[Mageia-dev] Some more new rpmlint warning on upload

Michael Scherer misc at zarb.org
Wed Jul 27 13:37:48 CEST 2011 

Hi,

while investigating something almost unrelated I ran rpmlint on the
whole distribution and noticed there is several problems that should not
be there. 

So I propose to add the following warning in the list of error blocking
upload :

* non-standard-group 

This one cause problem in rpmdrake display ( among others ), as this add
category with 1 single package. There is no false positives.


* empty-%postun / empty-%post

While these do not do any harm, they are likely the sign of a package
that was not properly cleaned. So by blocking upload, we ensure that's
clean enough.

* useless-provides

that's when foo provide foo. There is no case where it would needed.

* invalid-desktopfile

rpmlint run desktop-file-validate, and any invalid file is detected.
Invalid file will in the best case work fine, and in the worst case, not
work. So better be safe and fix the file. 

There is also some more controversial :

* file-not-in-%lang
this will result in more disk space used for file that are not needed
( like locales, etc ). However, this can be annoying to fix, and not a
widespread errors. 

* 

while having foo.c~ or #.foo.c are not causing problem, this usually
take space for nothing. But since the problem is often in upstream
tarball, this can be tricky to fix. 

* version-control-internal-file 
same as previous, but there is maybe some use case, that should then be
added to exception

* standard-dir-owned-by-package
some package ( like gromacs ) do created /usr/bin/. This is unclean and
should be blocked. On the other hand, the problem are mostly theoric
( like "having a directory with 2 differents modes or owners ). 

* unknown-lsb-keyword 
as we use lsb in initscript ( and systemd support it ), I think this one
could be quite important. For example :
heartbeat.i586: W: unknown-lsb-keyword # Should-stop: openhpid

This likely hide real bugs. I would also add :
* missing-lsb-keyword
* malformed-line-in-lsb-comment-block 


I also found some stuff that would cause real problem :
hunspell-ca.noarch: W:
world-writable /usr/share/doc/hunspell-ca/LICENSES-en.txt 0666

Yet, there is maybe some good case to have a file to be world writable ?

Or :
hdf-java.i586: W: non-readable /usr/share/java/fits.jar 0700

There is also some good case to have a file non-readable, but in /usr,
there is none. ( and in this case, this seems like the package is broken
)

So, to summarize, the proposal is :
- block upload on :
* missing-lsb-keyword
* malformed-line-in-lsb-comment-block 
* useless-provides
* non-standard-group
* empty-%postun
* empty-%post
* invalid-desktopfile
* unknown-lsb-keyword
* standard-dir-owned-by-package

discuss for blocking :
* backup-file-in-package
* version-control-internal-file

discuss and find a list of exceptions for :
* world-writable
* non-readable 
( especially the non-readable part ).

If no one protest, the 1st list will be added before I take my vacation,
in a few days.
-- 
Michael Scherer

More information about the Mageia-dev mailing list