[rpms/openssl] rebase_40beta: Silence rpmlint false positives

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/openssl] rebase_40beta: Silence rpmlint false positives
@ 2026-06-09 12:44 Clemens Lang
  0 siblings, 0 replies; only message in thread
From: Clemens Lang @ 2026-06-09 12:44 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 82a6212c47f483fb27a34555ca6b0d61af8521ce
            Author : Clemens Lang <cllang@redhat.com>
            Date   : 2022-04-07T18:14:35+02:00
            Stats  : +13/-0 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/82a6212c47f483fb27a34555ca6b0d61af8521ce?branch=rebase_40beta

            Log:
            Silence rpmlint false positives

capi.so is only useful on Windows, it does not matter that it does not
have dependency information.

The invalid URL warnings are expected for packages with hobbled source
code archives.

We explicitly allow the use of SSL_CTX_set_cipher_list in the openssl(1)
binary.

Signed-off-by: Clemens Lang <cllang@redhat.com>

---
diff --git a/openssl.rpmlintrc b/openssl.rpmlintrc
new file mode 100644
index 0000000..3539843
--- /dev/null
+++ b/openssl.rpmlintrc
@@ -0,0 +1,9 @@
+# capi.so is a dummy only used on Windows, it doesn't need dependency information
+addFilter("E: shared-lib(rary)?-without-dependency-information /usr/lib64/engines-3/capi.so")
+
+# The sources are hobbled and thus not a valid URL. That's expected.
+addFilter("W: invalid-url Source0: openssl-[0-9\\.]+-hobbled.tar.gz")
+
+# Technically this warning is correct, but in the case of the openssl binary we
+# want to allow SSL_CTX_set_cipher_list
+addFilter("W: crypto-policy-non-compliance-openssl /usr/bin/openssl SSL_CTX_set_cipher_list")

diff --git a/openssl.spec b/openssl.spec
index fb4de73..874c0f3 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -24,6 +24,7 @@ Source: openssl-%{version}-hobbled.tar.gz
 Source1: hobble-openssl
 Source2: Makefile.certificate
 Source3: genpatches
+Source4: openssl.rpmlintrc
 Source6: make-dummy-cert
 Source7: renew-dummy-cert
 Source9: configuration-switch.h
@@ -389,6 +390,9 @@ install -m644 %{SOURCE9} \
 
 %changelog
 * Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
+- Silence a few rpmlint false positives.
+
+* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
 - Allow disabling SHA1 signature creation and verification.
   Set rh-allow-sha1-signatures = no to disable.
   Allow SHA1 in TLS in SECLEVEL 1 if rh-allow-sha1-signatures = yes. This will

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: Silence rpmlint false positives Clemens Lang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox