rpm/rpmlint
SHA256
1
0
Fork 0
forked from pool/rpmlint
Code Pull Requests Activity
fa361f3e01
rpmlint/rpmlint-1.5-disallow-var-run-and-var-lock.diff

166 lines
6.3 KiB
Diff
Raw Blame History

From c45057466e8e40bbb36fa90faa10a2b678c25ba2 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 30 Apr 2014 16:35:20 +0200
Subject: [PATCH rpmlint] disallow /var/run and /var/lock
Distros moved to having /var/run and /var/lock as symlinks to /run resp
/run/lock. Therefore packages must no longer put files there at all.
Also, refactor the code for dir-or-file-in-* and make it configurable.
---
FilesCheck.py | 77 +++++++++++++++++++++++------------------------------------
config | 4 ++++
2 files changed, 34 insertions(+), 47 deletions(-)
Index: rpmlint-1.5/FilesCheck.py
===================================================================
--- rpmlint-1.5.orig/FilesCheck.py
+++ rpmlint-1.5/FilesCheck.py
@@ -559,12 +559,9 @@ STANDARD_DIRS = (
'/var/lib/nobody',
'/var/lib/pam_devperm',
'/var/lib/wwwrun',
- '/var/lock',
- '/var/lock/subsys',
'/var/log',
'/var/mail',
'/var/opt',
- '/var/run',
'/var/spool',
'/var/spool/clientmqueue',
'/var/spool/locks',
@@ -589,7 +586,19 @@ DEFAULT_STANDARD_GROUPS = ('root', 'bin'
'shutdown', 'halt', 'mail', 'news', 'uucp',
'man', 'nobody',)
-tmp_regex = re.compile('^(/var|/usr)?/tmp/')
+DEFAULT_DISALLOWED_DIRS = (
+ '/home',
+ '/mnt',
+ '/opt',
+ '/tmp',
+ '/usr/local',
+ '/usr/tmp',
+ '/var/local',
+ '/var/lock',
+ '/var/run',
+ '/var/tmp',
+)
+
sub_bin_regex = re.compile('^(/usr)?/s?bin/\S+/')
backup_regex = re.compile('(~|\#[^/]+\#|\.orig|\.orig\.gz|\.rej)$')
compr_regex = re.compile('\.(gz|z|Z|zip|bz2|lzma|xz)$')
@@ -653,6 +662,8 @@ use_relative_symlinks = Config.getOption
standard_groups = Config.getOption('StandardGroups', DEFAULT_STANDARD_GROUPS)
standard_users = Config.getOption('StandardUsers', DEFAULT_STANDARD_USERS)
+disallowed_dirs = Config.getOption('DisallowedDirs', DEFAULT_DISALLOWED_DIRS)
+
non_readable_regexs = (re.compile('^/var/log/'),
re.compile('^/etc/(g?shadow-?|securetty)$'))
@@ -871,19 +882,13 @@ class FilesCheck(AbstractCheck.AbstractC
is_kernel_package:
printError(pkg, "kernel-modules-not-in-kernel-packages", f)
- for i in ['mnt','opt','usr-local','var-local','home']:
- if f.startswith('/%s/' % i.replace('-','/')):
- printError(pkg, 'dir-or-file-in-%s' % i, f)
-
- if tmp_regex.search(f):
- printError(pkg, 'dir-or-file-in-tmp', f)
+ for i in disallowed_dirs:
+ if f.startswith(i):
+ printError(pkg, 'dir-or-file-in-%s' % '-'.join(i.split('/')[1:]), f)
- elif f.startswith('/var/run/'):
+ if f.startswith('/run/'):
if f not in ghost_files:
- printWarning(pkg, 'non-ghost-in-var-run', f)
- elif f.startswith('/var/lock/'):
- if f not in ghost_files:
- printWarning(pkg, 'non-ghost-in-var-lock', f)
+ printWarning(pkg, 'non-ghost-in-run', f)
elif sub_bin_regex.search(f):
printError(pkg, 'subdir-in-bin', f)
elif '/site_perl/' in f:
@@ -1466,35 +1471,10 @@ install-info.''',
'''You have a perl temporary file in your package. Usually, this
file is beginning with a dot (.) and contain "perl" in its name.''',
-'dir-or-file-in-tmp',
-'''A file in the package is located in /tmp. It's not permitted
-for packages to install files in this directory.''',
-
-'dir-or-file-in-mnt',
-'''A file in the package is located in /mnt. It's not permitted
-for packages to install files in this directory.''',
-
-'dir-or-file-in-opt',
-'''A file in the package is located in /opt. It's not permitted
-for packages to install files in this directory.''',
-
-'dir-or-file-in-usr-local',
-'''A file in the package is located in /usr/local. It's not permitted
-for packages to install files in this directory.''',
-
-'dir-or-file-in-var-local',
-'''A file in the package is located in /var/local. It's not permitted
-for packages to install files in this directory.''',
-
-'non-ghost-in-var-run',
-'''A file or directory in the package is located in /var/run. Files installed
-in this directory should be marked as %ghost and created at runtime to work
-properly in tmpfs /var/run setups.''',
-
-'non-ghost-in-var-lock',
-'''A file or directory in the package is located in /var/lock. Files installed
+'non-ghost-in-run',
+'''A file or directory in the package is located in /run. Files installed
in this directory should be marked as %ghost and created at runtime to work
-properly in tmpfs /var/lock setups.''',
+properly in tmpfs /run setups.''',
'subdir-in-bin',
'''The package contains a subdirectory in /usr/bin. It's not permitted to
@@ -1505,10 +1485,6 @@ create a subdir there. Create it in /usr
by an editor or resulting from applying unclean (fuzzy, or ones with line
offsets) patches.''',
-'dir-or-file-in-home',
-'''A file in the package is located in /home. It's not permitted
-for packages to install files in this directory.''',
-
'version-control-internal-file',
'''You have included file(s) internally used by a version control system
in the package. Move these files out of the package and rebuild it.''',
@@ -1832,6 +1808,13 @@ as part of the example documentation mea
use it and setup a insecure configuration.'''
)
+for i in disallowed_dirs:
+ addDetails('dir-or-file-in-%s' % '-'.join(i.split('/')[1:]),
+ '''A file in the package is located in %s. It's not permitted
+for packages to install files in this directory.''' % i)
+
+
+
# FilesCheck.py ends here
# Local variables:
Index: rpmlint-1.5/config
===================================================================
--- rpmlint-1.5.orig/config
+++ rpmlint-1.5/config
@@ -126,6 +126,10 @@ from Config import *
# Type: tuple of strings, see DEFAULT_STANDARD_USERS in FilesCheck
#setOption("StandardUsers", ())
+# List of directory prefixes that are not allowed in packages
+# Type: tuple of strings, see DEFAULT_DISALLOWED_DIRS in FilesCheck
+#setOption("DisallowedDirs", ('/home', '/mnt'))
+
# List of directories considered to be system default library search paths.
# Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck
#setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))
View Git Blame Copy Permalink