Bug 567131
| Summary: | Review Request: shibboleth - Web Single Sign On | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Steve Traylen <steve.traylen> |
| Component: | Package Review | Assignee: | Nobody's working on this, feel free to take it <nobody> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | bruno, fedora-package-review, mrunge, notting |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | NotReady | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-04-26 11:33:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Steve Traylen
2010-02-21 19:46:19 UTC
Following comments about one of the patches submitted upstream this contains a replacement patch. It does the alter the packaging in any particular way. Spec URL: http://cern.ch/straylen/rpms/shibboleth/shibboleth.spec SRPM URL: http://cern.ch/straylen/rpms/shibboleth/shibboleth-2.3.1-2.fc13.src.rpm Fedora review shibboleth 2010-02-22 rpmlint results - same as above The no-reload-entry warning can be fixed. The guidelines says: "if the service does not support this, do nothing" http://fedoraproject.org/wiki/Packaging:SysVInitScript#Required_Actions So adding the following would resolve this: reload) ;; The init script also does not support some more of the "required actions" listed at the above reference (though rpmlint is not complaining): condrestart, try-restart, force-reload. You have worked around the missing condrestart in %postun by calling status + restart instead, so it is not critical for the installation. + package named according to guidelines + specfile named after package + package license "ASL 2.0" is Fedora approved + package license matches license statements in the sorces ? The corresponding package in Debian says: "The original upstream source was repackaged to remove the WS-Trust.xsd schema, which was not distributed under a DFSG-free license." Should this be done for Fedora too? The file is strange. The license doesn't seem to grant right to modify, but the comment at the top says "modified copy". The corresponding file on the oasis server seems to have a less questionable license: http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.xsd "This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind." + The license file (LICENSE.txt) is included in %doc + specfile is written in legible English $ cksum shibboleth-sp-2.3.1.tar.gz srpm/shibboleth-sp-2.3.1.tar.gz 432835999 806177 shibboleth-sp-2.3.1.tar.gz 432835999 806177 srpm/shibboleth-sp-2.3.1.tar.gz + sources matches upstream + builds in mock ? Looks like some build requires are missing: configure: WARNING: dot not found - will not generate graphics for doxygen documentation → missing build requires graphviz ? checking sql.h usability... no checking sql.h presence... no checking for sql.h... no → build requires unixODBC should be unixODBC-devel ? checking for FastCGI support... no → there is a build requires on fcgi-devel, but the default is "no" → missing configure flag --with-fastcgi=yes ? checking for Memcached support... no → missing build requires libmemcached-devel ? → missing configure flag --with-memcached=yes (default is "no" here too) ? + ldconfig called appropriately + package owns directories it creates ? package should require xml-common since it installs files in /usr/share/xml + no duplicates in %files + permissions are sane and %files have %defattr + %clean clears buildroot ? The pid directory created in the specfile %{_var}/%{name}/run looks strange, shouldn't it be the other way around: %{_var}/run/%{name}? The %{_var}/run/%{name} directory seems to be created anyway and is the one that gets packaged. The one created in the specfile is not. ? The specfile uses the %{_XXXdir} macros for everything except for /var where %{_var} is used instead of %{_localstatedir} (not really a big problem - if it is one at all) + %doc is not runtime essential + subpackages requires main with fully qualified version + .la files removed + package does not own other's directories + %install clear buildroot + filenames are utf-8 This review is a bit stuck since i have become aware of this: https://bugs.internet2.edu/jira/browse/CPPXT-9 essentially there are known problems with nss linked curl. Steve No news in more than a year - giving back the review. The limitations of nss_compat_ossl are covered here: http://fedoraproject.org/wiki/Nss_compat_ossl Based on comments in https://bugs.internet2.edu/jira/browse/CPPXT-9 , not being able to use file based certificates may be the biggest limitation. It may be that the way to move forward on this, is to start by adding that support to nss_compat_ossl. |