- Support multiple buildhost subdomains in rpminspect.conf (#25).
In Fedora, the s390x packages are built on hosts provided by Red Hat's internal mainframe. These have a buildhost subdomain of .bos.redhat.com while the other architectures carry .fedoraproject.org. The buildhost_subdomain parameter in rpminspect.conf now supports multiple subdomains separated by spaces.
- Add more usage information to the README (#24)
Give more examples on how to use rpminspect at the command line.
- Add support for specifying a list of architectures on the command line (#27)
This is similar to the koji command line option to restrict builds to a subset of architectures. List architectures as a string separated by commas. "noarch" is valid since RPM recognizes that. To note the SRPM, use "src" as the architecture. An example: -a x86_64,ppc64le,src
- Split the -T option out in to -T and -E options (#28)
The biggest issue here was my use of '!' to specify excluded tests. I have now split the option out in to -T to specify tests to run -or- the -E option to specify tests to not run. The options are mutually exclusive and the default mode for rpminspect is to run all applicable tests. If you specify -T, rpminspect disables all tests except the ones you specify with this option. You can use 'ALL' with the -T option if you want to, but that is the default behavior. If you specify -E, rpminspect enables all tests except the ones you specify with this option. If you use 'ALL' with the -E option, all tests are disabled and rpminspect becomes a no-op.New functionality:
- The 'changedfiles' inspection is new and does quite a bit. More on that below.
The rpminspect.conf file now carries the security_path_prefix setting to list path prefixes where security related files reside.
The fetch only mode writes the downloaded Koji build to an NVR
subdirectory rather than the temporary directory structure rpminspect
would use internally.
- It skips non-regular files.
- It skips any files lacking a peer. There are separate inspections that will handle new, removed, and moved files.
- It skips Java class files and jar files (these will be handled by other inspections).
- If a file is gzip'ed, it runs zcmp(1) on the peers and reports if there are changes.
- If a file is bzip2'ed, it runs bzcmp(1) on the peers and reports if there are changes.
- If a file is xz'ed, it runs xzcmp(1) on the peers and reports if there are changes.
- If the file is an ELF object, it runs eu-elfcmp(1) on the peers and reports changes.
- If the file is a gettext message catalog, it unpacks the catalogs to temporary files and runs 'diff -u' on the output and reports changes.
- If the file is a C or C++ header file, it preprocesses the peers to remove comments and runs 'diff -uw' on the output and reports changes.
- Not meeting any of the above special cases, rpminspect compares the SHA-256 digests of the peers and reports if they are different.
This inspection does more than its ancestor did. For one, the compressed file check was interesting because I like how it works for changing compression levels and just looks at the uncompressed content. However, only gzip was handled so I added the others. Also, the digest check occurred before any of the special case handling which resulted in no detailed feedback for those changes.
I look forward to hearing feedback as well as bug reports. I am continuing on the file comparison inspections to get that rounded out.
Builds are available in Copr, rawhide, and F-31.