Sisyphus repository
Last update: 4 december 2021 | SRPMs: 17404 | Visits: 22453665
en ru br
Maintainer: Andrew A. Vasilyev (Andrew A. Vasilyev)

 Information   Packages   Bugs and FR  Repocop 

Repocop messages:

package status test message
alterator-netinst-1.9.1-alt4.noarch
fail
unsafe-tmp-usage-in-scripts The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/netinst: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/netinst elif [ -n "$in_add" ]; then [ "$in_get_from" = "url" ] && run_localized alterator-netinst -A "$in_add_url" || run_localized alterator-netinst -A "cdrom:" else set >> /tmp/log if... [the rest of the message is skipped]
alterator-netinst-1.9.1-alt4.noarch
experimental
checkbashisms checkbashisms utility found possible bashisms in: /usr/bin/alterator-netinst
cppcheck-2.6.2-alt1.x86_64
info
arch-dep-package-has-big-usr-share The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.
crtools-ovz-debuginfo-3.15.3.6-alt1.x86_64
warn
rpm-filesystem-conflict-symlink-symlink value of symlink /usr/lib/debug/usr/sbin/crtools.debug is different from the same symlink in the package crtools-debuginfo-3.16-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.
crtools-ovz-debuginfo-3.15.3.6-alt1.x86_64
warn
rpm-filesystem-conflict-symlink-file symlink /usr/lib/debug/usr/sbin/criu.debug is a file in the package crtools-debuginfo-3.16-alt1.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.
installer-distro-alt-server-v-stage2-9.2.0-alt1.noarch
fail
unsafe-tmp-usage-in-scripts The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/initinstall.d/05-vm-profile: $ grep -A5 -B5 /tmp/ /usr/share/install2/initinstall.d/05-vm-profile #!/bin/sh # see also http://www.altlinux.org/Autoinstall message() { echo "vm-profile: $*" >>/tmp/vm-profile.log; } mem="$(sed -n '/^MemTotal/s/[^0-9]//g... [the rest of the message is skipped]
installer-distro-alt-server-v-stage2-9.2.0-alt1.noarch
warn
rpm-filesystem-conflict-file-file There are file conflicts with the package installer-distro-alt-workstation-stage2-9.0.0-alt1.noarch, for example, /usr/share/install2/alterator-menu/module-expert-list (4 file conflicts in total). Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. There are file conflicts with the package installer-distro-altlinux-desktop-stage2-8.1.0-alt1.noarch, for example, /usr/share/install2/alterator-menu/module-expert-list (4 file conflicts in total). Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. Files /usr/share/install2/alterator-menu/module-expert-list /usr/share/install2/alterator-menu/module-order-list /usr/share/install2/installer-steps conflict with the package installer-distro-altlinux-generic-stage2-7.0.3-alt1.noarch. Moreover, the packages have no explicit conf... [the rest of the message is skipped]
libdevmapper-event-1.02.179-alt2.x86_64
info
altlinux-policy-shared-lib-contains-devel-so SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libdevmapper-event-lvm2.so but just /usr/lib64/libdevmapper-event-lvm2.so.2.03. According to SharedLibs Policy Draft, symlink /usr/lib64/libdevmapper-event-lvm2.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libdevmapper-event-lvm2.so to \%files of libdevmapper-event-1.02.179-alt2.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.
libmongoc-1.20.0-alt1.x86_64
fail
buildroot found paths to buildroot: /usr/share/mongo-c-driver/uninstall.sh: cd /usr/src/tmp/libmongoc-buildroot//usr/ printf "Removing top-level installation directory: "/usr/src/tmp/libmongoc-buildroot//usr/"" (rmdir "/usr/src/tmp/libmongoc-buildroot//usr/" 2>/dev/null && printf " ") || printf " ... not removed (probably not empty) "
libvcmmd-7.0.23-alt1.x86_64
info
missing-url Missing Url: in a package.
libvcmmd-debuginfo-7.0.23-alt1.x86_64
info
missing-url Missing Url: in a package.
libvcmmd-devel-7.0.23-alt1.x86_64
info
missing-url Missing Url: in a package.
open-vm-tools-11.3.5-alt1.x86_64
info
subdir-in-var-run Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.
open-vm-tools-11.3.5-alt1.x86_64
info
big-changelog Package contains big ChangeLog. Gzip it.
open-vm-tools-11.3.5-alt1.x86_64
experimental
checkbashisms checkbashisms utility found possible bashisms in: /usr/bin/vm-support
resource-agents-4.10.0-alt1.x86_64
info
subdir-in-var-run Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.
resource-agents-4.10.0-alt1.x86_64
experimental
checkbashisms checkbashisms utility found possible bashisms in: /usr/sbin/rhev-check.sh
squid-4.15-alt2.x86_64
warn
init-lsb /etc/rc.d/init.d/squid: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.
squid-4.15-alt2.x86_64
info
subdir-in-var-run Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.
squid-4.15-alt2.x86_64
experimental
checkbashisms checkbashisms utility found possible bashisms in: /etc/rc.d/init.d/squid
squid-doc-4.15-alt2.noarch
info
big-changelog Package contains big ChangeLog. Gzip it.
vzdump-1.2.6-alt1.x86_64
warn
rpm-filesystem-conflict-file-file File /usr/share/man/man1/vzdump.1.xz conflicts with the package pve-manager-7.0.11-alt4.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.
vzdump-1.2.6-alt1.x86_64
info
missing-url Missing Url: in a package.
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin