From 27a53dc391366a053bd37341a17637c2ecb06d2126329548160efa1d00b843c6 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Wed, 26 Sep 2012 13:45:06 +0000 Subject: [PATCH] Accepting request 136093 from home:a_jaeger:FactoryFix Rework package: Add service for updating from git; take patches from git. OBS-URL: https://build.opensuse.org/request/show/136093 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=139 --- BashismsCheck.py | 47 --- BrandingPolicyCheck.py | 132 --------- CheckAlternativesGhostFiles.py | 85 ------ CheckBuildDate.py | 49 ---- CheckBuildRoot.py | 41 --- CheckCommonFiles.py | 89 ------ CheckDBUSServices.py | 57 ---- CheckDBusPolicy.py | 80 ------ CheckExecDocs.py | 97 ------- CheckFilelist.py | 444 ----------------------------- CheckGNOMEMacros.py | 185 ------------ CheckIconSizes.py | 51 ---- CheckInitScripts.py | 114 -------- CheckKDE4Deps.py | 119 -------- CheckLogrotate.py | 97 ------- CheckPAMModules.py | 49 ---- CheckPkgConfig.py | 63 ----- CheckPolkitPrivs.py | 153 ---------- CheckSUIDPermissions.py | 271 ------------------ DuplicatesCheck.py | 100 ------- KMPPolicyCheck.py | 90 ------ LibraryPolicyCheck.py | 503 --------------------------------- README.packaging.txt | 13 + _service | 11 + rpmlint-checks-master.tar.gz | 3 + rpmlint.changes | 13 + rpmlint.spec | 68 +---- suse-filesystem.diff | 11 +- 28 files changed, 57 insertions(+), 2978 deletions(-) delete mode 100644 BashismsCheck.py delete mode 100644 BrandingPolicyCheck.py delete mode 100644 CheckAlternativesGhostFiles.py delete mode 100644 CheckBuildDate.py delete mode 100644 CheckBuildRoot.py delete mode 100644 CheckCommonFiles.py delete mode 100644 CheckDBUSServices.py delete mode 100644 CheckDBusPolicy.py delete mode 100644 CheckExecDocs.py delete mode 100644 CheckFilelist.py delete mode 100644 CheckGNOMEMacros.py delete mode 100644 CheckIconSizes.py delete mode 100644 CheckInitScripts.py delete mode 100644 CheckKDE4Deps.py delete mode 100644 CheckLogrotate.py delete mode 100644 CheckPAMModules.py delete mode 100644 CheckPkgConfig.py delete mode 100644 CheckPolkitPrivs.py delete mode 100644 CheckSUIDPermissions.py delete mode 100644 DuplicatesCheck.py delete mode 100644 KMPPolicyCheck.py delete mode 100644 LibraryPolicyCheck.py create mode 100644 README.packaging.txt create mode 100644 _service create mode 100644 rpmlint-checks-master.tar.gz diff --git a/BashismsCheck.py b/BashismsCheck.py deleted file mode 100644 index 000ae9c..0000000 --- a/BashismsCheck.py +++ /dev/null @@ -1,47 +0,0 @@ -############################################################################# -# File : BashismsCheck.py -# Package : rpmlint -# Author : Guido Berhoerster -# Purpose : check /bin/sh shell scripts for bashisms -############################################################################# - -import re -import AbstractCheck -import Config -import Pkg -from Filter import * - -class BashismsCheck(AbstractCheck.AbstractFilesCheck): - RE_BIN_SH = re.compile('#!\s*(/usr)?/bin/sh(\s+|$)') - - def __init__(self): - AbstractCheck.AbstractFilesCheck.__init__(self, "BashismsCheck", ".*") - - def check_file(self, pkg, filename): - try: - f = open(filename) - except: - return - try: - first_line = f.read(256).split("\n")[0] - if self.RE_BIN_SH.match(first_line): - status, output = Pkg.getstatusoutput(["dash", "-n", filename]) - if status == 2: - printWarning(pkg, "bin-sh-syntax-error", filename) - try: - status, output = Pkg.getstatusoutput(["checkbashisms", filename]) - if status == 1: - printInfo(pkg, "potential-bashisms", filename) - except Exception, x: - printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':filename, 'x':x}) - finally: - f.close() - -check = BashismsCheck() - -if Config.info: - addDetails('bin-sh-syntax-error', - '''A /bin/sh shell script contains a syntax error.''', - 'potential-bashisms', - '''checkbashisms reported potential bashisms in a /bin/sh shell -script, you might want to manually check this script for bashisms.''') diff --git a/BrandingPolicyCheck.py b/BrandingPolicyCheck.py deleted file mode 100644 index a35507d..0000000 --- a/BrandingPolicyCheck.py +++ /dev/null @@ -1,132 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : BrandingPolicyCheck.py -# Package : rpmlint -# Author : Dirk Mueller -# Purpose : Verify that branding related things comply -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import commands -import stat -import Config -import os -import string -import Pkg - -class BrandingPolicyCheck(AbstractCheck.AbstractCheck): - def __init__(self): - self.map = [] - AbstractCheck.AbstractCheck.__init__(self, "BrandingPolicyCheck") - - def check(self, pkg): - if pkg.isSource(): - return - - pkg_requires = set(map(lambda x: string.split(x[0],'(')[0], pkg.requires())) - pkg_conflicts = set(map(lambda x: x[0], pkg.conflicts())) - - # verify that only generic branding is required by non-branding packages - for r in pkg.requires(): - if (pkg.name.find('-branding-') < 0 and - (r[0].find('-theme-') >= 0 or r[0].find('-branding-') >= 0)): - printError(pkg,'suse-branding-specific-branding-req', r[0]) - if r[0].endswith('branding') or r[0].endswith('theme'): - # XXX: that startswith 1 breaks with openSUSE 20... - if (r[1] != rpm.RPMSENSE_EQUAL or not r[2][1].startswith('1')): - printError(pkg,'suse-branding-unversioned-requires', r[0]) - - # verify that it doesn't conflict with branding - for r in pkg_conflicts: - if r.startswith("otherproviders("): - continue - if r.find('-theme-') >= 0 or r.find('-branding-') >= 0: - printError(pkg,'suse-branding-branding-conflict', r) - - if pkg.name.find('-branding-') < 0: - return - - branding_basename=pkg.name.partition('-branding-')[0] - branding_style=pkg.name.partition('-branding-')[2] - generic_branding = ("%s-branding" % (branding_basename)) - - pkg_provides = set(map(lambda x: string.split(x[0],'(')[0], pkg.provides())) - pkg_supplements = set(map(lambda x: x[0], pkg.supplements())) - - # verify that it only supplements with packageand - found_correct=False - correct_supplement="packageand(%s:branding-%s)" % (branding_basename, branding_style) - for s in pkg_supplements: - if s.startswith('packageand('): - if s != correct_supplement: - printError(pkg,'suse-branding-wrong-branding-supplement', s) - else: - found_correct=True - else: - printError(pkg,'suse-branding-excessive-supplement', s) - - if not found_correct: - printError(pkg,'suse-branding-supplement-missing', correct_supplement) - - # nothing else - for r in pkg.recommends(): - printError(pkg,'suse-branding-excessive-recommends', r[0]) - for r in pkg.suggests(): - printError(pkg,'suse-branding-excessive-suggests', r[0]) - for r in pkg.enhances(): - printError(pkg,'suse-branding-excessive-enhances', r[0]) - - # check for provide foo-branding - branding_provide=None - for p in pkg.provides(): - if p[0] == generic_branding: - branding_provide=p - break - - # check for Conflicts: otherproviders(kde4-kdm-branding) - conflict_prop = "otherproviders(%s)" % (generic_branding) - have_conflict_prop = False - for c in pkg_conflicts: - if c == conflict_prop: - have_conflict_prop = True - break - - if not have_conflict_prop: - printError(pkg,'suse-branding-missing-conflicts', conflict_prop) - - if not branding_provide: - printError(pkg,'suse-branding-no-branding-provide') - else: - if (len(branding_provide) < 2 or branding_provide[1] != rpm.RPMSENSE_EQUAL): - printError(pkg, 'suse-branding-unversioned-provides', branding_provide[0]) - - for r in pkg.requires(): - if r[0].find('-theme-') >= 0 or r[0].find('-branding-') >= 0: - if (r[1] != rpm.RPMSENSE_EQUAL or not r[2][1].startswith('1')): - printError(pkg, 'suse-branding-unversioned-requires', r[0]) - - -check=BrandingPolicyCheck() - -if Config.info: - addDetails( -'suse-branding-specific-branding-req', -"""bla""", -'suse-branding-no-branding-provides', -"""Please add a provides entry similar to 'Provides: %name-branding = %version'.""", -'suse-branding-unversioned-provides', -"""Please make sure that your provides entry reads like 'Provides: %name-branding = %version'.""", -'suse-branding-supplement-missing', -"""branding packages should provide a supplemnent in the form -Supplements: packageand(basepackage:branding-) -""", -'suse-branding-unversioned-requires', -"""Please make sure that your requires entry reads like 'Requires: %name-branding = '.""", -'suse-branding-missing-conflicts', -"""Any branding flavor package that provides the generic branding -must also conflict with all other branding packages via a special -otherproviders()""", -) diff --git a/CheckAlternativesGhostFiles.py b/CheckAlternativesGhostFiles.py deleted file mode 100644 index 5595cd2..0000000 --- a/CheckAlternativesGhostFiles.py +++ /dev/null @@ -1,85 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckAlternativesGhostFiles.py -# Package : rpmlint -# Author : Michal Vyskocil -# Purpose : Check if files used by update-alternatives are marked as %ghost -############################################################################# - -from Filter import * -import AbstractCheck -import rpm - -class CheckAlternativesGhostFiles(AbstractCheck.AbstractCheck): - - INSTALL="--install" - SLAVE="--slave" - - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckAlternativesGhostFiles") - - @classmethod - def read_ghost_files(cls, script): - ghost_files = [] - - if not script or not 'update-alternatives' in script: - return ghost_files - - - for command in ( \ - c.replace('\\\n', '').strip() \ - for c in script.split('update-alternatives') \ - if cls.INSTALL in c): - - #parse install - command_args = [] - for arg in command.split(None): - if not arg.startswith("--"): - command_args.append(arg) - - ghost_files.append(command_args[0]) - - if cls.SLAVE in command: - for sc in ( \ - c.strip() \ - for c in command[command.index(cls.SLAVE):].split(cls.SLAVE) \ - if c.strip() != ''): - - xs = sc.split(None, 2) - ghost_files.append(xs[0]) - - return ghost_files - - def check(self, pkg): - - if pkg.isSource(): - return - - alt_files = [] - for script in (pkg.header[tag] for tag in (rpm.RPMTAG_POSTIN, rpm.RPMTAG_PREIN, rpm.RPMTAG_POSTTRANS)): - alt_files.extend(self.read_ghost_files(script)) - - files = pkg.files() - ghost_files = pkg.ghostFiles() - for af in (af for af in alt_files if not af in ghost_files): - if af in files: - printWarning(pkg, 'generic-name-not-marked-as-ghost %s' % (af)) - else: - printWarning(pkg, 'generic-name-not-in-filelist %s' % af) - - -check=CheckAlternativesGhostFiles() - -if Config.info: - addDetails( - -'generic-name-not-marked-as-ghost', -'''The update-alternatives generic name is not marked as a ghost in the %files section. -This causes problems during update. Mark it as a %ghost in %files section.''', - -'generic-name-not-in-filelist', -'''The update-alternatives generic name is not in a filelist of package. -Add it to list marked as %ghost. Note: this error will be raised, -if you use a hash ($) in file name, use rpm macros in spec file instead.''', - -) diff --git a/CheckBuildDate.py b/CheckBuildDate.py deleted file mode 100644 index 3850bf8..0000000 --- a/CheckBuildDate.py +++ /dev/null @@ -1,49 +0,0 @@ -############################################################################# -# File : CheckBuilDate.py -# Package : rpmlint -# Author : Cristian Rodriguez -# Purpose : Check for binaries containing build date -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import os -import commands -import Config -import stat -import time - -class BuildDateCheck(AbstractCheck.AbstractFilesCheck): - def __init__(self): - AbstractCheck.AbstractFilesCheck.__init__(self, "CheckBuildDate", ".*") - self.looksliketime = re.compile('(2[0-3]|[01]?[0-9]):([0-5]?[0-9]):([0-5]?[0-9])') - self.istoday = re.compile(time.strftime("%b %e %Y")) - - def check_file(self, pkg, filename): - if filename.startswith('/usr/lib/debug') or pkg.isSource(): - return - - if not stat.S_ISREG(pkg.files()[filename].mode): - return - - grep_date = pkg.grep(self.istoday, filename) - - grep_time = pkg.grep(self.looksliketime, filename) - - if len(grep_date): - if len(grep_time): - printError(pkg, "file-contains-date-and-time", filename) - else: - printWarning(pkg, "file-contains-current-date", filename) - -check=BuildDateCheck() - -if Config.info: - addDetails( -'file-contains-current-date', -"""Your file contains the current date, this may cause the package to rebuild in excess.""", -'file-contains-date-and-time', -"""Your file uses __DATE and __TIME__ this causes the package to rebuild when not needed""" -) diff --git a/CheckBuildRoot.py b/CheckBuildRoot.py deleted file mode 100644 index c920c3f..0000000 --- a/CheckBuildRoot.py +++ /dev/null @@ -1,41 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckBuildRoot.py -# Package : rpmlint -# Author : Dirk Mueller, Stephan Kulow -# Purpose : Check for files containing $RPM_BUILD_ROOT -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import os -import commands -import Config -import stat - -class BuildRootCheck(AbstractCheck.AbstractFilesCheck): - def __init__(self): - AbstractCheck.AbstractFilesCheck.__init__(self, "CheckBuildRoot", ".*") - t = rpm.expandMacro('%buildroot') - for m in ('name', 'version', 'release'): - t = t.replace("%%{%s}" % (m), "[\w\!-\.]{1,20}") - self.build_root_re = re.compile(t) - - def check_file(self, pkg, filename): - if filename.startswith('/usr/lib/debug') or pkg.isSource(): - return - if not stat.S_ISREG(pkg.files()[filename].mode): - return - - if len(pkg.grep(self.build_root_re, filename)): - printError(pkg, "file-contains-buildroot", filename) - -check=BuildRootCheck() - -if Config.info: - addDetails( -'file-contains-buildroot', -"Your file contains traces of $RPM_BUILD_ROOT." -) diff --git a/CheckCommonFiles.py b/CheckCommonFiles.py deleted file mode 100644 index 27aad45..0000000 --- a/CheckCommonFiles.py +++ /dev/null @@ -1,89 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckCommonFiles.py -# Package : rpmlint -# Author : Dirk Mueller -# Purpose : Check for common files being packaged -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import commands -import stat -import Config -import os -import string - -class CommonFilesCheck(AbstractCheck.AbstractCheck): - def __init__(self): - self.map = [] - AbstractCheck.AbstractCheck.__init__(self, "CheckCommonFiles") - self.sources_am_re = re.compile('([\w\d_]+_SOURCES\s*=|\s*SUBDIRS\s*=)') - - def check(self, pkg): - - if pkg.isSource(): - return - files = pkg.files() - for f in files.keys(): - if f in pkg.ghostFiles(): - continue - md5 = files[f].md5 - - if len(md5) and md5 in ( - 'c59cbaf0df9bcf35feca0d0f1fc01dae', - 'cf8c4d1a5ab88db006c47ae2b51a6b30', - '5d4638159851671944108691f23e4f28', - '0d6be33865b76025c20b48bcac87adb7'): - printError(pkg, "generic-build-instructions", f) - - # bnc 379919 - #if len(md5) and md5 in ( - # '94d55d512a9ba36caa9b7df079bae19f'): - # printError(pkg, "duplicated-file-gpl-v2", f) - - #if len(md5) and md5 in ( - # 'd32239bcb673463ab874e80d47fae504'): - # printError(pkg, "duplicated-file-gpl-v3", f) - - # bsd causes the false positive COPYING.BSD - if len(md5) and f.rsplit('/',1)[1][0].lower() == 'r' and f.rsplit('.',1)[-1].lower() in ( - 'aix', 'bsd', 'dos', 'hpux', 'irix', 'os2', 'mac', 'macos', 'tru64', - 'sco', 'vms', 'win32', 'win', 'solaris'): - printWarning(pkg, "non-linux-readme", f) - - if f.endswith("/Makefile.am") and f[:-3] + ".in" in files and f in pkg.docFiles(): - if not len(pkg.grep(self.sources_am_re, f)): - printError(pkg, "makefile-junk", f) - printError(pkg, "makefile-junk", f[:-3] + ".in") - if f[:-3] in files: - printError(pkg, "makefile-junk", f[:-3]) - -check=CommonFilesCheck() - -if Config.info: - addDetails( -'generic-build-instructions', -"""Your package contains a file that contains the FSF generic -configure/make/make install instructions. Those are useless -for a binary package. Consider removing it to save 3kb of rpm size.""", -'duplicated-file-gpl-v3', -"""Your package contains a file that contains the FSF GPLv3 -license. If you really have to ship it, consider symlinking it -from the licenses package.""", -'duplicated-file-gpl-v2', -"""Your package contains a file that contains the FSF GPLv2 -license. If you really have to ship it, consider symlinking it -from the licenses package.""", -'non-linux-readme', -"""Your package contains a file that contains instructions -for non-linux platforms. They're most likely unneccessary bloat, -consider removing them from your package.""", -'makefile-junk', -"""Your package contains makefiles that only make sense in a -source package. Did you package a complete directory from the -tarball by using %doc? Consider removing Makefile* from this -directory at the end of your %install section to reduce package bloat.""" -) diff --git a/CheckDBUSServices.py b/CheckDBUSServices.py deleted file mode 100644 index cc3aa0b..0000000 --- a/CheckDBUSServices.py +++ /dev/null @@ -1,57 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckDBUSServices.py -# Package : rpmlint -# Author : Ludwig Nussel -# Purpose : Check for DBUS services that are not authorized by the security team -############################################################################# - -# http://techbase.kde.org/Development/Tutorials/D-Bus/Autostart_Services - -from Filter import * -import AbstractCheck -import re -import os -import string - -SERVICES_WHITELIST = Config.getOption('DBUSServices.WhiteList', ()) # set of file names - -# need to end with / so we don't catch directories -_dbus_system_paths = [ - "/usr/share/dbus-1/system-services/", - "/etc/dbus-1/system.d/" -] - -class DBUSServiceCheck(AbstractCheck.AbstractCheck): - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckDBUSServices") - - def check(self, pkg): - global SERVICES_WHITELIST - global _dbus_system_paths - - if pkg.isSource(): - return - - files = pkg.files() - - for f in files: - if f in pkg.ghostFiles(): - continue - - for p in _dbus_system_paths: - if f.startswith(p): - - bn = f[len(p):] - if not bn in SERVICES_WHITELIST: - printError(pkg, "suse-dbus-unauthorized-service", f) - -check=DBUSServiceCheck() - -if Config.info: - addDetails( -'suse-dbus-unauthorized-service', -"""The package installs a DBUS system service file. If the package -is intended for inclusion in any SUSE product please open a bug -report to request review of the service by the security team.""", -) diff --git a/CheckDBusPolicy.py b/CheckDBusPolicy.py deleted file mode 100644 index 58d02c4..0000000 --- a/CheckDBusPolicy.py +++ /dev/null @@ -1,80 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckDBusPolicy.py -# Package : rpmlint -# Author : Ludwig Nussel -# Purpose : Check for broken DBus policies -############################################################################# - -# causes extraction of package if it contains files in /etc/dbus-1/system.d/ - -from Filter import * -import AbstractCheck -from xml.dom.minidom import parse - -class DBusPolicyCheck(AbstractCheck.AbstractCheck): - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckDBusPolicy") - - def check(self, pkg): - - if pkg.isSource(): - return - - files = pkg.files() - - for f in files: - if f in pkg.ghostFiles(): - continue - - # catch xml exceptions - try: - if f.startswith("/etc/dbus-1/system.d/"): - send_policy_seen = False - lf = pkg.dirName() + f - xml = parse(lf) - for p in xml.getElementsByTagName("policy"): - for allow in p.getElementsByTagName("allow"): - if ( allow.hasAttribute('send_interface') \ - or allow.hasAttribute('send_member') \ - or allow.hasAttribute('send_path')) \ - and not allow.hasAttribute('send_destination'): - send_policy_seen = True - printError(pkg, 'dbus-policy-allow-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() }) - elif allow.hasAttribute('send_destination'): - send_policy_seen = True - - if allow.hasAttribute('receive_sender') \ - or allow.hasAttribute('receive_interface'): - printInfo(pkg, 'dbus-policy-allow-receive', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() }) - - for deny in p.getElementsByTagName("deny"): - if ( deny.hasAttribute('send_interface') \ - and not deny.hasAttribute('send_destination')): - printError(pkg, 'dbus-policy-deny-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':deny.toxml() }) - - if not send_policy_seen: - printError(pkg, 'dbus-policy-missing-allow', "%(file)s does not allow communication" % { 'file':f }) - - except Exception, x: - printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':f, 'x':x}) - continue - -check=DBusPolicyCheck() - -if Config.info: - addDetails( -'dbus-policy-allow-without-destination', -"""'allow' directives must always specify a 'send_destination'""", -'dbus-policy-allow-receive', -"""allow receive_* is normally not needed as that is the default""", -'dbus-policy-deny-without-destination', -"""'deny' directives must always specify a 'send_destination' otherwise messages to other services could be blocked""", -'dbus-policy-missing-allow', -"""every dbus config normally needs a line of the form - -or similar. If that is missing the service will not work with a dbus that uses -deny as default policy""", -'rpmlint-exception', -"""A python exception was raised which prevents further analysis""", -) diff --git a/CheckExecDocs.py b/CheckExecDocs.py deleted file mode 100644 index db9d1cf..0000000 --- a/CheckExecDocs.py +++ /dev/null @@ -1,97 +0,0 @@ -# vim:sw=4:et -#--------------------------------------------------------------- -# Module : rpmlint -# File : CheckExecDocs.py -# Author : Stephan Kulow, Dirk Mueller -# Purpose : Check for executable files in %doc -#--------------------------------------------------------------- - -from Filter import * -import AbstractCheck -import rpm -import re -import commands -import stat -import Config -import os -import string - -def ignore_pkg(name): - if name.startswith('bundle-'): - return True - if name.find('-devel') != -1: - return True - if name.find('-doc') != -1: - return True - - return False - -def lang_ignore_pkg(name): - if ignore_pkg(name): - return True - if name.endswith('-lang'): - return True - if name.find('-trans-') != -1: - return True - - return False - -class ExecDocsCheck(AbstractCheck.AbstractCheck): - def __init__(self): - self.map = [] - AbstractCheck.AbstractCheck.__init__(self, "CheckExecDocs") - - def check(self, pkg): - - if pkg.isSource(): - return - - files = pkg.files() - complete_size=0 - lang_size=0 - for f, pkgfile in files.items(): - if stat.S_ISREG(pkgfile.mode): - complete_size += pkgfile.size - if pkgfile.lang != '': - lang_size += pkgfile.size - - doc_size=0 - for f in pkg.docFiles(): - if stat.S_ISREG(files[f].mode): - doc_size += files[f].size - - if doc_size * 2 >= complete_size \ - and doc_size > 100*1024 and (complete_size - doc_size) * 20 > complete_size \ - and not ignore_pkg(pkg.name): - printWarning(pkg, "package-with-huge-docs", ("%3d%%" % (doc_size * 100 / complete_size)) ) - - if lang_size * 2 >= complete_size \ - and lang_size > 100*1024 and (complete_size - lang_size) * 20 > complete_size \ - and not lang_ignore_pkg(pkg.name): - printWarning(pkg, "package-with-huge-translation", ("%3d%%" % (lang_size * 100 / complete_size))) - - for f in pkg.docFiles(): - mode=files[f].mode - if not stat.S_ISREG(mode) or not mode & 0111: - continue - for ext in ['txt', 'gif', 'jpg', 'html', 'pdf', 'ps', 'pdf.gz', 'ps.gz']: - if f.endswith("." + ext): - printError(pkg, 'executable-docs', f) - - for name in ['README', 'NEWS', 'COPYING', 'AUTHORS']: - if f.endswith("/" + name): - printError(pkg, 'executable-docs', f) - -check=ExecDocsCheck() - -if Config.info: - addDetails( -'executable-docs', -"Documentation should not be executable.", -'package-with-huge-docs', -"""More than half the size of your package is documentation. -Consider splitting it into a -doc subpackage.""", -'package-with-huge-translation', -"""More than half the size of your package is language-specific. -Consider splitting it into a -lang subpackage.""" -) diff --git a/CheckFilelist.py b/CheckFilelist.py deleted file mode 100644 index b5ae4cc..0000000 --- a/CheckFilelist.py +++ /dev/null @@ -1,444 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckFilelist.py -# Package : rpmlint -# Author : Ludwig Nussel -# Purpose : Check for wrongly packaged files and FHS violations -############################################################################# - -from Filter import * -import AbstractCheck -import re -import os -import string -import fnmatch -from rpm import RPMTAG_VENDOR - -_defaulterror = 'suse-filelist-forbidden' -_defaultmsg = '%(file)s is not allowed in SUSE' - -def notnoarch(pkg): - return pkg.arch != 'noarch' - -def isfilesystem(pkg): - return pkg.name == 'filesystem' - -def isdebuginfo(pkg): - if pkg.name.endswith('-debuginfo') \ - or pkg.name.endswith('-debuginfo-32bit') \ - or pkg.name.endswith('-debuginfo-64bit') \ - or pkg.name.endswith('-debugsource') \ - or pkg.name.endswith('-debug'): - return True - -def notsymlink(pkg, f): - mode = pkg.files()[f].mode - type = (mode>>12)&017 - return type != 012 - -def ghostfile(pkg, f): - ghosts = pkg.ghostFiles() - return f in ghosts - -_goodprefixes = ( - '/bin/', - '/boot/', - '/etc/', - '/lib/', - '/lib64/', - '/media/', - # SUSE policy handled in separate check - '/opt/', - '/sbin/', - '/srv/', - # SUSE policy handled in separate check - '/usr/X11R6/', - '/usr/bin/', - '/usr/games/', - '/usr/include/', - '/usr/lib/', - '/usr/lib64/', - '/usr/sbin/', - '/usr/share/', - # actually only linux is allowed by fhs - '/usr/src/linux', - '/usr/src/debug/', - '/usr/src/packages/', - '/var/account/', - '/var/cache/', - '/var/crash/', - '/var/games/', - '/var/lib/', - '/var/lock/', - '/var/log/', - '/var/mail/', - '/var/opt/', - '/var/run/', - '/var/spool/', - '/var/yp/', - # those are not in FHS! - '/var/adm/', - '/var/nis/', - '/emul/', - ) - -# computed from goodprefixes. -# Directories that are only allowed to have defined subdirs (such as /usr) -_restricteddirs = set() - -_checks = [ - { - 'bad': [ - '*/.xvpics', - '*.orig', - '*.orig.gz', - '/usr/share/*/.libs*', - '/usr/share/*/.deps*', - '/var/adm/setup', - '/etc/httpd/*', - '/etc/init.d/*/*', - '/usr/share/locale/LC_MESSAGES', - ], - }, - { - 'error': 'suse-filelist-forbidden-sysconfig', - 'details': '''Please use /var/adm/fillup-templates/sysconfig. - and call %fillup_and_insserv to install new sysconfig files''', - 'good': [ - '/etc/sysconfig/cbq', - '/etc/sysconfig/scripts', - '/etc/sysconfig/scripts/*', - '/etc/sysconfig/network', - '/etc/sysconfig/network/*', - '/etc/sysconfig/hardware', - '/etc/sysconfig/hardware/*', - '/etc/sysconfig/isdn', - '/etc/sysconfig/isdn/scripts', - '/etc/sysconfig/isdn/scripts/*', - '/etc/sysconfig/SuSEfirewall2.d', - '/etc/sysconfig/SuSEfirewall2.d/*', - '/etc/sysconfig/uml', - ], - 'bad': [ - '/var/adm/fillup-templates/rc.config.*', - '/etc/sysconfig/*', - '/etc/rc.config.d/*', - ], - }, - { - 'error': 'suse-filelist-forbidden-perl-dir', - 'details': '''perl files installed a non-vendor installed path, - which is not allowed in SUSE.''', - 'bad': [ - '/usr/lib/perl5/site_perl/*', - ], - }, - { - 'error': 'suse-filelist-forbidden-backup-file', - 'details': 'backup files (e.g. files ending in ~, .swp or .bak) are not allowed', - 'bad': [ - '*~', - '*.bak', - '*/.*.swp', - ], - 'ignorefileif': ghostfile, - }, - { - 'error': 'suse-filelist-forbidden-devel-in-lib', - 'details': 'please move la files, static libs and .so symlinks to /usr/lib(64)', - 'bad': [ - "/lib/*.la", - "/lib/*.a", - "/lib64/*.la", - "/lib64/*.a", - ] - }, - { - 'error': 'suse-filelist-forbidden-devel-in-lib', - 'details': 'please move la files, static libs and .so symlinks to /usr/lib(64)', - 'good': [ - # exception for pam - "/lib/security/*.so", - "/lib64/security/*.so", - ], - 'bad': [ - "/lib/*.so", - "/lib64/*.so", - ], - # some libs without proper soname are packaged directly - 'ignorefileif': notsymlink, - }, - { - 'error': 'suse-filelist-forbidden-fhs23', - 'msg': '%(file)s is not allowed in FHS 2.3', - 'details': 'see http://www.pathname.com/fhs/ to find a better location', - 'bad': [ - "/etc/X11/app-defaults/*", - "/usr/local/man/*/*", - "/var/lib/games", - "/var/lib/games/*", - "/usr/sbin/*/*", - "/sbin/init.d", - "/sbin/init.d/*", - "/bin/*/*", - ] - }, - { - 'error': 'suse-filelist-forbidden-yast2', - 'msg': '%(file)s is not allowed anymore in YaST2', - 'bad': [ - '/usr/lib/YaST2/*.ycp', - '/usr/lib/YaST2/*.y2cc', - '/usr/lib/YaST2/*.*.scr', - ], - }, - { - 'error': 'suse-filelist-forbidden-srv', - 'details': """Please use /srv for ftp and http data""", - 'bad': [ - '/usr/local/ftp', - '/usr/local/http', - ], - }, - { - 'error': 'suse-filelist-forbidden-games', - 'details': """static data has to be in /usr/share/games, variable in /var/games""", - 'bad': [ - '/usr/games/bin', - '/usr/games/lib', - '/usr/games/*/*', - ], - }, - { - 'error': 'suse-filelist-forbidden-noarch', - 'msg': '%(file)s is not allowed in a noarch package', - 'bad': [ - '/lib64', - '/lib64/*', - '/usr/lib64', - '/usr/lib64/*', - '/usr/X11R6/lib64', - '/usr/X11R6/lib64/*', - '/opt/gnome/lib64', - '/opt/gnome/lib64/*', - '/opt/kde3/lib64', - '/opt/kde3/lib64/*', - '/usr/lib/pkgconfig/*', - '/usr/lib/perl5/vendor_perl/5.*/*-linux-*/*', - ], - 'ignorepkgif': notnoarch, - }, - { - 'error': 'suse-filelist-forbidden-debuginfo', - 'msg': '%(file)s may only be packaged in the -debuginfo subpackage', - 'bad': [ - '/usr/lib/debug/*', - ], - 'ignorepkgif': isdebuginfo, - }, - { - 'error': 'suse-filelist-forbidden-locale', - 'details': """Please use nb or nb_NO (and nn for nynorsk)""" - """see https://bugzilla.novell.com/show_bug.cgi?id=42748""", - 'bad': [ - '/opt/gnome/share/locale/no', - '/opt/gnome/share/locale/no/*', - '/opt/kde3/share/locale/no', - '/opt/kde3/share/locale/no/*', - '/usr/share/locale/no', - '/usr/share/locale/no/*', - '/usr/share/vim/*/lang/no', - '/usr/share/vim/*/lang/no/*', - ], - }, - { - 'error': 'suse-filelist-forbidden-xorg', - 'details': """Please use the updated paths for Xorg 7.1 and above""", - 'bad': [ - '/usr/X11R6/*', - ], - 'ignorepkgif': isfilesystem, - }, - { - 'error': 'suse-filelist-forbidden-suseconfig', - 'details': """Adding new SuSEconfig scripts is not accepted for openSUSE 10.2 and newer""", - 'good': [ - '/sbin/conf.d/SuSEconfig.cjk-latex', - '/sbin/conf.d/SuSEconfig.fonts', - '/sbin/conf.d/SuSEconfig.ghostscript-cjk', - '/sbin/conf.d/SuSEconfig.glib2', - '/sbin/conf.d/SuSEconfig.icu', - '/sbin/conf.d/SuSEconfig.isdn', - '/sbin/conf.d/SuSEconfig.ispell', - '/sbin/conf.d/SuSEconfig.kde', - '/sbin/conf.d/SuSEconfig.kdm3', - '/sbin/conf.d/SuSEconfig.mailman', - '/sbin/conf.d/SuSEconfig.news', - '/sbin/conf.d/SuSEconfig.pbs', - '/sbin/conf.d/SuSEconfig.perl', - '/sbin/conf.d/SuSEconfig.permissions', - '/sbin/conf.d/SuSEconfig.postfix', - '/sbin/conf.d/SuSEconfig.prelink', - '/sbin/conf.d/SuSEconfig.scim', - '/sbin/conf.d/SuSEconfig.scpm', - '/sbin/conf.d/SuSEconfig.sendmail', - '/sbin/conf.d/SuSEconfig.susehelp', - '/sbin/conf.d/SuSEconfig.tetex', - '/sbin/conf.d/SuSEconfig.texlive', - '/sbin/conf.d/SuSEconfig.words', - '/sbin/conf.d/SuSEconfig.xjdic', - ], - 'bad': [ - '/sbin/conf.d/*', - ], - }, - { - 'error': 'suse-filelist-forbidden-opt', - 'details': """/opt may not be used by a distribution. It is reserved for 3rd party packagers""", - }, - ] - -class FilelistCheck(AbstractCheck.AbstractCheck): - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckFilelist") - import re - - _restricteddirs.add('/') - for d in _goodprefixes: - if d.count('/') > 2: - _restricteddirs.add(d[0:-1].rpartition('/')[0]) - - for check in _checks: - if 'good' in check: - for i in range(len(check['good'])): - pattern = check['good'][i] - if '*' in pattern: - r = fnmatch.translate(pattern) - check['good'][i] = re.compile(r) - - if 'bad' in check: - for i in range(len(check['bad'])): - pattern = check['bad'][i] - if '*' in pattern: - r = fnmatch.translate(pattern) - check['bad'][i] = re.compile(r) - - def check(self, pkg): - global _checks - global _defaultmsg - global _defaulterror - global _goodprefixes - global _restricteddirs - - if pkg.isSource(): - return - - files = pkg.files() - - if not files: - printWarning(pkg, 'suse-filelist-empty', 'packages without any files are discouraged in SUSE') - return - - for check in _checks: - - if 'ignorepkgif' in check: - if check['ignorepkgif'](pkg): - continue - - if 'msg' in check: - msg = check['msg'] - else: - msg = _defaultmsg - - if 'error' in check: - error = check['error'] - else: - error = _defaulterror - - if 'good' in check or 'bad' in check: - for f in files.keys(): - ok = False - if 'good' in check: - for g in check['good']: - if (not isinstance(g, str) and g.match(f)) or g == f: - ok = True - break - if ok: - continue - - if 'bad' in check: - for b in check['bad']: - if 'ignorefileif' in check: - if check['ignorefileif'](pkg, f): - continue - if (not isinstance(b, str) and b.match(f)) or b == f: - printError(pkg, error, msg % { 'file':f } ) - - invalidfhs = set() - invalidopt = set() - - if pkg.header[RPMTAG_VENDOR] and pkg.header[RPMTAG_VENDOR].find('SUSE') != -1: - isSUSE = True - else: - isSUSE = False - - # the checks here only warn about a directory once rather - # than reporting potentially hundreds of files individually - for f, pkgfile in files.items(): - type = (pkgfile.mode>>12)&017 - - # append / to directories - if type == 04: - f += '/' - - if not f.startswith(_goodprefixes): - base = f.rpartition('/') - pfx = None - # find the first invalid path component (/usr/foo/bar/baz -> /usr) - while base[0] and not base[0].startswith(_goodprefixes) and not base[0] in _restricteddirs: - pfx = base[0] - base = base[0].rpartition('/') - - if not pfx: - invalidfhs.add(f) - else: - invalidfhs.add(pfx) - - if f.startswith('/opt'): - try: - provider = f.split('/')[2] - except: - continue - # legacy exception - if provider == 'kde3': - continue - if isSUSE and (provider == 'suse' or provider == 'novell'): - continue - - d = '/opt/'+provider - invalidopt.add(d) - - for f in invalidfhs: - printError(pkg, 'suse-filelist-forbidden-fhs23', "%(file)s is not allowed in FHS 2.3" % { 'file': f }) - - for f in invalidopt: - printError(pkg, 'suse-filelist-forbidden-opt', '%(file)s is not allowed for official SUSE packages' % { 'file': f }) - -check=FilelistCheck() - -if Config.info: - for check in _checks: - - if not 'details' in check: - continue - - if not 'error' in check: - continue - - addDetails('suse-filelist-forbidden', """ -Your package installs files or directories in a location that have -previously been blacklisted. Please have a look at the particular -file and see if the SUSE Packaging Guidelines propose a better place -on where to install the file or not install it at all.""") - - addDetails(check['error'], check['details']) diff --git a/CheckGNOMEMacros.py b/CheckGNOMEMacros.py deleted file mode 100644 index b7261be..0000000 --- a/CheckGNOMEMacros.py +++ /dev/null @@ -1,185 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckGNOMEMacros.py -# Package : rpmlint -# Author : Vincent Untz -# Purpose : Check for GNOME related packaging errors -############################################################################# - -import re -import string - -import rpm - -from Filter import * -import AbstractCheck -import Config - -## FIXME -# Maybe detect packages installing icons in other themes than hicolor and not -# updating the icon cache for those themes? - -_gnome_post_postun_checks = [ - ('glib2-gsettings-schema', - re.compile('^/usr/share/glib-2.0/schemas/.+\.gschema.xml$'), - 'glib2-tools', - re.compile('^[^#]*glib-compile-schemas', re.MULTILINE), - True), - - ('glib2-gio-module', - re.compile('^/usr/lib(?:64)?/gio/modules/'), - 'glib2-tools', - re.compile('^[^#]*gio-querymodules', re.MULTILINE), - True), - - ('gdk-pixbuf-loader', - re.compile('^/usr/lib(?:64)?/gdk-pixbuf-2.0/[^/]+/loaders/'), - 'gdk-pixbuf-query-loaders', - re.compile('^[^#]*gdk-pixbuf-query-loaders', re.MULTILINE), - True), - - ('gtk2-immodule', - re.compile('^/usr/lib(?:64)?/gtk-2.0/[^/]+/immodules/'), - 'gtk2', - re.compile('^[^#]*gtk-query-immodules-2.0', re.MULTILINE), - True), - - ('gtk3-immodule', - re.compile('^/usr/lib(?:64)?/gtk-3.0/[^/]+/immodules/'), - 'gtk3-tools', - re.compile('^[^#]*gtk-query-immodules-3.0', re.MULTILINE), - True), - - # Not fatal since it would make too many things fail - ('hicolor-icon-cache', - re.compile('^/usr/share/icons/hicolor/'), - None, - re.compile('^[^#]*gtk-update-icon-cache', re.MULTILINE), - False), - - ('mime-database', - re.compile('^/usr/share/mime/packages/.+\.xml$'), - None, - re.compile('^[^#]*update-mime-database', re.MULTILINE), - True), - - # Not fatal since it would make too many things fail - ('desktop-database', - re.compile('^/usr/share/applications/.+\.desktop$'), - None, - re.compile('^[^#]*update-desktop-database', re.MULTILINE), - False) -] - -_gnome_gconf_filename_re = re.compile('^/usr/share/GConf/schemas/.+\.schemas$') -_gnome_gconf_sciptlet_re = re.compile('^[^#]*gconftool-2', re.MULTILINE) - -class GNOMECheck(AbstractCheck.AbstractCheck): - - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckGNOMEMacros") - - def check(self, pkg): - - if pkg.isSource(): - return - - ghosts = pkg.ghostFiles() - - pkg_requires = set(map(lambda x: string.split(x[0],'(')[0], pkg.requires())) - postin = pkg[rpm.RPMTAG_POSTIN] or pkg[rpm.RPMTAG_POSTINPROG] - postun = pkg[rpm.RPMTAG_POSTUN] or pkg[rpm.RPMTAG_POSTUNPROG] - posttrans = pkg[rpm.RPMTAG_POSTTRANS] or pkg[rpm.RPMTAG_POSTTRANSPROG] - - for filename in (x for x in pkg.files() if x not in ghosts): - for (name, file_re, required, post_re, fatal) in _gnome_post_postun_checks: - if fatal: - gnomePrint = printError - else: - gnomePrint = printWarning - - if file_re.search(filename): - if required and required not in pkg_requires: - gnomePrint(pkg, 'suse-' + name + '-missing-requires', filename) - if not postin or not post_re.search(postin): - gnomePrint(pkg, 'suse-' + name + '-missing-postin', filename) - if not postun or not post_re.search(postun): - gnomePrint(pkg, 'suse-' + name + '-missing-postun', filename) - - if _gnome_gconf_filename_re.search(filename): - if not ((postin and _gnome_gconf_sciptlet_re.search(postin)) or - (posttrans and _gnome_gconf_sciptlet_re.search(posttrans))): - printError(pkg, 'suse-gconf-schema-missing-scriptlets', filename) - - -check=GNOMECheck() - -if Config.info: - addDetails( -'suse-glib2-gsettings-schema-missing-requires', -'''A GSettings schema is in your package, but there is no dependency for the tool to recompile the schema database. Use %glib2_gsettings_schema_requires.''', - -'suse-glib2-gsettings-schema-missing-postin', -'''A GSettings schema is in your package, but the schema database is not recompiled in the %post scriptlet. Use %glib2_gsettings_schema_post.''', - -'suse-glib2-gsettings-schema-missing-postun', -'''A GSettings schema is in your package, but the schema database is not recompiled in the %postun scriptlet. Use %glib2_gsettings_schema_postun.''', - -'suse-glib2-gio-module-missing-requires', -'''A GIO module is in your package, but there is no dependency for the tool to rebuild the GIO module cache. Use %glib2_gio_module_requires.''', - -'suse-glib2-gio-module-missing-postin', -'''A GIO module is in your package, but the GIO module cache is not rebuilt in the %post scriptlet. Use %glib2_gio_module_post.''', - -'suse-glib2-gio-module-missing-postun', -'''A GIO module is in your package, but the GIO module cache is not rebuilt in the %postun scriptlet. Use %glib2_gio_module_postun.''', - -'suse-gdk-pixbuf-loader-missing-requires', -'''A gdk-pixbuf loader is in your package, but there is no dependency for the tool to rebuild the gdk-pixbuf loader cache. Use %gdk_pixbuf_loader_requires.''', - -'suse-gdk-pixbuf-loader-missing-postin', -'''A gdk-pixbuf loader is in your package, but the gdk-pixbuf loader cache is not rebuilt in the %post scriptlet. Use %gdk_pixbuf_loader_post.''', - -'suse-gdk-pixbuf-loader-missing-postun', -'''A gdk-pixbuf loader is in your package, but the gdk-pixbuf loader cache is not rebuilt in the %postun scriptlet. Use %gdk_pixbuf_loader_postun.''', - -'suse-gtk2-immodule-missing-requires', -'''A GTK+ 2 IM module is in your package, but there is no dependency for the tool to rebuild the GTK+ 2 IM module cache. Use %gtk2_immodule_requires.''', - -'suse-gtk2-immodule-missing-postin', -'''A GTK+ 2 IM module is in your package, but the GTK+ 2 IM module cache is not rebuilt in the %post scriptlet. Use %gtk2_immodule_post.''', - -'suse-gtk2-immodule-missing-postun', -'''A GTK+ 2 IM module is in your package, but the GTK+ 2 IM module cache is not rebuilt in the %postun scriptlet. Use %gtk2_immodule_postun.''', - -'suse-gtk3-immodule-missing-requires', -'''A GTK+ 3 IM module is in your package, but there is no dependency for the tool to rebuild the GTK+ 3 IM module cache. Use %gtk3_immodule_requires.''', - -'suse-gtk3-immodule-missing-postin', -'''A GTK+ 3 IM module is in your package, but the GTK+ 3 IM module cache is not rebuilt in the %post scriptlet. Use %gtk3_immodule_post.''', - -'suse-gtk3-immodule-missing-postun', -'''A GTK+ 3 IM module is in your package, but the GTK+ 3 IM module cache is not rebuilt in the %postun scriptlet. Use %gtk3_immodule_postun.''', - -'suse-hicolor-icon-cache-missing-postin', -'''An icon for the hicolor theme is in your package, but the hicolor icon cache is not rebuilt in the %post scriptlet. Use %icon_theme_cache_post.''', - -'suse-hicolor-icon-cache-missing-postun', -'''An icon for the hicolor theme is in your package, but the hicolor icon cache is not rebuilt in the %postun scriptlet. Use %icon_theme_cache_postun.''', - -'suse-mime-database-missing-postin', -'''A MIME definition is in your package, but the MIME database is not rebuilt in the %post scriptlet. Use %mime_database_post.''', - -'suse-mime-database-missing-postun', -'''A MIME definition is in your package, but the MIME database is not rebuilt in the %postun scriptlet. Use %mime_database_postun.''', - -'suse-desktop-database-missing-postin', -'''A desktop file is in your package, but the desktop database is not rebuilt in the %post scriptlet. Use %desktop_database_post.''', - -'suse-desktop-database-missing-postun', -'''A desktop file is in your package, but the desktop database is not rebuilt in the %postun scriptlet. Use %desktop_database_postun.''', - -'suse-gconf-schema-missing-scriptlets', -'''A GConf schema is in your package, but the GConf configuration is not updated by scriptlets. Please use the gconf RPM macros.''' - -) diff --git a/CheckIconSizes.py b/CheckIconSizes.py deleted file mode 100644 index 829680e..0000000 --- a/CheckIconSizes.py +++ /dev/null @@ -1,51 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckIconSizes.py -# Package : rpmlint -# Author : Dirk Mueller -# Purpose : Check for common scaling errors in icons -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import commands -import stat -import Config -import os -import string - -class IconSizesCheck(AbstractCheck.AbstractCheck): - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckIconSizes") - self.file_size_regex = re.compile('/icons/[^/]+/(\d+)x(\d+)/') - self.info_size_regex = re.compile('(\d+) x (\d+)') - - def check(self, pkg): - - if pkg.isSource(): - return - - for fname, pkgfile in pkg.files().items(): - res = self.file_size_regex.search(fname) - if res: - sizes = (res.group(1), res.group(2)) - res = self.info_size_regex.search(pkgfile.magic) - if res: - actualsizes = (res.group(1), res.group(2)) - - if abs(int(sizes[0])-int(actualsizes[0])) > 2 or \ - abs(int(sizes[1])-int(actualsizes[1])) > 2: - printError(pkg,"wrong-icon-size", fname, "expected:", - "x".join(sizes), "actual:", "x".join(actualsizes)) - - -check=IconSizesCheck() - -if Config.info: - addDetails( -'wrong-icon-size', -"""Your icon file is installed in a fixed-size directory, but has a largely incorrect size. -Some desktop environments (e.g. GNOME) display them incorrectly.""" -) diff --git a/CheckInitScripts.py b/CheckInitScripts.py deleted file mode 100644 index 0f9c467..0000000 --- a/CheckInitScripts.py +++ /dev/null @@ -1,114 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckInitScripts.py -# Package : rpmlint -# Author : Dirk Mueller -# Purpose : Check for common mistakes in init scripts -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import commands -import stat -import Config -import os -import string - -insserv_regex=re.compile('^\s*sbin/insserv', re.MULTILINE) -preun_regex=re.compile('^\s*/etc/init.d/\S+ stop', re.MULTILINE) - -class CheckInitScripts(AbstractCheck.AbstractFilesCheck): - def __init__(self): - AbstractCheck.AbstractFilesCheck.__init__(self, "CheckInitScripts", "/etc/init.d/.*") - - def check(self, pkg): - - if pkg.isSource(): - return - - files = pkg.files() - bins_list = filter(lambda f: (f.startswith("/usr/bin") \ - or f.startswith("/usr/sbin")) and stat.S_ISREG(files[f].mode), files.keys()) - - for f, pkgfile in files.items(): - - if f in pkg.ghostFiles() or not stat.S_ISREG(pkgfile.mode) or not f.startswith("/etc/init.d/"): - continue - - boot_script = f.startswith('/etc/init.d/boot.') - - input_f = file(pkg.dirName() + '/' + f, "r") - found_remote_fs = False - for l in input_f: - if l.startswith('# Required-Start') or l.startswith('# Should-Start'): - for dep in l.split()[2:]: - if dep.startswith('$') and dep not in ('$local_fs', - '$named', - '$network', - '$portmap', - '$remote_fs', - '$syslog', - '$time', - '$null', - '$ALL'): - printError(pkg, "init-script-undefined-dependency", f, dep) - if dep in ('portmap', 'syslog', 'named', 'network', 'ntp', 'ntpd', 'xntpd'): - printWarning(pkg, "init-script-non-var-dependency", f, dep) - if dep in ('$remote_fs'): - found_remote_fs = True - if l.startswith('# X-UnitedLinux-Should'): - printWarning(pkg, "obsolete-init-keyword", f, l) - if l.startswith('# Default-Start'): - for dep in l.split()[2:]: - if boot_script and dep not in ('B', 'S'): - printError(pkg, "init-script-boot_d", f) - if not boot_script and dep in ('B'): - printError(pkg, "init-script-not-boot_d", f, dep) - if dep == '4': - printError(pkg, "init-script-runlevel-4", f) - - if not found_remote_fs and bins_list: - printWarning(pkg, "non-remote_fs-dependency", f) - - -check=CheckInitScripts() - -if Config.info: - addDetails( -'init-script-undefined-dependency', -"""Your package contains a /etc/init.d script that specifies a -dependency that is not listed in /etc/insserv.conf. Check for -typos.""", - -'init-script-non-var-dependency', -"""Your package contains a /etc/init.d script that specifies -a hardcoded dependency that likely should be a variable dependency. -For example portmap should actually be $portmap, and similar.""", -'obsolete-init-keyword', - -"""Your package contains a /etc/init.d script that specifies -an obsolete keyword, like X-UnitedLinux-Should-Start. Consider -using the LSB equivalent Should-Start instead.""", - -'init-script-boot_d', -"""The init script has a "boot." prefix but actually lacks 'B' in -'Default-Start'. Either rename the script or add -'B' to 'Default-Start'""", - -'init-script-not-boot_d', -"""The init script specifies that it should be run in level 'B' but -doesn't have a "boot." prefix. Either rename the script or remove -the 'B' from 'Default-Start'""", - -'non-remote_fs-dependency', -"""Your package contains a /etc/init.d script that does not specify -$remote_fs as a start dependency, but the package also contains -files packaged in /usr. Make sure that your start script does not -call any of them, or add the missing $remote_fs dependency.""", - -'init-script-runlevel-4', -"""The init script refers to runlevel 4 which is admin defined. No -distribution script must use it. Remove '4' from 'Default-Start'.""", -) diff --git a/CheckKDE4Deps.py b/CheckKDE4Deps.py deleted file mode 100644 index f11d305..0000000 --- a/CheckKDE4Deps.py +++ /dev/null @@ -1,119 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckKDE4Deps.py -# Package : rpmlint -# Author : Dirk Mueller -# Purpose : Check for KDE4 related packaging errors -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import os -import string -import commands -import Config -import Pkg -import stat - -_kde4_pimlibs=( - "libgpgme++-pth.so.1.1.0", - "libgpgme++-pthread.so.1.1.0", - "libgpgme++.so.1.1.0", - "libkabc.so.4", - "libkabc_file_core.so.4", - "libkblog.so.4", - "libkcal.so.4", - "libkimap.so.4", - "libkldap.so.4", - "libkmime.so.4", - "libkpimidentities.so.4", - "libkpimutils.so.4", - "libkresources.so.4", - "libktnef.so.4", - "libkxmlrpcclient.so.4", - "libmailtransport.so.4", - "libqgpgme.so.1.0.0", - "libsyndication.so.4" -) - -_kde4_libkdepim4 = ( - "libkdepim.so.4", - "libkontactinterfaces.so.4", - "libkleopatraclientcore.so.0.2.0", - "libkleopatraclientgui.so.0.2.0", -) - -_kde4_libakonadi4 = ( - "libakonadi-kde.so.4", - "libakonadi-kabc.so.4", - "libakonadi-kcal.so.4", - "libakonadi-kmime.so.4", - "libakonadiprotocolinternals.so.1", -) - -class KDE4Check(AbstractCheck.AbstractCheck): - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckKDE4Deps") - - def check(self, pkg): - - if pkg.isSource(): - return - - pkg_requires = set(map(lambda x: string.split(x[0],'(')[0], pkg.requires())) - - if not "libkdecore.so.5" in pkg_requires: - return - - if not pkg.name.startswith("lib"): - if not "kdebase4-runtime" in pkg_requires: - printError(pkg,"suse-kde4-missing-runtime-dependency") - - kdepimlibs4_dep=False - for r in pkg_requires: - if r in _kde4_pimlibs: - kdepimlibs4_dep=True - break - - libkdepim4_dep=False - for r in pkg_requires: - if r in _kde4_libkdepim4: - libkdepim4_dep =True - break - - libakonadi4_dep=False - for r in pkg_requires: - if r in _kde4_libakonadi4: - libakonadi4_dep =True - break - - if not pkg.name.startswith("lib"): - if "kdepimlibs4" in pkg_requires and not kdepimlibs4_dep: - printError(pkg,"suse-kde4-excessive-dependency", "%kde4_pimlibs_requires") - if not "kdepimlibs4" in pkg_requires and kdepimlibs4_dep: - printError(pkg,"suse-kde4-missing-dependency", "%kde4_pimlibs_requires") - - if "libkdepim4" in pkg_requires and not libkdepim4_dep: - printError(pkg,"suse-kde4-excessive-dependency", "libkdepim4") - if not "libkdepim4" in pkg_requires and libkdepim4_dep: - printError(pkg,"suse-kde4-missing-dependency", "libkdepim4") - - if "akonadi-runtime" in pkg_requires and not libakonadi4_dep: - printError(pkg,"suse-kde4-excessive-dependency", "%kde4_akonadi_requires") - if not "akonadi-runtime" in pkg_requires and libakonadi4_dep: - printError(pkg,"suse-kde4-missing-dependency", "%kde4_akonadi_requires") - - -check=KDE4Check() - -if Config.info: - addDetails('suse-kde4-missing-runtime-dependency', -"""Please add %kde4_runtime_requires to the (sub-)package to have the right versioned -dependency on the KDE version it was built against.""", -'suse-kde4-missing-dependency', -"""The package builds against a KDE4 related library, but it is missing the runtime -depencency macro. please add the suggested macro to the (sub-)package listing in -the spec file.""" -) diff --git a/CheckLogrotate.py b/CheckLogrotate.py deleted file mode 100644 index d7577cf..0000000 --- a/CheckLogrotate.py +++ /dev/null @@ -1,97 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckLogrotate.py -# Package : rpmlint -# Author : Ludwig Nussel -# Purpose : Check for insecure logrotate directories -############################################################################# - -from Filter import * -import AbstractCheck -import re -import os -import string - -class LogrotateCheck(AbstractCheck.AbstractCheck): - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckLogrotate") - - def check(self, pkg): - if pkg.isSource(): - return - - files = pkg.files() - dirs = {} - - for f, pkgfile in files.items(): - if f in pkg.ghostFiles(): - continue - - if f.startswith("/etc/logrotate.d/"): - try: - for n, o in self.parselogrotateconf(pkg.dirName(), f).items(): - if n in dirs and dirs[n] != o: - printError(pkg, "logrotate-duplicate", n) - else: - dirs[n] = o - except Exception, x: - printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':f, 'x':x}) - - for d in sorted(dirs.keys()): - if not d in files: - if d != '/var/log': - printError(pkg, 'suse-logrotate-log-dir-not-packaged', d) - continue - mode = files[d].mode&0777 - if files[d].user != 'root' and (dirs[d] is None or dirs[d][0] != files[d].user): - printError(pkg, 'suse-logrotate-user-writable-log-dir', \ - "%s %s:%s %04o"%(d, files[d].user, files[d].group, mode)) - elif files[d].group != 'root' and mode&020 and (dirs[d] is None or dirs[d][1] != files[d].group): - printError(pkg, 'suse-logrotate-user-writable-log-dir', \ - "%s %s:%s %04o"%(d, files[d].user, files[d].group, mode)) - - # extremely primitive logrotate parser - def parselogrotateconf(self, root, f): - dirs = {} - fd = open('/'.join((root, f))) - currentdirs = [] - for line in fd.readlines(): - line = line.strip() - if line.startswith('#'): - continue - if not currentdirs: - if line.endswith('{'): - insection = True - for logfile in line.split(' '): - logfile = logfile.strip() - if len(logfile) == 0 or logfile == '{': - continue - dn = os.path.dirname(logfile) - if not dn in dirs: - currentdirs.append(dn) - dirs[dn] = None - else: - if line.endswith('}'): - currentdirs = [] - elif line.startswith("su "): - a = line.split(" ") - for dn in currentdirs: - dirs[dn] = (a[1], a[2]) - return dirs - - -check=LogrotateCheck() - -if Config.info: - addDetails( -'suse-logrotate-duplicate', -"""There are dupliated logrotate entries with different settings for -the specified file""", -'suse-logrotate-user-writable-log-dir', -"""The log directory is writable by unprivileged users. Please fix -the permissions so only root can write there or add the 'su' option -to your logrotate config""", -'suse-logrotate-log-dir-not-packaged', -"""Please add the specified directory to the file list to be able to -check permissions""" -) diff --git a/CheckPAMModules.py b/CheckPAMModules.py deleted file mode 100644 index 5e8a953..0000000 --- a/CheckPAMModules.py +++ /dev/null @@ -1,49 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckPAMModules.py -# Package : rpmlint -# Author : Ludwig Nussel -# Purpose : Check for pam modules that are not authorized by the security team -############################################################################# - -from Filter import * -import AbstractCheck -import re -import os -import string - -PAM_WHITELIST = Config.getOption('PAMModules.WhiteList', ()) # set of file names - -pam_module_re = re.compile('^(?:/usr)?/lib(?:64)?/security/([^/]+\.so)$') - -class PAMModulesCheck(AbstractCheck.AbstractCheck): - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckPAMModules") - - def check(self, pkg): - global PAM_WHITELIST - - if pkg.isSource(): - return - - files = pkg.files() - - for f in files: - if f in pkg.ghostFiles(): - continue - - m = pam_module_re.match(f) - if m: - bn = m.groups()[0] - if not bn in PAM_WHITELIST: - printError(pkg, "suse-pam-unauthorized-module", bn) - -check=PAMModulesCheck() - -if Config.info: - addDetails( -'suse-pam-unauthorized-module', -"""The package installs a PAM module. If the package -is intended for inclusion in any SUSE product please open a bug -report to request review of the service by the security team.""", -) diff --git a/CheckPkgConfig.py b/CheckPkgConfig.py deleted file mode 100644 index f953aac..0000000 --- a/CheckPkgConfig.py +++ /dev/null @@ -1,63 +0,0 @@ -# vim:sw=4:et -#--------------------------------------------------------------- -# Module : rpmlint -# File : CheckPkgConfig -# Author : Stephan Kulow, Dirk Mueller -# Purpose : Check for errors in Pkgconfig files -#--------------------------------------------------------------- - -from Filter import * -import AbstractCheck -import rpm -import re -import commands -import Config -import os -import stat - -class PkgConfigCheck(AbstractCheck.AbstractFilesCheck): - def __init__(self): - AbstractCheck.AbstractFilesCheck.__init__(self, "CheckPkgConfig", ".*/pkgconfig/.*\.pc$") - # currently causes too many failures (2008-03-05) - #self.suspicious_dir=re.compile('(?:/usr/src/\w+/BUILD|/var/tmp|/tmp|/home|\@\w{1,50}\@)') - self.suspicious_dir=re.compile('(?:/usr/src/\w+/BUILD|/var/tmp|/tmp|/home)') - - def check(self, pkg): - # check for references to /lib when in lib64 mode - if pkg.arch in ('x86_64', 'ppc64', 's390x'): - self.wronglib_dir=re.compile('-L/usr/lib\\b') - else: - self.wronglib_dir=re.compile('-L/usr/lib64\\b') - - AbstractCheck.AbstractFilesCheck.check(self, pkg) - - - def check_file(self, pkg, filename): - if pkg.isSource() or not stat.S_ISREG(pkg.files()[filename].mode): - return - - if pkg.grep(self.suspicious_dir, filename): - printError(pkg, "invalid-pkgconfig-file", filename) - - pc_file=file(pkg.dirName() + "/" + filename, "r") - for l in pc_file: - if l.startswith('Libs:') and self.wronglib_dir.search(l): - printError(pkg, 'pkgconfig-invalid-libs-dir', filename, l) - -check=PkgConfigCheck() - -if Config.info: - addDetails( -'invalid-pkgconfig-file', -'''Your .pc file appears to be invalid. Possible causes are: -- it contains traces of $RPM_BUILD_ROOT or $RPM_BUILD_DIR. -- it contains unreplaced macros (@have_foo@) -- it references invalid paths (e.g. /home or /tmp) - -Please double-check and report false positives. -''', -'pkgconfig-invalid-libs-dir', -''' Your .pc file contains -L/usr/lib or -L/lib and is built for a lib64 target, -or contains references to -L/usr/lib64 or -L/lib64 and is built for a lib target. -Please remove the wrong library paths from the pc file.''' -) diff --git a/CheckPolkitPrivs.py b/CheckPolkitPrivs.py deleted file mode 100644 index da0c1bc..0000000 --- a/CheckPolkitPrivs.py +++ /dev/null @@ -1,153 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckPolkitPrivs.py -# Package : rpmlint -# Author : Ludwig Nussel -# Purpose : Check for /etc/polkit-default-privs violations -############################################################################# - -from Filter import * -import AbstractCheck -import Config -import re -import os -from xml.dom.minidom import parse - -POLKIT_PRIVS_WHITELIST = Config.getOption('PolkitPrivsWhiteList', ()) # set of file names -POLKIT_PRIVS_FILES = Config.getOption('PolkitPrivsFiles', [ "/etc/polkit-default-privs.standard" ]) - -class PolkitCheck(AbstractCheck.AbstractCheck): - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckPolkitPrivs") - self.privs = {} - - for filename in POLKIT_PRIVS_FILES: - if os.path.exists(filename): - self._parsefile(filename) - - def _parsefile(self,filename): - for line in file(filename): - line = line.split('#')[0].split('\n')[0] - if len(line): - line = re.split(r'\s+', line) - priv = line[0] - value = line[1] - - self.privs[priv] = value - - def check(self, pkg): - - if pkg.isSource(): - return - - files = pkg.files() - - permfiles = {} - # first pass, find additional files - for f in files: - if f in pkg.ghostFiles(): - continue - - if f.startswith("/etc/polkit-default-privs.d/"): - - bn = f[28:] - if not bn in POLKIT_PRIVS_WHITELIST: - printError(pkg, "polkit-unauthorized-file", f) - - if bn.endswith(".restrictive") or bn.endswith(".standard") or bn.endswith(".relaxed"): - bn = bn.split('.')[0] - - if not bn in permfiles: - permfiles[bn] = 1 - - for f in permfiles: - f = pkg.dirName() + "/etc/polkit-default-privs.d/" + f - - if os.path.exists(f+".restrictive"): - self._parsefile(f + ".restrictive") - elif os.path.exists(f+".standard"): - self._parsefile(f + ".standard") - elif os.path.exists(f+".relaxed"): - self._parsefile(f + ".relaxed") - else: - self._parsefile(f) - - - for f in files: - if f in pkg.ghostFiles(): - continue - - # catch xml exceptions - try: - if f.startswith("/usr/share/PolicyKit/policy/")\ - or f.startswith("/usr/share/polkit-1/actions/"): - xml = parse(pkg.dirName() + f) - for a in xml.getElementsByTagName("action"): - action = a.getAttribute('id') - if not action in self.privs: - iserr = 0 - foundno = 0 - foundundef = 0 - settings = {} - try: - defaults = a.getElementsByTagName("defaults")[0] - for i in defaults.childNodes: - if not i.nodeType == i.ELEMENT_NODE: - continue - - if i.nodeName in ('allow_any', 'allow_inactive', 'allow_active'): - settings[i.nodeName] = i.firstChild.data - - except: - iserr = 1 - - for i in ('allow_any', 'allow_inactive', 'allow_active'): - if not i in settings: - foundundef = 1 - settings[i] = '??' - elif settings[i].find("auth_admin") != 0: - if settings[i] == 'no': - foundno = 1 - else: - iserr = 1 - - if iserr: - printError(pkg, 'polkit-unauthorized-privilege', '%s (%s:%s:%s)' % (action, \ - settings['allow_any'], settings['allow_inactive'], settings['allow_active'])) - else: - printInfo(pkg, 'polkit-untracked-privilege', '%s (%s:%s:%s)' % (action, \ - settings['allow_any'], settings['allow_inactive'], settings['allow_active'])) - - if foundno or foundundef: - printInfo(pkg, - 'polkit-cant-acquire-privilege', '%s (%s:%s:%s)' % (action, \ - settings['allow_any'], settings['allow_inactive'], settings['allow_active'])) - - except Exception, x: - printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':f, 'x':x}) - continue - -check=PolkitCheck() - -if Config.info: - addDetails( -'polkit-unauthorized-file', -"""If the package is intended for inclusion in any SUSE product -please open a bug report to request review of the package by the -security team""", -'polkit-unauthorized-privilege', -"""The package allows unprivileged users to carry out privileged -operations without authentication. This could cause security -problems if not done carefully. If the package is intended for -inclusion in any SUSE product please open a bug report to request -review of the package by the security team""", -'polkit-untracked-privilege', -"""The privilege is not listed in /etc/polkit-default-privs.* -which makes it harder for admins to find. If the package is intended -for inclusion in any SUSE product please open a bug report to -request review of the package by the security team""", -'polkit-cant-acquire-privilege', -"""Usability can be improved by allowing users to acquire privileges -via authentication. Use e.g. 'auth_admin' instead of 'no' and make -sure to define 'allow_any'. This is an issue only if the privilege -is not listed in /etc/polkit-default-privs.*""") diff --git a/CheckSUIDPermissions.py b/CheckSUIDPermissions.py deleted file mode 100644 index 1e2666e..0000000 --- a/CheckSUIDPermissions.py +++ /dev/null @@ -1,271 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : CheckSUIDPermissions.py -# Package : rpmlint -# Author : Ludwig Nussel -# Purpose : Check for /etc/permissions violations -############################################################################# - -from Filter import * -import AbstractCheck -import re -import os -import string -import rpm - -_permissions_d_whitelist = ( -"lprng", -"lprng.paranoid", -"mail-server", -"mail-server.paranoid", -"postfix", -"postfix.paranoid", -"sendmail", -"sendmail.paranoid", -"squid", -"texlive", -"texlive.texlive", -) - -class SUIDCheck(AbstractCheck.AbstractCheck): - def __init__(self): - AbstractCheck.AbstractCheck.__init__(self, "CheckSUIDPermissions") - self.perms = {} - files = [ "/etc/permissions", "/etc/permissions.secure" ] - - for file in files: - if os.path.exists(file): - self._parsefile(file) - - def _parsefile(self,file): - lnr = 0 - lastfn = None - for line in open(file): - lnr+=1 - line = line.split('#')[0].split('\n')[0] - line = line.lstrip() - if not len(line): - continue - - if line.startswith("+capabilities "): - line = line[len("+capabilities "):] - if lastfn: - self.perms[lastfn]['fscaps'] = line - continue - - line = re.split(r'\s+', line) - if len(line) == 3: - fn = line[0] - owner = line[1].replace('.', ':') - mode = line[2] - - self.perms[fn] = { "owner" : owner, "mode" : int(mode,8)&07777} - # for permissions that don't change and therefore - # don't need special handling - if file == '/etc/permissions': - self.perms[fn]['static'] = True - else: - print >>sys.stderr, "invalid line %d " % lnr - - def check(self, pkg): - global _permissions_d_whitelist - - if pkg.isSource(): - return - - files = pkg.files() - - permfiles = {} - # first pass, find and parse permissions.d files - for f in files.keys(): - if f in pkg.ghostFiles(): - continue - - if f.startswith("/etc/permissions.d/"): - - bn = f[19:] - if not bn in _permissions_d_whitelist: - printError(pkg, "permissions-unauthorized-file", f) - - bn = bn.split('.')[0] - if not bn in permfiles: - permfiles[bn] = 1 - - for f in permfiles: - f = pkg.dirName() + "/etc/permissions.d/" + f - if os.path.exists(f+".secure"): - self._parsefile(f + ".secure") - else: - self._parsefile(f) - - need_set_permissions = False - found_suseconfig = False - # second pass, find permissions violations - for f, pkgfile in files.items(): - - if pkgfile.filecaps: - printError(pkg, 'permissions-fscaps', '%(file)s has fscaps "%(caps)s"' % \ - { 'file':f, 'caps':pkgfile.filecaps}) - - mode = pkgfile.mode - owner = pkgfile.user+':'+pkgfile.group - -# S_IFSOCK 014 socket -# S_IFLNK 012 symbolic link -# S_IFREG 010 regular file -# S_IFBLK 006 block device -# S_IFDIR 004 directory -# S_IFCHR 002 character device -# S_IFIFO 001 FIFO - type = (mode>>12)&017; - mode &= 07777 - need_verifyscript = False - if f in self.perms or (type == 04 and f+"/" in self.perms): - if type == 012: - printWarning(pkg, "permissions-symlink", f) - continue - - need_verifyscript = True - - m = 0 - o = "invalid" - if type == 04: - if f in self.perms: - printWarning(pkg, 'permissions-dir-without-slash', f) - else: - f += '/' - - if type == 010 and mode&0111: - # pie binaries have 'shared object' here - if 'ELF' in pkgfile.magic and not 'shared object' in pkgfile.magic: - printError(pkg, 'non-position-independent-executable', f) - - m = self.perms[f]['mode'] - o = self.perms[f]['owner'] - - if mode != m: - printError(pkg, 'permissions-incorrect', '%(file)s has mode 0%(mode)o but should be 0%(m)o' % \ - { 'file':f, 'mode':mode, 'm':m }) - - if owner != o: - printError(pkg, 'permissions-incorrect-owner', '%(file)s belongs to %(owner)s but should be %(o)s' % \ - { 'file':f, 'owner':owner, 'o':o }) - - elif type != 012: - - if f+'/' in self.perms: - printWarning(pkg, 'permissions-file-as-dir', f+' is a file but listed as directory') - - if mode&06000: - need_verifyscript = True - msg = '%(file)s is packaged with setuid/setgid bits (0%(mode)o)' % { 'file':f, 'mode':mode } - if type != 04: - printError(pkg, 'permissions-file-setuid-bit', msg) - else: - printWarning(pkg, 'permissions-directory-setuid-bit', msg) - - if type == 010: - if not 'shared object' in pkgfile.magic: - printError(pkg, 'non-position-independent-executable', f) - - if mode&02: - need_verifyscript = True - printError(pkg, 'permissions-world-writable', \ - '%(file)s is packaged with world writable permissions (0%(mode)o)' % \ - { 'file':f, 'mode':mode }) - - script = pkg[rpm.RPMTAG_POSTIN] or pkg.scriptprog(pkg[rpm.RPMTAG_POSTINPROG]) - found = False - if script: - for line in script.split("\n"): - if "chkstat -n" in line and f in line: - found = True - break - - if "SuSEconfig --module permissions" in line: - found = True - found_suseconfig = True - break - - if need_verifyscript and \ - (not f in self.perms or not 'static' in self.perms[f]): - - if not script or not found: - printError(pkg, 'permissions-missing-postin', \ - "missing %%set_permissions %s in %%post" % f) - - need_set_permissions = True - script = pkg[rpm.RPMTAG_VERIFYSCRIPT] or pkg[rpm.RPMTAG_VERIFYSCRIPTPROG] - - found = False - if script: - for line in script.split("\n"): - if "/chkstat" in line and f in line: - found = True - break - - if not script or not found: - printWarning(pkg, 'permissions-missing-verifyscript', \ - "missing %%verify_permissions -e %s" % f) - - - if need_set_permissions: - if not 'permissions' in map(lambda x: x[0], pkg.prereq()): - printError(pkg, 'permissions-missing-requires', \ - "missing 'permissions' in PreReq") - - if found_suseconfig: - printInfo(pkg, 'permissions-suseconfig-obsolete', \ - "%run_permissions is obsolete") - -check=SUIDCheck() - -if Config.info: - addDetails( -'permissions-unauthorized-file', -"""If the package is intended for inclusion in any SUSE product -please open a bug report to request review of the package by the -security team""", -'permissions-symlink', -"""permissions handling for symlinks is useless. Please contact -security@suse.de to remove the entry.""", -'permissions-dir-without-slash', -"""the entry in the permissions file refers to a directory. Please -contact security@suse.de to append a slash to the entry in order to -avoid security problems.""", -'permissions-file-as-dir', -"""the entry in the permissions file refers to a directory but the -package actually contains a file. Please contact security@suse.de to -remove the slash.""", -'permissions-incorrect', -"""please use the %attr macro to set the correct permissions.""", -'permissions-incorrect-owner', -"""please use the %attr macro to set the correct ownership.""", -'permissions-file-setuid-bit', -"""If the package is intended for inclusion in any SUSE product -please open a bug report to request review of the program by the -security team""", -'permissions-directory-setuid-bit', -"""If the package is intended for inclusion in any SUSE product -please open a bug report to request review of the package by the -security team""", -'permissions-world-writable', -"""If the package is intended for inclusion in any SUSE product -please open a bug report to request review of the package by the -security team""", -'permissions-fscaps', -"""Packaging file capabilities is currently not supported. Please -use normal permissions instead. You may contact the security team to -request an entry that sets capabilities in /etc/permissions -instead.""", -'permissions-missing-postin', -"""Please add an appropriate %post section""", -'permissions-missing-requires', -"""Please add \"PreReq: permissions\"""", -'permissions-missing-verifyscript', -"""Please add a %verifyscript section""", -'permissions-suseconfig-obsolete', -"""The %run_permissions macro calls SuSEconfig which sets permissions for all -files in the system. Please use %set_permissions instead -to only set permissions for files contained in this package""", -) diff --git a/DuplicatesCheck.py b/DuplicatesCheck.py deleted file mode 100644 index 67a2c5c..0000000 --- a/DuplicatesCheck.py +++ /dev/null @@ -1,100 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : DuplicatesCheck.py -# Package : rpmlint -# Author : Stephan Kulow -# Purpose : Check for duplicate files being packaged separately -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import commands -import stat -import Config -import os -import string - -def get_prefix(file): - pathlist = string.split(file, '/') - if len(pathlist) == 3: - return "/".join(pathlist[0:2]) - - return "/".join(pathlist[0:3]) - -class DuplicatesCheck(AbstractCheck.AbstractCheck): - def __init__(self): - self.map = [] - AbstractCheck.AbstractCheck.__init__(self, "DuplicatesCheck") - - def check(self, pkg): - - if pkg.isSource(): - return - - md5s = {} - sizes = {} - files = pkg.files() - configFiles = pkg.configFiles() - - for f, pkgfile in files.items(): - if f in pkg.ghostFiles(): - continue - - if not stat.S_ISREG(pkgfile.mode): - continue - - md5s.setdefault(pkgfile.md5, set()).add(f) - sizes[pkgfile.md5] = pkgfile.size - - sum=0 - for f in md5s: - duplicates=md5s[f] - if len(duplicates) == 1: continue - - one=duplicates.pop() - one_is_config = False - if one in configFiles: - one_is_config = True - - partition=get_prefix(one) - - st = os.stat(pkg.dirName() + '/' + one) - diff = 1 + len(duplicates) - st[stat.ST_NLINK] - if diff <= 0: - for dupe in duplicates: - if partition != get_prefix(dupe): - printError(pkg,"hardlink-across-partition",one,dupe) - if one_is_config and dupe in configFiles: - printError(pkg,"hardlink-across-config-files",one,dupe) - continue - - for dupe in duplicates: - if partition != get_prefix(dupe): - diff = diff - 1 - sum += sizes[f] * diff - if sizes[f] and diff > 0: - printWarning(pkg, 'files-duplicate', one,":".join(duplicates)) - - if sum > 100000: - printError(pkg, 'files-duplicated-waste', sum) - -check=DuplicatesCheck() - -if Config.info: - addDetails( -'files-duplicated-waste', -"""Your package contains duplicated files that are not hard- or symlinks. -You should use the %fdupes macro to link the files to one.""", -'hardlink-across-partition', -"""Your package contains two files that are apparently hardlinked and -that are likely on different partitions. Installation of such an RPM will fail -due to RPM being unable to unpack the hardlink. do not hardlink across -the first two levels of a path, e.g. between /srv/ftp and /srv/www or -/etc and /usr. """, -'hardlink-across-config-files', -"""Your package contains two config files that are apparently hardlinked. -Hardlinking a config file is probably not what you want. Please double -check and report false positives.""" -) diff --git a/KMPPolicyCheck.py b/KMPPolicyCheck.py deleted file mode 100644 index 8217cf5..0000000 --- a/KMPPolicyCheck.py +++ /dev/null @@ -1,90 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : KMPPolicyCheck.py -# Package : rpmlint -# Author : Dirk Mueller -# Purpose : Verify that kmp's have proper dependencies -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import commands -import stat -import Config -import os -import string -import Pkg - -class KMPPolicyCheck(AbstractCheck.AbstractCheck): - def __init__(self): - self.map = [] - AbstractCheck.AbstractCheck.__init__(self, "KMPPolicyCheck") - - def check(self, pkg): - if pkg.isSource() or pkg.name.find('-kmp-') < 0: - return - - pkg_requires = set(map(lambda x: string.split(x[0],'(')[0], pkg.requires())) - pkg_conflicts = set(map(lambda x: string.split(x[0],'(')[0], pkg.conflicts())) - - kernel_flavour="kernel-" + pkg.name.partition('-kmp-')[2] - - # verify that Requires: kernel_flavour is present - have_requires=False - for r in pkg_requires: - if r == kernel_flavour: - have_requires = True - break - - if not have_requires: - printError(pkg, 'suse-policy-kmp-missing-requires', kernel_flavour) - - # verify that exactly one enhances on the kernel flavor is present - if len(pkg.enhances()) > 1: - printError(pkg, 'suse-policy-kmp-excessive-enhances', str(pkg.enhances())) - elif len(pkg.enhances()) < 1: - printError(pkg, 'suse-policy-kmp-missing-enhances', kernel_flavour) - - # check that only modalias supplements are present - have_only_modalias=True - have_modalias=False - have_proper_suppl=False - for s in pkg.supplements(): - if s[0].startswith('modalias('): - have_modalias = True - continue - if s[0].startswith('packageand(%s:' % (kernel_flavour)): - have_proper_suppl = True - continue - - printWarning(pkg, 'suse-policy-kmp-excessive-supplements', s[0]) - have_only_modalias = False - - if not have_modalias and not have_proper_suppl: - printError(pkg, 'suse-policy-kmp-missing-supplements') - -check=KMPPolicyCheck() - -if Config.info: - addDetails( -'suse-policy-kmp-missing-requires', -"""Make sure you have extended '%suse_kernel_module_package' by - '-p %_sourcedir/preamble', a file named 'preamble' as source and there - specified 'Requires: kernel-%1'. - """, -'suse-policy-kmp-excessive-enhances', -""" """, -'suse-policy-kmp-missing-enhances', -"""Make sure you have extended '%suse_kernel_module_package' by - '-p %_sourcedir/preamble', a file named 'preamble' as source and there - specified 'Enhances: kernel-%1'. - """, -'suse-policy-kmp-excessive-supplements', -""" """, -'suse-policy-kmp-missing-supplements', -"""Make sure your 'BuildRequires:' include 'kernel-syms' and 'module-init-tools' -for proper dependencies to be built. -""", -) diff --git a/LibraryPolicyCheck.py b/LibraryPolicyCheck.py deleted file mode 100644 index f4d6fc8..0000000 --- a/LibraryPolicyCheck.py +++ /dev/null @@ -1,503 +0,0 @@ -# vim:sw=4:et -############################################################################# -# File : LibraryPolicyCheck.py -# Package : rpmlint -# Author : Richard Guenther -# Purpose : Verify shared library packaging policy rules -############################################################################# - -from Filter import * -import AbstractCheck -import rpm -import re -import commands -import stat -import Config -import os -import string -import Pkg - -_policy_every_version_exceptions = ( - "libstdc++5", - "libstdc++6", - "libgcc_s4", - "libgcc_s1", - "libffi4", - "libgfortran1", - "libgfortran3", -) - -_policy_legacy_exceptions = { - "libEMF1" : ('1.0',), - "libGLw1" : ('7.10.2',), - "libICE6" : ('7.6',), - "libQt3Support4" : ('4.7.1', '4.7.4', '4.5.2+4.5.20101130', - '4.6.3+4.6.20110927', '4.7.4+4.7.20110929', - '4.7.80+4.8.20110818'), - "libQtSql4" : ('4.7.1', '4.7.4', '4.5.2+4.5.20101130', - '4.6.3+4.6.20110927', '4.7.4+4.7.20110929', - '4.7.80+4.8.20110818'), - "libSM6" : ('7.6',), - "libXau6" : ('7.6',), - "libXdmcp6" : ('7.6',), - "libXext6" : ('7.6',), - "libXfixes3" : ('7.6',), - "libXiterm1" : ('0.5.20040304',), - "libXp6" : ('7.6',), - "libXprintUtil1" : ('7.6',), - "libXrender1" : ('7.6',), - "libXt6" : ('7.6',), - "libXv1" : ('7.6',), - "libacl1" : ('2.2.51',), - "libaio1" : ('0.3.109',), - "libalut0" : ('1.1.0',), - "libapr-1-0" : ('1.4.5',), - "libaprutil-1-0" : ('1.3.12',), - "libartskde1" : ('3.5.10',), - "libattr1" : ('2.4.46',), - "libcdaudio1" : ('0.99.12',), - "libcdk4" : ('4.9.13',), - "libcheck0" : ('0.9.8',), - "libchewing3" : ('0.3.3',), - "libchm0" : ('0.40',), - "libclucene0" : ('0.9.21',), - "libdar4" : ('2.3.6',), - "libdbh-4_5-4" : ('4.5.0',), - "libdbus-qt-1-1" : ('4.7.1', '4.7.4', '4.5.2+4.5.20101130', - '4.6.3+4.6.20110927', '4.7.4+4.7.20110929', - '4.7.80+4.8.20110818'), - "libdm0" : ('2.2.10',), - "libdns_sd1" : ('0.6.25',), - "libefence0" : ('2.2.2',), - "libevolutionglue" : ('0.21.1',), - "libf2c0" : ('0.11',), - "libffi4" : ('4.4.2_20100116', '4.5.3_20110428', '4.6.1_20110926'), - "libflaim5_2" : ('4.9.1046',), - "libfontenc1" : ('7.6',), - "libfreeradius-client2" : ('1.1.6',), - "libgcc_s1" : ('4.4.2_20100116', '4.5.3_20110428', '4.6.1_20110926'), - # libgcc_s4 only for hppa - "libgcc_s4" : ('4.4.2_20100116', '4.5.3_20110428', '4.6.1_20110926'), - "libgconfmm-2_6-1" : ('2.28.2',), - "libgfortran3" : ('4.4.2_20100116', '4.5.3_20110428','4.6.1_20110926'), - "libgif4" : ('4.1.6',), - "libgimpprint1" : ('4.2.7',), - "libgladesharpglue-2" : ('2.12.10',), - "libglibsharpglue-2" : ('2.12.10',), - "libgltt0" : ('2.5.2',), - "libglut3" : ('100529',), - "libgmcop1" : ('1.5.10',), - "libgnomesharpglue-2" : ('2.24.2',), - "libgnet-2_0-0" : ('2.0.8',), - "libgnomecanvasmm-2_6-1" : ('2.26.0',), - "libgnomecups-1_0-1" : ('0.2.3',), - "libgnomemm-2_6-1" : ('2.30.0',), - "libgnomeprintui-2-2-0" : ('2.18.4',), - "libgnomeuimm-2_6-1" : ('2.26.0',), - "libgomp1" : ('4.4.2_20100116', '4.5.3_20110428', '4.6.1_20110926'), - "libgsfglue" : ('0.8.1',), - "libgsf-gnome-1-114" : ('1.14.21',), - "libgtksourceview-1_0-0" : ('3.2.0',), - "libgtkspell0" : ('2.0.16',), - "libhangul0" : ('0.0.12',), - "libid3-3_8-3" : ('3.8.3',), - "libid3tag0" : ('0.15.1b',), - "libidn11" : ('1.22',), - "libiec61883-0" : ('1.1.0',), - "libieee1284-3" : ('0.2.11',), - "libilbc0" : ('3951-107.1',), - "libind_helper0" : ('0.4.2',), - "libiterm1" : ('0.5.20040304',), - "libjackasyn0" : ('0.12',), - "libkakasi2" : ('2.3.4',), - "libkeyutils1" : ('1.5.3',), - "libksba8" : ('1.2.0',), - "liblo0" : ('0.25',), - "libmal0" : ('0.31',), - "libmcrypt4" : ('2.5.8',), - "libmdbodbc0" : ('0.6pre1',), - "libmeanwhile1" : ('1.0.2',), - "libmhash2" : ('0.9.9.9',), - "libmikmod2" : ('3.1.12',), - "libmng1" : ('1.0.10',), - "libnet6-1_3-0" : ('1.1.5',), - "libnl1" : ('1.1',), - "libnscd1" : ('2.0.2',), - "libobjc3" : ('4.4.2_20100116', '4.5.3_20110428', '4.6.1_20110926'), - "libodbcinstQ1" : ('10.2.0.4',), - "liboil-0_3-0" : ('0.3.17',), - "liboop4" : ('1.0',), - "libopenal0" : ('1.13',), - "libpgeasy3" : ('3.0.4',), - "libportaudio2" : ('19',), - "libqnotify0" : ('0.6',), - "libqtc1" : ('0.7a',), - "libqtsharp0" : ('0.7.1',), - "libquadmath0" : ('4.4.2_20100116', '4.5.3_20110428','4.6.1_20110926'), - "librdf0" : ('0.4.0',), - "librsync1" : ('0.9.7',), - "libsamplerate0" : ('0.1.7',), - "libsecprog0" : ('0.8',), - "libsexy2" : ('0.1.11',), - "libsigc-1_2-5" : ('2.2.10',), - "libsndfile1" : ('1.0.20', '1.0.25'), - "libstdc++6" : ('4.4.2_20100116', '4.5.3_20110428', '4.6.1_20110926'), - "libstroke0" : ('0.5.1',), - "libthai0" : ('0.1.15',), - "libutempter0" : ('0.5.5',), - "libvisual-0_4-0" : ('0.4.0',), - "libxclass0_9_2" : ('0.9.2',), - "libxfcegui4-4" : ('4.8.1',), - "libxfce4util4" : ('4.8.1',), - "libxflaim3_2" : ('5.1.1046',), - "libxkbfile1" : ('7.6',), - "libxml2-2" : ('2.7.8+git20110708',), - "libz1" : ('1.2.3','1.2.5','1.2.5_git201105272030'), - "libzio0" : ('0.99',) -} - -_essential_dependencies = ( - "ld-linux.so.2", - "libacl.so.1", - "libanl.so.1", - "libanonymous.so.2", - "libattr.so.1", - "libaudit.so.0", - "libauparse.so.0", - "libBrokenLocale.so.1", - "libbz2.so.1", - "libcidn.so.1", - "libck-connector.so.0", - "libcom_err.so.2", - "libcrack.so.2", - "libcrypto.so.0.9.8", - "libcrypt.so.1", - "libc.so.6", - "libdbus-1.so.3", - "libdbus-glib-1.so.2", - "libdes425.so.3", - "libdl.so.2", - "libexpat.so.1", - "libform.so.5", - "libformw.so.5", - "libgcc_s.so.1", - "libgcrypt.so.11", - "libgdbm_compat.so.3", - "libgdbm.so.3", - "libgfortran3", - "libgio-2.0.so.0", - "libglib-2.0.so.0", - "libgmodule-2.0.so.0", - "libgobject-2.0.so.0", - "libgpg-error.so.0", - "libgssapi_krb5.so.2", - "libgssrpc.so.4", - "libgthread-2.0.so.0", - "libhal.so.1", - "libhal-storage.so.1", - "libhd.so.14", - "libhistory.so.5", - "libk5crypto.so.3", - "libkadm5clnt.so.5", - "libkadm5srv.so.5", - "libkdb5.so.4", - "libkeyutils.so.1", - "libkrb4.so.2", - "libkrb5.so.3", - "libkrb5support.so.0", - "libksba.so.8", - "liblber-2.4.so.2", - "libldap-2.4.so.2", - "libldap_r-2.4.so.2", - "liblogin.so.2", - "liblog_syslog.so.1", - "libltdl.so.3", - "libmagic.so.1", - "libmenu.so.5", - "libmenuw.so.5", - "libm.so.6", - "libncurses.so.5", - "libncursesw.so.5", - "libnscd.so.1", - "libnsl.so.1", - "libnss_compat.so.2", - "libnss_dns.so.2", - "libnss_files.so.2", - "libnss_hesiod.so.2", - "libnss_nisplus.so.2", - "libnss_nis.so.2", - "libopenct.so.1", - "libopensc.so.2", - "libpamc.so.0", - "libpam_misc.so.0", - "libpam.so.0", - "libpanel.so.5", - "libpanelw.so.5", - "libparted-1.8.so.8", - "libpcrecpp.so.0", - "libpcreposix.so.0", - "libpcre.so.0", - "libpcsclite.so.1", - "libpkcs15init.so.2", - "libpolkit-dbus.so.2", - "libpolkit-grant.so.2", - "libpolkit.so.2", - "libpopt.so.0", - "libpthread.so.0", - "libpth.so.20", - "libreadline.so.5", - "libresmgr.so.0.9.8", - "libresmgr.so.1", - "libresolv.so.2", - "librt.so.1", - "libsasl2.so.2", - "libsasldb.so.2", - "libscconf.so.2", - "libslp.so.1", - "libsmbios.so.1", - "libssl.so.0.9.8", - "libss.so.2", - "libstdc++.so.6", - "libthread_db.so.1", - "libtic.so.5", - "libusb-0.1.so.4", - "libusbpp-0.1.so.4", - "libutil.so.1", - "libuuid.so.1", - "libvolume_id.so.0", - "libwrap.so.0", - "libX11.so.6", - "libX11-xcb.so.1", - "libXau.so.6", - "libxcb-composite.so.0", - "libxcb-damage.so.0", - "libxcb-dpms.so.0", - "libxcb-glx.so.0", - "libxcb-randr.so.0", - "libxcb-record.so.0", - "libxcb-render.so.0", - "libxcb-res.so.0", - "libxcb-screensaver.so.0", - "libxcb-shape.so.0", - "libxcb-shm.so.0", - "libxcb.so.1", - "libxcb-sync.so.0", - "libxcb-xevie.so.0", - "libxcb-xf86dri.so.0", - "libxcb-xfixes.so.0", - "libxcb-xinerama.so.0", - "libxcb-xlib.so.0", - "libxcb-xprint.so.0", - "libxcb-xtest.so.0", - "libxcb-xvmc.so.0", - "libxcb-xv.so.0", - "libxcrypt.so.1", - "libzio.so.0", - "libz.so.1", -) - -from BinariesCheck import BinaryInfo - -def libname_from_soname (soname): - libname = string.split(soname, '.so.') - if len(libname) == 2: - if libname[0][-1:].isdigit(): - libname = string.join(libname, '-') - else: - libname = string.join(libname, '') - else: - libname = soname[:-3] - libname = libname.replace('.', '_') - return libname - -class LibraryPolicyCheck(AbstractCheck.AbstractCheck): - def __init__(self): - self.map = [] - AbstractCheck.AbstractCheck.__init__(self, "LibraryPolicyCheck") - - def check(self, pkg): - global _policy_legacy_exceptions - global _policy_every_version_exceptions - - if pkg.isSource(): - return - - # Only check unsuffixed lib* packages - if pkg.name.endswith('-devel') or pkg.name.endswith('-doc'): - return - - files = pkg.files() - - # Search for shared libraries in this package - libs = set() - libs_needed = set() - libs_to_dir = dict() - dirs = set() - reqlibs = set() - pkg_requires = set(map(lambda x: string.split(x[0],'(')[0], pkg.requires())) - - for f, pkgfile in files.items(): - if f.find('.so.') != -1 or f.endswith('.so'): - filename = pkg.dirName() + '/' + f - try: - if stat.S_ISREG(files[f].mode) and 'ELF' in pkgfile.magic: - bi = BinaryInfo(pkg, filename, f, False, True) - libs_needed = libs_needed.union(bi.needed) - if bi.soname != 0: - lib_dir = string.join(f.split('/')[:-1], '/') - libs.add(bi.soname) - libs_to_dir[bi.soname] = lib_dir - dirs.add(lib_dir) - if bi.soname in pkg_requires: - # But not if the library is used by the pkg itself - # This avoids program packages with their own private lib - # FIXME: we'd need to check if somebody else links to this lib - reqlibs.add(bi.soname) - except: - pass - pass - - std_dirs = dirs.intersection(('/lib', '/lib64', '/usr/lib', '/usr/lib64', - '/opt/kde3/lib', '/opt/kde3/lib64')) - - non_std_dirs = dirs.difference(std_dirs) - - # If this is a program package (all libs it provides are - # required by itself), bail out - if not pkg.name.startswith("lib") and len(libs.difference(reqlibs)) == 0: - return - - std_lib_package = False - if pkg.name.startswith("lib") and pkg.name[-1].isdigit(): - std_lib_package = True - - # ignore libs in a versioned non_std_dir - if std_lib_package: - for lib in libs.copy(): - lib_dir = libs_to_dir[lib] - if lib_dir.startswith("/opt/kde3"): - continue - for lib_part in lib_dir.split('/'): - if len(lib_part) == 0: - continue - if lib_part[-1].isdigit() and not lib_part.endswith("lib64"): - libs.remove(lib) - break - - # Check for non-versioned libs in a std lib package - if std_lib_package: - for lib in libs.copy(): - if not lib[-1].isdigit(): - printWarning(pkg, "shlib-unversioned-lib", lib) - libs.remove(lib) - - # If this package should be or should be splitted into shlib - # package(s) - if len(libs) > 0 and len(std_dirs) > 0: - # If the package contains a single shlib, name after soname - if len(libs) == 1: - soname = libs.copy().pop() - libname = libname_from_soname (soname) - if libname.startswith('lib') and pkg.name != libname and \ - pkg.name != libname + "-mini": - matchesExceptionList = False - if libname in _policy_every_version_exceptions: - matchesExceptionList = True - if libname in _policy_legacy_exceptions: - for ver in _policy_legacy_exceptions[libname]: - if pkg[rpm.RPMTAG_VERSION] == ver: - matchesExceptionList = True - break - if matchesExceptionList: - printWarning(pkg, 'shlib-legacy-policy-name-error', - libname) - else: - printError(pkg, 'shlib-policy-name-error', libname) - - elif not pkg.name[-1:].isdigit(): - printError(pkg, 'shlib-policy-missing-suffix') - - if (not pkg.name.startswith('lib')) or pkg.name.endswith('-lang'): - return - - if not libs: - if pkg.name in _policy_legacy_exceptions.keys(): - printWarning(pkg, 'shlib-legacy-policy-missing-lib', pkg.name) - else: - printError(pkg, 'shlib-policy-missing-lib') - - # Verify no non-lib stuff is in the package - dirs = set() - for f in files: - if os.path.isdir(pkg.dirName()+f): - dirs.add(f) - - # Verify shared lib policy package doesn't have hard dependency on non-lib packages - if std_lib_package: - for dep in pkg.requires(): - if (dep[0].startswith('rpmlib(') or dep[0].startswith('config(')): - continue - if (dep[1] & (rpm.RPMSENSE_GREATER | rpm.RPMSENSE_EQUAL)) == rpm.RPMSENSE_EQUAL: - printWarning(pkg, "shlib-fixed-dependency", Pkg.formatRequire(dep[0], dep[1], dep[2])) - - # Verify non-lib stuff does not add dependencies - if libs: - for dep in pkg_requires.difference(_essential_dependencies): - if dep.find('.so.') != -1 and not dep in libs and not dep in libs_needed: - printError(pkg, 'shlib-policy-excessive-dependency', dep) - - # Check for non-versioned directories beyond sysdirs in package - sysdirs = [ '/lib', '/lib64', '/usr/lib', '/usr/lib64', - '/usr/share/doc/packages', '/usr/share' ] - cdirs = set() - for sysdir in sysdirs: - done = set() - for dir in dirs: - if dir.startswith(sysdir + '/'): - ssdir = string.split(dir[len(sysdir)+1:],'/')[0] - if not ssdir[-1].isdigit(): - cdirs.add(sysdir+'/'+ssdir) - done.add(dir) - dirs = dirs.difference(done) - map(lambda dir: printError(pkg, 'shlib-policy-nonversioned-dir', dir), cdirs) - -check=LibraryPolicyCheck() - -if Config.info: - addDetails( -'shlib-policy-missing-suffix', -"""Your package containing shared libraries does not end in a digit and -should probably be split.""", -'shlib-policy-devel-file', -"""Your shared library package contains development files. Split them into -a -devel subpackage.""", -'shlib-policy-name-error', -"""Your package contains a single shared library but is not named after its SONAME.""", -'shlib-policy-nonversioned-dir', -"""Your shared library package contains non-versioned directories. Those will not -allow to install multiple versions of the package in parallel.""", -'shlib-legacy-policy-name-error', -"""Your shared library package is not named after its SONAME, but it has been added to the list -of legacy exceptions. Please do not rename the package until SONAME changes, but if you have -to rename it for another reason, make sure you name it correctly.""", -'shlib-policy-excessive-dependency', -"""Your package starts with 'lib' as part of its name, but also contains binaries -that have more dependencies than those that already required by the libraries. -Those binaries should probably not be part of the library package, but split into -a seperate one to reduce the additional dependencies for other users of this library.""", -'shlib-policy-missing-lib', -"""Your package starts with 'lib' as part of its name, but does not provide -any libraries. It must not be called a lib-package then. Give it a more -sensible name.""", -'shlib-fixed-dependency', -"""Your shared library package requires a fixed version of another package. The -intention of the Shared Library Policy is to allow parallel installation of -multiple versions of the same shared library, hard dependencies likely make that -impossible. Please remove this dependency and instead move it to the runtime uses -of your library.""", -'shlib-unversioned-lib', -"""Your package matches the Shared Library Policy Naming Scheme but contains an -unversioned library. Therefore it is very unlikely that your package can be installed -in parallel to another version of this library package. Consider moving unversioned -parts into a runtime package.""" -) diff --git a/README.packaging.txt b/README.packaging.txt new file mode 100644 index 0000000..09103b9 --- /dev/null +++ b/README.packaging.txt @@ -0,0 +1,13 @@ +The files from rpmlint-checks are the content of the git tree. If you need +to make changes, you have the following options: +* Make them in git and update the package from git (you can send merge + request if you don't have write access) +* Create a patch, add the patch to the package and let one of the + maintainers commit it for you + +The online repository is at: +https://github.com/openSUSE/rpmlint-checks + +For building the package from git run the service directly: +osc service disabledrun + diff --git a/_service b/_service new file mode 100644 index 0000000..99de233 --- /dev/null +++ b/_service @@ -0,0 +1,11 @@ + + + master + http://github.com/openSUSE/rpmlint-checks.git + git + + + gz + *.tar + + diff --git a/rpmlint-checks-master.tar.gz b/rpmlint-checks-master.tar.gz new file mode 100644 index 0000000..bf770c2 --- /dev/null +++ b/rpmlint-checks-master.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:89212eea53e85d22bd795fa52edb77fe642d04cf253f9898ace47bc5a7bcaa47 +size 30299 diff --git a/rpmlint.changes b/rpmlint.changes index c050bb2..517dbc7 100644 --- a/rpmlint.changes +++ b/rpmlint.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Sep 26 13:10:02 UTC 2012 - aj@suse.de + +- Add README.packaging.txt to explain packaging of file + rpmlint-checks-$VERSION.tar.gz +- Package all *py files into rpmlint-checks tarball +- Add _service file to update rpmlint-checks tarball +- Add /etc/systemd.d, /etc/modules-load.d and /etc/tmpfiles.d to the + blacklist, only users should write here. +- Blacklist the directories used by systemd. +- Remove SuSEconfig directories (update patch suse-filesystem.diff) +- Add warnings about files on tmpfs in /var/lock or /var/run. + ------------------------------------------------------------------- Wed Sep 26 09:16:37 UTC 2012 - dmueller@suse.com diff --git a/rpmlint.spec b/rpmlint.spec index e2e055e..9e9863e 100644 --- a/rpmlint.spec +++ b/rpmlint.spec @@ -28,33 +28,12 @@ Group: System/Packages Version: 1.4 Release: 0 Source0: http://rpmlint.zarb.org/download/rpmlint-%{version}.tar.xz -Source1: config -Source1001: config.in -Source3: DuplicatesCheck.py -Source4: CheckBuildRoot.py -Source5: CheckExecDocs.py -Source6: CheckPkgConfig.py -Source7: LibraryPolicyCheck.py -Source8: CheckCommonFiles.py -Source9: CheckInitScripts.py -Source10: CheckIconSizes.py -Source11: BrandingPolicyCheck.py -Source12: CheckKDE4Deps.py -Source13: KMPPolicyCheck.py -Source14: CheckSUIDPermissions.py -Source15: CheckPolkitPrivs.py -Source16: CheckDBUSServices.py -Source17: CheckFilelist.py -Source18: CheckDBusPolicy.py -Source19: CheckAlternativesGhostFiles.py -Source20: rpmgroups.config -Source21: BashismsCheck.py -Source22: CheckGNOMEMacros.py -Source23: CheckBuildDate.py -Source24: pie.config -Source25: licenses.config -Source26: CheckLogrotate.py -Source27: CheckPAMModules.py +Source1: rpmlint-checks-master.tar.gz +Source2: config +Source3: config.in +Source10: rpmgroups.config +Source11: pie.config +Source12: licenses.config Source100: syntax-validator.py Url: http://rpmlint.zarb.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -148,7 +127,7 @@ Authors: Gwenole Beauchesne %prep -%setup -q -n rpmlint-%{version} +%setup -q -n rpmlint-%{version} -a1 %patch0 %patch1 %patch2 @@ -214,29 +193,10 @@ Authors: %patch88 %patch89 %patch90 -p1 -cp -p %{SOURCE1} . -cp -p %{SOURCE3} . -cp -p %{SOURCE4} . -cp -p %{SOURCE5} . -cp -p %{SOURCE6} . -cp -p %{SOURCE7} . -cp -p %{SOURCE8} . -cp -p %{SOURCE9} . -cp -p %{SOURCE10} . -cp -p %{SOURCE11} . -cp -p %{SOURCE12} . -cp -p %{SOURCE13} . -cp -p %{SOURCE14} . -cp -p %{SOURCE15} . -cp -p %{SOURCE16} . -cp -p %{SOURCE17} . -cp -p %{SOURCE18} . -cp -p %{SOURCE19} . -cp -p %{SOURCE21} . -cp -p %{SOURCE22} . -cp -p %{SOURCE23} . -cp -p %{SOURCE26} . -cp -p %{SOURCE27} . +cp -p %{SOURCE2} . +# Only move top-level python files +chmod 0755 rpmlint-checks-master/*.py +mv rpmlint-checks-master/*.py . %build make %{?_smp_mflags} @@ -249,10 +209,10 @@ mv $RPM_BUILD_ROOT/etc/rpmlint/config $RPM_BUILD_ROOT/usr/share/rpmlint/config head -n 8 $RPM_BUILD_ROOT/usr/share/rpmlint/config > $RPM_BUILD_ROOT/etc/rpmlint/config # make sure that the package is sane python -tt %{SOURCE100} $RPM_BUILD_ROOT/usr/share/rpmlint/*.py $RPM_BUILD_ROOT/usr/share/rpmlint/config -%__install -m 644 %{SOURCE20} %{buildroot}/%{_sysconfdir}/rpmlint/ -%__install -m 644 %{SOURCE24} %{buildroot}/%{_sysconfdir}/rpmlint/ +%__install -m 644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/rpmlint/ +%__install -m 644 %{SOURCE11} %{buildroot}/%{_sysconfdir}/rpmlint/ -cp %{SOURCE25} licenses.config +cp %{SOURCE12} licenses.config # note there is a tab character behind the -d, so don't copy&paste lightly cut '-d ' -f1 /usr/lib/obs/service/format_spec_file.files/licenses_changes.txt | tail -n +2 | sort -u | while read l; do sed -i -e "s/\(#VALIDLICENSES\)/\1\n '$l',/" licenses.config diff --git a/suse-filesystem.diff b/suse-filesystem.diff index 3bb789f..0373639 100644 --- a/suse-filesystem.diff +++ b/suse-filesystem.diff @@ -2,13 +2,12 @@ Index: FilesCheck.py =================================================================== --- FilesCheck.py.orig +++ FilesCheck.py -@@ -29,65 +29,114 @@ STANDARD_DIRS = ( +@@ -29,65 +29,112 @@ STANDARD_DIRS = ( '/', '/bin', '/boot', + '/dev', '/etc', -+ '/etc/SuSEconfig', '/etc/X11', + '/etc/aliases.d', + '/etc/cron.d', @@ -80,7 +79,6 @@ Index: FilesCheck.py + '/root/bin', '/sbin', - '/selinux', -+ '/sbin/conf.d', '/srv', + '/srv/ftp', + '/srv/www', @@ -144,7 +142,7 @@ Index: FilesCheck.py '/usr/local/lib', '/usr/local/lib64', '/usr/local/man', -@@ -103,24 +152,415 @@ STANDARD_DIRS = ( +@@ -103,24 +150,415 @@ STANDARD_DIRS = ( '/usr/local/man/mann', '/usr/local/sbin', '/usr/local/share', @@ -571,7 +569,7 @@ Index: FilesCheck.py '/usr/share/man', '/usr/share/man/man1', '/usr/share/man/man2', -@@ -132,28 +572,60 @@ STANDARD_DIRS = ( +@@ -132,28 +570,57 @@ STANDARD_DIRS = ( '/usr/share/man/man8', '/usr/share/man/man9', '/usr/share/man/mann', @@ -595,9 +593,6 @@ Index: FilesCheck.py '/var', + '/var/X11R6', + '/var/adm', -+ '/var/adm/SuSEconfig', -+ '/var/adm/SuSEconfig/bin', -+ '/var/adm/SuSEconfig/md5', + '/var/adm/backup', + '/var/adm/backup/rpmdb', + '/var/adm/backup/sysconfig',