Bug 555121

Found the following rpmlint errors:

% rpmlint -iv ../RPMS/x86_64/nss-pam-ldapd-0.7.2-1.fc12.x86_64.rpm 
nss-pam-ldapd.x86_64: I: checking
nss-pam-ldapd.x86_64: W: non-standard-uid /var/run/nslcd nslcd
A file in this package is owned by a non standard user. Standard users are:
root, bin, daemon, adm, lp, mail, news, uucp, gopher, ftp, oprofile, pkiuser,
squid, pvm, named, postgres, mysql, nscd, rpcuser, rpc, netdump, vdsm, rpm,
ntp, mailman, gdm, xfs, mailnull, apache, wnn, smmsp, puppet, tomcat, ldap,
frontpage, nut, beagleindex, tss, piranha, prelude-manager, snortd, condor,
pegasus, webalizer, haldaemon, vcsa, avahi, tcpdump, privoxy, sshd, radvd,
arpwatch, fax, nocpulse, desktop, dbus, jonas, clamav, sabayon, polkituser,
postfix, majordomo, quagga, exim, distcache, radiusd, hsqldb, dovecot, ident,
nobody, qemu, ovirt, saned, nfsnobody.

nss-pam-ldapd.x86_64: E: non-readable /etc/nslcd.conf 0600
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

nss-pam-ldapd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libnss_ldap.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

nss-pam-ldapd.x86_64: W: missing-lsb-keyword Required-Stop in /etc/rc.d/init.d/nslcd
The package contains an init script that does not contain one of the LSB init
script comment block convention keywords that are recommendable for all init
scripts.  If there is nothing to add to a keyword's value, include the keyword
in the script with an empty value.  Note that as of version 3.2, the LSB
specification does not mandate presence of any keywords.

nss-pam-ldapd.x86_64: W: missing-lsb-keyword Default-Stop in /etc/rc.d/init.d/nslcd
The package contains an init script that does not contain one of the LSB init
script comment block convention keywords that are recommendable for all init
scripts.  If there is nothing to add to a keyword's value, include the keyword
in the script with an empty value.  Note that as of version 3.2, the LSB
specification does not mandate presence of any keywords.

nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
The filename of your lock file in /var/lock/subsys/ is incoherent with your
actual init script name. For example, if your script name is httpd, you have
to use 'httpd' as the filename in your subsys directory. It is also possible
that rpmlint gets this wrong, especially if the init script contains
nontrivial shell variables and/or assignments.  These cases usually manifest
themselves when rpmlint reports that the subsys name starts a with '$'; in
these cases a warning instead of an error is reported and you should check the
script manually.

nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
The filename of your lock file in /var/lock/subsys/ is incoherent with your
actual init script name. For example, if your script name is httpd, you have
to use 'httpd' as the filename in your subsys directory. It is also possible
that rpmlint gets this wrong, especially if the init script contains
nontrivial shell variables and/or assignments.  These cases usually manifest
themselves when rpmlint reports that the subsys name starts a with '$'; in
these cases a warning instead of an error is reported and you should check the
script manually.

nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
The filename of your lock file in /var/lock/subsys/ is incoherent with your
actual init script name. For example, if your script name is httpd, you have
to use 'httpd' as the filename in your subsys directory. It is also possible
that rpmlint gets this wrong, especially if the init script contains
nontrivial shell variables and/or assignments.  These cases usually manifest
themselves when rpmlint reports that the subsys name starts a with '$'; in
these cases a warning instead of an error is reported and you should check the
script manually.

nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
The filename of your lock file in /var/lock/subsys/ is incoherent with your
actual init script name. For example, if your script name is httpd, you have
to use 'httpd' as the filename in your subsys directory. It is also possible
that rpmlint gets this wrong, especially if the init script contains
nontrivial shell variables and/or assignments.  These cases usually manifest
themselves when rpmlint reports that the subsys name starts a with '$'; in
these cases a warning instead of an error is reported and you should check the
script manually.

nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
The filename of your lock file in /var/lock/subsys/ is incoherent with your
actual init script name. For example, if your script name is httpd, you have
to use 'httpd' as the filename in your subsys directory. It is also possible
that rpmlint gets this wrong, especially if the init script contains
nontrivial shell variables and/or assignments.  These cases usually manifest
themselves when rpmlint reports that the subsys name starts a with '$'; in
these cases a warning instead of an error is reported and you should check the
script manually.

nss-pam-ldapd.x86_64: W: incoherent-init-script-name nslcd ('nss-pam-ldapd', 'nss-pam-ldapdd')
The init script name should be the same as the package name in lower case, or
one with 'd' appended if it invokes a process by that name.

1 packages and 0 specfiles checked; 1 errors, 10 warnings.

(In reply to comment #1)
> Found the following rpmlint errors:
> 
> % rpmlint -iv ../RPMS/x86_64/nss-pam-ldapd-0.7.2-1.fc12.x86_64.rpm 
> nss-pam-ldapd.x86_64: I: checking
> nss-pam-ldapd.x86_64: W: non-standard-uid /var/run/nslcd nslcd
> A file in this package is owned by a non standard user. Standard users are:
> root, bin, daemon, adm, lp, mail, news, uucp, gopher, ftp, oprofile, pkiuser,
> squid, pvm, named, postgres, mysql, nscd, rpcuser, rpc, netdump, vdsm, rpm,
> ntp, mailman, gdm, xfs, mailnull, apache, wnn, smmsp, puppet, tomcat, ldap,
> frontpage, nut, beagleindex, tss, piranha, prelude-manager, snortd, condor,
> pegasus, webalizer, haldaemon, vcsa, avahi, tcpdump, privoxy, sshd, radvd,
> arpwatch, fax, nocpulse, desktop, dbus, jonas, clamav, sabayon, polkituser,
> postfix, majordomo, quagga, exim, distcache, radiusd, hsqldb, dovecot, ident,
> nobody, qemu, ovirt, saned, nfsnobody.

This appears to be a bug in how rpmlint parses the list of standard UIDs, filed #568498 to get it fixed.

> nss-pam-ldapd.x86_64: E: non-readable /etc/nslcd.conf 0600
> The file can't be read by everybody. If this is expected (for security
> reasons), contact your rpmlint distributor to get it added to the list of
> exceptions for your distro (or add it to your local configuration if you
> installed rpmlint from the source tarball).

If nslcd needs to have a secret such as a password to bind to the directory, it goes in here, so it's not world-readable.  Filed bug #568499 to have that allowed.

> nss-pam-ldapd.x86_64: W: devel-file-in-non-devel-package
> /usr/lib64/libnss_ldap.so
> A development file (usually source code) is located in a non-devel package. If
> you want to include source code in your package, be sure to create a
> development package.

The nsswitch interface doesn't come with header files, but glibc's modules include a .so link so that people who know what to expect can link with them.  If there were a -devel subpackage, this symlink would be the only thing in it, so I don't think we should bother splitting it out.

> nss-pam-ldapd.x86_64: W: missing-lsb-keyword Required-Stop in
> /etc/rc.d/init.d/nslcd
> The package contains an init script that does not contain one of the LSB init
> script comment block convention keywords that are recommendable for all init
> scripts.  If there is nothing to add to a keyword's value, include the keyword
> in the script with an empty value.  Note that as of version 3.2, the LSB
> specification does not mandate presence of any keywords.

The result looks kind of silly to me, but okay, fixing.

> nss-pam-ldapd.x86_64: W: missing-lsb-keyword Default-Stop in
> /etc/rc.d/init.d/nslcd
> The package contains an init script that does not contain one of the LSB init
> script comment block convention keywords that are recommendable for all init
> scripts.  If there is nothing to add to a keyword's value, include the keyword
> in the script with an empty value.  Note that as of version 3.2, the LSB
> specification does not mandate presence of any keywords.

The result looks kind of silly to me, but okay, fixing.

> nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
> The filename of your lock file in /var/lock/subsys/ is incoherent with your
> actual init script name. For example, if your script name is httpd, you have
> to use 'httpd' as the filename in your subsys directory. It is also possible
> that rpmlint gets this wrong, especially if the init script contains
> nontrivial shell variables and/or assignments.  These cases usually manifest
> themselves when rpmlint reports that the subsys name starts a with '$'; in
> these cases a warning instead of an error is reported and you should check the
> script manually.
>
> nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
> The filename of your lock file in /var/lock/subsys/ is incoherent with your
> actual init script name. For example, if your script name is httpd, you have
> to use 'httpd' as the filename in your subsys directory. It is also possible
> that rpmlint gets this wrong, especially if the init script contains
> nontrivial shell variables and/or assignments.  These cases usually manifest
> themselves when rpmlint reports that the subsys name starts a with '$'; in
> these cases a warning instead of an error is reported and you should check the
> script manually.
> 
> nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
> The filename of your lock file in /var/lock/subsys/ is incoherent with your
> actual init script name. For example, if your script name is httpd, you have
> to use 'httpd' as the filename in your subsys directory. It is also possible
> that rpmlint gets this wrong, especially if the init script contains
> nontrivial shell variables and/or assignments.  These cases usually manifest
> themselves when rpmlint reports that the subsys name starts a with '$'; in
> these cases a warning instead of an error is reported and you should check the
> script manually.
> 
> nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
> The filename of your lock file in /var/lock/subsys/ is incoherent with your
> actual init script name. For example, if your script name is httpd, you have
> to use 'httpd' as the filename in your subsys directory. It is also possible
> that rpmlint gets this wrong, especially if the init script contains
> nontrivial shell variables and/or assignments.  These cases usually manifest
> themselves when rpmlint reports that the subsys name starts a with '$'; in
> these cases a warning instead of an error is reported and you should check the
> script manually.
> 
> nss-pam-ldapd.x86_64: W: incoherent-subsys /etc/rc.d/init.d/nslcd $prog
> The filename of your lock file in /var/lock/subsys/ is incoherent with your
> actual init script name. For example, if your script name is httpd, you have
> to use 'httpd' as the filename in your subsys directory. It is also possible
> that rpmlint gets this wrong, especially if the init script contains
> nontrivial shell variables and/or assignments.  These cases usually manifest
> themselves when rpmlint reports that the subsys name starts a with '$'; in
> these cases a warning instead of an error is reported and you should check the
> script manually.

$prog is "nslcd", and constructions which feature it instead of a specific name are already translated by the initscripts package, so this should be okay.

> nss-pam-ldapd.x86_64: W: incoherent-init-script-name nslcd ('nss-pam-ldapd',
> 'nss-pam-ldapdd')
> The init script name should be the same as the package name in lower case, or
> one with 'd' appended if it invokes a process by that name.
> 
> 1 packages and 0 specfiles checked; 1 errors, 10 warnings.    

This would complicate the upgrade cases from when the package used to be named nss-ldapd, I believe without much benefit.  The init script is named after the daemon it starts and stops, which is what we do for daemons like httpd and sshd.

+ package builds in mock (development x86_64).
+ rpmlint is not silent but errors explained/reported as bugs
+ source files match upstream.
010ceaed593ce1a0cbc13b1a3d4b25fd  nss-pam-ldapd-0.7.2.tar.gz
+ package meets naming and packaging guidelines.
+ specfile is properly named, is cleanly written
+ Spec file is written in American English.
+ Spec file is legible.
+ dist tag is present.
+ build root is correct.
+ license is open source-compatible.
+ License text is included in package.
+ %doc files present.
+ BuildRequires are proper.
+ defattr usage is correct.
+ %clean is present.
+ package installed properly.
+ Macro use appears consistent.
+ Compiler flags are honored correctly.
+ Package contains code.
+ no static libraries.
+ no .pc file present.
+ no -devel subpackage exists.
+ no .la files.
+ no translations are available.
+ Does owns the directories it creates.
+ no duplicates in %files.
+ file permissions are appropriate.
+ no scriptlets are used.
+ Not a GUI app.

APPROVED.

New Package CVS Request
=======================
Package Name: nss-pam-ldapd
Short Description: An nsswitch module which uses directory servers
Owners: nalin
Branches: devel F-13
InitialCC:

CVS done (by process-cvs-requests.py).

Packages imported and built.  Thanks, everyone!