Spec URL: http://my.glux.org/fedora/packages/knot/knot.spec SRPM URL: http://my.glux.org/fedora/packages/knot/knot-0.8.1-1.fc16.src.rpm Description: Knot DNS is a high-performance authoritative-only DNS server which supports all key features of the domain name system including zone transfers, dynamic updates and DNSSEC.
I am not a packager myself, so here are just some comments. Hope they help. * First of all you should run the "rpmlint -i" command on both spec-file and rpm. There are several issues which need to be fixed according to the http://fedoraproject.org/wiki/Packaging/Guidelines $ rpmlint rpmbuild/SPECS/knot.spec rpmbuild/SPECS/knot.spec:6: W: non-standard-group Networking/Daemons rpmbuild/SPECS/knot.spec:19: W: setup-not-quiet rpmbuild/SPECS/knot.spec:22: W: configure-without-libdir-spec rpmbuild/SPECS/knot.spec:29: E: hardcoded-library-path in %{buildroot}/lib/systemd/system/ rpmbuild/SPECS/knot.spec:30: E: use-of-RPM_SOURCE_DIR rpmbuild/SPECS/knot.spec:30: E: hardcoded-library-path in %{buildroot}/lib/systemd/system/%{name}.service rpmbuild/SPECS/knot.spec:41: E: hardcoded-library-path in /lib/systemd/system/%{name}.service 0 packages and 1 specfiles checked; 4 errors, 3 warnings. $ rpmlint knot-0.8.1-1.fc16.x86_64.rpm knot.x86_64: W: name-repeated-in-summary C KNOT knot.x86_64: W: non-standard-group Networking/Daemons knot.x86_64: W: invalid-license GPL knot.x86_64: W: conffile-without-noreplace-flag /etc/knot/knot.sample.conf knot.x86_64: W: conffile-without-noreplace-flag /etc/knot/example.com.zone knot.x86_64: W: one-line-command-in-%post /sbin/ldconfig 1 packages and 0 specfiles checked; 0 errors, 6 warnings * Use %{SOURCE1} instead of $RPM_SOURCE_DIR/%{name}.service http://fedoraproject.org/wiki/Packaging:RPM_Source_Dir * You need better handling for the systemd unit. Check the http://fedoraproject.org/wiki/Packaging:Systemd#Filesystem_locations for %{_unitdir} and ScripletSnippets. * Source tag needs to be Source0 * ldconfig needs to be called twice in %post and %postun sections http://fedoraproject.org/wiki/Packaging/Guidelines#Shared_Libraries * man pages do not go into %docs, they should be installed explicitly * You do not need to set BuildRoot tag explicitly anymore * %defattr is not needed also, since it is the default * systemd unit should not be marked as %config
Thanks for your comment. Fixed: http://my.glux.org/fedora/packages/knot/knot.spec http://my.glux.org/fedora/packages/knot/knot-0.8.1-2.fc16.src.rpm
You're not a packager yet, as far as I can see. If I'm correct, you'll need a sponsor: http://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group * You can drop "-n %{name}-%{version}", because that's the default * rm -rf %{buildroot}/* should not be necessary, except you're aiming for EPEL 5 (then you'd also needed the buildroot definition) * The sharedstatedir can replace %{_var}/lib/ * You should preserve the timestamp on the service file * Ldconfig is not necessary, as there are no libraries in this package * Optflags are not honoured by the compiler * Please be a bit more precise in the changelog * You can use the name macro in Source0 and 1 * You haven't removed %doc from the man pages * Include COPYING, AUTHORS, RELNOTES and KNOWN_ISSUES * License is GPLv3+, not GPLv3 * Defining prefix, sysconfdir, etc. once should be enough (make/make install)
Actually, freshly sponsored, by yours truly.
A think, now is everything fixed. I have read all documents about Fedora packaging and updated the package. New URLs are: Spec URL: http://my.glux.org/fedora/packages/knot/knot.spec SRPM URL: http://my.glux.org/fedora/packages/knot/knot-0.8.1-3.fc16.src.rpm Is everything ok?
%{_libexecdir}/%{name}/* --> %{_libexecdir}/%{name} That takes ownership of the directory and everything below. The configuration directory is without an owner as well. I'd suggest to run the unit tests in a check section, but not to install them, if you don't have a compelling reason. And if so, rather create a sub-package. You need BuildRequires: systemd-units, see http://fedoraproject.org/wiki/Packaging:Systemd#Filesystem_locations Why don't you have a %postun scriplet? See http://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd You can use %{_sharedstatedir} instead of %{_var}/lib (twice) The %attr is not necessary for the configuration file. It defaults to exactly that. In the case of the service file: Pleas use install -p -m644. That gives you the proper permissions plus preserves the timestamp. The configuration files should preserve their original timestamp on installing. I wonder, if the other sample configuration files in the tarball could act as further documentation. (Please delete the empty line at the very bottom.)
Sorry for long response time. Updated .spec and .src.rpm is located here: http://my.glux.org/fedora/packages/knot/knot.spec http://my.glux.org/fedora/packages/knot/knot-1.0.0-4.fc16.src.rpm KNOT-DNS is now updated to yesterday released first stable version 1.0.0 and are fixed probably all problems in package building.
The release number normally restarts with 1 if a new version is released, but it's not a problem. Where is that from? /bin/systemctl %{name}.service >/dev/null 2>&1 || : I can't find it in the scriptlets collection. Did you consider adding the samples directory as documentation? Are the files from the scripts directory useful for users? %{_mandir}/man8/%{name}*.8* would be more precise. %{_mandir}/man8/*.8* would be fine as well. The directory /ect/knot has no owner. I suppose that should therefore be: %config(noreplace) %attr(644,root,root) %{_sysconfdir}/%{name}
I'm happy to see knot 1.0.0 does not distribute WELL1034 PRNG having incompatible license anymore. They moved to BSD-licensed Mersenne Twister. I'd like to ask reviewer to review licenses carefully because this package is collection of a lot of foreign code.
Created attachment 575019 [details] knot spec file
I'll take this review, as I created a spec file and only then saw someone actually already had one :) Stanislav, can you look at my spec file and merge in the changes?
I have merged changes, but we found some problems with knot stability (we are testing the knot on one of our DNS server - cca 40k zones). I will try to release the new spec this weekend with all fixies. Thank you for your spec.
With version 1.0.3 was fixed primary stability problems, so here is the updated package and spec: http://my.glux.org/fedora/packages/knot/knot.spec http://my.glux.org/fedora/packages/knot/knot-1.0.3-1.fc16.src.rpm
Review: a few fixes needed, but mostly okay. Install a valid /etc/knot/knot.conf, not a "sample". Is it possible to open up /etc/knot a little more so non-root can read zone files? That is only protect files that can contain secrets. Use port 53 and not 5353 for knot.conf The init script does not handle recompiling zones. Can you look at the nsd version of the initscripts and do something similar? Perhaps a second service that starts before the knotd starts? Basically, after package install "systemctl start knot.service" should result in a working/running knot daemon, even if with 0 zones and only listing on port 53 of localhost. If $OPTIONS should come from /etc/sysconfig/knot can you add that file with a line #OPTIONS="" to help the user realise that. The man page refers to info pages? But I don't see those (luckily!) Upstream should also state in man page that "-i" and not "-d" is the default (kind of unexpected) Other then that, the package looks good Package Review ============== Key: - = N/A x = Pass ! = Fail ? = Not evaluated ==== C/C++ ==== [x]: MUST Header files in -devel subpackage, if present. [x]: MUST Package does not contain any libtool archives (.la) [x]: MUST Package does not contain kernel modules. [x]: MUST Package contains no static executables. [ ]: MUST Rpath absent or only used for internal libs. [x]: MUST Package is not relocatable. ==== Generic ==== [x]: MUST Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: MUST Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: MUST %build honors applicable compiler flags or justifies otherwise. [x]: MUST All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: MUST Buildroot is not present Note: Unless packager wants to package for EPEL5 this is fine [x]: MUST Package contains no bundled libraries. [x]: MUST Changelog in prescribed format. [x]: MUST Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) Note: Clean would be needed if support for EPEL is required [x]: MUST Sources contain only permissible code or content. [x]: MUST %config files are marked noreplace or the reason is justified. [x]: MUST Each %files section contains %defattr if rpm < 4.4 Note: Note: defattr macros not found. They would be needed for EPEL5 [-]: MUST Macros in Summary, %description expandable at SRPM build time. [x]: MUST Package requires other packages for directories it uses. [x]: MUST Package uses nothing in %doc for runtime. [x]: MUST Package is not known to require ExcludeArch. [x]: MUST Permissions on files are set properly. [x]: MUST Package does not contain duplicates in %files. [x]: MUST Spec file lacks Packager, Vendor, PreReq tags. [x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. Note: rm -rf would be needed if support for EPEL5 is required [-]: MUST Large documentation files are in a -doc subpackage, if required. [x]: MUST If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: MUST License field in the package spec file matches the actual license. [x]: MUST Package consistently uses macros (instead of hard-coded directory names). [x]: MUST Package is named according to the Package Naming Guidelines. [x]: MUST No %config files under /usr. [x]: MUST Package does not generate any conflict. [x]: MUST Package obeys FHS, except libexecdir and /usr/target. [x]: MUST Package must own all directories that it creates. [x]: MUST Package does not own files or directories owned by other packages. [x]: MUST Package installs properly. [x]: MUST Requires correct, justified where necessary. [!]: MUST Rpmlint output is silent. rpmlint knot-1.0.3-1.fc18.i686.rpm knot.i686: W: only-non-binary-in-usr-lib knot.i686: E: non-standard-dir-perm /etc/knot 0644L 1 packages and 0 specfiles checked; 1 errors, 1 warnings. rpmlint knot-1.0.3-1.fc18.src.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. rpmlint knot-debuginfo-1.0.3-1.fc18.i686.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. [x]: MUST Sources used to build the package match the upstream source, as provided in the spec URL. /home/paul/760177/knot-1.0.3.tar.gz : MD5SUM this package : 7e7eec7a71f27760ba64b303c03e09c4 MD5SUM upstream package : 7e7eec7a71f27760ba64b303c03e09c4 [x]: MUST Spec file is legible and written in American English. [x]: MUST Spec file name must match the spec package %{name}, in the format %{name}.spec. [ ]: MUST Package contains a SysV-style init script if in need of one. [x]: MUST File names are valid UTF-8. [x]: MUST Useful -debuginfo package or justification otherwise. [x]: SHOULD Reviewer should test that the package builds in mock. [x]: SHOULD If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: SHOULD Dist tag is present. [ ]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q --requires). [ ]: SHOULD Package functions as described. [x]: SHOULD Latest version is packaged. [x]: SHOULD Package does not include license text files separate from upstream. [x]: SHOULD Scriptlets must be sane, if used. [x]: SHOULD SourceX is a working URL. [ ]: SHOULD Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [ ]: SHOULD Package should compile and build into binary rpms on all supported architectures. [ ]: SHOULD %check is present and all tests pass. [x]: SHOULD Packages should try to preserve timestamps of original installed files. [x]: SHOULD Spec use %global instead of %define. Issues: [!]: MUST Rpmlint output is silent. rpmlint knot-1.0.3-1.fc18.i686.rpm knot.i686: W: only-non-binary-in-usr-lib knot.i686: E: non-standard-dir-perm /etc/knot 0644L 1 packages and 0 specfiles checked; 1 errors, 1 warnings. rpmlint knot-1.0.3-1.fc18.src.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. rpmlint knot-debuginfo-1.0.3-1.fc18.i686.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. See: http://fedoraproject.org/wiki/Packaging/Guidelines#rpmlint Generated by fedora-review 0.1.3 External plugins:
ping?
Still waiting for some important fixies from upstream... :(
Probably fixed all problems. We have these packages now in real production enviroment and without any problems. http://my.glux.org/fedora/packages/knot/knot.spec http://my.glux.org/fedora/packages/knot/knot-1.0.6-1.fc16.src.rpm http://my.glux.org/fedora/packages/knot/knot-1.0.6-1.fc16.x86_64.rpm
it actually fails to compile.... libtool: link: gcc -std=gnu99 -Wall -Ilibknot -DLIBEXECDIR=\"/usr/libexec/knot\" -DSYSCONFDIR=\"/etc/knot\" -DSBINDIR=\"/usr/sbin\" -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -flto -fpredictive-commoning -I/usr/local/include -mmmx -msse -msse2 -msse3 -o unittests acl_tests.o da_tests.o events_tests.o skiplist_tests.o slab_tests.o fdset_tests.o conf_tests.o dthreads_tests.o journal_tests.o server_tests.o unittests_main.o -L/usr/local/lib ./.libs/libknotd.a ./.libs/libknots.a -lz -lcap-ng -lcrypto -lrt -ldl -lurcu -lpthread -lm /tmp/ccT46mqG.ltrans4.ltrans.o: In function `knot_tsig_check_digest': /home/paul/BUILD/knot-1.0.6/src/libknot/tsig-op.c:895: undefined reference to `_Unwind_Resume' /tmp/ccT46mqG.ltrans4.ltrans.o:(.data.DW.ref.__gcc_personality_v0[DW.ref.__gcc_personality_v0]+0x0): undefined reference to `__gcc_personality_v0' /tmp/ccT46mqG.ltrans7.ltrans.o: In function `knot_tsig_sign_next': /home/paul/BUILD/knot-1.0.6/src/libknot/tsig-op.c:768: undefined reference to `_Unwind_Resume' /tmp/ccT46mqG.ltrans9.ltrans.o: In function `ck_hash_item.8158': /home/paul/BUILD/knot-1.0.6/src/libknot/hash/cuckoo-hash-table.c:633: undefined reference to `_Unwind_Resume' /tmp/ccT46mqG.ltrans17.ltrans.o: In function `knot_tsig_sign': /home/paul/BUILD/knot-1.0.6/src/libknot/tsig-op.c:608: undefined reference to `_Unwind_Resume' /tmp/ccT46mqG.ltrans17.ltrans.o: In function `test_knot_tsig_sign.4101': /home/paul/BUILD/knot-1.0.6/src/tests/libknot/libknot/tsig_tests.c:296: undefined reference to `_Unwind_Resume' /tmp/ccT46mqG.ltrans21.ltrans.o: In function `test_knot_tsig_test_tsig_add.4109': /home/paul/BUILD/knot-1.0.6/src/tests/libknot/libknot/tsig_tests.c:654: undefined reference to `_Unwind_Resume' collect2: ld returned 1 exit status make[2]: *** [unittests-libknot] Error 1 make[2]: *** Waiting for unfinished jobs.... /tmp/cc9f7UsX.ltrans3.ltrans.o: In function `ck_hash_item.6913': /home/paul/BUILD/knot-1.0.6/src/libknot/hash/cuckoo-hash-table.c:633: undefined reference to `_Unwind_Resume' /tmp/cc9f7UsX.ltrans3.ltrans.o:(.data.DW.ref.__gcc_personality_v0[DW.ref.__gcc_personality_v0]+0x0): undefined reference to `__gcc_personality_v0' /tmp/cc9f7UsX.ltrans5.ltrans.o: In function `knot_zdump_binary': /usr/include/bits/stdio2.h:98: undefined reference to `_Unwind_Resume' /tmp/cc9f7UsX.ltrans10.ltrans.o: In function `zparser_conv_b32': /home/paul/BUILD/knot-1.0.6/src/zcompile/parser-util.c:1807: undefined reference to `_Unwind_Resume' collect2: ld returned 1 exit status make[2]: *** [knot-zcompile] Error 1 /tmp/ccode4vS.ltrans5.ltrans.o: In function `skip_insert': /home/paul/BUILD/knot-1.0.6/src/common/skip-list.c:298: undefined reference to `_Unwind_Resume' /tmp/ccode4vS.ltrans3.ltrans.o: In function `skip_remove': /home/paul/BUILD/knot-1.0.6/src/common/skip-list.c:341: undefined reference to `_Unwind_Resume' /tmp/ccode4vS.ltrans3.ltrans.o:(.data.DW.ref.__gcc_personality_v0[DW.ref.__gcc_personality_v0]+0x0): undefined reference to `__gcc_personality_v0' /tmp/ccode4vS.ltrans9.ltrans.o: In function `ck_hash_item.21030': /home/paul/BUILD/knot-1.0.6/src/libknot/hash/cuckoo-hash-table.c:633: undefined reference to `_Unwind_Resume' /tmp/ccode4vS.ltrans16.ltrans.o: In function `knot_tsig_check_digest.14672': /home/paul/BUILD/knot-1.0.6/src/libknot/tsig-op.c:895: undefined reference to `_Unwind_Resume' /tmp/ccode4vS.ltrans17.ltrans.o: In function `knot_zdump_binary': /usr/include/bits/stdio2.h:98: undefined reference to `_Unwind_Resume' /tmp/ccode4vS.ltrans23.ltrans.o: In function `knot_tsig_sign': /home/paul/BUILD/knot-1.0.6/src/libknot/tsig-op.c:608: undefined reference to `_Unwind_Resume' collect2: ld returned 1 exit status make[2]: *** [unittests] Error 1 make[2]: Leaving directory `/vol/home/paul/BUILD/knot-1.0.6/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/vol/home/paul/BUILD/knot-1.0.6/src' make: *** [all-recursive] Error 1
I have tested it on Fedora 17 and Fedora 16 64bit with gcc version 4.7.0 20120507 (Red Hat 4.7.0-5) (GCC) and gcc version 4.6.3 20120306 (Red Hat 4.6.3-2) (GCC) and compilation goes without any problem. I expect that error "undefined reference to `_Unwind_Resume'" is problem with gcc or build enviroment and not a bug in this package. I try to fix it with forcing flag -lgcc_eh to gcc, which can probably help. Updated packages: http://my.glux.org/fedora/packages/knot/knot.spec http://my.glux.org/fedora/packages/knot/knot-1.0.6-2.fc17.src.rpm
Perhaps the software assumes that -lgcc_eh gets dragged in automatically, but it should be specifically linked against?
Yes. Can you confirm that the last update fixed this problem in your build environment?
It does fix the issue, but I don't think it is an issue in my build environment. I think the compile is assuming something will get automatically linked in, and the rpm-build environment causes that to fail. I'll pick up the review today and will convert one of my nohats.ca dns servers to knot for actual testing :)
looks like the knot.conf shipped is failing to load? Jun 25 13:58:09 bofh dbus[975]: [system] Successfully activated service 'org.freedesktop.PackageKit' Jun 25 13:58:09 bofh dbus-daemon[975]: dbus[975]: [system] Successfully activated service 'org.freedesktop.PackageKit' Jun 25 13:58:22 bofh knotd[29107]: 2012-06-25T13:58:22.032542-1193042:16 Using '/etc/knot/knot.conf' as default configuration. Jun 25 13:58:22 bofh knotd[29107]: 2012-06-25T13:58:22.032824-1193042:16 Reading configuration '/etc/knot/knot.conf' ... Jun 25 13:58:22 bofh knot[29107]: [error] Config '/etc/knot/knot.conf' - syntax error on line 3 (current token 'pifdile'). Jun 25 13:58:22 bofh knotd[29107]: 2012-06-25T13:58:22.032931-1193042:16 [error] Config '/etc/knot/knot.conf' - syntax error on line 3 (current token 'pifdile'). Note that it says "pifdile" instead of "pidfile". also: No manual entry for knot.conf I'm also getting this on restart: Jun 25 14:15:08 bofh knot[29626]: [warning] Failed to remove PID file. Probably the pid file was made by root? but the daemon has no way overwriting it? you could use a /var/run/knot/knotd.pid that is group knot and group writable? It also seems that the zones are not compiled on start? I added a zone but had to run "knotc compile" manully? Even when dong a "restart" Finally, it seems knot loads the zone, but is not answering me: 2012-06-25T14:18:26.814578-1193042:16 Using '/etc/knot/knot.conf' as default configuration. 2012-06-25T14:18:26.815083-1193042:16 Zone 'nohats.ca.' is up-to-date. and lsof shows its is running on the proper IP and port, but no queries are ever answerd, and running knotd -v in the foreground shows nothing, and I see no errors in syslog.
I just found this page somehow, just co chime in regarding the not answering problem. It seems to be somewhat related to the package or kernel/system libraries in Fedora, as we had the same report from the RPM package user. I'm going to install it and, with a bit of luck, identify the problem shortly.
To be honest I'm kinda stuck. I installed Fedora 17 x86_64 and all the necessary packages. I tried both, to build an RPM and install Knot directly from sources and it works as well. Also I can't figure why did it require libgcc_eh, as we do not use it nor have files in C++. Maybe it's gcc/linker related? I have used gcc-4.7.0 20120507 and ld-2.22.52.0.1-10.gc17 from packages. Or it could be related to the zone used, could you send me a backtrace of all threads after it didn't answer a query?
So there are two possible issues here. 1 - glibc 2.12 exported the recvmmsg symbol event if it wasn't supported by the kernel version and Knot didn't detect it well. This is fixed in latest release (1.1.0) 2 - glibc 2.12+ & kernel-2.6.32-* present in f.e. EL6/CentOS6 has broken implementation of recvmmsg() that doesn't support MSG_WAITFORONE as it should. The expected behavior is to set MSG_DONTWAIT after first received packet, but it doesn't do so, so the answering is stuck until you supply at least ~ 20 queries. This behavior is probably something that will be hard to detect on runtime and therefore, I recommend turning off recvmmsg() support for broken platforms with: ./configure --enable-recvmmsg=no
I just tried it again on my F18 system and knot answers queries without requiring --enable-recvmmsg=no. An EL6 package should still be tested separately though. If you know which kernel fixes this, please put in a Requires: with that version. Can you add support for using /etc/sysconfig/knot, like most daemons? And fix the "pifdile" typo in knot.conf With those changes, it should pass review quickly.
And upgrade to 1.1.0. If you want to check, i have put in the fixes at ftp://ftp.nohats.ca/knot/
perhaps make /etc/knot group knot as well, as reading is restricted. I prefer the directory itself to be readable, and the files therein to be readonly if they contain tsigs, but that's just a personal preference.
ping'ed Stanislav per email. If I don't hear back from him, I'll take this over and get someone else to review my changes.
Just regarding the MSG_WAITFORONE issue. It seems like the recvmmsg was backported from 2.6.33 but the patch for MSG_WAITFORONE from 2.6.34 not, so that could be the problem. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=71c5c1595c04852d6fbf3c4882b47b30b61a4d32 So a kernel >= 2.6.34 or with the patches backported should work.
Fixed packages: http://my.glux.org/fedora/packages/knot/knot.spec http://my.glux.org/fedora/packages/knot/knot-1.1.1-1.fc16.src.rpm
Created attachment 640075 [details] spec for knot 1.1.1-1
Sorry it took me so long to respond to your latest version, but: APPROVED
Created attachment 649868 [details] spec for 1.1.2-1
This bug will be reopened by Ondřej Surý <ondrej.sury>.
*** This bug has been marked as a duplicate of bug 880716 ***