Accepting request 51111 from Base:System

Accepted submit request 51111 from user prusnak

OBS-URL: https://build.opensuse.org/request/show/51111
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpmlint?expand=0&rev=70

CheckDBUSServices.py

@@ -14,14 +14,7 @@ import re
 import os
 import string
 
-_services_whitelist = (
+SERVICES_WHITELIST = Config.getOption('DBUSServices.WhiteList', ()) # set of file names
-    "ConsoleKit.conf",
-    "hal.conf",
-    "cups.conf", # bnc#515977
-    "org.freedesktop.ConsoleKit.service",
-    "org.freedesktop.PolicyKit.conf",
-    "org.freedesktop.PolicyKit.service",
-)
 
 # need to end with / so we don't catch directories
 _dbus_system_paths = [
@@ -34,7 +27,7 @@ class DBUSServiceCheck(AbstractCheck.AbstractCheck):
         AbstractCheck.AbstractCheck.__init__(self, "CheckDBUSServices")
 
     def check(self, pkg):
-        global _services_whitelist
+        global SERVICES_WHITELIST
         global _dbus_system_paths
 
         if pkg.isSource():
@@ -50,7 +43,7 @@ class DBUSServiceCheck(AbstractCheck.AbstractCheck):
                 if f.startswith(p):
 
                     bn = f[len(p):]
-                    if not bn in _services_whitelist:
+                    if not bn in SERVICES_WHITELIST:
                         printError(pkg, "suse-dbus-unauthorized-service", f)
 
 check=DBUSServiceCheck()

config

@@ -69,6 +69,131 @@ setOption('DanglingSymlinkExceptions',
        ['consolehelper$', 'usermode-consoleonly'],
 ))
 
+setOption("DBUSServices.WhiteList", (
+    "ConsoleKit.conf",
+    "hal.conf",
+    "cups.conf", # bnc#515977
+    "org.freedesktop.ConsoleKit.service",
+    "org.freedesktop.PolicyKit.conf",
+    "org.freedesktop.PolicyKit.service",
+    #
+    # the following are not audited. We accept them as legacy for now
+    #
+    # gnome-settings-daemon
+    "org.gnome.SettingsDaemon.DateTimeMechanism.service",
+    "org.gnome.SettingsDaemon.DateTimeMechanism.conf",
+    # upower
+    "org.freedesktop.UPower.service",
+    "org.freedesktop.UPower.conf",
+    # podsleuth
+    "podsleuth.conf",
+    # PackageKit
+    "org.freedesktop.PackageKit.conf",
+    # PackageKit
+    "org.freedesktop.PackageKit.service",
+    # NetworkManager-pptp
+    "nm-pptp-service.conf",
+    # gdm
+    "gdm.conf",
+    # udisks
+    "org.freedesktop.UDisks.service",
+    "org.freedesktop.UDisks.conf",
+    # scmon
+    "com.novell.Pkcs11Monitor.conf",
+    # systemd
+    "org.freedesktop.systemd1.service",
+    "org.freedesktop.systemd1.conf",
+    # gconf2
+    "org.gnome.GConf.Defaults.service",
+    "org.gnome.GConf.Defaults.conf",
+    # system-config-printer
+    "newprinternotification.conf",
+    "printerdriversinstaller.conf",
+    # rtkit
+    "org.freedesktop.RealtimeKit1.conf",
+    "org.freedesktop.RealtimeKit1.service",
+    # wpa_supplicant
+    "fi.epitest.hostap.WPASupplicant.service",
+    "wpa_supplicant.conf",
+    # kdebase4-workspace
+    "org.kde.fontinst.service",
+    "org.kde.kcontrol.kcmkdm.conf",
+    "org.kde.fontinst.conf",
+    "org.kde.ksysguard.processlisthelper.service",
+    "org.kde.kcontrol.kcmclock.service",
+    "org.kde.kcontrol.kcmclock.conf",
+    "org.kde.kcontrol.kcmkdm.service",
+    "org.kde.ksysguard.processlisthelper.conf",
+    # pulseaudio
+    "pulseaudio-system.conf",
+    # kdebase4-runtime
+    "org.kde.kcontrol.kcmremotewidgets.service",
+    "org.kde.kcontrol.kcmremotewidgets.conf",
+    # k3b
+    "org.kde.kcontrol.k3bsetup.service",
+    "org.kde.kcontrol.k3bsetup.conf",
+    # NetworkManager-novellvpn
+    "nm-novellvpn-service.conf",
+    # avahi
+    "avahi-dbus.conf",
+    "org.freedesktop.Avahi.service",
+    # hp-drive-guard
+    "hp-drive-guard-dbus.conf",
+    # NetworkManager
+    "nm-dhcp-client.conf",
+    "nm-dispatcher.conf",
+    "nm-avahi-autoipd.conf",
+    "org.freedesktop.nm_dispatcher.service",
+    "NetworkManager.conf",
+    "NetworkManager-frontend.conf",
+    # ModemManager
+    "org.freedesktop.ModemManager.service",
+    "org.freedesktop.ModemManager.conf",
+    # yast2-dbus-server
+    "org.opensuse.YaST.modules.service",
+    "org.opensuse.yast.SCR.conf",
+    "org.opensuse.YaST.modules.conf",
+    "org.opensuse.yast.SCR.service",
+    # bluez
+    "bluetooth.conf",
+    # dnsmasq
+    "dnsmasq.conf",
+    # backup-manager
+    "org.opensuse.BackupManager.service",
+    "backup-manager.conf",
+    # gypsy
+    "Gypsy.conf",
+    "org.freedesktop.Gypsy.service",
+    # pommed
+    "pommed.conf",
+    # NetworkManager-openvpn
+    "nm-openvpn-service.conf",
+    # kdelibs4
+    "org.kde.auth.conf",
+    # polkit
+    "org.freedesktop.PolicyKit1.conf",
+    "org.freedesktop.PolicyKit1.service",
+    # dconf
+    "ca.desrt.dconf.service",
+    # kerneloops
+    "kerneloops.dbus",
+    # polkit-kde-1
+    "org.kde.polkitkde1.helper.conf",
+    "org.kde.polkitkde1.helper.service",
+    # upstart
+    "Upstart.conf",
+    # cups-pk-helper
+    "org.opensuse.CupsPkHelper.Mechanism.service",
+    "org.opensuse.CupsPkHelper.Mechanism.conf",
+    # fwzs
+    "org.opensuse.zoneswitcher.service",
+    "org.opensuse.zoneswitcher.conf",
+    # yum
+    "yum-updatesd.conf",
+    # NetworkManager-vpnc
+    "nm-vpnc-service.conf",
+))
+
 # Output filters
 addFilter(".*spurious-bracket-in-.*")
 addFilter(".*one-line-command-in-.*")

only-reg-files-are-scripts.diff

@@ -1,6 +1,8 @@
---- InitScriptCheck.py
+Index: InitScriptCheck.py
+===================================================================
+--- InitScriptCheck.py.orig
 +++ InitScriptCheck.py
-@@ -18,7 +18,7 @@
+@@ -18,7 +18,7 @@ from Filter import addDetails, printErro
  import AbstractCheck
  import Config
  import Pkg
@@ -9,13 +11,13 @@
  
  chkconfig_content_regex = re.compile('^\s*#\s*chkconfig:\s*([-0-9]+)\s+[-0-9]+\s+[-0-9]+')
  subsys_regex = re.compile('/var/lock/subsys/([^/"\'\n\s;&|]+)', re.MULTILINE)
-@@ -50,7 +50,8 @@
+@@ -53,6 +53,9 @@ class InitScriptCheck(AbstractCheck.Abst
-         for fname, pkgfile in pkg.files().items():
+                     not fname.startswith('/etc/rc.d/init.d/'):
- 
-             if not fname.startswith('/etc/init.d/') and \
--                    not fname.startswith('/etc/rc.d/init.d/'):
-+                    not fname.startswith('/etc/rc.d/init.d/') and \
-+                    stat.S_ISREG(pkgfile.mode):
                  continue
  
++            if not stat.S_ISREG(pkgfile.mode):
++                continue
++
              basename = os.path.basename(fname)
+             initscript_list.append(basename)
+             if pkgfile.mode & 0500 != 0500:

rpmlint.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Oct 19 13:30:41 UTC 2010 - lnussel@suse.de
+
+- init script check logic
+
+-------------------------------------------------------------------
+Tue Oct 19 12:28:43 UTC 2010 - lnussel@suse.de
+
+- add all currently known dbus services as legacy exception
+
+-------------------------------------------------------------------
+Tue Oct 19 06:42:55 UTC 2010 - lnussel@suse.de
+
+- add configurable whitelist to CheckDBUSServices.py
+
 -------------------------------------------------------------------
 Fri Oct 15 16:41:59 CEST 2010 - dmueller@suse.de