Майнтейнер: Dmitriy Terekhin
Информация Пакеты Bugs and FR Repocop
Сообщения от repocop:пакет | статус | тест | сообщение |
---|---|---|---|
alterator-net-domain-0.7.3-alt4.x86_64 |
fail | unsafe-tmp-usage-in-scripts | The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/net-domain: $ grep /tmp/ /usr/lib/alterator/backend3/net-domain ## https://www.altlinux.org/ActiveDirectory/DC ad_provision_domain() { local domain_name="$1" shift local log="/tmp/samba-dc-provision-$(date +%d.%m.%Y-%H:%M:%S)-$domain_name.log"... [the rest of the message is skipped] |
branding-alt-server-10.2-alt3.src |
info | requires-ImageMagick | Dependency on ImageMagick (compat package) found. It probably should be replaced with more specific dependency like /usr/bin/convert or ImageMagick-tools, or it can be already autodetected by findreq-shell. |
branding-alt-server-notes-10.2-alt3.noarch |
warn | file-in-usr-marked-as-conffile | Files below /usr may not be marked as conffiles, since /usr might be mounted read-only and thus, the local system administrator would not have a chance to modify this configuration file. |
brcm-patchram-plus-0.1.1-alt1.x86_64 |
experimental | systemd-but-no-native-init | The package have native systemd file(s) but no SysV init scripts. |
installer-distro-centaurus-stage2-10.2-alt3.x86_64 |
fail | unsafe-tmp-usage-in-scripts | The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/preinstall.d/35-enable-systemd-networkd.sh: $ grep /tmp/ /usr/share/install2/preinstall.d/35-enable-systemd-networkd.sh shell_config_set $i/options NM_CONTROLLED no shell_config_set $i/options SYSTEMD_CONTROLLED yes shell_config_set $i/options DISABLE... [the rest of the message is skipped] |
installer-distro-centaurus-stage2-10.2-alt3.x86_64 |
warn | rpm-filesystem-conflict-file-file | There are file conflicts with the package installer-distro-token-desktop-stage2-0.1.1-alt5.noarch, for example, /usr/share/install2/alterator-menu/module-expert-list (4 file conflicts in total). Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. dable, consider using alternatives. s. ing alternatives. |
pi-bluetooth-0.1.15-alt1.noarch |
experimental | systemd-but-no-native-init | The package have native systemd file(s) but no SysV init scripts. |
volumes-profile-alt-server-1.1-alt1.noarch |
warn | rpm-filesystem-conflict-file-file | File /usr/share/install2/initinstall.d/10-vm-profile.sh conflicts with the package volumes-profile-regular-0.5.1-alt1.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. . ives. |
volumes-profile-cliff-server-0.18-alt1.noarch |
warn | rpm-filesystem-conflict-file-file | File /usr/share/install2/initinstall.d/10-vm-profile.sh conflicts with the package volumes-profile-regular-0.5.1-alt1.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives. . ives. |