@core bootloader-utils-0.5.4-alt1.noarch missing-url info Missing Url: in a package.; @core file-5.45-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; @core rpm-build-4.0.4.198-alt1.x86_64 file-in-usr-marked-as-conffile warn Files below /usr may not be marked as conffiles, since; /usr might be mounted read-only and thus, the local system; administrator would not have a chance to modify this configuration; file.; ; glebfm openssh-9.6p1-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; glebfm openssh-server-9.6p1-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/sshd: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; obirvalger kcptun-20230811-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. shaba dracut-060-alt0.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. shaba dracut-060-alt0.1.x86_64 unsafe-tmp-usage-in-scripts fail 0755 shaba dracut-live-060-alt0.1.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh # live updates updates=$(getarg live.updates=) if [ "$updates" ]; then # make sure network comes up even if we're doing a local live device if [ "$netroot" ]; then echo > /tmp/net.ifaces fi echo "$updates" > /tmp/liveupdates.info echo '[ /tmp/liveupdates.done ]' > "$hookdir"/initqueue/finished/liveupdates.sh fi str_starts "$root" "live:" && liveurl="$root" str_starts "$liveurl" "live:" || return liveurl="${liveurl#live:}" Found error in /usr/lib/dracut/modules.d/90livenet/livenetroot.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/90livenet/livenetroot.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin RETRIES=${RETRIES:-100} SLEEP=${SLEEP:-5} [ /tmp/livenet.downloaded ] && exit 0 # args get passed from 40network/netroot netroot="$2" liveurl="${netroot#livenet:}" info "fetching $liveurl" sleep "$SLEEP" fi i=$((i + 1)) done > /tmp/livenet.downloaded # TODO: couldn't dmsquash-live-root handle this? if [ "${imgfile##*.}" = "iso" ]; then root=$(losetup -f) losetup "$root" "$imgfile" Found error in /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh #!/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/create-overlay.$$.out exec 2>> /tmp/create-overlay.$$.out set -x fi gatherData() { overlay=$(getarg rd.live.overlay) Found error in /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh do_iso_scan() { local _name local dev for dev in /dev/disk/by-uuid/*; do _name=$(dev_unit_name "$dev") [ -e /tmp/isoscan-"${_name}" ] && continue : > /tmp/isoscan-"${_name}" mount -t auto -o ro "$dev" "/run/initramfs/isoscan" || continue if [ -f "/run/initramfs/isoscan/$isofile" ]; then losetup -f "/run/initramfs/isoscan/$isofile" udevadm trigger --action=add > /dev/null 2>&1 ln -s "$dev" /run/initramfs/isoscandev Found error in /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh command -v unpack_archive > /dev/null || . /lib/img-lib.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/liveroot.$$.out exec 2>> /tmp/liveroot.$$.out set -x fi [ -z "$1" ] && exit 1 livedev="$1"; shaba dracut-network-manager-060-alt0.1.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/35network-manager/nm-run.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/35network-manager/nm-run.sh for _i in /sys/class/net/*; do [ "$_i" ] || continue state="/run/NetworkManager/devices/$(cat "$_i"/ifindex)" grep '^connection-uuid=' "$state" 2> /dev/null || continue ifname="${_i##*/}" dhcpopts_create "$state" > /tmp/dhclient."$ifname".dhcpopts source_hook initqueue/online "$ifname" /sbin/netroot "$ifname" done : > /tmp/nm.done; shaba qemu-common-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn Files /usr/libexec/qemu-bridge-helper /usr/libexec/virtfs-proxy-helper /usr/share/man/man1/qemu.1.xz conflict with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; shaba qemu-device-display-vhost-user-gpu-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/libexec/vhost-user-gpu conflicts with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; shaba qemu-img-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn Files /usr/bin/qemu-storage-daemon /usr/share/man/man7/qemu-storage-daemon-qmp-ref.7.xz conflict with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; shaba qemu-pr-helper-8.2.1-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. shaba qemu-system-aarch64-core-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/qemu-system-aarch64 conflicts with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; shaba qemu-system-hppa-core-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/share/qemu/hppa-firmware.img conflicts with the package pve-qemu-common-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; shaba qemu-system-ppc-core-8.2.1-alt2.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; shaba qemu-system-x86-core-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/qemu-system-x86_64 conflicts with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; shaba qemu-tools-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/share/qemu/trace-events-all conflicts with the package pve-qemu-common-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; shrek tuned-2.22.1-alt1.noarch init-lsb warn /etc/rc.d/init.d/tuned: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; vseleznv lkrg-common-0.9.7-alt1.noarch init-lsb warn /etc/rc.d/init.d/lkrg: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; vt burp-2.5.4-alt4.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; vt cbmc-5.95.1-alt2.x86_64 bin-permissions info not executable file /usr/bin/ls_parse.py; vt certspotter-0.18.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vt cpufrequtils-008-alt4.x86_64 rpm-package-is-obsoleted warn The package is obsoleted by the package cpupower-6.8-alt2.x86_64, but is still alive and in the repository. Consider removing the package, or, if you want the package to be alive, ask the maintainer of cpupower-6.8-alt2.x86_64 to remove Obsoletes: tag.; vt cpupower-6.8-alt2.x86_64 rpm-obsolete-live-package info The package obsoletes the package cpufrequtils-008-alt4.x86_64, but the package cpufrequtils-008-alt4.x86_64 is still alive and in the repository. Ask its maintainer to remove it, or, if it should not be removed, remove the Obsoletes: tag. Do not forget to add explicit conflicts with the other package if nessessary.; vt dm-secdel-1.0.9-alt3.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vt etckeeper-1.18.21-alt2.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vt findsym-1.2-alt2.noarch missing-url info Missing Url: in a package.; vt fio-3.37-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; vt girar-summary-1.9-alt1.x86_64 missing-url info Missing Url: in a package.; vt girar-summary-debuginfo-1.9-alt1.x86_64 missing-url info Missing Url: in a package.; vt kdump-tools-1.8-alt4.x86_64 init-condrestart warn warning: found files in /etc/init.d/; better to use %_initdir=/etc/rc.d/init.d/etc/init.d/kdump-tools: missing condrestart target. Note: alt-specific script %_sbindir/post_service (used in %post_service macro) depends on condrestart. It is wise to add condrestart anyway./etc/init.d/kdump-tools: missing condstop target. Note: alt-specific script %_sbindir/preun_service (used in %preun_service macro) depends on condstop. It is wise to add condstop anyway.; vt kdump-tools-1.8-alt4.x86_64 missing-url info Missing Url: in a package.; vt kdump-tools-1.8-alt4.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vt kdump-tools-checkinstall-1.8-alt4.x86_64 missing-url info Missing Url: in a package.; vt kernel-modules-dm-secdel-std-def-1.0.9-alt1.393555.1.src unmet-dependency-build-no-suitable-version fail build dependency kernel-image-std-def has no suitable version.; vt kernel-qemu-requirer-un-def-aarch64-2-alt1.noarch missing-url info Missing Url: in a package.; vt kernel-qemu-requirer-un-def-armh-2-alt1.noarch missing-url info Missing Url: in a package.; vt kernel-qemu-requirer-un-def-i586-2-alt1.noarch missing-url info Missing Url: in a package.; vt kernel-qemu-requirer-un-def-ppc64le-2-alt1.noarch missing-url info Missing Url: in a package.; vt kernel-qemu-requirer-un-def-x86_64-2-alt1.noarch missing-url info Missing Url: in a package.; vt kernelshark-2.3.1-alt1.x86_64 freedesktop-categories warn Menu-related Additional Categories (http://standards.freedesktop.org/menu-spec/latest/apa.html) not found in /usr/share/applications/kernelshark.desktop. Please add it or report a bug against this test if you already have registered one (not including menu unrelated ones as Core or Qt).; vt libtracefs-doc-1.8.0-alt1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; vt linux-tools-host-6.8-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vt llama.cpp-20240225-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vt neomutt-20240323-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; vt neomutt-20240323-alt1.x86_64 iconsdir experimental Please, move pixmaps from /usr/share/pixmaps to %_liconsdir, %_niconsdir, %_miconsdir according to their size. See http://www.altlinux.org/IconPathsPolicy.; vt netperf-2.7.0-alt2.x86_64 init-lsb warn /etc/rc.d/init.d/netserver: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; vt openquantumsafe-openssh-8.9p1.202310-alt2.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; vt openquantumsafe-openssh-server-8.9p1.202310-alt2.x86_64 init-lsb warn /etc/rc.d/init.d/sshd: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; vt qa-qemu-vmlinuz-2-alt1.noarch missing-url info Missing Url: in a package.; vt qemu-common-checkinstall-3-alt1.noarch missing-url info Missing Url: in a package.; vt qemu-system-aarch64-core-bundle-1-alt1.noarch missing-url info Missing Url: in a package.; vt rclone-1.65.2-alt1.1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; vt rosenpass-0.2.1-alt1.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/rp conflicts with the package RTags-2.41-alt3.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; vt rpm-build-vm-checkinstall-1.65-alt3.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/vm-run.ci/checkinstall: $ grep /tmp/ /usr/lib/vm-run.ci/checkinstall # Bringing up secondary CPUs" message. ls /dev/kvm set | grep ^LD_ # Simulate filetrigger run find /boot > /tmp/filelist /usr/lib/rpm/posttrans-filetriggers /tmp/filelist rm /tmp/filelist # Remove trigger so it does not re-create '/tmp/vm-ext4.img'. > /usr/lib/rpm/z-vm-createimage.filetrigger kvm-ok timeout 300 vm-run <<-'EOF' uname ! timeout --preserve-status 300 vm-run "true; false; true" || exit 1 timeout 300 vm-run --mem=max free -g timeout 300 vm-run --cpu=max lscpu df -h /tmp timeout 300 vm-run --tmp=max df -h /tmp rm /tmp/vm-tmpfs.qcow2 timeout 300 vm-run --verbose --overlay=ext4 uname -a rmdir /mnt/0 rm /usr/src/ext4.0.img timeout 300 vm-run --rootfs --verbose df rm /tmp/vm-ext4.img timeout 300 vm-run --hvc --no-quiet 'dmesg -r | grep Unknown' timeout 300 vm-run --tcg --mem='' --cpu=1 cat /proc/cpuinfo # Clean up without '-f' ensures these files existed. rm /tmp/initramfs-*un-def-alt*.img # SCRIPT and exit code files form each vm-run invocation. Each SCRIPT file # should correspond to '.ret' file. find /tmp/vm.?????????? -maxdepth 0 | xargs -t -i -n1 rm {} {}.ret; vt rpm-pesign-checkinstall-3-alt1.x86_64 missing-url info Missing Url: in a package.; vt rtcheck-0.7.7-alt3.x86_64 init-condrestart fail /etc/rc.d/init.d/rtcheck: missing condrestart target. ERROR: alt-specific script %_sbindir/post_service (used in your %post_service macro) depends on condrestart. Please, fix./etc/rc.d/init.d/rtcheck: missing condstop target. ERROR: alt-specific script %_sbindir/preun_service (used in your %preun_service macro) depends on condstop. Please, fix.; vt rtcheck-0.7.7-alt3.x86_64 missing-url info Missing Url: in a package.; vt rtcheck-debuginfo-0.7.7-alt3.x86_64 missing-url info Missing Url: in a package.; vt shadowsocks-libev-3.3.5-alt4.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vt shadowsocks-rust-1.18.2-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vt sparse-0.6.4-alt2.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; vt stalld-1.17.2-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vt webhook-2.8.1-alt2.1.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/webhook conflicts with the package cert-manager-1.11.0-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; vt webhook-2.8.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts.