cfengine.aarch64: I: binary-or-shlib-calls-gethostbyname /usr/bin/cf-execd libpromises3.aarch64: I: binary-or-shlib-calls-gethostbyname /usr/lib64/cfengine/libpromises.so.3.0.6 The binary calls gethostbyname(). Please port the code to use getaddrinfo(). cfengine-examples.noarch: W: files-duplicate /usr/share/doc/packages/cfengine-examples/peerleaders.cf /usr/share/doc/packages/cfengine-examples/peerleader.cf:/usr/share/doc/packages/cfengine-examples/peers.cf libpromises3.aarch64: W: missing-call-to-chdir-with-chroot /usr/lib64/cfengine/libpromises.so.3.0.6 This executable appears to call chroot without using chdir to change the current directory. This is likely an error and permits an attacker to break out of the chroot by using fchdir. While that's not always a security issue, this has to be checked. cfengine.aarch64: W: non-standard-dir-in-var cfengine Your package is creating a non-standard subdirectory in /var. The standard directories are: account, cache, crash, games, lib, lock, log, mail, opt, run, spool, tmp, yp, www, ftp. cfengine.aarch64: W: suse-filelist-forbidden-fhs23 /var/cfengine is not allowed in FHS 2.3 see http://www.pathname.com/fhs/ for a better location cfengine.aarch64: W: suse-missing-rclink cf-apache cfengine.aarch64: W: suse-missing-rclink cf-hub cfengine.aarch64: W: suse-missing-rclink cf-postgres cfengine.aarch64: W: suse-missing-rclink cf-reactor cfengine.aarch64: W: suse-missing-rclink cf-runalerts cfengine.aarch64: W: suse-missing-rclink cfengine3 The package contains an init script or systemd service file but lacks the symlink /usr/sbin/rcFOO -> /usr/sbin/service cfengine.aarch64: E: env-script-interpreter (Badness: 9) /usr/bin/cf-support /usr/bin/env bash This script uses 'env' as an interpreter. For the rpm runtime dependency detection to work, the shebang #!/usr/bin/env python needs to be patched into #!/usr/bin/python otherwise the package dependency generator merely adds a dependency on /usr/bin/env rather than the actual interpreter /usr/bin/python. Alternatively, if the file should not be executed, then ensure that it is not marked as executable or don't install it in a path that is reserved for executables. 5 packages and 0 specfiles checked; 1 errors, 10 warnings.