# Electron bundles its own copies of system libraries - this is expected for Electron apps
securedrop-app: embedded-library freetype [usr/lib/securedrop-app/securedrop-app]
securedrop-app: embedded-library lcms2 [usr/lib/securedrop-app/securedrop-app]
securedrop-app: embedded-library libjpeg [usr/lib/securedrop-app/securedrop-app]
securedrop-app: embedded-library libjsoncpp [usr/lib/securedrop-app/securedrop-app]
securedrop-app: embedded-library openjpeg [usr/lib/securedrop-app/securedrop-app]
securedrop-app: embedded-library srtp [usr/lib/securedrop-app/securedrop-app]
securedrop-app: embedded-library tiff [usr/lib/securedrop-app/securedrop-app]

# Description is in debian/control - this is a false positive
securedrop-app: extended-description-is-empty

# Section will be properly configured before release
securedrop-app: section-is-dh_make-template

# dbmate is a statically-linked Go binary - this is expected
securedrop-app: statically-linked-binary [usr/lib/securedrop-app/resources/bin/dbmate]

# Electron bundles all dependencies - undeclared ELF prerequisites are expected
securedrop-app: undeclared-elf-prerequisites *

# Electron bundles its own shared libraries, ldconfig not needed
securedrop-app: package-has-unnecessary-activation-of-ldconfig-trigger

# We're not stripping debug symbols
securedrop-app: unstripped-binary-or-object

# chrome-sandbox needs to be setuid
securedrop-app: elevated-privileges 4755 root/root [usr/lib/securedrop-app/chrome-sandbox]

# Don't care
securedrop-app: no-manual-page

# We override conffile for /etc/
securedrop-app: control-file-is-empty [conffiles]
