From b3d6947ea951869cf84851774045319332366f6b Mon Sep 17 00:00:00 2001 From: Packit Date: Sep 17 2020 08:11:58 +0000 Subject: Add sources defined in the spec file --- diff --git a/SPECS/rpmlint-1.10.tar.gz b/SPECS/rpmlint-1.10.tar.gz new file mode 100644 index 0000000..cf7aa77 Binary files /dev/null and b/SPECS/rpmlint-1.10.tar.gz differ diff --git a/SPECS/rpmlint-etc.config b/SPECS/rpmlint-etc.config new file mode 100644 index 0000000..5f670ac --- /dev/null +++ b/SPECS/rpmlint-etc.config @@ -0,0 +1,2 @@ +# Add local system wide rpmlint configuration here or in other *config files +# in this directory. diff --git a/SPECS/rpmlint.config b/SPECS/rpmlint.config new file mode 100644 index 0000000..11de5bf --- /dev/null +++ b/SPECS/rpmlint.config @@ -0,0 +1,477 @@ +# -*- python -*- + +# System wide rpmlint default configuration. Do not modify, override/add +# options in /etc/rpmlint/config and/or ~/.rpmlintrc as needed. + +import os.path +import re +import sys + +from Config import * +import Pkg + + +setOption("CompressExtension", "gz") +setOption("DefaultPythonVersion", sys.version[:3]) +setOption("KernelModuleRPMsOK", False) +setOption("MaxLineLength", 80) +setOption("NetworkEnabled", True) +setOption("ReleaseExtension", r'\.(fc|rhe?l|el)\d+(?=\.|$)') +setOption("UseDebugSource", True) +setOption("UseDefaultRunlevels", False) +setOption("UseEpoch", False) +setOption("UseUTF8", True) +setOption("UseVersionInChangeLog", True) +setOption("ValidSrcPerms", (int("664",8), int("644",8), )) + +setOption("ValidShells", ( + "", + "/bin/sh", + "/bin/bash", + "/sbin/ldconfig", + "/usr/bin/perl", + "/usr/bin/python3", + "/usr/libexec/platform-python", +)) + +setOption("DanglingSymlinkExceptions", ( + ['consolehelper$', 'usermode'], + ['consolehelper-gtk$', 'usermode-gtk'], +)) + +setOption("ValidLicenses", ( + # These are the short names for all of the Fedora approved licenses. + # The master list is kept here: http://fedoraproject.org/wiki/Licensing + # Last synced with revision "2.36, 18 April 2017" of that page. + 'AAL', + 'Abstyles', + 'Adobe', + 'ADSL', + 'AFL', + 'Afmparse', + 'AGPLv1', + 'AGPLv3', + 'AGPLv3+', + 'AGPLv3 with exceptions', + 'AMDPLPA', + 'AML', + 'AMPAS BSD', + 'APAFML', + 'App-s2p', + 'APSL 2.0', + 'APSL 2.0+', + 'ARL', + 'Artistic 2.0', + 'Artistic clarified', + 'ASL 1.0', + 'ASL 1.0+', + 'ASL 1.1', + 'ASL 1.1+', + 'ASL 2.0', + 'ASL 2.0+', + 'Bahyph', + 'Barr', + 'Beerware', + 'BeOpen', + 'Bibtex', + 'BitTorrent', + 'Boost', + 'Borceux', + 'BSD', + 'BSD Protection', + 'BSD with advertising', + 'BSD with attribution', + 'CATOSL', + 'CC0', + 'CeCILL', + 'CeCILL-B', + 'CeCILL-C', + 'CDDL', + 'CNRI', + 'Condor', + 'Copyright only', + 'CPAL', + 'CPL', + 'CRC32', + 'Crossword', + 'Crystal Stacker', + 'Cube', + 'diffmark', + 'DMIT', + 'DOC', + 'Dotseqn', + 'DSDP', + 'dvipdfm', + 'DWPL', + 'ECL 1.0', + 'ECL 2.0', + 'eCos', + 'EFL 2.0', + 'EFL 2.0+', + 'eGenix', + 'Entessa', + 'EPICS', + 'EPL', + 'ERPL', + 'EU Datagrid', + 'EUPL 1.1', + 'Eurosym', + 'Fair', + 'FSFUL', + 'FSFULLR', + 'FTL', + 'Giftware', + 'GL2PS', + 'Glide', + 'Glulxe', + 'gnuplot', + 'GPL+', + 'GPL+ or Artistic', + 'GPL+ with exceptions', + 'GPLv1', + 'GPLv2 or Artistic', + 'GPLv2+ or Artistic', + 'GPLv2', + 'GPLv2 with exceptions', + 'GPLv2+', + 'GPLv2+ with exceptions', + 'GPLv3', + 'GPLv3 with exceptions', + 'GPLv3+', + 'GPLv3+ with exceptions', + 'HaskellReport', + 'HSRL', + 'IBM', + 'IJG', + 'ImageMagick', + 'iMatix', + 'Imlib2', + 'Intel ACPI', + 'Interbase', + 'ISC', + 'Jabber', + 'JasPer', + 'JPython', + 'Julius', + 'Knuth', + 'Latex2e', + 'LBNL BSD', + 'Leptonica', + 'LGPLv2', + 'LGPLv2 with exceptions', + 'LGPLv2+', + 'LGPLv2+ or Artistic', + 'LGPLv2+ with exceptions', + 'LGPLv3', + 'LGPLv3 with exceptions', + 'LGPLv3+', + 'LGPLv3+ with exceptions', + 'Lhcyr', + 'libtiff', + 'LLGPL', + 'Logica', + 'LOSLA', + 'LPL', + 'LPPL', + 'MakeIndex', + 'mecab-ipadic', + 'midnight', + 'MirOS', + 'MIT', + 'MITNFA', + 'MIT with advertising', + 'mod_macro', + 'Motosoto', + 'MPLv1.0', + 'MPLv1.0+', + 'MPLv1.1', + 'MPLv1.1+', + 'MPLv2.0', + 'MS-PL', + 'MS-RL', + 'MTLL', + 'Mup', + 'Naumen', + 'NCSA', + 'NetCDF', + 'Netscape', + 'Newmat', + 'Newsletr', + 'NGPL', + 'NLPL', + 'Nmap', + 'Nokia', + 'NOSL', + 'Noweb', + 'OGL', + 'OML', + 'OpenLDAP', + 'OpenPBS', + 'OpenSSL', + 'OReilly', + 'OSL 1.0', + 'OSL 1.0+', + 'OSL 1.1', + 'OSL 1.1+', + 'OSL 2.0', + 'OSL 2.0+', + 'OSL 2.1', + 'OSL 2.1+', + 'OSL 3.0', + 'OSL 3.0+', + 'Par', + 'Phorum', + 'PHP', + 'PlainTeX', + 'Plexus', + 'PostgreSQL', + 'psfrag', + 'psutils', + 'Public Domain', + 'Python', + 'Qhull', + 'QPL', + 'Rdisc', + 'REX', + 'RiceBSD', + 'Romio', + 'RPSL', + 'Rsfs', + 'Ruby', + 'Saxpath', + 'SCEA', + 'SCRIP', + 'Sendmail', + 'Sleepycat', + 'SISSL', + 'SLIB', + 'SNIA', + 'softSurfer', + 'SPL', + 'STMPL', + 'SWL', + 'TCGL', + 'TCL', + 'Teeworlds', + 'TGPPL', + 'TGPPL with exceptions', + 'Threeparttable', + 'TMate', + 'Tolua', + 'TORQUEv1.1', + 'TOSL', + 'TPDL', + 'TPL', + 'TTWL', + 'UCAR', + 'UCD', + 'Unicode', + 'Unlicense', + 'Vim', + 'VNLSL', + 'VOSTROM', + 'VSL', + 'W3C', + 'Webmin', + 'Wsuipa', + 'WTFPL', + 'wxWidgets', + 'Xerox', + 'xinetd', + 'xpp', + 'XSkat', + 'YPLv1.1', + 'Zed', + 'Zend', + 'zlib', + 'zlib with acknowledgement', + 'ZPLv1.0', + 'ZPLv1.0+', + 'ZPLv2.0', + 'ZPLv2.0+', + 'ZPLv2.1', + 'ZPLv2.1+', + # Documentation licenses + 'CDL', + 'FBSDDL', + 'GFDL', + 'IEEE', + 'LDPL', + 'OFSFDL', + 'Open Publication', + 'Public Use', + 'Verbatim', + # Content licenses + 'CC-BY', + 'CC-BY-ND', + 'CC-BY-SA', + 'DMTF', + 'DSL', + 'EFML', + 'Free Art', + 'GeoGratis', + 'Green OpenMusic', + 'OAL', + # Font licenses + 'AMS', + 'Arphic', + 'Baekmuk', + 'Bitstream Vera', + 'DoubleStroke', + 'Hershey', + 'IPA', + 'Liberation', + 'Lucida', + 'MgOpen', + 'mplus', + 'OFL', + 'PTFL', + 'STIX', + 'Utopia', + 'Wadalab', + 'XANO', + # Others + 'Redistributable, no modification permitted', + 'Freely redistributable without restriction', +)) + +setOption('SystemLibPaths', ('/lib', '/lib64', '/usr/lib', '/usr/lib64')) + +# Add systemd dir to ignored path for UsrLibBinaryException +setOption('UsrLibBinaryException', r'^/usr/lib(64)?/(perl|python|ruby|menu|pkgconfig|ocaml|systemd|lib[^/]+\.(so|l?a)$|\.build-id)') + +# Get standard users and groups from the setup package's uidgid file +setOption('StandardUsers', []) +setOption('StandardGroups', []) +setup_pkg = None +try: + setup_pkg = Pkg.InstalledPkg('setup') +except: + pass +if setup_pkg: + users = set() + groups = set() + uidgid_regex = re.compile(r'^\s*(\S+)\s+(-|\d+)\s+(-|\d+|\(\d+\))\s') + for uidgid_file in [x for x in setup_pkg.files() if x.endswith('/uidgid')]: + if os.path.exists(uidgid_file): + fobj = open(uidgid_file) + try: + for line in fobj.read().strip().splitlines(): + res = uidgid_regex.search(line) + if res: + name = res.group(1) + if res.group(2) != '-': + users.add(name) + if res.group(3) != '-' and not '(' in res.group(3): + groups.add(name) + del res + del line + finally: + fobj.close() + del fobj + setOption('StandardUsers', sorted(users)) + setOption('StandardGroups', sorted(groups)) + del uidgid_regex, uidgid_file, users, groups +del setup_pkg + +# Output filters +addFilter("source-or-patch-not-compressed") +addFilter("%mklibname") +addFilter("no-dependency-on (perl|python)-base") +addFilter("no-dependency-on locales-") +addFilter("(python|perl5)-naming-policy-not-applied") +addFilter("no-(packager-tag|signature)") +addFilter("incoherent-version-in-name") +addFilter("invalid-build-requires") +addFilter("ghost-files-without-postin") +addFilter("postin-without-ghost-file-creation") +addFilter("no-major-in-name") +addFilter("no-provides") +addFilter("executable-in-library-package") +addFilter("non-versioned-file-in-library-package") +addFilter("requires-on-release") +addFilter("jar-not-indexed") +addFilter("outside-libdir-files") +addFilter("-debuginfo.* no-documentation") +addFilter("-debuginfo.* /usr/lib/debug/") +addFilter("non-standard-dir-in-usr libexec") +addFilter("^gpg-pubkey:") +addFilter(" doc-file-dependency .* /bin/sh$") +addFilter("hardcoded-library-path .*/lib/udev(/|$)") +addFilter("not-standard-release-extension") +addFilter("explicit-lib-dependency (liberation-fonts|libertas-.*-firmware|libvirt$|.*-(java|python)$)") +addFilter("explicit-lib-dependency (python-.*lib.*|python2-.*lib.*|python3-.*lib.*)$") +addFilter("filename-too-long-for-joliet") +addFilter("symlink-should-be-") +addFilter(r"dangling-\S*symlink /usr/share/doc/HTML/\S+/common .+/common$") +addFilter(r"hidden-file-or-dir .*/man5/\.k5login\.5[^/]+$") +addFilter(r"blender.+ (wrong-script-interpreter|non-executable-script) .+/blender/.+\.py.*BPY.*") +# Fedora 12 and newer no longer need a buildroot defined, to have the buildroot cleaned at the beginning +# of %install, and do not need to define a %clean section unless the default is invalid. +addFilter("no-cleaning-of-buildroot") +addFilter("no-buildroot-tag") +addFilter("no-%clean-section") +# Only EL4 needs the files-attr-not-set check, because rpm 4.4 and newer no longer need a %defattr line +# (it automatically provides one). +addFilter("files-attr-not-set") +# Don't bother with the non-ghost-in-var-(lock|run) checks on Fedora 15 or newer +# since they have tmpfs /var/lock and /var/run. +addFilter("non-ghost-in-var-lock") +addFilter("non-ghost-in-var-run") +# Someone thought it was a good idea to make .desktop files executable. They were wrong. +# Nevertheless, I do not yet control the universe, so we squelch the error here. +addFilter(r"script-without-shebang .*\.desktop$") +# Some files in /etc/ are not meant to be modified by the sysadmin +addFilter("non-conffile-in-etc /etc/rpm/.*$") +addFilter("non-conffile-in-etc /etc/rc.d/init.d/.*$") +# Fixed in rpm >= 4.7.1 +addFilter("broken-syntax-in-scriptlet-requires") +# Files that are intentionally not supposed to be readable +# Contains passwords +addFilter("non-readable /etc/ovirt-engine/isouploader.conf") +# Ignore webservers which are just broken. +addFilter(r"invalid-url .*\.googlecode\.com/.*HTTP Error 404") +addFilter(r"invalid-url .*\.jboss\.org/.*HTTP Error 403") +addFilter(r"invalid-url .*bitbucket\.org/.*HTTP Error 403") +addFilter(r"invalid-url .*github\.com/.*HTTP Error 403") +# Don't care about long descriptions on debuginfo packages +# They automatically include the package name and are always +# quite long. +addFilter("-debuginfo.* description-line-too-long") +# ignore "common" jargon words +# https://bugzilla.redhat.com/show_bug.cgi?id=1424684#c9 +addFilter(r"spelling-error.* \b(runtime|Runtime|metadata|cryptographic|multi|linux|filesystem|filesystems|backend|backends|userspace|addon|wayland|Wayland|util|utils|lossless|virtualization|toolkits|libvirtd|crypto|glyphs|GStreamer|http|extensibility|codec|codecs|truetype|scalable|pluggable|pixbuf|Kerberos|customizable|bitstream|tcp|libXss|libs|libc|encodings|GLib|udev|posix|libpng|glapi|gbm|freedesktop|spi|realtime|preprocessor|libaudit|hypervisor|embeddable|distributable|devel|config|cairo|bootloader|adaptors|pragma|passphrase|malloc|libvirt|libmagic|io|datetime|boolean|argparse|py|pinentry|namespace|middleware|lowlevel|libxcb|libudev|libsoup|libgcrypt|libcom|iSCSI|initramfs|GObject|executables|dialogs|checkpolicy|bitmapped|assistive)\b") +# Fedora no longer uses explicit ldconfig %post/%postun as of Fedora 28 +addFilter("library-without-ldconfig-postin") +addFilter("library-without-ldconfig-postun") + + +bad_crypto_warning = \ +'''This application package calls a function to explicitly set crypto ciphers +for SSL/TLS. That may cause the application not to use the system-wide set +cryptographic policy and should be modified in accordance to: +https://fedoraproject.org/wiki/Packaging:CryptoPolicies''' + +call_blacklist = {'crypto-policy-non-compliance-openssl' : + {'f_name' : 'SSL_CTX_set_cipher_list', + 'good_param' : 'PROFILE=SYSTEM', + 'description' : bad_crypto_warning}, + 'crypto-policy-non-compliance-gnutls-1' : + {'f_name' : 'gnutls_priority_set_direct', + 'description' : bad_crypto_warning}, + 'crypto-policy-non-compliance-gnutls-2' : + {'f_name' : 'gnutls_priority_init', + 'good_param' : 'SYSLOG', + 'description' : bad_crypto_warning} + } +setOption("WarnOnFunction", call_blacklist) + +# https://bugzilla.redhat.com/496737, https://bugzilla.redhat.com/646455 +for pkg, exe in (("coreutils", "/bin/su"), + ("krb5-workstation", "/usr/kerberos/bin/ksu"), + ("passwd", "/usr/bin/passwd"), + ("sudo", "/usr/bin/sudo(edit)?"), + ("upstart", "/sbin/initctl"), + ("usermode", "/usr/sbin/userhelper")): + addFilter("%s.* (setuid-binary|non-standard-executable-perm) %s (root )?04" + % (pkg, exe)) diff --git a/SPECS/rpmlint.config.el4 b/SPECS/rpmlint.config.el4 new file mode 100644 index 0000000..8c647d7 --- /dev/null +++ b/SPECS/rpmlint.config.el4 @@ -0,0 +1,28 @@ +# -*- python -*- + +# System wide rpmlint default configuration. Do not modify, override/add +# options in /etc/rpmlint/config and/or ~/.rpmlintrc as needed. + +import os.path +import re +import sys + +from Config import * +import Pkg + +# Inherit the base config and build from there. +exec(open("/usr/share/rpmlint/config","rb").read()) + +# Fedora 12 and newer no longer need a buildroot defined, to have the buildroot cleaned at the beginning +# of %install, and do not need to define a %clean section unless the default is invalid. +# However, EL-4 and EL-5 still need these checks. +removeFilter("no-cleaning-of-buildroot") +removeFilter("no-buildroot-tag") +removeFilter("no-%clean-section") + +# Only EL4 needs the files-attr-not-set check, because rpm 4.4 and newer no longer need a %defattr line +# (it automatically provides one). +removeFilter("files-attr-not-set") + +# Fixed in rpm >= 4.7.1 +removeFilter("broken-syntax-in-scriptlet-requires") diff --git a/SPECS/rpmlint.config.el5 b/SPECS/rpmlint.config.el5 new file mode 100644 index 0000000..ae22617 --- /dev/null +++ b/SPECS/rpmlint.config.el5 @@ -0,0 +1,24 @@ +# -*- python -*- + +# System wide rpmlint default configuration. Do not modify, override/add +# options in /etc/rpmlint/config and/or ~/.rpmlintrc as needed. + +import os.path +import re +import sys + +from Config import * +import Pkg + +# Inherit the base config and build from there. +exec(open("/usr/share/rpmlint/config","rb").read()) + +# Fedora 12 and newer no longer need a buildroot defined, to have the buildroot cleaned at the beginning +# of %install, and do not need to define a %clean section unless the default is invalid. +# However, EL-4 and EL-5 still need these checks. +removeFilter("no-cleaning-of-buildroot") +removeFilter("no-buildroot-tag") +removeFilter("no-%clean-section") + +# Fixed in rpm >= 4.7.1 +removeFilter("broken-syntax-in-scriptlet-requires")