Silence rpmlint false positives

capi.so is only useful on Windows, it does not matter that it does not
have dependency information.

The invalid URL warnings are expected for packages with hobbled source
code archives.

We explicitly allow the use of SSL_CTX_set_cipher_list in the openssl(1)
binary.

(cherry picked from commit 82a6212c47)

Signed-off-by: Clemens Lang <cllang@redhat.com>

openssl.rpmlintrc

@@ -0,0 +1,9 @@
+# capi.so is a dummy only used on Windows, it doesn't need dependency information
+addFilter("E: shared-lib(rary)?-without-dependency-information /usr/lib64/engines-3/capi.so")
+
+# The sources are hobbled and thus not a valid URL. That's expected.
+addFilter("W: invalid-url Source0: openssl-[0-9\\.]+-hobbled.tar.gz")
+
+# Technically this warning is correct, but in the case of the openssl binary we
+# want to allow SSL_CTX_set_cipher_list
+addFilter("W: crypto-policy-non-compliance-openssl /usr/bin/openssl SSL_CTX_set_cipher_list")

openssl.spec

@@ -24,6 +24,7 @@ Source: openssl-%{version}-hobbled.tar.gz
 Source1: hobble-openssl
 Source2: Makefile.certificate
 Source3: genpatches
+Source4: openssl.rpmlintrc
 Source6: make-dummy-cert
 Source7: renew-dummy-cert
 Source9: configuration-switch.h
@@ -388,6 +389,9 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
+- Silence a few rpmlint false positives.
+
 * Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
 - Allow disabling SHA1 signature creation and verification.
   Set rh-allow-sha1-signatures = no to disable.