On Fri, Jan 11, 2013 at 11:18 AM, Johannes Weberhofer
Dear all!
I have packaged a pre-release of sqlmap[1], an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
This tool produces the following failures:
E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/mysql/linux/64/lib_mysqludf_sys.so E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so E: arch-independent-package-contains-binary-or-object (Badness: 499) /usr/share/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so
All those shared objects are required to be used on remote systems[2]. It's quite simple to suppress the error messages using a sqlmap-rpmlintrc file, but my question is: Is it ok, to simply package the files with the package or must all of them be built on OBS, which is a quite big job?
Your question seems to have been ignored. It is an unusual question in that the source code for the binary blobs is apparently opensource, you just don't want to have to setup a build mechanism for them I assume. If you want to submit it to factory as "opensource", then those binary blobs I doubt will fly. At a minimum, if you want an exception the legal team will have to weigh-in. ie. In general, for OSS distribution for openSUSE no binary blobs are allowed, but I think that is because of licensing/legal issues. Since the sqlmap package is GPL (per the spec file), opensuse legally has to ensure the source is part of the distribution. That is technically accomplished by simply saying no binary blobs are allowed in the distribution. I doubt you can get an exception, but I'm not a decision maker. I'm not sure about the non-OSS repository or the security repository. If someone could talk to those, then you could make a decision about how to best submit / maintain sqlmap. Greg -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org