File rpmlint-1.5-disallow-var-run-and-var-lock.diff of Package rpmlint

From c45057466e8e40bbb36fa90faa10a2b678c25ba2 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 30 Apr 2014 16:35:20 +0200
Subject: [PATCH rpmlint] disallow /var/run and /var/lock

Distros moved to having /var/run and /var/lock as symlinks to /run resp
/run/lock. Therefore packages must no longer put files there at all.

Also, refactor the code for dir-or-file-in-* and make it configurable.
---
 FilesCheck.py | 77 +++++++++++++++++++++++------------------------------------
 config        |  4 ++++
 2 files changed, 34 insertions(+), 47 deletions(-)

Index: rpmlint-1.5/FilesCheck.py
===================================================================
--- rpmlint-1.5.orig/FilesCheck.py
+++ rpmlint-1.5/FilesCheck.py
@@ -559,12 +559,9 @@ STANDARD_DIRS = (
     '/var/lib/nobody',
     '/var/lib/pam_devperm',
     '/var/lib/wwwrun',
-    '/var/lock',
-    '/var/lock/subsys',
     '/var/log',
     '/var/mail',
     '/var/opt',
-    '/var/run',
     '/var/spool',
     '/var/spool/clientmqueue',
     '/var/spool/locks',
@@ -589,7 +586,19 @@ DEFAULT_STANDARD_GROUPS = ('root', 'bin'
                            'shutdown', 'halt', 'mail', 'news', 'uucp',
                            'man', 'nobody',)
 
-tmp_regex = re.compile('^(/var|/usr)?/tmp/')
+DEFAULT_DISALLOWED_DIRS = (
+    '/home',
+    '/mnt',
+    '/opt',
+    '/tmp',
+    '/usr/local',
+    '/usr/tmp',
+    '/var/local',
+    '/var/lock',
+    '/var/run',
+    '/var/tmp',
+)
+
 sub_bin_regex = re.compile('^(/usr)?/s?bin/\S+/')
 backup_regex = re.compile('(~|\#[^/]+\#|\.orig|\.orig\.gz|\.rej)$')
 compr_regex = re.compile('\.(gz|z|Z|zip|bz2|lzma|xz)$')
@@ -653,6 +662,8 @@ use_relative_symlinks = Config.getOption
 standard_groups = Config.getOption('StandardGroups', DEFAULT_STANDARD_GROUPS)
 standard_users = Config.getOption('StandardUsers', DEFAULT_STANDARD_USERS)
 
+disallowed_dirs = Config.getOption('DisallowedDirs', DEFAULT_DISALLOWED_DIRS)
+
 non_readable_regexs = (re.compile('^/var/log/'),
                        re.compile('^/etc/(g?shadow-?|securetty)$'))
 
@@ -871,19 +882,13 @@ class FilesCheck(AbstractCheck.AbstractC
                     is_kernel_package:
                 printError(pkg, "kernel-modules-not-in-kernel-packages", f)
 
-            for i in ['mnt','opt','usr-local','var-local','home']:
-                if f.startswith('/%s/' % i.replace('-','/')):
-                    printError(pkg, 'dir-or-file-in-%s' % i, f)
-
-            if tmp_regex.search(f):
-                printError(pkg, 'dir-or-file-in-tmp', f)
+            for i in disallowed_dirs:
+                if f.startswith(i):
+                    printError(pkg, 'dir-or-file-in-%s' % '-'.join(i.split('/')[1:]), f)
 
-            elif f.startswith('/var/run/'):
+            if f.startswith('/run/'):
                 if f not in ghost_files:
-                    printWarning(pkg, 'non-ghost-in-var-run', f)
-            elif f.startswith('/var/lock/'):
-                if f not in ghost_files:
-                    printWarning(pkg, 'non-ghost-in-var-lock', f)
+                    printWarning(pkg, 'non-ghost-in-run', f)
             elif sub_bin_regex.search(f):
                 printError(pkg, 'subdir-in-bin', f)
             elif '/site_perl/' in f:
@@ -1466,35 +1471,10 @@ install-info.''',
 '''You have a perl temporary file in your package. Usually, this
 file is beginning with a dot (.) and contain "perl" in its name.''',
 
-'dir-or-file-in-tmp',
-'''A file in the package is located in /tmp. It's not permitted
-for packages to install files in this directory.''',
-
-'dir-or-file-in-mnt',
-'''A file in the package is located in /mnt. It's not permitted
-for packages to install files in this directory.''',
-
-'dir-or-file-in-opt',
-'''A file in the package is located in /opt. It's not permitted
-for packages to install files in this directory.''',
-
-'dir-or-file-in-usr-local',
-'''A file in the package is located in /usr/local. It's not permitted
-for packages to install files in this directory.''',
-
-'dir-or-file-in-var-local',
-'''A file in the package is located in /var/local. It's not permitted
-for packages to install files in this directory.''',
-
-'non-ghost-in-var-run',
-'''A file or directory in the package is located in /var/run. Files installed
-in this directory should be marked as %ghost and created at runtime to work
-properly in tmpfs /var/run setups.''',
-
-'non-ghost-in-var-lock',
-'''A file or directory in the package is located in /var/lock. Files installed
+'non-ghost-in-run',
+'''A file or directory in the package is located in /run. Files installed
 in this directory should be marked as %ghost and created at runtime to work
-properly in tmpfs /var/lock setups.''',
+properly in tmpfs /run setups.''',
 
 'subdir-in-bin',
 '''The package contains a subdirectory in /usr/bin. It's not permitted to
@@ -1505,10 +1485,6 @@ create a subdir there. Create it in /usr
 by an editor or resulting from applying unclean (fuzzy, or ones with line
 offsets) patches.''',
 
-'dir-or-file-in-home',
-'''A file in the package is located in /home. It's not permitted
-for packages to install files in this directory.''',
-
 'version-control-internal-file',
 '''You have included file(s) internally used by a version control system
 in the package. Move these files out of the package and rebuild it.''',
@@ -1832,6 +1808,13 @@ as part of the example documentation mea
 use it and setup a insecure configuration.'''
 )
 
+for i in disallowed_dirs:
+    addDetails('dir-or-file-in-%s' % '-'.join(i.split('/')[1:]),
+    '''A file in the package is located in %s. It's not permitted
+for packages to install files in this directory.''' % i)
+
+
+
 # FilesCheck.py ends here
 
 # Local variables:
Index: rpmlint-1.5/config
===================================================================
--- rpmlint-1.5.orig/config
+++ rpmlint-1.5/config
@@ -126,6 +126,10 @@ from Config import *
 # Type: tuple of strings, see DEFAULT_STANDARD_USERS in FilesCheck
 #setOption("StandardUsers", ())
 
+# List of directory prefixes that are not allowed in packages
+# Type: tuple of strings, see DEFAULT_DISALLOWED_DIRS in FilesCheck
+#setOption("DisallowedDirs", ('/home', '/mnt'))
+
 # List of directories considered to be system default library search paths.
 # Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck
 #setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))