rpm/rpmlint
SHA256
1
0
Fork 0
forked from pool/rpmlint
Code Pull Requests Activity
f60e9325b3
rpmlint/config

1385 lines
40 KiB
Python
Raw Blame History

# -*- python -*-
# vim: syntax=python sw=4 ts=4 sts=4 et
# Configuration for the rpmlint utility.
# Loaded before ~/.rpmlintrc
# $Id: config,v 1.39 2003/12/22 11:20:55 flepied Exp $
# This line is mandatory to access the configuration functions
from Config import *
from Filter import addDetails
# Additionale path to look for checks
#addCheckDir("~/mandrake/rpmlint")
# Configure the checks if you don't want the default ones
allChecks()
addCheck("CheckBuildRoot")
addCheck("CheckExecDocs")
addCheck("CheckPkgConfig")
addCheck("CheckCommonFiles")
addCheck("DuplicatesCheck")
addCheck("LibraryPolicyCheck")
addCheck("CheckIconSizes")
#addCheck("CheckStaticLibraries")
addCheck("BrandingPolicyCheck")
addCheck("CheckSUIDPermissions")
# polkit-default-privs would need to be installed always
addCheck("CheckPolkitPrivs")
addCheck("CheckDBUSServices")
addCheck("CheckDBusPolicy")
addCheck("CheckFilelist")
addCheck("KMPPolicyCheck")
addCheck("CheckUpdateAlternatives")
addCheck("BashismsCheck")
addCheck("CheckBuildDate")
addCheck("CheckLogrotate")
addCheck("CheckPAMModules")
addCheck("CheckRCLinks")
addCheck("CheckSystemdInstall")
addCheck("TmpFilesCheck")
addCheck("CheckSysVinitOnSystemd")
# stuff autobuild takes care about
addFilter('.*invalid-version.*')
addFilter('.*invalid-packager.*')
addFilter('.*not-standard-release-extension.*')
#addFilter('.*non-standard-group.*')
addFilter('.*invalid-buildhost.*')
addFilter('.*executable-in-library-package.*')
addFilter('.*non-versioned-file-in-library-package.*')
addFilter('.*incoherent-version-in-name.*')
addFilter('.*invalid-vendor.*')
addFilter('.*invalid-distribution.*')
addFilter('.*hardcoded-path-in-buildroot-tag.*')
addFilter('.*no-buildroot-tag.*')
addFilter('.*cross-directory-hard-link.*')
# Configuration options used by the checks
#setOption("Vendor", "MySelf")
#setOption("Distribution", "MyDistrib")
setOption("UseBzip2", 0)
setOption("UseUTF8", 1)
#setOption("ReleaseExtension", None)
#setOption("ValidGroups", ("Group1", "Group2"))
#setOption("KernelModuleRPMsOK", 0)
setOption("CompressExtension", None)
setOption('UseVarLockSubsys', False)
setOption("BadnessThreshold", 1000)
# keep in sync with https://en.opensuse.org/openSUSE:Package_group_guidelines
setOption('ValidGroups', [
'Amusements/Games/3D/Other',
'Amusements/Games/3D/Race',
'Amusements/Games/3D/Shoot',
'Amusements/Games/3D/Simulation',
'Amusements/Games/Action/Arcade',
'Amusements/Games/Action/Breakout',
'Amusements/Games/Action/Other',
'Amusements/Games/Action/Race',
'Amusements/Games/Action/Shoot',
'Amusements/Games/Board/Card',
'Amusements/Games/Board/Chess',
'Amusements/Games/Board/Other',
'Amusements/Games/Board/Pool',
'Amusements/Games/Board/Puzzle',
'Amusements/Games/Logic',
'Amusements/Games/Other',
'Amusements/Games/RPG',
'Amusements/Games/Strategy/Other',
'Amusements/Games/Strategy/Real Time',
'Amusements/Games/Strategy/Turn Based',
'Amusements/Teaching/Language',
'Amusements/Teaching/Mathematics',
'Amusements/Teaching/Other',
'Amusements/Toys/Background',
'Amusements/Toys/Clocks',
'Amusements/Toys/Graphics',
'Amusements/Toys/Other',
'Amusements/Toys/Screensavers',
'Development/Languages/C and C++',
'Development/Languages/Fortran',
'Development/Languages/Haskell',
'Development/Languages/Java',
'Development/Languages/Other',
'Development/Languages/Perl',
'Development/Languages/Python',
'Development/Languages/Ruby',
'Development/Languages/Scheme',
'Development/Languages/Tcl',
'Development/Libraries/C and C++',
'Development/Libraries/Cross',
'Development/Libraries/GNOME',
'Development/Libraries/Haskell',
'Development/Libraries/Java',
'Development/Libraries/KDE',
'Development/Libraries/Other',
'Development/Libraries/Parallel',
'Development/Libraries/Perl',
'Development/Libraries/Python',
'Development/Libraries/Tcl',
'Development/Libraries/X11',
'Development/Libraries/YaST',
'Development/Sources',
'Development/Tools/Building',
'Development/Tools/Debuggers',
'Development/Tools/Doc Generators',
'Development/Tools/GUI Builders',
'Development/Tools/IDE',
'Development/Tools/Navigators',
'Development/Tools/Other',
'Development/Tools/Version Control',
'Documentation/Howto',
'Documentation/HTML',
'Documentation/Man',
'Documentation/Other',
'Documentation/SUSE',
'Hardware/Camera',
'Hardware/Fax',
'Hardware/ISDN',
'Hardware/Joystick',
'Hardware/Mobile',
'Hardware/Modem',
'Hardware/Other',
'Hardware/Palm',
'Hardware/Printing',
'Hardware/Psion',
'Hardware/Radio',
'Hardware/Scanner',
'Hardware/TV',
'Hardware/UPS',
'Hardware/Wifi',
'Metapackages',
'Productivity/Archiving/Backup',
'Productivity/Archiving/Compression',
'Productivity/Clustering/Computing',
'Productivity/Clustering/HA',
'Productivity/Databases/Clients',
'Productivity/Databases/Servers',
'Productivity/Databases/Tools',
'Productivity/File utilities',
'Productivity/Graphics/3D Editors',
'Productivity/Graphics/Bitmap Editors',
'Productivity/Graphics/CAD',
'Productivity/Graphics/Convertors',
'Productivity/Graphics/Other',
'Productivity/Graphics/Vector Editors',
'Productivity/Graphics/Viewers',
'Productivity/Graphics/Visualization/Graph',
'Productivity/Graphics/Visualization/Other',
'Productivity/Graphics/Visualization/Raytracers',
'Productivity/Hamradio/Fax',
'Productivity/Hamradio/Logging',
'Productivity/Hamradio/Morse',
'Productivity/Hamradio/Other',
'Productivity/Hamradio/Packet',
'Productivity/Hamradio/Psk31',
'Productivity/Hamradio/Satellite',
'Productivity/Multimedia/CD/Grabbers',
'Productivity/Multimedia/CD/Players',
'Productivity/Multimedia/CD/Record',
'Productivity/Multimedia/Other',
'Productivity/Multimedia/Sound/Editors and Convertors',
'Productivity/Multimedia/Sound/Midi',
'Productivity/Multimedia/Sound/Mixers',
'Productivity/Multimedia/Sound/Players',
'Productivity/Multimedia/Sound/Utilities',
'Productivity/Multimedia/Sound/Visualization',
'Productivity/Multimedia/Video/Editors and Convertors',
'Productivity/Multimedia/Video/Players',
'Productivity/Networking/AOLInstantMessenger',
'Productivity/Networking/Archie',
'Productivity/Networking/Boot/Clients',
'Productivity/Networking/Boot/Servers',
'Productivity/Networking/Boot/Utilities',
'Productivity/Networking/Diagnostic',
'Productivity/Networking/DNS/Servers',
'Productivity/Networking/DNS/Utilities',
'Productivity/Networking/Email/Clients',
'Productivity/Networking/Email/Mailinglists',
'Productivity/Networking/Email/Servers',
'Productivity/Networking/Email/Utilities',
'Productivity/Networking/File-Sharing',
'Productivity/Networking/Ftp/Clients',
'Productivity/Networking/Ftp/Servers',
'Productivity/Networking/ICQ',
'Productivity/Networking/Instant Messenger',
'Productivity/Networking/IRC',
'Productivity/Networking/LDAP/Clients',
'Productivity/Networking/LDAP/Servers',
'Productivity/Networking/LDAP/Utilities',
'Productivity/Networking/Napster',
'Productivity/Networking/News/Clients',
'Productivity/Networking/News/Servers',
'Productivity/Networking/News/Utilities',
'Productivity/Networking/NFS',
'Productivity/Networking/NIS',
'Productivity/Networking/Novell',
'Productivity/Networking/Other',
'Productivity/Networking/PPP',
'Productivity/Networking/Radius/Clients',
'Productivity/Networking/Radius/Servers',
'Productivity/Networking/Routing',
'Productivity/Networking/Samba',
'Productivity/Networking/Security',
'Productivity/Networking/SSH',
'Productivity/Networking/System',
'Productivity/Networking/Talk/Clients',
'Productivity/Networking/Talk/Servers',
'Productivity/Networking/Web/Browsers',
'Productivity/Networking/Web/Frontends',
'Productivity/Networking/Web/Proxy',
'Productivity/Networking/Web/Servers',
'Productivity/Networking/Web/Utilities',
'Productivity/Office/Dictionary',
'Productivity/Office/Finance',
'Productivity/Office/Management',
'Productivity/Office/Organizers',
'Productivity/Office/Other',
'Productivity/Office/Spreadsheets',
'Productivity/Office/Suite',
'Productivity/Office/Word Processor',
'Productivity/Other',
'Productivity/Publishing/DocBook',
'Productivity/Publishing/HTML/Editors',
'Productivity/Publishing/HTML/Tools',
'Productivity/Publishing/Other',
'Productivity/Publishing/PDF',
'Productivity/Publishing/Presentation',
'Productivity/Publishing/PS',
'Productivity/Publishing/SGML',
'Productivity/Publishing/TeX/Base',
'Productivity/Publishing/TeX/Fonts',
'Productivity/Publishing/TeX/Frontends',
'Productivity/Publishing/Texinfo',
'Productivity/Publishing/TeX/Utilities',
'Productivity/Publishing/Troff',
'Productivity/Publishing/Word',
'Productivity/Publishing/XML',
'Productivity/Scientific/Astronomy',
'Productivity/Scientific/Chemistry',
'Productivity/Scientific/Electronics',
'Productivity/Scientific/Math',
'Productivity/Scientific/Other',
'Productivity/Scientific/Physics',
'Productivity/Security',
'Productivity/Telephony/Clients',
'Productivity/Telephony/H323/Clients',
'Productivity/Telephony/H323/Servers',
'Productivity/Telephony/H323/Utilities',
'Productivity/Telephony/Servers',
'Productivity/Telephony/SIP/Clients',
'Productivity/Telephony/SIP/Servers',
'Productivity/Telephony/SIP/Utilities',
'Productivity/Telephony/Utilities',
'Productivity/Text/Convertors',
'Productivity/Text/Editors',
'Productivity/Text/Spell',
'Productivity/Text/Utilities',
'System/Base',
'System/Benchmark',
'System/Boot',
'System/Console',
'System/Daemons',
'System/Emulators/Other',
'System/Emulators/PC',
'System/Fhs',
'System/Filesystems',
'System/GUI/GNOME',
'System/GUI/KDE',
'System/GUI/LXDE',
'System/GUI/Other',
'System/GUI/XFCE',
'System/I18n/Chinese',
'System/I18n/Japanese',
'System/I18n/Korean',
'System/Kernel',
'System/Libraries',
'System/Localization',
'System/Management',
'System/Monitoring',
'System/Packages',
'System/Shells',
'System/Sound Daemons',
'System/X11/Displaymanagers',
'System/X11/Fonts',
'System/X11/Icons',
'System/X11/Servers/XF86_3',
'System/X11/Servers/XF86_4',
'System/X11/Terminals',
'System/X11/Utilities',
'System/YaST',
])
setOption('StandardGroups', (
'aegis',
'antivir',
'arangodb',
'at',
'audio',
'avahi',
'beagleindex',
'bigsister',
'bitlbee',
'bin',
'bitcoin',
'boinc',
'casaauth',
'cdrom',
'ceph',
'chef',
'chrony',
'citadel',
'colord',
'console',
'coroqnetd',
'crowbar',
'cwbconv',
'daemon',
'davfs2',
'dba',
'ddclient',
'dehydrated',
'dialout',
'disk',
'distcc',
'dosemu',
'dovecot',
'elasticsearch',
'epmd',
'festival',
'ffums',
'firebird',
'floppy',
'fonehome',
'ftp',
'games',
'gdm',
'geronimo',
'grafana',
'guixbuild',
'haclient',
'haldaemon',
'hsqldb',
'icecast',
'icecream',
'icinga',
'icingacmd',
'ifdrwww',
'intermezzo',
'iouyap',
'jboss',
'jenkins',
'jetty5',
'jonas',
'kmem',
'kolab',
'kolab-n',
'kolab-r',
'kvm',
'ldap',
'libstoragemgmt',
'lightdm',
'lighttpd',
'localham',
'locate',
'logstash',
'lp',
'lxdm',
'mail',
'maildrop',
'mailman',
'man',
'mdom',
'memcached',
'messagebus',
'mktex',
'modem',
'mumble-server',
'mysql',
'nagcmd',
'nagios',
'named',
'news',
'nginx',
'nobody',
'nogroup',
'novell_nogroup',
'novlxtier',
'ntadmin',
'ntop',
'ntp',
'oinstall',
'ovirtagent',
'ceilometer',
'cinder',
'glance',
'heat',
'keystone',
'nova',
'neutron',
'swift',
'trove',
'otrs',
'pcp',
'pcpqa',
'pdns',
'pegasus',
'pkcs11',
'polipo',
'polkituser',
'postfix',
'postgres',
'pound',
'powersave',
'privoxy',
'prosody',
'prometheus',
'public',
'pulse',
'pulse-access',
'pulse-rt',
'puppet',
'qemu',
'quagga',
'quasselcore',
'rabbitmq',
'radiusd',
'root',
'sabayon-admin',
'salt',
'sapdb',
'sddm',
'sensu',
'shadow',
'shibd',
'siproxd',
'_sks',
'snort',
'squid',
'sshd',
'suse-ncc',
'svn',
'sys',
'systemd-journal',
'systemd-journal-gateway',
'tape',
'tftp',
'tomcat',
'tomcat4',
'tor',
'trusted',
'ts-shell',
'tss',
'tty',
'unbound',
'users',
'utmp',
'uucp',
'uuidd',
'vacation',
'varnish',
'video',
'vnc',
'vscan',
'wheel',
'wireshark',
'www',
'xok',
'xymon',
'zeroinst',
'znc',
'zope',
))
setOption('StandardUsers', (
'aegis',
'amanda',
'arangodb',
'asterisk',
'at',
'avahi',
'beagleindex',
'bigsister',
'bin',
'bitcoin',
'bitlbee',
'boinc',
'casaatsd',
'casaatvd',
'casaauth',
'ceph',
'chef',
'chrony',
'citadel',
'cntlm',
'colord',
'cop',
'coroqnetd',
'crowbar',
'cyrus',
'daemon',
'davfs2',
'ddclient',
'dehydrated',
'dhcpd',
'distcc',
'dovecot',
'dpbox',
'dvbdaemon',
'elasticsearch',
'epmd',
'fax',
'festival',
'fetchmail',
'ffums',
'firebird',
'fonehome',
'ftp',
'games',
'gdm',
'geronimo',
'gnats',
'gnump3d',
'grafana',
'hacluster',
'haldaemon',
'hsqldb',
'icecast',
'icecream',
'icinga',
'intermezzo',
'iodined',
'irc',
'jabber',
'jboss',
'jetty5',
'jenkins',
'jonas',
'kolab',
'kolab-n',
'kolab-r',
'ldap',
'libstoragemgmt',
'lightdm',
'lighttpd',
'logstash',
'lp',
'lxdm',
'mail',
'mailman',
'man',
'mdnsd',
'mdom',
'mednafen',
'memcached',
'messagebus',
'mumble-server',
'mysql',
'nagios',
'named',
'news',
'nginx',
'novell_nobody',
'novlifdr',
'novlxregd',
'novlxsrvd',
'ntop',
'ntp',
'openstack-ceilometer',
'openstack-cinder',
'openstack-glance',
'openstack-heat',
'openstack-keystone',
'openstack-nova',
'openstack-quantum',
'openstack-swift',
'oracle',
'otrs',
'ovirtagent',
'partimag',
'pcp',
'pcpqa',
'pdns',
'pegasus',
'polipo',
'polkitd',
'polkituser',
'pop',
'postfix',
'postgres',
'postgrey',
'pound',
'privoxy',
'prosody',
'prometheus',
'pulse',
'puppet',
'qemu',
'quagga',
'quasselcore',
'rabbitmq',
'radiusd',
'radvd',
'root',
'_rmt',
'sabayon-admin',
'salt',
'sapdb',
'sddm',
'sensu',
'shibd',
'singularity',
'siproxd',
'_sks',
'snort',
'squid',
'sshd',
'statd',
'suse-ncc',
'svn',
'systemd-journal-gateway'
'tftp',
'tomcat',
'tomcat4',
'tor',
'tss',
'ulogd',
'upsd',
'unbound',
'uucp',
'uuidd',
'vacation',
'varnish',
'vdr',
'vnc',
'vscan',
'wnn',
'wwwrun',
'xymon',
'yastws',
'zeroinst',
'znc',
'zope',
))
addDetails('non-standard-uid',
'''A file in this package is owned by an unregistered user id.
To register the user, please branch the devel:openSUSE:Factory:rpmlint rpmlint package,
add the user to the "config" file and send a submitrequest.
''',
'non-standard-gid',
'''A file in this package is owned by an unregistered group id.
To register the group, please branch the devel:openSUSE:Factory:rpmlint rpmlint package,
add the group to the "config" file and send a submitrequest.
'''
'no-changelogname-tag',
'''There is no changelog. Please insert a '%changelog' section heading in your
spec file and prepare your changes file using e.g. the 'osc vc' command.''',
)
setOption('DanglingSymlinkExceptions',
(['/usr/share/doc/licenses/', 'licenses'],
['consolehelper$', 'usermode-consoleonly'],
))
setOption("DBUSServices.WhiteList", (
"ConsoleKit.conf",
"hal.conf",
"cups.conf", # bnc#515977
"org.freedesktop.ConsoleKit.service",
"org.freedesktop.PolicyKit.conf",
"org.freedesktop.PolicyKit.service",
#
# the following are not audited. We accept them as legacy for now
#
# gnome-settings-daemon
"org.gnome.SettingsDaemon.DateTimeMechanism.service",
"org.gnome.SettingsDaemon.DateTimeMechanism.conf",
# upower
"org.freedesktop.UPower.service",
"org.freedesktop.UPower.conf",
# podsleuth
"podsleuth.conf",
# PackageKit
"org.freedesktop.PackageKit.conf",
# PackageKit
"org.freedesktop.PackageKit.service",
# NetworkManager-pptp
"nm-pptp-service.conf",
# gdm
"gdm.conf",
# udisks
"org.freedesktop.UDisks.service",
"org.freedesktop.UDisks.conf",
# udisks2 (bnc#742751)
"org.freedesktop.UDisks2.service",
"org.freedesktop.UDisks2.conf",
# scmon
"com.novell.Pkcs11Monitor.conf",
# systemd (bnc#641924)
"org.freedesktop.systemd1.service",
"org.freedesktop.systemd1.conf",
"org.freedesktop.hostname1.service",
"org.freedesktop.hostname1.conf",
"org.freedesktop.login1.conf",
"org.freedesktop.login1.service",
"org.freedesktop.timedate1.conf",
"org.freedesktop.timedate1.service",
"org.freedesktop.locale1.conf",
"org.freedesktop.locale1.service",
# gconf2
"org.gnome.GConf.Defaults.service",
"org.gnome.GConf.Defaults.conf",
# system-config-printer (bnc#694640)
"com.redhat.NewPrinterNotification.conf",
"com.redhat.PrinterDriversInstaller.conf",
# rtkit
"org.freedesktop.RealtimeKit1.conf",
"org.freedesktop.RealtimeKit1.service",
# wpa_supplicant
"fi.epitest.hostap.WPASupplicant.service",
# bnc#681116
"fi.w1.wpa_supplicant1.service",
"wpa_supplicant.conf",
# kdebase4-workspace
"org.kde.fontinst.service",
"org.kde.kcontrol.kcmkdm.conf",
"org.kde.fontinst.conf",
"org.kde.ksysguard.processlisthelper.service",
"org.kde.kcontrol.kcmclock.service",
"org.kde.kcontrol.kcmclock.conf",
"org.kde.kcontrol.kcmkdm.service",
"org.kde.ksysguard.processlisthelper.conf",
# pulseaudio
"pulseaudio-system.conf",
# kdebase4-runtime
"org.kde.kcontrol.kcmremotewidgets.service",
"org.kde.kcontrol.kcmremotewidgets.conf",
# k3b
"org.kde.kcontrol.k3bsetup.service",
"org.kde.kcontrol.k3bsetup.conf",
# NetworkManager-novellvpn
"nm-novellvpn-service.conf",
# avahi
"avahi-dbus.conf",
"org.freedesktop.Avahi.service",
# hp-drive-guard
"hp-drive-guard-dbus.conf",
# NetworkManager
"nm-dhcp-client.conf",
"nm-dispatcher.conf",
"nm-avahi-autoipd.conf",
"org.freedesktop.nm_dispatcher.service",
# bnc#747780
"org.freedesktop.NetworkManager.conf",
"NetworkManager-frontend.conf",
# bnc#681128
"org.freedesktop.NetworkManager.service",
# ModemManager
"org.freedesktop.ModemManager.service",
"org.freedesktop.ModemManager.conf",
# yast2-dbus-server
"org.opensuse.YaST.modules.service",
"org.opensuse.yast.SCR.conf",
"org.opensuse.YaST.modules.conf",
"org.opensuse.yast.SCR.service",
# webyast (bnc#660981)
"webyast.permissions.conf",
"webyast.permissions.service.service",
# bluez (bnc#768062)
"bluetooth.conf",
"org.bluez.service",
# dnsmasq
"dnsmasq.conf",
# backup-manager
"org.opensuse.BackupManager.service",
"backup-manager.conf",
# gypsy
"Gypsy.conf",
"org.freedesktop.Gypsy.service",
# pommed
"pommed.conf",
# NetworkManager-openvpn
"nm-openvpn-service.conf",
# kdelibs4
"org.kde.auth.conf",
# polkit
"org.freedesktop.PolicyKit1.conf",
"org.freedesktop.PolicyKit1.service",
# dconf
"ca.desrt.dconf.service",
# kerneloops
"kerneloops.dbus",
# polkit-kde-1
"org.kde.polkitkde1.helper.conf",
"org.kde.polkitkde1.helper.service",
# upstart
"Upstart.conf",
# cups-pk-helper
"org.opensuse.CupsPkHelper.Mechanism.service",
"org.opensuse.CupsPkHelper.Mechanism.conf",
# fwzs
"org.opensuse.zoneswitcher.service",
"org.opensuse.zoneswitcher.conf",
# yum
"yum-updatesd.conf",
# NetworkManager-vpnc
"nm-vpnc-service.conf",
# NetworkManager-strongswan, bnc#656222
"nm-strongswan-service.conf",
# mumble, bnc#660784
"mumble-server.conf",
# kdebase4-runtime, bnc#672145
"org.kde.powerdevil.backlighthelper.service",
"org.kde.powerdevil.backlighthelper.conf",
# urfkill (bnc#688328)
"org.freedesktop.URfkill.service",
"org.freedesktop.URfkill.conf",
# account services (bnc#676638)
"org.freedesktop.Accounts.service",
"org.freedesktop.Accounts.conf",
# synche-connector (bnc#683956)
"org.synce.dccm.service",
"org.synce.dccm.conf",
# colord (bnc#698250)
"org.freedesktop.ColorManager.service",
"org.freedesktop.ColorManager.conf",
# colord-sane (bnc#752518)
"org.freedesktop.colord-sane.service",
"org.freedesktop.colord-sane.conf",
# lightdm (bnc#708205)
"org.freedesktop.DisplayManager.conf",
# sddm (boo#897788)
"sddm_org.freedesktop.DisplayManager.conf",
# kdepim4/kalarm (bnc#707723)
"org.kde.kalarmrtcwake.conf",
"org.kde.kalarmrtcwake.service",
# NetworkManager-openvpn (bnc#732915)
"nm-openconnect-service.conf",
# smb4k (bnc#749065)
"de.berlios.smb4k.mounthelper.conf",
"de.berlios.smb4k.mounthelper.service",
# cdemu-deamon (bnc#764063)
"cdemud-dbus.conf",
# snapper (bnc#759391)
"org.opensuse.Snapper.conf",
"org.opensuse.Snapper.service",
# autofs-udisk interaction (bnc#782691)
"org.freedesktop.AutoMount.conf",
# NetworkManager-iodine (bnc#781071)
"nm-iodine-service.conf",
# new ModemManager (bnc#798273)
"org.freedesktop.ModemManager1.conf",
"org.freedesktop.ModemManager1.service",
# fprintd 0.4.1 (finger print dbus service) (bnc#792095)
"net.reactivated.Fprint.service",
"net.reactivated.Fprint.conf",
# lightdm-kde-greeter KCM shell dbus helper (bnc#794705)
"org.kde.kcontrol.kcmlightdm.conf",
"org.kde.kcontrol.kcmlightdm.service",
# nepomuk: org.kde.nepomuk.filewatch.service (bnc#825262)
# temporary approved only due to insufficient resources -Marcus
"org.kde.nepomuk.filewatch.service",
"org.kde.nepomuk.filewatch.conf",
# wicked network management (bnc#783932)
"network-nanny.conf",
"wicked-dhcp4.conf",
"wicked-dhcp6.conf",
"wicked-autoip4.conf",
"wicked.conf",
## next revision of names (old ones could go)
"org.opensuse.Network.conf",
"org.opensuse.Network.AUTO4.conf",
"org.opensuse.Network.DHCP6.conf",
"org.opensuse.Network.DHCP4.conf",
"org.opensuse.Network.Nanny.conf",
# systemd machined service (bnc#828207)
"org.freedesktop.machine1.service",
"org.freedesktop.machine1.conf",
# systemd importd service (bnc#964935)
"org.freedesktop.import1.service",
"org.freedesktop.import1.conf",
# GeoClue2 DBUS Service (bnc#838360)
"org.freedesktop.GeoClue2.service",
"org.freedesktop.GeoClue2.conf",
# GeoClue2 DBUS Service more (bnc#862216)
"org.freedesktop.GeoClue2.Agent.conf",
# mate dbus serice (bnc#831404)
"org.mate.SettingsDaemon.DateTimeMechanism.service",
"org.mate.SettingsDaemon.DateTimeMechanism.conf",
# tuned DBUS service (bnc#787379, bnc#1007279)
"com.redhat.tuned.conf",
"com.redhat.tuned.service",
# policycoreutils (bnc#848550)
"org.selinux.conf",
"org.selinux.service",
# bluez (bnc#768062)
"bluetooth.conf",
"org.bluez.service",
# kwallet (bnc#849739)
"org.kde.kcontrol.kcmkwallet.conf",
"org.kde.kcontrol.kcmkwallet.service",
# kwallet (bnc#1033296)
"org.kde.kcontrol.kcmkwallet5.conf",
"org.kde.kcontrol.kcmkwallet5.service",
# neard (bnc#837978)
"org.neard.conf",
"org.neard.service",
# networkmanager-openswan (bnc#808549)
"nm-openswan-service.conf",
# baloo, formerly nepomuk (bnc#866131)
"org.kde.baloo.filewatch.conf",
"org.kde.baloo.filewatch.service",
# policycoreutils new service/config (bnc#878631)
"org.selinux.service",
"org.selinux.conf",
# oFono (bnc#862354)
"ofono.conf",
# libKF5Auth4 (bnc#864716)
"org.kde.kf5auth.conf",
# firewalld (bnc#907625)
"FirewallD.conf",
# storaged (bnc#915769)
"com.redhat.storaged.conf",
"com.redhat.storaged.service",
# systemd networkd (bnc#918799)
"org.freedesktop.network1.conf",
"org.freedesktop.network1.service",
# realmd (bnc#916766)
"org.freedesktop.realmd.service",
"org.freedesktop.realmd.conf",
# teamd (bnc#941993)
"teamd@.service",
"org.libteam.teamd.conf",
# cinnamon settings daemon (bsc#951830)
"org.cinnamon.SettingsDaemon.DateTimeMechanism.conf",
"org.cinnamon.SettingsDaemon.DateTimeMechanism.service",
# thermald (bsc#954771)
"org.freedesktop.thermald.conf",
"org.freedesktop.thermald.service",
# drbdmanage (bsc#956811)
"org.drbd.drbdmanaged.conf",
"org.drbd.drbdmanaged.service",
# iio-sensor-proxy (bsc#939191)
"net.hadess.SensorProxy.conf",
"net.hadess.SensorProxy.service",
# openattic (bsc#972478)
"openattic.conf",
"openattic.service",
# TEMPORARY APPROVAL ONLY (meissner 20160519) tcmu-runner (bsc#978903)
"tcmu-runner.conf",
"org.kernel.TCMUService1.service",
# sysprof (bsc#996111)
"org.gnome.Sysprof2.service",
"org.gnome.Sysprof2.conf",
# flatpak (bsc#984817)
"org.freedesktop.Flatpak.SystemHelper.service",
"org.freedesktop.Flatpak.SystemHelper.conf",
# systemd resolver, but dont add automatically to nsswitch.conf! (bsc#917781)
"org.freedesktop.resolve1.conf",
"org.freedesktop.resolve1.service",
# powerdevil discretegpuhelper (bsc#1019748)
"org.kde.powerdevil.discretegpuhelper.conf",
"org.kde.powerdevil.discretegpuhelper.service",
# rebootmgr (bsc#1019644)
"org.opensuse.RebootMgr.conf",
"rebootmgr.service",
# blueman (bsc#987141)
"org.blueman.Mechanism.conf",
"org.blueman.Mechanism.service",
"org.blueman.Applet.service",
# os-autoinst (bsc#1032649)
"org.opensuse.os_autoinst.switch.conf",
"os-autoinst-openvswitch.service",
# thunderbolt (bsc#1033554)
"thunderbolt.conf",
"thunderbolt.service",
# backintime (bsc#1007723, bsc#1032717)
"net.launchpad.backintime.serviceHelper.conf",
"net.launchpad.backintime.serviceHelper.service",
# switchroo-control (bsc#1034309)
"net.hadess.SwitcherooControl.conf",
"switcheroo-control.service",
# openqa (bsc#1039290)
"org.opensuse.openqa.conf",
"openqa-scheduler.service",
"openqa-websockets.service",
# pam_dbus (bsc#1039709). Take care to
# never enable/integrate this by default (see bsc comments)
"pam_dbus.conf",
"pam_dbus.service",
# tpm2-abrmd (bnc#1049694)
"tpm2-abrmd.conf",
"tpm2-abrmd.service",
# nfs-ganesha (bsc#997880)
"org.ganesha.nfsd.conf",
"nfs-ganesha.service",
# NetworkManager-l2tp (bsc#846337)
"nm-l2tp-service.conf",
# fwupd (bsc#932807)
"org.freedesktop.fwupd.conf",
"org.freedesktop.fwupd.service",
# connman (bsc#1057697)
"connman-nmcompat.conf",
"connman.conf",
"connman-vpn-dbus.conf",
"net.connman.vpn.service"
))
setOption("PAMModules.WhiteList", (
# pam_p11
"pam_p11_opensc.so",
"pam_p11_openssh.so",
# pam_krb5
"pam_krb5.so",
"pam_krb5afs.so",
# ecryptfs-utils
"pam_ecryptfs.so",
# gnome-keyring-pam
"pam_gnome_keyring.so",
# pwdutils-rpasswd
"pam_rpasswd.so",
# samba-winbind
"pam_winbind.so",
# pam-modules
"pam_homecheck.so",
"pam_pwcheck.so",
"pam_unix2.so",
# pam_smb
"pam_smb_auth.so",
# ConsoleKit
"pam_ck_connector.so",
# pam_ssh
"pam_ssh.so",
# libcgroup1
"pam_cgroup.so",
# pam_fprint
"pam_fprint.so",
# pam_mount
"pam_mount.so",
# pam_ccreds
"pam_ccreds.so",
# pam_radius
"pam_radius_auth.so",
# pam_pkcs11
"pam_pkcs11.so",
# nss-pam-ldapd
"pam_ldap.so",
# pam_passwdqc
"pam_passwdqc.so",
# pam_userpass
"pam_userpass.so",
# pam_apparmor
"pam_apparmor.so",
# pam_ldap
"pam_ldap.so",
# cryptconfig
"pam_cryptpass.so",
# opie
"pam_opie.so",
# pam
"pam_access.so",
"pam_cracklib.so",
"pam_debug.so",
"pam_deny.so",
"pam_echo.so",
"pam_env.so",
"pam_exec.so",
"pam_faildelay.so",
"pam_filter.so",
"pam_ftp.so",
"pam_group.so",
"pam_issue.so",
"pam_keyinit.so",
"pam_lastlog.so",
"pam_limits.so",
"pam_listfile.so",
"pam_localuser.so",
"pam_loginuid.so",
"pam_mail.so",
"pam_mkhomedir.so",
"pam_motd.so",
"pam_namespace.so",
"pam_nologin.so",
"pam_permit.so",
"pam_pwhistory.so",
"pam_rhosts.so",
"pam_rootok.so",
"pam_securetty.so",
"pam_selinux.so",
"pam_sepermit.so",
"pam_shells.so",
"pam_stress.so",
"pam_succeed_if.so",
"pam_tally.so",
"pam_tally2.so",
"pam_time.so",
"pam_timestamp.so",
"pam_tty_audit.so",
"pam_umask.so",
"pam_unix.so",
"pam_unix_acct.so",
"pam_unix_auth.so",
"pam_unix_passwd.so",
"pam_unix_session.so",
"pam_userdb.so",
"pam_warn.so",
"pam_wheel.so",
"pam_xauth.so",
# systemd
"pam_systemd.so",
# sssd
"pam_sss.so",
# pam_mktemp
"pam_mktemp.so",
# pam_csync
"pam_csync.so",
# samba
"pam_smbpass.so",
# pam_chroot
"pam_chroot.so",
# pam_snapper (bnc#815383)
"pam_snapper.so",
# pam_mate_keyring.so (bnc#831404)
"pam_mate_keyring.so",
# pam_gdm (bsc#1004346)
"pam_gdm.so",
# pam_slurm (bsc#1007053)
"pam_slurm.so"
# pam_script(bsc#1039848)
"pam_script.so"
))
# Output filters
addFilter(r'.*spurious-bracket-in-.*')
addFilter(r'.*one-line-command-in-.*')
addFilter(' dir-or-file-in-opt ') # handled by CheckFilelist.py
addFilter(' dir-or-file-in-usr-local ') # handled by CheckFilelist.py
addFilter(' non-standard-dir-in-usr ') # handled by CheckFilelist.py
addFilter('incoherent-version-in-changelog')
addFilter(' no-signature')
addFilter(' symlink-crontab-file') #bnc591431
addFilter(' without-chkconfig')
addFilter(r'unstripped-binary-or-object.*\.ko')
addFilter(' no-chkconfig')
addFilter(' subsys-not-used')
addFilter(r' dangerous-command.*')
addFilter(r' setuid-binary.*')
addFilter(r'.*FSSTND-dir-in-var /var/adm/.*')
addFilter('subdir-in-bin /sbin/conf.d/')
addFilter(r'.* nss_db non-standard-dir-in-var db')
addFilter('non-standard-dir-in-usr openwin')
addFilter('ibcs2 non-standard-dir-in-usr i486-sysv4')
addFilter('shlibs5 non-standard-dir-in-usr i486-linux-libc5')
addFilter('explicit-lib-dependency libtool')
# filesystem package needs special exceptions
addFilter(r'^filesystem\..*: dir-or-file-in-var-run')
addFilter(r'^filesystem\..*: dir-or-file-in-var-lock')
addFilter(r'^filesystem\..*: dir-or-file-in-var-tmp')
addFilter(r'^filesystem\..*: dir-or-file-in-var-run')
addFilter(r'^filesystem\..*: dir-or-file-in-var-lock')
addFilter(r'^filesystem\..*: dir-or-file-in-usr-tmp')
addFilter(r'^filesystem\..*: dir-or-file-in-tmp')
addFilter(r'^filesystem\..*: dir-or-file-in-mnt')
addFilter(r'^filesystem\..*: dir-or-file-in-home')
addFilter(r'^filesystem\..*: hidden-file-or-dir /root/.gnupg')
addFilter(r'^filesystem\..*: hidden-file-or-dir /root/.gnupg')
addFilter(r'^filesystem\..*: hidden-file-or-dir /etc/skel/.config')
addFilter(r'^filesystem\..*: hidden-file-or-dir /etc/skel/.local')
addFilter(r'^filesystem\..*: hidden-file-or-dir /tmp/.X11-unix')
addFilter(r'^filesystem\..*: hidden-file-or-dir /tmp/.ICE-unix')
addFilter(r'^filesystem\..*: hidden-file-or-dir /etc/skel/.fonts')
addFilter(r'^filesystem\..*: suse-filelist-forbidden-fhs23')
addFilter(r'^filesystem\..*: suse-filelist-forbidden-opt')
addFilter(r'^filesystem\..*: non-standard-uid /var/lib/nobody nobody')
addFilter(r'^filesystem\..*: missing-dependency-to-cron')
# has arch specific dirs in /usr
addFilter(r'^filesystem\..*: no-binary')
# suppress any errors about internal packages
addFilter(r'^qa\S+: [EWI]:')
addFilter(r'^\S*(?:INTERNAL|internal)\.\S+: [EWI]:')
# exceptions for devel-files
addFilter(r'devel-file-in-non-devel-package.*/boot/vmlinuz-.*autoconf.h')
addFilter(r'devel-file-in-non-devel-package.*/usr/src/linux-')
addFilter(r'devel-file-in-non-devel-package.*/usr/share/systemtap')
addFilter(r'kde4-kapptemplate\.\S+:.*devel-file-in-non-devel-package')
addFilter(r'kdesdk3\.\S+:.*devel-file-in-non-devel-package')
addFilter(r'-(?:examples|doc)\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'java\S+-demo\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'avr-libc\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'dietlibc\.\S+ \w: devel-file-in-non-devel-package')
addFilter(r'cross-.*devel-file-in-non-devel-package')
addFilter(r'cmake.*devel-file-in-non-devel-package')
addFilter(r'gcc\d\d.*devel-file-in-non-devel-package')
addFilter(r'OpenOffice_org-sdk\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'wnn-sdk\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'ocaml\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'xorg-x11-server-sdk\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'linux-kernel-headers\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r' devel-file-in-non-devel-package.*-config')
addFilter(r'libtool\.\S+: \w: devel-file-in-non-devel-package')
addFilter(r'update-desktop-files\.\S+: \w: untranslated-desktop-file')
addFilter(r'sdb.* dangling-relative-symlink /usr/share/doc/sdb/.*/gifs ../gifs')
addFilter('kernel-modules-not-in-kernel-packages')
# SUSE kmp's don't need manual depmod (bnc#456048)
addFilter('module-without-depmod-postin')
addFilter('postin-with-wrong-depmod')
addFilter('module-without-depmod-postun')
addFilter('postun-with-wrong-depmod')
#
addFilter('configure-without-libdir-spec')
addFilter('conffile-without-noreplace-flag /etc/init.d')
addFilter('use-of-RPM_SOURCE_DIR')
addFilter('use-tmp-in-')
addFilter('symlink-contains-up-and-down-segments /var/lib/named')
addFilter('no-ldconfig-symlink')
addFilter(r'aaa_base\.\S+: \w: use-of-home-in-%post')
addFilter('description-line-too-long')
addFilter('hardcoded-library-path')
# addFilter('incoherent-subsys')
# doesn't seem to make sense
addFilter('invalid-ldconfig-symlink')
addFilter('invalid-soname')
addFilter('library-not-linked-against-libc')
addFilter('only-non-binary-in-usr-lib')
addFilter('outside-libdir-files')
# we want these files
addFilter(' perl-temp-file ')
addFilter(r' hidden-file-or-dir .*/\.packlist')
addFilter(r' hidden-file-or-dir .*/\.directory')
addFilter(r'perl-.*no-binary')
addFilter(' no-major-in-name ')
# we check for that already
addFilter('dangling-relative-symlink')
addFilter(' lib-package-without-%mklibname')
addFilter(' requires-on-release')
addFilter(' non-executable-script /etc/profile.d/')
addFilter(' non-executable-script /var/adm/fillup-templates/')
addFilter(' init-script-name-with-dot ')
addFilter(r'.* statically-linked-binary /sbin/ldconfig')
addFilter(r'.* statically-linked-binary /sbin/init')
addFilter(r'valgrind.* statically-linked-binary')
addFilter(r'ldconfig-post.*/ddiwrapper/wine/')
addFilter(r'glibc\.\S+: \w: statically-linked-binary /usr/sbin/glibc_post_upgrade')
addFilter(' symlink-should-be-relative ')
addFilter(' binary-or-shlib-defines-rpath .*ORIGIN')
addFilter(r'libzypp.*shlib-policy-name-error.*libzypp')
addFilter(r'libtool.*shlib-policy.*')
# stuff that is currently too noisy, but might become relevant in the future
addFilter(' prereq-use')
addFilter(' file-not-utf8')
addFilter(' tag-not-utf8')
addFilter(' setup-not-quiet')
addFilter(' no-cleaning-of-buildroot ')
addFilter(' mixed-use-of-spaces-and-tabs ')
addFilter(' prereq-use ')
# an issue with OBS, works with autobuild
addFilter(' no-packager-tag')
addFilter(' unversioned-explicit-provides ')
addFilter(' unversioned-explicit-obsoletes ')
addFilter(' no-%clean-section')
addFilter(' service-default-enabled ')
addFilter(' non-standard-dir-perm ')
addFilter(' conffile-without-noreplace-flag ')
addFilter(' non-standard-executable-perm ')
addFilter(' jar-not-indexed ')
addFilter(' uncompressed-zip ')
addFilter(' %ifarch-applied-patch ')
addFilter(' read-error ')
addFilter(' init-script-without-chkconfig-postin ')
addFilter(' init-script-without-chkconfig-preun ')
addFilter(' postin-without-chkconfig ')
addFilter(' preun-without-chkconfig ')
addFilter(' no-dependency-on locales')
addFilter(' incoherent-version-in-name')
addFilter(' binary-or-shlib-defines-rpath')
addFilter(' executable-marked-as-config-file')
addFilter(' log-files-without-logrotate')
addFilter(' hardcoded-prefix-tag')
addFilter(' no-documentation')
addFilter(' multiple-specfiles')
addFilter(' apache2-naming-policy-not-applied')
addFilter(' no-default-runlevel ')
addFilter(' setgid-binary ')
addFilter(' non-readable ')
addFilter(' manpage-not-bzipped ')
addFilter(' postin-without-ghost-file-creation ')
# bug 287090
addFilter(' file-in-usr-marked-as-conffile')
addFilter(' non-remote_fs-dependency.*/boot')
# exceptions for non-devel-buildrequires
addFilter(' non-devel-buildrequires apache2-mod_perl')
addFilter(' non-devel-buildrequires ksh')
addFilter(' non-devel-buildrequires perl')
addFilter(' non-devel-buildrequires php5')
addFilter(' non-devel-buildrequires postfix')
addFilter(' non-devel-buildrequires python')
addFilter(' non-devel-buildrequires ruby')
addFilter(' non-devel-buildrequires valgrind')
addFilter(' non-devel-buildrequires yasm')
addFilter(' non-devel-buildrequires tcl')
addFilter(r'beagle-index\.\S+: \w: (non-devel|unnecessary)-buildrequires')
addFilter(r'collect-desktop-files\.\S+: \w: (non-devel|unnecessary)-buildrequires')
addFilter(r'installation-images\.\S+: \w: (non-devel|unnecessary)-buildrequires')
# exceptions for filelist checks
addFilter(r'nfs-client\.\S+: \w: suse-filelist-forbidden-backup-file /var/lib/nfs/sm.bak ')
addFilter(r'perl\.\S+: \w: suse-filelist-forbidden-perl-dir ')
addFilter(r'info\.\S+: \w: info-dir-file .*/usr/share/info/dir')
# fillup is known to break SuSEfirewall's sysconfig file on many
# systems as people tend to break up long lines into several ones.
# This bug remains unfixed since years (bnc#340926).
# So we have to avoid fillup and therefore break the SUSE policy
addFilter(r'SuSEfirewall2\.\S+: \w: suse-filelist-forbidden-sysconfig.*/etc/sysconfig/SuSEfirewall2')
# these packages are used for CD creation and are not supposed to be
# installed. It's still a dirty hack to make an exception. The
# packages should either be built in a separate project with
# different config or file be put somewhere below /opt/suse/*
addFilter(r'(?:dosutils|skelcd|installation-images|yast2-slide-show|instlux|skelcd-.*|patterns-.*)\.\S+: \w: suse-filelist-forbidden-fhs23 /CD1')
# suboptimal library packaging
addFilter(' non-devel-buildrequires graphviz')
addFilter(' non-devel-buildrequires ImageMagick')
addFilter(' non-devel-buildrequires aspell')
addFilter(' non-devel-buildrequires autotrace')
addFilter(' non-devel-buildrequires gettext')
addFilter(' non-devel-buildrequires devhelp')
addFilter(' non-devel-buildrequires libxml2')
addFilter(' non-devel-buildrequires libxslt')
addFilter(' non-devel-buildrequires recode')
# Too noisy, and usually not something downstream packagers can fix
addFilter(' incorrect-fsf-address ')
addFilter(' no-manual-page-for-binary ')
addFilter(r' static-library-without-debuginfo /usr/lib(?:64)?/ghc-[\d\.]+/')
# the libre mess
addFilter(r'libre(?:ssl|office|cad)[^\:]+: \w: shlib-policy-')
# many places have shorter paths
addFilter(' non-coherent-filename ')
# mandriva specific stuff that we don't want
addFilter(' invalid-build-requires ')
addFilter(' no-provides ')
# bash completion files are not scripts, do not require them marked as %config
addFilter('W: non-conffile-in-etc /etc/bash_completion.d/')
# config ends here
View Git Blame Copy Permalink