Repocop reports for by-leader slev

  rpm id test status message
bumper-0.1.13-alt1.noarch rpm-filesystem-conflict-file-file warn File /usr/bin/bump conflicts with the package mesa-demos-8.4.0-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.
cockpit-ws-209-alt1.1.x86_64 systemd-check-socket-name experimental in cockpit-ws-209-alt1.1.x86_64: there is a socket cockpit-wsinstance-https-factory.socket but no service cockpit-wsinstance-https-factory.service. Ask ildar@ why it is not right.
custodia-0.6.0-alt6.noarch subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.
dogtag-pki-server-theme-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
freeipa-common-4.8.9-alt1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
freeipa-server-4.8.9-alt1.x86_64 systemd-check-socket-name experimental in freeipa-server-4.8.9-alt1.x86_64: there is a socket ipa-otpd.socket but no service ipa-otpd.service. Ask ildar@ why it is not right.
freeipa-server-common-4.8.9-alt1.x86_64 file-in-usr-marked-as-conffile warn Files below /usr may not be marked as conffiles, since
/usr might be mounted read-only and thus, the local system
administrator would not have a chance to modify this configuration
file.
ghp-import-0.5.4-alt1.1.noarch sisyphus_check fail sisyphus_check failed: /ALT/Sisyphus/files/noarch/RPMS/ghp-import-0.5.4-alt1.1.noarch.rpm: forbidden requires: /usr/bin/python sisyphus_check: check-deps ERROR: package dependencies violation /ALT/Sisyphus/files/noarch/RPMS/ghp-import-0.5.4-alt1.1.noarch.rpm: license not found in '/usr/share/license' directory: Tumbolia /ALT/Sisyphus/files/noarch/RPMS/ghp-import-0.5.4-alt1.1.noarch.rpm: license not found in '/usr/share/license' directory: Public /ALT/Sisyphus/files/noarch/RPMS/ghp-import-0.5.4-alt1.1.noarch.rpm: license not found in '/usr/share/license' directory: License
ghp-import-0.5.4-alt1.1.src altlinux-python-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
ghp-import-0.5.4-alt1.1.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
gssproxy-0.8.3-alt1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.
pki-base-java-10.9.4-alt2.x86_64 altlinux-java-forbidden-requires fail The package has JVM-specific Requires: java-1.8.0-openjdk-headless. Those requires are often due to packaging errors and also specifically forbidden by Java Packageing Policy. If you really really need it, write it in more indirect way.
pki-base-java-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
pki-ca-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
pki-javadoc-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
pki-kra-10.9.4-alt2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
pki-server-10.9.4-alt2.x86_64 unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/pki/acme/sbin/pki-acme-run: $ grep -A5 -B5 /tmp/ /usr/share/pki/acme/sbin/pki-acme-run [ -f /var/lib/tomcats/pki/conf/certs/ca_signing.key ] then echo "INFO: Importing CA Signing Certificate and Key" # generate random password openssl rand -hex 8 > /tmp/password # import PEM cert and key into PKCS #12 file openssl pkcs12 -export \ -in /var/lib/tomcats/pki/conf/certs/ca_signing.crt \ -inkey /var/lib/tomcats/pki/conf/certs/ca_signing.key \ -out /tmp/certs.p12 \ -name ca_signing \ -passout file:/tmp/password # import PKCS #12 file into NSS database pki -d /var/lib/tomcats/pki/conf/alias pkcs12-import \ --pkcs12 /tmp/certs.p12 \ --password-file /tmp/password # trust imported CA signing cert certutil -M -d /var/lib/tomcats/pki/conf/alias -n ca_signing -t CT,C,C rm /tmp/certs.p12 rm /tmp/password fi # import certs.p12 if available if [ -f /var/lib/tomcats/pki/conf/certs/certs.p12 ] then -- echo "INFO: Issuing Self-signed CA Signing Certificate" # generate CA signing CSR pki -d /var/lib/tomcats/pki/conf/alias nss-cert-request \ --subject "CN=CA Signing Certificate" \ --csr /tmp/ca_signing.csr # issue self-signed CA signing cert pki -d /var/lib/tomcats/pki/conf/alias nss-cert-issue \ --csr /tmp/ca_signing.csr \ --ext /usr/share/pki/acme/issuer/nss/ca_signing.conf \ --months-valid 12 \ --cert /tmp/ca_signing.crt # import and trust CA signing cert into NSS database pki -d /var/lib/tomcats/pki/conf/alias nss-cert-import \ --cert /tmp/ca_signing.crt \ --trust CT,C,C \ ca_signing rm /tmp/ca_signing.crt rm /tmp/ca_signing.csr fi echo "INFO: CA Signing Certificate:" certutil -L -d /var/lib/tomcats/pki/conf/alias -n ca_signing -- echo "INFO: Issuing SSL Server Certificate" # generate SSL server CSR pki -d /var/lib/tomcats/pki/conf/alias nss-cert-request \ --subject "CN=$HOSTNAME" \ --csr /tmp/sslserver.csr # issue SSL server cert pki -d /var/lib/tomcats/pki/conf/alias nss-cert-issue \ --issuer ca_signing \ --csr /tmp/sslserver.csr \ --ext /usr/share/pki/acme/issuer/nss/sslserver.conf \ --cert /tmp/sslserver.crt # import SSL server cert into NSS database pki -d /var/lib/tomcats/pki/conf/alias nss-cert-import \ --cert /tmp/sslserver.crt \ sslserver rm /tmp/sslserver.crt rm /tmp/sslserver.csr fi echo "INFO: SSL Server Certificate:" certutil -L -d /var/lib/tomcats/pki/conf/alias -n sslserver
python-module-argparse-manpage-1.1-alt1.noarch sisyphus_check fail sisyphus_check failed: /ALT/Sisyphus/files/noarch/RPMS/python-module-argparse-manpage-1.1-alt1.noarch.rpm: forbidden requires: /usr/bin/python sisyphus_check: check-deps ERROR: package dependencies violation /ALT/Sisyphus/files/noarch/RPMS/python-module-argparse-manpage-1.1-alt1.noarch.rpm: license not found in '/usr/share/license' directory: ASL2.0
python-module-smmap-2.0.3-alt3.src altlinux-python-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
python-module-smmap-2.0.3-alt3.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
python-module-xxhash-1.4.3-alt1.src altlinux-python-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
python-module-xxhash-1.4.3-alt1.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
python-tools-pep8-1.6.2-alt2.noarch sisyphus_check fail sisyphus_check failed: /ALT/Sisyphus/files/noarch/RPMS/python-tools-pep8-1.6.2-alt2.noarch.rpm: forbidden requires: /usr/bin/python sisyphus_check: check-deps ERROR: package dependencies violation
python-tools-pep8-1.6.2-alt2.src altlinux-python-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
python-tools-pep8-1.6.2-alt2.src specfile-python2-in-spec warn spec file explicitly calls /usr/bin/python. It is deprecated binary. Use /usr/bin/python2.
python3-module-rfc3986-1.4.0-alt1.noarch altlinux-policy-description-has-tags fail Description contains tags such as Provides/Requires/BuildRequires. Beware of errors with %ifs/%endifs!
uid_wrapper-1.2.4-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libuid_wrapper.so but just /usr/lib64/libuid_wrapper.so.0.0.6. According to SharedLibs Policy Draft, symlink /usr/lib64/libuid_wrapper.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libuid_wrapper.so to \%files of uid_wrapper-1.2.4-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.

generated by repocop at Sun Nov 1 04:32:27 2020