rpms / ruby

Clone
Source Code
GIT

#85 Update ruby.rpmlintrc to fix errors.
Merged 2 years ago by jaruga. Opened 2 years ago by jaruga.
rpms/ jaruga/ruby wip/rpmlintrc  into  rawhide

file modified
+50 -5 
@@ -2,10 +2,55 @@ 
 

  

  # There is no way to implement this with `%{SOURCE0}` without `%{_sourcedir}`.
 

  # The order in the .spec file could be possibly different.
 

- addFilter(r'^ruby\.(spec|src):20: E: use-of-RPM_SOURCE_DIR$')
 

+ addFilter(r'ruby\.(spec|src):20: E: use-of-RPM_SOURCE_DIR$')
 

  

  # The used version is not obvious.
 

- addFilter(r'^ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-build_assert\)$')
 

- addFilter(r'^ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-check_type\)$')
 

- addFilter(r'^ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-container_of\)$')
 

- addFilter(r'^ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-list\)$')
 

+ addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-build_assert\)$')
 

+ addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-check_type\)$')
 

+ addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-container_of\)$')
 

+ addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-list\)$')
 

+ 

+ # The template files do not have to have executable bits.
 

+ addFilter(r'^rubygem-bundler\.noarch: E: non-executable-script /usr/share/gems/gems/bundler-[\d\.]+/lib/bundler/templates/[\w/\.]+ 644 /usr/bin/env ')
 

+ 

+ # The bundled gem files permissions are overridden as 644 by `make install`.
 

+ # https://bugs.ruby-lang.org/issues/17840
 

+ # power_assert
 

+ # https://github.com/ruby/power_assert/issues/35
 

+ addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/console 644 ')
 

+ addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/setup 644 ')
 

+ # rake
 

+ # https://github.com/ruby/rake/issues/385
 

+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/bundle 644 ')
 

+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/console 644 ')
 

+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rake 644 ')
 

+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rdoc 644 ')
 

+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rubocop 644 ')
 

+ addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/setup 644 ')
 

+ # rbs
 

+ # https://github.com/ruby/rbs/issues/673
 

+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/annotate-with-rdoc 644 ')
 

+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/console 644 ')
 

+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/query-rdoc 644 ')
 

+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/rbs-prof 644 ')
 

+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/setup 644 ')
 

+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/sort 644 ')
 

+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/steep 644 ')
 

+ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/test_runner.rb 644 ')
 

+ # test-unit
 

+ addFilter(r'^rubygem-test-unit\.noarch: E: non-executable-script /usr/share/gems/gems/test-unit-[\d\.]+/test/run-test.rb 644 ')
 

+ 

+ # The function `chroot` without using `chdir` is detected by rpmlint with the
 

+ # following message. However it looks a false positive as the `chroot` in the
 

+ # `dir.c` is just used as a Ruby binding `Dir.chroot` for the function.
 

+ #
 

+ # ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1
 

+ # This executable appears to call chroot without using chdir to change the
 

+ # current directory. This is likely an error and permits an attacker to break
 

+ # out of the chroot by using fchdir. While that's not always a security issue,
 

+ # this has to be checked.
 

+ addFilter(r'^ruby-libs\.\w+: E: missing-call-to-chdir-with-chroot /usr/lib(64)?/libruby.so.[\d/.]+$')
 

+ 

+ # Nothing referred and no dependency information should be no problem.
 

+ # https://bugs.ruby-lang.org/issues/16558#note-2
 

+ addFilter(r'^ruby-libs\.\w+: E: shared-lib-without-dependency-information /usr/lib(64)?/ruby/enc/gb2312.so$')

This PR is to suppress all the errors detected by rpmlint. After this PR, it is expected that the rpmlint will return exit status 0.

$ rpm -q rpmlint
rpmlint-1.11-15.fc33.noarch

$ rpmlint --file ruby.rpmlintrc *.spec result/*.rpm
...
30 packages and 1 specfiles checked; 0 errors, 101 warnings.
$ echo $?
0

Here is the difference between lint.log (before this PR) and lin2.log (by applying this PR).

$ diff lint.log lint2.log 
9,15d8
< rubygem-bigdecimal.x86_64: E: zero-length /usr/lib64/gems/ruby/bigdecimal-3.0.0/gem.build_complete
< rubygem-bundler.noarch: E: non-executable-script /usr/share/gems/gems/bundler-2.2.15/lib/bundler/templates/Executable 644 /usr/bin/env <%= Bundler.settings[:shebang] || RbConfig::CONFIG["ruby_install_name"] %>
< rubygem-bundler.noarch: E: non-executable-script /usr/share/gems/gems/bundler-2.2.15/lib/bundler/templates/Executable.bundler 644 /usr/bin/env <%= Bundler.settings[:shebang] || RbConfig::CONFIG["ruby_install_name"] %>
< rubygem-bundler.noarch: E: non-executable-script /usr/share/gems/gems/bundler-2.2.15/lib/bundler/templates/Executable.standalone 644 /usr/bin/env <%= Bundler.settings[:shebang] || RbConfig::CONFIG["ruby_install_name"] %>
< rubygem-bundler.noarch: E: non-executable-script /usr/share/gems/gems/bundler-2.2.15/lib/bundler/templates/newgem/bin/console.tt 644 /usr/bin/env ruby
< rubygem-bundler.noarch: E: non-executable-script /usr/share/gems/gems/bundler-2.2.15/lib/bundler/templates/newgem/bin/setup.tt 644 /usr/bin/env bash
< rubygem-bundler.noarch: E: non-executable-script /usr/share/gems/gems/bundler-2.2.15/lib/bundler/templates/newgem/exe/newgem.tt 644 /usr/bin/env ruby
19d11
< rubygem-io-console.x86_64: E: zero-length /usr/lib64/gems/ruby/io-console-0.5.7/gem.build_complete
21d12
< rubygem-json.x86_64: E: zero-length /usr/lib64/gems/ruby/json-2.5.1/gem.build_complete
24,25d14
< rubygem-power_assert.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-1.2.0/bin/console 644 /usr/bin/env ruby
< rubygem-power_assert.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-1.2.0/bin/setup 644 /usr/bin/env bash
31,37d19
< rubygem-psych.x86_64: E: zero-length /usr/lib64/gems/ruby/psych-3.3.0/gem.build_complete
< rubygem-rake.noarch: E: non-executable-script /usr/share/gems/gems/rake-13.0.3/bin/bundle 644 /usr/bin/env ruby
< rubygem-rake.noarch: E: non-executable-script /usr/share/gems/gems/rake-13.0.3/bin/console 644 /usr/bin/env ruby
< rubygem-rake.noarch: E: non-executable-script /usr/share/gems/gems/rake-13.0.3/bin/rake 644 /usr/bin/env ruby
< rubygem-rake.noarch: E: non-executable-script /usr/share/gems/gems/rake-13.0.3/bin/rdoc 644 /usr/bin/env ruby
< rubygem-rake.noarch: E: non-executable-script /usr/share/gems/gems/rake-13.0.3/bin/rubocop 644 /usr/bin/env ruby
< rubygem-rake.noarch: E: non-executable-script /usr/share/gems/gems/rake-13.0.3/bin/setup 644 /usr/bin/env bash
41,48d22
< rubygem-rbs.noarch: E: non-executable-script /usr/share/gems/gems/rbs-1.0.4/bin/annotate-with-rdoc 644 /usr/bin/env ruby
< rubygem-rbs.noarch: E: non-executable-script /usr/share/gems/gems/rbs-1.0.4/bin/console 644 /usr/bin/env ruby
< rubygem-rbs.noarch: E: non-executable-script /usr/share/gems/gems/rbs-1.0.4/bin/query-rdoc 644 /usr/bin/env ruby
< rubygem-rbs.noarch: E: non-executable-script /usr/share/gems/gems/rbs-1.0.4/bin/rbs-prof 644 /usr/bin/env ruby
< rubygem-rbs.noarch: E: non-executable-script /usr/share/gems/gems/rbs-1.0.4/bin/setup 644 /usr/bin/env bash
< rubygem-rbs.noarch: E: non-executable-script /usr/share/gems/gems/rbs-1.0.4/bin/sort 644 /usr/bin/env ruby
< rubygem-rbs.noarch: E: non-executable-script /usr/share/gems/gems/rbs-1.0.4/bin/steep 644 /bin/sh 
< rubygem-rbs.noarch: E: non-executable-script /usr/share/gems/gems/rbs-1.0.4/bin/test_runner.rb 644 /usr/bin/env ruby
58d31
< rubygem-test-unit.noarch: E: non-executable-script /usr/share/gems/gems/test-unit-3.3.7/test/run-test.rb 644 /usr/bin/env ruby
64d36
< ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1
75d46
< ruby-libs.x86_64: E: shared-lib-without-dependency-information /usr/lib64/ruby/enc/gb2312.so
131c102
< 30 packages and 1 specfiles checked; 29 errors, 101 warnings.
---
> 30 packages and 1 specfiles checked; 0 errors, 101 warnings.

I did not add logic to add an executable bit in ruby.spec such as following lines, because it seems make install for the Ruby updates the original permissions with 644. I am asking if it is intententional. https://bugs.ruby-lang.org/issues/17840

# Add an executable bit to fix rpmlint errors.
# https://github.com/ruby/power_assert/issues/35
find %{buildroot}%{gem_dir}/gems/power_assert-%{power_assert_version}/bin -f | xargs chmod a+x
# https://github.com/ruby/rake/issues/385
find %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/bin -f | xargs chmod a+x
# https://github.com/ruby/rbs/issues/673
find %{buildroot}%{gem_dir}/gems/rbs-%{rbs_version}/bin -f | xargs chmod a+x

For the missing-call-to-chdir-with-chroot item detected by rpmlint, it is detected when the function chroot s called without the function chdir. However in case of Ruby, the function chroot is just used as a Ruby binding Dir.chroot in dir.c. So, I think it's a false positive.

As a reference for this, I found other cases dealing with it.
https://jira.mariadb.org/browse/MDEV-11962
https://bugzilla.redhat.com/show_bug.cgi?id=1422789

Could you review? Thanks.

rebased onto 45c0731c0349779f7895c3a71bca01a992e85217
2 years ago

rebased onto 42f45ad6d709aa039c49032000b540b81422cf79
2 years ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

The scratch build is failing with the following error.

https://koji.fedoraproject.org/koji/taskinfo?taskID=66974508
https://kojipkgs.fedoraproject.org//work/tasks/4513/66974513/root.log

DEBUG util.py:444:  error: line 116: Unknown tag: /chroot_tmpdir/srpm_unpacked/SOURCES/macros.ruby

Seeing Koshcei, here is the dependencies change when starting to fail.
https://koschei.fedoraproject.org/build/10236312

DEBUG util.py:444: error: line 116: Unknown tag: ...

It seems the RPM fails to execute the following line.

https://src.fedoraproject.org/rpms/ruby/blob/rawhide/f/ruby.spec#_116

116 %{?load:%{SOURCE4}}

rebased onto 639259c5667215d1b25bb577f64d46918bcb9d6c
2 years ago

I rebased this PR, as another PR https://src.fedoraproject.org/rpms/ruby/pull-request/86 to fix FTBFS was merged.

A parsing error for the rpmlint used in Zuul CI will be fixed possibly with 1 or 2 weeks. See https://bugzilla.redhat.com/show_bug.cgi?id=1959363 .

Here is the result of my local Fedora 33. Right now we see the parsing error, but I think it's no problem to merge this PR.

$ rpmlint --file ruby.rpmlintrc ruby.spec result/*.rpm
ruby.spec: E: specfile-error error: ruby.spec: line 116: failed to load macro file /tmp/rpmlint.ruby.spec.oeepejtn/macros.ruby
ruby.spec: E: specfile-error error: query of specfile ruby.spec failed, can't parse
...
30 packages and 1 specfiles checked; 2 errors, 101 warnings.

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

1 new commit added

  • ruby.rpmlintrc: Remove prefix match.
2 years ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

recheck

Build succeeded.

Interestingly I do not see any parsing error by rpmlint any more.

https://fedora.softwarefactory-project.io/zuul/build/f4ba65c16e3645e699925f3477bdef5f/console

rpmlint  --file /root/src/src.fedoraproject.org/rpms/ruby/ruby.rpmlintrc  ./*.spec ./*.rpm
ruby.x86_64: W: no-manual-page-for-binary ruby-mri
ruby-default-gems.noarch: W: spelling-error %description -l en_US gemspec -> gem spec, gem-spec, gemstone
...
30 packages and 1 specfiles checked; 0 errors, 101 warnings.

@pvalena @vondruch review please. Thanks.

This does not provide reasoning why this is Ok. Is there related rpmlint ticket already?

I'd love to see this split in smaller chunks and the comments should explain in detail why are the checks excluded (currently they contains what instead of why).

This does not provide reasoning why this is Ok. Is there related rpmlint ticket already?

I thought the gem.build_complete file is a kind of flag created when the gem build with native extension was done successfully, right? Can you provide a better explanation for that? I am happy to adapt it to the comment.

I found the related rpmlint ticket now. But we see the error. There might be a regression.
https://github.com/rpm-software-management/rpmlint/issues/462

I'd love to see this split in smaller chunks and the comments should explain in detail why are the checks excluded (currently they contains what instead of why).

OK. I can split the current 1st commit to 5 chunks (5 commits). I will be careful about the "why".

This does not provide reasoning why this is Ok. Is there related rpmlint ticket already?

I thought the gem.build_complete file is a kind of flag created when the gem build with native extension was done successfully, right?

Yep, that is reasonable.

Can you provide a better explanation for that? I am happy to adapt it to the comment.

I found the related rpmlint ticket now. But we see the error. There might be a regression.
https://github.com/rpm-software-management/rpmlint/issues/462

I hope we agree now that excluding these checks is not an option ATM :) But good catch.

I found the related rpmlint ticket now. But we see the error. There might be a regression.
...
I hope we agree now that excluding these checks is not an option ATM :) But good catch.

I noticed the following commit to fix gem.build_complete issue is merged on the master branch.
https://github.com/rpm-software-management/rpmlint/commit/e34ce874f27d733628f51c9884ac951af072bed2

But it is not merged to the both rpmlint-1.x branch and rpmlint-1.11 tag.
https://github.com/rpm-software-management/rpmlint/blob/rpmlint-1.x/FilesCheck.py#L215
The rpmlint 2.0 is not released yet on the upstream.

So, it's not regression.

Yes, I will include the checks.

rebased onto ad3d94e2af1e1bc7adc272eab71f763d9edc964d
2 years ago

Build succeeded.

I rebased the PR splitting the commit and updating comment in the file and commit messages.
Could you review again?

Here is the result of rpmlint now.

https://fedora.softwarefactory-project.io/zuul/build/3e9db592547d44f5936586bc45a5fd2d/console

$ rpmlint  --file /root/src/src.fedoraproject.org/rpms/ruby/ruby.rpmlintrc  ./*.spec ./*.rpm
...
30 packages and 1 specfiles checked; 0 errors, 100 warnings.

Previously the 101 warnings, now 100 warnings. I am not sure why.

After discussing with Vit, I will remove the filter matching gem.build_complete errors.

Because

  • We are using rpmlint 1 on the rawhide showing the error messages, the rpmlint 2 does not show the error messages. It was fixed on the upstream. We are afraid an unmatched filter in the future is managed on the ruby.rpmlintrc.
  • We know a benefit of keeping of Zuul CI's rpmlint check as green. But as rpmlint 2 was released on the upstream today, it's not so long for rawhide to use rpmlint.

I opened ticket to request a new feature: return error status when a filter file includes an unmatched filter. This fixes our concerns. https://github.com/rpm-software-management/rpmlint/issues/648

rebased onto fbaee91
2 years ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

recheck

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

recheck

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

The following errors about gem.build_complete is expected result. The ./ruby.spec: line 116: failed to load macro file /tmp/rpmlint.ruby.spec.hie40014/macros.ruby is not expected. We see the error happening again. Anyway review again please.

https://fedora.softwarefactory-project.io/zuul/build/a5b730fd4a5d492b999498b2c3a186af

./ruby.spec: E: specfile-error error: ./ruby.spec: line 116: failed to load macro file /tmp/rpmlint.ruby.spec.hie40014/macros.ruby
./ruby.spec: E: specfile-error error: query of specfile ./ruby.spec failed, can't parse
...
rubygem-bigdecimal.x86_64: E: zero-length /usr/lib64/gems/ruby/bigdecimal-3.0.0/gem.build_complete
...
rubygem-io-console.x86_64: E: zero-length /usr/lib64/gems/ruby/io-console-0.5.7/gem.build_complete
...
rubygem-json.x86_64: E: zero-length /usr/lib64/gems/ruby/json-2.5.1/gem.build_complete
...
30 packages and 1 specfiles checked; 6 errors, 101 warnings.

Pull-Request has been merged by jaruga
2 years ago

After discussing with Vit, I will remove the filter matching gem.build_complete errors.

I merged this PR as I rebased the PR removing the gem.build_complete check.
Metadata
None
No Tags
Changes Summary 1
+50 -5
file changed
ruby.rpmlintrc
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.