[This section is Red Hat specific.]
Now that annocheck is being used by the builders for Fedora
and RHEL packages it is possible that certain tests may need to be
waived for certain packages. This can be done on a per-package
basis by editing the contents of the rpminspect.yaml file and
adding an entry like this:
---
annocheck:
- hardened: --skip-property-note --ignore-unknown --verbose
This example shows how the property note test can be ignored. Beware however that doing this overrides the default options that are passed to annocheck by the rpminspect framework, which is why the --ignore-unknown and --verbose options are also included in the example.
Note - for RHEL the above might not work, as the hardened checker is referred to by another name. So if that appears to be the case, please try:
---
annocheck:
- rhel-policy: --skip-property-note --ignore-unknown --verbose
It is also possible to stop annocheck from testing specific files in an rpm by listing them in the rpminspect.yaml file, like this:
---
annocheck:
ignore:
- /usr/libexec/installed-tests/glib/mem-overflow
- /usr/libexec/installed-tests/glib/resources
For more information on rpmdiff see:
https://docs.engineering.redhat.com/display/HTD/rpmdiff-elf-binarylibrary
For more information on the use of annobin in RHEL see:
https://one.redhat.com/rhel-developer-guide/#_annocheck_ensuring_comprehensive_elf_distro_flags
To get more help on deciding whether or not a test should be waived please ask on either of the os-devel-list@redhat.com OS Devel or the rhel-devel@redhat.com RHEL Devel mailing lists.