Bug 608004
Summary: | Review Request: sssd - System Security Services Daemon | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Stephen Gallagher <sgallagh> |
Component: | Package Review | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED NEXTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.0 | CC: | dswegen, notting, pm-rhel, rcritten |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-10-06 13:27:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 188273, 579840 |
Description
Stephen Gallagher
2010-06-25 11:50:36 UTC
Updated RPMs aligned with the RHEL6 version of SSSD. Spec URL: http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd.spec SRPM URL: http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd-1.2.1-23.1.el5.src.rpm Successfully build in Koji for EPEL5 (not built in Brew yet, since the dependencies libtalloc, libtdb, libtevent and libldb are not yet in RHEL. They are also under review right now) http://koji.fedoraproject.org/koji/taskinfo?taskID=2379691 Updated RPMs include a new patch fixing LDAP chpass functionality (backported from RHEL6) Spec URL: http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd.spec SRPM URL: http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd-1.2.1-26.el5.src.rpm OK source files match upstream: 6ab14a9e76c215a72b407b286d81548318ad1f13 sssd-1.2.1.tar.gz OK package meets naming and versioning guidelines. OK specfile is properly named, is cleanly written and uses macros consistently. OK dist tag is present. OK build root is correct. OK license field matches the actual license. OK license is open source-compatible OK license text included in package. OK BuildRequires are proper. OK compiler flags are appropriate. OK %clean is present. OK package builds in mock (EL5/x86_64) with some packages from EPEL. OK debuginfo package looks complete. BAD rpmlint is silent. [1] OK final provides and requires look sane. OK %check is present and all tests pass. OK shared libraries are added to the regular linker search paths, ldconfig is called OK owns the directories it creates. OK doesn't own any directories it shouldn't. OK no duplicates in %files. OK file permissions are appropriate. (despite rpmlints complaints) OK correct scriptlets present. OK %docs OK headers in devel OK pkgconfig files in devel (all 5 of them) OK no libtool .la droppings. OK not a GUI app. [1] rpmlint reports the following: % rpmlint -iv ../RPMS/x86_64/sssd-1.2.1-26.x86_64.rpm sssd.x86_64: I: checking sssd.x86_64: E: non-readable /etc/sssd/sssd.conf 0600 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-local.conf 0400 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_ldap.so A development file (usually source code) is located in a non-devel package. If you want to include source code in your package, be sure to create a development package. sssd.x86_64: E: non-standard-dir-perm /etc/sssd 0700 A standard directory should have permission set to 0755. If you get this message, it means that you have wrong directory permissions in some dirs included in your package. sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-krb5.conf 0400 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_krb5.so A development file (usually source code) is located in a non-devel package. If you want to include source code in your package, be sure to create a development package. sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_simple.so A development file (usually source code) is located in a non-devel package. If you want to include source code in your package, be sure to create a development package. sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_proxy.so A development file (usually source code) is located in a non-devel package. If you want to include source code in your package, be sure to create a development package. sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-simple.conf 0400 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). sssd.x86_64: E: non-standard-dir-perm /var/lib/sss/pipes/private 0700 A standard directory should have permission set to 0755. If you get this message, it means that you have wrong directory permissions in some dirs included in your package. sssd.x86_64: E: non-standard-dir-perm /var/lib/sss/db 0700 A standard directory should have permission set to 0755. If you get this message, it means that you have wrong directory permissions in some dirs included in your package. sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-ldap.conf 0400 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-proxy.conf 0400 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-ipa.conf 0400 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). sssd.x86_64: E: non-standard-dir-perm /var/log/sssd 0750 A standard directory should have permission set to 0755. If you get this message, it means that you have wrong directory permissions in some dirs included in your package. sssd.x86_64: E: non-readable /etc/sssd/sssd.api.conf 0400 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_ipa.so A development file (usually source code) is located in a non-devel package. If you want to include source code in your package, be sure to create a development package. sssd.x86_64: E: non-standard-dir-perm /etc/sssd/sssd.api.d 0700 A standard directory should have permission set to 0755. If you get this message, it means that you have wrong directory permissions in some dirs included in your package. sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.conf A configuration file is stored in your package without the noreplace flag. A way to resolve this is to put the following in your SPEC file: %config(noreplace) /etc/your_config_file_here sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-ipa.conf A configuration file is stored in your package without the noreplace flag. A way to resolve this is to put the following in your SPEC file: %config(noreplace) /etc/your_config_file_here sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-krb5.conf A configuration file is stored in your package without the noreplace flag. A way to resolve this is to put the following in your SPEC file: %config(noreplace) /etc/your_config_file_here sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-ldap.conf A configuration file is stored in your package without the noreplace flag. A way to resolve this is to put the following in your SPEC file: %config(noreplace) /etc/your_config_file_here sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-local.conf A configuration file is stored in your package without the noreplace flag. A way to resolve this is to put the following in your SPEC file: %config(noreplace) /etc/your_config_file_here sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-proxy.conf A configuration file is stored in your package without the noreplace flag. A way to resolve this is to put the following in your SPEC file: %config(noreplace) /etc/your_config_file_here sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-simple.conf A configuration file is stored in your package without the noreplace flag. A way to resolve this is to put the following in your SPEC file: %config(noreplace) /etc/your_config_file_here 1 packages and 0 specfiles checked; 13 errors, 12 warnings. These all look reasonable to me except perhaps for the config(noreplace) warnings. Can you review errors/warnings? The config(noreplace) warnings are all intentional. Those are the configuration files for the SSSDConfigAPI, and we want those to be updated whenever the package is updated. The errors about devel files in non -devel packages are erroneous. They're plugins, not shared libraries. The non-standard permissions are intentional as well, for security. Ok, approved. |