Skip to content

@dcantrell dcantrell released this Aug 26, 2019 · 91 commits to master since this release

rpminspect-0.4 is now available with the following improvements and bug fixes:

  • Support multiple buildhost subdomains in rpminspect.conf (#25)

In Fedora, the s390x packages are built on hosts provided by Red Hat's internal mainframe. These have a buildhost subdomain of while the other architectures carry The buildhost_subdomain parameter in rpminspect.conf now supports multiple subdomains separated by spaces.

  • Add more usage information to the README (#24)

Give more examples on how to use rpminspect at the command line.

  • Add support for specifying a list of architectures on the command line (#27)

This is similar to the koji command line option to restrict builds to a subset of architectures. List architectures as a string separated by commas. "noarch" is valid since RPM recognizes that. To note the SRPM, use "src" as the architecture. An example: -a x86_64,ppc64le,src

  • Split the -T option out in to -T and -E options (#28)

The biggest issue here was my use of '!' to specify excluded tests. I have now split the option out in to -T to specify tests to run -or- the -E option to specify tests to not run. The options are mutually exclusive and the default mode for rpminspect is to run all applicable tests. If you specify -T, rpminspect disables all tests except the ones you specify with this option. You can use 'ALL' with the -T option if you want to, but that is the default behavior. If you specify -E, rpminspect enables all tests except the ones you specify with this option. If you use 'ALL' with the -E option, all tests are disabled and rpminspect becomes a no-op.

New functionality:

  • The 'changedfiles' inspection is new and does quite a bit. This inspection only runs when comparing builds and the objective is to report changes between file peers. It only runs for regular files and skips any files lacking a peer since other inspections will handle those modes. For compressed files, changedfiles performs a zcmp/bzcmp/xzcmp and reports if there are differences. The reason for this is to account for changing compression levels but unchanged uncompressed content. For ELF objects, rpminspect runs eu-elfcmp and reports. If the file is a gettext message catalog (.mo files), it runs the file through msgunfmt and compares that output then reports. C and C++ header files are preprocessed and compared with 'diff -uw' to report possible API changes. Lastly, for any file peers not hitting a special case, the SHA-256 digests are compared and if they differ then rpminspect reports.

  • The rpminspect.conf file now carries the security_path_prefix setting to list path prefixes where security related files reside.

  • The fetch only mode writes the downloaded Koji build to an NVR subdirectory rather than the temporary directory structure rpminspect would use internally.

Builds are available in Copr and will be available in rawhide soon.

Assets 4
You can’t perform that action at this time.