============================ rpmlint session starts ============================
rpmlint: 2.7.0
configuration:
    /opt/testing/lib/python3.13/rpmlint/configdefaults.toml
    /opt/testing/share/rpmlint/cron-whitelist.toml
    /opt/testing/share/rpmlint/dbus-services.toml
    /opt/testing/share/rpmlint/device-files-whitelist.toml
    /opt/testing/share/rpmlint/licenses.toml
    /opt/testing/share/rpmlint/opensuse.toml
    /opt/testing/share/rpmlint/pam-modules.toml
    /opt/testing/share/rpmlint/permissions-whitelist.toml
    /opt/testing/share/rpmlint/pie-executables.toml
    /opt/testing/share/rpmlint/polkit-rules-whitelist.toml
    /opt/testing/share/rpmlint/scoring.toml
    /opt/testing/share/rpmlint/security.toml
    /opt/testing/share/rpmlint/sudoers-whitelist.toml
    /opt/testing/share/rpmlint/sysctl-whitelist.toml
    /opt/testing/share/rpmlint/systemd-tmpfiles.toml
    /opt/testing/share/rpmlint/users-groups.toml
    /opt/testing/share/rpmlint/world-writable-whitelist.toml
    /opt/testing/share/rpmlint/zypper-plugins.toml
    /etc/xdg/rpmlint/scoring-strict.override.toml
checks: 41, packages: 14

freeradius-server.armv7hl: E: zero-length /var/log/radius/radius.log
freeradius-server.armv7hl: E: zero-length /var/log/radius/radutmp
freeradius-server-doc.armv7hl: E: version-control-internal-file /usr/share/doc/packages/freeradius-server-doc/antora/modules/unlang/.gitignore
You have included file(s) internally used by a version control system in the
package. Move these files out of the package and rebuild it.

freeradius-server.armv7hl: E: non-executable-script /etc/raddb/mods-config/realm/freeradius-naptr-to-home-server.sh 640 /bin/sh
freeradius-server-sqlite.armv7hl: E: non-executable-script /etc/raddb/mods-config/sql/main/sqlite/process-radacct-close-after-reload.pl 640 /usr/bin/perl -Tw
freeradius-server-sqlite.armv7hl: E: non-executable-script /etc/raddb/mods-config/sql/main/sqlite/process-radacct-new-data-usage-period.sh 640 /bin/sh
This text file contains a shebang or is located in a path dedicated for
executables, but lacks the executable bits and cannot thus be executed. If the
file is meant to be an executable script, add the executable bits, otherwise
remove the shebang or move the file elsewhere.

freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/README.rst
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/certs/Makefile
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/certs/README.md
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/certs/bootstrap
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/certs/passwords.mk
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/certs/realms/README.md
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/certs/xpextensions
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/mods-available/README.rst
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/mods-config/README.rst
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/mods-config/unbound/default.conf
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/panic.gdb
freeradius-server.armv7hl: W: non-conffile-in-etc /etc/raddb/sites-available/README
freeradius-server-mysql.armv7hl: W: non-conffile-in-etc /etc/raddb/mods-config/sql/main/ndb/README
freeradius-server-perl.armv7hl: W: non-conffile-in-etc /etc/raddb/mods-config/perl/example.pl
freeradius-server-python3.armv7hl: W: non-conffile-in-etc /etc/raddb/mods-config/python3/example.py
freeradius-server-python3.armv7hl: W: non-conffile-in-etc /etc/raddb/mods-config/python3/radiusd.py
A non-executable file in your package is being installed in /etc, but is not a
configuration file. All non-executable files in /etc should be configuration
files. Mark the file as %config in the spec file.

freeradius-server-devel.armv7hl: E: no-binary
freeradius-server-doc.armv7hl: E: no-binary
freeradius-server-ldap-schemas.armv7hl: E: no-binary
The package should be of the noarch architecture because it doesn't contain
any binaries.

freeradius-server.spec: W: no-%check-section
The spec file does not contain an %check section. Please check if the package
has a testsuite and what it takes to enable the testsuite as part of the
package build. If it is not possible to run it in the build environment
(OBS/koji) or no testsuite exists, then please ignore this warning. You should
not insert an empty %check section.

freeradius-server-libs.armv7hl: E: missing-call-to-setgroups-before-setuid /usr/lib/freeradius/libfreeradius-server.so
This executable is calling setuid and setgid without setgroups or initgroups.
This means it didn't relinquish all groups, and this would be a potential
security issue.

freeradius-server.armv7hl: E: logrotate-log-dir-not-packaged /var/log/radius/radacct/*
Please add the specified directory to the file list to be able to check
permissions.

freeradius-server.armv7hl: E: incoherent-logrotate-file /etc/logrotate.d/radiusd
Your logrotate file should be named /etc/logrotate.d/<package name>.

freeradius-server-doc.armv7hl: W: hidden-file-or-dir /usr/share/doc/packages/freeradius-server-doc/antora/modules/unlang/.gitignore
The file or directory is hidden. You should see if this is normal, and delete
it from the package if not.

freeradius-server-devel.armv7hl: W: files-duplicate /usr/include/freeradius/rfc5176.h /usr/include/freeradius/rfc3580.h:/usr/include/freeradius/rfc4603.h
Your package contains duplicated files that are not hard- or symlinks. You
should use the %fdupes macro to link the files to one.

freeradius-server.armv7hl: E: file-parent-ownership-mismatch Path "/etc/raddb/certs/realms/README.md" owned by "root" is stored in directory owned by "radiusd"
A file or directory is stored in a directory owned by another unprivileged
user. This is a security issue since the owner of the parent directory can
replace this file/directory with a different one.

freeradius-server-utils.armv7hl: E: env-script-interpreter (Badness: 9) /usr/bin/radsecret /usr/bin/env perl
This script uses 'env' as an interpreter. For the rpm runtime dependency
detection to work, the shebang #!/usr/bin/env <interpreter>  needs to be
patched into #!/usr/bin/<interpreter>  otherwise the package dependency
generator merely adds a dependency on /usr/bin/env rather than the actual
interpreter /usr/bin/<interpreter>.  Alternatively, if the file should not be
executed, then ensure that it is not marked as executable or don't install it
in a path that is reserved for executables.

Check time report (>1% & >0.1s):
    Check                            Duration (in s)   Fraction (in %)  Checked files
    BinariesCheck                                1.7              35.2               
    BashismsCheck                                1.4              27.6               
    ExtractRpm                                   1.0              19.8               
    FilesCheck                                   0.3               5.1               
    SignatureCheck                               0.2               3.6               
    SpecCheck                                    0.1               2.3               
    TOTAL                                        5.0             100.0               

 14 packages and 0 specfiles checked; 14 errors, 20 warnings, 383 filtered, 22 badness; has taken 5.0 s