forked from pool/rpmlint
Marcus Rueckert
636d615560
Accepted submit request 57637 from user lnussel OBS-URL: https://build.opensuse.org/request/show/57637 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpmlint?expand=0&rev=90
390 lines
15 KiB
Python
390 lines
15 KiB
Python
# -*- python -*-
|
|
# Configuration for the rpmlint utility.
|
|
# Loaded before ~/.rpmlintrc
|
|
# $Id: config,v 1.39 2003/12/22 11:20:55 flepied Exp $
|
|
|
|
# This line is mandatory to access the configuration functions
|
|
from Config import *
|
|
|
|
# Additionale path to look for checks
|
|
|
|
#addCheckDir("~/mandrake/rpmlint")
|
|
|
|
# Configure the checks if you don't want the default ones
|
|
|
|
allChecks()
|
|
|
|
addCheck("CheckBuildRoot")
|
|
addCheck("CheckExecDocs")
|
|
addCheck("CheckPkgConfig")
|
|
addCheck("CheckCommonFiles")
|
|
addCheck("CheckInitScripts")
|
|
addCheck("DesktopTranslationCheck")
|
|
addCheck("DuplicatesCheck")
|
|
addCheck("LibraryPolicyCheck")
|
|
addCheck("CheckIconSizes")
|
|
#addCheck("CheckStaticLibraries")
|
|
addCheck("BrandingPolicyCheck")
|
|
addCheck("CheckSUIDPermissions")
|
|
# polkit-default-privs would need to be installed always
|
|
addCheck("CheckPolkitPrivs")
|
|
addCheck("CheckDBUSServices")
|
|
addCheck("CheckDBusPolicy")
|
|
addCheck("CheckFilelist")
|
|
addCheck("CheckKDE4Deps")
|
|
addCheck("KMPPolicyCheck")
|
|
addCheck("CheckAlternativesGhostFiles")
|
|
addCheck("BashismsCheck")
|
|
addCheck("CheckBuildDate")
|
|
|
|
# stuff autobuild takes care about
|
|
addFilter(".*invalid-version.*")
|
|
addFilter(".*invalid-packager.*")
|
|
addFilter(".*not-standard-release-extension.*")
|
|
#addFilter(".*non-standard-group.*")
|
|
addFilter(".*invalid-buildhost.*")
|
|
addFilter(".*executable-in-library-package.*")
|
|
addFilter(".*non-versioned-file-in-library-package.*")
|
|
addFilter(".*incoherent-version-in-name.*")
|
|
addFilter(".*invalid-vendor.*")
|
|
addFilter(".*invalid-distribution.*")
|
|
addFilter(".*hardcoded-path-in-buildroot-tag.*")
|
|
addFilter(".*no-buildroot-tag.*")
|
|
addFilter(".*cross-directory-hard-link.*")
|
|
|
|
# Configuration options used by the checks
|
|
|
|
#setOption("Vendor", "MySelf")
|
|
#setOption("Distribution", "MyDistrib")
|
|
setOption("UseBzip2", 0)
|
|
setOption("UseUTF8", 1)
|
|
#setOption("ReleaseExtension", None)
|
|
#setOption("ValidGroups", ("Group1", "Group2"))
|
|
#setOption("KernelModuleRPMsOK", 0)
|
|
|
|
setOption('StandardGroups', ('tty', 'antivir', 'dba', 'aegis', 'disk', 'localham', 'casaauth', 'console', 'lp', 'ldap', 'dovecot', 'otrs', 'tss', 'pulse-rt', 'oinstall', 'postgres', 'kmem', 'nagcmd', 'maildrop', 'pegasus', 'ffums', 'intermezzo', 'shadow', 'daemon', 'xok', 'novell_nogroup', 'snort', 'pulse-access', 'powersave', 'www', 'beagleindex', 'pkcs11', 'pulse', 'ifdrwww', 'video', 'ftp', 'jboss', 'icecream', 'memcached', 'public', 'uuidd', 'ntp', 'ntadmin', 'dosemu', 'news', 'haclient', 'sshd', 'games', 'jonas', 'cwbconv', 'named', 'novlxtier', 'pdns', 'mailman', 'festival', 'utmp', 'floppy', 'nobody', 'lighttpd', 'quagga', 'suse-ncc', 'dialout', 'mail', 'cdrom', 'polkituser', 'haldaemon', 'sapdb', 'geronimo', 'sabayon-admin', 'privoxy', 'avahi', 'mdom', 'bin', 'pound', 'distcc', 'nagios', 'tomcat4', 'at', 'trusted', 'uucp', 'zope', 'wheel', 'users', 'messagebus', 'kvm', 'sys', 'vscan', 'man', 'audio', 'nogroup', 'tomcat', 'postfix', 'bigsister', 'modem', 'radiusd', 'lxdm'))
|
|
setOption('StandardUsers', ('novell_nobody', 'aegis', 'mysql', 'gdm', 'casaauth', 'icecream', 'lp', 'ldap', 'dovecot', 'otrs', 'tss', 'bin', 'fax', 'postgres', 'intermezzo', 'hacluster', 'pegasus', 'ffums', 'radiusd', 'daemon', 'vdr', 'snort', 'amanda', 'bitlbee', 'beagleindex', 'fetchmail', 'pulse', 'mdnsd', 'novlxregd', 'wwwrun', 'gnump3d', 'ftp', 'jboss', 'dvbdaemon', 'irc', 'memcached', 'uuidd', 'ntp', 'jonas', 'news', 'cop', 'sshd', 'novlifdr', 'casaatsd', 'games', 'upsd', 'named', 'pop', 'dhcpd', 'gnats', 'jabber', 'pdns', 'mailman', 'festival', 'cyrus', 'nobody', 'lighttpd', 'quagga', 'mail', 'polkituser', 'haldaemon', 'sapdb', 'geronimo', 'postfix', 'privoxy', 'novlxsrvd', 'avahi', 'mdom', 'root', 'pound', 'squid', 'distcc', 'nagios', 'tomcat4', 'at', 'dpbox', 'partimag', 'uucp', 'zope', 'messagebus', 'wnn', 'asterisk', 'casaatvd', 'vscan', 'man', 'suse-ncc', 'tomcat', 'sabayon-admin', 'bigsister', 'oracle', 'lxdm'))
|
|
|
|
setOption('DanglingSymlinkExceptions',
|
|
(['/usr/share/doc/licenses/', 'licenses'],
|
|
['consolehelper$', 'usermode-consoleonly'],
|
|
))
|
|
|
|
setOption("DBUSServices.WhiteList", (
|
|
"ConsoleKit.conf",
|
|
"hal.conf",
|
|
"cups.conf", # bnc#515977
|
|
"org.freedesktop.ConsoleKit.service",
|
|
"org.freedesktop.PolicyKit.conf",
|
|
"org.freedesktop.PolicyKit.service",
|
|
#
|
|
# the following are not audited. We accept them as legacy for now
|
|
#
|
|
# gnome-settings-daemon
|
|
"org.gnome.SettingsDaemon.DateTimeMechanism.service",
|
|
"org.gnome.SettingsDaemon.DateTimeMechanism.conf",
|
|
# upower
|
|
"org.freedesktop.UPower.service",
|
|
"org.freedesktop.UPower.conf",
|
|
# podsleuth
|
|
"podsleuth.conf",
|
|
# PackageKit
|
|
"org.freedesktop.PackageKit.conf",
|
|
# PackageKit
|
|
"org.freedesktop.PackageKit.service",
|
|
# NetworkManager-pptp
|
|
"nm-pptp-service.conf",
|
|
# gdm
|
|
"gdm.conf",
|
|
# udisks
|
|
"org.freedesktop.UDisks.service",
|
|
"org.freedesktop.UDisks.conf",
|
|
# scmon
|
|
"com.novell.Pkcs11Monitor.conf",
|
|
# systemd
|
|
"org.freedesktop.systemd1.service",
|
|
"org.freedesktop.systemd1.conf",
|
|
# gconf2
|
|
"org.gnome.GConf.Defaults.service",
|
|
"org.gnome.GConf.Defaults.conf",
|
|
# system-config-printer
|
|
"newprinternotification.conf",
|
|
"printerdriversinstaller.conf",
|
|
# rtkit
|
|
"org.freedesktop.RealtimeKit1.conf",
|
|
"org.freedesktop.RealtimeKit1.service",
|
|
# wpa_supplicant
|
|
"fi.epitest.hostap.WPASupplicant.service",
|
|
"wpa_supplicant.conf",
|
|
# kdebase4-workspace
|
|
"org.kde.fontinst.service",
|
|
"org.kde.kcontrol.kcmkdm.conf",
|
|
"org.kde.fontinst.conf",
|
|
"org.kde.ksysguard.processlisthelper.service",
|
|
"org.kde.kcontrol.kcmclock.service",
|
|
"org.kde.kcontrol.kcmclock.conf",
|
|
"org.kde.kcontrol.kcmkdm.service",
|
|
"org.kde.ksysguard.processlisthelper.conf",
|
|
# pulseaudio
|
|
"pulseaudio-system.conf",
|
|
# kdebase4-runtime
|
|
"org.kde.kcontrol.kcmremotewidgets.service",
|
|
"org.kde.kcontrol.kcmremotewidgets.conf",
|
|
# k3b
|
|
"org.kde.kcontrol.k3bsetup.service",
|
|
"org.kde.kcontrol.k3bsetup.conf",
|
|
# NetworkManager-novellvpn
|
|
"nm-novellvpn-service.conf",
|
|
# avahi
|
|
"avahi-dbus.conf",
|
|
"org.freedesktop.Avahi.service",
|
|
# hp-drive-guard
|
|
"hp-drive-guard-dbus.conf",
|
|
# NetworkManager
|
|
"nm-dhcp-client.conf",
|
|
"nm-dispatcher.conf",
|
|
"nm-avahi-autoipd.conf",
|
|
"org.freedesktop.nm_dispatcher.service",
|
|
"NetworkManager.conf",
|
|
"NetworkManager-frontend.conf",
|
|
# ModemManager
|
|
"org.freedesktop.ModemManager.service",
|
|
"org.freedesktop.ModemManager.conf",
|
|
# yast2-dbus-server
|
|
"org.opensuse.YaST.modules.service",
|
|
"org.opensuse.yast.SCR.conf",
|
|
"org.opensuse.YaST.modules.conf",
|
|
"org.opensuse.yast.SCR.service",
|
|
# bluez
|
|
"bluetooth.conf",
|
|
# dnsmasq
|
|
"dnsmasq.conf",
|
|
# backup-manager
|
|
"org.opensuse.BackupManager.service",
|
|
"backup-manager.conf",
|
|
# gypsy
|
|
"Gypsy.conf",
|
|
"org.freedesktop.Gypsy.service",
|
|
# pommed
|
|
"pommed.conf",
|
|
# NetworkManager-openvpn
|
|
"nm-openvpn-service.conf",
|
|
# kdelibs4
|
|
"org.kde.auth.conf",
|
|
# polkit
|
|
"org.freedesktop.PolicyKit1.conf",
|
|
"org.freedesktop.PolicyKit1.service",
|
|
# dconf
|
|
"ca.desrt.dconf.service",
|
|
# kerneloops
|
|
"kerneloops.dbus",
|
|
# polkit-kde-1
|
|
"org.kde.polkitkde1.helper.conf",
|
|
"org.kde.polkitkde1.helper.service",
|
|
# upstart
|
|
"Upstart.conf",
|
|
# cups-pk-helper
|
|
"org.opensuse.CupsPkHelper.Mechanism.service",
|
|
"org.opensuse.CupsPkHelper.Mechanism.conf",
|
|
# fwzs
|
|
"org.opensuse.zoneswitcher.service",
|
|
"org.opensuse.zoneswitcher.conf",
|
|
# yum
|
|
"yum-updatesd.conf",
|
|
# NetworkManager-vpnc
|
|
"nm-vpnc-service.conf",
|
|
# NetworkManager-strongswan, bnc#656222
|
|
"nm-strongswan-service.conf",
|
|
))
|
|
|
|
# Output filters
|
|
addFilter(".*spurious-bracket-in-.*")
|
|
addFilter(".*one-line-command-in-.*")
|
|
addFilter(" dir-or-file-in-opt")
|
|
addFilter("incoherent-version-in-changelog")
|
|
addFilter(" no-signature")
|
|
addFilter(" symlink-crontab-file") #bnc591431
|
|
addFilter(" without-chkconfig")
|
|
addFilter("unstripped-binary-or-object.*\.ko")
|
|
addFilter(" no-chkconfig")
|
|
addFilter(" subsys-not-used")
|
|
addFilter(" dangerous-command.*")
|
|
addFilter(" setuid-binary.*")
|
|
addFilter(".*FSSTND-dir-in-var /var/adm/.*")
|
|
addFilter("subdir-in-bin /sbin/conf.d/")
|
|
addFilter(" invalid-license")
|
|
addFilter(".* nss_db non-standard-dir-in-var db")
|
|
addFilter("non-standard-dir-in-usr openwin")
|
|
addFilter("ibcs2 non-standard-dir-in-usr i486-sysv4")
|
|
addFilter("shlibs5 non-standard-dir-in-usr i486-linux-libc5")
|
|
addFilter("filesystem dir-or-file")
|
|
addFilter("filesystem hidden-")
|
|
addFilter("explicit-lib-dependency libtool")
|
|
|
|
|
|
# suppress any errors about internal packages
|
|
addFilter("^qa\S+: [EWI]:")
|
|
addFilter("^\S*(?:INTERNAL|internal)\.\S+: [EWI]:")
|
|
|
|
|
|
# exceptions for devel-files
|
|
addFilter("devel-file-in-non-devel-package.*/boot/vmlinuz-.*autoconf.h")
|
|
addFilter("devel-file-in-non-devel-package.*/usr/src/linux-")
|
|
addFilter("devel-file-in-non-devel-package.*/usr/share/systemtap")
|
|
addFilter("kde4-kapptemplate\.\S+:.*devel-file-in-non-devel-package")
|
|
addFilter("kdesdk3\.\S+:.*devel-file-in-non-devel-package")
|
|
addFilter("-(?:examples|doc)\.\S+: \w: devel-file-in-non-devel-package")
|
|
addFilter("java\S+-demo\.\S+: \w: devel-file-in-non-devel-package")
|
|
addFilter('avr-libc\.\S+: \w: devel-file-in-non-devel-package')
|
|
addFilter('dietlibc\.\S+ \w: devel-file-in-non-devel-package')
|
|
addFilter('cross-.*devel-file-in-non-devel-package')
|
|
addFilter('cmake.*devel-file-in-non-devel-package')
|
|
addFilter('gcc\d\d.*devel-file-in-non-devel-package')
|
|
addFilter('OpenOffice_org-sdk\.\S+: \w: devel-file-in-non-devel-package')
|
|
addFilter('wnn-sdk\.\S+: \w: devel-file-in-non-devel-package')
|
|
addFilter('ocaml\.\S+: \w: devel-file-in-non-devel-package')
|
|
addFilter('xorg-x11-server-sdk\.\S+: \w: devel-file-in-non-devel-package')
|
|
addFilter('linux-kernel-headers\.\S+: \w: devel-file-in-non-devel-package')
|
|
addFilter(' devel-file-in-non-devel-package.*-config')
|
|
addFilter('libtool\.\S+: \w: devel-file-in-non-devel-package')
|
|
|
|
addFilter('update-desktop-files\.\S+: \w: untranslated-desktop-file')
|
|
addFilter("sdb.* dangling-relative-symlink /usr/share/doc/sdb/.*/gifs ../gifs")
|
|
addFilter("kernel-modules-not-in-kernel-packages")
|
|
# SUSE kmp's don't need manual depmod (bnc#456048)
|
|
addFilter("module-without-depmod-postin")
|
|
addFilter("postin-with-wrong-depmod")
|
|
addFilter("module-without-depmod-postun")
|
|
addFilter("postun-with-wrong-depmod")
|
|
#
|
|
addFilter("configure-without-libdir-spec")
|
|
addFilter("conffile-without-noreplace-flag /etc/init.d")
|
|
addFilter("use-of-RPM_SOURCE_DIR")
|
|
addFilter("use-tmp-in-")
|
|
addFilter("symlink-contains-up-and-down-segments /var/lib/named")
|
|
addFilter("no-ldconfig-symlink")
|
|
addFilter("aaa_base\.\S+: \w: use-of-home-in-%post")
|
|
addFilter("description-line-too-long")
|
|
addFilter("hardcoded-library-path")
|
|
# addFilter("incoherent-subsys")
|
|
# doesn't seem to make sense
|
|
addFilter("invalid-ldconfig-symlink")
|
|
addFilter("invalid-soname")
|
|
addFilter("library-not-linked-against-libc")
|
|
addFilter("only-non-binary-in-usr-lib")
|
|
addFilter("outside-libdir-files")
|
|
# we want these files
|
|
addFilter(" perl-temp-file ")
|
|
addFilter(" hidden-file-or-dir .*/\.packlist")
|
|
addFilter(" hidden-file-or-dir .*/\.directory")
|
|
addFilter("perl-.*no-binary")
|
|
addFilter(" no-major-in-name ")
|
|
# we check for that already
|
|
addFilter("dangling-relative-symlink")
|
|
addFilter(" lib-package-without-%mklibname")
|
|
addFilter(" requires-on-release")
|
|
addFilter(" non-executable-script /etc/profile.d/")
|
|
addFilter(" non-executable-script /var/adm/fillup-templates/")
|
|
addFilter(" init-script-name-with-dot ")
|
|
addFilter('.* statically-linked-binary /sbin/ldconfig')
|
|
addFilter('.* statically-linked-binary /sbin/init')
|
|
addFilter('valgrind.* statically-linked-binary')
|
|
addFilter('ldconfig-post.*/ddiwrapper/wine/')
|
|
addFilter('glibc\.\S+: \w: statically-linked-binary /usr/sbin/glibc_post_upgrade')
|
|
addFilter(" symlink-should-be-relative ")
|
|
addFilter(" binary-or-shlib-defines-rpath .*ORIGIN")
|
|
addFilter("libzypp.*shlib-policy-name-error.*libzypp")
|
|
|
|
# stuff that is currently too noisy, but might become relevant in the future
|
|
addFilter(" prereq-use")
|
|
addFilter(" file-not-utf8")
|
|
addFilter(" tag-not-utf8")
|
|
addFilter(" setup-not-quiet")
|
|
addFilter(" no-cleaning-of-buildroot ")
|
|
addFilter(" mixed-use-of-spaces-and-tabs ")
|
|
addFilter(" prereq-use ")
|
|
# an issue with OBS, works with autobuild
|
|
addFilter(" no-packager-tag")
|
|
addFilter(" unversioned-explicit-provides ")
|
|
addFilter(" unversioned-explicit-obsoletes ")
|
|
addFilter(" no-%clean-section")
|
|
addFilter(" service-default-enabled ")
|
|
addFilter(" non-standard-dir-perm ")
|
|
addFilter(" conffile-without-noreplace-flag ")
|
|
addFilter(" non-standard-executable-perm ")
|
|
addFilter(" jar-not-indexed ")
|
|
addFilter(" uncompressed-zip ")
|
|
addFilter(" %ifarch-applied-patch ")
|
|
addFilter(" read-error ")
|
|
addFilter(" init-script-without-chkconfig-postin ")
|
|
addFilter(" init-script-without-chkconfig-preun ")
|
|
addFilter(" postin-without-chkconfig ")
|
|
addFilter(" preun-without-chkconfig ")
|
|
addFilter(" no-dependency-on locales")
|
|
addFilter(" incoherent-version-in-name")
|
|
addFilter(" binary-or-shlib-defines-rpath")
|
|
addFilter(" executable-marked-as-config-file")
|
|
addFilter(" log-files-without-logrotate")
|
|
addFilter(" hardcoded-prefix-tag")
|
|
addFilter(" no-documentation")
|
|
addFilter(" multiple-specfiles")
|
|
addFilter(" apache2-naming-policy-not-applied")
|
|
addFilter(" no-default-runlevel ")
|
|
addFilter(" setgid-binary ")
|
|
addFilter(" non-standard-gid ")
|
|
addFilter(" non-readable ")
|
|
addFilter(" manpage-not-bzipped ")
|
|
addFilter(" postin-without-ghost-file-creation ")
|
|
# bug 287090
|
|
addFilter(" file-in-usr-marked-as-conffile")
|
|
addFilter(" non-remote_fs-dependency.*/boot")
|
|
|
|
# exceptions for non-devel-buildrequires
|
|
addFilter(" non-devel-buildrequires apache2-mod_perl")
|
|
addFilter(" non-devel-buildrequires ksh")
|
|
addFilter(" non-devel-buildrequires perl")
|
|
addFilter(" non-devel-buildrequires php5")
|
|
addFilter(" non-devel-buildrequires postfix")
|
|
addFilter(" non-devel-buildrequires python")
|
|
addFilter(" non-devel-buildrequires ruby")
|
|
addFilter(" non-devel-buildrequires valgrind")
|
|
addFilter(" non-devel-buildrequires yasm")
|
|
addFilter(" non-devel-buildrequires tcl")
|
|
|
|
addFilter("beagle-index\.\S+: \w: (non-devel|unnecessary)-buildrequires")
|
|
addFilter("collect-desktop-files\.\S+: \w: (non-devel|unnecessary)-buildrequires")
|
|
addFilter("installation-images\.\S+: \w: (non-devel|unnecessary)-buildrequires")
|
|
|
|
# exceptions for filelist checks
|
|
addFilter("nfs-client\.\S+: \w: suse-filelist-forbidden-backup-file /var/lib/nfs/sm.bak ")
|
|
addFilter("perl\.\S+: \w: suse-filelist-forbidden-perl-dir ")
|
|
addFilter("info\.\S+: \w: info-dir-file .*/usr/share/info/dir")
|
|
|
|
# these packages are used for CD creation and are not supposed to be
|
|
# installed. It's still a dirty hack to make an exception. The
|
|
# packages should either be built in a separate project with
|
|
# different config or file be put somewhere below /opt/suse/*
|
|
addFilter("(?:dosutils|skelcd|installation-images|yast2-slide-show|instlux|skelcd-.*|patterns-.*)\.\S+: \w: suse-filelist-forbidden-fhs23 /CD1")
|
|
|
|
# suboptimal library packaging
|
|
addFilter(" non-devel-buildrequires graphviz")
|
|
addFilter(" non-devel-buildrequires ImageMagick")
|
|
addFilter(" non-devel-buildrequires aspell")
|
|
addFilter(" non-devel-buildrequires autotrace")
|
|
addFilter(" non-devel-buildrequires gettext")
|
|
addFilter(" non-devel-buildrequires devhelp")
|
|
addFilter(" non-devel-buildrequires libxml2")
|
|
addFilter(" non-devel-buildrequires libxslt")
|
|
addFilter(" non-devel-buildrequires recode")
|
|
|
|
|
|
# many places have shorter paths
|
|
addFilter(" non-coherent-filename ")
|
|
|
|
# mandriva specific stuff that we don't want
|
|
addFilter(" invalid-build-requires ")
|
|
addFilter(" no-provides ")
|
|
|
|
# config ends here
|
|
|