Repocop reports by acl

  packager rpm id test status message
ldv bind-9.11.22-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.
ldv bind-9.11.22-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/bind: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.
ldv bind-devel-9.11.22-alt1.x86_64 rpm-filesystem-conflict-file-file warn There are file conflicts with the package libisc-export-dhcp-devel-9.11.15-alt1.x86_64, for example, /usr/include/bind9/dns/adb.h (29 file conflicts in total). Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.
ldv lwresd-9.11.22-alt1.x86_64 init-but-no-native-systemd info The package have SysV init script(s) but no native systemd files.
ldv lwresd-9.11.22-alt1.x86_64 init-lsb fail /etc/rc.d/init.d/lwresd: not systemd compatible: lsb init header missing and lwresd.service is not present. See http://www.altlinux.org/Services_Policy for details.
sin sssd-2.4.0-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.
sin sssd-2.4.0-alt1.x86_64 systemd-check-socket-name experimental in sssd-2.4.0-alt1.x86_64: there is a socket sssd-pam-priv.socket but no service sssd-pam-priv.service. Ask ildar@ why it is not right.
slev bumper-0.1.13-alt1.noarch rpm-filesystem-conflict-file-file warn File /usr/bin/bump conflicts with the package mesa-demos-8.4.0-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.
slev cockpit-ws-209-alt1.1.x86_64 systemd-check-socket-name experimental in cockpit-ws-209-alt1.1.x86_64: there is a socket cockpit-wsinstance-https-factory.socket but no service cockpit-wsinstance-https-factory.service. Ask ildar@ why it is not right.
slev custodia-0.6.0-alt6.noarch subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.
slev dogtag-pki-server-theme-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev freeipa-common-4.8.9-alt1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev freeipa-server-4.8.9-alt1.x86_64 systemd-check-socket-name experimental in freeipa-server-4.8.9-alt1.x86_64: there is a socket ipa-otpd.socket but no service ipa-otpd.service. Ask ildar@ why it is not right.
slev freeipa-server-common-4.8.9-alt1.x86_64 file-in-usr-marked-as-conffile warn Files below /usr may not be marked as conffiles, since
/usr might be mounted read-only and thus, the local system
administrator would not have a chance to modify this configuration
file.
slev ghp-import-0.5.4-alt1.1.noarch sisyphus_check fail sisyphus_check failed: /ALT/Sisyphus/files/noarch/RPMS/ghp-import-0.5.4-alt1.1.noarch.rpm: forbidden requires: /usr/bin/python sisyphus_check: check-deps ERROR: package dependencies violation /ALT/Sisyphus/files/noarch/RPMS/ghp-import-0.5.4-alt1.1.noarch.rpm: license not found in '/usr/share/license' directory: Tumbolia /ALT/Sisyphus/files/noarch/RPMS/ghp-import-0.5.4-alt1.1.noarch.rpm: license not found in '/usr/share/license' directory: Public /ALT/Sisyphus/files/noarch/RPMS/ghp-import-0.5.4-alt1.1.noarch.rpm: license not found in '/usr/share/license' directory: License
slev ghp-import-0.5.4-alt1.1.src altlinux-python-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev ghp-import-0.5.4-alt1.1.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev gssproxy-0.8.3-alt1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.
slev pki-base-java-10.9.4-alt2.x86_64 altlinux-java-forbidden-requires fail The package has JVM-specific Requires: java-1.8.0-openjdk-headless. Those requires are often due to packaging errors and also specifically forbidden by Java Packageing Policy. If you really really need it, write it in more indirect way.
slev pki-base-java-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev pki-ca-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev pki-javadoc-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev pki-kra-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
slev pki-server-10.9.4-alt2.x86_64 unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/pki/acme/sbin/pki-acme-run: $ grep -A5 -B5 /tmp/ /usr/share/pki/acme/sbin/pki-acme-run [ -f /var/lib/tomcats/pki/conf/certs/ca_signing.key ] then echo "INFO: Importing CA Signing Certificate and Key" # generate random password openssl rand -hex 8 > /tmp/password # import PEM cert and key into PKCS #12 file openssl pkcs12 -export \ -in /var/lib/tomcats/pki/conf/certs/ca_signing.crt \ -inkey /var/lib/tomcats/pki/conf/certs/ca_signing.key \ -out /tmp/certs.p12 \ -name ca_signing \ -passout file:/tmp/password # import PKCS #12 file into NSS database pki -d /var/lib/tomcats/pki/conf/alias pkcs12-import \ --pkcs12 /tmp/certs.p12 \ --password-file /tmp/password # trust imported CA signing cert certutil -M -d /var/lib/tomcats/pki/conf/alias -n ca_signing -t CT,C,C rm /tmp/certs.p12 rm /tmp/password fi # import certs.p12 if available if [ -f /var/lib/tomcats/pki/conf/certs/certs.p12 ] then -- echo "INFO: Issuing Self-signed CA Signing Certificate" # generate CA signing CSR pki -d /var/lib/tomcats/pki/conf/alias nss-cert-request \ --subject "CN=CA Signing Certificate" \ --csr /tmp/ca_signing.csr # issue self-signed CA signing cert pki -d /var/lib/tomcats/pki/conf/alias nss-cert-issue \ --csr /tmp/ca_signing.csr \ --ext /usr/share/pki/acme/issuer/nss/ca_signing.conf \ --months-valid 12 \ --cert /tmp/ca_signing.crt # import and trust CA signing cert into NSS database pki -d /var/lib/tomcats/pki/conf/alias nss-cert-import \ --cert /tmp/ca_signing.crt \ --trust CT,C,C \ ca_signing rm /tmp/ca_signing.crt rm /tmp/ca_signing.csr fi echo "INFO: CA Signing Certificate:" certutil -L -d /var/lib/tomcats/pki/conf/alias -n ca_signing -- echo "INFO: Issuing SSL Server Certificate" # generate SSL server CSR pki -d /var/lib/tomcats/pki/conf/alias nss-cert-request \ --subject "CN=$HOSTNAME" \ --csr /tmp/sslserver.csr # issue SSL server cert pki -d /var/lib/tomcats/pki/conf/alias nss-cert-issue \ --issuer ca_signing \ --csr /tmp/sslserver.csr \ --ext /usr/share/pki/acme/issuer/nss/sslserver.conf \ --cert /tmp/sslserver.crt # import SSL server cert into NSS database pki -d /var/lib/tomcats/pki/conf/alias nss-cert-import \ --cert /tmp/sslserver.crt \ sslserver rm /tmp/sslserver.crt rm /tmp/sslserver.csr fi echo "INFO: SSL Server Certificate:" certutil -L -d /var/lib/tomcats/pki/conf/alias -n sslserver
slev python-module-argparse-manpage-1.1-alt1.noarch sisyphus_check fail sisyphus_check failed: /ALT/Sisyphus/files/noarch/RPMS/python-module-argparse-manpage-1.1-alt1.noarch.rpm: forbidden requires: /usr/bin/python sisyphus_check: check-deps ERROR: package dependencies violation /ALT/Sisyphus/files/noarch/RPMS/python-module-argparse-manpage-1.1-alt1.noarch.rpm: license not found in '/usr/share/license' directory: ASL2.0
slev python-module-smmap-2.0.3-alt3.src altlinux-python-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev python-module-smmap-2.0.3-alt3.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev python-module-xxhash-1.4.3-alt1.src altlinux-python-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev python-module-xxhash-1.4.3-alt1.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev python-tools-pep8-1.6.2-alt2.noarch sisyphus_check fail sisyphus_check failed: /ALT/Sisyphus/files/noarch/RPMS/python-tools-pep8-1.6.2-alt2.noarch.rpm: forbidden requires: /usr/bin/python sisyphus_check: check-deps ERROR: package dependencies violation
slev python-tools-pep8-1.6.2-alt2.src altlinux-python-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev python-tools-pep8-1.6.2-alt2.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
slev python3-module-rfc3986-1.4.0-alt1.noarch altlinux-policy-description-has-tags fail Description contains tags such as Provides/Requires/BuildRequires. Beware of errors with %ifs/%endifs!
slev uid_wrapper-1.2.4-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libuid_wrapper.so but just /usr/lib64/libuid_wrapper.so.0.0.6. According to SharedLibs Policy Draft, symlink /usr/lib64/libuid_wrapper.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libuid_wrapper.so to \%files of uid_wrapper-1.2.4-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.
viy jss-4.7.3-alt1.x86_64 altlinux-java-forbidden-requires fail The package has JVM-specific Requires: java-1.8.0-openjdk-headless. Those requires are often due to packaging errors and also specifically forbidden by Java Packageing Policy. If you really really need it, write it in more indirect way.
viy tomcat-9.0.37-alt1.noarch checkbashisms experimental checkbashisms utility found possible bashisms in: /etc/rc.d/init.d/tomcat
zerg kf5-kirigami-5.75.0-alt1.src altlinux-policy-obsolete-buildreq warn Build dependency on rpm-build-ubt is obsolete and should be dropped to get rid of rpm-build-ubt package.

generated by repocop at Sat Oct 31 04:34:21 2020