On 3/2/26 5:02 AM, Petr Pisar wrote: > V Sun, Mar 01, 2026 at 04:56:12PM +0000, Globe Trotter via devel napsal(a): >> I am getting the >> following >> https://artifacts.dev.testing-farm.io/61f741bc-5034-47c4-af10-e2636de14594/ >> for the slim package that I maintain. I am wondering: how do I address this? >> Through the spec file? How? >> >> Sorry, I am not very well-versed with all this! > > Me neither. I know there is > <https://codeberg.org/rpminspect/rpminspect-data-fedora> which defines Fedora > policy and exceptions for rpminspect run in Fedora CI. > > If your package indeed needs to contain SUID executables, then you can try > ammend that configuration and create a merge request for it. Maybe there is > sombody listening who is responsible for maintaining the policy. You need fork rpminspect-data-fedora and modify fileinfo/fc43 (because I see in the results you are working on F43 packages), which are the "fileinfo" rules for Fedora 43 in rpminspect-data-fedora. That file looks like this:
https://codeberg.org/rpminspect/rpminspect-data-fedora/src/branch/main/fileinfo/fc43 The format is one file per line, four columns consisting of: * Symbolic mode (e.g., -rwsr-xr-x) * Owner name * Group name * File path The purpose of these rules are to instruct rpminspect on what expected deviations from standard permissions and ownership information should be for built packages. Anything that needs setuid or setgid permissions or a different owner name or group name need to be listed in this file. You cannot carry fileinfo rule overrides in the per-package rpminspect.yaml file because these deviations are considered security policy, so the vendor data package needs to carry them which allows for some oversight in to what has been defined for the distribution. The fileinfo rules in rpminspect-data-fedora are per Fedora release, so I also recommend making them for future releases as necessary if the files will exist there. As a reminder, any package maintainer can submit PRs for rpminspect-data-fedora. The objective there is all package maintainers collaborate on the vendor data policy. Thanks, -- Dave Cantrell <[email protected]> Red Hat, Inc. | Boston, MA | EST5EDT -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
