forked from rpminspect/rpminspect
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMISSING
72 lines (64 loc) · 3.71 KB
/
MISSING
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Those familiar with rpminspect's ancestor may notice some of the tests
are not present as rpminspect inspections. Here is an explanation of
the excluded tests:
TEST_BUILDLOG
Looks at rpmbuild output for any common error or warning strings
that should be investigated. Things like "***", "ERROR:",
"error:", and so on. Not a very easy to maintain test and
generates a lot of false positives. This is better caught by
gating tests and other test suites. Makefiles and other build
scripts should detect this stuff as a build failure and exit as
an error which would then filter up through rpmbuild.
TEST_RPMLINT
Runs rpmlint and reports the results. We already run rpmlint or
can in the gating infrastructure, so no need to have rpminspect
also invoke this tool and report the same results.
TEST_UPSTREAM (only the rebase keyword check)
The rpmdiff TEST_UPSTREAM check looks at the bug list from Errata
Tool for any approved bug with the 'Rebase' keyword set. If this
is not found and the source archives were found to differ, rpmdiff
reports that as a BAD where anyone can waive it. This
functionality is not present in rpminspect because rpminspect runs
separately from the Errata Tool. Checking bugs for various
keywords and approval settings are things that should be done by
other tools and processes. Once the bug is approved and the
developer submits the build, rebase or not, rpminspect should be
free to run. rhpkg or another tool can implement rules and we can
implement additional gating checks for package rebases if we
desire.
TEST_ELFLINT
This test runs elflint(1) on ELF files. We already have the
existing ELF tests using libelf and annocheck so this one is more
or less redundant.
TEST_MULTILIB
At one point in time we built distributions on multilib platforms
so that the entire system was available as both 32-bit and 64-bit
builds. On applicable platforms, users could have both packages
installed and flip between using 32-bit and 64-bit software. We
no longer make this guarantee and what 32-bit packages we have
are for BuildRequires or existing runtime support. Those packages
can be validated by all the existing checks, but there is no reason
to ensure the 32-bit and 64-bit builds of a package have matching
content.
TEST_SPECFILE ($RPM_OPT_FLAGS check on x86 builds)
In the past our spec files varied wildly across the distribution.
There were efforts to normalize compiler flags used. Early on we
were trying to ensure the 32-bit x86 builds were using more
optimizations than standard i386 builds. This check is not really
relevant anymore, so it has been dropped.
TEST_METADATA (the 'fedora without red hat' string check)
The substring check of the Summary string and package descriptions
for any mention of 'Fedora' (case insensitive) without also
mentioning 'Red Hat' (case insensitive) is a branding matter. The
check itself was not foolproof and did not take in to account word
boundaries of pathnames. This kind of check is out of scope for
rpminspect as it provides no technical or security benefit.
TEST_PATCHES (the file and line count thresholds as failures)
The patches inspection will report changes between patches across
builds, both the number of lines and number of files touched.
However, all of these results are reported as INFO and there is no
support for a line count or file count threshold. These are
subjective anyway and impossible to come up with what is allowable
or not. The patches inspection does check for malformed patches
and compressed patches that cannot be uncompressed and will report
those as well.