Repocop reports by acl

  packager rpm id test status message
@core bind-9.11.32-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.
@core bind-9.11.32-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/bind: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.
@core lwresd-9.11.32-alt1.x86_64 init-but-no-native-systemd info The package have SysV init script(s) but no native systemd files.
@core lwresd-9.11.32-alt1.x86_64 init-lsb fail /etc/rc.d/init.d/lwresd: not systemd compatible: lsb init header missing and lwresd.service is not present. See http://www.altlinux.org/Services_Policy for details.
sin sssd-2.5.2-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.
sin sssd-2.5.2-alt1.x86_64 systemd-check-socket-name experimental in sssd-2.5.2-alt1.x86_64: there is a socket sssd-pam-priv.socket but no service sssd-pam-priv.service. Ask ildar@ why it is not right.
slev bumper-0.1.13-alt1.noarch rpm-filesystem-conflict-file-file warn File /usr/bin/bump conflicts with the package mesa-demos-8.4.0-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.
slev cockpit-ws-247-alt1.x86_64 systemd-check-socket-name experimental in cockpit-ws-247-alt1.x86_64: there is a socket cockpit-wsinstance-https-factory.socket but no service cockpit-wsinstance-https-factory.service. Ask ildar@ why it is not right.
slev dogtag-pki-server-theme-10.10.6-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev freeipa-common-4.9.7-alt1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev freeipa-server-4.9.7-alt1.x86_64 systemd-check-socket-name experimental in freeipa-server-4.9.7-alt1.x86_64: there is a socket ipa-otpd.socket but no service ipa-otpd.service. Ask ildar@ why it is not right.
slev freeipa-server-common-4.9.7-alt1.x86_64 file-in-usr-marked-as-conffile warn Files below /usr may not be marked as conffiles, since
/usr might be mounted read-only and thus, the local system
administrator would not have a chance to modify this configuration
file.
slev gssproxy-0.8.4-alt1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.
slev pki-acme-10.10.6-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev pki-acme-10.10.6-alt2.x86_64 unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/pki/acme/bin/pki-acme-run: $ grep -A5 -B5 /tmp/ /usr/share/pki/acme/bin/pki-acme-run [ -f /var/lib/tomcats/pki/conf/certs/ca_signing.key ] then echo "INFO: Importing CA Signing Certificate and Key" # generate random password openssl rand -hex 8 > /tmp/password # import PEM cert and key into PKCS #12 file openssl pkcs12 -export \ -in /var/lib/tomcats/pki/conf/certs/ca_signing.crt \ -inkey /var/lib/tomcats/pki/conf/certs/ca_signing.key \ -out /tmp/certs.p12 \ -name ca_signing \ -passout file:/tmp/password # import PKCS #12 file into NSS database pki -d /var/lib/tomcats/pki/conf/alias pkcs12-import \ --pkcs12 /tmp/certs.p12 \ --password-file /tmp/password # trust imported CA signing cert certutil -M -d /var/lib/tomcats/pki/conf/alias -n ca_signing -t CT,C,C rm /tmp/certs.p12 rm /tmp/password fi # import certs.p12 if available if [ -f /var/lib/tomcats/pki/conf/certs/certs.p12 ] then -- echo "INFO: Issuing Self-signed CA Signing Certificate" # generate CA signing CSR pki -d /var/lib/tomcats/pki/conf/alias nss-cert-request \ --subject "CN=CA Signing Certificate" \ --csr /tmp/ca_signing.csr # issue self-signed CA signing cert pki -d /var/lib/tomcats/pki/conf/alias nss-cert-issue \ --csr /tmp/ca_signing.csr \ --ext /usr/share/pki/acme/issuer/nss/ca_signing.conf \ --months-valid 12 \ --cert /tmp/ca_signing.crt # import and trust CA signing cert into NSS database pki -d /var/lib/tomcats/pki/conf/alias nss-cert-import \ --cert /tmp/ca_signing.crt \ --trust CT,C,C \ ca_signing rm /tmp/ca_signing.crt rm /tmp/ca_signing.csr fi echo "INFO: CA Signing Certificate:" certutil -L -d /var/lib/tomcats/pki/conf/alias -n ca_signing -- echo "INFO: Issuing SSL Server Certificate" # generate SSL server CSR pki -d /var/lib/tomcats/pki/conf/alias nss-cert-request \ --subject "CN=$HOSTNAME" \ --csr /tmp/sslserver.csr # issue SSL server cert pki -d /var/lib/tomcats/pki/conf/alias nss-cert-issue \ --issuer ca_signing \ --csr /tmp/sslserver.csr \ --ext /usr/share/pki/acme/issuer/nss/sslserver.conf \ --cert /tmp/sslserver.crt # import SSL server cert into NSS database pki -d /var/lib/tomcats/pki/conf/alias nss-cert-import \ --cert /tmp/sslserver.crt \ sslserver rm /tmp/sslserver.crt rm /tmp/sslserver.csr fi echo "INFO: SSL Server Certificate:" certutil -L -d /var/lib/tomcats/pki/conf/alias -n sslserver
slev pki-base-java-10.10.6-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev pki-ca-10.10.6-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev pki-javadoc-10.10.6-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev pki-kra-10.10.6-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev python3-module-pathlib2-2.3.3-alt2.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev python3-module-pyyaml-env-tag-0.1-alt1.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev python3-module-rfc3986-1.4.0-alt1.noarch altlinux-policy-description-has-tags fail Description contains tags such as Provides/Requires/BuildRequires. Beware of errors with %ifs/%endifs!
slev python3-module-scp-0.13.6-alt1.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev python3-module-system-seed-wheels-0.0.1-alt1.x86_64 missing-url info Missing Url: in a package.
slev python3-module-system-seed-wheels-wheels-0.0.1-alt1.x86_64 missing-url info Missing Url: in a package.
slev python3-module-xxhash-2.0.2-alt1.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev uid_wrapper-1.2.8-alt1.1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libuid_wrapper.so but just /usr/lib64/libuid_wrapper.so.0.0.9. According to SharedLibs Policy Draft, symlink /usr/lib64/libuid_wrapper.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libuid_wrapper.so to \%files of uid_wrapper-1.2.8-alt1.1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.
viy tomcat-9.0.52-alt1_1jpp11.noarch checkbashisms experimental checkbashisms utility found possible bashisms in: /etc/rc.d/init.d/tomcat
viy tomcat-el-3.0-api-9.0.52-alt1_1jpp11.noarch altlinux-java-duplicate-jars info file /usr/share/java/tomcat/tomcat-el-api.jar confilicts with package: tomcat-lib-9.0.52-alt1_1jpp11.noarch: if the jar do provide the same standard interface, it should be alternative. Otherwise it is recommended to rename the jar
viy tomcat-jsp-2.3-api-9.0.52-alt1_1jpp11.noarch altlinux-java-duplicate-jars info file /usr/share/java/tomcat/tomcat-jsp-api.jar confilicts with package: tomcat-lib-9.0.52-alt1_1jpp11.noarch: if the jar do provide the same standard interface, it should be alternative. Otherwise it is recommended to rename the jar
viy tomcat-lib-9.0.52-alt1_1jpp11.noarch altlinux-java-duplicate-jars info file /usr/share/java/tomcat/tomcat-el-api.jar confilicts with package: tomcat-el-3.0-api-9.0.52-alt1_1jpp11.noarch: if the jar do provide the same standard interface, it should be alternative. Otherwise it is recommended to rename the jar
file /usr/share/java/tomcat/tomcat-jsp-api.jar confilicts with package: tomcat-jsp-2.3-api-9.0.52-alt1_1jpp11.noarch: if the jar do provide the same standard interface, it should be alternative. Otherwise it is recommended to rename the jar
file /usr/share/java/tomcat/tomcat-servlet-api.jar confilicts with package: tomcat-servlet-4.0-api-9.0.52-alt1_1jpp11.noarch: if the jar do provide the same standard interface, it should be alternative. Otherwise it is recommended to rename the jar
viy tomcat-servlet-4.0-api-9.0.52-alt1_1jpp11.noarch altlinux-java-duplicate-jars info file /usr/share/java/tomcat/tomcat-servlet-api.jar confilicts with package: tomcat-lib-9.0.52-alt1_1jpp11.noarch: if the jar do provide the same standard interface, it should be alternative. Otherwise it is recommended to rename the jar
zerg kf5-kirigami-5.86.0-alt1.src altlinux-policy-obsolete-buildreq warn Build dependency on rpm-build-ubt is obsolete and should be dropped to get rid of rpm-build-ubt package.

generated by repocop at Sat Sep 18 04:56:23 2021