Help wanted - lcm
Paul Howarth
paul at city-fan.org
Wed Dec 14 12:45:40 UTC 2011
On 12/14/2011 12:29 PM, Nelson Manuel Marques wrote:
> Hi all
>
> I want to submit lcm[1] (Lightweight Communications and Marshaling) to
> EPEL soon, but I'm currently struggling with a few issues found by
> rpmlint (and probably more).
>
> I was wondering if I could get some help before submitting the package
> to fix 2 particular issues. The spec file and a sample SRPM file are
> available here[2].
>
> The current errors I'm struggling with are the following:
> lcm.x86_64: W: dangerous-command-in-%post mv
> lcm.x86_64: E: use-tmp-in-%post
> lcm.x86_64: W: dangerous-command-in-%preun mv
> lcm.x86_64: E: use-tmp-in-%preun
> 1 packages and 0 specfiles checked; 2 errors, 2 warnings.
>
> Any indications or help regarding this particular issues would be
> welcomed.
The scriptlets use predictable temporary filenames, which is a security
vulnerability (see http://www.linuxsecurity.com/content/view/115462/151/
for an explanation).
Think carefully about whether it's actually necessary to edit
/etc/sysctl.conf in %post/%postun; an alternative approach might be to
document the required changes in a README.rpm file. It's hard to say as
I don't know how important the suggested changes are for the package's
operation and what any drawbacks might be of setting those values.
Paul.
More information about the epel-devel-list
mailing list