turbid	asterisk-20.18.2-alt1.src	specfile-useradd-n	warn	 -n in useradd is compat option and can be removed any time. Use -N instead.; 
turbid	asterisk-20.18.2-alt1.x86_64	arch-dep-package-has-big-usr-share	info	The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; 
turbid	asterisk-20.18.2-alt1.x86_64	init-lsb	fail	/etc/rc.d/init.d/asterisk: not systemd compatible: lsb init header missing and asterisk.service is not present.  See http://www.altlinux.org/Services_Policy for details.; 
turbid	asterisk-20.18.2-alt1.x86_64	sisyphus_check	fail	sisyphus_check failed:  /ALT/Sisyphus/files/x86_64/RPMS/asterisk-20.18.2-alt1.x86_64.rpm: Invalid path names: /usr/lib/tmpfiles.d/asterisk.conf sisyphus_check: check-fhs ERROR: FHS violation; 
turbid	asterisk-20.18.2-alt1.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/astversion: $ grep /tmp/ /usr/sbin/astversion # source directories to search SRC_DIRS=() main() { TMPFILE="/tmp/astversion.$$" sanity_check locate_files "$@" locate_libraries locate_modules scan_package_redhat() { PKGNAME="$1" if ! rpm -q $PKGNAME > /tmp/astversion-$PKGNAME-version then rm -f /tmp/astversion-$PKGNAME-version return 2 fi rpm -ql $PKGNAME > /tmp/astversion-$PKGNAME-files rpm -V $PKGNAME > /tmp/astversion-$PKGNAME-verify return 0 } scan_package_debian() { PKGNAME="$1" if ! dpkg -s $PKGNAME > $TMPFILE then rm -f /tmp/astversion-$PKGNAME-version return 2 fi # prefix the version with the package name to mimic rpm echo -n "$PKGNAME " > /tmp/astversion-$PKGNAME-version cat $TMPFILE | fgrep Version |cut -d ' ' -f2 >> /tmp/astversion-$PKGNAME-version dpkg -L $PKGNAME > /tmp/astversion-$PKGNAME-files dpkg -V $PKGNAME > /tmp/astversion-$PKGNAME-verify } package_has_file() { PKGNAME="$1" PKGFILE="$2" if [ ! -f /tmp/astversion-$PKGNAME-version ] then return 1 fi if [ ! -f /tmp/astversion-$PKGNAME-files ] then return 2 fi if ! fgrep "$PKGFILE" /tmp/astversion-$PKGNAME-files >/dev/null then # package doesn't have that file return 3 fi if fgrep "$PKGFILE" /tmp/astversion-$PKGNAME-verify >/dev/null then # file does not match package return 4 fi -- { # search each package and report files that match for PACKAGE in ${PACKAGES[@]} do scan_package_$DISTRO "$PACKAGE" PKGVERSION=$(cat /tmp/astversion-$PKGNAME-version) FOUND=() for FILE in ${FILES[@]} do if package_has_file "$PACKAGE" "$FILE" -- else echo "Matched ${#FOUND[@]} files to package $PKGVERSION" fi fi rm -f /tmp/astversion-$PKGNAME-version rm -f /tmp/astversion-$PKGNAME-files rm -f /tmp/astversion-$PKGNAME-verify done } search_source() {;