startswith('/%s/' % i.replace('-','/')): - printError(pkg, 'dir-or-file-in-%s' % i, f) - - if tmp_regex.search(f): - printError(pkg, 'dir-or-file-in-tmp', f) + for i in disallowed_dirs: + if f.startswith(i): + printError(pkg, 'dir-or-file-in-%s' % '-'.join(i.split('/')[1:]), f) - elif f.startswith('/var/run/'): + if f.startswith('/run/'): if f not in ghost_files: - printWarning(pkg, 'non-ghost-in-var-run', f) - elif f.startswith('/var/lock/'): - if f not in ghost_files: - printWarning(pkg, 'non-ghost-in-var-lock', f) + printWarning(pkg, 'non-ghost-in-run', f) elif sub_bin_regex.search(f): printError(pkg, 'subdir-in-bin', f) elif '/site_perl/' in f: @@ -1466,35 +1471,10 @@ install-info.''', '''You have a perl temporary file in your package. Usually, this file is beginning with a dot (.) and contain "perl" in its name.''', -'dir-or-file-in-tmp', -'''A file in the package is located in /tmp. It's not permitted -for packages to install files in this directory.''', - -'dir-or-file-in-mnt', -'''A file in the package is located in /mnt. It's not permitted -for packages to install files in this directory.''', - -'dir-or-file-in-opt', -'''A file in the package is located in /opt. It's not permitted -for packages to install files in this directory.''', - -'dir-or-file-in-usr-local', -'''A file in the package is located in /usr/local. It's not permitted -for packages to install files in this directory.''', - -'dir-or-file-in-var-local', -'''A file in the package is located in /var/local. It's not permitted -for packages to install files in this directory.''', - -'non-ghost-in-var-run', -'''A file or directory in the package is located in /var/run. Files installed -in this directory should be marked as %ghost and created at runtime to work -properly in tmpfs /var/run setups.''', - -'non-ghost-in-var-lock', -'''A file or directory in the package is located in /var/lock. Files installed +'non-ghost-in-run', +'''A file or directory in the package is located in /run. Files installed in this directory should be marked as %ghost and created at runtime to work -properly in tmpfs /var/lock setups.''', +properly in tmpfs /run setups.''', 'subdir-in-bin', '''The package contains a subdirectory in /usr/bin. It's not permitted to @@ -1505,10 +1485,6 @@ create a subdir there. Create it in /usr by an editor or resulting from applying unclean (fuzzy, or ones with line offsets) patches.''', -'dir-or-file-in-home', -'''A file in the package is located in /home. It's not permitted -for packages to install files in this directory.''', - 'version-control-internal-file', '''You have included file(s) internally used by a version control system in the package. Move these files out of the package and rebuild it.''', @@ -1832,6 +1808,13 @@ as part of the example documentation mea use it and setup a insecure configuration.''' ) +for i in disallowed_dirs: + addDetails('dir-or-file-in-%s' % '-'.join(i.split('/')[1:]), + '''A file in the package is located in %s. It's not permitted +for packages to install files in this directory.''' % i) + + + # FilesCheck.py ends here # Local variables: Index: rpmlint-1.5/config =================================================================== --- rpmlint-1.5.orig/config +++ rpmlint-1.5/config @@ -126,6 +126,10 @@ from Config import * # Type: tuple of strings, see DEFAULT_STANDARD_USERS in FilesCheck #setOption("StandardUsers", ()) +# List of directory prefixes that are not allowed in packages +# Type: tuple of strings, see DEFAULT_DISALLOWED_DIRS in FilesCheck +#setOption("DisallowedDirs", ('/home', '/mnt')) + # List of directories considered to be system default library search paths. # Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck #setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64')) ++++++ rpmlint-fix-unexpanded-macros-for-array-values.patch ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -7,11 +7,11 @@ TagsCheck.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) -diff --git a/TagsCheck.py b/TagsCheck.py -index c6f5dda..712d4e0 100644 ---- a/TagsCheck.py -+++ b/TagsCheck.py -@@ -533,13 +533,20 @@ class TagsCheck(AbstractCheck.AbstractCheck): +Index: rpmlint-1.5/TagsCheck.py +=================================================================== +--- rpmlint-1.5.orig/TagsCheck.py ++++ rpmlint-1.5/TagsCheck.py +@@ -524,13 +524,20 @@ class TagsCheck(AbstractCheck.AbstractCh AbstractCheck.AbstractCheck.__init__(self, 'TagsCheck') def _unexpanded_macros(self, pkg, tagname, value, is_url=False): @@ -37,6 +37,3 @@ def check(self, pkg): --- -1.9.0 - ++++++ suse-changelog.patch ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- TagsCheck.py.orig +++ TagsCheck.py -@@ -1025,8 +1025,8 @@ Development/''', +@@ -1032,8 +1032,8 @@ Development/''', "%s".''' % '", "'.join(VALID_GROUPS), 'no-changelogname-tag', ++++++ suse-python-abi-check.diff ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- FilesCheck.py.orig +++ FilesCheck.py -@@ -1107,8 +1107,11 @@ class FilesCheck(AbstractCheck.AbstractC +@@ -1110,8 +1110,11 @@ class FilesCheck(AbstractCheck.AbstractC if res and not (pkg.check_versioned_dep('python-base', res.group(1)) or pkg.check_versioned_dep('python', ++++++ suse-whitelist-opensuse.diff ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- TagsCheck.py.orig +++ TagsCheck.py -@@ -884,7 +884,7 @@ class TagsCheck(AbstractCheck.AbstractCh +@@ -891,7 +891,7 @@ class TagsCheck(AbstractCheck.AbstractCh spell_check(pkg, utf8summary, 'Summary(%s)', lang, ignored_words) if '\n' in summary: printError(pkg, 'summary-on-multiple-lines', lang) ++++++ xdg-check-exception.diff ++++++ --- /var/tmp/diff_new_pack.gJqpfn/_old 2014-05-22 20:39:02.000000000 +0200 +++ /var/tmp/diff_new_pack.gJqpfn/_new 2014-05-22 20:39:02.000000000 +0200 @@ -1,8 +1,8 @@ -diff --git a/MenuXDGCheck.py b/MenuXDGCheck.py -index 0996585..29085d5 100644 ---- a/MenuXDGCheck.py -+++ b/MenuXDGCheck.py -@@ -40,13 +40,16 @@ class MenuXDGCheck(AbstractCheck.AbstractFilesCheck): +Index: rpmlint-1.5/MenuXDGCheck.py +=================================================================== +--- rpmlint-1.5.orig/MenuXDGCheck.py ++++ rpmlint-1.5/MenuXDGCheck.py +@@ -43,13 +43,16 @@ class MenuXDGCheck(AbstractCheck.Abstrac printError(pkg, 'non-utf8-desktopfile', filename) self.cfp.read(f) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org