On 12/14/2011 12:29 PM, Nelson Manuel Marques wrote:
Hi all
I want to submit lcm[1] (Lightweight Communications and Marshaling) to EPEL soon, but I'm currently struggling with a few issues found by rpmlint (and probably more).
I was wondering if I could get some help before submitting the package to fix 2 particular issues. The spec file and a sample SRPM file are available here[2].
The current errors I'm struggling with are the following: lcm.x86_64: W: dangerous-command-in-%post mv lcm.x86_64: E: use-tmp-in-%post lcm.x86_64: W: dangerous-command-in-%preun mv lcm.x86_64: E: use-tmp-in-%preun 1 packages and 0 specfiles checked; 2 errors, 2 warnings.
Any indications or help regarding this particular issues would be welcomed.
The scriptlets use predictable temporary filenames, which is a security vulnerability (see http://www.linuxsecurity.com/content/view/115462/151/ for an explanation).
Think carefully about whether it's actually necessary to edit /etc/sysctl.conf in %post/%postun; an alternative approach might be to document the required changes in a README.rpm file. It's hard to say as I don't know how important the suggested changes are for the package's operation and what any drawbacks might be of setting those values.
Paul.