Bug 245760
Summary: | Review Request: engine_pkcs11 - A PKCS11 engine for use with OpenSSL | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matt Anderson <mra> |
Component: | Package Review | Assignee: | Jason Tibbitts <j> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | fedora-package-review, notting |
Target Milestone: | --- | Flags: | j:
fedora-review+
kevin: fedora-cvs+ |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 0.1.3-4.fc7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-08-17 16:14:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matt Anderson
2007-06-26 14:50:57 UTC
Based on the feedback michael provided to my libp11 package I've made some changes to this spec file and srpm. Spec URL: http://free.linux.hp.com/~mra/rpms/engine_pkcs11/engine_pkcs11.spec SRPM URL: http://free.linux.hp.com/~mra/rpms/engine_pkcs11/engine_pkcs11-0.1.3-2.fc7.src.rpm This still lists OpenSSL as a requires since the whole point of this package is to work with OpenSSL via their engine plug-in framework. rpmlint has no issues with this rpm, and it has been tested on i386 and x86_64. rpmlint is truly silent on this one. The Source0: issue applies here as well, and you probably want the same string: http://www.opensc-project.org/files/%{name}/%{name}-%{version}.tar.gz "BSD" is fine for the license. The two-clause variant is closer to the X11 license but either is fine. There's no reason that I can see for the openssl dependency; rpm finds the dependency on libcrypto.so.6 by itself. This package places a file in /usr/lib/engines, but I don't see any package in the distribution which owns that directory. Review: * source files match upstream: bf6f49203912cb77f92db55c146117312abf9244ba49e78649e4a7da22448e54 engine_pkcs11-0.1.3.tar.gz * package meets naming and versioning guidelines. * specfile is properly named, is cleanly written and uses macros consistently. * summary is OK. * description is OK. * dist tag is present. * build root is OK. * license field matches the actual license. * license is open source-compatible. * license text included package. * latest version is being packaged. * BuildRequires are proper. * compiler flags are appropriate. * %clean is present. * package builds in mock (development, x86_64). * package installs properly * debuginfo package looks complete. * rpmlint is silent. X final provides and requires: engine_pkcs11.so()(64bit) engine_pkcs11 = 0.1.3-2.fc8 = libcrypto.so.6()(64bit) libp11.so.0()(64bit) X openssl * %check is not present; no test suite upstream. I have no means to test this package. (I don't really even understand what it does.) * no shared libraries are added to the regular linker search paths. X nothing owns /usr/lib/engines. * doesn't own any directories it shouldn't. * no duplicates in %files. * file permissions are appropriate. * no scriptlets present. * code, not content. * documentation is relatively large, the the package is only 50K, so no -docs subpackage is necessary. * %docs are not necessary for the proper functioning of the package. * no headers. * no pkgconfig files. * no static libraries. * no libtool .la files. I added the directory ownership and updated the Source0 as per your suggestions and uploaded the updated files here: Spec URL: http://free.linux.hp.com/~mra/rpms/engine_pkcs11/engine_pkcs11.spec SRPM URL: http://free.linux.hp.com/~mra/rpms/engine_pkcs11/engine_pkcs11-0.1.3-3.fc7.src.rpm The only thing I didn't do was remove the openssl dependency. I might be wrong about this, but the library exists to interface with openssl via its engine framework. If a different SSL implementation was used instead could that meet the libcrypto.so.6 dependency? OK, I can buy the openssl dependency. However, when I look at openssl itself, I note that it has several engines already present, but in /usr/lib/openssl/engines, not /usr/lib/engines. Perhaps this package should place engine_pkcs11.so in the former directory (and not own it) rather than what it's currently doing. I've updated the spec file to use the /usr/lib/openssl/engines directory, thanks for catching that. This also has a fixed Source0 with the /files folder added to the URL. Lastly I included > 0.9.6 in the OpenSSL requires, since that is when the engine support was added. The following spec file and srpm built cleanly on i386 and x86_64 and produce no errors with rpmlint. Spec URL: http://free.linux.hp.com/~mra/rpms/engine_pkcs11/engine_pkcs11.spec SRPM URL: http://free.linux.hp.com/~mra/rpms/engine_pkcs11/engine_pkcs11-0.1.3-4.fc7.src.rpm OK, this looks good to me. APPROVED New Package CVS Request ======================= Package Name: engine_pkcs11 Short Description: A PKCS11 engine for use with OpenSSL Owners: mra Branches: F-7 InitialCC: tibbs.edu cvs done. I talked with tibbs on IRC, and he didn't really want to get cc's on this package, so I left that off. Is there some reason this isn't in F-7 yet? It looks like it failed to build because a dependency had not yet been pushed to F-7, and indeed libp11 is in testing and has not been pushed to the stable F-7 repository. Do you need assistance getting these packages built and pushed? engine_pkcs11-0.1.3-4.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. engine_pkcs11-0.1.3-4.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. |