[opensuse-packaging] prjconf or rpm-macros(?) trick to inject %defattr?
Hi packaging gurus, I am regularly rebuilding current Factory packages for ancient SLES releases (SLES15, SLES12-SP1...4, sometimes even SLES11). Many current spec files have gotten deprived of their %defattr(...) lines, which causes warnings like these: [ 25s] python-wheel.src:102: W: files-attr-not-set [ 25s] python-wheel.src:103: W: files-attr-not-set [ 25s] python-wheel.src:104: W: files-attr-not-set [ 25s] python-wheel.src:105: W: files-attr-not-set [ 25s] python-wheel.src:106: W: files-attr-not-set [ 25s] A file or a directory entry in a %files section does not have attributes set [ 25s] which may result in unexpected file permissions and thus security issues in [ 25s] the resulting binary package depending on the build environment and rpmbuild [ 25s] version (typically < 4.4). Add default attributes using %defattr before it in [ 25s] the %files section, or use per entry %attr's. Even SLES11-SP4 has rpm version 4.4.2.3, so maybe this can just be ignored. Or is there some prjconf or rpm macro magic that lets me automatically insert %defattr lines after every %file line? Thanks for any insights, Stefan -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Stefan Seyfried píše v Út 22. 10. 2019 v 10:32 +0200:
Hi packaging gurus,
I am regularly rebuilding current Factory packages for ancient SLES releases (SLES15, SLES12-SP1...4, sometimes even SLES11). Many current spec files have gotten deprived of their %defattr(...) lines, which causes warnings like these:
[ 25s] python-wheel.src:102: W: files-attr-not-set [ 25s] python-wheel.src:103: W: files-attr-not-set [ 25s] python-wheel.src:104: W: files-attr-not-set [ 25s] python-wheel.src:105: W: files-attr-not-set [ 25s] python-wheel.src:106: W: files-attr-not-set [ 25s] A file or a directory entry in a %files section does not have attributes set [ 25s] which may result in unexpected file permissions and thus security issues in [ 25s] the resulting binary package depending on the build environment and rpmbuild [ 25s] version (typically < 4.4). Add default attributes using %defattr before it in [ 25s] the %files section, or use per entry %attr's.
Given the state of the rpmlint package it does not make sense to care in any way to its warnings and notifications outside the openSUSE:Tumbleweed repository. So you still have to fix errors or report a fail on older codestreams we can patch in rpmlint. But in general the only rpmlint you should listen to is the one from the Tumbleweed.
On Tue, Oct 22, 2019 at 4:32 AM Stefan Seyfried <stefan.seyfried@googlemail.com> wrote:
Hi packaging gurus,
I am regularly rebuilding current Factory packages for ancient SLES releases (SLES15, SLES12-SP1...4, sometimes even SLES11). Many current spec files have gotten deprived of their %defattr(...) lines, which causes warnings like these:
[ 25s] python-wheel.src:102: W: files-attr-not-set [ 25s] python-wheel.src:103: W: files-attr-not-set [ 25s] python-wheel.src:104: W: files-attr-not-set [ 25s] python-wheel.src:105: W: files-attr-not-set [ 25s] python-wheel.src:106: W: files-attr-not-set [ 25s] A file or a directory entry in a %files section does not have attributes set [ 25s] which may result in unexpected file permissions and thus security issues in [ 25s] the resulting binary package depending on the build environment and rpmbuild [ 25s] version (typically < 4.4). Add default attributes using %defattr before it in [ 25s] the %files section, or use per entry %attr's.
Even SLES11-SP4 has rpm version 4.4.2.3, so maybe this can just be ignored.
Or is there some prjconf or rpm macro magic that lets me automatically insert %defattr lines after every %file line?
In Fedora EPEL, we've used several tricks to "backport" newer capabilities to older RHEL releases so that the delta is minimized between RHEL and Fedora. There are limits, but we've been moderately successful. EL5 corresponds to SLE 11, so some of it may help here: https://src.fedoraproject.org/rpms/epel-rpm-macros/tree/el5 As for the rpmlint policy, you can override this by forking the policy package shipped in SLE 11 and updating the rules for your SLE 11 build environments. -- 真実はいつも一つ!/ Always, there's only one truth! -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Hi Neal, Am 22.10.19 um 12:04 schrieb Neal Gompa:
In Fedora EPEL, we've used several tricks to "backport" newer capabilities to older RHEL releases so that the delta is minimized between RHEL and Fedora. There are limits, but we've been moderately successful.
EL5 corresponds to SLE 11, so some of it may help here: https://src.fedoraproject.org/rpms/epel-rpm-macros/tree/el5
This looks useful, thanks.
As for the rpmlint policy, you can override this by forking the policy package shipped in SLE 11 and updating the rules for your SLE 11 build environments.
I can try, but this is not without its own challenges: Either I inject my package into the SLES1{12} repos, but then the signature does not match, or I have my project included in all SLES-1x.prj configs, but this has challenges on its own. Right now I tend to patch my build.rpm to just inject a /etc/rpmlint/local.config that 'addFilter()'s away all the tests I don't like to have here ;-) This seems to be a hacky but easy solution. Thanks for all the hints, -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (3)
-
Neal Gompa -
Stefan Seyfried -
Tomas Chvatal