Bug 168836

Summary: tog-pegasus.spec file issues
Product: Red Hat Enterprise Linux 4 Reporter: Jason Vas Dias <jvdias>
Component: tog-pegasusAssignee: Jason Vas Dias <jvdias>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: notting, tkincaid
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2006-0474 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-22 17:21:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Vas Dias 2005-09-20 15:42:18 UTC 
Description of problem:

Bill Nottingham<notting> reported some issues with the
tog-pegasus.spec file of release 2.4.1-4.2.rhel4 :

Here's the laundry list.

Correctness/Functionality:
   
1) %pre scriptlet requires coreutils, not listed in spec
2) %post scriptlet requires ldconfig, not listed in spec
3) %post scriptlet requires shadow-utils, not listed in spec
4) %preun scriptlet requires procps, grep, remove_initd, not listed in spec
5) %postun scriptlet requires shadow-utils, not listed in spec
6) Makes directories in %pre, %post without checking/setting umask
7) condrestart is in %post, it should be in %postun
8) condrestart is triggered off of "$1" -gt  "1", it should be -ge
9) Uses ps and grep to check for running cimservers, instead of checking
   a pid file (may kill cimservers in chroots)
10) Kills cimserver by hand instead of stopping the server
11) Makes a directory in %post that it ships with the package
12) Runs by default. Makes me nervous. :)
13) The %post parts that create SSL certs don't actually seem to run
    correctly on a test install:
Preparing...                ########################################### [100%]
   1:tog-pegasus            ########################################### [100%]
   chmod: cannot access /etc/Pegasus/*.pem': No such file or directory
   cat: /etc/Pegasus/key.pem: No such file or directory
   cat: /etc/Pegasus/cert.pem: No such file or directory
   cat: /etc/Pegasus/cert.pem: No such file or directory

This is due to:
Mon Sep 19 15:38:24 EDT 2005
error on line 11 of /etc/Pegasus/ssl.cnf
23242:error:0E066065:configuration file routines:CONF_load_bio:missing equal
sign:conf_def.c:366:line 11

because the 'host' invocation mishandles it when it returns MX records.

   Ergo, a default installation won't actually work.

Won't break it, but probably isn't right:

1) Provides tog-pegasus-2.4, an (apparently) superflous provide
2) -devel obsoletes tog-pegasus-sdk, a package we've never shipped - superfluous.
3) Package requires lsb and uses lsb install/remove tools, instead of
   the standard tools. It should directly use chkconfig
4) Installation of the test package stops the service. (thankfully, 
   we don't build this.)
5) It generates SSL certs in %post. openssh does this at startup time
   if necesary, for example.
6) Realistically, the file perms on /etc/Pegasus/ssl.cnf should be set
   before writing to it, but I doubt that really matters much.
7) Shipping the lib<blah>.so in the main package isn't technically right.

Potential improvements:

1) Could ghost certs & ssl config file for checking perms



> > Correctness/Functionality:
> 
> Yes, these missing Requires: should be added to the next release,
> but have no impact on correct package functionality:

Wrong. You're getting correct packaging order on install,
and your scriplets are working, merely by luck.

> > 9) Uses ps and grep to check for running cimservers, instead of checking
> >    a pid file (may kill cimservers in chroots)
> 
> You mean this in %preun:
>  # Check if the cimserver is running
> isRunning=`ps -el | grep cimserver | grep -v "grep cimserver"`
> if [ "$isRunning" ]; then
>         %PEGASUS_SBIN_DIR/cimserver -s  
> fi
> 
> "cimserver -s" will only kill the cimserver listening on
> the /var/run/tog-pegasus/cimxml.socket ( there can be only one ).
> No chroot environment for cimserver is supported - all third party
> apps / libraries DEPEND on the /var/run/tog-pegasus location .

Then... why not test for the lock file, or the socket file?
ps|grep is a hack. Even 'pidof /usr/sbin/cimserver' would
be much better.

> > 10) Kills cimserver by hand instead of stopping the server
> 
> No, "cimserver -s" is the way to kill the cimserver; that is the 
> method used by the initscript.

If you're stopping the service, you stop the service with the
init script, you don't duplicate what the init script does.

> > 11) Makes a directory in %post that it ships with the package
> 
> No, the %install makes the %PEGASUS_LOG_DIR which is in the %files
> section.

And the %post attempts to remake it.

> > 12) Runs by default. Makes me nervous. :)
> 
> NO, IT DOES NOT RUN cimserver BY DEFAULT!!!
> 
> The initscript is copied to its correct location - that is all .
> There is an optional '--define "AUTOSTART 1"' rpm variable, which 
> defaults to '0', which, if > 0, causes the %post script to 'chkconfig
> --add'
> and start up tog-pegasus, but this is NOT the default.

Right, I missed the fact that it doesn't run --add. Which just leads to
more problems:

- Not --adding itself by default is broken - the way to change whether
  or not something starts by default is to change the default in
  the script, not by not running -add.
- Defining the --add or not based on a RPM variable is silly.

> > 13) The %post parts that create SSL certs don't actually seem to run
> >     correctly on a test install:
> > Preparing...                ########################################### [100%]
> >    1:tog-pegasus            ########################################### [100%]
> >    chmod: cannot access /etc/Pegasus/*.pem': No such file or directory
> >    cat: /etc/Pegasus/key.pem: No such file or directory
> >    cat: /etc/Pegasus/cert.pem: No such file or directory
> >    cat: /etc/Pegasus/cert.pem: No such file or directory
> > 
> > This is due to:
> > Mon Sep 19 15:38:24 EDT 2005
> > error on line 11 of /etc/Pegasus/ssl.cnf
> > 23242:error:0E066065:configuration file routines:CONF_load_bio:missing equal
sign:conf_def.c:366:line 11
> > 
> > because the 'host' invocation mishandles it when it returns MX records.
> > 
> >    Ergo, a default installation won't actually work.
> > 
> 
> I cannot reproduce this problem - nor could our QA testers, or the IBM
> or HP testers.
> What glibc / openssl version were you using ? I've just tested this
> again with the 
> RHEL-4-U2 current glibc-2.3.4-2.13 and openssl-0.9.7a-43.2 and all
> the /etc/Pegasus/*.pem 
> files were created OK .
> 
> What OS / glibc / openssl version were you using ?

This was off the devel tree, not RHEL 4, as it's what I had in front
of me at the time. This does appear to be an issue with using
later bind-utils.

(Speaking of which, this means the %post requires net-tools & bind-utils
too)

> > Won't break it, but probably isn't right:
> > 
> > 1) Provides tog-pegasus-2.4, an (apparently) superflous provide
> > 2) -devel obsoletes tog-pegasus-sdk, a package we've never shipped -
superfluous.
> 
> Not quite - tog-pegasus-sdk was in the Beta channels, so we need to get
> tog-pegasus-devel
> to replace it.

Do we normally support upgrading from cruft in the beta channel?

> > 3) Package requires lsb and uses lsb install/remove tools, instead of
> >    the standard tools. It should directly use chkconfig
> 
> By default, no scriptlet uses any initscript installation tools.

Which, as stated above, is wrong... (and by default, it *does*
call remove_initd)

> /usr/lib/lsb/{install,remove}_initd are symbolic links to chkconfig ,
> so the scriptlets would use chkconfig correctly.

That's not the point. The point is that pulling in redhat-lsb implies
a *ton* of unnecessary dependencies; your package now relies on
X libraries, a print server, rsync, ... etc.

> > 5) It generates SSL certs in %post. openssh does this at startup time
> >    if necessary, for example.
> 
> In future, the initscript should do this if the files don't exist, I
> agree.

Instead of %post, actually; it's much cleaner.




Version-Release number of selected component (if applicable):
2.4.1-4.2.rhel4
Comment 1 Jason Vas Dias 2005-09-20 21:55:47 UTC 
This bug is now fixed with tog-pegasus-2.4.1-4.4.rhel4 :

o  All missing 'Requires:' mentioned above added

o  The SSL certificates are now generated if they do not exist, by the 
   initscript, on 'service tog-pegasus start', by invoking the new 
   utility script /usr/share/Pegasus/scripts/genSSLcerts .

o  The genSSLcerts script now correctly deals with the hostname resolving to
   a CNAME, MX/AAAA records being returned, or NXDOMAIN / SERVFAIL responses.

o  condrestart is now correctly triggered by "[ $1 -gt 0 ]" .

o  %postun now uses 'service tog-pegasus stop' instead of 
   'ps ...; cimserver -s'.

o  No directories are created / removed in install/erase scriptlets

o  install/erase scriplets no longer use /usr/lib/lsb/{install,remove}_initd
Comment 2 Bill Nottingham 2006-11-22 17:21:51 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0474.html