| Summary: | Review Request: myproxy - Manage X.509 Public Key Infrastructure (PKI) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Steve Traylen <steve.traylen> |
| Component: | Package Review | Assignee: | Mattias Ellert <mattias.ellert> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | fedora-package-review, jbasney, k.georgiou, notting |
| Target Milestone: | --- | Flags: | mattias.ellert:
fedora-review+
kevin: fedora-cvs+ |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-10-11 08:42:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 517763, 523972 | ||
| Bug Blocks: | |||
|
Description
Steve Traylen
2009-08-31 17:25:14 UTC
These are updated packages with new myproxy version and also contain some corrections. Spec: http://cern.ch/straylen/rpms/myproxy/myproxy.spec SRPM: http://cern.ch/straylen/rpms/myproxy/myproxy-4.8-1.fc11.src.rpm Updated to require the voms version fixed for bug 523972 Spec: http://cern.ch/straylen/rpms/myproxy/myproxy.spec SRPM: http://cern.ch/straylen/rpms/myproxy/myproxy-4.8-2.fc11.src.rpm A koji build: http://koji.fedoraproject.org/koji/taskinfo?taskID=1694311 $ rpmlint SPECS/myproxy.spec 0 packages and 1 specfiles checked; 0 errors, 0 warnings. $ rpmlint SRPMS/myproxy-4.8-2.fc11.src.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. $ rpmlint RPMS/x86_64/myproxy-* myproxy-devel.x86_64: W: no-documentation myproxy-server.x86_64: W: non-standard-uid /var/lib/myproxy myproxy myproxy-server.x86_64: W: non-standard-gid /var/lib/myproxy myproxy myproxy-server.x86_64: E: non-standard-dir-perm /var/lib/myproxy 0700 myproxy-server.x86_64: W: incoherent-subsys /etc/rc.d/init.d/myproxy-server $prog These are all justified in particular /var/lib/myproxy should not be readable by anyone other than the myproxy user. Steve Hi, All the blocking bugs on this are now resolved and a koji build is now quite possible: http://koji.fedoraproject.org/koji/taskinfo?taskID=1711749 really looking for a review of this. Steve http://cern.ch/straylen/rpms/myproxy/myproxy.spec http://cern.ch/straylen/rpms/myproxy/myproxy-4.8-3.fc11.src.rpm .spec file altered so that it now builds on .el5 as well. http://koji.fedoraproject.org/koji/taskinfo?taskID=1722508 still looking for a review. Steve Fedora review myproxy-4.8-3.fc11.src.rpm 2009-10-07
rpmlint results:
myproxy-devel.x86_64: W: no-documentation
myproxy-server.x86_64: W: non-standard-uid /var/lib/myproxy myproxy
myproxy-server.x86_64: W: non-standard-gid /var/lib/myproxy myproxy
myproxy-server.x86_64: E: non-standard-dir-perm /var/lib/myproxy 0700
myproxy-server.x86_64: W: incoherent-subsys /etc/rc.d/init.d/myproxy-server $prog
8 packages and 0 specfiles checked; 1 errors, 4 warnings.
All fine.
+ OK
- needs some work
+ package name follows naming guidelines
+ spec file name matches package name
+ The package license tag (NCSA and BSD) is a Fedoara approved license
- In addition to the license tags stated - which corresponds to the license
statements in the license files - the following source files contain
license statements saying they are licensed under Apache license v 2.0:
pubcookie.h, safe_id_range_list.[ch], safe_is_path_trusted.[ch]
+ License files in the sources are installed as %doc:
LICENSE, LICENSE.netbsd, LICENSE.sasl
+ Specfile is written in legible English
+ Source matches upstream - and is the latest upstream version.
$ md5sum myproxy-4.8.tar.gz src/myproxy-4.8.tar.gz
85f29d553bfec5fa5f2042440542524f myproxy-4.8.tar.gz
85f29d553bfec5fa5f2042440542524f src/myproxy-4.8.tar.gz
+ Package builds in mock (Fedora-11)
+ BuildRequires are sane
+ Library package calls ldconfig appropiately
+ No bundled system libraries
- The package owns most directories it creates except /etc/grid-security
I know this is a tricky one, since many exernal third party non-Fedora
packages put files there - the IGTF CA packages in particular. But
currently the only package that is in Fedora that owns this directory
is the voms server which the myproxy server does not have a dependency
on.
+ No duplicate files
+ File permissions are sane and all %files sections have %defattr
+ %clean clears buildroot
+ Specfile uses macros consistently
+ Package contains code
+ Documentation is in doc sub package
+ %doc is not runtime essential
+ Headers are in devel
+ No static libraries
+ .so symlink in devel
+ devel requires main with full version
+ No libtool archives
+ Package does not own other's files
+ %install clears buildroot
+ filenames are valid UTF8
So formally mostly OK
Some additional comments:
The %_initddir macro is (as you noticed) not available in RHEL4/5, but
the older (now considered misspelled) %_initrddir macro is. You could
use the following definition to define the new macro to the value of
the old macro if the new macro is not available:
%{!?_initddir: %global _initddir %{_initrddir}}
The %define should be replaced by %global anyway - see
https://fedoraproject.org/wiki/Packaging:Guidelines#.25global_preferred_over_.25define
Since the package name (unlike the globus packages) does not contain
any underscores, the %_name macro is not really needed for this
package and the %name can be used instead.
The main package rpm tags values are aligned on column 16, while the
subpackage tag values are separated by a single space - except for the
Group tag. I can see why you might want to do it differently for the
main and the sub packages, but not really why you then treat the Group
tag differently.
The voms not available yet comment should be removed (the --with-voms
option to configure is already there).
Many of the %attr statements in the %files sections look redundant and
seems to be covered by the %defattr.
There is a missing empty line between two entries in the changelog.
In Fedora 11 the autogenerated requires in the devel package from the
pkg-config dependencies will be sufficient, but if you intend to put
the package in EPEL these will not be present, and there will be no
dependency that will drag in globus-gss-assist-devel package when
installing myproxy-devel. Adding a requires on globus-gss-assist-devel
in the devel package would help.
$ rpm -q --requires -p myproxy-devel-4.8-3.fc11.x86_64.rpm
/usr/bin/pkg-config
libmyproxy.so.4()(64bit)
myproxy = 4.8-3.fc11
pkgconfig(globus-gss-assist) >= 3 < This will not be there in EPEL
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(VersionedDependencies) <= 3.0.3-1
Thanks.
Updated packages include white space changes, change in how initddir is
set for epel, removal of useless _name variable and removal of redundant
%attr flags.
Also:
- Add ASL 2.0 license as well.
- Explicitly add /etc/grid-security to files list
- For .el4/5 build only add globus-gss-assist-devel as requirement
to myproxy-devel package.
i.e everything you mentioned.
Also I swapped %{_sharedstatedir} for %{_var}/lib since the former
is /usr/com on .el5 it seems.
rpmlint is unchanged:
myproxy-devel.x86_64: W: no-documentation
myproxy-server.x86_64: W: non-standard-uid /var/lib/myproxy myproxy
myproxy-server.x86_64: W: non-standard-gid /var/lib/myproxy myproxy
myproxy-server.x86_64: E: non-standard-dir-perm /var/lib/myproxy 0700
myproxy-server.x86_64: W: incoherent-subsys /etc/rc.d/init.d/myproxy-server $prog
a .fc13 and .el5 koji build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1733813
http://koji.fedoraproject.org/koji/taskinfo?taskID=1733819
and the update:
http://cern.ch/straylen/rpms/myproxy/myproxy.spec
http://cern.ch/straylen/rpms/myproxy/myproxy-4.8-4.fc11.src.rpm
Package approved. New Package CVS Request ======================= Package Name: myproxy Short Description: Manage X.509 Public Key Infrastructure Owners: stevetraylen Branches: F-11 F-12 EL-4 EL-5 InitialCC: cvs done. myproxy-4.8-4.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/myproxy-4.8-4.fc12 myproxy-4.8-4.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/myproxy-4.8-4.fc11 myproxy-4.8-4.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/myproxy-4.8-4.el5 myproxy-4.8-5.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/myproxy-4.8-5.el4 myproxy-4.8-4.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. myproxy-4.8-4.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. myproxy-4.8-5.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. |