Heads up and status update from the rpmlint front.
rpmlint will soon be updated to version 1.2 in Factory. It brings
one check that could turn out to be annoying:
'incorrect-fsf-address' warns about outdated or misspelled fsf
addresses in files. That's usually something for upstream to fix.
We'll see how many packages it catches.
A new SUSE specific check warns about init scripts for runlevel 4.
That runlevel is supposed to be admin defined so distro packages
should not use it. Just remove the '4' from 'Default-Start'.
The /var/run check got accepted upstream as non-ghost-in-var-run
(was dir-or-file-in-var-run before). I plan to mark that check fatal
in near the future as aaa_base now actually mounts tmpfs on /var/run so
anything in there must be created at run time. You need to create
files in /var/run at run time and mark them as %ghost in the
Similarly 'non-ghost-in-var-lock' was introduced as /var/lock may
use tmpfs too in the future. Packages should actually not use
/var/lock at all. It's supposed to be only used for legacy device
lock files (e.g. LCK..ttyS0).
The new check 'non-position-independent-executable' is a port of
prp-pie which in turn got dropped. All setuid binaries as well as
network facing daemons should be compiled as position independent
executables to make exploits more difficult. The list of binaries
where this applies is manually maintained. So if anything is missing
please let us know.
Additionally we now have the possibility to make certain checks
no longer filterable via package specific rpmlintrc. Initially that
will be used for mandatory security checks. The shared library
packaging policy is probably the next. If you are hit by this
outside of Factory you can still get your package to build by
setting the badness to zero¹
(o_ Ludwig Nussel
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG
To unsubscribe, e-mail: opensuse-packaging+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-packaging+help(a)opensuse.org