From 56d09790ccb9eb29849befca7405b830f147eb00c8ecdb6e5d98330b97759974 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 31 May 2017 13:22:26 +0000 Subject: [PATCH 1/5] Accepting request 498225 from home:tserong:branches:devel:openSUSE:Factory:rpmlint - add 'prometheus' and 'grafana' standard users and groups (used by various prometheus packages in server:monitoring, and by grafana in security:logging) OBS-URL: https://build.opensuse.org/request/show/498225 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=456 --- config | 4 ++++ rpmlint.changes | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/config b/config index eef4a9d..c0a8882 100644 --- a/config +++ b/config @@ -115,6 +115,7 @@ setOption('StandardGroups', ( 'games', 'gdm', 'geronimo', + 'grafana', 'guixbuild', 'haclient', 'haldaemon', @@ -192,6 +193,7 @@ setOption('StandardGroups', ( 'powersave', 'privoxy', 'prosody', + 'prometheus', 'public', 'pulse', 'pulse-access', @@ -294,6 +296,7 @@ setOption('StandardUsers', ( 'geronimo', 'gnats', 'gnump3d', + 'grafana', 'hacluster', 'haldaemon', 'hsqldb', @@ -363,6 +366,7 @@ setOption('StandardUsers', ( 'pound', 'privoxy', 'prosody', + 'prometheus', 'pulse', 'puppet', 'qemu', diff --git a/rpmlint.changes b/rpmlint.changes index e0f658d..9c2d8d9 100644 --- a/rpmlint.changes +++ b/rpmlint.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu May 25 04:52:11 UTC 2017 - tserong@suse.com + +- add 'prometheus' and 'grafana' standard users and groups + ------------------------------------------------------------------- Tue May 16 13:37:33 UTC 2017 - krahmer@suse.com From 73a2241e53d6e0c26d913a518f7c1cf547c1e7a957d8d10a6ea8f963fd962dc2 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 31 May 2017 13:23:11 +0000 Subject: [PATCH 2/5] Accepting request 499658 from home:jochenbecker:branches:devel:openSUSE:Factory:rpmlint std-user and std-group 'xymon', added for building correct xymon client OBS-URL: https://build.opensuse.org/request/show/499658 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=457 --- config | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config b/config index c0a8882..f53c969 100644 --- a/config +++ b/config @@ -245,6 +245,7 @@ setOption('StandardGroups', ( 'wireshark', 'www', 'xok', + 'xymon', 'zeroinst', 'znc', 'zope', @@ -408,6 +409,7 @@ setOption('StandardUsers', ( 'vscan', 'wnn', 'wwwrun', + 'xymon', 'yastws', 'zeroinst', 'znc', From 31911ca76de646bf6f1a530911ac92ef4759497924d6b109a2903dd4a69f005f Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 31 May 2017 13:24:59 +0000 Subject: [PATCH 3/5] - std-user and std-group 'xymon', added for building correct xymon client OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=458 --- rpmlint.changes | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/rpmlint.changes b/rpmlint.changes index 9c2d8d9..4046231 100644 --- a/rpmlint.changes +++ b/rpmlint.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 31 13:24:22 UTC 2017 - jochen.becker@hrz.tu-darmstadt.de + +- std-user and std-group 'xymon', added for building correct xymon client + ------------------------------------------------------------------- Thu May 25 04:52:11 UTC 2017 - tserong@suse.com From debe85b1cc29da11bc9e4da1038eba2ed56da47346af359ff9df1b3f4b918e91 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 31 May 2017 14:08:48 +0000 Subject: [PATCH 4/5] - whitelisting openqa (bsc#1039290) OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=459 --- config | 6 +++++- rpmlint.changes | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/config b/config index f53c969..5b4c61b 100644 --- a/config +++ b/config @@ -753,7 +753,11 @@ setOption("DBUSServices.WhiteList", ( "net.launchpad.backintime.serviceHelper.service", # switchroo-control (bsc#1034309) "net.hadess.SwitcherooControl.conf", - "switcheroo-control.service" + "switcheroo-control.service", + # openqa (bsc#1039290) + "org.opensuse.openqa.conf", + "openqa-scheduler.service", + "openqa-websockets.service" )) setOption("PAMModules.WhiteList", ( diff --git a/rpmlint.changes b/rpmlint.changes index 4046231..3b68169 100644 --- a/rpmlint.changes +++ b/rpmlint.changes @@ -3,6 +3,12 @@ Wed May 31 13:24:22 UTC 2017 - jochen.becker@hrz.tu-darmstadt.de - std-user and std-group 'xymon', added for building correct xymon client +------------------------------------------------------------------- +Wed May 31 13:16:51 UTC 2017 - krahmer@suse.com + +- whitelisting openqa (bsc#1039290) + + ------------------------------------------------------------------- Thu May 25 04:52:11 UTC 2017 - tserong@suse.com From ce4f4138f7f30e4cd460ee140ee81aa25bbcf76ed16f04b678484d8291820191 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 2 Jun 2017 09:45:19 +0000 Subject: [PATCH 5/5] Accepting request 500457 from home:StefanBruens:branches:devel:openSUSE:Factory:rpmlint_3 chroot/chdir test was specific to ix86/x86_64, add proper implementation for all ARM, relax check on PPC OBS-URL: https://build.opensuse.org/request/show/500457 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=460 --- ...iesCheck_fix_chroot_check_on_non_x86.patch | 38 +++++++++++++++++++ rpmlint.changes | 6 +++ rpmlint.spec | 2 + 3 files changed, 46 insertions(+) create mode 100644 BinariesCheck_fix_chroot_check_on_non_x86.patch diff --git a/BinariesCheck_fix_chroot_check_on_non_x86.patch b/BinariesCheck_fix_chroot_check_on_non_x86.patch new file mode 100644 index 0000000..5296282 --- /dev/null +++ b/BinariesCheck_fix_chroot_check_on_non_x86.patch @@ -0,0 +1,38 @@ +diff --git a/usr/share/rpmlint/BinariesCheck.py b/tmp/BinariesCheck.py +index 6e50c03..460c003 100644 +--- a/BinariesCheck.py ++++ b/BinariesCheck.py +@@ -64,8 +64,6 @@ class BinaryInfo: + setuid_call_regex = create_regexp_call(['setresuid', 'seteuid', 'setuid']) + setgroups_call_regex = create_regexp_call(['initgroups', 'setgroups']) + chroot_call_regex = create_regexp_call('chroot') +- # 401eb8: e8 c3 f0 ff ff callq 400f80 +- objdump_call_regex = re.compile(b'callq?\s(.*)') + + forbidden_functions = Config.getOption("WarnOnFunction") + if forbidden_functions: +@@ -109,6 +107,12 @@ class BinaryInfo: + self.mktemp = False + + is_debug = path.endswith('.debug') ++ if pkg.arch in ['armv6hl', 'armv7hl', 'aarch64']: ++ # 10450: ebffffec bl 10408 ++ BinaryInfo.objdump_call_regex = re.compile(b'\sbl\s+(.*)') ++ else: # x86_64, ix86 ++ # 401eb8: e8 c3 f0 ff ff callq 400f80 ++ BinaryInfo.objdump_call_regex = re.compile(b'callq?\s(.*)') + + cmd = ['env', 'LC_ALL=C', 'readelf', '-W', '-S', '-l', '-d', '-s'] + cmd.append(path) +@@ -234,6 +238,11 @@ class BinaryInfo: + # check if chroot is near chdir (since otherwise, chroot is called + # without chdir) + if self.chroot and self.chdir: ++ if pkg.arch in ['ppc', 'ppc64', 'ppc64le']: ++ # On PPC, it is to difficult to find the actual invocations ++ # of chroot/chdir, if both exist assume chroot is fine ++ self.chroot_near_chdir = True ++ pass + p = subprocess.Popen( + ['env', 'LC_ALL=C', 'objdump', '-d', path], + stdout=subprocess.PIPE, bufsize=-1) diff --git a/rpmlint.changes b/rpmlint.changes index 3b68169..db2a538 100644 --- a/rpmlint.changes +++ b/rpmlint.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jun 1 15:31:53 UTC 2017 - stefan.bruens@rwth-aachen.de + +- Add BinariesCheck_fix_chroot_check_on_non_x86.patch + Check for correct invocation of chroot was only implemented for x86 + ------------------------------------------------------------------- Wed May 31 13:24:22 UTC 2017 - jochen.becker@hrz.tu-darmstadt.de diff --git a/rpmlint.spec b/rpmlint.spec index 016af85..ff03eb0 100644 --- a/rpmlint.spec +++ b/rpmlint.spec @@ -123,6 +123,8 @@ Patch664: issue_68_BinariesCheck_lower_memory-4.patch # Fix a regression introduced by suse-shlib-devel-dependency.diff Patch67: suse-readd_terminator_in_regex.patch Patch68: boo1027577-license_tag.patch +# Fix check for 'missing-call-to-chdir-with-chroot' on ARM, relax check on PPC +Patch69: BinariesCheck_fix_chroot_check_on_non_x86.patch # PATCHLIST END # BuildArch must at the end. is a bug: https://bugzilla.suse.com/show_bug.cgi?id=926766 BuildArch: noarch