============================ rpmlint session starts ============================ rpmlint: 2.6.1 configuration: /opt/testing/lib/python3.11/rpmlint/configdefaults.toml /opt/testing/share/rpmlint/cron-whitelist.toml /opt/testing/share/rpmlint/dbus-services.toml /opt/testing/share/rpmlint/device-files-whitelist.toml /opt/testing/share/rpmlint/licenses.toml /opt/testing/share/rpmlint/opensuse.toml /opt/testing/share/rpmlint/pam-modules.toml /opt/testing/share/rpmlint/permissions-whitelist.toml /opt/testing/share/rpmlint/pie-executables.toml /opt/testing/share/rpmlint/polkit-rules-whitelist.toml /opt/testing/share/rpmlint/scoring.toml /opt/testing/share/rpmlint/security.toml /opt/testing/share/rpmlint/sudoers-whitelist.toml /opt/testing/share/rpmlint/sysctl-whitelist.toml /opt/testing/share/rpmlint/systemd-tmpfiles.toml /opt/testing/share/rpmlint/users-groups.toml /opt/testing/share/rpmlint/world-writable-whitelist.toml /opt/testing/share/rpmlint/zypper-plugins.toml /etc/xdg/rpmlint/scoring-strict.override.toml checks: 41, packages: 2 SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Discovery/Web-Content/elmah.txt SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Fuzzing/Amounts/milion.txt SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Fuzzing/Amounts/one.txt SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Fuzzing/Amounts/zero.txt SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Fuzzing/Amounts/zero_point_one.txt SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/FuzzDB/cmd-simple.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/FuzzDB/cmd.aspx SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/FuzzDB/cmd.jsp SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/FuzzDB/cmd.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/FuzzDB/list.jsp SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/FuzzDB/list.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/FuzzDB/reverse.jsp SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/FuzzDB/up.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/PHP/obfuscated-phpshell.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/Vtiger/modules/VtigerVulnPlugin/VtigerVulnPlugin.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/WordPress/bypass-login.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/WordPress/plugin-shell.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/asp/dns.asp SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/asp/file.asp SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/asp/proxy.asp SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/asp/shell.asp SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/aspx/dns.aspx SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/aspx/file.aspx SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/aspx/shell.aspx SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/php/dns.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/php/file.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/php/php-reverse-shell.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/php/proxy.php SecLists.armv7hl: E: script-without-shebang /usr/share/seclists/Web-Shells/laudanum-0.8/php/shell.php This text file has executable bits set or is located in a path dedicated for executables, but lacks a shebang and cannot thus be executed. If the file is meant to be an executable script, add the shebang, otherwise remove the executable bits or move the file elsewhere. SecLists.armv7hl: W: potential-bashisms /usr/share/seclists/Web-Shells/FuzzDB/list.sh SecLists.armv7hl: W: potential-bashisms /usr/share/seclists/Web-Shells/FuzzDB/cmd.sh checkbashisms reported potential bashisms in a /bin/sh shell script, you might want to manually check this script for bashisms. SecLists.armv7hl: E: non-executable-script /usr/share/seclists/Discovery/Infrastructure/IPGenerator.sh 644 /usr/bin/env bash SecLists.armv7hl: E: non-executable-script /usr/share/seclists/Discovery/Web-Content/Domino-Hunter/dh.pl 644 /usr/bin/perl This text file contains a shebang or is located in a path dedicated for executables, but lacks the executable bits and cannot thus be executed. If the file is meant to be an executable script, add the executable bits, otherwise remove the shebang or move the file elsewhere. SecLists.armv7hl: E: no-binary The package should be of the noarch architecture because it doesn't contain any binaries. SecLists.spec: W: no-%check-section The spec file does not contain an %check section. Please check if the package has a testsuite and what it takes to enable the testsuite as part of the package build. If it is not possible to run it in the build environment (OBS/koji) or no testsuite exists, then please ignore this warning. You should not insert an empty %check section. SecLists.spec: W: no-%build-section The spec file does not contain a %build section. Even if some packages don't directly need it, section markers may be overridden in rpm's configuration to provide additional 'under the hood' functionality, such as injection of automatic -debuginfo subpackages. Add the section, even if empty. SecLists.armv7hl: W: name-repeated-in-summary SecLists SecLists.src: W: name-repeated-in-summary SecLists The name of the package is repeated in its summary. Make the summary brief and to the point without including redundant information in it. SecLists.armv7hl: E: files-duplicated-waste (Badness: 100) 630674 Your package contains duplicated files that are not hard- or symlinks. You should use the %fdupes macro to link the files to one. SecLists.armv7hl: W: files-duplicate /usr/share/seclists/LICENSE /usr/share/licenses/SecLists/LICENSE SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Miscellaneous/security-question-answers/zip-codes.txt /usr/share/seclists/Fuzzing/5-digits-00000-99999.txt SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Fuzzing/User-Agents/software-type-specific/billboard.txt /usr/share/seclists/Fuzzing/User-Agents/hardware-type-specific/billboard.txt SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Fuzzing/User-Agents/software-name/qtcarbrowser.txt /usr/share/seclists/Fuzzing/User-Agents/hardware-type-specific/car.txt:/usr/share/seclists/Fuzzing/User-Agents/operating-platform/tesla-model-s-dashboard.txt SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Fuzzing/User-Agents/software-name/liquid-mt-browser.txt /usr/share/seclists/Fuzzing/User-Agents/operating-platform/liquid-mt.txt SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Fuzzing/User-Agents/operating-system-name/livearea.txt /usr/share/seclists/Fuzzing/User-Agents/operating-platform/playstation-vita.txt SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Fuzzing/User-Agents/software-name/playstation-4-browser.txt /usr/share/seclists/Fuzzing/User-Agents/operating-platform/sony-playstation-4.txt SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Fuzzing/User-Agents/software-type-specific/tool.txt /usr/share/seclists/Fuzzing/User-Agents/software-name/dlink-backdoor.txt SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Fuzzing/User-Agents/software-type-specific/media-player.txt /usr/share/seclists/Fuzzing/User-Agents/software-name/nexplayer.txt SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Passwords/Common-Credentials/500-worst-passwords.txt /usr/share/seclists/Passwords/500-worst-passwords.txt SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Web-Shells/Vtiger/languages/en_us/VtigerVulnPlugin.php /usr/share/seclists/Web-Shells/Vtiger/languages/en_us/Settings/VtigerVulnPlugin.php SecLists.armv7hl: W: files-duplicate /usr/share/seclists/Web-Shells/Vtiger/modules/VtigerVulnPlugin/manifest.xml /usr/share/seclists/Web-Shells/Vtiger/manifest.xml Your package contains duplicated files that are not hard- or symlinks. You should use the %fdupes macro to link the files to one. SecLists.armv7hl: E: env-script-interpreter (Badness: 9) /usr/share/seclists/Payloads/Zip-Traversal/make.py /usr/bin/env python3 This script uses 'env' as an interpreter. For the rpm runtime dependency detection to work, the shebang #!/usr/bin/env needs to be patched into #!/usr/bin/ otherwise the package dependency generator merely adds a dependency on /usr/bin/env rather than the actual interpreter /usr/bin/. Alternatively, if the file should not be executed, then ensure that it is not marked as executable or don't install it in a path that is reserved for executables. SecLists.armv7hl: E: devel-file-in-non-devel-package (Badness: 50) /usr/share/seclists/Miscellaneous/source-code/c-linux/drop-shell.c SecLists.armv7hl: E: devel-file-in-non-devel-package (Badness: 50) /usr/share/seclists/Miscellaneous/source-code/c-linux/root-shell.c SecLists.armv7hl: E: devel-file-in-non-devel-package (Badness: 50) /usr/share/seclists/Miscellaneous/source-code/c-linux/root-shell2.c SecLists.armv7hl: E: devel-file-in-non-devel-package (Badness: 50) /usr/share/seclists/Miscellaneous/source-code/c-linux/root-shell3.c SecLists.armv7hl: E: devel-file-in-non-devel-package (Badness: 50) /usr/share/seclists/Miscellaneous/source-code/c-linux/tiny-shell.c A file that is needed only e.g. when developing or building software is included in a non-devel package. These files should go in devel packages. Check time report (>1% & >0.1s): Check Duration (in s) Fraction (in %) Checked files ExtractRpm 18.4 65.2 BuildRootAndDateCheck 4.4 15.5 SignatureCheck 3.1 11.0 ZipCheck 0.8 2.7 FilesCheck 0.6 2.2 BashismsCheck 0.6 2.1 TOTAL 28.2 100.0 2 packages and 0 specfiles checked; 39 errors, 18 warnings, 21 filtered, 391 badness; has taken 28.7 s