SHA256
1
0
forked from pool/rpmlint
rpmlint/config

619 lines
17 KiB
Python

# -*- python -*-
# vim: syntax=python
# Configuration for the rpmlint utility.
# Loaded before ~/.rpmlintrc
# $Id: config,v 1.39 2003/12/22 11:20:55 flepied Exp $
# This line is mandatory to access the configuration functions
from Config import *
from Filter import addDetails
# Additionale path to look for checks
#addCheckDir("~/mandrake/rpmlint")
# Configure the checks if you don't want the default ones
allChecks()
addCheck("CheckBuildRoot")
addCheck("CheckExecDocs")
addCheck("CheckPkgConfig")
addCheck("CheckCommonFiles")
addCheck("CheckInitScripts")
addCheck("DesktopTranslationCheck")
addCheck("DuplicatesCheck")
addCheck("LibraryPolicyCheck")
addCheck("CheckIconSizes")
#addCheck("CheckStaticLibraries")
addCheck("BrandingPolicyCheck")
addCheck("CheckSUIDPermissions")
# polkit-default-privs would need to be installed always
addCheck("CheckPolkitPrivs")
addCheck("CheckDBUSServices")
addCheck("CheckDBusPolicy")
addCheck("CheckFilelist")
addCheck("CheckKDE4Deps")
addCheck("KMPPolicyCheck")
addCheck("CheckAlternativesGhostFiles")
addCheck("BashismsCheck")
addCheck("CheckBuildDate")
# stuff autobuild takes care about
addFilter(".*invalid-version.*")
addFilter(".*invalid-packager.*")
addFilter(".*not-standard-release-extension.*")
#addFilter(".*non-standard-group.*")
addFilter(".*invalid-buildhost.*")
addFilter(".*executable-in-library-package.*")
addFilter(".*non-versioned-file-in-library-package.*")
addFilter(".*incoherent-version-in-name.*")
addFilter(".*invalid-vendor.*")
addFilter(".*invalid-distribution.*")
addFilter(".*hardcoded-path-in-buildroot-tag.*")
addFilter(".*no-buildroot-tag.*")
addFilter(".*cross-directory-hard-link.*")
# Configuration options used by the checks
#setOption("Vendor", "MySelf")
#setOption("Distribution", "MyDistrib")
setOption("UseBzip2", 0)
setOption("UseUTF8", 1)
#setOption("ReleaseExtension", None)
#setOption("ValidGroups", ("Group1", "Group2"))
#setOption("KernelModuleRPMsOK", 0)
setOption('StandardGroups', (
'aegis',
'antivir',
'at',
'audio',
'avahi',
'beagleindex',
'bigsister',
'bin',
'casaauth',
'cdrom',
'console',
'cwbconv',
'daemon',
'dba',
'dialout',
'disk',
'distcc',
'dosemu',
'dovecot',
'festival',
'ffums',
'floppy',
'ftp',
'games',
'geronimo',
'haclient',
'haldaemon',
'icecream',
'ifdrwww',
'intermezzo',
'jboss',
'jonas',
'kmem',
'kvm',
'ldap',
'lighttpd',
'localham',
'lp',
'lxdm',
'mail',
'maildrop',
'mailman',
'man',
'mdom',
'memcached',
'messagebus',
'modem',
'nagcmd',
'nagios',
'named',
'news',
'nobody',
'nogroup',
'novell_nogroup',
'novlxtier',
'ntadmin',
'ntp',
'oinstall',
'otrs',
'pdns',
'pegasus',
'pkcs11',
'polkituser',
'postfix',
'postgres',
'pound',
'powersave',
'privoxy',
'public',
'pulse',
'pulse-access',
'pulse-rt',
'quagga',
'radiusd',
'root',
'sabayon-admin',
'sapdb',
'shadow',
'snort',
'sshd',
'suse-ncc',
'sys',
'tomcat',
'tomcat4',
'trusted',
'tss',
'tty',
'users',
'utmp',
'uucp',
'uuidd',
'video',
'vscan',
'wheel',
'www',
'xok',
'zope',
))
setOption('StandardUsers', (
'aegis',
'amanda',
'asterisk',
'at',
'avahi',
'beagleindex',
'bigsister',
'bin',
'bitlbee',
'casaatsd',
'casaatvd',
'casaauth',
'cop',
'cyrus',
'daemon',
'dhcpd',
'distcc',
'dovecot',
'dpbox',
'dvbdaemon',
'fax',
'festival',
'fetchmail',
'ffums',
'ftp',
'games',
'gdm',
'geronimo',
'gnats',
'gnump3d',
'hacluster',
'haldaemon',
'icecream',
'intermezzo',
'irc',
'jabber',
'jboss',
'jonas',
'ldap',
'lighttpd',
'lp',
'lxdm',
'mail',
'mailman',
'man',
'mdnsd',
'mdom',
'memcached',
'messagebus',
'mysql',
'nagios',
'named',
'news',
'novell_nobody',
'novlifdr',
'novlxregd',
'novlxsrvd',
'ntp',
'oracle',
'otrs',
'partimag',
'pdns',
'pegasus',
'polkituser',
'pop',
'postfix',
'postgres',
'pound',
'privoxy',
'pulse',
'quagga',
'radiusd',
'radvd',
'root',
'sabayon-admin',
'sapdb',
'snort',
'squid',
'sshd',
'suse-ncc',
'tomcat',
'tomcat4',
'tss',
'upsd',
'uucp',
'uuidd',
'vdr',
'vscan',
'wnn',
'wwwrun',
'yastws',
'zope',
))
addDetails('non-standard-uid',
'''A file in this package is owned by an unregistered user id.
Please contact opensuse-packaging@opensuse.org to register the user.
''',
'non-standard-gid',
'''A file in this package is owned by an unregistered group id.
Please contact opensuse-packaging@opensuse.org to register the group.
'''
)
setOption('DanglingSymlinkExceptions',
(['/usr/share/doc/licenses/', 'licenses'],
['consolehelper$', 'usermode-consoleonly'],
))
setOption("DBUSServices.WhiteList", (
"ConsoleKit.conf",
"hal.conf",
"org.freedesktop.Hal.service",
"cups.conf", # bnc#515977
"org.freedesktop.ConsoleKit.service",
"org.freedesktop.PolicyKit.conf",
"org.freedesktop.PolicyKit.service",
#
# the following are not audited. We accept them as legacy for now
#
# gnome-settings-daemon
"org.gnome.SettingsDaemon.DateTimeMechanism.service",
"org.gnome.SettingsDaemon.DateTimeMechanism.conf",
# upower
"org.freedesktop.UPower.service",
"org.freedesktop.UPower.conf",
# podsleuth
"podsleuth.conf",
# PackageKit
"org.freedesktop.PackageKit.conf",
# PackageKit
"org.freedesktop.PackageKit.service",
# NetworkManager-pptp
"nm-pptp-service.conf",
# gdm
"gdm.conf",
# udisks
"org.freedesktop.UDisks.service",
"org.freedesktop.UDisks.conf",
# scmon
"com.novell.Pkcs11Monitor.conf",
# systemd (bnc#641924)
"org.freedesktop.systemd1.service",
"org.freedesktop.systemd1.conf",
"org.freedesktop.hostname1.service",
"org.freedesktop.hostname1.conf",
# gconf2
"org.gnome.GConf.Defaults.service",
"org.gnome.GConf.Defaults.conf",
# system-config-printer (bnc#694640)
"com.redhat.NewPrinterNotification.conf",
"com.redhat.PrinterDriversInstaller.conf",
# rtkit
"org.freedesktop.RealtimeKit1.conf",
"org.freedesktop.RealtimeKit1.service",
# wpa_supplicant
"fi.epitest.hostap.WPASupplicant.service",
# bnc#681116
"fi.w1.wpa_supplicant1.service",
"wpa_supplicant.conf",
# kdebase4-workspace
"org.kde.fontinst.service",
"org.kde.kcontrol.kcmkdm.conf",
"org.kde.fontinst.conf",
"org.kde.ksysguard.processlisthelper.service",
"org.kde.kcontrol.kcmclock.service",
"org.kde.kcontrol.kcmclock.conf",
"org.kde.kcontrol.kcmkdm.service",
"org.kde.ksysguard.processlisthelper.conf",
# pulseaudio
"pulseaudio-system.conf",
# kdebase4-runtime
"org.kde.kcontrol.kcmremotewidgets.service",
"org.kde.kcontrol.kcmremotewidgets.conf",
# k3b
"org.kde.kcontrol.k3bsetup.service",
"org.kde.kcontrol.k3bsetup.conf",
# NetworkManager-novellvpn
"nm-novellvpn-service.conf",
# avahi
"avahi-dbus.conf",
"org.freedesktop.Avahi.service",
# hp-drive-guard
"hp-drive-guard-dbus.conf",
# NetworkManager
"nm-dhcp-client.conf",
"nm-dispatcher.conf",
"nm-avahi-autoipd.conf",
"org.freedesktop.nm_dispatcher.service",
"NetworkManager.conf",
"NetworkManager-frontend.conf",
# bnc#681128
"org.freedesktop.NetworkManager.service",
# ModemManager
"org.freedesktop.ModemManager.service",
"org.freedesktop.ModemManager.conf",
# yast2-dbus-server
"org.opensuse.YaST.modules.service",
"org.opensuse.yast.SCR.conf",
"org.opensuse.YaST.modules.conf",
"org.opensuse.yast.SCR.service",
# webyast (bnc#660981)
"webyast.permissions.conf",
"webyast.permissions.service.service",
# bluez
"bluetooth.conf",
# dnsmasq
"dnsmasq.conf",
# backup-manager
"org.opensuse.BackupManager.service",
"backup-manager.conf",
# gypsy
"Gypsy.conf",
"org.freedesktop.Gypsy.service",
# pommed
"pommed.conf",
# NetworkManager-openvpn
"nm-openvpn-service.conf",
# kdelibs4
"org.kde.auth.conf",
# polkit
"org.freedesktop.PolicyKit1.conf",
"org.freedesktop.PolicyKit1.service",
# dconf
"ca.desrt.dconf.service",
# kerneloops
"kerneloops.dbus",
# polkit-kde-1
"org.kde.polkitkde1.helper.conf",
"org.kde.polkitkde1.helper.service",
# upstart
"Upstart.conf",
# cups-pk-helper
"org.opensuse.CupsPkHelper.Mechanism.service",
"org.opensuse.CupsPkHelper.Mechanism.conf",
# fwzs
"org.opensuse.zoneswitcher.service",
"org.opensuse.zoneswitcher.conf",
# yum
"yum-updatesd.conf",
# NetworkManager-vpnc
"nm-vpnc-service.conf",
# NetworkManager-strongswan, bnc#656222
"nm-strongswan-service.conf",
# mumble, bnc#660784
"mumble-server.conf",
# kdebase4-runtime, bnc#672145
"org.kde.powerdevil.backlighthelper.service",
"org.kde.powerdevil.backlighthelper.conf",
# urfkill (bnc#688328)
"org.freedesktop.URfkill.service",
"org.freedesktop.URfkill.conf",
# account services (bnc#676638)
"org.freedesktop.Accounts.service",
"org.freedesktop.Accounts.conf",
# synche-connector (bnc#683956)
"org.synce.dccm.service",
"org.synce.dccm.conf",
))
# Output filters
addFilter(".*spurious-bracket-in-.*")
addFilter(".*one-line-command-in-.*")
addFilter(" dir-or-file-in-opt ") # handled by CheckFilelist.py
addFilter(" dir-or-file-in-usr-local ") # handled by CheckFilelist.py
addFilter(" non-standard-dir-in-usr ") # handled by CheckFilelist.py
addFilter("incoherent-version-in-changelog")
addFilter(" no-signature")
addFilter(" symlink-crontab-file") #bnc591431
addFilter(" without-chkconfig")
addFilter("unstripped-binary-or-object.*\.ko")
addFilter(" no-chkconfig")
addFilter(" subsys-not-used")
addFilter(" dangerous-command.*")
addFilter(" setuid-binary.*")
addFilter(".*FSSTND-dir-in-var /var/adm/.*")
addFilter("subdir-in-bin /sbin/conf.d/")
addFilter(" invalid-license")
addFilter(".* nss_db non-standard-dir-in-var db")
addFilter("non-standard-dir-in-usr openwin")
addFilter("ibcs2 non-standard-dir-in-usr i486-sysv4")
addFilter("shlibs5 non-standard-dir-in-usr i486-linux-libc5")
addFilter("filesystem dir-or-file")
addFilter("filesystem hidden-")
addFilter("explicit-lib-dependency libtool")
# suppress any errors about internal packages
addFilter("^qa\S+: [EWI]:")
addFilter("^\S*(?:INTERNAL|internal)\.\S+: [EWI]:")
# exceptions for devel-files
addFilter("devel-file-in-non-devel-package.*/boot/vmlinuz-.*autoconf.h")
addFilter("devel-file-in-non-devel-package.*/usr/src/linux-")
addFilter("devel-file-in-non-devel-package.*/usr/share/systemtap")
addFilter("kde4-kapptemplate\.\S+:.*devel-file-in-non-devel-package")
addFilter("kdesdk3\.\S+:.*devel-file-in-non-devel-package")
addFilter("-(?:examples|doc)\.\S+: \w: devel-file-in-non-devel-package")
addFilter("java\S+-demo\.\S+: \w: devel-file-in-non-devel-package")
addFilter('avr-libc\.\S+: \w: devel-file-in-non-devel-package')
addFilter('dietlibc\.\S+ \w: devel-file-in-non-devel-package')
addFilter('cross-.*devel-file-in-non-devel-package')
addFilter('cmake.*devel-file-in-non-devel-package')
addFilter('gcc\d\d.*devel-file-in-non-devel-package')
addFilter('OpenOffice_org-sdk\.\S+: \w: devel-file-in-non-devel-package')
addFilter('wnn-sdk\.\S+: \w: devel-file-in-non-devel-package')
addFilter('ocaml\.\S+: \w: devel-file-in-non-devel-package')
addFilter('xorg-x11-server-sdk\.\S+: \w: devel-file-in-non-devel-package')
addFilter('linux-kernel-headers\.\S+: \w: devel-file-in-non-devel-package')
addFilter(' devel-file-in-non-devel-package.*-config')
addFilter('libtool\.\S+: \w: devel-file-in-non-devel-package')
addFilter('update-desktop-files\.\S+: \w: untranslated-desktop-file')
addFilter("sdb.* dangling-relative-symlink /usr/share/doc/sdb/.*/gifs ../gifs")
addFilter("kernel-modules-not-in-kernel-packages")
# SUSE kmp's don't need manual depmod (bnc#456048)
addFilter("module-without-depmod-postin")
addFilter("postin-with-wrong-depmod")
addFilter("module-without-depmod-postun")
addFilter("postun-with-wrong-depmod")
#
addFilter("configure-without-libdir-spec")
addFilter("conffile-without-noreplace-flag /etc/init.d")
addFilter("use-of-RPM_SOURCE_DIR")
addFilter("use-tmp-in-")
addFilter("symlink-contains-up-and-down-segments /var/lib/named")
addFilter("no-ldconfig-symlink")
addFilter("aaa_base\.\S+: \w: use-of-home-in-%post")
addFilter("description-line-too-long")
addFilter("hardcoded-library-path")
# addFilter("incoherent-subsys")
# doesn't seem to make sense
addFilter("invalid-ldconfig-symlink")
addFilter("invalid-soname")
addFilter("library-not-linked-against-libc")
addFilter("only-non-binary-in-usr-lib")
addFilter("outside-libdir-files")
# we want these files
addFilter(" perl-temp-file ")
addFilter(" hidden-file-or-dir .*/\.packlist")
addFilter(" hidden-file-or-dir .*/\.directory")
addFilter("perl-.*no-binary")
addFilter(" no-major-in-name ")
# we check for that already
addFilter("dangling-relative-symlink")
addFilter(" lib-package-without-%mklibname")
addFilter(" requires-on-release")
addFilter(" non-executable-script /etc/profile.d/")
addFilter(" non-executable-script /var/adm/fillup-templates/")
addFilter(" init-script-name-with-dot ")
addFilter('.* statically-linked-binary /sbin/ldconfig')
addFilter('.* statically-linked-binary /sbin/init')
addFilter('valgrind.* statically-linked-binary')
addFilter('ldconfig-post.*/ddiwrapper/wine/')
addFilter('glibc\.\S+: \w: statically-linked-binary /usr/sbin/glibc_post_upgrade')
addFilter(" symlink-should-be-relative ")
addFilter(" binary-or-shlib-defines-rpath .*ORIGIN")
addFilter("libzypp.*shlib-policy-name-error.*libzypp")
# stuff that is currently too noisy, but might become relevant in the future
addFilter(" prereq-use")
addFilter(" file-not-utf8")
addFilter(" tag-not-utf8")
addFilter(" setup-not-quiet")
addFilter(" no-cleaning-of-buildroot ")
addFilter(" mixed-use-of-spaces-and-tabs ")
addFilter(" prereq-use ")
# an issue with OBS, works with autobuild
addFilter(" no-packager-tag")
addFilter(" unversioned-explicit-provides ")
addFilter(" unversioned-explicit-obsoletes ")
addFilter(" no-%clean-section")
addFilter(" service-default-enabled ")
addFilter(" non-standard-dir-perm ")
addFilter(" conffile-without-noreplace-flag ")
addFilter(" non-standard-executable-perm ")
addFilter(" jar-not-indexed ")
addFilter(" uncompressed-zip ")
addFilter(" %ifarch-applied-patch ")
addFilter(" read-error ")
addFilter(" init-script-without-chkconfig-postin ")
addFilter(" init-script-without-chkconfig-preun ")
addFilter(" postin-without-chkconfig ")
addFilter(" preun-without-chkconfig ")
addFilter(" no-dependency-on locales")
addFilter(" incoherent-version-in-name")
addFilter(" binary-or-shlib-defines-rpath")
addFilter(" executable-marked-as-config-file")
addFilter(" log-files-without-logrotate")
addFilter(" hardcoded-prefix-tag")
addFilter(" no-documentation")
addFilter(" multiple-specfiles")
addFilter(" apache2-naming-policy-not-applied")
addFilter(" no-default-runlevel ")
addFilter(" setgid-binary ")
addFilter(" non-readable ")
addFilter(" manpage-not-bzipped ")
addFilter(" postin-without-ghost-file-creation ")
# bug 287090
addFilter(" file-in-usr-marked-as-conffile")
addFilter(" non-remote_fs-dependency.*/boot")
# exceptions for non-devel-buildrequires
addFilter(" non-devel-buildrequires apache2-mod_perl")
addFilter(" non-devel-buildrequires ksh")
addFilter(" non-devel-buildrequires perl")
addFilter(" non-devel-buildrequires php5")
addFilter(" non-devel-buildrequires postfix")
addFilter(" non-devel-buildrequires python")
addFilter(" non-devel-buildrequires ruby")
addFilter(" non-devel-buildrequires valgrind")
addFilter(" non-devel-buildrequires yasm")
addFilter(" non-devel-buildrequires tcl")
addFilter("beagle-index\.\S+: \w: (non-devel|unnecessary)-buildrequires")
addFilter("collect-desktop-files\.\S+: \w: (non-devel|unnecessary)-buildrequires")
addFilter("installation-images\.\S+: \w: (non-devel|unnecessary)-buildrequires")
# exceptions for filelist checks
addFilter("nfs-client\.\S+: \w: suse-filelist-forbidden-backup-file /var/lib/nfs/sm.bak ")
addFilter("perl\.\S+: \w: suse-filelist-forbidden-perl-dir ")
addFilter("info\.\S+: \w: info-dir-file .*/usr/share/info/dir")
# these packages are used for CD creation and are not supposed to be
# installed. It's still a dirty hack to make an exception. The
# packages should either be built in a separate project with
# different config or file be put somewhere below /opt/suse/*
addFilter("(?:dosutils|skelcd|installation-images|yast2-slide-show|instlux|skelcd-.*|patterns-.*)\.\S+: \w: suse-filelist-forbidden-fhs23 /CD1")
# suboptimal library packaging
addFilter(" non-devel-buildrequires graphviz")
addFilter(" non-devel-buildrequires ImageMagick")
addFilter(" non-devel-buildrequires aspell")
addFilter(" non-devel-buildrequires autotrace")
addFilter(" non-devel-buildrequires gettext")
addFilter(" non-devel-buildrequires devhelp")
addFilter(" non-devel-buildrequires libxml2")
addFilter(" non-devel-buildrequires libxslt")
addFilter(" non-devel-buildrequires recode")
# many places have shorter paths
addFilter(" non-coherent-filename ")
# mandriva specific stuff that we don't want
addFilter(" invalid-build-requires ")
addFilter(" no-provides ")
# config ends here