Hello community, here is the log from the commit of package rpmlint for openSUSE:Factory checked in at 2012-02-22 15:55:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rpmlint (Old) and /work/SRC/openSUSE:Factory/.rpmlint.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rpmlint", Maintainer is "dmuel...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/rpmlint/rpmlint.changes 2012-02-20 16:18:16.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.rpmlint.new/rpmlint.changes 2012-02-22 15:55:11.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Feb 20 16:05:23 UTC 2012 - lnus...@suse.de + +- add logrotate check (bnc#677335) + +------------------------------------------------------------------- New: ---- CheckLogrotate.py ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rpmlint.spec ++++++ --- /var/tmp/diff_new_pack.U3IPiB/_old 2012-02-22 15:55:12.000000000 +0100 +++ /var/tmp/diff_new_pack.U3IPiB/_new 2012-02-22 15:55:12.000000000 +0100 @@ -53,6 +53,7 @@ Source23: CheckBuildDate.py Source24: pie.config Source25: licenses.config +Source26: CheckLogrotate.py Source100: syntax-validator.py Url: http://rpmlint.zarb.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -228,6 +229,7 @@ cp -p %{SOURCE21} . cp -p %{SOURCE22} . cp -p %{SOURCE23} . +cp -p %{SOURCE26} . %build make %{?_smp_mflags} ++++++ CheckLogrotate.py ++++++ # vim:sw=4:et ############################################################################# # File : CheckLogrotate.py # Package : rpmlint # Author : Ludwig Nussel # Purpose : Check for insecure logrotate directories ############################################################################# from Filter import * import AbstractCheck import re import os import string class LogrotateCheck(AbstractCheck.AbstractCheck): def __init__(self): AbstractCheck.AbstractCheck.__init__(self, "CheckLogrotate") def check(self, pkg): if pkg.isSource(): return files = pkg.files() dirs = {} for f, pkgfile in files.items(): if f in pkg.ghostFiles(): continue if f.startswith("/etc/logrotate.d/"): try: for n, o in self.parselogrotateconf(pkg.dirName(), f).items(): if n in dirs and dirs[n] != o: printError(pkg, "logrotate-duplicate", n) else: dirs[n] = o except Exception, x: printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':f, 'x':x}) for d in sorted(dirs.keys()): if not d in files: if d != '/var/log': printError(pkg, 'suse-logrotate-log-dir-not-packaged', d) continue mode = files[d].mode&0777 if files[d].user != 'root' and (dirs[d] is None or dirs[d][0] != files[d].user): printError(pkg, 'suse-logrotate-user-writable-log-dir', \ "%s %s:%s %04o"%(d, files[d].user, files[d].group, mode)) elif files[d].group != 'root' and mode&020 and (dirs[d] is None or dirs[d][1] != files[d].group): printError(pkg, 'suse-logrotate-user-writable-log-dir', \ "%s %s:%s %04o"%(d, files[d].user, files[d].group, mode)) # extremely primitive logrotate parser def parselogrotateconf(self, root, f): dirs = {} fd = open('/'.join((root, f))) currentdirs = [] for line in fd.readlines(): line = line.strip() if line.startswith('#'): continue if not currentdirs: if line.endswith('{'): insection = True for logfile in line.split(' '): if logfile == '{': continue dn = os.path.dirname(logfile) if not dn in dirs: currentdirs.append(dn) dirs[dn] = None else: if line.endswith('}'): currentdirs = [] elif line.startswith("su "): a = line.split(" ") for dn in currentdirs: dirs[dn] = (a[1], a[2]) return dirs check=LogrotateCheck() if Config.info: addDetails( 'suse-logrotate-duplicate', """There are dupliated logrotate entries with different settings for the specified file""", 'suse-logrotate-user-writable-log-dir', """The log directory is writable by unprivileged users. Please fix the permissions so only root can write there or add the 'su' option to your logrotate config""", 'suse-logrotate-log-dir-not-packaged', """Please add the specified directory to the file list to be able to check permissions""" ) ++++++ config ++++++ --- /var/tmp/diff_new_pack.U3IPiB/_old 2012-02-22 15:55:12.000000000 +0100 +++ /var/tmp/diff_new_pack.U3IPiB/_new 2012-02-22 15:55:12.000000000 +0100 @@ -37,6 +37,7 @@ addCheck("CheckAlternativesGhostFiles") addCheck("BashismsCheck") addCheck("CheckBuildDate") +addCheck("CheckLogrotate") # stuff autobuild takes care about addFilter(".*invalid-version.*") -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
