Silence rpmlint false positives
capi.so is only useful on Windows, it does not matter that it does not
have dependency information.
The invalid URL warnings are expected for packages with hobbled source
code archives.
We explicitly allow the use of SSL_CTX_set_cipher_list in the openssl(1)
binary.
(cherry picked from commit 82a6212c47
)
Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
parent
2fdd24a724
commit
fb4c39d764
9
openssl.rpmlintrc
Normal file
9
openssl.rpmlintrc
Normal file
@ -0,0 +1,9 @@
|
||||
# capi.so is a dummy only used on Windows, it doesn't need dependency information
|
||||
addFilter("E: shared-lib(rary)?-without-dependency-information /usr/lib64/engines-3/capi.so")
|
||||
|
||||
# The sources are hobbled and thus not a valid URL. That's expected.
|
||||
addFilter("W: invalid-url Source0: openssl-[0-9\\.]+-hobbled.tar.gz")
|
||||
|
||||
# Technically this warning is correct, but in the case of the openssl binary we
|
||||
# want to allow SSL_CTX_set_cipher_list
|
||||
addFilter("W: crypto-policy-non-compliance-openssl /usr/bin/openssl SSL_CTX_set_cipher_list")
|
@ -24,6 +24,7 @@ Source: openssl-%{version}-hobbled.tar.gz
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
Source3: genpatches
|
||||
Source4: openssl.rpmlintrc
|
||||
Source6: make-dummy-cert
|
||||
Source7: renew-dummy-cert
|
||||
Source9: configuration-switch.h
|
||||
@ -388,6 +389,9 @@ install -m644 %{SOURCE9} \
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
|
||||
- Silence a few rpmlint false positives.
|
||||
|
||||
* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
|
||||
- Allow disabling SHA1 signature creation and verification.
|
||||
Set rh-allow-sha1-signatures = no to disable.
|
||||
|
Loading…
Reference in New Issue
Block a user