Repocop reports by srpm

  rpm id test status message
installer-scripts-remount-stage2-0.6.4-alt1.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/install2-remount-functions: $ grep /tmp/ /usr/sbin/install2-remount-functions start_lvm && start_luks && mount_chroot && systemd_tmpfiles_chroot && set_active \ ) >& /tmp/remount.log || return $? } remount_destination() { # remount destdir after alterator-vm # no mount chroot filesystem (/dev, /proc, /sys) start_mdraid && start_lvm && start_luks && mount_destination && set_active \ ) >& /tmp/remount.log || return $? } # avoid automatic rpm shell.req dependency MULTIPATHD=/sbin/multipathd MDADM=/sbin/mdadm LVM=/sbin/lvm CRYPTSETUP=/sbin/cryptsetup CRYPTSETUP_KEY=/tmp/empty PUTFILE=/usr/share/make-initrd/tools/put-file BLKID="blkid -c /dev/null" # alterator-vm should leave LUKS containers # with initial empty password, see #28200 -- # for installer-feature-desktop-other-fs, see also #29005 save_blkid_state() { find /dev/mapper -type l \ | xargs -r $BLKID \ > /tmp/blkid.dm } populate_fstab() { [ ! -f /tmp/fstab ] || cat /tmp/fstab >> "$destdir/etc/fstab" } copy_chroot_binaries() { useputfile= if [ -x "$destdir$PUTFILE" ]; then useputfile='yes' binddir="$(mktemp -d "$destdir/tmp/copy_chroot_binaries.XXXXXXXXX")" workdir="${binddir#$destdir}" mount --bind / "$binddir" else echo "remount: file does not exist or is not available for execution: $destdir$PUTFILE" >&2 fi -- } stop_mdraid() { # saving state is only important *after* evms if [ -f /proc/mdstat -a -x "$MDADM" ]; then "$MDADM" --examine --scan > /tmp/mdadm.conf "$MDADM" -v --stop --scan fi } start_mdraid() { if [ -s /tmp/mdadm.conf -a -x "$MDADM" ]; then # an arbitrary value of the year: packages installed already sysctl -w dev.raid.speed_limit_max=1000000 # chroot's mdadm.conf populated by 45-mdadm.sh "$MDADM" -v --assemble --run --scan --config=/tmp/mdadm.conf ||: fi } start_multipath() { if [ -x "$MULTIPATHD" ]; then -- done fi } mount_destfs() { # depends on /tmp/fstab just like 10-fstab.sh local mpoint="$1" mountpoint -q "$destdir""$mpoint" && return 0 local destfs="$(awk -v mpoint="$mpoint" '{ if ($2==mpoint) print $1 }' < /tmp/fstab)" case "$destfs" in UUID=*) destfs="`$BLKID -U ${destfs#UUID=}`" ;; LABEL=*) -- echo "by ${UUID:+UUID=$UUID}${LABEL:+LABEL=$LABEL}" time $BLKID return 3 fi >&2 mountopts="$(grep "[[:space:]]$mpoint[[:space:]]" /tmp/fstab | awk '{ print $4 }')" mount -v "$destfs" "$destdir$mpoint" -o "$mountopts" || return 3 } mount_chroot() { -- ! mountpoint "$destdir" || return 1 } # mount destdir without make chroot, after umount_destination mount_destination() { [ -s /tmp/fstab ] || return 4 for mpoint in $(awk '{ print $2 }' < /tmp/fstab | grep / | sort); do mount_destfs $mpoint || return $? done } systemd_tmpfiles_chroot() {

generated by repocop at Thu Nov 21 02:24:38 2024