Bug 502919

Summary: Review Request: polkit - PolicyKit Authorization Framework
Product: [Fedora] Fedora Reporter: David Zeuthen <davidz>
Component: Package ReviewAssignee: Matthias Clasen <mclasen>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, mclasen, notting, rdieter
Target Milestone: ---Flags: mclasen: fedora‑review+
tibbs: fedora‑cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-11 01:40:10 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
spec that builds
none
more fixes
none
fixed spec none

Description David Zeuthen 2009-05-27 15:15:03 EDT
Spec URL: http://people.freedesktop.org/~david/polkit.spec
SRPM URL: http://people.freedesktop.org/~david/polkit-0.92-0.git20090527.fc11.src.rpm
Description: PolicyKit Authorization Framework

This depends on eggdbus, see bug 502918.
Comment 1 Matthias Clasen 2009-05-28 01:17:30 EDT
missing BuildRequires: gtk-doc here as well
Comment 2 Matthias Clasen 2009-05-28 01:24:58 EDT
and intltool
Comment 3 Matthias Clasen 2009-05-28 10:52:02 EDT
Created attachment 345772 [details]
spec that builds

Here is a spec file that has the missing BRs added. I'm going to base my review on this.
Comment 4 Matthias Clasen 2009-05-28 11:15:55 EDT
[mclasen@planemask rpmbuild]$ rpmlint /var/lib/mock/fedora-rawhide-x86_64/result/*.rpm
polkit.src: W: non-standard-group Unspecified
polkit.src: W: no-url-tag
polkit.x86_64: W: non-standard-group Unspecified
polkit.x86_64: W: no-url-tag
polkit.x86_64: W: non-conffile-in-etc /etc/pam.d/polkit-1
polkit.x86_64: E: non-standard-dir-perm /var/lib/polkit-1 0700
polkit.x86_64: W: non-conffile-in-etc /etc/polkit-1/nullbackend.conf.d/50-nullbackend.conf
polkit.x86_64: E: setuid-binary /usr/libexec/polkit-agent-helper-1 root 04755
polkit.x86_64: E: non-standard-executable-perm /usr/libexec/polkit-agent-helper-1 04755
polkit.x86_64: E: setuid-binary /usr/bin/pkexec root 04755
polkit.x86_64: E: non-standard-executable-perm /usr/bin/pkexec 04755
polkit.x86_64: W: non-conffile-in-etc /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
polkit.x86_64: W: non-conffile-in-etc /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
polkit-debuginfo.x86_64: W: no-url-tag
polkit-devel.x86_64: W: no-url-tag
polkit-devel.x86_64: W: no-documentation
polkit-docs.noarch: E: devel-dependency polkit-devel
polkit-docs.noarch: W: no-url-tag
5 packages and 0 specfiles checked; 6 errors, 12 warnings.


The no-url and non-standard-group warnings should be easy enough to fix.
The non-conffile-in-etc ones are probably ignorable.
The setuid and executable-perm ones should perhaps get a comment in the %files section, explaining why things are the way they are
Not sure what the devel-dependency error is about, doesn't make sense to me.
Comment 5 Matthias Clasen 2009-05-28 12:08:23 EDT
Created attachment 345787 [details]
more fixes

This spec file has some more fixes, like directory ownership, etc.
Comment 6 Matthias Clasen 2009-05-28 12:09:42 EDT
rpmlint output based on this spec file:

[mclasen@planemask rpmbuild]$ rpmlint /var/lib/mock/fedora-rawhide-x86_64/result/*.rpm
polkit.x86_64: W: non-conffile-in-etc /etc/pam.d/polkit-1
polkit.x86_64: E: non-standard-dir-perm /var/lib/polkit-1 0700
polkit.x86_64: W: non-conffile-in-etc /etc/polkit-1/nullbackend.conf.d/50-nullbackend.conf
polkit.x86_64: E: setuid-binary /usr/libexec/polkit-agent-helper-1 root 04755
polkit.x86_64: E: non-standard-executable-perm /usr/libexec/polkit-agent-helper-1 04755
polkit.x86_64: E: setuid-binary /usr/bin/pkexec root 04755
polkit.x86_64: E: non-standard-executable-perm /usr/bin/pkexec 04755
polkit.x86_64: W: non-conffile-in-etc /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
polkit.x86_64: W: non-conffile-in-etc /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
polkit-devel.x86_64: W: no-documentation
polkit-docs.noarch: E: devel-dependency polkit-devel
5 packages and 0 specfiles checked; 6 errors, 5 warnings.

I see that you already had the comment about permissions, so thats good
Comment 7 Matthias Clasen 2009-05-28 12:26:02 EDT
checklist:

rpmlint: see above
package name: follows tarball name, ok
spec file name: ok
packaging guidelines: ok
license: ok
license field: ok
license file: ok
spec file language: ok
spec legible: ok
upstream sources: ok
buildable: ok
excludearch: n/a
build deps: ok
locales: ok
shared libs: ok
relocatable: n/a
directory ownership: 
  needs to own /usr/lib64/polkit-1/ and the backends/ subdir
  might want to add an explicit dbus dep for /usr/share/dbus-1/ (even though ConsoleKit pulls it in)
duplicate files: ok
file permissions: ok
%clean: ok
macro use: ok
content: ok
large docs: ok
%doc content: ok
headers: ok
static libs: n/a
pc files: ok
shared libs: ok
devel deps: ok
libtool archives: ok
gui apps: n/a
file ownership: ok
%install: must run rm -rf $RPM_BUILD_ROOT
utf8 filenames: ok

I wonder why pkexec is in the main package, but the pkexec policy is in -devel.
Comment 8 David Zeuthen 2009-05-28 13:03:59 EDT
(In reply to comment #7)
> I wonder why pkexec is in the main package, but the pkexec policy is in -devel

No, the pkexec policy is in the main package as 

 org.freedesktop.policykit.exec

the file you are referring to is for the

 org.freedesktop.policykit.example.pkexec.run-frobnicate

action which is used by /usr/bin/pk-example-frobnicate (also in the -devel package). E.g. the example is basically that you can do

 $ pkexec pk-example-frobnicate

and then get a dialog like this

 http://people.freedesktop.org/~david/pk-example-frobnicate.png

instead of e.g. this

 http://people.freedesktop.org/~david/pkexec-3.png
Comment 9 Matthias Clasen 2009-05-28 14:12:50 EDT
Created attachment 345810 [details]
fixed spec

This spec file fixes the points that came up while running through the checklist.
If you are fine with these changes, this can be approved.
Comment 10 David Zeuthen 2009-05-29 13:13:34 EDT
Looks good, thanks.
Comment 11 Matthias Clasen 2009-05-29 13:22:10 EDT
ok, approved
Comment 12 David Zeuthen 2009-05-29 13:29:12 EDT
New Package CVS Request
=======================
Package Name: polkit
Short Description: PolicyKit Authorization Framework
Owners: davidz
Branches: 
InitialCC:
Comment 13 Jason Tibbitts 2009-05-29 14:20:53 EDT
CVS done.
Comment 14 Matthias Clasen 2009-06-11 01:40:10 EDT
packages have been built