| |
@@ -2,10 +2,55 @@
|
| |
|
| |
# There is no way to implement this with `%{SOURCE0}` without `%{_sourcedir}`.
|
| |
# The order in the .spec file could be possibly different.
|
| |
- addFilter(r'^ruby\.(spec|src):20: E: use-of-RPM_SOURCE_DIR$')
|
| |
+ addFilter(r'ruby\.(spec|src):20: E: use-of-RPM_SOURCE_DIR$')
|
| |
|
| |
# The used version is not obvious.
|
| |
- addFilter(r'^ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-build_assert\)$')
|
| |
- addFilter(r'^ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-check_type\)$')
|
| |
- addFilter(r'^ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-container_of\)$')
|
| |
- addFilter(r'^ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-list\)$')
|
| |
+ addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-build_assert\)$')
|
| |
+ addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-check_type\)$')
|
| |
+ addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-container_of\)$')
|
| |
+ addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-list\)$')
|
| |
+
|
| |
+ # The template files do not have to have executable bits.
|
| |
+ addFilter(r'^rubygem-bundler\.noarch: E: non-executable-script /usr/share/gems/gems/bundler-[\d\.]+/lib/bundler/templates/[\w/\.]+ 644 /usr/bin/env ')
|
| |
+
|
| |
+ # The bundled gem files permissions are overridden as 644 by `make install`.
|
| |
+ # https://bugs.ruby-lang.org/issues/17840
|
| |
+ # power_assert
|
| |
+ # https://github.com/ruby/power_assert/issues/35
|
| |
+ addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/console 644 ')
|
| |
+ addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/setup 644 ')
|
| |
+ # rake
|
| |
+ # https://github.com/ruby/rake/issues/385
|
| |
+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/bundle 644 ')
|
| |
+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/console 644 ')
|
| |
+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rake 644 ')
|
| |
+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rdoc 644 ')
|
| |
+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rubocop 644 ')
|
| |
+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/setup 644 ')
|
| |
+ # rbs
|
| |
+ # https://github.com/ruby/rbs/issues/673
|
| |
+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/annotate-with-rdoc 644 ')
|
| |
+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/console 644 ')
|
| |
+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/query-rdoc 644 ')
|
| |
+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/rbs-prof 644 ')
|
| |
+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/setup 644 ')
|
| |
+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/sort 644 ')
|
| |
+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/steep 644 ')
|
| |
+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/test_runner.rb 644 ')
|
| |
+ # test-unit
|
| |
+ addFilter(r'^rubygem-test-unit\.noarch: E: non-executable-script /usr/share/gems/gems/test-unit-[\d\.]+/test/run-test.rb 644 ')
|
| |
+
|
| |
+ # The function `chroot` without using `chdir` is detected by rpmlint with the
|
| |
+ # following message. However it looks a false positive as the `chroot` in the
|
| |
+ # `dir.c` is just used as a Ruby binding `Dir.chroot` for the function.
|
| |
+ #
|
| |
+ # ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1
|
| |
+ # This executable appears to call chroot without using chdir to change the
|
| |
+ # current directory. This is likely an error and permits an attacker to break
|
| |
+ # out of the chroot by using fchdir. While that's not always a security issue,
|
| |
+ # this has to be checked.
|
| |
+ addFilter(r'^ruby-libs\.\w+: E: missing-call-to-chdir-with-chroot /usr/lib(64)?/libruby.so.[\d/.]+$')
|
| |
+
|
| |
+ # Nothing referred and no dependency information should be no problem.
|
| |
+ # https://bugs.ruby-lang.org/issues/16558#note-2
|
| |
+ addFilter(r'^ruby-libs\.\w+: E: shared-lib-without-dependency-information /usr/lib(64)?/ruby/enc/gb2312.so$')
|
| |
This PR is to suppress all the errors detected by rpmlint. After this PR, it is expected that the rpmlint will return exit status 0.
Here is the difference between lint.log (before this PR) and lin2.log (by applying this PR).
I did not add logic to add an executable bit in
ruby.spec
such as following lines, because it seemsmake install
for the Ruby updates the original permissions with 644. I am asking if it is intententional. https://bugs.ruby-lang.org/issues/17840For the
missing-call-to-chdir-with-chroot
item detected by rpmlint, it is detected when the function chroot s called without the function chdir. However in case of Ruby, the function chroot is just used as a Ruby bindingDir.chroot
indir.c
. So, I think it's a false positive.As a reference for this, I found other cases dealing with it.
https://jira.mariadb.org/browse/MDEV-11962
https://bugzilla.redhat.com/show_bug.cgi?id=1422789
Could you review? Thanks.