Bug 608004

Updated RPMs aligned with the RHEL6 version of SSSD.

Spec URL:
http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd.spec

SRPM URL:
http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd-1.2.1-23.1.el5.src.rpm

Successfully build in Koji for EPEL5 (not built in Brew yet, since the dependencies libtalloc, libtdb, libtevent and libldb are not yet in RHEL. They are also under review right now)

http://koji.fedoraproject.org/koji/taskinfo?taskID=2379691

Updated RPMs include a new patch fixing LDAP chpass functionality (backported from RHEL6)

Spec URL:
http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd.spec

SRPM URL:
http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd-1.2.1-26.el5.src.rpm

OK source files match upstream:
     6ab14a9e76c215a72b407b286d81548318ad1f13  sssd-1.2.1.tar.gz
OK package meets naming and versioning guidelines.
OK specfile is properly named, is cleanly written and uses macros consistently.
OK dist tag is present.
OK build root is correct.
OK license field matches the actual license.
OK license is open source-compatible
OK license text included in package.
OK BuildRequires are proper.
OK compiler flags are appropriate.
OK %clean is present.
OK package builds in mock (EL5/x86_64) with some packages from EPEL.
OK debuginfo package looks complete.
BAD rpmlint is silent. [1]
OK final provides and requires look sane.
OK %check is present and all tests pass.
OK shared libraries are added to the regular linker search paths, ldconfig is
called
OK owns the directories it creates.
OK doesn't own any directories it shouldn't.
OK no duplicates in %files.
OK file permissions are appropriate. (despite rpmlints complaints)
OK correct scriptlets present.
OK %docs
OK headers in devel
OK pkgconfig files in devel (all 5 of them)
OK no libtool .la droppings.
OK not a GUI app.

[1] rpmlint reports the following:

% rpmlint -iv ../RPMS/x86_64/sssd-1.2.1-26.x86_64.rpm 
sssd.x86_64: I: checking
sssd.x86_64: E: non-readable /etc/sssd/sssd.conf 0600
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-local.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_ldap.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: E: non-standard-dir-perm /etc/sssd 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-krb5.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_krb5.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_simple.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_proxy.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-simple.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-standard-dir-perm /var/lib/sss/pipes/private 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: E: non-standard-dir-perm /var/lib/sss/db 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-ldap.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-proxy.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-ipa.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-standard-dir-perm /var/log/sssd 0750
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_ipa.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: E: non-standard-dir-perm /etc/sssd/sssd.api.d 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-ipa.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-krb5.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-ldap.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-local.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-proxy.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-simple.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

1 packages and 0 specfiles checked; 13 errors, 12 warnings.

These all look reasonable to me except perhaps for the config(noreplace) warnings. Can you review errors/warnings?

The config(noreplace) warnings are all intentional. Those are the configuration files for the SSSDConfigAPI, and we want those to be updated whenever the package is updated.

The errors about devel files in non -devel packages are erroneous. They're plugins, not shared libraries.

The non-standard permissions are intentional as well, for security.

Ok, approved.