Bug 245919

Summary: Review Request: openvpn-auth-ldap - OpenVPN plugin for LDAP authentication
Product: [Fedora] Fedora Reporter: Matthias Saou <matthias>
Component: Package ReviewAssignee: Kevin Fenzi <kevin>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, kevin, notting, steve
Target Milestone: ---Flags: kevin: fedora-review+
kevin: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-24 15:32:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthias Saou 2007-06-27 12:58:37 UTC 
Spec URL:
http://ftp.es6.freshrpms.net/tmp/extras/openvpn-auth-ldap/openvpn-auth-ldap.spec
SRPM URL:
http://ftp.es6.freshrpms.net/tmp/extras/openvpn-auth-ldap/openvpn-auth-ldap-2.0.3-2.src.rpm

Description:
The OpenVPN Auth-LDAP Plugin implements username/password authentication via
LDAP for OpenVPN 2.x.
Comment 1 Kevin Fenzi 2007-07-06 20:41:44 UTC 
I'd be happy to review this package, but first: 

Since this package needs a copy of the openvpn source to build, wouldn't it be
better if this was just added to the openvpn package as a subpackage? That would
also keep it in sync with the openvpn package version... 
Or is there some reason that wouldn't work?
Comment 2 Matthias Saou 2007-07-14 18:32:23 UTC 
Well, the plugin doesn't seem to need to be updated for each OpenVPN update. The
reason it requires the sources is that no openvpn-devel or similar package
providing original OpenVPN headers exists...
Maybe just ripping out a few headers from the OpenVPN sources would be enough to
get it to build, but upstream seems to assume users install OpenVPN from
sources, thus can simply point the plugin's configure script to the OpenVPN sources.
Comment 3 Steven Pritchard 2007-07-30 17:30:53 UTC 
I'd be OK with making a openvpn-devel package that included whatever a plugin 
needed to compile.  If you can narrow down what we'd need to include for me, 
that would be great.
Comment 4 Jason Tibbitts 2008-01-27 05:32:57 UTC 
Anything happening with this package?  It's been nearly six months since the
last comment.  I'll go ahead and close it out soon if there's no further response.
Comment 5 Matthias Saou 2008-01-28 09:25:59 UTC 
Oops. No, don't close it. I didn't realize I was the blocker here. I'll check
how easy if would be (if possible at all) to have this plugin build against some
devel files split out of openvpn.
Comment 6 Matthias Saou 2008-02-03 14:28:36 UTC 
The "fix" was much easier than I thought. The package only needs a single header
file from the OpenVPN sources : openvpn-plugin.h.
Since the plugin doesn't link against OpenVPN, I've included that header file as
a source of the rpm. It's not the cleanest solution, but I'm not sure it's worth
creating an "openvpn-devel" package just for this.
Comment 7 Kevin Fenzi 2008-02-04 21:17:36 UTC 
Yeah, a devel package for just a single header seems somewhat of a waste. 

Matthias: Can you post updated packages and I can do a formal review?
Comment 8 Matthias Saou 2008-02-05 12:42:16 UTC 
Oops, I didn't realize that this review was so old, that the initial packages
were still in the old location I used to use :-) Updated packages (2.0.3-3) are
here :
http://thias.fedorapeople.org/review/openvpn-auth-ldap/
Comment 9 Kevin Fenzi 2008-02-15 03:54:15 UTC 
OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name.
OK - Spec has consistant macro usage.
OK - Meets Packaging Guidelines.
OK - License (BSD)
OK - License field in spec matches
OK - License file included in package
OK - Spec in American English
OK - Spec is legible.
OK - Sources match upstream md5sum:
03dedc57efc8d4fc2ffe2c014121299d  auth-ldap-2.0.3.tar.gz
03dedc57efc8d4fc2ffe2c014121299d  auth-ldap-2.0.3.tar.gz.1
OK - BuildRequires correct
OK - Package has %defattr and permissions on files is good.
OK - Package has a correct %clean section.
OK - Package has correct buildroot
OK - Package is code or permissible content.
OK - Packages %doc files don't affect runtime.
OK - Package has rm -rf RPM_BUILD_ROOT at top of %install

OK - Package compiles and builds on at least one arch.
OK - Package has no duplicate files in %files.
OK - Package doesn't own any directories other packages own.
OK - Package owns all the directories it creates.
See below - No rpmlint output.
OK - final provides and requires are sane:

SHOULD Items:

OK - Should build in mock.
OK - Should build on all supported archs
OK - Should have dist tag
OK - Should package latest version

Issues:

1. rpmlint says:

openvpn-auth-ldap.x86_64: E: non-readable /etc/openvpn/auth/ldap.conf 0600

I assume the conf file is not readable due to containing the LDAP bind info?

openvpn-auth-ldap.x86_64: W: no-soname
/usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so

This is not a dynamic library, but a dlopened plugin, so ignore this.

Everything looks good here... this package is APPROVED.
Comment 10 Kevin Fenzi 2008-03-22 00:29:50 UTC 
Hey Matthias... any progress here? The package is approved, you just need to
request CVS and build. ;)
Comment 11 Matthias Saou 2008-03-22 19:38:35 UTC 
New Package CVS Request
=======================
Package Name: openvpn-auth-ldap
Short Description: OpenVPN plugin for LDAP authentication
Owners: thias
Branches: F-7 F-8 EL-5
InitialCC:
Cvsextras Commits: yes

(FYI: I'm not requesting EL-4 since check-devel isn't available there)
Comment 12 Kevin Fenzi 2008-03-23 01:18:07 UTC 
You forgot to set fedora-cvs on this request. ;) 

Since I was processing them though, I went ahead and did this one too... 
cvs done.
Comment 13 Matthias Saou 2008-04-24 15:32:14 UTC 
All packages have been rebuilt a while back, so closing now. Thanks all!