Bug 226214
| Summary: | Merge Review: openldap | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nobody's working on this, feel free to take it <nobody> |
| Component: | Package Review | Assignee: | Gwyn Ciesla <gwync> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Package Reviews List <fedora-package-review> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | fenlason, jsafrane |
| Target Milestone: | --- | Flags: | gwync:
fedora-review+
|
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-01-25 17:12:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 426387 | ||
|
Description
Nobody's working on this, feel free to take it
2007-01-31 20:18:48 UTC
rpmlint on SRPM:
openldap.src:351: E: use-of-RPM_SOURCE_DIR
You use $RPM_SOURCE_DIR or %{_sourcedir} in your spec file. If you have to
use a directory for building, use $RPM_BUILD_ROOT instead.
openldap.src:750: W: macro-in-%changelog _sbindir
Macros are expanded in %changelog too, which can in unfortunate cases lead
to the package not building at all, or other subtle unexpected conditions that
affect the build. Even when that doesn't happen, the expansion results in
possibly "rewriting history" on subsequent package revisions and generally
odd entries eg. in source rpms, which is rarely wanted. Avoid use of macros
in %changelog altogether, or use two '%'s to escape them, like '%%foo'.
openldap.src:821: W: macro-in-%changelog _sysconfdir
Macros are expanded in %changelog too, which can in unfortunate cases lead
to the package not building at all, or other subtle unexpected conditions that
affect the build. Even when that doesn't happen, the expansion results in
possibly "rewriting history" on subsequent package revisions and generally
odd entries eg. in source rpms, which is rarely wanted. Avoid use of macros
in %changelog altogether, or use two '%'s to escape them, like '%%foo'.
openldap.src:1073: W: macro-in-%changelog _prefix
Macros are expanded in %changelog too, which can in unfortunate cases lead
to the package not building at all, or other subtle unexpected conditions that
affect the build. Even when that doesn't happen, the expansion results in
possibly "rewriting history" on subsequent package revisions and generally
odd entries eg. in source rpms, which is rarely wanted. Avoid use of macros
in %changelog altogether, or use two '%'s to escape them, like '%%foo'.
openldap.src: W: mixed-use-of-spaces-and-tabs (spaces: line 158, tab: line 177)
The specfile mixes use of spaces and tabs for indentation, which is a
cosmetic annoyance. Use either spaces or tabs for indentation, not both.
All easily correctable.
rpmlint on rpms:
openldap.i386: W: obsolete-not-provided compat-openldap
If a package is obsoleted by a compatible replacement, the obsoleted package
must also be provided in order to provide clean upgrade paths and not cause
unnecessary dependency breakage. If the obsoleting package is not a compatible
replacement for the old one, leave out the provides.
Fix.
openldap-clients.i386: W: summary-ended-with-dot Client programs for OpenLDAP.
Summary ends with a dot.
openldap-devel.i386: W: file-not-utf8
/usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt
The character encoding of this file is not UTF-8. Consider converting it
in the specfile for example using iconv(1).
openldap-devel.i386: W: file-not-utf8
/usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-acl-model-xx.txt
The character encoding of this file is not UTF-8. Consider converting it
in the specfile for example using iconv(1).
openldap-devel.i386: W: summary-ended-with-dot OpenLDAP development libraries
and header files.
Summary ends with a dot.
All fixable.
openldap-devel.i386: W: one-line-command-in-%post /sbin/ldconfig
You should use %post -p <command> instead of using:
%post
<command>
It will avoid the fork of a shell interpreter to execute your command as
well as allows rpm to automatically mark the dependency on your command
for the excecution of the scriptlet.
openldap-devel.i386: W: one-line-command-in-%postun /sbin/ldconfig
You should use %postun -p <command> instead of using:
%postun
<command>
It will avoid the fork of a shell interpreter to execute your command as
well as allows rpm to automatically mark the dependency on your command
for the excecution of the scriptlet.
Should fix.
openldap-servers.i386: W: non-conffile-in-etc /etc/openldap/schema/README
A non-executable file in your package is being installed in /etc, but is not
a configuration file. All non-executable files in /etc should be configuration
files. Mark the file as %config in the spec file.
Possibly move to %doc, rename schema-README?
openldap-servers.i386: E: non-readable /etc/sysconfig/ldap 0640
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).
openldap-servers.i386: E: non-standard-gid /etc/openldap/slapd.conf ldap
A file in this package is owned by a non standard group.
Standard groups are:
root, bin, daemon, sys, adm, tty, disk, lp, mem, kmem, wheel, mail,
news, uucp, man, games, gopher, dip, ftp, lock, nobody, users
openldap-servers.i386: E: non-readable /etc/openldap/slapd.conf 0640
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).
Not problems.
openldap-servers.i386: E: executable-marked-as-config-file /etc/rc.d/init.d/ldap
Executables must not be marked as config files because that may
prevent upgrades from working correctly. If you need to be able to
customize an executable, make it for example read a config file in
/etc/sysconfig.
Problem.
openldap-servers.i386: E: non-standard-gid /etc/openldap/DB_CONFIG.example ldap
A file in this package is owned by a non standard group.
Standard groups are:
root, bin, daemon, sys, adm, tty, disk, lp, mem, kmem, wheel, mail,
news, uucp, man, games, gopher, dip, ftp, lock, nobody, users
openldap-servers.i386: E: non-readable /etc/openldap/DB_CONFIG.example 0640
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).
Ok.
openldap-servers.i386: W: non-conffile-in-etc /etc/openldap/DB_CONFIG.example
A non-executable file in your package is being installed in /etc, but is not
a configuration file. All non-executable files in /etc should be configuration
files. Mark the file as %config in the spec file.
Move to %doc?
openldap-servers.i386: E: non-standard-uid /var/lib/ldap ldap
A file in this package is owned by a non standard user.
Standard users are:
root, bin, daemon, adm, lp, sync, shutdown, halt, mail, news, uucp,
operator, games, gopher, ftp, nobody
openldap-servers.i386: E: non-standard-gid /var/lib/ldap ldap
A file in this package is owned by a non standard group.
Standard groups are:
root, bin, daemon, sys, adm, tty, disk, lp, mem, kmem, wheel, mail,
news, uucp, man, games, gopher, dip, ftp, lock, nobody, users
openldap-servers.i386: E: non-standard-dir-perm /var/lib/ldap 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.
openldap-servers.i386: E: non-standard-uid /var/run/openldap ldap
A file in this package is owned by a non standard user.
Standard users are:
root, bin, daemon, adm, lp, sync, shutdown, halt, mail, news, uucp,
operator, games, gopher, ftp, nobody
openldap-servers.i386: E: non-standard-gid /var/run/openldap ldap
A file in this package is owned by a non standard group.
Standard groups are:
root, bin, daemon, sys, adm, tty, disk, lp, mem, kmem, wheel, mail,
news, uucp, man, games, gopher, dip, ftp, lock, nobody, users
Ok.
openldap-servers.i386: W: summary-ended-with-dot OpenLDAP servers and related files.
Summary ends with a dot.
Fix.
openldap-servers.i386: W: conffile-without-noreplace-flag
/etc/pki/tls/certs/slapd.pem
A configuration file is stored in your package without the noreplace flag.
A way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here
openldap-servers.i386: W: conffile-without-noreplace-flag /etc/rc.d/init.d/ldap
A configuration file is stored in your package without the noreplace flag.
A way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here
Fix.
openldap-servers.i386: E: file-in-usr-marked-as-conffile
/usr/share/openldap/migration/migrate_common.ph
A file in /usr is marked as being a configuration file.
Store your conf files in /etc/ instead.
Why is this marked conf and not in etc?
openldap-servers.i386: W: spurious-bracket-in-%pre
The %pre scriptlet contains an "if []" construct without a space before
the "]".
Fix.
openldap-servers.i386: W: dangerous-command-in-%pre chown
openldap-servers.i386: W: dangerous-command-in-%post rm
openldap-servers.i386: W: spurious-bracket-in-%preun
The %preun scriptlet contains an "if []" construct without a space before
the "]".
openldap-servers.i386: W: dangerous-command-in-%preun rm
openldap-servers.i386: W: no-reload-entry /etc/rc.d/init.d/ldap
In your init script (/etc/rc.d/init.d/your_file), you don't
have a 'reload' entry, which is necessary for good functionality.
Could be replaced by %exclude and %attr in %files.
openldap-servers.i386: W: incoherent-init-script-name ldap
The init script name should be the same as the package name in lower case,
or one with 'd' appended if it invokes a process by that name.
What would be broken if this was fixed?
openldap-servers-sql.i386: W: spurious-executable-perm
/usr/share/doc/openldap-servers-sql-2.4.7/rdbms_depend/timesten/create_schema.sh
The file is installed with executable permissions, but was identified as one
that probably should not be executable. Verify if the executable bits are
desired, and remove if not.
openldap-servers-sql.i386: W: spurious-executable-perm
/usr/share/doc/openldap-servers-sql-2.4.7/rdbms_depend/timesten/ttcreate_schema.sh
The file is installed with executable permissions, but was identified as one
that probably should not be executable. Verify if the executable bits are
desired, and remove if not.
openldap-servers-sql.i386: W: summary-ended-with-dot OpenLDAP server SQL support
module.
Summary ends with a dot.
Fix.
Should .a files be in a -static subpackage?
Otherwise, no blockers.
Thanks for review! > rpmlint on SRPM: > > openldap.src:351: E: use-of-RPM_SOURCE_DIR > You use $RPM_SOURCE_DIR or %{_sourcedir} in your spec file. If you have to > use a directory for building, use $RPM_BUILD_ROOT instead. Fixed > openldap.src:750: W: macro-in-%changelog _sbindir > Macros are expanded in %changelog too, which can in unfortunate cases lead All macros in changelog are fixed. > openldap.src: W: mixed-use-of-spaces-and-tabs Fixed > rpmlint on rpms: > > openldap.i386: W: obsolete-not-provided compat-openldap > If a package is obsoleted by a compatible replacement, the obsoleted package > must also be provided in order to provide clean upgrade paths and not cause > unnecessary dependency breakage. If the obsoleting package is not a compatible > replacement for the old one, leave out the provides. > The compat-openldap is *not* obsoleted by compatible replacement. It just does not exists anymore and I want it to be removed on update (otherwise openldap cannot be updated by yum, because compat-openldap will require the same version of openldap to be installed). > openldap-clients.i386: W: summary-ended-with-dot Client programs for OpenLDAP. > Summary ends with a dot. > > openldap-devel.i386: W: summary-ended-with-dot OpenLDAP development libraries > and header files. > Summary ends with a dot. Both fixed. > openldap-devel.i386: W: file-not-utf8 > /usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt > The character encoding of this file is not UTF-8. > > openldap-devel.i386: W: file-not-utf8 > /usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-acl-model-xx.txt > The character encoding of this file is not UTF-8. It's some sort of official document and I dont' think it's appropriate to convert it to UTF-8. Apart from that, there are only 3 non-UTF-* characters in these documents. > openldap-devel.i386: W: one-line-command-in-%post /sbin/ldconfig > You should use %post -p <command> Fixed > openldap-servers.i386: W: non-conffile-in-etc /etc/openldap/schema/README > A non-executable file in your package is being installed in /etc, but is not > a configuration file. All non-executable files in /etc should be configuration > files. Mark the file as %config in the spec file. > > Possibly move to %doc, rename schema-README? Moved to %doc as README.schema > openldap-servers.i386: E: non-readable /etc/sysconfig/ldap 0640 > The file can't be read by everybody. It is readable now. > openldap-servers.i386: E: non-standard-gid /etc/openldap/slapd.conf ldap > A file in this package is owned by a non standard group. Filed bug #430206 (together with other guid/uid reports) > openldap-servers.i386: E: executable-marked-as-config-file /etc/rc.d/init.d/ldap > Executables must not be marked as config files because that may > prevent upgrades from working correctly. Fixed > openldap-servers.i386: W: non-conffile-in-etc /etc/openldap/DB_CONFIG.example > A non-executable file in your package is being installed in /etc, but is not > a configuration file. All non-executable files in /etc should be configuration > files. Mark the file as %config in the spec file. > > Move to %doc? Not sure about this. People are used that this file is in /etc. I'll keep it there as %config. > openldap-servers.i386: E: non-standard-dir-perm /var/lib/ldap 0700 > A standard directory should have permission set to 0755. If you get this > message, it means that you have wrong directory permissions in some dirs > included in your package. > > Ok. I'd like to keep it 0700 too, users should not read ldap database files unless admin explicitly allows it > openldap-servers.i386: W: summary-ended-with-dot OpenLDAP servers and related files. > Summary ends with a dot. Fixed > openldap-servers.i386: W: conffile-without-noreplace-flag > /etc/pki/tls/certs/slapd.pem > A configuration file is stored in your package without the noreplace flag. > A way to resolve this is to put the following in your SPEC file: Fixed. > %config(noreplace) /etc/your_config_file_here > > openldap-servers.i386: W: conffile-without-noreplace-flag /etc/rc.d/init.d/ldap > A configuration file is stored in your package without the noreplace flag. > A way to resolve this is to put the following in your SPEC file: > > %config(noreplace) /etc/your_config_file_here Not fixed - init.d/ldap is not config file anymore. > openldap-servers.i386: E: file-in-usr-marked-as-conffile > /usr/share/openldap/migration/migrate_common.ph > A file in /usr is marked as being a configuration file. > Store your conf files in /etc/ instead. > > Why is this marked conf and not in etc? It contains configuration of migration tools. Whole concept of migration tools stored in /usr/share is somewhat weird, see bug #236697. I'll remove the %config for now and try to separate it to standalone package later. > openldap-servers.i386: W: spurious-bracket-in-%pre > The %pre scriptlet contains an "if []" construct without a space before > the "]". > openldap-servers.i386: W: spurious-bracket-in-%preun > The %preun scriptlet contains an "if []" construct without a space before > the "]". Can't find it - %pre/%preun servers has all brackets correct. Rpmlint is maybe confused by '/var/lib/ldap/[a]lock'??? > openldap-servers.i386: W: dangerous-command-in-%pre chown > openldap-servers.i386: W: dangerous-command-in-%post rm > openldap-servers.i386: W: dangerous-command-in-%preun rm This is ok, there is some magic to upgrade database to new version when the package is being updated. > openldap-servers.i386: W: no-reload-entry /etc/rc.d/init.d/ldap > In your init script (/etc/rc.d/init.d/your_file), you don't > have a 'reload' entry, which is necessary for good functionality. To be fixed as part of bug #247012. > openldap-servers.i386: W: incoherent-init-script-name ldap > The init script name should be the same as the package name in lower case, > or one with 'd' appended if it invokes a process by that name. > > What would be broken if this was fixed? It would probably break nothing, but people are used to it. I'd like to keep it as it is. > openldap-servers-sql.i386: W: spurious-executable-perm > /usr/share/doc/openldap-servers-sql-2.4.7/rdbms_depend/timesten/create_schema.sh > /usr/share/doc/openldap-servers-sql-2.4.7/rdbms_depend/timesten/ttcreate_schema.sh > The file is installed with executable permissions, but was identified as one > that probably should not be executable. Verify if the executable bits are > desired, and remove if not. Executability removed. > openldap-servers-sql.i386: W: summary-ended-with-dot OpenLDAP server SQL support > module. > Summary ends with a dot. Fixed. > Should .a files be in a -static subpackage? Is there any .a file? I hope not. If you mean .la files, these are necessary to load openldap modules. I did not find any way how to make modules work without them :(. I fixed the glitches mentioned above and created openldap-2.4.7-4, which has following rpmlint problems, all commented above. openldap.i386: W: obsolete-not-provided compat-openldap openldap-devel.i386: W: file-not-utf8 /usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt openldap-devel.i386: W: file-not-utf8 /usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-acl-model-xx.txt openldap-servers.i386: E: non-standard-gid /etc/openldap/slapd.conf ldap openldap-servers.i386: E: non-readable /etc/openldap/slapd.conf 0640 openldap-servers.i386: E: non-standard-uid /var/lib/ldap ldap openldap-servers.i386: E: non-standard-gid /var/lib/ldap ldap openldap-servers.i386: E: non-standard-dir-perm /var/lib/ldap 0700 openldap-servers.i386: E: non-standard-uid /var/run/openldap ldap openldap-servers.i386: E: non-standard-gid /var/run/openldap ldap openldap-servers.i386: W: spurious-bracket-in-%pre openldap-servers.i386: W: dangerous-command-in-%pre chown openldap-servers.i386: W: dangerous-command-in-%post rm openldap-servers.i386: W: spurious-bracket-in-%preun openldap-servers.i386: W: dangerous-command-in-%preun rm openldap-servers.i386: W: no-reload-entry /etc/rc.d/init.d/ldap openldap-servers.i386: W: incoherent-init-script-name ldap Ok, looks good. Everything out of the ordinary is either fixed or done intentially and documented here. APRROVED. Jon, I separated migrationtools from openldap package and created new package for it. Could you please do a review of the new package? It's quite simple and you already know openldap internals, so it should not be anything complicated. You can find the review request at https://bugzilla.redhat.com/show_bug.cgi?id=435279 Thanks in advance. |