Re: confused by rpminspect automated test

Sun, 08 Mar 2020 04:10:51 -0700 

On Sun, Mar 08, 2020 at 10:59:19AM +0000, Zbigniew Jędrzejewski-Szmek wrote:
> Hi,
> 
> for a recent systemd build, the automated tests results showed failure [1],
> and one of the failing tests was 
> fedora-ci.koji-build.rpminspect.static-analysis.
> 
> When I click on the label, I get redirected to [2], which is a long list
> of stuff like "print message" and "shell script" and "ci notifier". They
> are all green, and after clicking on one of them to unroll it, the
> display jumps, so it took me a while to figure out that the interesting
> item is one of the "shell scripts". Dunno, when doing this a second time
> I wouldn't be confused so much, but a slightly less elaborate UI which
> makes the failing test result more prominent would be nice.
> 
> [1] https://bodhi.fedoraproject.org/updates/FEDORA-2020-b49f1d9b82
> [2] 
> http://fedora-build-checks.apps.ci.centos.org/blue/organizations/jenkins/fedora-rpminspect/detail/fedora-rpminspect/3219/pipeline/

... and dist.rpmgrill [3] is full of bogus advice:

"arch" : "armv7hl",
"code" : "SuspiciousPath",
"context" : {
   "excerpt" : [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
   ],
   "path" : "/usr/bin/systemd-analyze"
},
"diag" : "Potentially insecure PATH element <tt>/local</tt>",
"subpackage" : "systemd"

"context" : {
    "excerpt" : [
       "useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c 
&quot;systemd Core Dumper&quot; systemd-coredump"
    ],
    "lineno" : 532,
    "path" : "systemd.spec",
    "sub" : "%pre"
},
"diag" : "Invocation of <tt>useradd</tt> without specifying a UID; this may be 
OK, because /usr/share/doc/setup/uidgid defines no UID for 
<var>systemd-coredump</var>"

But I see I opened a bug about this in 2017 [4], and not much has changed...

[3] 
https://taskotron.fedoraproject.org/artifacts/all/29f2b7d0-5fb0-11ea-901d-525400364adf/tests.yml/rpmgrill.json
[4] https://bugzilla.redhat.com/show_bug.cgi?id=1436291

How can we expect packagers to take tests and gating seriously when
the most prominent results are ~95% noise?

Zbyszek
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]

Reply via email to