packager | rpm id | test | status | message | |
---|---|---|---|---|---|
andy | codetest_sl-1.6-alt1.x86_64 | rpm-filesystem-conflict-file-file | warn | Files /usr/bin/sl /usr/share/man/man1/sl.1.xz conflict with the package sl-5.02-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. | |
andy | criu-debuginfo-3.19-alt1.1.x86_64 | rpm-filesystem-conflict-symlink-symlink | warn | value of symlink /usr/lib/debug/usr/sbin/crtools.debug is different from the same symlink in the package crtools-ovz-debuginfo-3.18.1.1-alt2.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. | |
andy | crtools-ovz-debuginfo-3.18.1.1-alt2.x86_64 | rpm-filesystem-conflict-symlink-file | warn | symlink /usr/lib/debug/usr/sbin/criu.debug is a file in the package criu-debuginfo-3.19-alt1.1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. | |
andy | crtools-ovz-debuginfo-3.18.1.1-alt2.x86_64 | rpm-filesystem-conflict-symlink-symlink | warn | value of symlink /usr/lib/debug/usr/sbin/crtools.debug is different from the same symlink in the package criu-debuginfo-3.19-alt1.1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. | |
andy | drbd-reactor-1.4.0-alt1.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
andy | ifupdown2-3.2.0.8-alt1.noarch | bin-permissions | info | not executable file /usr/sbin/ip-brctl | |
andy | ifupdown2-3.2.0.8-alt1.noarch | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
andy | kernel-modules-drbd9-ovz-el7-9.2.8-alt1.199168.4.1160.90.1.vz7.200.7.src | unmet-dependency-build-no-suitable-version | fail | build dependency kernel-headers-modules-ovz-el7 has no suitable version. | |
andy | ledmon-0.97-alt2.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
andy | ledmon-0.97-alt2.x86_64 | uncompressed-manpages | info | Package contains uncompressed manual pages. | |
andy | libploop-7.0.277-alt2.x86_64 | subdir-in-var-run | info | Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them. | |
andy | pve-backup-restore-image-0.3-alt1.x86_64 | file-in-usr-marked-as-conffile | warn | Files below /usr may not be marked as conffiles, since /usr might be mounted read-only and thus, the local system administrator would not have a chance to modify this configuration file. |
|
andy | pve-backup-restore-image-0.3-alt1.x86_64 | missing-url | info | Missing Url: in a package. | |
andy | pve-enable-0.1-alt1.x86_64 | missing-url | info | Missing Url: in a package. | |
andy | ravada-2.2.1-alt1.noarch | pseudouser-added-as-real-user | fail | package added a pseudouser in its %pre/%post script as a real user. You should use -r option of useradd command to create a system account. | |
andy | ravada-2.2.1-alt1.noarch | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
andy | sbd-1.5.2-alt1.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
andy | volumes-profile-alt-server-v-1.0-alt1.noarch | rpm-filesystem-conflict-file-file | warn | File /usr/share/install2/initinstall.d/10-vm-profile.sh conflicts with the package volumes-profile-regular-0.5.1-alt1.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. . ives. |
|
andy | volumes-profile-alt-server-v-1.0-alt1.noarch | unsafe-tmp-usage-in-scripts | fail | The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/initinstall.d/10-vm-profile.sh: $ grep /tmp/ /usr/share/install2/initinstall.d/10-vm-profile.sh #!/bin/sh # see also http://www.altlinux.org/Autoinstall message() { echo "vm-profile: $*" >>/tmp/vm-profile.log; } ROOT_MIN=7 # In Gb VAR_MIN=1 # In Gb mem="$(sed '/^MemTotal/s/[^0-9]//gp' /proc/meminfo)" # in kB | |
andy | vzctl-7.0.254-alt2.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
andy | vzdump-1.2.6-alt2.x86_64 | missing-url | info | Missing Url: in a package. | |
shaba | open-vm-tools-12.4.0-alt1.x86_64 | big-changelog | info | Package contains big ChangeLog. Gzip it. | |
shaba | open-vm-tools-12.4.0-alt1.x86_64 | subdir-in-var-run | info | Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them. | |
shaba | opennebula-fireedge-6.6.1.1-alt2.x86_64 | macos-ds-store-file-in-package | warn | There is a file in the package named .DS_Store or .DS_Store.gz, the file name used by Mac OS X to store folder attributes. Such files are generally useless in packages and were usually accidentally included by copying complete directories from the source tarball. | |
shaba | opennebula-fireedge-6.6.1.1-alt2.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | opennebula-flow-6.6.1.1-alt2.noarch | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | opennebula-gate-6.6.1.1-alt2.noarch | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | opennebula-node-firecracker-6.6.1.1-alt2.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | opennebula-node-kvm-6.6.1.1-alt2.noarch | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | opennebula-node-lxc-6.6.1.1-alt2.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | opennebula-server-6.6.1.1-alt2.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | opennebula-server-6.6.1.1-alt2.x86_64 | unsafe-tmp-usage-in-scripts | fail | The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/one.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/one.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/az.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/az.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } | |
shaba | opennebula-sunstone-6.6.1.1-alt2.noarch | macos-ds-store-file-in-package | warn | There is a file in the package named .DS_Store or .DS_Store.gz, the file name used by Mac OS X to store folder attributes. Such files are generally useless in packages and were usually accidentally included by copying complete directories from the source tarball. | |
shaba | opennebula-sunstone-6.6.1.1-alt2.noarch | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | proxmox-backup-server-3.1.4.1-alt2.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | pve-container-5.0.8-alt1.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | pve-firewall-5.0.3-alt1.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | pve-ha-manager-4.0.3-alt1.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. | |
shaba | pve-qemu-server-8.1.0-alt1.x86_64 | systemd-but-no-native-init | experimental | The package have native systemd file(s) but no SysV init scripts. |