rpm/rpmlint
SHA256
1
0
Fork 0
forked from pool/rpmlint
Code Pull Requests Activity
24897f77ef
rpmlint/config
Matthias Gerstner 24897f77ef Accepting request 768836 from home:jfehlig:branches:devel:openSUSE:Factory:rpmlint 
Add 'sanlock' and 'libvirt' to config. The sanlock package adds
the 'sanlock' user and group. The libvirt package adds the 'libvirt'
group and makes use of the 'sanlock' group. These changes are needed
to squelch rpmlint warnings in the sanlock and libvirt packages.

- config: add 'sanlock' to StandardGroups and StandardUsers
- config: add 'libvirt' to StandardGroups

OBS-URL: https://build.opensuse.org/request/show/768836
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=707
2020-01-31 09:24:06 +00:00

1167 lines
32 KiB
Python
Raw Blame History

# -*- python -*-
# vim: syntax=python sw=4 ts=4 sts=4 et
# Configuration for the rpmlint utility.
# Loaded before ~/.rpmlintrc
# $Id: config,v 1.39 2003/12/22 11:20:55 flepied Exp $
# This line is mandatory to access the configuration functions
from Config import *
from Filter import addDetails
# Additionale path to look for checks
#addCheckDir("~/mandrake/rpmlint")
# Configure the checks if you don't want the default ones
allChecks()
addCheck("CheckBuildRoot")
addCheck("CheckExecDocs")
addCheck("CheckPkgConfig")
addCheck("CheckCommonFiles")
addCheck("DuplicatesCheck")
addCheck("LibraryPolicyCheck")
addCheck("CheckIconSizes")
#addCheck("CheckStaticLibraries")
addCheck("BrandingPolicyCheck")
addCheck("CheckSUIDPermissions")
# polkit-default-privs would need to be installed always
addCheck("CheckPolkitPrivs")
addCheck("CheckDBUSServices")
addCheck("CheckDBusPolicy")
addCheck("CheckFilelist")
addCheck("KMPPolicyCheck")
addCheck("CheckUpdateAlternatives")
addCheck("BashismsCheck")
addCheck("CheckLogrotate")
addCheck("CheckPAMModules")
addCheck("CheckRCLinks")
addCheck("CheckSystemdInstall")
addCheck("TmpFilesCheck")
addCheck("CheckSysVinitOnSystemd")
addCheck("CheckCronJobs")
# stuff autobuild takes care about
addFilter('.*invalid-version.*')
addFilter('.*invalid-packager.*')
addFilter('.*not-standard-release-extension.*')
#addFilter('.*non-standard-group.*')
addFilter('.*invalid-buildhost.*')
addFilter('.*executable-in-library-package.*')
addFilter('.*non-versioned-file-in-library-package.*')
addFilter('.*incoherent-version-in-name.*')
addFilter('.*invalid-vendor.*')
addFilter('.*invalid-distribution.*')
addFilter('.*hardcoded-path-in-buildroot-tag.*')
addFilter('.*no-buildroot-tag.*')
addFilter('.*cross-directory-hard-link.*')
# Configuration options used by the checks
#setOption("Vendor", "MySelf")
#setOption("Distribution", "MyDistrib")
setOption("UseBzip2", 0)
setOption("UseUTF8", 1)
#setOption("ReleaseExtension", None)
#setOption("ValidGroups", ("Group1", "Group2"))
#setOption("KernelModuleRPMsOK", 0)
setOption("CompressExtension", None)
setOption('UseVarLockSubsys', False)
setOption('UseVersionInChangelog', False)
setOption("BadnessThreshold", 1000)
# do not validate package rpm groups
addFilter('.*devel-package-with-non-devel-group.*')
addFilter('.*no-group-tag.*')
addFilter('.*non-standard-group.*')
setOption('StandardGroups', (
'aegis',
'antivir',
'arangodb',
'at',
'audio',
'avahi',
'bacula',
'beagleindex',
'bigsister',
'bitlbee',
'bin',
'bird',
'bitcoin',
'boinc',
'casaauth',
'cdrom',
'ceph',
'cephadm',
'chef',
'chrony',
'citadel',
'colord',
'console',
'coroqnetd',
'crowbar',
'cwbconv',
'daemon',
'davfs2',
'dba',
'ddclient',
'dehydrated',
'dialout',
'disk',
'distcc',
'dosemu',
'dovecot',
'elasticsearch',
'epmd',
'festival',
'ffums',
'firebird',
'firejail',
'floppy',
'fonehome',
'ftp',
'games',
'gdm',
'geronimo',
'grafana',
'guixbuild',
'haclient',
'haldaemon',
'hsqldb',
'icecast',
'icecream',
'icinga',
'icingacmd',
'ifdrwww',
'intermezzo',
'iouyap',
'jboss',
'jenkins',
'jetty5',
'jonas',
'kmem',
'kolab',
'kolab-n',
'kolab-r',
'kvm',
'ldap',
'libstoragemgmt',
'libvirt',
'lightdm',
'lighttpd',
'localham',
'locate',
'logstash',
'lp',
'lxdm',
'mail',
'maildrop',
'mailman',
'man',
'mdom',
'memcached',
'messagebus',
'minetest',
'mktex',
'modem',
'mumble-server',
'mysql',
'nagcmd',
'nagios',
'named',
'news',
'nginx',
'nobody',
'nogroup',
'novell_nogroup',
'novlxtier',
'_nsd',
'ntadmin',
'ntop',
'ntp',
'oinstall',
'openvswitch',
'ovirtagent',
'ceilometer',
'cinder',
'glance',
'heat',
'keystone',
'nova',
'neutron',
'swift',
'trove',
'otrs',
'pcp',
'pcpqa',
'pdns',
'pegasus',
'pkcs11',
'polipo',
'polkituser',
'postfix',
'postgres',
'pound',
'powersave',
'privoxy',
'prosody',
'prometheus',
'public',
'pulse',
'pulse-access',
'pulse-rt',
'puppet',
'qemu',
'quagga',
'quasselcore',
'rabbitmq',
'radiusd',
'root',
'sabayon-admin',
'salt',
'sanlock',
'sapdb',
'sddm',
'sensu',
'shadow',
'shibd',
'singularity',
'siproxd',
'_sks',
'slurm',
'snort',
'sogo',
'squid',
'sshd',
'suse-ncc',
'svn',
'synapse',
'sys',
'systemd-journal',
'systemd-journal-gateway',
'tape',
'tftp',
'tomcat',
'tomcat4',
'tor',
'tox',
'trusted',
'tryton',
'ts-shell',
'tss',
'tty',
'unbound',
'users',
'utmp',
'uucp',
'uuidd',
'vacation',
'varnish',
'video',
'vnc',
'vscan',
'wheel',
'wireshark',
'www',
'xok',
'xrootd',
'xymon',
'zabbix',
'zabbixs',
'zeroinst',
'zkeyadm',
'znc',
'zope',
))
setOption('StandardUsers', (
'aegis',
'amanda',
'aodh',
'arangodb',
'asterisk',
'at',
'avahi',
'bacula',
'barbican',
'beagleindex',
'bigsister',
'bin',
'bird',
'bitcoin',
'bitlbee',
'boinc',
'casaatsd',
'casaatvd',
'casaauth',
'ceilometer',
'ceph',
'cephadm',
'chef',
'chrony',
'cinder',
'citadel',
'cntlm',
'colord',
'cop',
'coroqnetd',
'crowbar',
'cyrus',
'daemon',
'davfs2',
'ddclient',
'dehydrated',
'designate',
'dhcpd',
'distcc',
'dovecot',
'dpbox',
'dvbdaemon',
'ec2-api',
'elasticsearch',
'epmd',
'fax',
'festival',
'fetchmail',
'ffums',
'firebird',
'fonehome',
'ftp',
'games',
'gdm',
'geronimo',
'glance',
'gnats',
'gnocchi',
'gnump3d',
'grafana',
'hacluster',
'haldaemon',
'heat',
'hsqldb',
'icecast',
'icecream',
'icinga',
'intermezzo',
'iodined',
'irc',
'ironic',
'jabber',
'jboss',
'jetty5',
'jenkins',
'jonas',
'keystone',
'kolab',
'kolab-n',
'kolab-r',
'ldap',
'libstoragemgmt',
'lightdm',
'lighttpd',
'logstash',
'lp',
'lxdm',
'magnum',
'mail',
'mailman',
'man',
'manila',
'mdnsd',
'mdom',
'mednafen',
'memcached',
'messagebus',
'minetest',
'mpd',
'mumble-server',
'murano',
'mysql',
'nagios',
'named',
'neutron',
'news',
'nginx',
'nova',
'novell_nobody',
'novlifdr',
'novlxregd',
'novlxsrvd',
'_nsd',
'ntop',
'ntp',
'octavia',
'openvswitch',
'oracle',
'otrs',
'ovirtagent',
'partimag',
'pcp',
'pcpqa',
'pdns',
'pegasus',
'polipo',
'polkitd',
'polkituser',
'pop',
'postfix',
'postgres',
'postgrey',
'pound',
'privoxy',
'prosody',
'prometheus',
'pulse',
'puppet',
'qemu',
'quagga',
'quasselcore',
'rabbitmq',
'radiusd',
'radvd',
'root',
'_rmt',
'sabayon-admin',
'sahara',
'salt',
'sanlock',
'sapdb',
'sddm',
'sensu',
'shibd',
'siproxd',
'_sks',
'slurm',
'snort',
'sogo',
'squid',
'sshd',
'statd',
'suse-ncc',
'svn',
'swift',
'synapse',
'systemd-journal-gateway'
'tftp',
'tomcat',
'tomcat4',
'tor',
'toxcmd',
'trove',
'tryton',
'tss',
'ulogd',
'upsd',
'unbound',
'uucp',
'uuidd',
'vacation',
'varnish',
'vdr',
'vnc',
'vscan',
'wnn',
'wwwrun',
'xrootd',
'xymon',
'yastws',
'zabbix',
'zabbixs',
'zaqar',
'zeroinst',
'znc',
'zope',
))
addDetails('non-standard-uid',
'''A file in this package is owned by an unregistered user id.
To register the user, please branch the devel:openSUSE:Factory:rpmlint rpmlint package,
add the user to the "config" file and send a submitrequest.
''',
'non-standard-gid',
'''A file in this package is owned by an unregistered group id.
To register the group, please branch the devel:openSUSE:Factory:rpmlint rpmlint package,
add the group to the "config" file and send a submitrequest.
''',
'no-changelogname-tag',
'''There is no changelog. Please insert a '%changelog' section heading in your
spec file and prepare your changes file using e.g. the 'osc vc' command.''',
)
setOption('DanglingSymlinkExceptions',
(['/usr/share/doc/licenses/', 'licenses'],
['consolehelper$', 'usermode-consoleonly'],
))
setOption("DBUSServices.WhiteList", (
"cups.conf", # bnc#515977
#
# the following are not audited. We accept them as legacy for now
#
# upower
"org.freedesktop.UPower.service",
"org.freedesktop.UPower.conf",
# PackageKit
"org.freedesktop.PackageKit.conf",
# PackageKit
"org.freedesktop.PackageKit.service",
# NetworkManager-pptp
"nm-pptp-service.conf",
# gdm
"gdm.conf",
# udisks2 (bnc#742751)
"org.freedesktop.UDisks2.service",
"org.freedesktop.UDisks2.conf",
# scmon
"com.novell.Pkcs11Monitor.conf",
# systemd (bnc#641924)
"org.freedesktop.systemd1.service",
"org.freedesktop.systemd1.conf",
"org.freedesktop.hostname1.service",
"org.freedesktop.hostname1.conf",
"org.freedesktop.login1.conf",
"org.freedesktop.login1.service",
"org.freedesktop.timedate1.conf",
"org.freedesktop.timedate1.service",
"org.freedesktop.locale1.conf",
"org.freedesktop.locale1.service",
# gconf2
"org.gnome.GConf.Defaults.service",
"org.gnome.GConf.Defaults.conf",
# system-config-printer (bnc#694640)
"com.redhat.NewPrinterNotification.conf",
"com.redhat.PrinterDriversInstaller.conf",
# rtkit
"org.freedesktop.RealtimeKit1.conf",
"org.freedesktop.RealtimeKit1.service",
# wpa_supplicant
"fi.epitest.hostap.WPASupplicant.service",
# bnc#681116
"fi.w1.wpa_supplicant1.service",
"wpa_supplicant.conf",
# kdebase4-workspace
"org.kde.fontinst.service",
"org.kde.kcontrol.kcmkdm.conf",
"org.kde.fontinst.conf",
"org.kde.ksysguard.processlisthelper.service",
"org.kde.kcontrol.kcmclock.service",
"org.kde.kcontrol.kcmclock.conf",
"org.kde.kcontrol.kcmkdm.service",
"org.kde.ksysguard.processlisthelper.conf",
# pulseaudio
"pulseaudio-system.conf",
# avahi
"avahi-dbus.conf",
"org.freedesktop.Avahi.service",
# hp-drive-guard
"hp-drive-guard-dbus.conf",
# NetworkManager
"nm-dispatcher.conf",
"org.freedesktop.nm_dispatcher.service",
# bnc#747780
"org.freedesktop.NetworkManager.conf",
# bnc#681128
"org.freedesktop.NetworkManager.service",
# bluez (bnc#768062)
"bluetooth.conf",
"org.bluez.service",
# dnsmasq
"dnsmasq.conf",
# gypsy
"Gypsy.conf",
"org.freedesktop.Gypsy.service",
# pommed
"pommed.conf",
# NetworkManager-openvpn
"nm-openvpn-service.conf",
# kdelibs4
"org.kde.auth.conf",
# polkit
"org.freedesktop.PolicyKit1.conf",
"org.freedesktop.PolicyKit1.service",
# dconf
"ca.desrt.dconf.service",
# cups-pk-helper
"org.opensuse.CupsPkHelper.Mechanism.service",
"org.opensuse.CupsPkHelper.Mechanism.conf",
# fwzs
"org.opensuse.zoneswitcher.service",
"org.opensuse.zoneswitcher.conf",
# yum
"yum-updatesd.conf",
# NetworkManager-vpnc
"nm-vpnc-service.conf",
# NetworkManager-strongswan, bnc#656222
"nm-strongswan-service.conf",
# mumble, bnc#660784
"mumble-server.conf",
# kdebase4-runtime, bnc#672145
"org.kde.powerdevil.backlighthelper.service",
"org.kde.powerdevil.backlighthelper.conf",
# urfkill (bnc#688328)
"org.freedesktop.URfkill.service",
"org.freedesktop.URfkill.conf",
# account services (bnc#676638)
"org.freedesktop.Accounts.service",
"org.freedesktop.Accounts.conf",
# colord (bnc#698250)
"org.freedesktop.ColorManager.service",
"org.freedesktop.ColorManager.conf",
# lightdm (bnc#708205)
"org.freedesktop.DisplayManager.conf",
# sddm (boo#897788)
"sddm_org.freedesktop.DisplayManager.conf",
# NetworkManager-openvpn (bnc#732915)
"nm-openconnect-service.conf",
# snapper (bnc#759391)
"org.opensuse.Snapper.conf",
"org.opensuse.Snapper.service",
# autofs-udisk interaction (bnc#782691)
"org.freedesktop.AutoMount.conf",
# NetworkManager-iodine (bnc#781071)
"nm-iodine-service.conf",
# new ModemManager (bnc#798273)
"org.freedesktop.ModemManager1.conf",
"org.freedesktop.ModemManager1.service",
# fprintd 0.4.1 (finger print dbus service) (bnc#792095)
"net.reactivated.Fprint.service",
"net.reactivated.Fprint.conf",
# wicked network management (bnc#783932)
"network-nanny.conf",
"wicked-dhcp4.conf",
"wicked-dhcp6.conf",
"wicked-autoip4.conf",
"wicked.conf",
## next revision of names (old ones could go)
"org.opensuse.Network.conf",
"org.opensuse.Network.AUTO4.conf",
"org.opensuse.Network.DHCP6.conf",
"org.opensuse.Network.DHCP4.conf",
"org.opensuse.Network.Nanny.conf",
# systemd machined service (bnc#828207)
"org.freedesktop.machine1.service",
"org.freedesktop.machine1.conf",
# systemd importd service (bnc#964935)
"org.freedesktop.import1.service",
"org.freedesktop.import1.conf",
# GeoClue2 DBUS Service (bnc#838360)
"org.freedesktop.GeoClue2.service",
"org.freedesktop.GeoClue2.conf",
# GeoClue2 DBUS Service more (bnc#862216)
"org.freedesktop.GeoClue2.Agent.conf",
# mate dbus serice (bnc#831404)
"org.mate.SettingsDaemon.DateTimeMechanism.service",
"org.mate.SettingsDaemon.DateTimeMechanism.conf",
# tuned DBUS service (bnc#787379, bnc#1007279)
"com.redhat.tuned.conf",
# bluez (bnc#768062)
"bluetooth.conf",
"org.bluez.service",
# kwallet (bnc#849739)
"org.kde.kcontrol.kcmkwallet.conf",
"org.kde.kcontrol.kcmkwallet.service",
# kwallet (bnc#1033296)
"org.kde.kcontrol.kcmkwallet5.conf",
"org.kde.kcontrol.kcmkwallet5.service",
# neard (bnc#837978)
"org.neard.conf",
# policycoreutils (bnc#848550, bnc#878631)
"org.selinux.service",
# oFono (bnc#862354)
"ofono.conf",
# libKF5Auth4 (bnc#864716)
"org.kde.kf5auth.conf",
# firewalld (bnc#907625)
"FirewallD.conf",
# systemd networkd (bnc#918799)
"org.freedesktop.network1.conf",
"org.freedesktop.network1.service",
# realmd (bnc#916766)
"org.freedesktop.realmd.service",
"org.freedesktop.realmd.conf",
# teamd (bnc#941993)
"org.libteam.teamd.conf",
# cinnamon settings daemon (bsc#951830)
"org.cinnamon.SettingsDaemon.DateTimeMechanism.conf",
"org.cinnamon.SettingsDaemon.DateTimeMechanism.service",
# thermald (bsc#954771)
"org.freedesktop.thermald.conf",
"org.freedesktop.thermald.service",
# drbdmanage (bsc#956811)
"org.drbd.drbdmanaged.conf",
"org.drbd.drbdmanaged.service",
# iio-sensor-proxy (bsc#939191)
"net.hadess.SensorProxy.conf",
# openattic (bsc#972478)
"openattic.conf",
"openattic.service",
# TEMPORARY APPROVAL ONLY (meissner 20160519) tcmu-runner (bsc#978903)
"tcmu-runner.conf",
"org.kernel.TCMUService1.service",
# sysprof (bsc#996111)
"org.gnome.Sysprof2.service",
"org.gnome.Sysprof2.conf",
# sysprof (bsc#1151418)
"org.gnome.Sysprof3.service",
"org.gnome.Sysprof3.conf",
# flatpak (bsc#984817)
"org.freedesktop.Flatpak.SystemHelper.service",
"org.freedesktop.Flatpak.SystemHelper.conf",
# systemd resolver, but dont add automatically to nsswitch.conf! (bsc#917781)
"org.freedesktop.resolve1.conf",
"org.freedesktop.resolve1.service",
# powerdevil discretegpuhelper (bsc#1019748)
"org.kde.powerdevil.discretegpuhelper.conf",
"org.kde.powerdevil.discretegpuhelper.service",
# rebootmgr (bsc#1019644)
"org.opensuse.RebootMgr.conf",
# blueman (bsc#987141)
"org.blueman.Mechanism.conf",
"org.blueman.Mechanism.service",
# os-autoinst (bsc#1032649)
"org.opensuse.os_autoinst.switch.conf",
# thunderbolt (bsc#1033554)
"thunderbolt.conf",
"thunderbolt.service",
# backintime (bsc#1007723, bsc#1032717)
"net.launchpad.backintime.serviceHelper.conf",
"net.launchpad.backintime.serviceHelper.service",
# switchroo-control (bsc#1034309)
"net.hadess.SwitcherooControl.conf",
# openqa (bsc#1039290)
"org.opensuse.openqa.conf",
# pam_dbus (bsc#1039709). Take care to
# never enable/integrate this by default (see bsc comments)
"pam_dbus.conf",
# tpm2-abrmd (bnc#1049694)
"tpm2-abrmd.conf",
"com.intel.tss2.Tabrmd.service",
# nfs-ganesha (bsc#997880)
"org.ganesha.nfsd.conf",
"nfs-ganesha.service",
# NetworkManager-l2tp (bsc#846337)
"nm-l2tp-service.conf",
# fwupd (bsc#932807)
"org.freedesktop.fwupd.conf",
"org.freedesktop.fwupd.service",
# connman (bsc#1057697)
"connman-nmcompat.conf",
"connman.conf",
"connman-vpn-dbus.conf",
"net.connman.vpn.service",
# kcmsddm (bsc#1065563)
"org.kde.kcontrol.kcmsddm.conf",
"org.kde.kcontrol.kcmsddm.service",
# usbauth (bsc#1066877)
"org.opensuse.usbauth.conf",
# kalarm (bnc#1087714, renamed from kalarmrtcwake)
"org.kde.kalarm.rtcwake.conf",
"org.kde.kalarm.rtcwake.service",
# NetworkManager-libreswan (bnc#1089340)
"nm-libreswan-service.conf",
# libratbag (bnc#1076467)
"org.freedesktop.ratbag1.service",
"org.freedesktop.ratbag1.conf",
# xpra (bsc#1102836)
"xpra.conf",
# iwd (bsc#1108037)
"net.connman.iwd.service",
"iwd-dbus.conf",
# NetworkManager-fortisslvpn (bsc#1109938)
"nm-fortisslvpn-service.conf",
# systemd-timesyncd (bsc#1111254)
"org.freedesktop.timesync1.service",
"org.freedesktop.timesync1.conf",
# keepalived (bsc#1015141)
"org.keepalived.Vrrp1.conf",
# boltd (bsc#1119975)
"org.freedesktop.bolt.conf",
"org.freedesktop.bolt.service",
# certmonger (bsc#1129452)
"org.fedorahosted.certmonger.service",
"certmonger.conf",
# systemd-portabled (boo#1145639)
"org.freedesktop.portable1.service",
"org.freedesktop.portable1.conf",
# sssd (bsc#1157663, bsc#1106600)
"org.freedesktop.sssd.infopipe.service",
"org.freedesktop.sssd.infopipe.conf",
))
setOption("PAMModules.WhiteList", (
# pam_p11
"pam_p11_opensc.so",
"pam_p11_openssh.so",
# pam_krb5
"pam_krb5.so",
"pam_krb5afs.so",
# ecryptfs-utils
"pam_ecryptfs.so",
# gnome-keyring-pam
"pam_gnome_keyring.so",
# pwdutils-rpasswd
"pam_rpasswd.so",
# samba-winbind
"pam_winbind.so",
# pam-modules
"pam_homecheck.so",
"pam_pwcheck.so",
"pam_unix2.so",
# pam_smb
"pam_smb_auth.so",
# ConsoleKit
"pam_ck_connector.so",
# pam_ssh
"pam_ssh.so",
# libcgroup1
"pam_cgroup.so",
# pam_fprint
"pam_fprint.so",
# pam_mount
"pam_mount.so",
# pam_ccreds
"pam_ccreds.so",
# pam_radius
"pam_radius_auth.so",
# pam_pkcs11
"pam_pkcs11.so",
# nss-pam-ldapd
"pam_ldap.so",
# pam_passwdqc
"pam_passwdqc.so",
# pam_userpass
"pam_userpass.so",
# pam_apparmor
"pam_apparmor.so",
# pam_ldap
"pam_ldap.so",
# cryptconfig
"pam_cryptpass.so",
# opie
"pam_opie.so",
# pam
"pam_access.so",
"pam_cracklib.so",
"pam_debug.so",
"pam_deny.so",
"pam_echo.so",
"pam_env.so",
"pam_exec.so",
"pam_faildelay.so",
"pam_filter.so",
"pam_ftp.so",
"pam_group.so",
"pam_issue.so",
"pam_keyinit.so",
"pam_lastlog.so",
"pam_limits.so",
"pam_listfile.so",
"pam_localuser.so",
"pam_loginuid.so",
"pam_mail.so",
"pam_mkhomedir.so",
"pam_motd.so",
"pam_namespace.so",
"pam_nologin.so",
"pam_permit.so",
"pam_pwhistory.so",
"pam_rhosts.so",
"pam_rootok.so",
"pam_securetty.so",
"pam_selinux.so",
"pam_sepermit.so",
"pam_shells.so",
"pam_stress.so",
"pam_succeed_if.so",
"pam_tally.so",
"pam_tally2.so",
"pam_time.so",
"pam_timestamp.so",
"pam_tty_audit.so",
"pam_umask.so",
"pam_unix.so",
"pam_unix_acct.so",
"pam_unix_auth.so",
"pam_unix_passwd.so",
"pam_unix_session.so",
"pam_userdb.so",
"pam_warn.so",
"pam_wheel.so",
"pam_xauth.so",
# systemd
"pam_systemd.so",
# sssd
"pam_sss.so",
# pam_mktemp
"pam_mktemp.so",
# pam_csync
"pam_csync.so",
# samba
"pam_smbpass.so",
# pam_chroot
"pam_chroot.so",
# pam_snapper (bnc#815383)
"pam_snapper.so",
# pam_mate_keyring.so (bnc#831404)
"pam_mate_keyring.so",
# pam_gdm (bsc#1004346)
"pam_gdm.so",
# pam_slurm (bsc#1007053)
"pam_slurm.so",
# pam_slurm_adopt (bsc#1116758)
"pam_slurm_adopt.so",
# pam_script (bsc#1039848)
"pam_script.so",
# pam_yubico (bsc#1087060)
"pam_yubico.so",
# pam_oath (bsc#1089114)
"pam_oath.so",
# pam_p11 (bsc#1123916)
"pam_p11.so",
# pam_envoy (bsc#1150525)
"pam_envoy.so",
# pam_cifscreds (bsc#1150527)
"pam_cifscreds.so",
# libpwquality (bsc#1150520)
"pam_pwquality.so",
# lxc (bsc#1150519)
"pam_cgfs.so",
))
# Output filters
addFilter(r'.*spurious-bracket-in-.*')
addFilter(r'.*one-line-command-in-.*')
addFilter(' dir-or-file-in-opt ') # handled by CheckFilelist.py
addFilter(' dir-or-file-in-usr-local ') # handled by CheckFilelist.py
addFilter(' non-standard-dir-in-usr ') # handled by CheckFilelist.py
addFilter('incoherent-version-in-changelog')
addFilter(' no-signature')
addFilter(' symlink-crontab-file') #bnc591431
addFilter(' without-chkconfig')
addFilter(r'unstripped-binary-or-object.*\.ko')
addFilter(' no-chkconfig')
addFilter(' subsys-not-used')
addFilter(r' dangerous-command.*')
addFilter(r' setuid-binary.*')
addFilter(r'.*FSSTND-dir-in-var /var/adm/.*')
addFilter('subdir-in-bin /sbin/conf.d/')
addFilter(r'.* nss_db non-standard-dir-in-var db')
addFilter('non-standard-dir-in-usr openwin')
addFilter('ibcs2 non-standard-dir-in-usr i486-sysv4')
addFilter('shlibs5 non-standard-dir-in-usr i486-linux-libc5')
addFilter('explicit-lib-dependency libtool')
# filesystem package needs special exceptions
addFilter(r'^filesystem\..*: dir-or-file-in-var-run')
addFilter(r'^filesystem\..*: dir-or-file-in-var-lock')
addFilter(r'^filesystem\..*: dir-or-file-in-var-tmp')
addFilter(r'^filesystem\..*: dir-or-file-in-var-run')
addFilter(r'^filesystem\..*: dir-or-file-in-var-lock')
addFilter(r'^filesystem\..*: dir-or-file-in-usr-tmp')
addFilter(r'^filesystem\..*: dir-or-file-in-tmp')
addFilter(r'^filesystem\..*: dir-or-file-in-mnt')
addFilter(r'^filesystem\..*: dir-or-file-in-home')
addFilter(r'^filesystem\..*: hidden-file-or-dir /root/.gnupg')
addFilter(r'^filesystem\..*: hidden-file-or-dir /root/.gnupg')
addFilter(r'^filesystem\..*: hidden-file-or-dir /etc/skel/.config')
addFilter(r'^filesystem\..*: hidden-file-or-dir /etc/skel/.local')
addFilter(r'^filesystem\..*: hidden-file-or-dir /tmp/.X11-unix')
addFilter(r'^filesystem\..*: hidden-file-or-dir /tmp/.ICE-unix')
addFilter(r'^filesystem\..*: hidden-file-or-dir /etc/skel/.fonts')
addFilter(r'^filesystem\..*: suse-filelist-forbidden-fhs23')
addFilter(r'^filesystem\..*: suse-filelist-forbidden-opt')
addFilter(r'^filesystem\..*: non-standard-uid /var/lib/nobody nobody')
addFilter(r'^filesystem\..*: missing-dependency-to-cron')
# has arch specific dirs in /usr
addFilter(r'^filesystem\..*: no-binary')
# suppress any errors about internal packages
addFilter(r'^qa\S+: [EWI]:')
addFilter(r'^\S*(?:INTERNAL|internal)\.\S+: [EWI]:')
# exceptions for devel-files
addFilter(r'devel-file-in-non-devel-package.*/boot/vmlinuz-.*autoconf.h')
addFilter(r'devel-file-in-non-devel-package.*/usr/src/linux-')
addFilter(r'devel-file-in-non-devel-package.*/usr/share/systemtap')
addFilter(r'kde4-kapptemplate\.\S+:.*devel-file-in-non-devel-package')
addFilter(r'kdesdk3\.\S+:.*devel-file-in-non-devel-package')
addFilter(r'-(?:examples|doc)\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'java\S+-demo\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'avr-libc\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'dietlibc\.\S+ \w: devel-file-in-non-devel-package')
addFilter(r'cross-.*devel-file-in-non-devel-package')
addFilter(r'cmake.*devel-file-in-non-devel-package')
addFilter(r'gcc\d\d.*devel-file-in-non-devel-package')
addFilter(r'OpenOffice_org-sdk\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'wnn-sdk\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'ocaml\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'xorg-x11-server-sdk\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'linux-kernel-headers\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r' devel-file-in-non-devel-package.*-config')
addFilter(r'libtool\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'update-desktop-files\.\S+: \w: untranslated-desktop-file')
addFilter(r'sdb.* dangling-relative-symlink /usr/share/doc/sdb/.*/gifs ../gifs')
addFilter('kernel-modules-not-in-kernel-packages')
# SUSE kmp's don't need manual depmod (bnc#456048)
addFilter('module-without-depmod-postin')
addFilter('postin-with-wrong-depmod')
addFilter('module-without-depmod-postun')
addFilter('postun-with-wrong-depmod')
#
addFilter('configure-without-libdir-spec')
addFilter('conffile-without-noreplace-flag /etc/init.d')
addFilter('use-of-RPM_SOURCE_DIR')
addFilter('use-tmp-in-')
addFilter('symlink-contains-up-and-down-segments /var/lib/named')
addFilter('no-ldconfig-symlink')
addFilter(r'aaa_base\.\S+: \w: use-of-home-in-%post')
addFilter('description-line-too-long')
addFilter('hardcoded-library-path')
# addFilter('incoherent-subsys')
# doesn't seem to make sense
addFilter('invalid-ldconfig-symlink')
addFilter('invalid-soname')
addFilter('library-not-linked-against-libc')
addFilter('only-non-binary-in-usr-lib')
addFilter('outside-libdir-files')
# we want these files
addFilter(' perl-temp-file ')
addFilter(r' hidden-file-or-dir .*/\.packlist')
addFilter(r' hidden-file-or-dir .*/\.directory')
addFilter(r'perl-.*no-binary')
addFilter(' no-major-in-name ')
# we check for that already
addFilter('dangling-relative-symlink')
addFilter(' lib-package-without-%mklibname')
addFilter(' requires-on-release')
addFilter(' non-executable-script /etc/profile.d/')
addFilter(' non-executable-script /var/adm/fillup-templates/')
addFilter(' init-script-name-with-dot ')
addFilter(r'.* statically-linked-binary /sbin/ldconfig')
addFilter(r'.* statically-linked-binary /sbin/init')
addFilter(r'valgrind.* statically-linked-binary')
addFilter(r'ldconfig-post.*/ddiwrapper/wine/')
addFilter(r'glibc\.\S+: \w: statically-linked-binary /usr/sbin/glibc_post_upgrade')
addFilter(' symlink-should-be-relative ')
addFilter(' binary-or-shlib-defines-rpath .*ORIGIN')
addFilter(r'libzypp.*shlib-policy-name-error.*libzypp')
addFilter(r'libtool.*shlib-policy.*')
# stuff that is currently too noisy, but might become relevant in the future
addFilter(' prereq-use')
addFilter(' file-not-utf8')
addFilter(' tag-not-utf8')
addFilter(' setup-not-quiet')
addFilter(' no-cleaning-of-buildroot ')
addFilter(' mixed-use-of-spaces-and-tabs ')
addFilter(' prereq-use ')
# an issue with OBS, works with autobuild
addFilter(' no-packager-tag')
addFilter(' unversioned-explicit-provides ')
addFilter(' unversioned-explicit-obsoletes ')
addFilter(' no-%clean-section')
addFilter(' service-default-enabled ')
addFilter(' non-standard-dir-perm ')
addFilter(' conffile-without-noreplace-flag ')
addFilter(' non-standard-executable-perm ')
addFilter(' jar-not-indexed ')
addFilter(' uncompressed-zip ')
addFilter(' %ifarch-applied-patch ')
addFilter(' read-error ')
addFilter(' init-script-without-chkconfig-postin ')
addFilter(' init-script-without-chkconfig-preun ')
addFilter(' postin-without-chkconfig ')
addFilter(' preun-without-chkconfig ')
addFilter(' no-dependency-on locales')
addFilter(' incoherent-version-in-name')
addFilter(' binary-or-shlib-defines-rpath')
addFilter(' executable-marked-as-config-file')
addFilter(' log-files-without-logrotate')
addFilter(' hardcoded-prefix-tag')
addFilter(' no-documentation')
addFilter(' multiple-specfiles')
addFilter(' apache2-naming-policy-not-applied')
addFilter(' no-default-runlevel ')
addFilter(' setgid-binary ')
addFilter(' non-readable ')
addFilter(' manpage-not-bzipped ')
addFilter(' postin-without-ghost-file-creation ')
# bug 287090
addFilter(' file-in-usr-marked-as-conffile')
addFilter(' non-remote_fs-dependency.*/boot')
# exceptions for non-devel-buildrequires
addFilter(' non-devel-buildrequires apache2-mod_perl')
addFilter(' non-devel-buildrequires ksh')
addFilter(' non-devel-buildrequires perl')
addFilter(' non-devel-buildrequires php5')
addFilter(' non-devel-buildrequires postfix')
addFilter(' non-devel-buildrequires python')
addFilter(' non-devel-buildrequires ruby')
addFilter(' non-devel-buildrequires valgrind')
addFilter(' non-devel-buildrequires yasm')
addFilter(' non-devel-buildrequires tcl')
addFilter(r'beagle-index\.\S+: \w: (non-devel|unnecessary)-buildrequires')
addFilter(r'collect-desktop-files\.\S+: \w: (non-devel|unnecessary)-buildrequires')
addFilter(r'installation-images\.\S+: \w: (non-devel|unnecessary)-buildrequires')
# exceptions for filelist checks
addFilter(r'nfs-client\.\S+: \w: suse-filelist-forbidden-backup-file /var/lib/nfs/sm.bak ')
addFilter(r'perl\.\S+: \w: suse-filelist-forbidden-perl-dir ')
addFilter(r'info\.\S+: \w: info-dir-file .*/usr/share/info/dir')
# fillup is known to break SuSEfirewall's sysconfig file on many
# systems as people tend to break up long lines into several ones.
# This bug remains unfixed since years (bnc#340926).
# So we have to avoid fillup and therefore break the SUSE policy
addFilter(r'SuSEfirewall2\.\S+: \w: suse-filelist-forbidden-sysconfig.*/etc/sysconfig/SuSEfirewall2')
# these packages are used for CD creation and are not supposed to be
# installed. It's still a dirty hack to make an exception. The
# packages should either be built in a separate project with
# different config or file be put somewhere below /opt/suse/*
addFilter(r'(?:dosutils|skelcd|installation-images|yast2-slide-show|instlux|skelcd-.*|patterns-.*)\.\S+: \w: suse-filelist-forbidden-fhs23 /CD1')
# suboptimal library packaging
addFilter(' non-devel-buildrequires graphviz')
addFilter(' non-devel-buildrequires ImageMagick')
addFilter(' non-devel-buildrequires aspell')
addFilter(' non-devel-buildrequires autotrace')
addFilter(' non-devel-buildrequires gettext')
addFilter(' non-devel-buildrequires devhelp')
addFilter(' non-devel-buildrequires libxml2')
addFilter(' non-devel-buildrequires libxslt')
addFilter(' non-devel-buildrequires recode')
# Too noisy, and usually not something downstream packagers can fix
addFilter(' incorrect-fsf-address ')
addFilter(' no-manual-page-for-binary ')
addFilter(r' static-library-without-debuginfo /usr/lib(?:64)?/ghc-[\d\.]+/')
# the libre mess
addFilter(r'libre(?:ssl|office|cad)[^\:]+: \w: shlib-policy-')
# many places have shorter paths
addFilter(' non-coherent-filename ')
# mandriva specific stuff that we don't want
addFilter(' invalid-build-requires ')
addFilter(' no-provides ')
# bash completion files are not scripts, do not require them marked as %config
addFilter('W: non-conffile-in-etc /etc/bash_completion.d/')
# info uses file triggers now (boo#1152169)
addFilter(' info-files-without-install-info-postin' )
addFilter(' postin-without-install-info ')
addFilter(' info-files-without-install-info-postun ')
addFilter(' postin-without-install-info ')
# config ends here
View Git Blame Copy Permalink