----- Original Message ----- > From: "Jun Aruga" <[email protected]> > To: "Ruby SIG mailing list" <[email protected]> > Sent: Thursday, March 18, 2021 3:48:43 PM > Subject: Ruby errors/warnings by rpmlint > > Hi, > I checked the latest rawhide ruby ruby-3.0.0-146.fc35 by rpmlint, and > I found some errors and warnings to fix. > > ## Summary > > I think the following 4 errors or warnings especially can be fixed. > > ``` > ruby.spec:20: E: use-of-RPM_SOURCE_DIR > ruby-default-gems.noarch: W: summary-ended-with-dot C Default gems > which are part of Ruby StdLib. > ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot > /usr/lib64/libruby.so.3.0.0 > ruby-libs.x86_64: W: dangling-symlink /usr/share/ruby/io > /usr/share/gems/gems/io-console-0.5.6/lib/io > ``` > > There are also other ones too. > > ## Steps to check by rpmlint > > ``` > $ rpm -q rpmlint > rpmlint-1.11-15.fc33.noarch > > $ rpmlint ruby.spec /path/to/result/*.rpm >& lint.log > $ rpmlint -i ruby.spec /path/to/result/*.rpm >& lint_detail.log > ``` > > ## Result > > ### 1. > > ruby.spec:20: E: use-of-RPM_SOURCE_DIR > You use $RPM_SOURCE_DIR or %{_sourcedir} in your spec file. If you have to > use > a directory for building, use $RPM_BUILD_ROOT instead. > > => > The `%{_sourcedir}/%{ruby_archive}.tar.xz` can be replaced to > `%{SOURCE0}`? I am not sure.
Yes, I think so. > > ### 2. > > ruby-default-gems.noarch: W: summary-ended-with-dot C Default gems > which are part of Ruby StdLib. > Summary ends with a dot. > > => > The summary ending dot needs to be removed. Yes. > > ### 3. > > ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot > /usr/lib64/libruby.so.3.0.0 > This executable appears to call chroot without using chdir to change the > current directory. This is likely an error and permits an attacker to break > out of the chroot by using fchdir. While that's not always a security issue, > this has to be checked. > > => > Not sure when this error came. This is probably inside some generic Ruby code. IMHO this is a false positive. E.g. https://www.rubydoc.info/stdlib/core/Dir.chroot > > ### 4. > > ruby-libs.x86_64: W: dangling-symlink /usr/share/ruby/io > /usr/share/gems/gems/io-console-0.5.6/lib/io > The target of the symbolic link does not exist within this package or its > file > based dependencies. Verify spelling of the link target and that the target > is > included in a package in this package's dependency chain. > > => > This warning was a hint to find "another issue" to fix. > The issue is the directory entry `%{ruby_libdir}/io` is duplicated > between ruby-libs and rubygem-io-console RPM in ruby.spec. > > Maybe the directory entry in ruby-libs should be removed like this. > > ``` > @@ -942,6 +942,7 @@ MSPECOPTS="" > # Platform independent libraries. > %dir %{ruby_libdir} > %exclude %{ruby_libdir}/bigdecimal* > +%exclude %{ruby_libdir}/io > %exclude %{ruby_libdir}/irb* > %exclude %{ruby_libdir}/json* > %exclude %{ruby_libdir}/psych* > @@ -964,7 +965,6 @@ MSPECOPTS="" > %{ruby_libdir}/find.rb > %{ruby_libdir}/forwardable* > %{ruby_libdir}/getoptlong* > -%{ruby_libdir}/io > %{ruby_libdir}/ipaddr.rb > %{ruby_libdir}/kconv.rb > %{ruby_libdir}/logger* > ``` Well, maybe. Vit has probably more insight. > > ### 5. > > ``` > ruby-default-gems.noarch: W: obsolete-not-provided rubygem-did_you_mean > If a package is obsoleted by a compatible replacement, the obsoleted package > should also be provided in order to not cause unnecessary dependency > breakage. > If the obsoleting package is not a compatible replacement for the old one, > leave out the Provides. > > ruby-default-gems.noarch: W: obsolete-not-provided rubygem-openssl > If a package is obsoleted by a compatible replacement, the obsoleted package > should also be provided in order to not cause unnecessary dependency > breakage. > If the obsoleting package is not a compatible replacement for the old one, > leave out the Provides. > > ruby-default-gems.noarch: W: obsolete-not-provided rubygem-racc > If a package is obsoleted by a compatible replacement, the obsoleted package > should also be provided in order to not cause unnecessary dependency > breakage. > If the obsoleting package is not a compatible replacement for the old one, > leave out the Provides. > ``` It think this should not be a warning, but a mere INFO. Note the 'IF'. > > => > The Provides line needs for the Obsolete line. I don't think we want to create Provides for those, as those are "Default" gems. > > > ### 6. > > ``` > rubygem-rbs.noarch: E: non-executable-script > /usr/share/gems/gems/rbs-1.0.0/bin/annotate-with-rdoc 644 /usr/bin/env > ruby > This text file contains a shebang or is located in a path dedicated for > executables, but lacks the executable bits and cannot thus be executed. If > the file is meant to be an executable script, add the executable bits, > otherwise remove the shebang or move the file elsewhere. > ``` > > This is the same for other files (total 8 files) under > /usr/share/gems/gems/rbs-1.0.0/bin/. > > ### 7. > > ``` > ruby-libs.x86_64: W: library-not-linked-against-libc > /usr/lib64/ruby/continuation.so > ruby-libs.x86_64: W: library-not-linked-against-libc > /usr/lib64/ruby/enc/big5.so > ... > ``` > > => I may remember this warning happened for 1 so file in Ruby 2.7 last > year. Now I see it for the many so files. Shouldn't be an issue, as it's linked against Ruby, right? > > ### 8. > > non-executable-script errors. > > => Some parts are nice to fix. > > > ## rpms/ruby CI to add rpmlint test. > > Can we check the rpmlint issues on an early timing: pull-request and push? > I think adding the rpmlint check ro rpm/ruby CI is a possible way > related to this ticket. Yes, I agree we could add this for the CI (functional). I'm not sure some generic checks aren't considered already for all PRs- I'll inquire abou it and follow up with you on IRC. > https://src.fedoraproject.org/rpms/ruby/pull-request/67 > Shall we add it after the PR #67 will be merged? > > -- > Jun | He - His - Him Regards, -- Pavel Valena Software Engineer, Red Hat Brno, Czech Republic _______________________________________________ ruby-sig mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
