NetworkManager-openconnect-1.2.10-alt2.x86_64 file-in-usr-marked-as-conffile warn Files below /usr may not be marked as conffiles, since; /usr might be mounted read-only and thus, the local system; administrator would not have a chance to modify this configuration; file.; ; NetworkManager-sstp-1.3.1-alt2.git.f4395810.x86_64 file-in-usr-marked-as-conffile warn Files below /usr may not be marked as conffiles, since; /usr might be mounted read-only and thus, the local system; administrator would not have a chance to modify this configuration; file.; ; acmed-0.22.1-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. agola-0.5.0-alt3.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; agola-0.5.0-alt3.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. arrow-glib-doc-12.0.0-alt2.2.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; branding-alt-server-10.2-alt3.src requires-ImageMagick info Dependency on ImageMagick (compat package) found. It probably should be replaced with more specific dependency like /usr/bin/convert or ImageMagick-tools, or it can be already autodetected by findreq-shell.; branding-alt-server-notes-10.2-alt3.noarch file-in-usr-marked-as-conffile warn Files below /usr may not be marked as conffiles, since; /usr might be mounted read-only and thus, the local system; administrator would not have a chance to modify this configuration; file.; ; branding-alt-server-v-10.2-alt1.src requires-ImageMagick info Dependency on ImageMagick (compat package) found. It probably should be replaced with more specific dependency like /usr/bin/convert or ImageMagick-tools, or it can be already autodetected by findreq-shell.; branding-alt-server-v-notes-10.2-alt1.noarch file-in-usr-marked-as-conffile warn Files below /usr may not be marked as conffiles, since; /usr might be mounted read-only and thus, the local system; administrator would not have a chance to modify this configuration; file.; ; caddy-2.7.6-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-base-18.2.1-alt2.1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libosd_tp.so but just /usr/lib64/libosd_tp.so.1.0.0. According to SharedLibs Policy Draft, symlink /usr/lib64/libosd_tp.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libosd_tp.so to \%files of ceph-base-18.2.1-alt2.1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; ceph-base-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-common-18.2.1-alt2.1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; ceph-common-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-fuse-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-immutable-object-cache-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-mds-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-mgr-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-mgr-cephadm-18.2.1-alt2.1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; ceph-mgr-dashboard-18.2.1-alt2.1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; ceph-mgr-diskprediction-local-18.2.1-alt2.1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; ceph-mgr-modules-core-18.2.1-alt2.1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; ceph-mgr-rook-18.2.1-alt2.1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; ceph-mon-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-osd-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-radosgw-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ceph-volume-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. cephfs-mirror-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. cert-manager-1.11.0-alt1.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/webhook conflicts with the package webhook-2.8.1-alt2.1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; cloud-init-24.1.1-alt1.noarch big-changelog info Package contains big ChangeLog. Gzip it.; cloud-init-24.1.1-alt1.noarch init-condrestart fail /etc/rc.d/init.d/cloud-config: missing condstop target. ERROR: alt-specific script %_sbindir/preun_service (used in your %preun_service macro) depends on condstop. Please, fix./etc/rc.d/init.d/cloud-final: missing condstop target. ERROR: alt-specific script %_sbindir/preun_service (used in your %preun_service macro) depends on condstop. Please, fix./etc/rc.d/init.d/cloud-init: missing condstop target. ERROR: alt-specific script %_sbindir/preun_service (used in your %preun_service macro) depends on condstop. Please, fix./etc/rc.d/init.d/cloud-init-local: missing condstop target. ERROR: alt-specific script %_sbindir/preun_service (used in your %preun_service macro) depends on condstop. Please, fix.; cni-plugins-1.4.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. connman-1.42-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/connmand: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; containers-common-3-alt1.noarch missing-url info Missing Url: in a package.; containers-common-extra-3-alt1.noarch missing-url info Missing Url: in a package.; cri-o1.22-1.22.5-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. cri-o1.23-1.23.5-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. cri-o1.24-1.24.6-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. cri-o1.25-1.25.5-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. cri-o1.26-1.26.4-alt3.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. cri-o1.27-1.27.4-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. cri-o1.28-1.28.4-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. dapl-utils-2.1.10-alt1.x86_64 uncompressed-manpages info Package contains uncompressed manual pages.; dmeventd-1.02.196-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. dracut-060-alt0.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. dracut-060-alt0.1.x86_64 unsafe-tmp-usage-in-scripts fail 0755 dracut-live-060-alt0.1.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh # live updates updates=$(getarg live.updates=) if [ "$updates" ]; then # make sure network comes up even if we're doing a local live device if [ "$netroot" ]; then echo > /tmp/net.ifaces fi echo "$updates" > /tmp/liveupdates.info echo '[ /tmp/liveupdates.done ]' > "$hookdir"/initqueue/finished/liveupdates.sh fi str_starts "$root" "live:" && liveurl="$root" str_starts "$liveurl" "live:" || return liveurl="${liveurl#live:}" Found error in /usr/lib/dracut/modules.d/90livenet/livenetroot.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/90livenet/livenetroot.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin RETRIES=${RETRIES:-100} SLEEP=${SLEEP:-5} [ /tmp/livenet.downloaded ] && exit 0 # args get passed from 40network/netroot netroot="$2" liveurl="${netroot#livenet:}" info "fetching $liveurl" sleep "$SLEEP" fi i=$((i + 1)) done > /tmp/livenet.downloaded # TODO: couldn't dmsquash-live-root handle this? if [ "${imgfile##*.}" = "iso" ]; then root=$(losetup -f) losetup "$root" "$imgfile" Found error in /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh #!/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/create-overlay.$$.out exec 2>> /tmp/create-overlay.$$.out set -x fi gatherData() { overlay=$(getarg rd.live.overlay) Found error in /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh do_iso_scan() { local _name local dev for dev in /dev/disk/by-uuid/*; do _name=$(dev_unit_name "$dev") [ -e /tmp/isoscan-"${_name}" ] && continue : > /tmp/isoscan-"${_name}" mount -t auto -o ro "$dev" "/run/initramfs/isoscan" || continue if [ -f "/run/initramfs/isoscan/$isofile" ]; then losetup -f "/run/initramfs/isoscan/$isofile" udevadm trigger --action=add > /dev/null 2>&1 ln -s "$dev" /run/initramfs/isoscandev Found error in /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh command -v unpack_archive > /dev/null || . /lib/img-lib.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/liveroot.$$.out exec 2>> /tmp/liveroot.$$.out set -x fi [ -z "$1" ] && exit 1 livedev="$1"; dracut-network-manager-060-alt0.1.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/35network-manager/nm-run.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/35network-manager/nm-run.sh for _i in /sys/class/net/*; do [ "$_i" ] || continue state="/run/NetworkManager/devices/$(cat "$_i"/ifindex)" grep '^connection-uuid=' "$state" 2> /dev/null || continue ifname="${_i##*/}" dhcpopts_create "$state" > /tmp/dhclient."$ifname".dhcpopts source_hook initqueue/online "$ifname" /sbin/netroot "$ifname" done : > /tmp/nm.done; driverctl-0.111-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. etcd-3.5.12-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; etcd-3.5.12-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. fapolicyd-1.3.2-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. fcoe-utils-1.0.34-alt3.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. fcoe-utils-1.0.34-alt3.x86_64 systemd-check-socket-name experimental in fcoe-utils-1.0.34-alt3.x86_64: there is a socket fcoemon.socket but no service fcoemon.service. Ask ildar@ why it is not right.; fish-3.7.0-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; fish-3.7.0-alt1.x86_64 freedesktop-categories warn Menu-related Additional Categories (http://standards.freedesktop.org/menu-spec/latest/apa.html) not found in /usr/share/applications/fish.desktop. Please add it or report a bug against this test if you already have registered one (not including menu unrelated ones as Core or Qt).; fish-3.7.0-alt1.x86_64 iconsdir experimental Please, move pixmaps from /usr/share/pixmaps to %_liconsdir, %_niconsdir, %_miconsdir according to their size. See http://www.altlinux.org/IconPathsPolicy.; fish-3.7.0-alt1.x86_64 rpm-filesystem-conflict-file-file warn File /usr/share/fish/completions/yadm.fish conflicts with the package yadm-3.2.2-alt1.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; flannel-0.24.2-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. freeradius-3.2.3-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; freeradius-3.2.3-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; freeradius-3.2.3-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/radiusd: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; freeradius-3.2.3-alt1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.; frr-9.0.2-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; frr-9.0.2-alt1.x86_64 init-condrestart fail /etc/rc.d/init.d/frr: missing condstop target. ERROR: alt-specific script %_sbindir/preun_service (used in your %preun_service macro) depends on condstop. Please, fix.; fwbuilder-6.0.0-alt2.beta.106.a5e1.x86_64 big-changelog info Package contains big ChangeLog. Gzip it.; fwbuilder-6.0.0-alt2.beta.106.a5e1.x86_64 freedesktop-desktop info desktop-file-validate utility printed the following message(s): /usr/share/applications/fwbuilder.desktop: hint: value "System;Settings;Security;Qt;" for key "Categories" in group "Desktop Entry" contains more than one main category; application might appear more than once in the application menu; gdm-data-46.0-alt1.noarch file-in-usr-marked-as-conffile warn Files below /usr may not be marked as conffiles, since; /usr might be mounted read-only and thus, the local system; administrator would not have a chance to modify this configuration; file.; ; gdm-libs-46.0-alt1.x86_64 library-pkgnames info package contains public library which is used in external packages: name should be lib* according to http://altlinux.org/Drafts/SharedLibs; gerbera-2.0.0-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; gerbera-2.0.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. gitea-act-0.2.8-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. gitea-tea-0.9.2-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/tea conflicts with the package tea-62.0.2-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; gnome-boxes-46.0-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; gnome-boxes-46.0-alt1.x86_64 freedesktop-desktop info desktop-file-validate utility printed the following message(s): /usr/share/applications/org.gnome.Boxes.desktop: hint: value "GNOME;GTK;System;Development;Emulator;" for key "Categories" in group "Desktop Entry" contains more than one main category; application might appear more than once in the application menu; golang-src-1.22.1-alt1.noarch rpm-filesystem-conflict-file-file warn File /usr/lib/golang/src/runtime/runtime-gdb.py conflicts with the package golang1.16-gdb-1.16.15-alt3.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; golang1.16-gdb-1.16.15-alt3.noarch rpm-filesystem-conflict-file-file warn File /usr/lib/golang/src/runtime/runtime-gdb.py conflicts with the package golang-src-1.22.1-alt1.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; grafana-10.2.2-alt1.1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; guacd-1.5.4-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. guestfs-data-0.6-alt3.x86_64 missing-url info Missing Url: in a package.; hivex-1.3.23-alt3.x86_64 library-pkgnames info package contains public library which is used in external packages: name should be lib* according to http://altlinux.org/Drafts/SharedLibs; ignition-2.16.2-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. influxdb-1.8.10-alt1.1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.; installer-distro-alt-server-v-stage2-10.1.0-alt2.noarch rpm-filesystem-conflict-file-file warn There are file conflicts with the package installer-distro-token-desktop-stage2-0.1.1-alt5.noarch, for example, /usr/share/install2/alterator-menu/module-expert-list (4 file conflicts in total). Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; onflicts are avoidable, consider using alternatives.; rnatives.; kapacitor-1.5.9-alt1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.; kea-2.4.1-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kea-doc-2.4.1-alt1.noarch big-changelog info Package contains big ChangeLog. Gzip it.; kmscon-9.0.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. knot-3.3.4-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. knot-resolver-manager-6.0.5-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.22-kubelet-1.22.17-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.22-master-1.22.17-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.22-node-1.22.17-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.23-kubelet-1.23.17-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.23-master-1.23.17-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.23-node-1.23.17-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.24-kubelet-1.24.17-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.24-master-1.24.17-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.24-node-1.24.17-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.25-kubelet-1.25.16-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.25-master-1.25.16-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.25-node-1.25.16-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.26-kubelet-1.26.14-alt1.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.26-master-1.26.14-alt1.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.26-node-1.26.14-alt1.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.27-kubelet-1.27.12-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.27-master-1.27.12-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.27-node-1.27.12-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.28-kubelet-1.28.8-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.28-master-1.28.8-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. kubernetes1.28-node-1.28.8-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libdapl-2.1.10-alt1.x86_64 big-changelog info Package contains big ChangeLog. Gzip it.; libdevmapper-event-1.02.196-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libdevmapper-event-lvm2.so but just /usr/lib64/libdevmapper-event-lvm2.so.2.03. According to SharedLibs Policy Draft, symlink /usr/lib64/libdevmapper-event-lvm2.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libdevmapper-event-lvm2.so to \%files of libdevmapper-event-1.02.196-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; liberasurecode-doc-1.6.3-alt1.x86_64 arch-dep-package-consists-of-usr-share info The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; libgadu-devel-1.12.2-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; libgmime2.6-2.6.23-alt3.x86_64 big-changelog info Package contains big ChangeLog. Gzip it.; libguac-client-kubernetes-1.5.4-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libguac-client-kubernetes.so but just /usr/lib64/libguac-client-kubernetes.so.0.0.0. According to SharedLibs Policy Draft, symlink /usr/lib64/libguac-client-kubernetes.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libguac-client-kubernetes.so to \%files of libguac-client-kubernetes-1.5.4-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; libguac-client-rdp-1.5.4-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libguac-client-rdp.so but just /usr/lib64/libguac-client-rdp.so.0.0.0. According to SharedLibs Policy Draft, symlink /usr/lib64/libguac-client-rdp.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libguac-client-rdp.so to \%files of libguac-client-rdp-1.5.4-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; libguac-client-ssh-1.5.4-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libguac-client-ssh.so but just /usr/lib64/libguac-client-ssh.so.0.0.0. According to SharedLibs Policy Draft, symlink /usr/lib64/libguac-client-ssh.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libguac-client-ssh.so to \%files of libguac-client-ssh-1.5.4-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; libguac-client-telnet-1.5.4-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libguac-client-telnet.so but just /usr/lib64/libguac-client-telnet.so.0.0.0. According to SharedLibs Policy Draft, symlink /usr/lib64/libguac-client-telnet.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libguac-client-telnet.so to \%files of libguac-client-telnet-1.5.4-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; libguac-client-vnc-1.5.4-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libguac-client-vnc.so but just /usr/lib64/libguac-client-vnc.so.0.0.0. According to SharedLibs Policy Draft, symlink /usr/lib64/libguac-client-vnc.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libguac-client-vnc.so to \%files of libguac-client-vnc-1.5.4-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; libguac-devel-1.5.4-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; libpcsclite-2.0.3-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libpcsclite.so but just /usr/lib64/libpcsclite.so.1.0.0. According to SharedLibs Policy Draft, symlink /usr/lib64/libpcsclite.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libpcsclite.so to \%files of libpcsclite-2.0.3-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; libpcsclite-devel-2.0.3-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libpcscspy.so but just /usr/lib64/libpcscspy.so.0.0.0. According to SharedLibs Policy Draft, symlink /usr/lib64/libpcscspy.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libpcscspy.so to \%files of libpcsclite-devel-2.0.3-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; libproxy-tools-0.5.3-alt1.2.x86_64 rpm-filesystem-conflict-file-file warn Files /usr/bin/proxy /usr/share/man/man8/proxy.8.xz conflict with the package 3proxy-0.6.1-alt2.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; libsmi-0.5.0-alt2.x86_64 big-changelog info Package contains big ChangeLog. Gzip it.; libvcmmd-7.0.23-alt1.x86_64 missing-url info Missing Url: in a package.; libvcmmd-debuginfo-7.0.23-alt1.x86_64 missing-url info Missing Url: in a package.; libvcmmd-devel-7.0.23-alt1.x86_64 missing-url info Missing Url: in a package.; libvirt-daemon-9.8.0-alt5.x86_64 init-condrestart fail /etc/rc.d/init.d/libvirt-guests: missing condrestart target. ERROR: alt-specific script %_sbindir/post_service (used in your %post_service macro) depends on condrestart. Please, fix./etc/rc.d/init.d/libvirt-guests: missing condstop target. ERROR: alt-specific script %_sbindir/preun_service (used in your %preun_service macro) depends on condstop. Please, fix.; libvirt-daemon-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket libvirtd-admin.socket but no service libvirtd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket libvirtd-ro.socket but no service libvirtd-ro.service. Ask ildar@ why it is not right.; in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket libvirtd-tcp.socket but no service libvirtd-tcp.service. Ask ildar@ why it is not right.; in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket libvirtd-tls.socket but no service libvirtd-tls.service. Ask ildar@ why it is not right.; in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket virtlockd-admin.socket but no service virtlockd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket virtlogd-admin.socket but no service virtlogd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket virtproxyd-admin.socket but no service virtproxyd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket virtproxyd-ro.socket but no service virtproxyd-ro.service. Ask ildar@ why it is not right.; in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket virtproxyd-tcp.socket but no service virtproxyd-tcp.service. Ask ildar@ why it is not right.; in libvirt-daemon-9.8.0-alt5.x86_64: there is a socket virtproxyd-tls.socket but no service virtproxyd-tls.service. Ask ildar@ why it is not right.; libvirt-daemon-driver-interface-9.8.0-alt5.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libvirt-daemon-driver-interface-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-driver-interface-9.8.0-alt5.x86_64: there is a socket virtinterfaced-admin.socket but no service virtinterfaced-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-driver-interface-9.8.0-alt5.x86_64: there is a socket virtinterfaced-ro.socket but no service virtinterfaced-ro.service. Ask ildar@ why it is not right.; libvirt-daemon-driver-lxc-9.8.0-alt5.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libvirt-daemon-driver-lxc-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-driver-lxc-9.8.0-alt5.x86_64: there is a socket virtlxcd-admin.socket but no service virtlxcd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-driver-lxc-9.8.0-alt5.x86_64: there is a socket virtlxcd-ro.socket but no service virtlxcd-ro.service. Ask ildar@ why it is not right.; libvirt-daemon-driver-network-9.8.0-alt5.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libvirt-daemon-driver-network-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-driver-network-9.8.0-alt5.x86_64: there is a socket virtnetworkd-admin.socket but no service virtnetworkd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-driver-network-9.8.0-alt5.x86_64: there is a socket virtnetworkd-ro.socket but no service virtnetworkd-ro.service. Ask ildar@ why it is not right.; libvirt-daemon-driver-nodedev-9.8.0-alt5.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libvirt-daemon-driver-nodedev-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-driver-nodedev-9.8.0-alt5.x86_64: there is a socket virtnodedevd-admin.socket but no service virtnodedevd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-driver-nodedev-9.8.0-alt5.x86_64: there is a socket virtnodedevd-ro.socket but no service virtnodedevd-ro.service. Ask ildar@ why it is not right.; libvirt-daemon-driver-nwfilter-9.8.0-alt5.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libvirt-daemon-driver-nwfilter-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-driver-nwfilter-9.8.0-alt5.x86_64: there is a socket virtnwfilterd-admin.socket but no service virtnwfilterd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-driver-nwfilter-9.8.0-alt5.x86_64: there is a socket virtnwfilterd-ro.socket but no service virtnwfilterd-ro.service. Ask ildar@ why it is not right.; libvirt-daemon-driver-qemu-9.8.0-alt5.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libvirt-daemon-driver-qemu-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-driver-qemu-9.8.0-alt5.x86_64: there is a socket virtqemud-admin.socket but no service virtqemud-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-driver-qemu-9.8.0-alt5.x86_64: there is a socket virtqemud-ro.socket but no service virtqemud-ro.service. Ask ildar@ why it is not right.; libvirt-daemon-driver-secret-9.8.0-alt5.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libvirt-daemon-driver-secret-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-driver-secret-9.8.0-alt5.x86_64: there is a socket virtsecretd-admin.socket but no service virtsecretd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-driver-secret-9.8.0-alt5.x86_64: there is a socket virtsecretd-ro.socket but no service virtsecretd-ro.service. Ask ildar@ why it is not right.; libvirt-daemon-driver-storage-core-9.8.0-alt5.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libvirt-daemon-driver-storage-core-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-driver-storage-core-9.8.0-alt5.x86_64: there is a socket virtstoraged-admin.socket but no service virtstoraged-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-driver-storage-core-9.8.0-alt5.x86_64: there is a socket virtstoraged-ro.socket but no service virtstoraged-ro.service. Ask ildar@ why it is not right.; libvirt-daemon-driver-vbox-9.8.0-alt5.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. libvirt-daemon-driver-vbox-9.8.0-alt5.x86_64 systemd-check-socket-name experimental in libvirt-daemon-driver-vbox-9.8.0-alt5.x86_64: there is a socket virtvboxd-admin.socket but no service virtvboxd-admin.service. Ask ildar@ why it is not right.; in libvirt-daemon-driver-vbox-9.8.0-alt5.x86_64: there is a socket virtvboxd-ro.socket but no service virtvboxd-ro.service. Ask ildar@ why it is not right.; libvirt-libs-9.8.0-alt5.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; linstor-controller-1.26.2-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. linstor-satellite-1.26.2-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. lldpad-1.1-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. loki-2.9.5-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. lvm2-cmirrord-2.03.22-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. lvm2-lockd-2.03.22-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. lxc-templates-5.0.3-alt1.noarch rpm-filesystem-conflict-file-file warn File /usr/share/lxc/templates/lxc-oci conflicts with the package pve-lxc-5.0.2-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; mariadb-10.11.7-alt2.1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; mariadb-client-10.11.7-alt2.1.x86_64 rpm-filesystem-conflict-file-file warn File /usr/share/man/man8/mysqld.8.xz conflicts with the package MySQL-server-8.0.36-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; mariadb-client-debuginfo-10.11.7-alt2.1.x86_64 rpm-filesystem-conflict-symlink-file warn symlink /usr/lib/debug/usr/bin/mysqltest.debug is a file in the package MySQL-client-debuginfo-8.0.36-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; .; ives.; mariadb-rocksdb-engine-10.11.7-alt2.1.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/sst_dump conflicts with the package rocksdb-tools-7.9.3-alt1.2.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; mariadb-server-debuginfo-10.11.7-alt2.1.x86_64 rpm-filesystem-conflict-symlink-file warn symlink /usr/lib/debug/usr/sbin/mysqld.debug is a file in the package MySQL-server-debuginfo-8.0.36-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; ives.; ives.; mariadb-server-galera-10.11.7-alt2.1.x86_64 bin-permissions info not executable file /usr/bin/wsrep_sst_common; mariadb-server-galera-10.11.7-alt2.1.x86_64 systemd-check-socket-name experimental in mariadb-server-galera-10.11.7-alt2.1.x86_64: there is a socket mariadbcheck.socket but no service mariadbcheck.service. Ask ildar@ why it is not right.; mdadm-4.2-alt5.x86_64 init-lsb warn /etc/rc.d/init.d/mdadm: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; memcached-1.6.23-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; minio-2024.02.26-alt1.src specfile-useradd-n warn -n in useradd is compat option and can be removed any time. Use -N instead.; minio-2024.02.26-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. mstflint-4.26.0-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; multipath-tools-0.9.8-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/multipathd: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; net-snmp-common-5.9.4-alt1.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/net-snmp-common-5.9.4/passtest: $ grep /tmp/ /usr/share/doc/net-snmp-common-5.9.4/passtest # Process SET requests by simply logging the assigned value # Note that such "assignments" are not persistent, # nor is the syntax or requested value validated # if [ "$1" = "-s" ]; then echo $* >> /tmp/passtest.log exit 0 fi # # GETNEXT requests - determine next valid instance; netavark-1.10.3-alt1.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. nfs-ganesha-5.7-alt1.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libganesha_nfsd.so but just /usr/lib64/libganesha_nfsd.so.5.7. According to SharedLibs Policy Draft, symlink /usr/lib64/libganesha_nfsd.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libganesha_nfsd.so to \%files of nfs-ganesha-5.7-alt1.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; nfs-ganesha-5.7-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. nmstate-2.1.4-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. open-iscsi-iscsiuio-2.1.9-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. open-vm-tools-12.4.0-alt1.x86_64 big-changelog info Package contains big ChangeLog. Gzip it.; open-vm-tools-12.4.0-alt1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.; opennebula-context-6.6.1-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. opennebula-fireedge-6.6.1.1-alt2.x86_64 macos-ds-store-file-in-package warn There is a file in the package named .DS_Store or .DS_Store.gz, the file name used by Mac OS X to store folder attributes. Such files are generally useless in packages and were usually accidentally included by copying complete directories from the source tarball.; ; opennebula-fireedge-6.6.1.1-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. opennebula-flow-6.6.1.1-alt2.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. opennebula-gate-6.6.1.1-alt2.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. opennebula-node-firecracker-6.6.1.1-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. opennebula-node-kvm-6.6.1.1-alt2.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. opennebula-node-lxc-6.6.1.1-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. opennebula-server-6.6.1.1-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. opennebula-server-6.6.1.1-alt2.x86_64 unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/one.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/one.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/az.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/az.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE }; opennebula-sunstone-6.6.1.1-alt2.noarch macos-ds-store-file-in-package warn There is a file in the package named .DS_Store or .DS_Store.gz, the file name used by Mac OS X to store folder attributes. Such files are generally useless in packages and were usually accidentally included by copying complete directories from the source tarball.; ; opennebula-sunstone-6.6.1.1-alt2.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. openuds-actor-3.6.0-alt3.noarch freedesktop-categories warn Menu-related Additional Categories (http://standards.freedesktop.org/menu-spec/latest/apa.html) not found in /usr/share/applications/UDS_Actor_Configuration.desktop. Please add it or report a bug against this test if you already have registered one (not including menu unrelated ones as Core or Qt).; openuds-actor-3.6.0-alt3.noarch freedesktop-desktop info desktop-file-validate utility printed the following message(s): /usr/share/applications/UDS_Actor_Configuration.desktop: hint: value "Settings;System;" for key "Categories" in group "Desktop Entry" contains more than one main category; application might appear more than once in the application menu; openuds-client-3.6.0-alt2.noarch freedesktop-categories warn Menu-related Additional Categories (http://standards.freedesktop.org/menu-spec/latest/apa.html) not found in /usr/share/applications/UDSClient.desktop. Please add it or report a bug against this test if you already have registered one (not including menu unrelated ones as Core or Qt).; openuds-server-3.6.0-alt10.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. openuds-server-nginx-3.6.0-alt10.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. openuds-tunnel-3.6.0-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ovirt-imageio-daemon-2.4.7-alt1.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ovirt-vmconsole-host-1.0.9-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ovirt-vmconsole-proxy-1.0.9-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ovn-central-23.09.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ovn-host-23.09.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. ovn-vtep-23.09.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. pdns-4.8.4-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. pdns-ixfrdist-4.8.4-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. pgbouncer-1.16.1-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/pgbouncer: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; pgpool-II-4.2.7-alt1.x86_64 init-condrestart fail /etc/rc.d/init.d/pgpool: missing condstop target. ERROR: alt-specific script %_sbindir/preun_service (used in your %preun_service macro) depends on condstop. Please, fix.; pgpool-II-4.2.7-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/pgpool: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; podman-5.0.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. postgresql12-repmgr-5.4.1-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/repmgr: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; postgresql12-repmgr-5.4.1-alt1.x86_64 rpm-filesystem-conflict-file-file warn There are file conflicts with the package postgresql16-repmgr-5.4.1-alt1.x86_64, for example, /usr/bin/repmgr (5 file conflicts in total). Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; alternatives.; postgresql13-repmgr-5.4.1-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/repmgr: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; postgresql13-repmgr-5.4.1-alt1.x86_64 rpm-filesystem-conflict-file-file warn There are file conflicts with the package postgresql16-repmgr-5.4.1-alt1.x86_64, for example, /usr/bin/repmgr (5 file conflicts in total). Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; e avoidable, consider using alternatives.; postgresql14-repmgr-5.4.1-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/repmgr: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; postgresql14-repmgr-5.4.1-alt1.x86_64 rpm-filesystem-conflict-file-file warn There are file conflicts with the package postgresql16-repmgr-5.4.1-alt1.x86_64, for example, /usr/bin/repmgr (5 file conflicts in total). Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; alternatives.; postgresql15-repmgr-5.4.1-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/repmgr: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; postgresql15-repmgr-5.4.1-alt1.x86_64 rpm-filesystem-conflict-file-file warn There are file conflicts with the package postgresql16-repmgr-5.4.1-alt1.x86_64, for example, /usr/bin/repmgr (5 file conflicts in total). Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; alternatives.; nsider using alternatives.; pptpd-1.4.0-alt4.x86_64 init-lsb warn /etc/rc.d/init.d/pptpd: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; pptpd-1.4.0-alt4.x86_64 unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/pptpd-1.4.0/tools/vpnuser: $ grep /tmp/ /usr/share/doc/pptpd-1.4.0/tools/vpnuser exit 1 fi ;; del) if [ "$(echo $2)" != "" ]; then grep "$2" $config > /tmp/vpnblaat mv /tmp/vpnblaat $config chmod 600 $config else echo $ERROR exit 1 fi cat $config fi ;; domain) if [ "$(echo $2)" != "" ] & [ "$(echo $3)" != "" ]; then grep -vw "$2" $config > /tmp/vpnblaat DATA=`grep -w "$2" $config` mv /tmp/vpnblaat $config DOM=`echo $3 | tr a-z A-Z` dom=`echo $3 | tr A-Z a-z` echo "$DOM\\\\$DATA" >> $config echo "$dom\\\\$DATA" >> $config chmod 600 $config; promtail-2.9.5-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. proxmox-backup-server-3.1.4.1-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. pve-container-5.0.8-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. pve-firewall-5.0.3-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. pve-ha-manager-4.0.3-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. pve-qemu-server-8.1.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. qemu-common-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn Files /usr/libexec/qemu-bridge-helper /usr/libexec/virtfs-proxy-helper /usr/share/man/man1/qemu.1.xz conflict with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; qemu-device-display-vhost-user-gpu-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/libexec/vhost-user-gpu conflicts with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; qemu-img-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn Files /usr/bin/qemu-storage-daemon /usr/share/man/man7/qemu-storage-daemon-qmp-ref.7.xz conflict with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; qemu-pr-helper-8.2.1-alt2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. qemu-system-aarch64-core-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/qemu-system-aarch64 conflicts with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; qemu-system-hppa-core-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/share/qemu/hppa-firmware.img conflicts with the package pve-qemu-common-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; qemu-system-ppc-core-8.2.1-alt2.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; qemu-system-x86-core-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/qemu-system-x86_64 conflicts with the package pve-qemu-system-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; qemu-tools-8.2.1-alt2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/share/qemu/trace-events-all conflicts with the package pve-qemu-common-8.1.5-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; rbd-mirror-18.2.1-alt2.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. remmina-1.4.33-alt1.x86_64 freedesktop-categories warn Menu-related Additional Categories (http://standards.freedesktop.org/menu-spec/latest/apa.html) not found in /usr/share/applications/org.remmina.Remmina.desktop. Please add it or report a bug against this test if you already have registered one (not including menu unrelated ones as Core or Qt).; resource-agents-4.13.0-alt1.x86_64 unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ocf/resource.d/heartbeat/rabbitmq-server-ha: $ grep /tmp/ /usr/lib/ocf/resource.d/heartbeat/rabbitmq-server-ha The debug flag for agent (${OCF_RESKEY_binary}) instance. In the /tmp/ directory will be created rmq-* files for log some operations and ENV values inside OCF-script. AMQP server (${OCF_RESKEY_binary}) debug flag local rc=$OCF_ERR_GENERIC local LH="${LL} monitor:" ocf_log debug "${LH} action start." if ocf_is_true "${OCF_RESKEY_debug}"; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-monitor.log env >> /tmp/rmq-monitor.log echo "$d [monitor] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi get_monitor rc=$? ocf_log debug "${LH} role: ${OCF_RESKEY_CRM_meta_role}" ocf_log debug "${LH} result: $rc" -- local LH="${LL} start:" local nowtime if ocf_is_true "${OCF_RESKEY_debug}"; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-start.log env >> /tmp/rmq-start.log echo "$d [start] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." get_status -- local rc=$OCF_ERR_GENERIC local LH="${LL} stop:" if ocf_is_true "${OCF_RESKEY_debug}"; then d=$(date '+%Y%m%d %H:%M:%S') echo $d >> /tmp/rmq-stop.log env >> /tmp/rmq-stop.log echo "$d [stop] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." ocf_log info "${LH} Deleting master attribute" -- local LH="${LL} notify:" local nodelist if ocf_is_true "${OCF_RESKEY_debug}"; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-notify.log env >> /tmp/rmq-notify.log echo "$d [notify] ${OCF_RESKEY_CRM_meta_notify_type}-${OCF_RESKEY_CRM_meta_notify_operation} promote='${OCF_RESKEY_CRM_meta_notify_promote_uname}' demote='${OCF_RESKEY_CRM_meta_notify_demote_uname}' master='${OCF_RESKEY_CRM_meta_notify_master_uname}' slave='${OCF_RESKEY_CRM_meta_notify_slave_uname}' start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi if [ "${OCF_RESKEY_CRM_meta_notify_type}" = 'post' ] ; then # POST- anything notify section case "$OCF_RESKEY_CRM_meta_notify_operation" in -- local rc=$OCF_ERR_GENERIC local LH="${LL} promote:" if ocf_is_true "${OCF_RESKEY_debug}"; then d=$(date '+%Y%m%d %H:%M:%S') echo $d >> /tmp/rmq-promote.log env >> /tmp/rmq-promote.log echo "$d [promote] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." get_monitor; rocksdb-tools-7.9.3-alt1.2.x86_64 rpm-filesystem-conflict-file-file warn File /usr/bin/sst_dump conflicts with the package mariadb-rocksdb-engine-10.11.7-alt2.1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; rsyslog-8.2312.0-alt1.x86_64 big-changelog info Package contains big ChangeLog. Gzip it.; rygel-0.42.5-alt1.x86_64 freedesktop-categories warn Menu-related Additional Categories (http://standards.freedesktop.org/menu-spec/latest/apa.html) not found in /usr/share/applications/rygel-preferences.desktop. Please add it or report a bug against this test if you already have registered one (not including menu unrelated ones as Core or Qt).; shorewall6-5.2.8-alt1.noarch uncompressed-manpages info Package contains uncompressed manual pages.; snapd-2.59.1-alt1.2.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. squid-6.7-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/squid: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; squid-6.7-alt1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.; squid-doc-6.7-alt1.noarch big-changelog info Package contains big ChangeLog. Gzip it.; suricata-6.0.10-alt1.x86_64 init-lsb warn /etc/rc.d/init.d/suricata: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; targetcli-2.1.54-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. telegraf-1.29.4-alt1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.; traefik-2.11.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. trivy-0.49.1-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; trivy-server-0.49.1-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. udev-254.10-alt1.x86_64 sisyphus_check-check-dirlist warn sisyphus_check --check-dirlist failed: package contains a directory /lib/udev/rules.d that exclusively belongs to package udev-rules; uki-direct-24.1.1-alt1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. urbackup-client-2.5.24-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. urbackup-server-2.5.31-alt1.x86_64 arch-dep-package-has-big-usr-share info The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; urbackup-server-2.5.31-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vdsm-4.50.6-alt1.1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vdsm-hook-checkips-4.50.6-alt1.1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vhostmd-1.1-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. victorialogs-0.5.0-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. victoriametrics-1.97.3-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. victoriametrics-cluster-vminsert-1.97.1-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. victoriametrics-cluster-vmselect-1.97.1-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. victoriametrics-cluster-vmstorage-1.97.1-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. victoriametrics-utils-1.97.3-alt1.x86_64 rpm-obsolete-live-package info The package obsoletes the package victoriametrics-vmctl-0.4.0-alt1.x86_64, but the package victoriametrics-vmctl-0.4.0-alt1.x86_64 is still alive and in the repository. Ask its maintainer to remove it, or, if it should not be removed, remove the Obsoletes: tag. Do not forget to add explicit conflicts with the other package if nessessary.; victoriametrics-vmagent-1.97.3-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. victoriametrics-vmalert-1.97.3-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. victoriametrics-vmauth-1.97.3-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. victoriametrics-vmctl-0.4.0-alt1.x86_64 rpm-package-is-obsoleted warn The package is obsoleted by the package victoriametrics-utils-1.97.3-alt1.x86_64, but is still alive and in the repository. Consider removing the package, or, if you want the package to be alive, ask the maintainer of victoriametrics-utils-1.97.3-alt1.x86_64 to remove Obsoletes: tag.; virt-manager-4.1.0-alt2.noarch freedesktop-categories warn Menu-related Additional Categories (http://standards.freedesktop.org/menu-spec/latest/apa.html) not found in /usr/share/applications/virt-manager.desktop. Please add it or report a bug against this test if you already have registered one (not including menu unrelated ones as Core or Qt).; vitastor-mon-1.4.8-alt1.1.noarch systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vitastor-osd-1.4.8-alt1.1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vmango-0.12.1-alt1.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts. vpnc-0.5.3-alt7.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.;