https://bugzilla.redhat.com/show_bug.cgi?id=1269609 --- Comment #6 from Randy Barlow <rbarlow@xxxxxxxxxx> --- Here is the current rpmlint > $ rpmlint -i rpmbuild/RPMS/noarch/ari-backup-1.0.10-1.fc22.noarch.rpm rpmbuild/SRPMS/ari-backup-1.0.10-1.fc22.src.rpm > ari-backup.noarch: W: spelling-error Summary(en_US) rdiff -> riff, diff, r diff > The value of this tag appears to be misspelled. Please double-check. I don't think this is a problem. There is another warning about the same thing that I've omitted. > ari-backup.noarch: W: conffile-without-noreplace-flag /etc/cron.daily/ari-backup > A configuration file is stored in your package without the noreplace flag. A > way to resolve this is to put the following in your SPEC file: > %config(noreplace) /etc/your_config_file_here I didn't put the noreplace on here because it's not really a configuration file, it's a daily cron job. If there are updates to the cron job, I would expect that a user would want the updated cron job. Do you think I should make it config(noreplace) as suggested by the lint? > ari-backup.noarch: E: non-readable /etc/ari-backup/jobs.d/ari-backup-remote-lvm-demo 600 > The file can't be read by everybody. Review if this is expected. This is a demo backup job that is really meant to help guide the user on how to create backup jobs. A normal backup job probably shouldn't be world readable because it may contain sensitive information, so the demo has realistic permissions set as well. Do you think this is reasonable? There are four of these files, so I have trimmed the other three similar notes from this output. > ari-backup.noarch: E: non-executable-script /etc/ari-backup/jobs.d/ari-backup-remote-lvm-demo 600 /usr/bin/env > This text file contains a shebang or is located in a path dedicated for > executables, but lacks the executable bits and cannot thus be executed. If > the file is meant to be an executable script, add the executable bits, > otherwise remove the shebang or move the file elsewhere. This file is not executable because the cron job executes files in this folder that have the execute bit set. Since this is a demo job, we don't really want it to be executable, but we do want it to have the shebang because a real backup job needs a shebang as well. Another option might be to put these examples in /usr/share/doc/ari-backup and maybe drop a README in this job.d that mentions that users can check out examples over there. What do you think? I've also trimmed the other three complaints about the other examples. > ari-backup.noarch: E: non-standard-executable-perm /etc/cron.daily/ari-backup 744 > A standard executable should have permission set to 0755. If you get this > message, it means that you have a wrong executable permissions in some files > included in your package. I chose 744 because it's very likely that ordinary users should not be able to execute the backup jobs. Of course, if the files in the jobs.d are also not user executable this cron job won't be able to do anything anyway, so perhaps it's not harmful to give it 755 to get this complaint to disappear. What do you think? > ari-backup.noarch: E: non-standard-dir-perm /var/lib/ari-backup 700 > A standard directory should have permission set to 0755. If you get this > message, it means that you have wrong directory permissions in some dirs > included in your package. I put 0700 on this folder because it contains the backup data from other computers. Since we don't know what kind of data this might be, keeping prying eyes out of this folder is a good idea. > ari-backup.noarch: E: non-standard-dir-perm /etc/ari-backup/jobs.d 700 > A standard directory should have permission set to 0755. If you get this > message, it means that you have wrong directory permissions in some dirs > included in your package. The backup jobs may contain sensitive information about the hosts that are being backed up. At the very least, they will contain the list of inclusions and exclusions, but they might also contains arbitrary Python code to perform certain actions on the remote hosts that might need to be kept secret. Let me know what you think, and thanks again for your assistance! -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review