============================ rpmlint session starts ============================ rpmlint: 2.6.1 configuration: /opt/testing/lib/python3.11/rpmlint/configdefaults.toml /opt/testing/share/rpmlint/cron-whitelist.toml /opt/testing/share/rpmlint/dbus-services.toml /opt/testing/share/rpmlint/device-files-whitelist.toml /opt/testing/share/rpmlint/licenses.toml /opt/testing/share/rpmlint/opensuse.toml /opt/testing/share/rpmlint/pam-modules.toml /opt/testing/share/rpmlint/permissions-whitelist.toml /opt/testing/share/rpmlint/pie-executables.toml /opt/testing/share/rpmlint/polkit-rules-whitelist.toml /opt/testing/share/rpmlint/scoring.toml /opt/testing/share/rpmlint/security.toml /opt/testing/share/rpmlint/sudoers-whitelist.toml /opt/testing/share/rpmlint/sysctl-whitelist.toml /opt/testing/share/rpmlint/systemd-tmpfiles.toml /opt/testing/share/rpmlint/users-groups.toml /opt/testing/share/rpmlint/world-writable-whitelist.toml /opt/testing/share/rpmlint/zypper-plugins.toml /etc/xdg/rpmlint/scoring-strict.override.toml checks: 41, packages: 7 xorg-x11-server.armv7hl: W: zero-perms-ghost Suggestion: "%ghost %attr(0644,root,root) /etc/alternatives/libglx.so" Your package contains a file with no permissions. This is usually an error because the file won't be accessible by any user. You should check the file permissions and ensure that are correct or fix it using "%attr" macro in %files section. http://ftp.rpm.org/max-rpm/s1-rpm-anywhere-specifying-file-attributes.html xorg-x11-server.armv7hl: W: self-obsoletion xf86-video-ast obsoletes xf86-video-ast xorg-x11-server.armv7hl: W: self-obsoletion xf86-video-cirrus obsoletes xf86-video-cirrus xorg-x11-server.armv7hl: W: self-obsoletion xorg-x11-server-glx obsoletes xorg-x11-server-glx xorg-x11-server-Xvfb.armv7hl: W: self-obsoletion xorg-x11-Xvfb obsoletes xorg-x11-Xvfb xorg-x11-server-extra.armv7hl: W: self-obsoletion xorg-x11-Xnest obsoletes xorg-x11-Xnest xorg-x11-server-sdk.armv7hl: W: self-obsoletion xorg-x11-sdk obsoletes xorg-x11-sdk The package obsoletes itself. This is known to cause errors in various tools and should thus be avoided, usually by using appropriately versioned Obsoletes and/or Provides and avoiding unversioned ones. xorg-x11-server-sdk.armv7hl: E: script-without-shebang /usr/lib/rpm/macros.d/macros.xorg-server xorg-x11-server-source.armv7hl: E: script-without-shebang /usr/src/xserver/hw/xwin/XWin.exe.manifest This text file has executable bits set or is located in a path dedicated for executables, but lacks a shebang and cannot thus be executed. If the file is meant to be an executable script, add the shebang, otherwise remove the executable bits or move the file elsewhere. xorg-x11-server-source.armv7hl: W: potential-bashisms /usr/src/xserver/hw/xquartz/bundle/mk_bundke.sh xorg-x11-server-source.armv7hl: W: potential-bashisms /usr/src/xserver/config.guess xorg-x11-server-source.armv7hl: W: potential-bashisms /usr/src/xserver/hw/xquartz/bundle/chown-bundle.sh xorg-x11-server-source.armv7hl: W: potential-bashisms /usr/src/xserver/configure xorg-x11-server-source.armv7hl: W: potential-bashisms /usr/src/xserver/install-sh checkbashisms reported potential bashisms in a /bin/sh shell script, you might want to manually check this script for bashisms. xorg-x11-server-wrapper.armv7hl: W: permissions-missing-verifyscript missing %verify_permissions -e /usr/bin/Xorg.wrap Please add a %verifyscript section xorg-x11-server.spec: W: patch-not-applied Patch101: u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch xorg-x11-server.spec: W: patch-not-applied Patch210: u_os-connections-Check-for-stale-FDs.patch xorg-x11-server.spec: W: patch-not-applied Patch1000: n_xserver-optimus-autoconfig-hack.patch xorg-x11-server.spec: W: patch-not-applied Patch1162: b_cache-xkbcomp-output-for-fast-start-up.patch xorg-x11-server.spec: W: patch-not-applied Patch1211: b_0001-Prevent-XSync-Alarms-from-senslessly-calling-CheckTr.patch xorg-x11-server.spec: W: patch-not-applied Patch1222: b_sync-fix.patch A patch is included in your package but was not applied. xorg-x11-server.armv7hl: I: package-supports-update-alternatives xorg-x11-server.spec:137: E: obsolete-suse-version-check 1130 The specfile contains a comparison of %suse_version against a suse release that is no longer in maintenance. Consider removing obsolete parts of your spec file to make it more readable. xorg-x11-server-source.armv7hl: E: non-executable-script /usr/src/xserver/dix/buildatoms 644 /bin/sh xorg-x11-server-source.armv7hl: E: non-executable-script /usr/src/xserver/hw/xfree86/Xorg.sh.in 644 /bin/sh xorg-x11-server-source.armv7hl: E: non-executable-script /usr/src/xserver/hw/xfree86/common/modeline2c.awk 644 /usr/bin/awk -f This text file contains a shebang or is located in a path dedicated for executables, but lacks the executable bits and cannot thus be executed. If the file is meant to be an executable script, add the executable bits, otherwise remove the shebang or move the file elsewhere. xorg-x11-server.spec:1882: W: non-break-space line 1882, char 37 The spec file contains a non-break space, which looks like a regular space in some editors but can lead to obscure errors. It should be replaced by a regular space. xorg-x11-server-sdk.armv7hl: E: no-binary xorg-x11-server-source.armv7hl: E: no-binary The package should be of the noarch architecture because it doesn't contain any binaries. xorg-x11-server.spec: W: no-%check-section The spec file does not contain an %check section. Please check if the package has a testsuite and what it takes to enable the testsuite as part of the package build. If it is not possible to run it in the build environment (OBS/koji) or no testsuite exists, then please ignore this warning. You should not insert an empty %check section. xorg-x11-server.armv7hl: E: missing-call-to-setgroups-before-setuid /usr/bin/Xorg.bin xorg-x11-server-Xvfb.armv7hl: E: missing-call-to-setgroups-before-setuid /usr/bin/Xvfb xorg-x11-server-extra.armv7hl: E: missing-call-to-setgroups-before-setuid /usr/bin/Xephyr xorg-x11-server-extra.armv7hl: E: missing-call-to-setgroups-before-setuid /usr/bin/Xnest This executable is calling setuid and setgid without setgroups or initgroups. This means it didn't relinquish all groups, and this would be a potential security issue. xorg-x11-server.spec:373: W: macro-in-comment %patch xorg-x11-server.spec:380: W: macro-in-comment %patch xorg-x11-server.spec:388: W: macro-in-comment %patch xorg-x11-server.spec:391: W: macro-in-comment %patch xorg-x11-server.spec:393: W: macro-in-comment %patch xorg-x11-server.spec:395: W: macro-in-comment %patch xorg-x11-server.spec:553: W: macro-in-comment %postun There is a unescaped macro after a shell style comment in the specfile. Macros are expanded everywhere, so check if it can cause a problem in this case and escape the macro with another leading % if appropriate. xorg-x11-server-source.armv7hl: E: filelist-forbidden-fhs23 /usr/src/xserver File violates FHS 2.3. xorg-x11-server-source.armv7hl: E: env-script-interpreter (Badness: 9) /usr/src/xserver/ltmain.sh /usr/bin/env sh This script uses 'env' as an interpreter. For the rpm runtime dependency detection to work, the shebang #!/usr/bin/env needs to be patched into #!/usr/bin/ otherwise the package dependency generator merely adds a dependency on /usr/bin/env rather than the actual interpreter /usr/bin/. Alternatively, if the file should not be executed, then ensure that it is not marked as executable or don't install it in a path that is reserved for executables. Check time report (>1% & >0.1s): Check Duration (in s) Fraction (in %) Checked files BashismsCheck 7.2 69.4 ExtractRpm 1.6 15.6 BinariesCheck 0.6 5.4 FilesCheck 0.3 2.5 SignatureCheck 0.2 1.8 BuildRootAndDateCheck 0.2 1.6 SpecCheck 0.1 1.3 FilelistCheck 0.1 1.1 TOTAL 10.4 100.0 7 packages and 0 specfiles checked; 14 errors, 28 warnings, 40 filtered, 22 badness; has taken 10.5 s