On 12/14/2011 12:29 PM, Nelson Manuel Marques wrote:
Hi all
I want to submit lcm[1] (Lightweight Communications and Marshaling) to
EPEL soon, but I'm currently struggling with a few issues found by
rpmlint (and probably more).
I was wondering if I could get some help before submitting the package
to fix 2 particular issues. The spec file and a sample SRPM file are
available here[2].
The current errors I'm struggling with are the following:
lcm.x86_64: W: dangerous-command-in-%post mv
lcm.x86_64: E: use-tmp-in-%post
lcm.x86_64: W: dangerous-command-in-%preun mv
lcm.x86_64: E: use-tmp-in-%preun
1 packages and 0 specfiles checked; 2 errors, 2 warnings.
Any indications or help regarding this particular issues would be
welcomed.
The scriptlets use predictable temporary filenames, which is a security
vulnerability (see http://www.linuxsecurity.com/content/view/115462/151/
for an explanation).
Think carefully about whether it's actually necessary to edit
/etc/sysctl.conf in %post/%postun; an alternative approach might be to
document the required changes in a README.rpm file. It's hard to say as
I don't know how important the suggested changes are for the package's
operation and what any drawbacks might be of setting those values.
Paul.
_______________________________________________
epel-devel-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/epel-devel-list
