В Sat, 07 Sep 2013 08:38:48 +0200 Thomas Leineweber <thomas@tleine.de> пишет:
Hello,
Am 07.09.2013 08:31, schrieb Andrey Borzenkov:
I try to rebuild mailman with htdig patch but I get
[ 149s] (none): E: badness 20000 exceeds threshold 1000, aborting.
I compared build logs with devel project and it has the same amount of warnings; the only difference is /proc warnings
[ 140s] warning: Failed to read auxiliary vector, /proc not mounted? [ 140s] warning: Failed to read auxiliary vector, /proc not mounted?
but I normally always see them in build logs and so far they did not cause any harm.
Could someone explain where this badness comes from?
https://build.opensuse.org/package/rawlog/home:arvidjaar:branches:server:mai...
Reading the logfile, you can find:
[ 149s] mailman.i586: E: permissions-file-setuid-bit (Badness: 10000) /usr/lib/mailman/cgi-bin/htdig is packaged with setuid/setgid bits (02755) [ 149s] mailman.i586: E: permissions-file-setuid-bit (Badness: 10000) /usr/lib/mailman/cgi-bin/mmsearch is packaged with setuid/setgid bits (02755) [ 149s] If the package is intended for inclusion in any SUSE product please open a bug [ 149s] report to request review of the program by the security team
All files under /usr/lib/mailman/cgi-bin are SGID. Why does it complaint about these two files only? Spec also has the line %verify(not mode) %attr(2755, root, mailman) /usr/lib/mailman/cgi-bin/* And I added these files to /usr/lib/mailman/sgidlist assuming that this goes wrong (but asfar as I understand it runs during installation): %verifyscript %verify_permissions -f /usr/lib/mailman/sgidlist
These two lines add to the badness of 20000. Factory builds break, when the badness is too high. This is made to ensure a minimum packaging-quality.
See also: http://en.opensuse.org/openSUSE:Packaging_checks
Thomas
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org