TWiki>
EMI Web>EmiProjectStructure>SA2>SA2-internal>TSA22>SQAP>EMIEPELcompliance (2013-03-11, FrantisekDvorak)
EditAttachPDF
EMI Web>EmiProjectStructure>SA2>SA2-internal>TSA22>SQAP>EMIEPELcompliance (2013-03-11, FrantisekDvorak) EditAttachPDFEPEL compliance in EMI
Proposal
- EMI Year 1:
- EMI Packaging policy makes reference to EPEL Packaging Guidelines. All EMI 1 released packages meet the EMI Packaging Policy.
- EMI Year 2:
- Each PT nominates an EPEL maintainer who starts learning how to release packages in EPEL. Steve Traylen is available to sponsor new maintainers.
- All EMI packages are provided as source packages in EMI 2. It is optional to use ETICS in order to do this.
- RPMlint is run for all packages. RPMlint errors are reported back to PTs and followed up at the EMT meetings.
- EMI Year 3:
- Each PT has an official EPEL maintainer.
- All EMI packages are provided as 100% EPEL compliant source packages in EMI 3.
- All EMI packages are also available in EPEL.
Status of EMI products in EPEL
Please, check the Fedora SIG on Grid Computing
.
| EMI product | Maintainer | Source Packages | EMI package in EPEL | Comments | |
| Compute Area | |||||
|---|---|---|---|---|---|
| ARC CE | Unknown | Unknown | Yes nordugrid-arc |
Maintainer: Mattias Ellert | |
| ARC Clients | Unknown | Unknown | Yes nordugrid-arc |
Maintainer: Mattias Ellert | |
| BLAH | Unknown | Unknown | No | no answer | |
| CEMon | Unknown | Unknown | No | no answer | |
| CREAM LSF module | Unknown | Unknown | No | Probably problems with Java | |
| CREAM Torque module | Unknown | Unknown | torque |
Maintainer for toque - Steve Traylen yaim, schedulers - not available, Probably problems with Java |
|
| CREAM SGE module | Unknown | Unknown | None in EMI yet but gridengine available |
Probably problems with Java | |
| CREAM | Unknown | Unknown | No | Probably problems with Java - Paolo Andreetto: "Now the service depends on Axis2, which depends on many java packages not available on EPEL. We will be able to provide some EPEL-compliant CREAM rpms but the Axis2 one will not." | |
| gLite-CLUSTER | Unknown | Unknown | No | ||
| gLite-MPI | Unknown | Unknown | No EMI package in EPEL (yaim, mpi-start, glite-mpi) but mpich2 available |
||
| L&B | František Dvořák | http://scientific.zcu.cz/emi/ |
No | Several components already submitted for review Reviews pending |
|
| TORQUE server config | Unknown | Unknown | No EMI package in EPEL (yaim) but torque available (by Steve Traylen) |
||
| TORQUE WN config | Unknown | Unknown | No EMI package in EPEL (yaim) but torque available (by Steve Traylen) |
||
| UNICORE Client | Unknown | Unknown | No | EPEL compliance unrealistic due to Java dependencies not in EPEL" | |
| UNICORE HILA | Unknown | Unknown | No | EPEL compliance unrealistic due to Java dependencies not in EPEL" | |
| UNICORE TSI | Unknown | Unknown | No | ||
| UNICORE/X | Unknown | Unknown | No | EPEL compliance unrealistic due to Java dependencies not in EPEL" | |
| WMS | Unknown | Unknown | No | ||
| Data Area | |||||
| AMGA | Unknown | Unknown | No | ||
| ARC GridFtp server | Unknown | Unknown | Yes nordugrid-arc (by Mattias Ellert) |
||
| dCache | Unknown | Unknown | Only dcap (by Mattias Ellert) |
We are investigating at the moment whether we could become fully EPEL compliant for dCache-server. | |
| DPM | Unknown | Unknown | Yes lcgdm (by Mattias Ellert) |
||
| FTS | Unknown | Unknown | No | ||
| GFAL/lcg_util | Adrien Devresse | lcgutil |
Yes | ||
| LFC | Unknown | Unknown | Yes lcgdm (by Mattias Ellert) |
||
| StoRM SE | Unknown | Unknown | No | Probably problems with Java - Michele Dibenedetto: "this is also the case of StoRM Java component" | |
| Security Area | |||||
| ARC Core | Unknown | Unknown | Yes nordugrid-arc (by Mattias Ellert) |
||
| ARGUS | Unknown | Unknown | No | Probably problems with Java - Valery Tschopp: "Argus services (PAP, PDP, PEP Server) are fully build with maven, and have a lot of dependencies which are not in EPEL (OpenSAML, HERASAF Core XACML, ...). All these dependencies have dependencies by their own. In the Argus case, maven resolve "magically" all the dependencies, pulling them down from the the central maven repository. For a lot of EMI Java components, the EPEL compliance will be a difficult, if not impossible goal to achieve. For the Argus client library (C and Java) EPEL compliance should be investigated, but is certainly possible." | |
| ARGUS-EES | Unknown | Yes for C (self maintained ) | No | Mischa Salle: The C part is in the process of going to EPEL, the Java part should be easy as it builds without Maven. | |
| Delegation Java | Unknown | Unknown | Unknown | Yes util-java (by Steve Traylen) |
|
| gLExec-wn | Unknown | Yes (self maintained ) | No | Mischa Salle: In the process of going to EPEL Explanations for the RPMlint errors (#35946 : - nagios and emi-glexec_wn error message are due to the etics packager and should be solved when we use our own spec file/rpm. - the glexec.conf and lcmaps-glexec.db can contain sensitive information. - making the glexec binary already setuid in the RPM allows the use of rpm -V - making the glexec binary unreadable is not necessary for setuid-mode but helps a bit in logging-only mode. It certainly doesn't harm. |
|
| gLite-gsoap/gss | František Dvořák | http://scientific.zcu.cz/emi/ |
No | Submitted for review Review pending |
|
| gLite-proxyrenewal | František Dvořák | http://scientific.zcu.cz/emi/ |
No | Submitted for review Review pending |
|
| gridsite | František Dvořák | http://scientific.zcu.cz/emi/ |
Yes gridsite (by Steve Traylen) |
Some exceptions from packaging rules necessary: overview at https://twiki.cern.ch/twiki/bin/view/EMI/CesnetSecurity#GridSite_AN1 Most exceptions won't be necessary as of EMI-3 |
|
| Hydra | Unknown | Unknown | No | ||
| Trustmanager | Unknown | Unknown | Yes Trustmanager (by Steve Traylen) |
||
| UNICORE Gateway | Unknown | Unknown | No | EPEL compliance unrealistic due to Java dependencies not in EPEL | |
| UNICORE XUUDB | Unknown | Unknown | No | EPEL compliance unrealistic due to Java dependencies not in EPEL | |
| UNICORE Services Environment (USE) | Unknown | Unknown | No | EPEL compliance unrealistic due to Java dependencies not in EPEL | |
| UNICORE UVOS | Unknown | Unknown | No | EPEL compliance unrealistic due to Java dependencies not in EPEL | |
| VOMS | Unknown | Unknown | Yes VOMS, VOMS mysql (by Mattias Ellert) |
||
| VOMS-Admin | Unknown | Unknown | No | The packaging will be as compliant as possibile for a Java package that carries some jar dependencies in the package | |
| STS | Unknown | Unknown | No | ||
| Pseudonymity | Unknown | Unknown | No | ||
| caNl C | František Dvořák | http://scientific.zcu.cz/emi/emi.canl.c/ |
Yes canl-c |
thanks to Mattias for review | |
| Infrastructure Area | |||||
| APEL parsers | Unknown | Unknown | No | EMI 2 (Java) will not be placed in EPEL. EMI 3 (Python) has a couple of rpmlint warnings remaining. | |
| APEL publisher | Unknown | Unknown | No | EMI 2 (Java) will not be placed in EPEL. EMI 3 (Python) has a couple of rpmlint warnings remaining. | |
| APEL SSM | Unknown | Unknown | No | EMI 3 (Python) has a couple of rpmlint warnings remaining. | |
| ARC InfoSys | Unknown | Unknown | Yes nordugrid-arc (by Mattias Ellert) |
||
| BDII core | Unknown | Unknown | Yes bdii (by Laurence Field) |
See BDII status in EPEL for more details | |
| BDII site | Unknown | Unknown | No | ||
| BDII top | Unknown | Unknown | No | ||
| DGAS-sensors | Unknown | Unknown | No | ||
| lcg-info-clients | Unknown | Unknown | No | ||
| RAL-SAGA-SD | Unknown | Unknown | No | ||
| UNICORE Registry | Unknown | Unknown | No | EPEL compliance unrealistic due to Java dependencies not in EPEL | |
| EMI Service Registry | Unknown | Unknown | No | Probably problems with Java - Shiraz Memon: "EMI Registry (EMIR), which is being developed in Java and having dependencies on several external libraries" | |
| EMI messaging layer | Unknown | Unknown | Yes messaging lib (by Steve Traylen) |
||
| Integration | |||||
| EMI-UI | Unknown | Unknown | No (I guess only the yaim configuration is needed) | ||
| EMI-WN | Unknown | Unknown | No (I guess only the yaim configuration is needed) | ||
| gLite-yaim-core | Unknown | Unknown | No |
Top rated list of Errors/Warning found by RPMlint in ETICS
At the time of writing, 49 packages (around 8%) had no errors. Last update: the percentage of packages compliant to EPEL is 10% (on 17/10/2012) according to the RPMLint report
Top 4 Errors (updated on 17/10/2012, based on QA report)
| Rating | Name of Error | Description | No. of Affected Packages (occurrences of error) | Packages fully compliant if this error and higher priority errors resolved | Action for ETICS | Action for Product Teams |
|---|---|---|---|---|---|---|
| 4th | library-without-ldconfig-postin | This package contains a library and provides no %post scriptlet containing a call to ldconfig. | 37 (52) | 235 | - | - |
| 1st | no-changelogname-tag | There is no %changelog tag in your spec file. To insert it, just insert a '%changelog' in your spec file and rebuild it. | 111 (111) | 182 | None | Add changelog |
| 2nd | no-dependency-on | rpmlint has detected that the package uses some capabilities not provided by its dependencies. E.g., the package installs Perl modules but does not require Perl itself. | 56 (58) | 210 | - | - |
| 3rd | incoherent-version-in-name | The package name should contain the major version of the library. For example, if a package provides libxml2.so* library, it should contain 'xml2' in its name ('libxml2' or 'lib64xml2') | 49 (49) | 235 | - | - |
Demoted Errors
| Rating | Name of Error | Description | Starting No. of Affected Packages (occurrences of error) | Recent No. of Affected Packages (occurrences of error) | Action for ETICS | Action for Product Teams |
|---|---|---|---|---|---|---|
| Previously 5th | incoherent-version-in-name | The package name should contain the major version of the library | 55 (55) | 322 | The package should be of the noarch architecture because it doesn't contain any binaries. | To be investigated |
| Previously 1st | no-signature | This error occurs because your package is not signed. Since Fedora doesn't store SRPMS in CVS (only the files inside them), you do not need to sign your package, and you can ignore this error. | 634 (634) | approx. 25 |  Fixed by ETICS client (tested) |
Ignore |
| Previously 3rd | no-packager-tag | There is no Packager tag in your package. In Fedora, Packager tag is not used, so you can ignore this error. | 110 (110) | 288 | None | Ignore |
| Previously 5th | hardcoded-library-path | A library path is hardcoded to one of the following paths: /lib, /usr/lib. It should be replaced by something like /%{_lib} or %{_libdir}. | 84 (799) | 24 (37) | No action |
Self explanatory, use %{_lib} or %{_libdir} |
| Previously 3rd | non-versioned-file-in-library-package | The package contains files in non versioned directories. This makes it impossible to have multiple major versions of the libraries installed. One solution can be to change the directories which contain the files to subdirs of /usr/lib/ |
65 (1258) | 286 | If ETICS does this, fix versioning | Fix versioning |
| Prevously 4th | incoherent-version-in-name | The package name should contain the major version of the library | 64 (64) | 298 | Naming of all ETICS artefacts is being discussed and will be changed. | None at the moment |
Top 6 Warnings
| Rating | Name of Warning | Description | No. of Affected Packages (occurrences of warning) | Action for ETICS | Action for Product Teams |
|---|---|---|---|---|---|
| 6th | hardcoded-package-tag | The Packager tag is hardcoded in your spec file. It should be removed, so as to use rebuilder's own defaults. | 128 (128) | Remove | Remove |
| 1st | invalid-license | The value of the License tag was not recognized. Known values are: "Academic Free License", "Adaptive Public License", "AGPLv3", "AGPLv3+", ... | 633 (633) | Should be investigated, ASL 2.0 should be included (License List) | Ignore for now |
| 2nd | no-documentation | The package contains no documentation (README, doc, etc). You have to include documentation files. | 348 (348) | - | - |
| 3rd | no-url-tag | The URL tag is missing. | 242 (242) | No action, unless it can be autogenerated for all packages | Please include URL or defined package.URL in ETICS |
| 4th | invalid-url | The value should be a valid, public HTTP, HTTPS, or FTP URL. | 220 (220) | If defined correct syntax | Customized spec file should be corrected |
| 5th | setup-not-quiet | Use the -q option to the %setup macro to avoid useless build output from unpacking the sources. | 120 (120) | Check whether -q always set | Customized spec file should be corrected |
EPEL Packaging Guidelines
For more details, please check EPEL Packaging Guidelines.
| Packaging Issues | Dealt with in EMI? | At which stage of the SW lifecycle is this reviewed? | Comments |
| Naming | |||
| Version and Release | |||
| Licensing | |||
| Packages which are not useful without external bits | |||
| No inclusion of pre-built binaries or libraries | |||
| Spec Legibility - writing a package from scratch: Fedora spec file template | |||
| Spec Legibility - modifying an existing package: check existing spec file | |||
| Architecture support | |||
| Architecture build failures | |||
| Filesystem layout (FHS) | |||
| Filesystem layout (FHS): libexecdir | |||
| Filesystem layout (FHS): /run | |||
| Filesystem layout (FHS): /bin and /sbin | |||
| RPMlint | |||
| Changelogs | |||
| Tags: Packager not used | |||
| Tags: Vendor not used | |||
| Tags: Copyright not used | |||
| Tags: Summary not used | |||
| Tags: Prereq not used | |||
| Tags: Source | |||
| Tags: Requires recommendations | |||
| File dependencies | |||
| Explicit Requires | |||
| BuildRequires | |||
| Summary and Description | |||
| Encoding | |||
| Documentation | |||
| Compiler flags | |||
| Debuginfo packages | |||
| Devel packages | |||
| Pkgconfig files | |||
| Requiring base package | |||
| Shared libraries | |||
| Packaging static libraries | |||
| Static linking executables | |||
| Duplication of system libraries | |||
| Rpath | |||
| Configuration files | |||
| Systemd | |||
| Desktop files | |||
| Macros | |||
| %global preferred over %define | |||
| Handling Locale files | |||
| Timestamps | |||
| Parallel make | |||
| Scriplets | |||
| Conditional dependencies | |||
| Build packages wit separate user accounts | |||
| Code vs Content | |||
| File and Directory ownership | |||
| Users and groups | |||
| Web applications | |||
| Conflicts | |||
| No external kernel modules | |||
| No files or directories under /srv | |||
| Bundling of multiple projects | |||
| All patches should have an upstream bug link or comment | |||
| Use of epochs | |||
| Symlinks | |||
| Man pages | |||
| Test suites | |||
| tmpfiles.d | |||
| Renaming/Replacing existing packages | |||
| Application specific guidelines |
EPEL Packaging Review Guidelines
For more details, please check EPEL Review Guidelines and EPEL Review Process.
| Checklist | Dealt with in EMI? | At which stage of the SW lifecycle is this reviewed? | Comments |
| RPMlint output of source rpm and EPEL binary rpm | |||
| Package named according to Package Naming Guidelines | |||
spec file matches the base package %{name} in the format %{name}.spec |
|||
| Package meets Packaging Guidelines | |||
| Package meets Licensing Guidelines | |||
| License field must match the actual license | |||
File with licenses in case it exists, should be included in %doc |
|||
| spec must be written in American English | |||
| spec file must be legible | |||
| sources must match the upstream source | |||
| package must compile and build into binary rpms on at least one primary architecture | |||
ExcludeArch has to be used if binary doesn't build in one primary architecture |
|||
| A bugzilla bug has to be filed explaining why the binary doesn't build in each primary architecture, if any | |||
BuildRequires must list all build dependencies |
|||
| spec file must handle locales properly | |||
rpm with shared libraries must call ldconfig in %post and %postun |
|||
| packages must not bundle copies of system libraries | |||
| If package is relocatable, the packager must state this fact in the request for review | |||
| package must own all directories it creates | |||
Files shouldn't be listed more than once in %files |
|||
| Permissions on files must be set properly | |||
| Packages must consistently use macros | |||
| Packages must contain code or permissable content | |||
| large documentation files must go in a -doc subpackage | |||
%doc shouldn't prevent the package to run properly |
|||
| header files must be in a -devel package | |||
| static libraries must be in a -static package | |||
Library files that end in .so must go in a -devel package |
|||
| devel packages must require the base package using a fully versioned dependency | |||
packages must not contain any .la libtool archives |
|||
GUI applications must include a %{name].desktop file |
|||
| Packages must not own files or directories already owned by other packages | |||
| All filenames in rpm packages must be valid UTF-8 |
EPEL Licensing Guidelines
For more details, please check EPEL Licensing Guidelines and the Fedora Licensing list.
EPEL Package Naming Guidelines
For more details, please check Package Naming Guidelines.
Other Most Common Errors
For more details, please check Most Common Errors
Rpmlint Checks
For more details, please check Rpmlint
| Check name | Error/Warning | Problem description |
|---|---|---|
| Binaries Check | Checks binary files in a binary rpm package. Checks various things as directory where it is, name, rpath, library versions, etc. | |
| arch-independent-package-contains-binary-or-object | E | The package contains a binary or object file but is tagged noarch. |
| arch-dependent-file-in-usr-share | E | This package installs an ELF binary in the /usr/share hierarchy, which is reserved for architecture-independent files. |
| binary-in-etc | E | This package installs an ELF binary in /etc. Both the FHS and the FSSTND forbid this. |
| invalid-soname | E | The soname of the library is neither of the form lib |
| invalid-ldconfig-symlink | E | The symbolic link references the wrong file. It should reference the shared library. |
| no-ldconfig-symlink | E | The package should not only include the shared library itself, but also the symbolic link which ldconfig would produce. (This is necessary, so that the link gets removed by rpm automatically when the package gets removed, even if for some reason ldconfig would not be run at package postinstall phase.) |
| shlib-with-non-pic-code | E | The listed shared libraries contain object code that was compiled without -fPIC. All object code in shared libraries should be recompiled separately from the static libraries with the -fPIC option. Another common mistake that causes this problem is linking with ``gcc -Wl,-shared'' instead of ``gcc -shared' |
| binary-or-shlib-defines-rpath | E | The binary or shared library defines `RPATH'. Usually this is a bad thing because it hardcodes the path to search libraries and so makes it difficult to move libraries around. Most likely you will find a Makefile with a line like: gcc test.o -o test -Wl,--rpath. Also, sometimes configure scripts provide a --disable-rpath flag to avoid this. |
| statically-linked-binary | E | The package installs a statically linked binary or object file. Usually this is a packaging bug. If not, contact your rpmlint distributor about this so that this error gets included in the exception file for rpmlint and will not be flagged as a packaging bug in the future (or add it to your local configuration if you installed rpmlint from the source tarball). |
| executable-in-library-package | E | The package mixes up libraries and executables. Mixing up these both types of files makes upgrades quite impossible. |
| non-versioned-file-in-library-package | E | The package contains files in non versioned directories. This makes it impossible to have multiple major versions of the libraries installed. One solution can be to change the directories which contain the files to subdirs of /usr/lib/ |
| incoherent-version-in-name | E | The package name should contain the major version of the library. |
| invalid-directory-reference | E | This file contains a reference to /tmp or /home. |
| no-binary | E | The package should be of the noarch architecture because it doesn't contain any binaries. |
| undefined-non-weak-symbol | W | The binary contains undefined non-weak symbols. This may indicate improper linkage; check that the binary has been linked as expected. |
| unused-direct-shlib-dependency | W | The binary contains unused direct shared library dependencies. This may indicate gratuitously bloated linkage; check that the binary has been linked with the intended shared libraries only. |
| only-non-binary-in-usr-lib | W | There are only non binary files in /usr/lib so they should be in /usr/share. |
| binaryinfo-readelf-failed | W | Executing readelf on this file failed, all checks could not be run. |
| binaryinfo-tail-failed | W | Reading trailing bytes of this file failed, all checks could not be run. |
| ldd-failed | W | Executing ldd on this file failed, all checks could not be run. |
| executable-stack | W | The binary declares the stack as executable. Executable stack is usually an error as it is only needed if the code contains GCC trampolines or similar constructs which uses code on the stack. One common source for needlessly executable stack cases are object files built from assembler files which don't define a proper .note.GNU-stack section. |
| missing-PT_GNU_STACK-section | W | The binary lacks a PT_GNU_STACK section. This forces the dynamic linker to make the stack executable. Usual suspects include use of a non-GNU linker or an old GNU linker version. |
| shared-lib-calls-exit | W | This library package calls exit() or _exit(), probably in a non-fork() context. Doing so from a library is strongly discouraged - when a library function calls exit(), it prevents the calling program from handling the error, reporting it to the user, closing files properly, and cleaning up any state that the program has. It is preferred for the library to return an actual error code and let the calling program decide how to handle the situation. |
| ocaml-mixed-executable | W | Executables built with ocamlc -custom are deprecated. Packagers should ask upstream maintainers to build these executables without the -custom option. If this cannot be changed and the executable needs to be packaged in its current form, make sure that rpmbuild does not strip it during the build, and on setups that use prelink, make sure that prelink does not strip it either, usually by placing a blacklist file in /etc/prelink.conf.d. For more information, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49 |
| non-position-independent-executable | W | This executable must be position independent. Check that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags. |
| Config | Checks configurations files of the package. Checks their path and if they have the replace flag | |
| score-file-must-not-be-conffile | E | A file in /var/lib/games/ is a configuration file. Store your conf files in /etc instead. |
| non-etc-or-var-file-marked-as-conffile | W | A file not in /etc or /var is marked as being a configuration file. Please put your conf files in /etc or /var. |
| conffile-without-noreplace-flag | W | A configuration file is stored in your package without the noreplace flag. A way to resolve this is to put the following in your SPEC file: %config(noreplace) /etc/your_config_file_here |
| Distribution | Checks the Distribution specificities in binary rpm packages. Checks vendor, distribution and pages compression ONLY if the correct one is set in rpmlint options | |
| invalid-vendor | W | The vendor should be [vendor] |
| invalid-distribution | W | The distribution value should be [dist] |
| manpage-not-compressed | W | This manual page is not compressed with the %s compression method (does not have the %s extension). If the compression does not happen automatically when the package is rebuilt, make sure that you have the appropriate rpm helper and/or config packages for your target distribution installed and try rebuilding again; if it still does not happen automatically, you can compress this file in the %%install section of the spec file. |
| infopage-not-compressed | W | This info page is not compressed with the %s compression method (does not have the %s extension). If the compression does not happen automatically when the package is rebuilt, make sure that you have the appropriate rpm helper and/or config packages for your target distribution installed and try rebuilding again; if it still does not happen automatically, you can compress this file in the %%install section of the spec file. |
| DocFiles | Just checks binary packages with documentation files. Searches dependency requirements which are caused only by doc files. | |
| doc-file-dependency | W | An included file marked as %doc creates a possible additional dependency in the package. Usually, this is not wanted and may be caused by eg. example scripts with executable bits set included in the package's documentation. |
| install-file-in-docs | W | A file whose name suggests that it contains installation instructions is included in the package. Such instructions are often not relevant for already installed packages; if this is the case for this file and it does not contain any information that is of interest after the package has been built and installed, do not include the file in the binary package. |
| Naming Policy | Checks file names in the following way: checks file directory. If it has a specific pattern, check if the package name is what is expected. | |
| naming-policy-not-applied | ? | This error occurs ly the files inside them), you do not need to sign your package, and you can ignore this error. |
| Files | Checks install directories, permissions, ownership, file types, etc. | |
| no-documentation | W | The package contains no documentation (README, doc, etc). You have to include documentation files. |
| not-listed-as-documentation | E | The documentation files of this package are not listed with the standard %doc tag. |
| non-standard-uid | W | A file in this package is owned by a non standard user. |
| non-standard-gid | W | A file in this package is owned by a non standard group. |
| library-without-ldconfig-postin | E | This package contains a library and provides no %post scriptlet containing a call to ldconfig. |
| postin-without-ldconfig | E | This package contains a library and its %post scriptlet doesn't call ldconfig. |
| library-without-ldconfig-postun | E | This package contains a library and provides no %postun scriptlet containing a call to ldconfig. |
| postun-without-ldconfig | E | This package contains a library and its %postun doesn't call ldconfig. |
| info-files-without-install-info-postin | E | This package contains info files and provides no %post scriptlet containing a call to install-info. |
| postin-without-install-info | E | This package contains info files and its %post doesn't call install-info. |
| info-files-without-install-info-postun | E | This package contains info files and provides no %postun scriptlet containing a call to install-info. |
| postun-without-install-info | E | This package contains info files and its %postun doesn't call install-info. |
| perl-temp-file | W | You have a perl temporary file in your package. Usually, this file is beginning with a dot (.) and contain "perl" in its name. |
| dir-or-file-in-tmp | E | A file in the package is located in /tmp. It's not permitted for packages to install files in this directory. |
| dir-or-file-in-mnt | E | A file in the package is located in /mnt. It's not permitted for packages to install files in this directory. |
| dir-or-file-in-opt | E | A file in the package is located in /opt. It's not permitted for packages to install files in this directory. |
| dir-or-file-in-usr-local | E | A file in the package is located in /usr/local. It's not permitted for packages to install files in this directory. |
| dir-or-file-in-var-local | E | A file in the package is located in /var/local. It's not permitted for packages to install files in this directory. |
| non-ghost-in-var-run | W | A file or directory in the package is located in /var/run. Files installed in this directory should be marked as %ghost and created at runtime to work properly in tmpfs /var/run setups. |
| non-ghost-in-var-lock | W | A file or directory in the package is located in /var/lock. Files installed in this directory should be marked as %ghost and created at runtime to work properly in tmpfs /var/lock setups. |
| subdir-in-bin | E | The package contains a subdirectory in /usr/bin. It's not permitted to create a subdir there. Create it in /usr/lib/ instead. |
| backup-file-in-package | E | You have a file whose name looks like one for backup files, usually created by an editor or resulting from applying unclean (fuzzy, or ones with line offsets) patches. |
| dir-or-file-in-home | E | A file in the package is located in /home. It's not permitted for packages to install files in this directory. |
| version-control-internal-file | E | You have included file(s) internally used by a version control system in the package. Move these files out of the package and rebuild it. |
| htaccess-file | E | You have individual apache configuration .htaccess file(s) in your package. Replace them by a central configuration file in /etc/, according to the web application packaging policy for your distribution. |
| info-dir-file | E | You have /usr/info/dir or /usr/share/info/dir in your package. It will cause conflicts with other packages and thus is not allowed. Please remove it and rebuild your package. |
| non-conffile-in-etc | W | A non-executable file in your package is being installed in /etc, but is not a configuration file. All non-executable files in /etc should be configuration files. Mark the file as %config in the spec file. |
| compressed-symlink-with-wrong-ext | E | The symlink points to a compressed file but doesn't use the same extension. |
| setuid-binary | E | The file is setuid; this may be dangerous, especially if this file is setuid root. Sometimes file capabilities can be used instead of setuid bits. |
| setgid-binary | E | The file is setgid. Usually this is a packaging bug. If this is a game, then, you should use the proper rpm group, or location. |
| non-standard-executable-perm | E | A standard executable should have permission set to 0755. If you get this message, it means that you have a wrong executable permissions in some files included in your package. |
| non-executable-in-bin | W | A file is being installed in /usr/bin, but is not an executable. Be sure that the file is an executable or that it has executable permissions. |
| devel-file-in-non-devel-package | W | A development file (usually source code) is located in a non-devel package. If you want to include source code in your package, be sure to create a development package. |
| non-standard-dir-perm | E | A standard directory should have permission set to 0755. If you get this message, it means that you have wrong directory permissions in some dirs included in your package. |
| spurious-executable-perm | W | The file is installed with executable permissions, but was identified as one that probably should not be executable. Verify if the executable bits are desired, and remove if not. |
| world-writable | E | A file or directory in the package is installed with world writable permissions, which is most likely a security issue. |
| standard-dir-owned-by-package | E | This package owns a directory that is part of the standard hierarchy, which can lead to default directory permissions or ownerships being changed to something non-standard. |
| no-dependency-on | E | - |
| cross-directory-hard-link | W | File is hard linked across directories. This can cause problems in installations where the directories are located on different devices. |
| dangling-symlink | W | The target of the symbolic link does not exist within this package or its file based dependencies. Verify spelling of the link target and that the target is included in a package in this package's dependency chain. |
| symlink-should-be-relative | W | Absolute symlinks are problematic eg. when working with chroot environments. symlinks(8) is a tool that can be useful for creating/dealing with relative symlinks at package build time. |
| dangling-relative-symlink | W | The target of the symbolic link does not exist within this package or its file based dependencies. Verify spelling of the link target and that the target is included in a package in this package's dependency chain. |
| symlink-has-too-many-up-segments | E | - |
| symlink-should-be-absolute | W | - |
| symlink-contains-up-and-down-segments | E | - |
| non-readable | E | The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). |
| incoherent-logrotate-file | E | Your logrotate file should be named /etc/logrotate.d/ |
| non-root-user-log-file | E | If you need log files owned by a non-root user, just create a subdir in /var/log and put your log files in it. |
| non-root-group-log-file | E | If you need log files owned by a non-root group, just create a subdir in /var/log and put your log files in it. |
| non-ghost-file | E | File should be tagged %ghost. |
| outside-libdir-files | E | This library package must not contain non library files to allow 64 and 32 bits versions of the package to coexist. |
| hidden-file-or-dir | W | The file or directory is hidden. You should see if this is normal, and delete it from the package if not. |
| module-without-depmod-postin | E | This package contains a kernel module but provides no call to depmod in the %post scriptlet. |
| postin-with-wrong-depmod | E | This package contains a kernel module but its %post scriptlet calls depmod for the wrong kernel. |
| module-without-depmod-postun | E | This package contains a kernel module but provides no call to depmod in the %postun scriptlet. |
| postun-with-wrong-depmod | E | This package contains a kernel module but its %postun scriptlet calls depmod for the wrong kernel. |
| log-files-without-logrotate | W | This package contains files in /var/log/ without adding logrotate configuration for them. |
| unexpanded-macro | W | This package contains a file whose path contains something that looks like an unexpanded macro; this is often the sign of a misspelling. Please check your specfile. |
| manifest-in-perl-module | W | This perl module package contains a MANIFEST or a MANIFEST.SKIP file in the documentation directory. |
| siteperl-in-perl-module | W | This perl module package installs files under the subdirectory site_perl, while they must appear under vendor_perl. |
| executable-marked-as-config-file | E | Executables must not be marked as config files because that may prevent upgrades from working correctly. If you need to be able to customize an executable, make it for example read a config file in /etc/sysconfig. |
| sourced-script-with-shebang | E | This text file contains a shebang, but is meant to be sourced, not executed. |
| executable-sourced-script | E | This text file has executable bit set, but is meant to be sourced, not executed. |
| wrong-script-interpreter | E | This script uses an incorrect interpreter. |
| non-executable-script | E | This text file contains a shebang or is located in a path dedicated for executables, but lacks the executable bits and cannot thus be executed. If the file is meant to be an executable script, add the executable bits, otherwise remove the shebang or move the file elsewhere. |
| script-without-shebang | E | This text file has executable bits set or is located in a path dedicated for executables, but lacks a shebang and cannot thus be executed. If the file is meant to be an executable script, add the shebang, otherwise remove the executable bits or move the file elsewhere. |
| wrong-script-end-of-line-encoding | E | This script has wrong end-of-line encoding, usually caused by creation or modification on a non-Unix system. It will prevent its execution. |
| wrong-file-end-of-line-encoding | W | This file has wrong end-of-line encoding, usually caused by creation or modification on a non-Unix system. It could prevent it from being displayed correctly in some circumstances. |
| file-not-utf8 | W | The character encoding of this file is not UTF-8. Consider converting it in the specfile's %prep section for example using iconv(1). |
| filename-not-utf8 | E | The character encoding of the name of this file is not UTF-8. Rename it. |
| file-in-meta-package | W | This package seems to be a meta-package (an empty package used to require other packages), but it is not empty. You should remove or rename it, see the option MetaPackageRegexp. |
| empty-debuginfo-package | E | This debuginfo package contains no files. This is often a sign of binaries being unexpectedly stripped too early during the build, rpmbuild not being able to strip the binaries, the package actually being a noarch one but erratically packaged as arch dependent, or something else. Verify what the case is, and if there's no way to produce useful debuginfo out of it, disable creation of the debuginfo package. |
| debuginfo-without-sources | E | This debuginfo package appears to contain debug symbols but no source files. This is often a sign of binaries being unexpectedly stripped too early during the build, or being compiled without compiler debug flags (which again often is a sign of distro's default compiler flags ignored which might have security consequences), or other compiler flags which result in rpmbuild's debuginfo extraction not working as expected. Verify that the binaries are not unexpectedly stripped and that the intended compiler flags are used. |
| read-error | W | This file could not be read. A reason for this could be that the info about it in the rpm header indicates that it is supposed to be a readable normal file but it actually is not in the filesystem. Because of this, some checks will be skipped. |
| executable-crontab-file | E | This crontab file has executable bit set, which is refused by newer version of cron |
| non-owner-writeable-only-crontab-file | E | This crontab file is writeable by other users as its owner, which is refused by newer version of cron and insecure. |
| symlink-crontab-file | E | This crontab file is a symbolic link, which is insecure and refused by newer version of cron. |
| rpath-in-buildconfig | E | This build configuration file contains rpaths which will be introduced into dependent packages. |
| python-bytecode-wrong-magic-value | E | The "magic" ABI version embedded in this python bytecode file isn't equal to that of the corresponding runtime, which will force the interpreter to recompile the .py source every time, ignoring the saved bytecode. |
| python-bytecode-inconsistent-mtime | The timestamp embedded in this python bytecode file isn't equal to the mtime of the original source file, which will force the interpreter to recompile the .py source every time, ignoring the saved bytecode. | |
| python-bytecode-without-source | W | This python bytecode file (.pyo/.pyc) is not accompanied by its original source file (.py). |
| duplicate-executable | W | This executable file exists in more than one standard binary directories. It can cause problems when dirs in $PATH are reordered. |
| no-manual-page-for-binary | W | Each executable in standard binary directories should have a man page. |
| manual-page-warning | W | This man page may contain problems that can cause it not to be formatted as intended. |
| incorrect-fsf-address | E | The Free Software Foundation address in this file seems to be outdated or misspelled. Ask upstream to update the address, or if this is a license file, possibly the entire file with a new copy available from the FSF. |
| FHS | Checks if the File Hierarchy Standard is followed. The uses a hardcoded list of valid directories. | |
| non-standard-dir-in-usr | W | The package is creating a non-standard subdirectory in /usr. |
| FSSTND-dir-in-var | W | The package is creating an illegal directory in /var. |
| non-standard-dir-in-var | W | The package is creating a non-standard subdirectory in /var. |
| I18N | Checks I18N bugs. | |
| incorrect-i18n-tag-[local] | E | - |
| incorrect-locale-subdir | E | - |
| incorrect-locale-[local] | E | - |
| invalid-lc-messages-dir | E | - |
| invalid-locale-man-dir | E | - |
| file-not-in-lang | W | - |
| no-dependency-on | - | |
| subfile-not-in-%lang | E | If /foo/bar is not tagged %lang(XX) whereas /foo is, the package won't be installable if XX is not in %_install_langs. |
| InitScript | Checks init scripts (files in /etc/rc.d/init.d). | |
| init-script-without-chkconfig-postin | E | The package contains an init script but doesn't contain a %post with a call to chkconfig. |
| postin-without-chkconfig | E | The package contains an init script but doesn't call chkconfig in its %post script. |
| init-script-without-chkconfig-preun | E | The package contains an init script but doesn't contain a %preun with a call to chkconfig. |
| preun-without-chkconfig | E | The package contains an init script but doesn't call chkconfig in its %preun script. |
| missing-lsb-keyword | W | The package contains an init script that does not contain one of the LSB init script comment block convention keywords that are recommendable for all init scripts. If there is nothing to add to a keyword's value, include the keyword in the script with an empty value. Note that as of version 3.2, the LSB specification does not mandate presence of any keywords. |
| no-status-entry | E | In your init script (/etc/rc.d/init.d/your_file), you don't have a 'status' entry, which is necessary for good functionality. |
| no-reload-entry | W | In your init script (/etc/rc.d/init.d/your_file), you don't have a 'reload' entry, which is necessary for good functionality. |
| no-chkconfig-line | E | The init script doesn't contain a chkconfig line to specify the runlevels at which to start and stop it. |
| no-default-runlevel | W | The default runlevel isn't specified in the init script. |
| service-default-enabled | W | The service is enabled by default after "chkconfig --add"; for security reasons, most services should not be. Use "-" as the default runlevel in the init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword to fix this if appropriate for this service. |
| subsys-unsupported | E | The init script uses /var/lock/subsys which is not supported by this distribution. |
| subsys-not-used | E | While your daemon is running, you have to put a lock file in /var/lock/subsys/. To see an example, look at this directory on your machine and examine the corresponding init scripts. |
| incoherent-subsys | E | The filename of your lock file in /var/lock/subsys/ is incoherent with your actual init script name. For example, if your script name is httpd, you have to use 'httpd' as the filename in your subsys directory. It is also possible that rpmlint gets this wrong, especially if the init script contains nontrivial shell variables and/or assignments. These cases usually manifest themselves when rpmlint reports that the subsys name starts a with '$'; in these cases a warning instead of an error is reported and you should check the script manually. |
| incoherent-init-script-name | W | The init script name should be the same as the package name in lower case, or one with 'd' appended if it invokes a process by that name. |
| init-script-name-with-dot | E | The init script name should not contain a dot in its name. Some versions of chkconfig don't work as expected with init script names like that. |
| init-script-non-executable | E | The init script should have at least the execution bit set for root in order for it to run at boot time. |
| malformed-line-in-lsb-comment-block | E | - |
| redundant-lsb-keyword | E | - |
| unknown-lsb-keyword | E | - |
| LSB | Checks if rpm's name/version/release are alphanumeric and version in lower case | |
| Non-lsb-compliant-package-name | E | Your package name contains an illegal character. Use only alphanumeric symbols in your package name. |
| Non-lsb-compliant-version | E | Your version number contains an illegal character. Use only lowercase letters and/or numbers. |
| Non-lsb-compliant-release | E | Your version number contains an illegal character. Use only lowercase letters and/or numbers. |
| Menu | Checks the menu entries created by binary packages | |
| non-file-in-menu-dir | E | /usr/lib/menu must not contain anything else than normal files. |
| non-coherent-menu-filename | W | The menu file name should be /usr/lib/menu/ |
| non-readable-menu-file | E | The menu file isn't readable. Check the permissions. |
| old-menu-entry | E | Old menu from KDE or Gnome |
| non-transparent-xpm | W | xpm icon should be transparent for use in menus. |
| menu-without-postin | E | A menu file exists in the package but no %post scriptlet is present to call update-menus. |
| postin-without-update-menus | E | A menu file exists in the package but its %post scriptlet doesn't call update-menus. |
| menu-without-postun | E | A menu file exists in the package but no %postun scriptlet is present to call update-menus. |
| postun-without-update-menus | E | A menu file exists in the package but its %postun scriptlet doesn't call update-menus. |
| incoherent-package-value-in-menu | W | The package field of the menu entry isn't the same as the package name. |
| use-of-launcher-in-menu-but-no-requires-on | E | The menu command uses a launcher but there is no dependency in the package that contains it. |
| menu-command-not-in-package | W | The command used in the menu isn't included in the package. |
| menu-longtitle-not-capitalized | W | The longtitle field of the menu doesn't start with a capital letter. |
| version-in-menu-longtitle | W | The longtitle filed of the menu entry contains a version. This is bad because it will be prone to error when the version of the package changes. |
| no-longtitle-in-menu | E | The longtitle field isn't present in the menu entry. |
| menu-title-not-capitalized | W | The title field of the menu entry doesn't start with a capital letter. |
| version-in-menu-title | W | The title filed of the menu entry contains a version. This is bad because it will be prone to error when the version of the package changes. |
| no-title-in-menu | E | The title field isn't present in the menu entry. |
| invalid-menu-section | E | The section field of the menu entry isn't standard. |
| hardcoded-path-in-menu-icon | W | The path of the icon is hardcoded in the menu entry. This prevent multiple sizes of the icon from being found. |
| normal-icon-not-in-package | E | The normal icon isn't present in the package. |
| mini-icon-not-in-package | E | The mini icon isn't present in the package. |
| large-icon-not-in-package | E | The large icon isn't present in the package. |
| no-icon-in-menu | W | The menu entry doesn't contain an icon field. |
| invalid-title | E | The menu title contains invalid characters like /. |
| missing-menu-command | W | The menu file doesn't contain a command. |
| menu-in-wrong-directory | E | The menu files must be under /usr/lib/menu. |
| non-xdg-migrated-menu | E | The menu file has not been migrated to new XDG menu system. |
| MenuXDG | Checks XDG file format violation | |
| invalid-desktopfile | E | .desktop file is not valid, check with desktop-file-validate |
| non-utf8-desktopfile | E | .desktop file is not encoded in UTF-8 |
| NamingPolicy | Check package names according to their content. It uses hardcoded regular expressions depending on the location of the file. Only applies to binary packages | |
| naming-policy-not-applied | W | Name doesn't match regular expression or doesn't begin with a specific pattern |
| Pam | Checks Pluggable Authentication Module policies files | |
| use-old-pam-stack | E | Update pam file to use include instead of pam_stack. |
| Post | Checks port/pre scripts | |
| postin-without-ghost-file-creation | W | A file tagged as ghost is not created during %prein nor during %postin. |
| one-line-command-in-[scriptlet] | W | You should use %s -p |
| percent-in-[scriptlet] | W | The scriptlet contains a "%%" in a context which might indicate it being fallout from an rpm macro/variable which was not expanded during build. Investigate whether this is the case and fix if appropriate. |
| spurious-bracket-in-[scriptlet] | W | The scriptlet contains an "if []" construct without a space before the "]". |
| forbidden-selinux-command-in-[scriptlet] | E | A command which requires intimate knowledge about a specific SELinux policy type was found in the scriptlet. These types are subject to change on a policy version upgrade. Use the restorecon command which queries the currently loaded policy for the correct type instead. |
| non-empty-[scriptlet] | E | Scriptlets for the interpreter mentioned in the message should be empty. One common case where they are unintentionally not is when the specfile contains comments after the scriptlet and before the next section. Review and clean up the scriptlet contents if appropriate. |
| perl-syntax-error-in-[scriptlet] | E | - |
| bogus-variable-use-in-[scriptlet] | W | - |
| use-of-home-in-[scriptlet] | W | - |
| shell-syntax-error-in-[scriptlet] | E | - |
| no-prereq-on | E | - |
| use-tmp-in-[scriptlet] | E | - |
| update-menus-without-menu-file-in-[scriptlet] | E | - |
| dangerous-command-in-[scriptlet] | W | - |
| invalid-shell-in-[scriptlet] | E | - |
| ghost-files-without-postin | W | - |
| RpmFile | Checks rpm file name length. | |
| filename-too-long-for-joliet | W | This filename is too long to fit on a joliet filesystem (limit is 64 unicode chars). |
| Signature | Uses rpm -K. THIS CHECK WAS DISABLED | |
| unknown-key | W | You have to include your pgp or gpg signature in your package. |
| no-signature | E | The package was signed, but with an unknown key |
| Source | Checks SRPMs only. Checks mode & 07777 to be 644 or 755. tar,patch,tgz,diff should be .bz2. | |
| multiple-specfiles | E | Your package contains multiple spec files. To build a correct package, you need to have only one spec file containing all your RPM information. |
| source-or-patch-not-compressed | E | A source archive or file in your package is not compressed using the %s compression method (doesn't have the %s extension). – %s is usually bz2. |
| strange-permission | W | A file that you listed to include in your package has strange permissions. Usually, a file should have 0644 permissions |
| Spec | Checks the spec file | |
| no-spec-file | E | No spec file was specified in your RPM building. Please specify a valid SPEC file to build a valid RPM package. |
| invalid-spec-name | E | Your spec filename must end with '.spec'. If it's not the case, rename your file and rebuild your package. |
| non-utf8-spec-file | E | The character encoding of the spec file is not UTF-8. Convert it for example using iconv(1). |
| use-of-RPM_SOURCE_DIR | E | You use $RPM_SOURCE_DIR or %{_sourcedir} in your spec file. If you have to use a directory for building, use $RPM_BUILD_ROOT instead. |
| patch-not-applied | W | A patch is included in your package but was not applied. Refer to the patches documentation to see what's wrong. |
| obsolete-tag | W | The following tags are obsolete: Copyright and Serial. They must be replaced by License and Epoch respectively. |
| deprecated-grep | W | Direct use of grep as egrep or fgrep is deprecated in GNU grep and historical in POSIX, use grep -E and grep -F instead. |
| no-buildroot-tag | W | The BuildRoot tag isn't used in your spec. It must be used in order to allow building the package as non root on some systems. For some rpm versions (e.g. rpm.org >= 4.6) the BuildRoot tag is not necessary in specfiles and is ignored by rpmbuild; if your package is only going to be built with such rpm versions you can ignore this warning. |
| hardcoded-path-in-buildroot-tag | W | A path is hardcoded in your Buildroot tag. It should be replaced by something like %{_tmppath}/%name-root. |
| hardcoded-packager-tag | W | The Packager tag is hardcoded in your spec file. It should be removed, so as to use rebuilder's own defaults. |
| hardcoded-prefix-tag | W | The Prefix tag is hardcoded in your spec file. It should be removed, so as to allow package relocation. |
| hardcoded-library-path | W | A library path is hardcoded to one of the following paths: /lib, /usr/lib. It should be replaced by something like /%{_lib} or %{_libdir}. |
| configure-without-libdir-spec | A configure script is run without specifying the libdir. configure options must be augmented with something like --libdir=%{_libdir} whenever the script supports it. | |
| no-%prep-section | W | The spec file does not contain a %prep section. Even if some packages don't directly need it, section markers may be overridden in rpm's configuration to provide additional "under the hood" functionality. Add the section, even if empty. |
| no-%build-section | W | The spec file does not contain a %build section. Even if some packages don't directly need it, section markers may be overridden in rpm's configuration to provide additional "under the hood" functionality, such as injection of automatic -debuginfo subpackages. Add the section, even if empty. |
| no-%install-section | W | The spec file does not contain an %install section. Even if some packages don't directly need it, section markers may be overridden in rpm's configuration to provide additional "under the hood" functionality. Add the section, even if empty. |
| no-%clean-section | W | The spec file doesn't contain a %clean section to remove the files installed by the %install section. |
| more-than-one-%changelog-section | W | The spec file unnecessarily contains more than one %changelog section; remove the extra ones. |
| lib-package-without-%mklibname | E | The package name must be built using %mklibname to allow lib64 and lib32 coexistence. |
| %ifarch-applied-patch | W | A patch is applied inside an %ifarch block. Patches must be applied on all architectures and may contain necessary configure and/or code patch to be effective only on a given arch. |
| prereq-use | E | The use of PreReq is deprecated. In the majority of cases, a plain Requires is enough and the right thing to do. Sometimes Requires(pre), Requires(post), Requires(preun) and/or Requires(postun) can also be used instead of PreReq. |
| buildprereq-use | E | The use of BuildPreReq is deprecated, build dependencies are always required before a package can be built. Use plain BuildRequires instead. |
| broken-syntax-in-scriptlet-requires | Comma separated context marked dependencies are silently broken in some versions of rpm. One way to work around it is to split them into several ones, eg. replace "Requires(post,preun): foo" with "Requires(post): foo" and "Requires(preun): foo". | |
| setup-not-in-prep | W | The %setup macro should only be used within the %prep section because it may not expand to anything outside of it and can break the build in npredictable ways. |
| setup-not-quiet | W | Use the -q option to the %setup macro to avoid useless build output from unpacking the sources. |
| no-cleaning-of-buildroot | W | You should clean $RPM_BUILD_ROOT in the %clean section and in the beginning of the %install section. Use "rm -rf $RPM_BUILD_ROOT". Some rpm configurations do this automatically; if your package is only going to be built in such configurations, you can ignore this warning for the section(s) where your rpm takes care of it. |
| rpm-buildroot-usage | W | $RPM_BUILD_ROOT should not be touched during %build or %prep stage, as it may break short circuit builds. |
| make-check-outside-check-section | W | Make check or other automated regression test should be run in %check, as they can be disabled with a rpm macro for short circuiting purposes. |
| macro-in-%changelog | W | Macros are expanded in %changelog too, which can in unfortunate cases lead to the package not building at all, or other subtle unexpected conditions that affect the build. Even when that doesn\'t happen, the expansion results in possibly "rewriting history" on subsequent package revisions and generally odd entries eg. in source rpms, which is rarely wanted. Avoid use of macros in %changelog altogether, or use two '%'s to escape them, like '%%foo'. |
| depscript-without-disabling-depgen | W | In some common rpm configurations/versions, defining __find_provides and/or __find_requires has no effect if rpm's internal dependency generator has not been disabled for the build. %define _use_internal_dependency_generator to 0 to disable it in the specfile, or don't define __find_provides/requires. |
| mixed-use-of-spaces-and-tabs | W | The specfile mixes use of spaces and tabs for indentation, which is a cosmetic annoyance. Use either spaces or tabs for indentation, not both. |
| unversioned-explicit-provides | W | The specfile contains an unversioned Provides: token, which will match all older, equal, and newer versions of the provided thing. This may cause update problems and will make versioned dependencies, obsoletions and conflicts on the provided thing useless -- make the Provides versioned if possible. |
| unversioned-explicit-obsoletes | W | The specfile contains an unversioned Obsoletes: token, which will match all older, equal and newer versions of the obsoleted thing. This may cause update problems, restrict future package/provides naming, and may match something it was originally not inteded to match -- make the Obsoletes versioned if possible. |
| libdir-macro-in-noarch-package | W | The %{_libdir} or %{_lib} macro was found in a noarch package in a section that gets included in binary packages. This is most likely an error because these macros are expanded on the build host and their values vary between architectures, probably resulting in a package that does not work properly on all architectures at runtime. Investigate whether the package is really architecture independent or if some other dir/macro should be instead. |
| non-break-space | W | The spec file contains a non-break space, which looks like a regular space in some editors but can lead to obscure errors. It should be replaced by a regular space. |
| files-attr-not-set | W | A file or a directory entry in a %files section does not have attributes set which may result in unexpected file permissions and thus security issues in the resulting binary package depending on the build environment and rpmbuild version (typically < 4.4). Add default attributes using %defattr before it in the %files section, or use per entry %attr's. |
| non-standard-group | W | The value of the Group tag in the package is not valid. |
| specfile-error | E | This error occurred when rpmlint used rpm to query the specfile. The error is output by rpm and the message should contain more information. |
| comparison-operator-in-deptoken | W | This dependency token contains a comparison operator (<, > or =). This is usually not intended and may be caused by missing whitespace between the token's name, the comparison operator and the version string. |
| macro-in-comment | W | There is a unescaped macro after a shell style comment in the specfile. Macros are expanded everywhere, so check if it can cause a problem in this case and escape the macro with another leading % if appropriate. |
| file-size-mismatch | W | The size of the file in the package does not match the size indicated by peeking at its URL. Verify that the file in the package has the intended contents. |
| file-md5-mismatch | W | The MD5 hash of the file in the package does not match the MD5 hash indicated by peeking at its URL. Verify that the file in the package has the intended contents. |
| Tags | Checks the package to see if some rpm tags are present | |
| summary-too-long | E | The "Summary:" must not exceed 79 characters. |
| invalid-version | E | The version string must not contain the pre, alpha, beta or rc suffixes because when the final version will be out, you will have to use an Epoch tag to make the package upgradable. Instead put it in the release tag, prefixed with something you have control over. |
| spelling-error | W | The value of this tag appears to be misspelled. Please double-check. |
| no-packager-tag | E | There is no Packager tag in your package. You have to specify a packager using the Packager tag. Ex: Packager: John Doe <john.doe@example.com>. |
| invalid-packager | W | The packager email must end with an email compatible with the Packager option of rpmlint. Please change it and rebuild your package. |
| no-version-tag | E | There is no Version tag in your package. You have to specify a version using the Version tag. |
| no-release-tag | E | There is no Release tag in your package. You have to specify a release using the Release tag. |
| not-standard-release-extension | W | Invalid release tag. |
| no-name-tag | E | There is no Name tag in your package. You have to specify a name using the Name tag. |
| non-coherent-filename | W | The file which contains the package should be named |
| no-dependency-on | W | - |
| incoherent-version-dependency-on | W | - |
| no-version-dependency-on | W | - |
| no-major-in-name | W | The major number of the library isn't included in the package's name. |
| no-provides | W | Your library package doesn't provide the -devel name without the major version included. |
| no-summary-tag | E | There is no Summary tag in your package. You have to describe your package using this tag. To insert it, just insert a tag 'Summary'. |
| summary-on-multiple-lines | E | Your summary must fit on one line. Please make it shorter and rebuild the package. |
| summary-not-capitalized | W | Summary doesn't begin with a capital letter. |
| summary-ended-with-dot | W | Summary ends with a dot. |
| summary-has-leading-spaces | E | Summary begins with whitespace which will waste space when displayed. |
| no-description-tag | E | The description of the package is empty or missing. To add it, insert a %description section in your spec file, add a textual description of the package after it, and rebuild the package. |
| description-line-too-long | E | Your description lines must not exceed %d characters. If a line is exceeding this number, cut it to fit in two lines. |
| tag-in-description | W | Something that looks like a tag was found in the package's description. This may indicate a problem where the tag was not actually parsed as a tag but just textual description content, thus being a no-op. Verify if this is the case, and move the tag to a place in the specfile where %description won't fool the specfile parser, and rebuild the package. |
| no-group-tag | E | There is no Group tag in your package. You have to specify a valid group in your spec file using the Group tag. |
| non-standard-group | W | The value of the Group tag in the package is not valid. |
| no-changelogname-tag | E | There is no %changelog tag in your spec file. To insert it, just insert a '%changelog' in your spec file and rebuild it. |
| no-version-in-last-changelog | W | The latest changelog entry doesn't contain a version. Please insert the version that is coherent with the version of the package and rebuild it. |
| incoherent-version-in-changelog | W | The latest entry in %changelog contains a version identifier that is not coherent with the epoch:version-release tuple of the package. |
| changelog-time-overflow | W | The timestamp of the latest entry in %changelog is suspiciously far away in the past; it is possible that it is actually so much in the future that it has overflowed rpm's timestamp representation. |
| changelog-time-in-future | E | The timestamp of the latest entry in %changelog is in the future. |
| no-license | E | There is no License tag in your spec file. You have to specify one license for your program (eg. GPL). To insert this tag, just insert a 'License' in your specfile. |
| invalid-license | W | The value of the License tag was not recognized. |
| obsolete-not-provided | W | If a package is obsoleted by a compatible replacement, the obsoleted package should also be provided in order to not cause unnecessary dependency breakage. If the obsoleting package is not a compatible replacement for the old one, leave out the Provides. |
| invalid-dependency | E | An invalid dependency has been detected. It usually means that the build of the package was buggy. |
| no-epoch-tag | E | There is no Epoch tag in your package. You have to specify an epoch using the Epoch tag. |
| unreasonable-epoch | W | The value of your Epoch tag is unreasonably large (> 99). |
| no-epoch-in-obsoletes | W | Your package contains a versioned Obsoletes entry without an Epoch. |
| no-epoch-in-conflicts | W | Your package contains a versioned Conflicts entry without an Epoch. |
| no-epoch-in-provides | W | Your package contains a versioned Provides entry without an Epoch. |
| no-epoch-in-dependency | W | Your package contains a versioned dependency without an Epoch. |
| devel-dependency | E | Your package has a dependency on a devel package but it's not a devel package itself. |
| invalid-build-requires | E | Your source package contains a dependency not compliant with the lib64 naming. This BuildRequires dependency will not be resolved on lib64 platforms (eg. amd64). |
| explicit-lib-dependency | E | You must let rpm find the library dependencies by itself. Do not put unneeded explicit Requires: tags. |
| useless-provides | E | This package provides 2 times the same capacity. It should only provide it once. |
| tag-not-utf8 | E | The character encoding of the value of this tag is not UTF-8. |
| requires-on-release | W | This rpm requires a specific release of another package. |
| no-url-tag | W | The URL tag is missing. |
| name-repeated-in-summary | W | The name of the package is repeated in its summary. This is often redundant information and looks silly in various programs' output. Make the summary brief and to the point without including redundant information in it. |
| enchant-dictionary-not-found | W | A dictionary for the Enchant spell checking library is not available for the language given in the info message. Spell checking will proceed with rpmlint's built-in implementation for localized tags in this language. For better spell checking results in this language, install the appropriate dictionary that Enchant will use for this language, often for example hunspell-* or aspell-*. |
| self-obsoletion | W | The package obsoletes itself. This is known to cause errors in various tools and should thus be avoided, usually by using appropriately versioned Obsoletes and/or Provides and avoiding unversioned ones. |
| unexpanded-macro | W | This tag contains something that looks like an unexpanded macro; this is often the sign of a misspelling. Please check your specfile. |
| private-shared-object-provides | W | A shared object soname provides is provided by a file in a path from which other packages should not directly load shared objects from. Such shared objects should thus not be depended on and they should not result in provides in the containing package. Get rid of the provides if appropriate, for example by filtering it out during build. Note that in some cases this may require disabling rpmbuild's internal dependency generator. |
| Zip | Checks all zip/jar/war/ear files found in the package. Looks for missing metadata, wrong CRC and uncrompressed files. | |
| Bad-crc-in-zip | E | The reported file in the zip fails the CRC check. Usually this is a sign of a corrupt zip file |
| Uncompressed-zip | W | The zip file is not compressed. |
| Class-path-in-manifest | W | The META-INF/MANIFEST.MF file in the jar contains a hardcoded Class-Path. These entries do not work with older Java versions and even if they do work, they are inflexible and usually cause nasty surprises |
| Jar-indexed | W | The jar file is indexed, ie. it contains the META-INF/INDEX.LIST file. These files are known to cause problems with some older Java versions. |
| Jar-not-indexed | W | The jar file is not indexed, ie. it does not contain the META-INF/INDEX.LIST file. Indexed jars speed up the class searching process of classloaders in some situations |
| unable-to-read-zip | W | ?? |
Topic revision: r64 - 2013-03-11 - FrantisekDvorak
EMI Web
News
Events
Procedures and Tools
Mailing Lists
Documents
Project Structure
Create New Topic
Index
Search
Changes
Statistics- ABATBEA
- ACPP
- ADCgroup
- AEGIS
- AfricaMap
- AgileInfrastructure
- ALICE
- AliceEbyE
- AliceSPD
- AliceSSD
- AliceTOF
- AliFemto
- ALPHA
- Altair
- ArdaGrid
- ASACUSA
- AthenaFCalTBAna
- Atlas
- AtlasLBNL
- AXIALPET
- CAE
- CALICE
- CDS
- CENF
- CERNSearch
- CLIC
- Cloud
- CloudServices
- CMS
- Controls
- CTA
- CvmFS
- DB
- DefaultWeb
- DESgroup
- DPHEP
- DM-LHC
- DSSGroup
- EGEE
- EgeePtf
- ELFms
- EMI
- ETICS
- FIOgroup
- FlukaTeam
- Frontier
- Gaudi
- GeneratorServices
- GuidesInfo
- HardwareLabs
- HCC
- HEPIX
- ILCBDSColl
- ILCTPC
- IMWG
- Inspire
- IPv6
- IT
- ItCommTeam
- ITCoord
- ITdeptTechForum
- ITDRP
- ITGT
- ITSDC
- LAr
- LCG
- LCGAAWorkbook
- Leade
- LHCAccess
- LHCAtHome
- LHCb
- LHCgas
- LHCONE
- LHCOPN
- LinuxSupport
- Main
- Medipix
- Messaging
- MPGD
- NA49
- NA61
- NA62
- NTOF
- Openlab
- PDBService
- Persistency
- PESgroup
- Plugins
- PSAccess
- PSBUpgrade
- R2Eproject
- RCTF
- RD42
- RFCond12
- RFLowLevel
- ROXIE
- Sandbox
- SocialActivities
- SPI
- SRMDev
- SSM
- Student
- SuperComputing
- Support
- SwfCatalogue
- TMVA
- TOTEM
- TWiki
- UNOSAT
- Virtualization
- VOBox
- WITCH
- XTCA
 |
|
Copyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback