Silence rpmlint false positives

capi.so is only useful on Windows, it does not matter that it does not
have dependency information.

The invalid URL warnings are expected for packages with hobbled source
code archives.

We explicitly allow the use of SSL_CTX_set_cipher_list in the openssl(1)
binary.

Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
Clemens Lang 2022-04-06 17:45:04 +02:00
parent 432cfa2baa
commit 82a6212c47
2 changed files with 13 additions and 0 deletions

9
openssl.rpmlintrc Normal file
View File

@ -0,0 +1,9 @@
# capi.so is a dummy only used on Windows, it doesn't need dependency information
addFilter("E: shared-lib(rary)?-without-dependency-information /usr/lib64/engines-3/capi.so")
# The sources are hobbled and thus not a valid URL. That's expected.
addFilter("W: invalid-url Source0: openssl-[0-9\\.]+-hobbled.tar.gz")
# Technically this warning is correct, but in the case of the openssl binary we
# want to allow SSL_CTX_set_cipher_list
addFilter("W: crypto-policy-non-compliance-openssl /usr/bin/openssl SSL_CTX_set_cipher_list")

View File

@ -24,6 +24,7 @@ Source: openssl-%{version}-hobbled.tar.gz
Source1: hobble-openssl
Source2: Makefile.certificate
Source3: genpatches
Source4: openssl.rpmlintrc
Source6: make-dummy-cert
Source7: renew-dummy-cert
Source9: configuration-switch.h
@ -388,6 +389,9 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs
%changelog
* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
- Silence a few rpmlint false positives.
* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
- Allow disabling SHA1 signature creation and verification.
Set rh-allow-sha1-signatures = no to disable.