# vim:sw=4:et ############################################################################# # File : CheckFilelist.py # Package : rpmlint # Author : Ludwig Nussel # Purpose : Check for wrongly packaged files and FHS violations ############################################################################# from Filter import * import AbstractCheck import re import os import string import fnmatch from rpm import RPMTAG_VENDOR _defaulterror = 'suse-filelist-forbidden' _defaultmsg = '%(file)s is not allowed in SUSE Linux' def notnoarch(pkg): return pkg.arch != 'noarch' def isfilesystem(pkg): return pkg.name == 'filesystem' def isdebuginfo(pkg): if pkg.name.endswith('-debuginfo') \ or pkg.name.endswith('-debuginfo-32bit') \ or pkg.name.endswith('-debuginfo-64bit') \ or pkg.name.endswith('-debugsource') \ or pkg.name.endswith('-debug'): return True def notsymlink(pkg, f): files = pkg.files() enreg = files[f] mode = enreg[0] type = (mode>>12)&017 return type != 012 _goodprefixes = ( '/bin/', '/boot/', '/etc/', '/lib/', '/lib64/', '/media/', # SUSE policy handled in separate check '/opt/', '/sbin/', '/srv/', # SUSE policy handled in separate check '/usr/X11R6/', '/usr/bin/', '/usr/games/', '/usr/include/', '/usr/lib/', '/usr/lib64/', '/usr/sbin/', '/usr/share/', # actually only linux is allowed by fhs '/usr/src/linux', '/usr/src/debug/', '/usr/src/packages/', '/var/account/', '/var/cache/', '/var/crash/', '/var/games/', '/var/lib/', '/var/lock/', '/var/log/', '/var/mail/', '/var/opt/', '/var/run/', '/var/spool/', '/var/yp/', # those are not in FHS! '/var/adm/', '/var/nis/', '/emul/', ) # computed from goodprefixes. # Directories that are only allowed to have defined subdirs (such as /usr) _restricteddirs = set() _checks = [ { 'good': [ '/etc/sysconfig/cbq', '/etc/sysconfig/scripts', '/etc/sysconfig/scripts/*', '/etc/sysconfig/network', '/etc/sysconfig/network/*', '/etc/sysconfig/hardware', '/etc/sysconfig/hardware/*', '/etc/sysconfig/isdn', '/etc/sysconfig/isdn/scripts', '/etc/sysconfig/isdn/scripts/*', '/etc/sysconfig/SuSEfirewall2.d', '/etc/sysconfig/SuSEfirewall2.d/*', '/etc/sysconfig/uml', ], 'bad': [ '/usr/share/info/dir', '*~', '*/CVS', '*/CVS/*', '*/.cvsignore', '*/.svn', '*/RCS', '*/RCS/*', '*,v', '*.bak', '*/.xvpics', '*.orig', '*.orig.gz', '/usr/share/*/.libs*', '/usr/share/*/.deps*', '/var/adm/fillup-templates/rc.config.*', '/var/adm/setup', '/etc/httpd/*', '/etc/sysconfig/*', '/etc/rc.config.d/*', '/etc/init.d/*/*', '/usr/share/locale/LC_MESSAGES', '/opt/gnome', '/usr/lib/perl5/site_perl/*', '/usr/lib/perl5/vendor_perl/5.*/auto', '/usr/lib/perl5/vendor_perl/5.*/*-linux-*/auto', ], }, { 'error': 'suse-filelist-forbidden-devel-in-lib', 'details': 'please move la files, static libs and .so symlinks to /usr/lib(64)', 'bad': [ "/lib/*.la", "/lib/*.a", "/lib64/*.la", "/lib64/*.a", ] }, { 'error': 'suse-filelist-forbidden-devel-in-lib', 'details': 'please move la files, static libs and .so symlinks to /usr/lib(64)', 'good': [ # exception for pam "/lib/security/*.so", "/lib64/security/*.so", ], 'bad': [ "/lib/*.so", "/lib64/*.so", ], # some libs without proper soname are packaged directly 'ignorefileif': notsymlink, }, { 'error': 'suse-filelist-forbidden-fhs23', 'msg': '%(file)s is not allowed in FHS 2.3', 'details': 'see http://www.pathname.com/fhs/ to find a better location', 'bad': [ "/etc/X11/app-defaults/*", "/usr/local/man/*/*", "/var/lib/games", "/var/lib/games/*", "/usr/sbin/*/*", "/sbin/init.d", "/sbin/init.d/*", "/bin/*/*", ] }, { 'error': 'suse-filelist-forbidden-yast2', 'msg': '%(file)s is not allowed anymore in YaST2', 'bad': [ '/usr/lib/YaST2/*.ycp', '/usr/lib/YaST2/*.y2cc', '/usr/lib/YaST2/*.*.scr', ], }, { 'error': 'suse-filelist-forbidden-srv', 'details': """Please use /srv for ftp and http data""", 'bad': [ '/usr/local/ftp', '/usr/local/http', ], }, { 'error': 'suse-filelist-forbidden-games', 'details': """static data has to be in /usr/share/games, variable in /var/games""", 'bad': [ '/usr/games/bin', '/usr/games/lib', '/usr/games/*/*', ], }, { 'error': 'suse-filelist-forbidden-noarch', 'msg': '%(file)s is not allowed in a noarch package', 'bad': [ '/lib64', '/lib64/*', '/usr/lib64', '/usr/lib64/*', '/usr/X11R6/lib64', '/usr/X11R6/lib64/*', '/opt/gnome/lib64', '/opt/gnome/lib64/*', '/opt/kde3/lib64', '/opt/kde3/lib64/*', '/usr/lib/pkgconfig/*', ], 'ignorepkgif': notnoarch, }, { 'error': 'suse-filelist-forbidden-debuginfo', 'msg': '%(file)s may only be packaged in the -debuginfo subpackage', 'bad': [ '/usr/lib/debug/*', ], 'ignorepkgif': isdebuginfo, }, { 'error': 'suse-filelist-forbidden-locale', 'details': """Please use nb or nb_NO (and nn for nynorsk)""" """see https://bugzilla.novell.com/show_bug.cgi?id=42748""", 'bad': [ '/opt/gnome/share/locale/no', '/opt/gnome/share/locale/no/*', '/opt/kde3/share/locale/no', '/opt/kde3/share/locale/no/*', '/usr/share/locale/no', '/usr/share/locale/no/*', '/usr/share/vim/*/lang/no', '/usr/share/vim/*/lang/no/*', ], }, { 'error': 'suse-filelist-forbidden-xorg', 'details': """Please use the updated paths for Xorg 7.1 and above""", 'bad': [ '/usr/X11R6/*', ], 'ignorepkgif': isfilesystem, }, { 'error': 'suse-filelist-forbidden-suseconfig', 'details': """Adding new SuSEconfig scripts is not accepted for openSUSE 10.2 and newer""", 'good': [ '/sbin/conf.d/SuSEconfig.automake', '/sbin/conf.d/SuSEconfig.cjk-latex', '/sbin/conf.d/SuSEconfig.desktop-file-utils', '/sbin/conf.d/SuSEconfig.fonts', '/sbin/conf.d/SuSEconfig.gdm', '/sbin/conf.d/SuSEconfig.ghostscript-cjk', '/sbin/conf.d/SuSEconfig.glib2', '/sbin/conf.d/SuSEconfig.gnome-vfs2', '/sbin/conf.d/SuSEconfig.groff', '/sbin/conf.d/SuSEconfig.gtk2', '/sbin/conf.d/SuSEconfig.guile', '/sbin/conf.d/SuSEconfig.icu', '/sbin/conf.d/SuSEconfig.isdn', '/sbin/conf.d/SuSEconfig.ispell', '/sbin/conf.d/SuSEconfig.kde', '/sbin/conf.d/SuSEconfig.kdm3', '/sbin/conf.d/SuSEconfig.libxml2', '/sbin/conf.d/SuSEconfig.lyx-cjk', '/sbin/conf.d/SuSEconfig.mailman', '/sbin/conf.d/SuSEconfig.news', '/sbin/conf.d/SuSEconfig.pango', '/sbin/conf.d/SuSEconfig.pbs', '/sbin/conf.d/SuSEconfig.perl', '/sbin/conf.d/SuSEconfig.permissions', '/sbin/conf.d/SuSEconfig.postfix', '/sbin/conf.d/SuSEconfig.prelink', '/sbin/conf.d/SuSEconfig.scim', '/sbin/conf.d/SuSEconfig.scpm', '/sbin/conf.d/SuSEconfig.scrollkeeper', '/sbin/conf.d/SuSEconfig.sendmail', '/sbin/conf.d/SuSEconfig.sgml-skel', '/sbin/conf.d/SuSEconfig.susehelp', '/sbin/conf.d/SuSEconfig.syslog-ng', '/sbin/conf.d/SuSEconfig.tetex', '/sbin/conf.d/SuSEconfig.texlive', '/sbin/conf.d/SuSEconfig.tuxpaint', '/sbin/conf.d/SuSEconfig.wdm', '/sbin/conf.d/SuSEconfig.words', '/sbin/conf.d/SuSEconfig.xdm', '/sbin/conf.d/SuSEconfig.xjdic', '/sbin/conf.d/SuSEconfig.xpdf', '/sbin/conf.d/SuSEconfig.zmessages', ], 'bad': [ '/sbin/conf.d/*', ], }, { 'error': 'suse-filelist-forbidden-opt', 'details': """/opt may not be used by a distribution. It is reserved for 3rd party packagers""", }, ] class FilelistCheck(AbstractCheck.AbstractCheck): def __init__(self): AbstractCheck.AbstractCheck.__init__(self, "CheckFilelist") import re _restricteddirs.add('/') for d in _goodprefixes: if d.count('/') > 2: _restricteddirs.add(d[0:-1].rpartition('/')[0]) for check in _checks: if 'good' in check: for i in range(len(check['good'])): pattern = check['good'][i] if '*' in pattern: r = fnmatch.translate(pattern) check['good'][i] = re.compile(r) if 'bad' in check: for i in range(len(check['bad'])): pattern = check['bad'][i] if '*' in pattern: r = fnmatch.translate(pattern) check['bad'][i] = re.compile(r) def check(self, pkg): global _checks global _defaultmsg global _defaulterror global _goodprefixes global _restricteddirs if pkg.isSource(): return files = pkg.files() if not files: printError(pkg, 'suse-filelist-empty', 'packages without any files are not allowed in SUSE Linux') return for check in _checks: if 'ignorepkgif' in check: if check['ignorepkgif'](pkg): continue if 'msg' in check: msg = check['msg'] else: msg = _defaultmsg if 'error' in check: error = check['error'] else: error = _defaulterror if 'good' in check or 'bad' in check: for f in files: ok = False if 'good' in check: for g in check['good']: if (not isinstance(g, str) and g.match(f)) or g == f: ok = True break if ok: continue if 'bad' in check: for b in check['bad']: if 'ignorefileif' in check: if check['ignorefileif'](pkg, f): continue if (not isinstance(b, str) and b.match(f)) or b == f: m = msg % { 'file':f } printError(pkg, error, m) invalidfhs = set() invalidopt = set() if pkg.header[RPMTAG_VENDOR] and pkg.header[RPMTAG_VENDOR].find('SUSE') != -1: isSUSE = True else: isSUSE = False # the checks here only warn about a directory once rather # than reporting potentially hundreds of files individually for f in files: enreg = files[f] mode = enreg[0] type = (mode>>12)&017 # append / to directories if type == 04: f += '/' if not f.startswith(_goodprefixes): base = f.rpartition('/') pfx = None # find the first invalid path component (/usr/foo/bar/baz -> /usr) while base[0] and not base[0].startswith(_goodprefixes) and not base[0] in _restricteddirs: pfx = base[0] base = base[0].rpartition('/') if not pfx: invalidfhs.add(f) else: invalidfhs.add(pfx) if f.startswith('/opt'): try: provider = f.split('/')[2] except: continue # legacy exception if provider == 'kde3': continue if isSUSE and (provider == 'suse' or provider == 'novell'): continue d = '/opt/'+provider invalidopt.add(d) for f in invalidfhs: printError(pkg, 'suse-filelist-forbidden-fhs23', "%(file)s is not allowed in FHS 2.3" % { 'file': f }) for f in invalidopt: printError(pkg, 'suse-filelist-forbidden-opt', '%(file)s is not allowed for official SUSE packages' % { 'file': f }) check=FilelistCheck() if Config.info: for check in _checks: if not 'details' in check: continue if not 'error' in check: continue addDetails(check['error'], check['details'])