Package netinst-overlays: Repocop

Package name	Architecture	Status	Test name	Update date \	Message
netinst-overlays-0.03-alt1	noarch	ok	checkbashisms	Apr 25, 2024, 02:29 AM	-
netinst-overlays-0.03-alt1	noarch	skip	init-condrestart	Apr 25, 2024, 02:29 AM	-
netinst-overlays-0.03-alt1	noarch	skip	iconsdir	Apr 25, 2024, 02:29 AM	-
netinst-overlays-0.03-alt1	noarch	ok	sisyphus_check	Apr 25, 2024, 02:29 AM	-
netinst-overlays-0.03-alt1	noarch	info	missing-url	Apr 25, 2024, 02:29 AM	Missing Url: in a package.;
netinst-overlays-0.03-alt1	noarch	ok	buildroot	Apr 25, 2024, 02:29 AM	-
netinst-overlays-0.03-alt1	noarch	error	unsafe-tmp-usage-in-scripts	Sep 12, 2022, 05:41 AM	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/overlays-manage: $ grep -A5 -B5 /tmp/ /usr/bin/overlays-manage ExCmd() { # archive file local D D="`mktemp -d`" unsquashfs -d "$D/1" "$1" "$2" cat "$D/1/$2" find "$D" >> /tmp/log 2>&1 rm -rf "$D" } EXTMP= ADDHOSTS="" # what hosts want their hostkey on diskless DST="`logname`@`hostname`" # where to copy overlays;

Version: v24.4.2