|
rpm id |
test |
status |
message |
|
alterator-deploy-0.1.0-alt1.x86_64 |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/deploy: $ grep /tmp/ /usr/lib/alterator/backend3/deploy ;; esac ;; write) case "${in__objects##*/}" in set) echo "Role: ${in_role:?}" >> /tmp/out echo "Parameter: ${in_parameter:?}" >> /tmp/out echo "Value: ${in_value:?}" >> /tmp/out set_parameter "${in_role:?}" "${in_parameter:?}" "${in_value?}" ;; reset) reset_parameter "${in_role:?}" "${in_parameter:?}" ;; |
|
buildbot-4.2.0-alt1.noarch |
systemd-but-no-native-init |
experimental |
The package have native systemd file(s) but no SysV init scripts. |
|
buildbot-worker-4.2.0-alt1.noarch |
systemd-but-no-native-init |
experimental |
The package have native systemd file(s) but no SysV init scripts. |
|
buildkit-0.18.2-alt1.x86_64 |
systemd-but-no-native-init |
experimental |
The package have native systemd file(s) but no SysV init scripts. |
|
control-sshd-permit-root-login-0.0.1-alt2.noarch |
missing-url |
info |
Missing Url: in a package. |
|
coppwr-1.6.0-alt1.x86_64 |
freedesktop-categories |
warn |
Menu-related Additional Categories (http://standards.freedesktop.org/menu-spec/latest/apa.html) not found in /usr/share/applications/io.github.dimtpap.coppwr.desktop. Please add it or report a bug against this test if you already have registered one (not including menu unrelated ones as Core or Qt). |
|
coppwr-1.6.0-alt1.x86_64 |
freedesktop-desktop |
info |
desktop-file-validate utility printed the following message(s): /usr/share/applications/io.github.dimtpap.coppwr.desktop: hint: value "AudioVideo;System;" for key "Categories" in group "Desktop Entry" contains more than one main category; application might appear more than once in the application menu |
|
docker-registry-2.8.3-alt2.x86_64 |
systemd-but-no-native-init |
experimental |
The package have native systemd file(s) but no SysV init scripts. |
|
gitea-1.22.4-alt1.x86_64 |
systemd-but-no-native-init |
experimental |
The package have native systemd file(s) but no SysV init scripts. |
|
go-task-3.19.1-alt1.x86_64 |
rpm-filesystem-conflict-file-file |
warn |
File /usr/bin/task conflicts with the package task-core-2.5.1-alt4.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. |
|
jsonnet-0.20.0-alt2.x86_64 |
arch-dep-package-has-big-usr-share |
info |
The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere. |
|
vip-manager-1.0.2-alt2.x86_64 |
systemd-but-no-native-init |
experimental |
The package have native systemd file(s) but no SysV init scripts. |
|
zsh-completions-0.35.0-alt1.noarch |
rpm-filesystem-conflict-file-file |
warn |
File /usr/share/zsh/site-functions/_nvm conflicts with the package nvm-0.39.3-alt1.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. |