| |
rpm id |
test |
Status |
message |
 |
sensorfw-0.7.2-alt2.x86_64 |
init-but-no-native-systemd |
info |
The package have SysV init script(s) but no native systemd files. |
|
sensorfw-0.7.2-alt2.x86_64 |
library-pkgnames |
info |
package contains public library which is used in external packages: name should be lib* according to http://altlinux.org/Drafts/SharedLibs |
 |
sensorfw-contextfw-tests-0.7.2-alt2.x86_64 |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/sensorfw-contextfw-tests/testorientation-manual.sh: $ grep -A5 -B5 /tmp/ /usr/share/sensorfw-contextfw-tests/testorientation-manual.sh ## Contact: Tapio Rantala ## INPUT_DEV_NUM=`ls /sys/class/input/event?/device/name | xargs grep -i accelerometer | cut -c23` INPUT_DEV=/dev/input/event${INPUT_DEV_NUM} FIFO=/tmp/accelerometer echo "Faking input device $INPUT_DEV" if [ ! -e $FIFO ] ; then echo "Created $FIFO for testing" -- /sbin/service sensord stop > /dev/null 2>&1 sleep 2 killall sensord > /dev/null 2>&1 # Start sensord manually to load libsensorfakeopen.so env LD_PRELOAD=libsensorfakeopen.so /usr/sbin/sensord > /tmp/sensord.test.log 2>&1 & # If we don't input something to the FIFO sensord blocks indefinitely echo "" > $FIFO sleep 1 echo "" > $FIFO |
|
sensorfw-doc-0.7.2-alt2.x86_64 |
arch-dep-package-consists-of-usr-share |
info |
The package consists of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere. |
 |
sensorfw-tests-0.7.2-alt2.x86_64 |
checkbashisms |
experimental |
checkbashisms utility found possible bashisms in: /usr/bin/sensordiverter.sh |