diff --git a/CheckPolkitPrivs.py b/CheckPolkitPrivs.py index 9097c96..da0c1bc 100644 --- a/CheckPolkitPrivs.py +++ b/CheckPolkitPrivs.py @@ -21,12 +21,12 @@ class PolkitCheck(AbstractCheck.AbstractCheck): AbstractCheck.AbstractCheck.__init__(self, "CheckPolkitPrivs") self.privs = {} - for file in POLKIT_PRIVS_FILES: - if os.path.exists(file): - self._parsefile(file) + for filename in POLKIT_PRIVS_FILES: + if os.path.exists(filename): + self._parsefile(filename) - def _parsefile(self,file): - for line in open(file): + def _parsefile(self,filename): + for line in file(filename): line = line.split('#')[0].split('\n')[0] if len(line): line = re.split(r'\s+', line) @@ -54,12 +54,15 @@ class PolkitCheck(AbstractCheck.AbstractCheck): if not bn in POLKIT_PRIVS_WHITELIST: printError(pkg, "polkit-unauthorized-file", f) - bn = bn.split('.')[0] + if bn.endswith(".restrictive") or bn.endswith(".standard") or bn.endswith(".relaxed"): + bn = bn.split('.')[0] + if not bn in permfiles: permfiles[bn] = 1 for f in permfiles: f = pkg.dirName() + "/etc/polkit-default-privs.d/" + f + if os.path.exists(f+".restrictive"): self._parsefile(f + ".restrictive") elif os.path.exists(f+".standard"): @@ -69,6 +72,7 @@ class PolkitCheck(AbstractCheck.AbstractCheck): else: self._parsefile(f) + for f in files: if f in pkg.ghostFiles(): continue diff --git a/filename-non-utf8-exception.diff b/filename-non-utf8-exception.diff index 1a974ef..bf37216 100644 --- a/filename-non-utf8-exception.diff +++ b/filename-non-utf8-exception.diff @@ -1,8 +1,6 @@ -Index: Filter.py -=================================================================== ---- Filter.py.orig +--- Filter.py +++ Filter.py -@@ -22,13 +22,8 @@ _diagnostic = list() +@@ -24,12 +24,8 @@ _badness_score = 0 printed_messages = { "I": 0, "W": 0, "E": 0 } @@ -10,7 +8,6 @@ Index: Filter.py - def __print(s): - print(s) -else: -- import locale - def __print(s): - print(s.encode(locale.getpreferredencoding(), "replace")) +def __print(s): diff --git a/rpmlint-1.2.tar.xz b/rpmlint-1.2.tar.xz deleted file mode 100644 index da10ca8..0000000 --- a/rpmlint-1.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:59d18da1b8b07eda9079f861fe3ef1176b8bcc32e9f81a56ecfa80e92e6fbe46 -size 114648 diff --git a/rpmlint-1.3.tar.xz b/rpmlint-1.3.tar.xz new file mode 100644 index 0000000..6db9a11 --- /dev/null +++ b/rpmlint-1.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:46ca95b4af224a5923739b6eed8224f18235913136e5004838e5312b4bada0f7 +size 115772 diff --git a/rpmlint-pie.diff b/rpmlint-pie.diff deleted file mode 100644 index 3950ce2..0000000 --- a/rpmlint-pie.diff +++ /dev/null @@ -1,73 +0,0 @@ -From 6eedb2e510533cb196f37803b78ca64c0d0a77d4 Mon Sep 17 00:00:00 2001 -From: scop -Date: Sun, 15 May 2011 09:05:04 +0000 -Subject: [PATCH] Check for position independent executables (based on patch by Ludwig Nussel). - -git-svn-id: http://rpmlint.zarb.org/svn/trunk@1865 9bc8b190-ac0f-0410-8968-dc7d1f502856 ---- - BinariesCheck.py | 10 ++++++++++ - config | 4 ++++ - 2 files changed, 14 insertions(+), 0 deletions(-) - -Index: rpmlint-1.2/BinariesCheck.py -=================================================================== ---- rpmlint-1.2.orig/BinariesCheck.py -+++ rpmlint-1.2/BinariesCheck.py -@@ -198,6 +198,8 @@ so_regex = re.compile('/lib(64)?/[^/]+\. - validso_regex = re.compile('(\.so\.\d+(\.\d+)*|\d\.so)$') - sparc_regex = re.compile('SPARC32PLUS|SPARC V9|UltraSPARC') - system_lib_paths = Config.getOption('SystemLibPaths', DEFAULT_SYSTEM_LIB_PATHS) -+pie_exec_re = Config.getOption('PieExecutables') -+if pie_exec_re: pie_exec_re = re.compile(pie_exec_re) - usr_lib_regex = re.compile('^/usr/lib(64)?/') - bin_regex = re.compile('^(/usr(/X11R6)?)?/s?bin/') - soversion_regex = re.compile('.*?([0-9][.0-9]*)\\.so|.*\\.so\\.([0-9][.0-9]*).*') -@@ -386,6 +388,11 @@ class BinariesCheck(AbstractCheck.Abstra - if not is_exec and not is_shobj: - continue - -+ if is_shobj and not is_exec and '.so' not in fname and \ -+ bin_regex.search(fname): -+ # pkgfile.magic does not contain "executable" for PIEs -+ is_exec = True -+ - if is_exec: - - if bin_regex.search(fname): -@@ -394,6 +401,10 @@ class BinariesCheck(AbstractCheck.Abstra - if ocaml_mixed_regex.search(bin_info.tail): - printWarning(pkg, 'ocaml-mixed-executable', fname) - -+ if not is_shobj and pie_exec_re and pie_exec_re.search(fname): -+ printError(pkg, 'non-position-independent-executable', -+ fname) -+ - if bin_info.readelf_error: - continue - -@@ -612,6 +623,10 @@ http://bugs.debian.org/cgi-bin/bugreport - project settings. So there's normally no need to manually strip binaries. - Left over unstripped binaries could therefore indicate a bug in the automatic - stripping process.''', -+ -+'non-position-independent-executable', -+'''This executable must be position independent. Check that it is built with -+-fPIE/-fpie in compiler flags and -pie in linker flags.''', - ) - - # BinariesCheck.py ends here -Index: rpmlint-1.2/config -=================================================================== ---- rpmlint-1.2.orig/config -+++ rpmlint-1.2/config -@@ -130,6 +130,10 @@ from Config import * - # Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck - #setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64')) - -+# Executables that must be compiled as position independent. -+# Type: regex, default: None -+#setOption("PieExecutables", '^/bin/(ping6?|su)$') -+ - # Whether to want default start/stop runlevels specified in init scripts. - # Type: boolean, default: True - #setOption("UseDefaultRunlevels", True) diff --git a/rpmlint-subsys.diff b/rpmlint-subsys.diff deleted file mode 100644 index dccb344..0000000 --- a/rpmlint-subsys.diff +++ /dev/null @@ -1,73 +0,0 @@ -From 665a612a589e161509de4aeab1486f430cc99e03 Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Tue, 31 May 2011 13:21:27 +0200 -Subject: [PATCH] add option to disable /var/lock/subsys check - -openSUSE for example doesn't use /var/lock/subsys ---- - InitScriptCheck.py | 11 +++++++++-- - config | 4 ++++ - 2 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/InitScriptCheck.py b/InitScriptCheck.py -index ba7952e..167385b 100644 ---- a/InitScriptCheck.py -+++ b/InitScriptCheck.py -@@ -29,6 +29,7 @@ dot_in_name_regex = re.compile('.*\..*') - use_deflevels = Config.getOption('UseDefaultRunlevels', True) - lsb_tags_regex = re.compile('^# ([\w-]+):\s*(.*?)\s*$') - lsb_cont_regex = re.compile('^#(?:\t| )(.*?)\s*$') -+use_subsys = Config.getOption('UseVarLockSubsys', True) - - LSB_KEYWORDS = ('Provides', 'Required-Start', 'Required-Stop', 'Should-Start', - 'Should-Stop', 'Default-Start', 'Default-Stop', -@@ -152,7 +153,7 @@ class InitScriptCheck(AbstractCheck.AbstractCheck): - if res: - subsys_regex_found = True - name = res.group(1) -- if name != basename: -+ if use_subsys and name != basename: - error = True - if name[0] == '$': - value = Pkg.substitute_shell_vars(name, content_str) -@@ -181,8 +182,10 @@ class InitScriptCheck(AbstractCheck.AbstractCheck): - printWarning(pkg, 'no-reload-entry', fname) - if not chkconfig_content_found: - printError(pkg, 'no-chkconfig-line', fname) -- if not subsys_regex_found: -+ if not subsys_regex_found and use_subsys: - printError(pkg, 'subsys-not-used', fname) -+ elif subsys_regex_found and not use_subsys: -+ printError(pkg, 'subsys-unsupported', fname) - - goodnames = (pkg.name.lower(), pkg.name.lower() + 'd') - if len(initscript_list) == 1 and initscript_list[0] not in goodnames: -@@ -238,6 +241,10 @@ reasons, most services should not be. Use "-" as the default runlevel in the - init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword - to fix this if appropriate for this service.''', - -+'subsys-unsupported', -+'''The init script uses /var/lock/subsys which is not supported by -+this distribution.''', -+ - 'subsys-not-used', - '''While your daemon is running, you have to put a lock file in - /var/lock/subsys/. To see an example, look at this directory on your -diff --git a/config b/config -index 8ed05d4..5631260 100644 ---- a/config -+++ b/config -@@ -162,6 +162,10 @@ from Config import * - # Type: boolean, default: True - #setOption("UseVersionInChangelog", True) - -+# Whether init scripts must use /var/lock/subsys -+# Type: boolean, default: True -+#setOption("UseVarLockSubsys", True) -+ - # Architecture dependent paths in which packages are allowed to install files - # even if they are all non-binary. - # Type: regexp, default: see BinariesCheck --- -1.7.3.4 - diff --git a/rpmlint-typo.diff b/rpmlint-typo.diff deleted file mode 100644 index e4ae50b..0000000 --- a/rpmlint-typo.diff +++ /dev/null @@ -1,23 +0,0 @@ -From 75b89dd25fc1d653131f27702030b8b829759317 Mon Sep 17 00:00:00 2001 -From: scop -Date: Wed, 11 May 2011 16:25:39 +0000 -Subject: [PATCH] Fix setting message type for reasons with badness threshold defined (Ludwig Nussel). - -git-svn-id: http://rpmlint.zarb.org/svn/trunk@1862 9bc8b190-ac0f-0410-8968-dc7d1f502856 ---- - Filter.py | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -Index: rpmlint-1.2/Filter.py -=================================================================== ---- rpmlint-1.2.orig/Filter.py -+++ rpmlint-1.2/Filter.py -@@ -44,7 +44,7 @@ def _print(msgtype, pkg, reason, details - badness = Config.badness(reason) - # anything with badness is an error - if badness: -- msgtype == 'E' -+ msgtype = 'E' - # errors without badness become warnings - elif msgtype == 'E': - msgtype = 'W' diff --git a/rpmlint.changes b/rpmlint.changes index ae0289f..fb6b598 100644 --- a/rpmlint.changes +++ b/rpmlint.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Sat Aug 20 02:19:29 CEST 2011 - dmueller@suse.de + +- check for versioned dependency on python(abi) (bnc#659068) + +------------------------------------------------------------------- +Fri Aug 19 18:36:04 CEST 2011 - dmueller@suse.de + +- fix stripping of unknown polkit suffixes (bnc#711485) + +------------------------------------------------------------------- +Fri Aug 12 18:07:43 CEST 2011 - dmueller@suse.de + +- update to 1.3: + * Add --rawout option + * Warn about non-ghost files in /var/run and /var/lock + * Fix setting message type for reasons with badness threshold defined + * Use "declare -F" instead of "type" to check if a bash function exists. + ------------------------------------------------------------------- Fri Aug 12 17:57:35 CEST 2011 - dmueller@suse.de diff --git a/rpmlint.spec b/rpmlint.spec index 84141e5..0e51d34 100644 --- a/rpmlint.spec +++ b/rpmlint.spec @@ -22,8 +22,8 @@ Name: rpmlint BuildRequires: rpm-python xz Summary: Rpm correctness checker -Version: 1.2 -Release: 23 +Version: 1.3 +Release: 1 Source0: http://rpmlint.zarb.org/download/rpmlint-%{version}.tar.xz Source1: config Source1001: config.in @@ -72,8 +72,6 @@ Patch7: suse-pkg-config-check.diff Patch8: suse-binarieschecks.diff Patch9: no-doc-for-lib.diff Patch10: add-scoring-support.diff -# accepted upstream -Patch11: suse-file-var-run.diff Patch12: usr-arch.diff Patch13: script-interpreter-only-for-exec-scripts.diff Patch14: sourced-dirs.diff @@ -126,11 +124,7 @@ Patch85: suse-changelog.patch Patch86: suse-rclink-check.diff # accepted upstream Patch88: suse-speccheck-utf8.diff -# accepted upstream -Patch89: rpmlint-pie.diff -# accepted upstream -Patch90: rpmlint-typo.diff -Patch91: rpmlint-subsys.diff +Patch89: suse-python-abi-check.diff %py_requires %description @@ -146,7 +140,6 @@ Authors: %prep %setup -q -n rpmlint-%{version} -%patch91 -p1 %patch0 %patch1 %patch2 @@ -158,7 +151,6 @@ Authors: %patch8 %patch9 #%patch10 -%patch11 -p1 %patch12 %patch13 %patch14 @@ -211,8 +203,7 @@ Authors: %patch86 #patch87 -p1 %patch88 -%patch89 -p1 -%patch90 -p1 +%patch89 cp -p %{SOURCE1} . cp -p %{SOURCE2} . cp -p %{SOURCE3} . diff --git a/suse-binarieschecks.diff b/suse-binarieschecks.diff index ca69e04..4675169 100644 --- a/suse-binarieschecks.diff +++ b/suse-binarieschecks.diff @@ -1,6 +1,4 @@ -Index: BinariesCheck.py -=================================================================== ---- BinariesCheck.py.orig +--- BinariesCheck.py +++ BinariesCheck.py @@ -10,13 +10,15 @@ @@ -19,7 +17,7 @@ Index: BinariesCheck.py DEFAULT_SYSTEM_LIB_PATHS = ( -@@ -37,6 +39,9 @@ class BinaryInfo: +@@ -37,6 +39,9 @@ unused_regex = re.compile('^\s+(\S+)') exit_call_regex = re.compile('\s+FUNC\s+.*?\s+(_?exit(?:@\S+)?)(?:\s|$)') fork_call_regex = re.compile('\s+FUNC\s+.*?\s+(fork(?:@\S+)?)(?:\s|$)') @@ -29,7 +27,7 @@ Index: BinariesCheck.py def __init__(self, pkg, path, file, is_ar, is_shlib): self.readelf_error = False -@@ -50,7 +55,10 @@ class BinaryInfo: +@@ -50,7 +55,10 @@ self.stack = False self.exec_stack = False self.exit_calls = [] @@ -40,7 +38,7 @@ Index: BinariesCheck.py self.tail = '' is_debug = path.endswith('.debug') -@@ -93,6 +101,11 @@ class BinaryInfo: +@@ -93,6 +101,11 @@ self.exec_stack = True continue @@ -52,7 +50,7 @@ Index: BinariesCheck.py if is_shlib: r = BinaryInfo.exit_call_regex.search(l) if r: -@@ -103,6 +116,14 @@ class BinaryInfo: +@@ -103,6 +116,14 @@ fork_called = True continue @@ -67,7 +65,7 @@ Index: BinariesCheck.py if self.non_pic: self.non_pic = 'TEXTREL' in res[1] -@@ -272,13 +293,26 @@ class BinariesCheck(AbstractCheck.Abstra +@@ -274,13 +295,26 @@ continue # stripped ? @@ -95,7 +93,7 @@ Index: BinariesCheck.py if is_shlib: has_lib = True -@@ -328,6 +362,10 @@ class BinariesCheck(AbstractCheck.Abstra +@@ -330,6 +364,10 @@ for ec in bin_info.exit_calls: printWarning(pkg, 'shared-lib-calls-exit', fname, ec) @@ -106,7 +104,7 @@ Index: BinariesCheck.py # rpath ? if bin_info.rpath: for p in bin_info.rpath: -@@ -513,6 +551,14 @@ with the intended shared libraries only. +@@ -524,6 +562,14 @@ 'ldd-failed', '''Executing ldd on this file failed, all checks could not be run.''', @@ -121,7 +119,7 @@ Index: BinariesCheck.py 'executable-stack', '''The binary declares the stack as executable. Executable stack is usually an error as it is only needed if the code contains GCC trampolines or similar -@@ -525,6 +571,10 @@ don\'t define a proper .note.GNU-stack s +@@ -536,6 +582,10 @@ make the stack executable. Usual suspects include use of a non-GNU linker or an old GNU linker version.''', @@ -132,16 +130,16 @@ Index: BinariesCheck.py 'shared-lib-calls-exit', '''This library package calls exit() or _exit(), probably in a non-fork() context. Doing so from a library is strongly discouraged - when a library -@@ -542,6 +592,12 @@ form, make sure that rpmbuild does not s - that use prelink, make sure that prelink does not strip it either, usually by +@@ -554,6 +604,12 @@ placing a blacklist file in /etc/prelink.conf.d. For more information, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49''', -+ + +'unstripped-binary-or-object', +'''stripping debug info from binaries happens automatically according to global +project settings. So there's normally no need to manually strip binaries. +Left over unstripped binaries could therefore indicate a bug in the automatic +stripping process.''', - ) - - # BinariesCheck.py ends here ++ + 'non-position-independent-executable', + '''This executable must be position independent. Check that it is built with + -fPIE/-fpie in compiler flags and -pie in linker flags.''', diff --git a/suse-file-var-run.diff b/suse-file-var-run.diff deleted file mode 100644 index 638ba7c..0000000 --- a/suse-file-var-run.diff +++ /dev/null @@ -1,44 +0,0 @@ -From d685ddb42daa5d3b122c0486cc1d4f2dde6c466f Mon Sep 17 00:00:00 2001 -From: scop -Date: Fri, 13 May 2011 17:10:53 +0000 -Subject: [PATCH] Warn about non-ghost files in /var/run and /var/lock (based on patch from Ludwig Nussel). - -git-svn-id: http://rpmlint.zarb.org/svn/trunk@1863 9bc8b190-ac0f-0410-8968-dc7d1f502856 ---- - FilesCheck.py | 16 ++++++++++++++++ - 1 files changed, 16 insertions(+), 0 deletions(-) - -Index: rpmlint-1.2/FilesCheck.py -=================================================================== ---- rpmlint-1.2.orig/FilesCheck.py -+++ rpmlint-1.2/FilesCheck.py -@@ -915,6 +915,12 @@ class FilesCheck(AbstractCheck.AbstractC - printError(pkg, 'dir-or-file-in-usr-local', f) - elif f.startswith('/var/local/'): - printError(pkg, 'dir-or-file-in-var-local', f) -+ elif f.startswith('/var/run/'): -+ if f not in ghost_files: -+ printWarning(pkg, 'non-ghost-in-var-run', f) -+ elif f.startswith('/var/lock/'): -+ if f not in ghost_files: -+ printWarning(pkg, 'non-ghost-in-var-lock', f) - elif sub_bin_regex.search(f): - printError(pkg, 'subdir-in-bin', f) - elif f.startswith('/home/'): -@@ -1491,6 +1497,16 @@ for packages to install files in this di - '''A file in the package is located in /var/local. It's not permitted - for packages to install files in this directory.''', - -+'non-ghost-in-var-run', -+'''A file or directory in the package is located in /var/run. Files installed -+in this directory should be marked as %ghost and created at runtime to work -+properly in tmpfs /var/run setups.''', -+ -+'non-ghost-in-var-lock', -+'''A file or directory in the package is located in /var/lock. Files installed -+in this directory should be marked as %ghost and created at runtime to work -+properly in tmpfs /var/lock setups.''', -+ - 'subdir-in-bin', - '''The package contains a subdirectory in /usr/bin. It's not permitted to - create a subdir there. Create it in /usr/lib/ instead.''', diff --git a/suse-filter-exception.diff b/suse-filter-exception.diff index 759d7b5..aa7d875 100644 --- a/suse-filter-exception.diff +++ b/suse-filter-exception.diff @@ -1,8 +1,6 @@ -Index: Config.py -=================================================================== ---- Config.py.orig +--- Config.py +++ Config.py -@@ -116,12 +116,23 @@ def getOption(name, default = ""): +@@ -104,11 +104,23 @@ _filters = [] _filters_re = None @@ -13,12 +11,9 @@ Index: Config.py +_filters_except_re = None + def addFilter(s): - global _filters global _filters_re + global _filters_except - -- _filters.append(s) -- _filters_re = None ++ + if len(_filters_except): + _filters.append(s) + _filters_re = None @@ -26,9 +21,12 @@ Index: Config.py + _filters_non_except.append(s) + _filters_non_except_re = None +- _filters.append(s) +- _filters_re = None + def removeFilter(s): - global _filters -@@ -137,8 +148,14 @@ def removeFilter(s): + global _filters_re +@@ -123,19 +135,38 @@ _scoring = {} def setBadness(s, score): @@ -43,9 +41,8 @@ Index: Config.py def badness(s): return _scoring.get(s, 0) -@@ -146,11 +163,24 @@ _non_named_group_re = re.compile('[^\\]( + _non_named_group_re = re.compile('[^\\](\()[^:]') def isFiltered(s): - global _filters global _filters_re + global _filters_except + global _filters_except_re @@ -72,7 +69,7 @@ Index: Config.py _filters_re = '(?:' + _filters[0] + ')' for idx in range(1, len(_filters)): -@@ -162,9 +192,27 @@ def isFiltered(s): +@@ -147,9 +178,27 @@ _filters_re = _filters_re + '|(?:' + _filters[idx] +')' _filters_re = re.compile(_filters_re) diff --git a/suse-python-abi-check.diff b/suse-python-abi-check.diff new file mode 100644 index 0000000..ce7e13f --- /dev/null +++ b/suse-python-abi-check.diff @@ -0,0 +1,16 @@ +--- FilesCheck.py ++++ FilesCheck.py +@@ -664,8 +664,11 @@ + if res and not (pkg.check_versioned_dep('python-base', + res.group(1)) or + pkg.check_versioned_dep('python', +- res.group(1))): +- printError(pkg, 'no-dependency-on', 'python-base', ++ res.group(1)) or ++ pkg.check_versioned_dep('python(abi)', ++ res.group(1)) ++ ): ++ printError(pkg, 'no-dependency-on', 'python(abi)', + res.group(1)) + python_dep_error = True +