Bug 451153
Summary: | Review Request: mapbender - Geospatial portal for OGC OWS architectures | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Balint Cristian <cristian.balint> |
Component: | Package Review | Assignee: | Lubomir Rintel <lkundrak> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | fedora-package-review, j, kwizart, lkundrak, notting, rhbugs |
Target Milestone: | --- | Flags: | lkundrak:
fedora-review+
kevin: fedora-cvs+ |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-01-11 16:01:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Balint Cristian
2008-06-13 01:34:32 UTC
This package is very similar to squirrelmail. These rpmlint are waveable, 640/root-apache since it contain sensitive info: root - edit/write. apache - must read it only. else - cannot read. mapbender.noarch: E: non-standard-gid /etc/mapbender/digitize_default.conf apache mapbender.noarch: E: non-readable /etc/mapbender/digitize_default.conf 0640 mapbender.noarch: E: non-standard-gid /etc/mapbender/poi.conf apache mapbender.noarch: E: non-readable /etc/mapbender/poi.conf 0640 mapbender.noarch: E: non-standard-gid /etc/mapbender/wfs_default.conf apache mapbender.noarch: E: non-readable /etc/mapbender/wfs_default.conf 0640 mapbender.noarch: E: non-standard-gid /etc/mapbender/mapbender.conf apache mapbender.noarch: E: non-readable /etc/mapbender/mapbender.conf 0640 mapbender.noarch: E: non-standard-gid /etc/mapbender/gazetteerSQL.conf apache mapbender.noarch: E: non-readable /etc/mapbender/gazetteerSQL.conf 0640 mapbender.noarch: E: non-standard-gid /etc/mapbender/session.conf apache mapbender.noarch: E: non-readable /etc/mapbender/session.conf 0640 I'm not sure what the point of the %post scriptlet is. That output doesn't go anywhere; I'm not even sure yum displays things like that, and it certainly won't be seen for things like kickstart installs. It's best to put that information into a README.Fedora file and install it as %doc. Is there anything which restricts access to localhost by default? The conf just sets up the alias but I don't see any access restrictions. Since this program comes up with a default password (according to the information in the %post scriptlet, at least), it would be very bad for it to allow access from the network by default. Spec URL: http://openrisc.rdsor.ro/mapbender.spec SRPM URL: http://openrisc.rdsor.ro/mapbender-2.4.5-2.fc9.src.rpm Updated to fullfill requests. * Sat Jul 05 2008 Balint Cristian <rezso> - 2.4.5-2 - allow connections only from localhost by defult - create README.fedora doc Spec URL: http://openrisc.rdsor.ro/mapbender.spec SRPM URL: http://openrisc.rdsor.ro/mapbender-2.5-1.fc11.src.rpm Re-Updated to latest upstream. Just a few minor issues/notes: 1.) The license seems to be GPL 2 or newer, therefore GPLv2+, please correct the License tag 2.) What is %contentdir for? You do: %define contentdir /var/www mkdir -p -m0755 %{buildroot}%{contentdir}/html Yet you do not seem to be putting anything there, nor is it included in the resulting package. 3.) This does not look very nice: set +x for f in `find . -type f` ; do if file $f | grep -q ISO-8859 ; then I'm not sure whether it's safe to rely on libmagic, since as far as I know (I may be wrong as well..), it identifies the charset used by the first few (kilo?) bytes, not reading the whole file. Why not convert all files -- it may be that iconving all files may be even faster than, or at least comparable, with calling file against them. set -x iconv -f ISO-8859-1 -t UTF-8 $f > ${f}.tmp && \ mv -f ${f}.tmp $f I'm not sure about use of && here. I think you should break the build if iconv fails instead of leaving a stale .tmp file. Also, a good habit is to preserve timestamp -- touch -r $f $f.tmp before mv. set +x fi if file $f | grep -q CRLF ; then I'd say you don't have to call file here as well. It is safe to remove all \r-s. set -x sed -i -e 's|\r||g' $f set +x fi done set -x Given none of these are serious enough to warrant a blocker, the package is APPROVED (In reply to comment #5) > Just a few minor issues/notes: > > 1.) The license seems to be GPL 2 or newer, therefore GPLv2+, please correct > the License tag > > 2.) What is %contentdir for? > > You do: > > %define contentdir /var/www > mkdir -p -m0755 %{buildroot}%{contentdir}/html - Temporary macro to allow /var/www path. Since this package deal a lot with /var/www path, and will in the future if this piece of software will expand. RPM really miss many of some handfull macros, this is not the first in my opinion. > Yet you do not seem to be putting anything there, nor is it included in the > resulting package. > > 3.) This does not look very nice: > > set +x > for f in `find . -type f` ; do > if file $f | grep -q ISO-8859 ; then > > I'm not sure whether it's safe to rely on libmagic, since as far as I know (I > may be wrong as well..), it identifies the charset used by the first few > (kilo?) bytes, not reading the whole file. Why not convert all files -- it may > be that iconving all files may be even faster than, or at least comparable, > with calling file against them. > > set -x > iconv -f ISO-8859-1 -t UTF-8 $f > ${f}.tmp && \ > mv -f ${f}.tmp $f - Yes true. However if file is not ISO-8859-1 and try force convert to UTF-8 than rpmlint will yale, so its safe for now. ~99% is always ISO-8859-2. - I am upset all time when upstream not follow UTF-8 so this jhack is usefull, especialy rpmlint will allways signal if something. > I'm not sure about use of && here. I think you should break the build if iconv > fails instead of leaving a stale .tmp file. - Hmm. Never encounter such issue. However this combination never failed on any of my packages untill now. > > Also, a good habit is to preserve timestamp -- touch -r $f $f.tmp before mv. > > set +x > fi > if file $f | grep -q CRLF ; then - Will take care in next spin %{version}+1 > > I'd say you don't have to call file here as well. It is safe to remove all > \r-s. > > set -x > sed -i -e 's|\r||g' $f > set +x > fi > done > set -x - Will proceed in next spin %{version}+1 However these 'sanity' bits was suggested by Patrice Dumas and Mamoru Tasaka, my very first reviewers. I never investigated deeply how can be improved, i just always do it on any of my packages. > Given none of these are serious enough to warrant a blocker, the package is > > APPROVED New Package CVS Request ======================= Package Name: mapbender Short Description: Geospatial portal for OGC OWS architectures Owners: rezso Branches: F-8 F-9 F-10 devel F-8 branches are no longer accepted. Please do remember to fix the License before import. cvs done for the rest. |