rpmlint/rpmlint-all-pie.patch

Index: rpmlint-rpmlint-1.10/BinariesCheck.py
===================================================================
--- rpmlint-rpmlint-1.10.orig/BinariesCheck.py
+++ rpmlint-rpmlint-1.10/BinariesCheck.py
@@ -534,6 +534,9 @@ class BinariesCheck(AbstractCheck.Abstra
                 if not is_shobj and pie_exec_re and pie_exec_re.search(fname):
                     printError(pkg, 'non-position-independent-executable',
                                fname)
+                if not is_shobj:
+                    printError(pkg, 'position-independent-executable-suggested',
+                               fname)
 
             if bin_info.readelf_error:
                 continue
@@ -786,6 +789,10 @@ stripping process.''',
 '''This executable must be position independent.  Check that it is built with
 -fPIE/-fpie in compiler flags and -pie in linker flags.''',
 
+'position-independent-executable-suggested',
+'''This executable should be position independent (all binaries should).  Check
+that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''',
+
 'missing-call-to-setgroups-before-setuid',
 '''This executable is calling setuid and setgid without setgroups or
 initgroups. There is a high probability this means it didn't relinquish all
- update to 1.10: * test: Skip fedoradev GPG checks at least for now * test: Refresh fedora* packages on image build * test: Use assertEqual where appropriate, thanks to flake8/hacking * test: Update fedora24 config to fedora26, run it on Travis * Add a new test for tmpfiles.d snippets in the /etc/ tree. * Add new tests for systemd units and udev rules in /etc/ tree * test: Disable hacking for now until it's flake8 3.4+ compatible * test: Set up flake8-bugbear, enable it in fedoradev container * rpmlint: Avoid unused loop control variable * ZipCheck: Add TODO * : Avoid mutable argument defaults Be aware of -debugsource packages * rpmdiff: Fix unused variable from previous commit * rpmdiff: Support soft dependencies * BinariesCheck, FilesCheck: Ignore various .build-id dirs * Add python3-devel and rpm-build to fedoradev container to provoke some issues * BinariesCheck: Popen env consistency fix * Pkg.getstatusoutput: Set LC_ALL for all Popens, defaulting to C * rpmlint: Fix checking specfile from stdin * test.sh: Extract rpmlint command to run_rpmlint * Revert "Remove unused spec_lines check_spec argument" * BinariesCheck: Trivial cleanups * travis: Run make install too * FilesCheck: Allow multiple bytecode magic values per Python version * tests: Make output test tools easier to reuse * FilesCheck: hg.python.org -> github.com/python * Pkg: Return vendor and distribution as unicode strings * FilesCheck: Add Python 3.7 bytecode magic value * Pkg.b2s: Add some more test cases OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=482 2017-09-28 13:35:09 +02:00			`Index: rpmlint-rpmlint-1.10/BinariesCheck.py`
Accepting request 507659 from home:msmeissn:branches:devel:openSUSE:Factory:rpmlint - rpmlint-pie-leap42.patch, rpmlint-pie-factory.patch: adjust testsuite to match new PIE warning, for both Leap 42.3 and Factory. - rpmlint-all-pie.patch: for non-PIE built binaries emit a warning to suggest build them as PIE. OBS-URL: https://build.opensuse.org/request/show/507659 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=464 2017-07-04 14:30:44 +02:00			`===================================================================`
- update to 1.10: * test: Skip fedoradev GPG checks at least for now * test: Refresh fedora* packages on image build * test: Use assertEqual where appropriate, thanks to flake8/hacking * test: Update fedora24 config to fedora26, run it on Travis * Add a new test for tmpfiles.d snippets in the /etc/ tree. * Add new tests for systemd units and udev rules in /etc/ tree * test: Disable hacking for now until it's flake8 3.4+ compatible * test: Set up flake8-bugbear, enable it in fedoradev container * rpmlint: Avoid unused loop control variable * ZipCheck: Add TODO * : Avoid mutable argument defaults Be aware of -debugsource packages * rpmdiff: Fix unused variable from previous commit * rpmdiff: Support soft dependencies * BinariesCheck, FilesCheck: Ignore various .build-id dirs * Add python3-devel and rpm-build to fedoradev container to provoke some issues * BinariesCheck: Popen env consistency fix * Pkg.getstatusoutput: Set LC_ALL for all Popens, defaulting to C * rpmlint: Fix checking specfile from stdin * test.sh: Extract rpmlint command to run_rpmlint * Revert "Remove unused spec_lines check_spec argument" * BinariesCheck: Trivial cleanups * travis: Run make install too * FilesCheck: Allow multiple bytecode magic values per Python version * tests: Make output test tools easier to reuse * FilesCheck: hg.python.org -> github.com/python * Pkg: Return vendor and distribution as unicode strings * FilesCheck: Add Python 3.7 bytecode magic value * Pkg.b2s: Add some more test cases OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=482 2017-09-28 13:35:09 +02:00			`--- rpmlint-rpmlint-1.10.orig/BinariesCheck.py`
			`+++ rpmlint-rpmlint-1.10/BinariesCheck.py`
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=484 2017-09-28 22:18:14 +02:00			`@@ -534,6 +534,9 @@ class BinariesCheck(AbstractCheck.Abstra`
Accepting request 507659 from home:msmeissn:branches:devel:openSUSE:Factory:rpmlint - rpmlint-pie-leap42.patch, rpmlint-pie-factory.patch: adjust testsuite to match new PIE warning, for both Leap 42.3 and Factory. - rpmlint-all-pie.patch: for non-PIE built binaries emit a warning to suggest build them as PIE. OBS-URL: https://build.opensuse.org/request/show/507659 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=464 2017-07-04 14:30:44 +02:00			`if not is_shobj and pie_exec_re and pie_exec_re.search(fname):`
			`printError(pkg, 'non-position-independent-executable',`
			`fname)`
			`+ if not is_shobj:`
			`+ printError(pkg, 'position-independent-executable-suggested',`
			`+ fname)`

			`if bin_info.readelf_error:`
			`continue`
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=484 2017-09-28 22:18:14 +02:00			`@@ -786,6 +789,10 @@ stripping process.''',`
Accepting request 507659 from home:msmeissn:branches:devel:openSUSE:Factory:rpmlint - rpmlint-pie-leap42.patch, rpmlint-pie-factory.patch: adjust testsuite to match new PIE warning, for both Leap 42.3 and Factory. - rpmlint-all-pie.patch: for non-PIE built binaries emit a warning to suggest build them as PIE. OBS-URL: https://build.opensuse.org/request/show/507659 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=464 2017-07-04 14:30:44 +02:00			`'''This executable must be position independent. Check that it is built with`
			`-fPIE/-fpie in compiler flags and -pie in linker flags.''',`

			`+'position-independent-executable-suggested',`
			`+'''This executable should be position independent (all binaries should). Check`
			`+that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''',`
			`+`
			`'missing-call-to-setgroups-before-setuid',`
			`'''This executable is calling setuid and setgid without setgroups or`
			`initgroups. There is a high probability this means it didn't relinquish all`