public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Clemens Lang <cllang@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: Silence rpmlint false positives
Date: Tue, 09 Jun 2026 12:44:58 GMT [thread overview]
Message-ID: <178100909851.1.8786991323438704535.rpms-openssl-82a6212c47f4@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 82a6212c47f483fb27a34555ca6b0d61af8521ce
Author : Clemens Lang <cllang@redhat.com>
Date : 2022-04-07T18:14:35+02:00
Stats : +13/-0 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/82a6212c47f483fb27a34555ca6b0d61af8521ce?branch=rebase_40beta
Log:
Silence rpmlint false positives
capi.so is only useful on Windows, it does not matter that it does not
have dependency information.
The invalid URL warnings are expected for packages with hobbled source
code archives.
We explicitly allow the use of SSL_CTX_set_cipher_list in the openssl(1)
binary.
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
diff --git a/openssl.rpmlintrc b/openssl.rpmlintrc
new file mode 100644
index 0000000..3539843
--- /dev/null
+++ b/openssl.rpmlintrc
@@ -0,0 +1,9 @@
+# capi.so is a dummy only used on Windows, it doesn't need dependency information
+addFilter("E: shared-lib(rary)?-without-dependency-information /usr/lib64/engines-3/capi.so")
+
+# The sources are hobbled and thus not a valid URL. That's expected.
+addFilter("W: invalid-url Source0: openssl-[0-9\\.]+-hobbled.tar.gz")
+
+# Technically this warning is correct, but in the case of the openssl binary we
+# want to allow SSL_CTX_set_cipher_list
+addFilter("W: crypto-policy-non-compliance-openssl /usr/bin/openssl SSL_CTX_set_cipher_list")
diff --git a/openssl.spec b/openssl.spec
index fb4de73..874c0f3 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -24,6 +24,7 @@ Source: openssl-%{version}-hobbled.tar.gz
Source1: hobble-openssl
Source2: Makefile.certificate
Source3: genpatches
+Source4: openssl.rpmlintrc
Source6: make-dummy-cert
Source7: renew-dummy-cert
Source9: configuration-switch.h
@@ -389,6 +390,9 @@ install -m644 %{SOURCE9} \
%changelog
* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
+- Silence a few rpmlint false positives.
+
+* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
- Allow disabling SHA1 signature creation and verification.
Set rh-allow-sha1-signatures = no to disable.
Allow SHA1 in TLS in SECLEVEL 1 if rh-allow-sha1-signatures = yes. This will
reply other threads:[~2026-06-09 12:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100909851.1.8786991323438704535.rpms-openssl-82a6212c47f4@fedoraproject.org \
--to=cllang@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox