From 681722e1e340a5e931940eb9b09f9fc580cef02b Mon Sep 17 00:00:00 2001 From: "B. Watson" Date: Sat, 16 Sep 2023 17:01:00 -0400 Subject: sbopkglint: complain if anything is owned by UID or GID >= 1000. --- TODO | 4 ---- sbopkglint.d/05-basic-sanity.t.sh | 3 +++ 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/TODO b/TODO index 8b6d1ef..a52beb9 100644 --- a/TODO +++ b/TODO @@ -1,7 +1,3 @@ -TODO: locale issues break the 'grep -P' in the info check. two - things: (1) use a more reliable way to detect gz files, and - (2) possibly force LANG and LC_* to "C". Or else en_US.UTF-8. -TODO: check ownership of executables? fail if >1000 uid or gid? TODO: if package contains any static libs, don't suggest noarch. TODO: stop checking shared libs for +x and being stripped if they're not directly in /lib /lib64 /usr/lib /usr/lib64. too many packages diff --git a/sbopkglint.d/05-basic-sanity.t.sh b/sbopkglint.d/05-basic-sanity.t.sh index 04d5ef9..d172cf9 100644 --- a/sbopkglint.d/05-basic-sanity.t.sh +++ b/sbopkglint.d/05-basic-sanity.t.sh @@ -201,3 +201,6 @@ find_warnfiles "package contains broken relative symlinks:" \ # we ignore any empty dirs under /var because lots of packages need these. find_warnfiles --note "package contains empty dirs, are these necessary?" \ . -type d -a -empty -a \! -path "./var/*" + +find_warnfiles "package contains files owned by UID/GID >= 1000" \ + . \( -uid +999 -o -gid +999 \) -- cgit v1.2.3