Accepting request 234723 from devel:openSUSE:Factory:rpmlint

- enable org.selinux.service and org.selinux.conf of policycoreutils
  (pending more review) bnc#878631 (forwarded request 234722 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/234723
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpmlint?expand=0&rev=218

0001-Set-Python-3.4-magic-number-to-3310.patch

@@ -0,0 +1,23 @@
+From 0929683e2544813d65ef85ae49b52ccdc6662746 Mon Sep 17 00:00:00 2001
+From: Sascha Peilicke <saschpe@mailbox.org>
+Date: Tue, 1 Apr 2014 12:47:30 +0200
+Subject: [PATCH] Set Python-3.4 magic number to 3310
+
+This is the final magic number of the 3.4 release.
+---
+ FilesCheck.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: rpmlint-1.5/FilesCheck.py
+===================================================================
+--- rpmlint-1.5.orig/FilesCheck.py
++++ rpmlint-1.5/FilesCheck.py
+@@ -741,7 +741,7 @@ _python_magic_values = {
+     '3.1': 3150,
+     '3.2': 3180,
+     '3.3': 3230,
+-    '3.4': 3260,
++    '3.4': 3310,
+     }
+ 
+ def get_expected_pyc_magic(path):

config

@@ -613,7 +613,10 @@ setOption("DBUSServices.WhiteList", (
     "nm-openswan-service.conf",
     # baloo, formerly nepomuk (bnc#866131)
     "org.kde.baloo.filewatch.conf",
-    "org.kde.baloo.filewatch.service"
+    "org.kde.baloo.filewatch.service",
+    # policycoreutils new service/config (bnc#878631)
+    "org.selinux.service",
+    "org.selinux.conf"
 ))
 
 setOption("PAMModules.WhiteList", (
@@ -755,10 +758,31 @@ addFilter(".* nss_db non-standard-dir-in-var db")
 addFilter("non-standard-dir-in-usr openwin")
 addFilter("ibcs2 non-standard-dir-in-usr i486-sysv4")
 addFilter("shlibs5 non-standard-dir-in-usr i486-linux-libc5")
-addFilter("filesystem dir-or-file")
-addFilter("filesystem hidden-")
 addFilter("explicit-lib-dependency libtool")
 
+# filesystem package needs special exceptions
+addFilter("^filesystem\..*: dir-or-file-in-var-run")
+addFilter("^filesystem\..*: dir-or-file-in-var-lock")
+addFilter("^filesystem\..*: dir-or-file-in-var-tmp")
+addFilter("^filesystem\..*: dir-or-file-in-var-run")
+addFilter("^filesystem\..*: dir-or-file-in-var-lock")
+addFilter("^filesystem\..*: dir-or-file-in-usr-tmp")
+addFilter("^filesystem\..*: dir-or-file-in-tmp")
+addFilter("^filesystem\..*: dir-or-file-in-mnt")
+addFilter("^filesystem\..*: dir-or-file-in-home")
+addFilter("^filesystem\..*: hidden-file-or-dir /root/.gnupg")
+addFilter("^filesystem\..*: hidden-file-or-dir /root/.gnupg")
+addFilter("^filesystem\..*: hidden-file-or-dir /etc/skel/.config")
+addFilter("^filesystem\..*: hidden-file-or-dir /etc/skel/.local")
+addFilter("^filesystem\..*: hidden-file-or-dir /tmp/.X11-unix")
+addFilter("^filesystem\..*: hidden-file-or-dir /tmp/.ICE-unix")
+addFilter("^filesystem\..*: hidden-file-or-dir /etc/skel/.fonts")
+addFilter("^filesystem\..*: suse-filelist-forbidden-fhs23")
+addFilter("^filesystem\..*: suse-filelist-forbidden-opt")
+addFilter("^filesystem\..*: non-standard-uid /var/lib/nobody nobody")
+addFilter("^filesystem\..*: missing-dependency-to-cron")
+# has arch specific dirs in /usr
+addFilter("^filesystem\..*: no-binary")
 
 # suppress any errors about internal packages
 addFilter("^qa\S+: [EWI]:")

extend-suse-conffiles-check.diff

@@ -2,7 +2,7 @@ Index: FilesCheck.py
 ===================================================================
 --- FilesCheck.py.orig
 +++ FilesCheck.py
-@@ -1176,7 +1176,7 @@ class FilesCheck(AbstractCheck.AbstractC
+@@ -1179,7 +1179,7 @@ class FilesCheck(AbstractCheck.AbstractC
                      if nonexec_file and not docdir_examples_regex.search(f):
                          printWarning(pkg, 'spurious-executable-perm', f)
                  elif f.startswith('/etc/') and f not in config_files and \

invalid-filerequires.diff

@@ -2,7 +2,7 @@ Index: TagsCheck.py
 ===================================================================
 --- TagsCheck.py.orig
 +++ TagsCheck.py
-@@ -420,6 +420,7 @@ invalid_version_regex = re.compile('([0-
+@@ -421,6 +421,7 @@ invalid_version_regex = re.compile('([0-
  # () are here for grouping purpose in the regexp
  forbidden_words_regex = re.compile('(' + Config.getOption('ForbiddenWords') + ')', re.IGNORECASE)
  valid_buildhost_regex = re.compile(Config.getOption('ValidBuildHost'))
@@ -10,7 +10,7 @@ Index: TagsCheck.py
  use_epoch = Config.getOption('UseEpoch', False)
  use_utf8 = Config.getOption('UseUTF8', Config.USEUTF8_DEFAULT)
  max_line_len = Config.getOption('MaxLineLength', 79)
-@@ -602,6 +603,9 @@ class TagsCheck(AbstractCheck.AbstractCh
+@@ -599,6 +600,9 @@ class TagsCheck(AbstractCheck.AbstractCh
              if d[0].startswith('/usr/local/'):
                  printError(pkg, 'invalid-dependency', d[0])
  
@@ -20,7 +20,7 @@ Index: TagsCheck.py
              if is_source:
                  if lib_devel_number_regex.search(d[0]):
                      printError(pkg, 'invalid-build-requires', d[0])
-@@ -1090,6 +1094,12 @@ explicit Requires: tags.''',
+@@ -1106,6 +1110,12 @@ explicit Requires: tags.''',
  '''This package provides 2 times the same capacity. It should only provide it
  once.''',
  

remove-expand-macros.diff

@@ -8,7 +8,7 @@ Index: TagsCheck.py
 ===================================================================
 --- TagsCheck.py.orig
 +++ TagsCheck.py
-@@ -432,15 +432,6 @@ so_dep_regex = re.compile(r'\.so(\.[0-9a
+@@ -431,15 +431,6 @@ so_dep_regex = re.compile(r'\.so(\.[0-9a
  # we assume that no rpm packages existed before rpm itself existed...
  oldest_changelog_timestamp = calendar.timegm(time.strptime("1995-01-01", "%Y-%m-%d"))
  
@@ -24,7 +24,7 @@ Index: TagsCheck.py
  _enchant_checkers = {}
  def spell_check(pkg, str, fmt, lang, ignored):
  
-@@ -857,30 +848,12 @@ class TagsCheck(AbstractCheck.AbstractCh
+@@ -864,30 +855,12 @@ class TagsCheck(AbstractCheck.AbstractCh
                                       (apply(Pkg.formatRequire, obs),
                                        apply(Pkg.formatRequire, prov)))
  

rpmlint-1.5-Fix-setgroups-error-name.diff

@@ -11,7 +11,7 @@ Index: rpmlint-1.5/BinariesCheck.py
 ===================================================================
 --- rpmlint-1.5.orig/BinariesCheck.py
 +++ rpmlint-1.5/BinariesCheck.py
-@@ -514,7 +514,7 @@ class BinariesCheck(AbstractCheck.Abstra
+@@ -518,7 +518,7 @@ class BinariesCheck(AbstractCheck.Abstra
                  printError(pkg, 'missing-PT_GNU_STACK-section', fname)
  
              if bin_info.setgid and bin_info.setuid and not bin_info.setgroups:

rpmlint-1.5-disallow-var-run-and-var-lock.diff

@@ -0,0 +1,165 @@
+From c45057466e8e40bbb36fa90faa10a2b678c25ba2 Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Wed, 30 Apr 2014 16:35:20 +0200
+Subject: [PATCH rpmlint] disallow /var/run and /var/lock
+
+Distros moved to having /var/run and /var/lock as symlinks to /run resp
+/run/lock. Therefore packages must no longer put files there at all.
+
+Also, refactor the code for dir-or-file-in-* and make it configurable.
+---
+ FilesCheck.py | 77 +++++++++++++++++++++++------------------------------------
+ config        |  4 ++++
+ 2 files changed, 34 insertions(+), 47 deletions(-)
+
+Index: rpmlint-1.5/FilesCheck.py
+===================================================================
+--- rpmlint-1.5.orig/FilesCheck.py
++++ rpmlint-1.5/FilesCheck.py
+@@ -559,12 +559,9 @@ STANDARD_DIRS = (
+     '/var/lib/nobody',
+     '/var/lib/pam_devperm',
+     '/var/lib/wwwrun',
+-    '/var/lock',
+-    '/var/lock/subsys',
+     '/var/log',
+     '/var/mail',
+     '/var/opt',
+-    '/var/run',
+     '/var/spool',
+     '/var/spool/clientmqueue',
+     '/var/spool/locks',
+@@ -589,7 +586,19 @@ DEFAULT_STANDARD_GROUPS = ('root', 'bin'
+                            'shutdown', 'halt', 'mail', 'news', 'uucp',
+                            'man', 'nobody',)
+ 
+-tmp_regex = re.compile('^(/var|/usr)?/tmp/')
++DEFAULT_DISALLOWED_DIRS = (
++    '/home',
++    '/mnt',
++    '/opt',
++    '/tmp',
++    '/usr/local',
++    '/usr/tmp',
++    '/var/local',
++    '/var/lock',
++    '/var/run',
++    '/var/tmp',
++)
++
+ sub_bin_regex = re.compile('^(/usr)?/s?bin/\S+/')
+ backup_regex = re.compile('(~|\#[^/]+\#|\.orig|\.orig\.gz|\.rej)$')
+ compr_regex = re.compile('\.(gz|z|Z|zip|bz2|lzma|xz)$')
+@@ -653,6 +662,8 @@ use_relative_symlinks = Config.getOption
+ standard_groups = Config.getOption('StandardGroups', DEFAULT_STANDARD_GROUPS)
+ standard_users = Config.getOption('StandardUsers', DEFAULT_STANDARD_USERS)
+ 
++disallowed_dirs = Config.getOption('DisallowedDirs', DEFAULT_DISALLOWED_DIRS)
++
+ non_readable_regexs = (re.compile('^/var/log/'),
+                        re.compile('^/etc/(g?shadow-?|securetty)$'))
+ 
+@@ -871,19 +882,13 @@ class FilesCheck(AbstractCheck.AbstractC
+                     is_kernel_package:
+                 printError(pkg, "kernel-modules-not-in-kernel-packages", f)
+ 
+-            for i in ['mnt','opt','usr-local','var-local','home']:
+-                if f.startswith('/%s/' % i.replace('-','/')):
+-                    printError(pkg, 'dir-or-file-in-%s' % i, f)
+-
+-            if tmp_regex.search(f):
+-                printError(pkg, 'dir-or-file-in-tmp', f)
++            for i in disallowed_dirs:
++                if f.startswith(i):
++                    printError(pkg, 'dir-or-file-in-%s' % '-'.join(i.split('/')[1:]), f)
+ 
+-            elif f.startswith('/var/run/'):
++            if f.startswith('/run/'):
+                 if f not in ghost_files:
+-                    printWarning(pkg, 'non-ghost-in-var-run', f)
+-            elif f.startswith('/var/lock/'):
+-                if f not in ghost_files:
+-                    printWarning(pkg, 'non-ghost-in-var-lock', f)
++                    printWarning(pkg, 'non-ghost-in-run', f)
+             elif sub_bin_regex.search(f):
+                 printError(pkg, 'subdir-in-bin', f)
+             elif '/site_perl/' in f:
+@@ -1466,35 +1471,10 @@ install-info.''',
+ '''You have a perl temporary file in your package. Usually, this
+ file is beginning with a dot (.) and contain "perl" in its name.''',
+ 
+-'dir-or-file-in-tmp',
+-'''A file in the package is located in /tmp. It's not permitted
+-for packages to install files in this directory.''',
+-
+-'dir-or-file-in-mnt',
+-'''A file in the package is located in /mnt. It's not permitted
+-for packages to install files in this directory.''',
+-
+-'dir-or-file-in-opt',
+-'''A file in the package is located in /opt. It's not permitted
+-for packages to install files in this directory.''',
+-
+-'dir-or-file-in-usr-local',
+-'''A file in the package is located in /usr/local. It's not permitted
+-for packages to install files in this directory.''',
+-
+-'dir-or-file-in-var-local',
+-'''A file in the package is located in /var/local. It's not permitted
+-for packages to install files in this directory.''',
+-
+-'non-ghost-in-var-run',
+-'''A file or directory in the package is located in /var/run. Files installed
+-in this directory should be marked as %ghost and created at runtime to work
+-properly in tmpfs /var/run setups.''',
+-
+-'non-ghost-in-var-lock',
+-'''A file or directory in the package is located in /var/lock. Files installed
++'non-ghost-in-run',
++'''A file or directory in the package is located in /run. Files installed
+ in this directory should be marked as %ghost and created at runtime to work
+-properly in tmpfs /var/lock setups.''',
++properly in tmpfs /run setups.''',
+ 
+ 'subdir-in-bin',
+ '''The package contains a subdirectory in /usr/bin. It's not permitted to
+@@ -1505,10 +1485,6 @@ create a subdir there. Create it in /usr
+ by an editor or resulting from applying unclean (fuzzy, or ones with line
+ offsets) patches.''',
+ 
+-'dir-or-file-in-home',
+-'''A file in the package is located in /home. It's not permitted
+-for packages to install files in this directory.''',
+-
+ 'version-control-internal-file',
+ '''You have included file(s) internally used by a version control system
+ in the package. Move these files out of the package and rebuild it.''',
+@@ -1832,6 +1808,13 @@ as part of the example documentation mea
+ use it and setup a insecure configuration.'''
+ )
+ 
++for i in disallowed_dirs:
++    addDetails('dir-or-file-in-%s' % '-'.join(i.split('/')[1:]),
++    '''A file in the package is located in %s. It's not permitted
++for packages to install files in this directory.''' % i)
++
++
++
+ # FilesCheck.py ends here
+ 
+ # Local variables:
+Index: rpmlint-1.5/config
+===================================================================
+--- rpmlint-1.5.orig/config
++++ rpmlint-1.5/config
+@@ -126,6 +126,10 @@ from Config import *
+ # Type: tuple of strings, see DEFAULT_STANDARD_USERS in FilesCheck
+ #setOption("StandardUsers", ())
+ 
++# List of directory prefixes that are not allowed in packages
++# Type: tuple of strings, see DEFAULT_DISALLOWED_DIRS in FilesCheck
++#setOption("DisallowedDirs", ('/home', '/mnt'))
++
+ # List of directories considered to be system default library search paths.
+ # Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck
+ #setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))

rpmlint-fix-unexpanded-macros-for-array-values.patch

@@ -7,11 +7,11 @@ Subject: [PATCH] Fix _unexpanded_macros for array values
  TagsCheck.py | 17 ++++++++++++-----
  1 file changed, 12 insertions(+), 5 deletions(-)
 
-diff --git a/TagsCheck.py b/TagsCheck.py
-index c6f5dda..712d4e0 100644
---- a/TagsCheck.py
-+++ b/TagsCheck.py
-@@ -533,13 +533,20 @@ class TagsCheck(AbstractCheck.AbstractCheck):
+Index: rpmlint-1.5/TagsCheck.py
+===================================================================
+--- rpmlint-1.5.orig/TagsCheck.py
++++ rpmlint-1.5/TagsCheck.py
+@@ -524,13 +524,20 @@ class TagsCheck(AbstractCheck.AbstractCh
          AbstractCheck.AbstractCheck.__init__(self, 'TagsCheck')
  
      def _unexpanded_macros(self, pkg, tagname, value, is_url=False):
@@ -37,6 +37,3 @@ index c6f5dda..712d4e0 100644
  
      def check(self, pkg):
  
--- 
-1.9.0
-

rpmlint.changes

@@ -1,7 +1,30 @@
+-------------------------------------------------------------------
+Mon May 19 13:20:06 UTC 2014 - meissner@suse.com
+
+- enable org.selinux.service and org.selinux.conf of policycoreutils
+  (pending more review) bnc#878631
+
+-------------------------------------------------------------------
+Thu May  8 08:52:02 UTC 2014 - dmueller@suse.com
+
+- add 0001-Set-Python-3.4-magic-number-to-3310.patch (bnc#876470) 
+
+-------------------------------------------------------------------
+Tue May  6 08:05:16 UTC 2014 - lnussel@suse.de
+
+- dd filter expections for filesystem package
+
+-------------------------------------------------------------------
+Mon May  5 15:17:24 UTC 2014 - lnussel@suse.de
+
+- disallow /var/run and /var/lock
+  (rpmlint-1.5-disallow-var-run-and-var-lock.diff)
+
 -------------------------------------------------------------------
 Fri Apr 25 08:50:00 UTC 2014 - evilissimo@redhat.com
 
 - adding ovirtagent standard user and standard group names (uid/gid 175)
+
 -------------------------------------------------------------------
 Tue Apr 22 06:04:00 UTC 2014 - krahmer@suse.com
 

rpmlint.spec

@@ -128,6 +128,9 @@ Patch94:        suse-ignore-specfile-errors.diff
 Patch95:        invalid-filerequires.diff
 Patch96:        rpmlint-decode-fix.diff
 Patch97:        rpmlint-fix-unexpanded-macros-for-array-values.patch
+# PATCH-FIX-UPSTREAM: lnussel@suse.de - disallow /var/run and /var/lock
+Patch98:        rpmlint-1.5-disallow-var-run-and-var-lock.diff
+Patch99:        0001-Set-Python-3.4-magic-number-to-3310.patch
 
 %py_requires
 
@@ -208,6 +211,8 @@ source packages can be checked.
 %patch95
 %patch96 -p1
 %patch97 -p1
+%patch98 -p1
+%patch99 -p1
 cp -p %{SOURCE2} .
 # Only move top-level python files 
 chmod 0755 rpmlint-checks-master/*.py

suse-changelog.patch

@@ -2,7 +2,7 @@ Index: TagsCheck.py
 ===================================================================
 --- TagsCheck.py.orig
 +++ TagsCheck.py
-@@ -1025,8 +1025,8 @@ Development/''',
+@@ -1032,8 +1032,8 @@ Development/''',
  "%s".''' % '", "'.join(VALID_GROUPS),
  
  'no-changelogname-tag',

suse-python-abi-check.diff

@@ -2,7 +2,7 @@ Index: FilesCheck.py
 ===================================================================
 --- FilesCheck.py.orig
 +++ FilesCheck.py
-@@ -1107,8 +1107,11 @@ class FilesCheck(AbstractCheck.AbstractC
+@@ -1110,8 +1110,11 @@ class FilesCheck(AbstractCheck.AbstractC
                      if res and not (pkg.check_versioned_dep('python-base',
                                                              res.group(1)) or
                                      pkg.check_versioned_dep('python',

suse-whitelist-opensuse.diff

@@ -2,7 +2,7 @@ Index: TagsCheck.py
 ===================================================================
 --- TagsCheck.py.orig
 +++ TagsCheck.py
-@@ -884,7 +884,7 @@ class TagsCheck(AbstractCheck.AbstractCh
+@@ -891,7 +891,7 @@ class TagsCheck(AbstractCheck.AbstractCh
          spell_check(pkg, utf8summary, 'Summary(%s)', lang, ignored_words)
          if '\n' in summary:
              printError(pkg, 'summary-on-multiple-lines', lang)

xdg-check-exception.diff

@@ -1,8 +1,8 @@
-diff --git a/MenuXDGCheck.py b/MenuXDGCheck.py
-index 0996585..29085d5 100644
---- a/MenuXDGCheck.py
-+++ b/MenuXDGCheck.py
-@@ -40,13 +40,16 @@ class MenuXDGCheck(AbstractCheck.AbstractFilesCheck):
+Index: rpmlint-1.5/MenuXDGCheck.py
+===================================================================
+--- rpmlint-1.5.orig/MenuXDGCheck.py
++++ rpmlint-1.5/MenuXDGCheck.py
+@@ -43,13 +43,16 @@ class MenuXDGCheck(AbstractCheck.Abstrac
              printError(pkg, 'non-utf8-desktopfile', filename)
  
          self.cfp.read(f)