Bug 557011
Summary: | Review Request: clamsmtp - A Daemon to virus scan mail using clamav | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nathanael Noblet <nathanael> |
Component: | Package Review | Assignee: | Mamoru TASAKA <mtasaka> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | fedora-package-review, morpheusv, mtasaka, notting |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | Flags: | mtasaka:
fedora-review+
kevin: fedora-cvs+ |
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-08-20 15:48:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nathanael Noblet
2010-01-20 05:28:37 UTC
the rpmlint output and justification clamsmtp.x86_64: W: non-standard-uid /var/run/clamsmtp clamsmtp clamsmtp.x86_64: W: non-standard-uid /var/log/clamsmtp clamsmtp clamsmtp.x86_64: W: non-standard-uid /var/lib/clamsmtp clamsmtp This is so that the clamd instance and clamsmtp are isolated from someone on the system injecting/overriding the file being scanned. clamsmtp.x86_64: W: dangling-relative-symlink /usr/sbin/clamd.clamsmtp ../../usr/sbin/clamd Not sure why it complains here, the symlink works perfectly when installed clamsmtp.x86_64: E: no-status-entry /etc/rc.d/init.d/clamd-clamsmtp clamsmtp.x86_64: W: no-reload-entry /etc/rc.d/init.d/clamd-clamsmtp clamsmtp.x86_64: E: subsys-not-used /etc/rc.d/init.d/clamd-clamsmtp clamsmtp.x86_64: W: no-reload-entry /etc/rc.d/init.d/clamsmtpd These are all pretty much bogus, the clamd initscript is a wrapper around /usr/share/clamav/clamd-wrapper which has all of the parts this is warning about. To create this clamd instance I followed the instructions in the README of the clamav-server package. I debated creating a subpackage for the clamd instance, but decided against it. I guess it is possible that someone would want to install clamsmtp without a pre-setup clamd instance, however they can still do so with this setup. Granted installing this will pull in clamav-server and its dependancies. So that's basically what I'm wondering... should it be split in two? As there is another earlier review request (and as I said in bug 537587 comment 60), once closing this one. Please ask morpheusv to incorporate your spec to his one. *** This bug has been marked as a duplicate of bug 555059 *** re-opening... *** Bug 555059 has been marked as a duplicate of this bug. *** Nathanael, would you upload the new srpm anyway? SRPM: http://www.gnat.ca/clamsmtp-1.10-0.1.fc12.src.rpm Sorry the url was a bit off above... For 0.1: * Notes for clamd-clamsmtp service A Your spec file contains: -------------------------------------------------------- 80 /sbin/service clamd.clamsmtp stop &>/dev/null || : 81 /sbin/chkconfig --del clamd-clamsmtp -------------------------------------------------------- This is not consistent (clamd.clamsmtp vs clamd-clamsmtp). B # service clamd-clamsmtp status won't work -------------------------------------------------------- [root@localhost ~]# service clamd-clamsmtp start Starting clamd.clamsmtp: LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** [ OK ] [root@localhost ~]# service clamd-clamsmtp status clamd.clamsmtp dead but subsys locked -------------------------------------------------------- However: -------------------------------------------------------- [root@localhost ~]# ps auwwx | grep [c]lamd clamsmtp 12151 0.0 16.8 153680 126688 ? Ssl 02:51 0:00 clamd.clamsmtp -c /etc/clamd.d/clamsmtp.conf --pid /var/run/clamd.clamsmtp/clamd.pid -------------------------------------------------------- Note that this ps output says that pid file is /var/run/clamd.clamsmtp/clamd.pid (also check the wrapper file /usr/share/clamav/clamd-wrapper), however on my system there is no /var/run/clamd.clamsmtp/ directory. /usr/share/clamav/clamd-wrapper: -------------------------------------------------------- 29 CLAMD_PIDFILE=/var/run/clamd.${CLAMD_SERVICE}/clamd.pid -------------------------------------------------------- C logrotate config file won't work (as I said in bug 555059) -------------------------------------------------------- [root@localhost ~]# ps auwwx | grep [c]lamd clamsmtp 12151 1.0 17.6 154840 132868 ? Ssl 02:51 0:07 clamd.clamsmtp -c /etc/clamd.d/clamsmtp.conf --pid /var/run/clamd.clamsmtp/clamd.pid [root@localhost ~]# killall -HUP clamd.clamsmtp clamd.clamsmtp: no process found -------------------------------------------------------- The problem here is that the actual binary name exected here is not clamd.clamsmtp. -------------------------------------------------------- [root@localhost ~]# pgrep -f clamd.clamsmtp 12151 [root@localhost ~]# ls -lad /proc/$(pgrep -f clamd.clamsmtp)/exe lrwxrwxrwx. 1 root root 0 Jul 8 03:07 /proc/12151/exe -> /usr/sbin/clamd -------------------------------------------------------- killall searches process by the actual binary name currently being executed (strace says killall reads /proc/XXXX/stat), so clamd.clamsmtp matches nothing. This should be like "pkill -SIGHUP -f clamd.clamsmtp", for example D. # service clamd-clamsmtp stop won't work -------------------------------------------------------- [root@localhost ~]# service clamd-clamsmtp stop Stopping clamd.clamsmtp: [FAILED] [root@localhost ~]# ps auwwx | grep [c]lamd clamsmtp 12151 0.5 17.6 154840 132872 ? Ssl 02:51 0:07 clamd.clamsmtp -c /etc/clamd.d/clamsmtp.conf --pid /var/run/clamd.clamsmtp/clamd.pid -------------------------------------------------------- ! Note The issues B. and D. seems because the directory /var/run/clamd.clamsmtp/ does not exist. Or other solution would be to specify CLAMD_PIDFILE vairable in %{_sysconfdir}/sysconfig/clamd.clamsmtp --------------------------------------------------------- [root@localhost ~]# install -d -m 0750 -o clamsmtp -g root /var/run/clamd.clamsmtp [root@localhost ~]# service clamd-clamsmtp start Starting clamd.clamsmtp: LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** [ OK ] [root@localhost ~]# service clamd-clamsmtp status clamd.clamsmtp (pid 12890) is running... [root@localhost ~]# service clamd-clamsmtp stop Stopping clamd.clamsmtp: [ OK ] [root@localhost ~]# service clamd-clamsmtp status clamd.clamsmtp is stopped --------------------------------------------------------- Other things: * Requires - Some "Requires(postun)" is needed (postun calls /sbin/service) * Macros / symlink -------------------------------------------------------------- ln -s ../..%{_sbindir}/clamd $RPM_BUILD_ROOT/usr/sbin/clamd.clamsmtp -------------------------------------------------------------- - Note that %{_sbindir} = /usr/bin, i.e. clamd binary and clamd.clamsmtp symlink (to be created) are in the same directory. So the following is enough. -------------------------------------------------------------- ln -sf clamd $RPM_BUILD_ROOT%{_sbindir}/clamd.clamsmtp -------------------------------------------------------------- Also please use macros for "basic" directories. - Use macros consistently. For example: -------------------------------------------------------------- 57 mkdir -p $RPM_BUILD_ROOT%{_var}/lib/clamsmtp 85 getent passwd clamsmtp >/dev/null || useradd -r -g mail -d /var/lib/clamsmtp -s ...... 105 %attr(755,clamsmtp,mail) %{_var}/lib/clamsmtp -------------------------------------------------------------- By the way please begin release number with "1", and increment it every time you modify your spec file (when version does not change) ping? So I think everything you pointed out is fixed. SRPM: http://www.gnat.ca/clamsmtp-1.10-0.2.fc13.src.rpm SPEC: http://www.gnat.ca/clamsmtp.spec Let me know if I missed anything. Sorry for late. Again please use <integer>%{?dist} for release number unless the tarball is preversion or so. * Requires(foo) - Please unify Requires(foo) to "/sbin/service" type or "initscripts" style, not use both, ref: https://fedoraproject.org/wiki/Packaging/SysVInitScript#InitscriptScriptlets - Some Requires(pre) is missing: https://fedoraproject.org/wiki/Packaging/UsersAndGroups * Macros - Please use macros consistently. - If you want to use %{__rm} or %{__install}, please also use %{__make}, %{__mkdir_p}, %{__ln_s} or so. Also both "%{__rm}" and rm are used. * service name - Now rpmlint complains: ------------------------------------------------------------ clamsmtp.i686: E: init-script-name-with-dot /etc/rc.d/init.d/clamd.clamsmtp ------------------------------------------------------------ Please check "$ rpmlint -I init-script-name-with-dot" for explanation. ping? SRPM: http://www.gnat.ca/clamsmtp-1.10-1.fc13.src.rpm SPEC: http://www.gnat.ca/clamsmtp.spec Should all be fixed up. rpmlint complains a bit on the binary RPM about a few init script stuff that isn't true as the initscript is using the wrapper. I added a small patch to fix a man page issue (I've emailed upstream...) Okay. ---------------------------------------------------------- This package (clamsmtp) is APPROVED by mtasaka ---------------------------------------------------------- Package Change Request ====================== Package Name: clamsmtpd New Branches: F12 F13 F14 EL5 Owners: gnat Package Change Request ====================== Package Name: clamsmtpd New Branches: F12 F13 F14 EL5 EL6 Owners: gnat Sorry missed the EL6 branch... New Package SCM Request ======================= Package Name: clamsmtpd Short Description: A daemon to virus scan mail using clamav Owners: gnat Branches: F12 F13 F14 EL5 EL6 InitialCC: The summary says "clamsmtp", the SCM request says "clamsmtpd". Which did you actually want? Please correct either the request or the bug summary so that they match. Ah, Package Name should be clamsmtp For now I rewrite git request (CC not needed for me) New Package SCM Request ======================= Package Name: clamsmtp Short Description: A daemon to virus scan mail using clamav Owners: gnat Branches: F12 F13 F14 EL5 EL6 InitialCC: Git done (by process-git-requests). Closing. |