Bug 321691

Summary: Review Request: shorewall-common - Common files for the shorewall firewall compilers
Product: [Fedora] Fedora Reporter: Jonathan Underwood <jonathan.underwood>
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, notting, robert
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-07 23:28:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 247057, 321731    

Description Jonathan Underwood 2007-10-07 00:32:01 UTC 
Spec URL: http://jgu.fedorapeople.org/shorewall-common.spec
SRPM URL: http://jgu.fedorapeople.org/shorewall-common-4.0.4-1.fc7.src.rpm

Description: 
The Shoreline Firewall, more commonly known as "Shorewall", is a
Netfilter (iptables) based firewall that can be used on a dedicated
firewall system, a multi-function gateway/ router/server or on a
standalone GNU/Linux system. 

The version 3 release series of Shorewall is already available in Fedora. With the release of version 4, upstream has added a new perl based rule compiler and completely changed the way the package is distributed. The shell-based and perl-based compilers are each distributed as individual tarballs, and files required to run shorewall with either compiler are packaged as a third tarball, shorewall-common. 

The shorewall-perl compilers is suggested for new
installed systems and shorewall-shell is provided for backwards
compatibility and smooth legacy system upgrades because shorewall perl
is not fully compatible with all legacy configurations.

This package contains the files required by shorewall-perl and
shorewall-shell to run. You need to install the shorewall-perl and/or
shorewall-shell package(s) for a functional firewall.

shorewall-common is also required by shorewall-lite, a light-weight Shorewall version that will run compiled firewall scripts generated on a system with one of the compiler packages installed.
Comment 1 Jonathan Underwood 2007-10-07 00:36:40 UTC 
$ rpmlint -i ../RPMS/noarch/shorewall-common-4.0.4-1.fc7.noarch.rpm 
shorewall-common.noarch: W: service-default-enabled /etc/rc.d/init.d/shorewall
The service is enabled by default after "chkconfig --add"; for security
reasons, most services should not be. Use "-" as the default runlevel in the
init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword
to fix this if appropriate for this service.

-->This one is bogus - the startup script has an empty entry for Default-Start.
Removing the Default-Start entry makes the warning go away, but it is fine to
have an empty one there.



shorewall-common.noarch: E: subsys-not-used /etc/rc.d/init.d/shorewall
While your daemon is running, you have to put a lock file in
/var/lock/subsys/. To see an example, look at this directory on your
machine and examine the corresponding init scripts.

--> Also bogus - shorewall creates a lock file itself, there's no need for the
startup script to generate one.


shorewall-common.noarch: W: incoherent-init-script-name shorewall
The init script name should be the same as the package name in lower case,
or one with 'd' appended if it invokes a process by that name.

--> Also bogus - this goes away if I rename the startup script shorewall-common,
which is an awkward name.
Comment 2 Jonathan Underwood 2007-10-07 00:40:07 UTC 
Added current shorewall package owner to cc. 

Robert - I'm not trying to usurp your package here, but I thought that because
upstream has changed so much, and because Id done the packaging work for other
reasons, it would be useful to put them into BZ for review. I am more than happy
if you want to continue owning this package. Am also happy to co-maintain
shorewall with you, if you like.
Comment 3 Jonathan Underwood 2007-10-07 00:48:50 UTC 
$ rpmlint -i ../RPMS/noarch/shorewall-perl-4.0.4-1.fc7.noarch.rpm 
shorewall-perl.noarch: E: useless-explicit-provides perl(Shorewall::Ports)
This package provides 2 times the same capacity. It should only provide it
once.

--> This is bogus, and is caused by a problem with the way rpm generates
automatic Provides. The package contains a perl script (buildports.pl) which
parses /etc/services and /etc/protocols to generate a module Ports.pm. This is
done at package build time. Because buildports.pl contains the text "package
Shorewall::Ports;" which it echo's out to Ports.pm during generation, RPM
believes that both Ports.pm and buildports.pl provide Shorewall::Ports. This
could be solved by not including buildports.pl in the package, but this file has
utility for people who make local mods to /etc/services or /etc/protocols.

shorewall-perl.noarch: W: empty-%pre
shorewall-perl.noarch: W: empty-%post
shorewall-perl.noarch: W: empty-%preun

--> These 3 can be ignored.
Comment 4 Jonathan Underwood 2007-10-07 00:49:45 UTC 
Crap, please ignore Comment #3 - this was meant to go into the BZ for
shorewall-perl (BZ #321711).
Comment 5 Jonathan Underwood 2007-10-07 23:28:31 UTC 
Following discussion with Robert, and also on #fedora-devel, consensus seems to
be that it is better to have a single package with all tarballs. Therefore, I'm
closing this review, and discussion of the multitarball package will continue in
BZ #321731
Comment 6 Harald Hoyer 2007-10-08 07:22:12 UTC 
> This one is bogus - the startup script has an empty entry for Default-Start.
> Removing the Default-Start entry makes the warning go away, but it is fine to
> have an empty one there.

correct