rpmlint/config

253 lines
9.4 KiB
Python

# -*- python -*-
# Example configuration file for rpmlint.
# This line is mandatory to access the configuration functions
from Config import *
# Additional paths to look for checks.
# ------------------------------------
#addCheckDir("~/mandrake/rpmlint")
# Configure the checks if you don't want the default ones.
# --------------------------------------------------------
#addCheck("FHSCheck")
#addCheck("BinariesCheck")
# Configuration options used by the checks shipped with rpmlint.
# The values in the commented out setOption() calls represent default
# or typical example values for the option.
# -------------------------------------------------------------------
# Type: integer, default: -1 (less than 0 means disabled)
#setOption("BadnessThreshold", -1)
# When checking that various files that should be compressed are
# indeed compressed, look for this filename extension (no dot here).
# Type: string, default: "bz2"
#setOption("CompressExtension", "bz2")
# Exception list for dangling symlink checks. The first in each pair
# is a regexp, and the second the package in which the target of the
# dangling symlink is shipped.
# Type: tuple of lists, default: (['consolehelper$', 'usermode-consoleonly'])
#setOption("DanglingSymlinkExceptions", ())
# Value for the Distribution tag.
# Type: string, default: "" (the empty string disables checking)
#setOption("Distribution", "")
# Base directory where to extract uninstalled packages while checking.
# Type: string, default: tempfile.gettempdir()
#setOption("ExtractDir", "/tmp")
# Standard "needs" values for non-XDG legacy menu items.
# Type: tuple of strings, default: ('gnome', 'icewm', 'kde', 'wmaker')
#setOption("ExtraMenuNeeds", ('gnome', 'icewm', 'kde', 'wmaker'))
# Words that must not exist in various tag values.
# Type: regexp, default: '' ('' effectively disables this check)
#setOption("ForbiddenWords", '')
# Exceptions for hardcoded library paths.
# Type: regexp, default: see DEFAULT_HARDCODED_LIB_PATH_EXCEPTIONS in SpecCheck
#setOption("HardcodedLibPathExceptions", '/lib/modules/')
# Accepted non-XDG legacy icon filenames.
# Type: regexp, default: '.*\.png$'
#setOption("IconFilename", '.*\.png$')
# Paths in which non-XDG legacy icons should be installed. The first
# item in the tuples is a filesystem path, and the second the icon type.
# Type: tuple of string tuples, default: see DEFAULT_ICON_PATH in MenuCheck
#setOption("IconPath", ())
# Disallowed dependencies.
# Type: tuple of regexps, default: see DEFAULT_INVALID_REQUIRES in TagsCheck
#setOption("InvalidRequires", ())
# Strings to disallow in various URL tags.
# Type: regexp, default: '' ('' effectively disables this check)
#setOption("InvalidURL", '')
# Whether to allow packaging kernel modules in non-kernel packages.
# Type: boolean, default: True
#setOption("KernelModuleRPMsOK", True)
# Maximum line length for summaries and descriptions.
# Type: integer, default: 79
#setOption("MaxLineLength", 79)
# Type: tuple of string,tuple lists, default: see DEFAULT_LAUNCHERS in MenuCheck
#setOption("MenuLaunchers", ())
# Names of packages to treat as "meta" ones.
# Type: regexp, default: '^(bundle|task)-'
#setOption("MetaPackageRegexp", '^(bundle|task)-')
# Whether to enable checks that require networking.
# Type: boolean, default: False
#setOption("NetworkEnabled", False)
# Timeout for network operations in seconds.
# Type: integer, default: 10
#setOption("NetworkTimeout", 10)
# Value for the Packager tag.
# Type: regexp, default: '' ('' effectively disables this check)
#setOption("Packager", '')
# Type: boolean, default: True
#setOption("PerlVersionTrick", True)
# Assumed default version of Python if one cannot be determined from files.
# Type: string, default: None
#setOption("PythonDefaultVersion", None)
# Expected suffix in Release tags.
# Type: regexp, default: '' ('' effectively disables this check)
#setOption("ReleaseExtension", '')
# Group tag for games.
# Type: regexp, default: 'Games'
#setOption("RpmGamesGroup", 'Games')
# Doc files to which end of line and UTF-8 checks should not be applied.
# Type: regexp, default: \.(?:rtf|x?html?|svg|ml[ily]?)$'
#setOption("SkipDocsRegexp", '\.(?:rtf|x?html?|svg|ml[ily]?)$')
# Standard OS groups.
# Type: tuple of strings, default: see DEFAULT_STANDARD_GROUPS in FilesCheck
#setOption("StandardGroups", ())
# Standard OS users.
# Type: tuple of strings, see DEFAULT_STANDARD_USERS in FilesCheck
#setOption("StandardUsers", ())
# List of directory prefixes that are not allowed in packages
# Type: tuple of strings, see DEFAULT_DISALLOWED_DIRS in FilesCheck
#setOption("DisallowedDirs", ('/home', '/mnt'))
# List of directories considered to be system default library search paths.
# Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck
#setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))
# Executables that must be compiled as position independent.
# Type: regex, default: None
#setOption("PieExecutables", '^/bin/(ping6?|su)$')
# Whether to want default start/stop runlevels specified in init scripts.
# Type: boolean, default: True
#setOption("UseDefaultRunlevels", True)
# Whether to use the Enchant spell checker (if available) for spell checking.
# Type: boolean, default: True
#setOption("UseEnchant", True)
# Whether an explicit Epoch should always be specified.
# Type: boolean, default: False
#setOption("UseEpoch", False)
# Whether jars should be indexed.
# Type: boolean, default: True
#setOption("UseIndexedJars", True)
# Whether symlinks between directories should be relative.
# Type: boolean, default: True
#setOption("UseRelativeSymlinks", True)
# Whether the UTF-8 character encoding should be used where applicable.
# Type: boolean, default: autodetected from environment
#setOption("UseUTF8", True)
# Whether debug sources are expected to be in separate packages from
# -debuginfo, typically -debugsource.
# Type: boolean, default: False
#setOption("UseDebugSource", False)
# Whether %changelog entries should contain a version.
# Type: boolean, default: True
#setOption("UseVersionInChangelog", True)
# Whether init scripts must use /var/lock/subsys
# Type: boolean, default: True
#setOption("UseVarLockSubsys", True)
# Architecture dependent paths in which packages are allowed to install files
# even if they are all non-binary.
# Type: regexp, default: see BinariesCheck
#setOption("UsrLibBinaryException", '^/usr/lib(64)?/(perl|python|ruby)')
# Value for the BuildHost tag.
# Type: regexp, default '' ('' effectively disables this check)
#setOption("ValidBuildHost", '')
# Interpreters whose scriptlets are allowed to be empty.
# Type: tuple of strings, default: ('/sbin/ldconfig',)
#setOption("ValidEmptyShells", ('/sbin/ldconfig',))
# Values for the Group tag.
# Type: list of strings, default: extracted from GROUPS file shipped with rpm
#setOption("ValidGroups", [])
# Values for the License tag.
# Type: tuple of strings, default: see DEFAULT_VALID_LICENSES in TagsCheck
#setOption("ValidLicenses", ())
# Values for non-XDG legacy menu item sections.
# Type: tuple of strings, default: see DEFAULT_VALID_SECTIONS in MenuCheck
#setOption("ValidMenuSections", ())
# Package scriptlet interpreters.
# Type: tuple of strings, default: see DEFAULT_VALID_SHELLS in PostCheck
#setOption("ValidShells", ('/bin/sh', '/bin/bash'))
# Permissions for files in source packages.
# Type: tuple of modes, default: (0644, 0755)
#setOption("ValidSrcPerms", (0644, 0755))
# Value for the Vendor tag.
# Type: string, default: "" ("" effectively disables this check)
#setOption("Vendor", "")
# Man page warning category, passed to groff -w while checking man pages.
# See the groff(1) or troff(1) man pages for available categories.
# Type: string, default: 'mac'
#SetOption("ManWarningCategory", 'mac')
# Command and arguments to validate appdata files.
# Type: tuple of strings, default: see DEFAULT_APPDATA_CHECKER in AppDataCheck
#setOption("AppDataChecker", ('appstream-util', 'validate-relax'))
# Check if application performs calls to blacklisted methods
# the 'f_name' is the regexp for the blacklisted method
# 'good_param' is the optional parameter that will waive the result if this
# regexp matches output of `strings` from the binary file
# 'description' is the explanation of why the call is blacklisted
#bad_crypto_warning = \
#'''This application package calls a function to explicitly set crypto ciphers
#for SSL/TLS. That may cause the application not to use the system-wide set
#cryptographic policy and should be modified in accordance to:
#https://fedoraproject.org/wiki/Packaging:CryptoPolicies'''
#
#call_blacklist = {'crypto-policy-non-compliance-openssl' :
# {'f_name' : 'SSL_CTX_set_cipher_list',
# 'good_param' : '^PROFILE=SYSTEM$',
# 'description' : bad_crypto_warning},
# 'crypto-policy-non-compliance-gnutls-1' :
# {'f_name' : 'gnutls_priority_set_direct',
# 'good_param' : '^@SYSTEM$',
# 'description' : bad_crypto_warning},
# 'crypto-policy-non-compliance-gnutls-2' :
# {'f_name' : 'gnutls_priority_init',
# 'description' : bad_crypto_warning}
# }
#setOption("WarnOnFunction", call_blacklist)
# Output filters.
# ---------------
#addFilter("E: .* no-signature")