1999-10-16 19:08:43 +08:00
|
|
|
#############################################################################
|
|
|
|
# File : Config.py
|
|
|
|
# Package : rpmlint
|
|
|
|
# Author : Frederic Lepied
|
|
|
|
# Created on : Fri Oct 15 20:04:25 1999
|
|
|
|
# Version : $Id$
|
|
|
|
# Purpose : handle configuration options. To be used from config files.
|
|
|
|
#############################################################################
|
|
|
|
|
|
|
|
import os.path
|
1999-11-16 02:29:34 +08:00
|
|
|
import re
|
1999-10-16 19:08:43 +08:00
|
|
|
|
2000-02-10 19:56:09 +08:00
|
|
|
DEFAULT_CHECKS=("DistributionCheck",
|
1999-10-16 19:08:43 +08:00
|
|
|
"TagsCheck",
|
|
|
|
"BinariesCheck",
|
|
|
|
"ConfigCheck",
|
|
|
|
"FilesCheck",
|
2000-07-19 17:57:14 +08:00
|
|
|
"FHSCheck",
|
1999-10-28 04:00:43 +08:00
|
|
|
"SignatureCheck",
|
2000-08-18 14:03:13 +08:00
|
|
|
"I18NCheck",
|
2000-03-23 21:17:53 +08:00
|
|
|
"MenuCheck",
|
2000-07-05 22:46:55 +08:00
|
|
|
"PostCheck",
|
2000-08-25 17:04:48 +08:00
|
|
|
"InitScriptCheck",
|
2000-10-11 14:16:01 +08:00
|
|
|
"SourceCheck",
|
|
|
|
"SpecCheck"
|
|
|
|
)
|
1999-10-16 19:08:43 +08:00
|
|
|
|
|
|
|
# handle the list of checks to load
|
|
|
|
_checks=[]
|
|
|
|
|
|
|
|
def addCheck(check):
|
|
|
|
global _checks
|
|
|
|
|
|
|
|
if not check in _checks:
|
|
|
|
_checks.append(check)
|
|
|
|
|
|
|
|
def allChecks():
|
|
|
|
global _checks
|
|
|
|
|
|
|
|
if _checks == []:
|
|
|
|
_checks=DEFAULT_CHECKS
|
|
|
|
return _checks
|
|
|
|
|
1999-11-16 02:29:34 +08:00
|
|
|
def defaultChecks():
|
|
|
|
global _checks
|
|
|
|
|
|
|
|
_checks=DEFAULT_CHECKS
|
|
|
|
|
1999-10-16 19:08:43 +08:00
|
|
|
def resetChecks():
|
|
|
|
global _checks
|
|
|
|
|
|
|
|
_checks=[]
|
|
|
|
|
|
|
|
# handle the list of directories to look for checks
|
|
|
|
|
|
|
|
_dirs=["/usr/share/rpmlint"]
|
|
|
|
|
|
|
|
def addCheckDir(dir):
|
|
|
|
global _dirs
|
|
|
|
|
|
|
|
dir=os.path.expanduser(dir)
|
|
|
|
|
|
|
|
if not dir in _dirs:
|
|
|
|
_dirs.insert(0, dir)
|
|
|
|
|
|
|
|
def checkDirs():
|
|
|
|
global _dirs
|
|
|
|
|
|
|
|
return _dirs
|
|
|
|
|
|
|
|
# handle options
|
|
|
|
|
|
|
|
_options={}
|
|
|
|
|
|
|
|
def setOption(name, value):
|
|
|
|
global _options
|
|
|
|
|
|
|
|
_options[name]=value
|
|
|
|
|
|
|
|
def getOption(name, default):
|
|
|
|
global _options
|
|
|
|
|
|
|
|
try:
|
|
|
|
return _options[name]
|
|
|
|
except KeyError:
|
|
|
|
return default
|
1999-10-24 02:26:11 +08:00
|
|
|
|
|
|
|
# List of filters
|
1999-11-16 02:29:34 +08:00
|
|
|
_filters=[]
|
1999-10-24 02:26:11 +08:00
|
|
|
|
1999-11-16 02:29:34 +08:00
|
|
|
def addFilter(s):
|
1999-10-24 02:26:11 +08:00
|
|
|
global _filters
|
|
|
|
|
1999-11-16 02:29:34 +08:00
|
|
|
_filters.append(re.compile(s))
|
1999-10-24 02:26:11 +08:00
|
|
|
|
1999-11-16 02:29:34 +08:00
|
|
|
def isFiltered(s):
|
1999-10-24 02:26:11 +08:00
|
|
|
global _filters
|
1999-11-16 02:29:34 +08:00
|
|
|
|
|
|
|
for f in _filters:
|
|
|
|
if f.search(s):
|
|
|
|
return 1
|
|
|
|
return 0
|
1999-10-16 19:08:43 +08:00
|
|
|
|
2000-08-31 19:25:34 +08:00
|
|
|
# Standard exceptions:
|
|
|
|
addFilter("W: rootfiles non-etc-or-var-file-marked-as-conffile /root/.*")
|
|
|
|
addFilter("E: (rootfiles|etcskel) non-standard-dir-perm /(root|etc/skel)/tmp")
|
|
|
|
addFilter("E: rootfiles non-standard-dir-perm (/root|/etc/skel)/tmp")
|
|
|
|
addFilter("E: man(-[^ ]+)? non-standard-dir-perm /var/(X11R6/)?catman[^ ]+ 0775")
|
|
|
|
addFilter("E: man(-[^ ]+)? non-standard-dir-perm /usr/(X11R6/)?man/[^ ]+ 02755")
|
|
|
|
addFilter("E: filesystem non-standard-dir-perm /var/lock/subsys 0775")
|
|
|
|
addFilter("E: filesystem non-standard-dir-perm /tmp 01777")
|
|
|
|
addFilter("E: filesystem non-standard-dir-perm /var/tmp 01777")
|
|
|
|
addFilter("E: filesystem (non-standard-dir-perm|dir-or-file-in-mnt) /mnt/(floppy|disk|cdrom)")
|
|
|
|
addFilter("E: filesystem non-standard-dir-perm /var/spool/mail 0775")
|
|
|
|
addFilter("E: filesystem non-standard-dir-perm /root 0750")
|
|
|
|
addFilter("E: filesystem non-standard-dir-perm /var/lock 0775")
|
|
|
|
addFilter("E: filesystem non-standard-dir-perm /proc 0555")
|
|
|
|
addFilter("E: postgresql-test non-standard-[gu]id [^ ]+ postgres")
|
2000-09-12 17:57:11 +08:00
|
|
|
addFilter("W: (dev86|compat-glibc|alsa|alsa-sourcecompat-libs|gcc|egcs|egcs-c\+\+|gcc-chill|gcc-f77|egcs-g77|gcc-libgcj|gcc-objc|hackkernel-source|hackkernel-headers|kernel-source|kernel-headers|octave|ghc|mercury|ocaml|gprolog|ruby-extensions|ruby|XFree86-static-libs|libwmf|doxygen) devel-file-in-non-devel-package")
|
2000-08-31 19:25:34 +08:00
|
|
|
addFilter("W: menu devel-file-in-non-devel-package /etc/menu-methods/menu.h")
|
|
|
|
addFilter("W: [^ ]+ devel-file-in-non-devel-package /usr/doc/.*\.h$")
|
|
|
|
addFilter("W: glibc-profile devel-file-in-non-devel-package .*\.a$")
|
|
|
|
addFilter("E: menu non-file-in-menu-dir /usr/lib/menu/default")
|
|
|
|
addFilter("I: menu unable-to-parse-menu-command")
|
|
|
|
addFilter("W: menu invalid-menu-section")
|
|
|
|
addFilter("W: XFree86-server devel-file-in-non-devel-package /usr/X11R6/lib/modules")
|
|
|
|
addFilter("W: icewm-light menu-command-not-in-package icewm")
|
|
|
|
addFilter("E: slocate non-standard-dir-perm /var/lib/slocate 0750")
|
|
|
|
addFilter("E: ld.so statically-linked-binary /sbin/ldconfig")
|
|
|
|
addFilter("W: shadow-utils dangling-symlink /usr/bin/sg newgrp")
|
2000-10-12 13:50:48 +08:00
|
|
|
addFilter("E: rpm statically-linked-binary /usr/bin/rpm2cpio|/bin/rpm")
|
2000-09-12 17:57:11 +08:00
|
|
|
addFilter("E: info-install info-dir-file /usr/share/info/dir")
|
2000-10-12 13:50:48 +08:00
|
|
|
addFilter("E: sympa non-standard-uid [^\s]+ sympa")
|
|
|
|
addFilter("E: sympa non-standard-gid [^\s]+ sympa")
|
|
|
|
addFilter("E: rpm dangerous-command-in-%post rpm")
|
|
|
|
addFilter("W: bcast version-in-menu-title Broadcast 2000")
|
2000-08-31 19:25:34 +08:00
|
|
|
|
|
|
|
#initscripts
|
|
|
|
addFilter("W: initscripts non-etc-or-var-file-marked-as-conffile /sbin/if(up|down)")
|
|
|
|
addFilter("E: initscripts (setuid|setgid)-binary (/usr/sbin/usernetctl|/sbin/netreport) root.*")
|
|
|
|
addFilter("E: initscripts non-standard-dir-perm /var/run/netreport 0775")
|
|
|
|
|
|
|
|
|
|
|
|
#Setuid
|
|
|
|
addFilter("E: traceroute setuid-binary /usr/sbin/traceroute root 04755")
|
|
|
|
addFilter("E: urpmi setuid-binary /usr/bin/urpmi root 04750")
|
|
|
|
addFilter("E: sash statically-linked-binary /sbin/sash")
|
|
|
|
addFilter("E: perl-base setuid-binary /usr/bin/sperl5.6.0 root 04711")
|
|
|
|
addFilter("E: perl-base setuid-binary /usr/bin/suidperl root 04711")
|
|
|
|
addFilter("E: procmail setgid-binary /usr/bin/lockfile mail 02755")
|
|
|
|
addFilter("E: procmail setuid-gid-binary /usr/bin/procmail root mail 06755")
|
|
|
|
addFilter("E: rsh setuid-binary /usr/bin/rlogin root 04755")
|
|
|
|
addFilter("E: rsh setuid-binary /usr/bin/rsh root 04755")
|
|
|
|
addFilter("E: rsh setuid-binary /usr/bin/rcp root 04755")
|
|
|
|
addFilter("E: man setgid-binary /usr/bin/man man 02755")
|
|
|
|
addFilter("E: sudo non-standard-dir-perm /var/run/sudo 0700")
|
|
|
|
addFilter("E: sudo setuid-binary /usr/bin/sudo root 04111")
|
|
|
|
addFilter("E: slocate setgid-binary /usr/bin/slocate slocate 02755")
|
|
|
|
addFilter("E: SysVinit setgid-binary /usr/bin/wall tty 02555")
|
|
|
|
addFilter("E: sh-utils setuid-binary /bin/su root 04755")
|
|
|
|
addFilter("E: netkit-base setuid-binary /bin/ping root 04755")
|
|
|
|
addFilter("E: e2fsprogs statically-linked-binary /sbin/.*fsck.*")
|
|
|
|
addFilter("E: mount setuid-binary /bin/(u)?mount root 04755")
|
|
|
|
addFilter("E: util-linux setuid-binary /usr/bin/(newgrp|chsh|chfn) root 04711")
|
|
|
|
addFilter("E: util-linux setgid-binary /usr/bin/write tty 02755")
|
|
|
|
|
|
|
|
#Pam
|
|
|
|
addFilter("W: pam devel-file-in-non-devel-package /lib/security/pam_unix_(session|passwd|acct|auth).so")
|
|
|
|
addFilter("E: pam setuid-binary /sbin/(unix|pwdb)_chkpwd root 04(5|7)55")
|
|
|
|
addFilter("E: pam subdir-in-bin /sbin/pam_filter/upperLOWER")
|
|
|
|
|
|
|
|
#Kernel
|
|
|
|
addFilter("W: alsa(-source)? incoherent-version-in-changelog.*")
|
|
|
|
addFilter("W: kernel-headers dangling-symlink /usr/include/asm ../src/linux/include/asm")
|
|
|
|
addFilter("W: kernel-source dangling-symlink .*/linux/config.h ../pcmcia/config.h")
|
|
|
|
addFilter("W: reiserfs-utils dangling-symlink /sbin/fsck.reiserfs.*")
|
|
|
|
addFilter("W: reiserfs-utils incoherent-version-in-changelog")
|
|
|
|
|
|
|
|
#Glibc
|
2000-10-17 17:46:59 +08:00
|
|
|
addFilter("W: glibc shared-lib-without-dependency-information /lib/ld-2.*.so")
|
|
|
|
addFilter("W: glibc library-not-linked-against-libc /lib/libc-2.*.so")
|
2000-08-31 19:25:34 +08:00
|
|
|
addFilter("E: glibc statically-linked-binary /sbin/sln")
|
|
|
|
addFilter("E: glibc setuid-binary /usr/libexec/pt_chown root 04755")
|
|
|
|
|
|
|
|
#Transparent-xpm
|
|
|
|
addFilter("W: mathplot non-transparent-xpm ")
|
|
|
|
|
|
|
|
# InitScriptCheck exceptions
|
|
|
|
addFilter("E: initscripts (no-chkconfig-line|incoherent-subsys)")
|
|
|
|
addFilter("E: squid incoherent-subsys /etc/rc.d/init.d/squid $SQUID")
|
|
|
|
addFilter("E: heartbeat incoherent-subsys /etc/rc.d/init.d/heartbeat $SUBSYS")
|
|
|
|
|
|
|
|
# non-conffile-in-etc
|
|
|
|
addFilter("W: mandrake-release non-conffile-in-etc /etc/mandrake-release")
|
|
|
|
|
2000-09-29 18:01:15 +08:00
|
|
|
# vixie-cron
|
|
|
|
addFilter("E: vixie-cron non-standard-dir-perm /var/spool/cron 0700")
|
|
|
|
addFilter("E: vixie-cron setuid-binary /usr/bin/crontab root 04755")
|
|
|
|
|
1999-10-16 19:08:43 +08:00
|
|
|
# Config.py ends here
|