https://bugzilla.redhat.com/show_bug.cgi?id=2342978 --- Comment #15 from Daniel Berrangé <berrange@xxxxxxxxxx> --- sgx-enclave-latest-ide-unsigned.x86_64: E: statically-linked-binary /usr/x86_64-intel-sgx/lib64/libsgx_id_enclave.so sgx-enclave-latest-pce-unsigned.x86_64: E: statically-linked-binary /usr/x86_64-intel-sgx/lib64/libsgx_pce.so sgx-enclave-latest-qe3-unsigned.x86_64: E: statically-linked-binary /usr/x86_64-intel-sgx/lib64/libsgx_qe3.so sgx-enclave-latest-tdqe-unsigned.x86_64: E: statically-linked-binary /usr/x86_64-intel-sgx/lib64/libsgx_tdqe.so False positive. these are the static SGX enclaves, masquerading as shared object due to intel's wierd file ext choice. sgx-enclave-devel.x86_64: E: static-library-without-debuginfo /usr/x86_64-intel-sgx/lib64/libsgx_capable.a sgx-enclave-devel.x86_64: E: static-library-without-debuginfo /usr/x86_64-intel-sgx/lib64/libsgx_dcap_tvl.a ..snip.. sgx-enclave-devel.x86_64: E: static-library-without-debuginfo /usr/x86_64-intel-sgx/lib64/libsgx_utls.a sgx-enclave-devel.x86_64: E: static-library-without-debuginfo /usr/x86_64-intel-sgx/lib64/libtdx_tls.a False positive. These are all static libs that provide the SGX enclave runtime library. Including debug symbols is not relevant, as you cannot attach a debugger to an SGX enclave. sgx-enclave-latest-ide-unsigned.x86_64: E: spelling-error ('toolchain', 'Summary(en_US) toolchain -> tool chain, tool-chain, blockchain') sgx-enclave-latest-ide-unsigned.x86_64: E: spelling-error ('toolchain', '%description -l en_US toolchain -> tool chain, tool-chain, blockchain') ...snip... sgx-enclave-latest-tdqe-unsigned.x86_64: E: spelling-error ('toolchain', 'Summary(en_US) toolchain -> tool chain, tool-chain, blockchain') sgx-enclave-latest-tdqe-unsigned.x86_64: E: spelling-error ('toolchain', '%description -l en_US toolchain -> tool chain, tool-chain, blockchain') Will change to 'tool-chain' linux-sgx.spec:511: W: setup-not-quiet Will add -q sgx-aesm.x86_64: W: position-independent-executable-suggested /usr/lib64/aesmd/aesm_service sgx-mpa.x86_64: W: position-independent-executable-suggested /usr/bin/mpa_manage sgx-mpa.x86_64: W: position-independent-executable-suggested /usr/bin/mpa_registration sgx-pckid-tool.x86_64: W: position-independent-executable-suggested /usr/bin/PCKIDRetrievalTool tdx-qgs.x86_64: W: position-independent-executable-suggested /usr/bin/qgs Valid complaint. These should be built as PIE binaries, but the SGX build system is horrendous so thus far I've not been able to solve this, and don't propose fixing it for review. Will leave it on my TODO list though, to feed back to upstream. sgx-aesm.x86_64: W: non-standard-uid /run/aesmd aesmd sgx-aesm.x86_64: W: non-standard-uid /var/lib/aesmd aesmd tdx-qgs.x86_64: W: non-standard-uid /run/tdx-qgs qgs tdx-qgs.x86_64: W: non-standard-uid /var/lib/qgs qgs sgx-aesm.x86_64: W: non-standard-gid /run/aesmd aesmd sgx-aesm.x86_64: W: non-standard-gid /var/lib/aesmd aesmd tdx-qgs.x86_64: W: non-standard-gid /run/tdx-qgs qgs tdx-qgs.x86_64: W: non-standard-gid /var/lib/qgs qgs False positive, these user accounts are created by the sysusers files sgx-aesm.x86_64: E: non-standard-dir-perm /run/aesmd 700 tdx-qgs.x86_64: E: non-standard-dir-perm /run/tdx-qgs 700 False positive, and IMHO bug in rpmlint that it only accepts 755 and calls it an error, not warning, as there are plenty of reasons to want other permissions. sgx-enclave-devel.x86_64: W: no-soname /usr/lib64/libsgx_epid_sim.so sgx-enclave-devel.x86_64: W: no-soname /usr/lib64/libsgx_launch_sim.so sgx-enclave-devel.x86_64: W: no-soname /usr/lib64/libsgx_ptrace.so sgx-enclave-devel.x86_64: W: no-soname /usr/lib64/libsgx_quote_ex_sim.so sgx-enclave-devel.x86_64: W: no-soname /usr/lib64/libsgx_uae_service_sim.so sgx-enclave-devel.x86_64: E: invalid-soname /usr/lib64/libsgx_capable.so libsgx_capable.so sgx-enclave-devel.x86_64: E: invalid-soname /usr/lib64/libsgx_urts_sim.so libsgx_urts_sim.so Sigh yes, but not something we should unilaterally fix downstream. Another item to take to upstream sgx-aesm.x86_64: W: no-manual-page-for-binary aesmd sgx-enclave-devel.x86_64: W: no-manual-page-for-binary sgx-gdb sgx-enclave-devel.x86_64: W: no-manual-page-for-binary sgx_config_cpusvn sgx-enclave-devel.x86_64: W: no-manual-page-for-binary sgx_edger8r sgx-enclave-devel.x86_64: W: no-manual-page-for-binary sgx_encrypt sgx-enclave-devel.x86_64: W: no-manual-page-for-binary sgx_sign sgx-mpa.x86_64: W: no-manual-page-for-binary mpa_manage sgx-mpa.x86_64: W: no-manual-page-for-binary mpa_registration sgx-pccs-admin.x86_64: W: no-manual-page-for-binary pccsadmin sgx-pckid-tool.x86_64: W: no-manual-page-for-binary PCKIDRetrievalTool tdx-qgs.x86_64: W: no-manual-page-for-binary qgs Valid, but not to be fixed. Upstream provides docs in PDFs (sic) sgx-enclave-latest-ide-unsigned.x86_64: E: no-ldconfig-symlink /usr/x86_64-intel-sgx/lib64/libsgx_id_enclave.so sgx-enclave-latest-pce-unsigned.x86_64: E: no-ldconfig-symlink /usr/x86_64-intel-sgx/lib64/libsgx_pce.so sgx-enclave-latest-qe3-unsigned.x86_64: E: no-ldconfig-symlink /usr/x86_64-intel-sgx/lib64/libsgx_qe3.so sgx-enclave-latest-tdqe-unsigned.x86_64: E: no-ldconfig-symlink /usr/x86_64-intel-sgx/lib64/libsgx_tdqe.so False positive, again these are SGX enclaves not normal shared libraries, despite the file ext sgx-aesm.x86_64: W: no-documentation sgx-common.x86_64: W: no-documentation sgx-devel.x86_64: W: no-documentation sgx-enclave-devel.x86_64: W: no-documentation sgx-enclave-latest-ide-unsigned.x86_64: W: no-documentation sgx-enclave-latest-pce-unsigned.x86_64: W: no-documentation sgx-enclave-latest-qe3-unsigned.x86_64: W: no-documentation sgx-enclave-latest-tdqe-unsigned.x86_64: W: no-documentation sgx-mpa.x86_64: W: no-documentation sgx-pccs-admin.x86_64: W: no-documentation tdx-attest-devel.x86_64: W: no-documentation tdx-qgs.x86_64: W: no-documentation sgx-common.x86_64: E: no-binary sgx-pccs-admin.x86_64: E: no-binary False positive, since the package is ExclusiveArch x86_64, there's no point making these noarch. linux-sgx.spec: W: no-%check-section No practical tests to run linux-sgx.spec:203: W: macro-in-comment %{dcap_version} linux-sgx.spec:203: W: macro-in-comment %{dcap_version} linux-sgx.spec:1044: W: macro-in-comment %{sgx_includedir} linux-sgx.spec:1046: W: macro-in-comment %{_includedir} False positive, harmless & intentional. sgx-enclave-devel.x86_64: E: lto-no-text-in-archive /usr/x86_64-intel-sgx/lib64/libsgx_pcl.a sgx-enclave-devel.x86_64: E: lto-no-text-in-archive /usr/x86_64-intel-sgx/lib64/libsgx_pclsim.a False positive, Not normal libraries, this is SGX enclave code linux-sgx.spec: W: invalid-url Source3: prebuilt_dcap_1.22-repacked.tar.gz False positive, required due to need to strip forbidden source files. linux-sgx.src: W: invalid-license LicenseRef-Public-Domain sgx-aesm.x86_64: W: invalid-license LicenseRef-Public-Domain ...snip... tdx-attest-libs.x86_64: W: invalid-license LicenseRef-Public-Domain tdx-qgs.x86_64: W: invalid-license LicenseRef-Public-Domain Should be LicenseRef-Fedora-Public-Domain sgx-common.x86_64: W: files-duplicate /usr/share/licenses/sgx-common/licenses/external/dcap_source/tools/SGXPlatformRegistration/inf/MPA_UEFI_Components/License.txt /usr/share/licenses/sgx-common/licenses/external/dcap_source/tools/PCKRetrievalTool/License.txt:/usr/share/licenses/sgx-common/licenses/external/dcap_source/tools/SGXPlatformRegistration/inf/MPA_Network_Components/License.txt Not desirable to change, because while they may currently have matching text, this can change on new releases. sgx-enclave-devel.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/bin/sgx_edger8r Valid, but harmless in this context, so won't change -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2342978 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202342978%23c15 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
