Bug 656483
| Summary: | Review Request: mod_remoteip - Apache Module mod_remoteip | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jonathan Steffan <jonathansteffan> |
| Component: | Package Review | Assignee: | Robert Scheck <redhat-bugzilla> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | dmaphy, fedora-package-review, pada, redhat, steve.cleveland |
| Target Milestone: | --- | Flags: | redhat:
fedora-review?
|
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | StalledSubmitter | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-08-30 17:05:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jonathan Steffan
2010-11-23 20:45:14 UTC
As a note, this is only needed for branches with Apache 2.2.x as it's included with Apache 2.3 as a core module. Okay, here we go:
[ DONE ] MUST: rpmlint must be run on the source rpm and all binary rpms the
build produces. The output should be posted in the review.
$ rpmlint /var/lib/mock/fedora-rawhide-x86_64/result/*.rpm
mod_remoteip.src: W: spelling-error Summary(en_US) remoteip -> remoteness, remote, remonetize
mod_remoteip.src: W: name-repeated-in-summary C mod_remoteip
mod_remoteip.src: W: spelling-error %description -l en_US httpd -> HTTP
mod_remoteip.src: W: spelling-error %description -l en_US hostname -> host name, host-name, hostage
mod_remoteip.src: W: spelling-error %description -l en_US authz -> auth, auth z, autarch
mod_remoteip.src: W: spelling-error %description -l en_US ip -> pi, up, op
mod_remoteip.src: W: spelling-error %description -l en_US config -> con fig, con-fig, configure
mod_remoteip.src: W: spelling-error %description -l en_US inetd -> tined, inept, inert
mod_remoteip.src: W: spelling-error %description -l en_US ident -> dent, indent, rident
mod_remoteip.x86_64: W: spelling-error Summary(en_US) remoteip -> remoteness, remote, remonetize
mod_remoteip.x86_64: W: name-repeated-in-summary C mod_remoteip
mod_remoteip.x86_64: W: spelling-error %description -l en_US hostname -> host name, host-name, hostage
mod_remoteip.x86_64: W: spelling-error %description -l en_US authz -> auth, auth z, autarch
mod_remoteip.x86_64: W: spelling-error %description -l en_US ip -> pi, up, op
mod_remoteip.x86_64: W: spelling-error %description -l en_US config -> con fig, con-fig, configure
mod_remoteip.x86_64: W: spelling-error %description -l en_US inetd -> tined, inept, inert
mod_remoteip.x86_64: W: spelling-error %description -l en_US ident -> dent, indent, rident
mod_remoteip.x86_64: W: unstripped-binary-or-object /usr/lib64/httpd/modules/mod_remoteip.so
mod_remoteip.x86_64: W: no-documentation
2 packages and 0 specfiles checked; 0 errors, 19 warnings.
$
[ OK ] MUST: The package must be named according to the Package Naming
Guidelines.
[ OK ] MUST: The spec file name must match the base package %{name}, in the
format %{name}.spec unless your package has an exemption.
[ ?? ] MUST: The package must meet the Packaging Guidelines.
[ OK ] MUST: The package must be licensed with a Fedora approved license and
meet the Licensing Guidelines.
[ OK ] MUST: The License field in the package spec file must match the actual
license.
[ N/A ] MUST: If (and only if) the source package includes the text of the
license(s) in its own file, then that file, containing the text of
the license(s) for the package must be included in %doc.
[ OK ] MUST: The spec file must be written in American English.
[ OK ] MUST: The spec file for the package MUST be legible.
[ OK ] MUST: The sources used to build the package must match the upstream
source, as provided in the spec URL. Reviewers should use md5sum for
this task. If no upstream URL can be specified for this package,
please see the Source URL Guidelines for how to deal with this.
-> e5266d44cf6ffc84bd4c855f71b2f4fb mod_remoteip.c
-> e5266d44cf6ffc84bd4c855f71b2f4fb mod_remoteip.c.1
[ OK ] MUST: The package MUST successfully compile and build into binary
rpms on at least one primary architecture.
[ N/A ] MUST: If the package does not successfully compile, build or work on
an architecture, then those architectures should be listed in the
spec in ExcludeArch. Each architecture listed in ExcludeArch MUST
have a bug filed in bugzilla, describing the reason that the package
does not compile/build/work on that architecture. The bug number MUST
be placed in a comment, next to the corresponding ExcludeArch line.
[ OK ] MUST: All build dependencies must be listed in BuildRequires, except
for any that are listed in the exceptions section of the Packaging
Guidelines; inclusion of those as BuildRequires is optional. Apply
common sense.
[ N/A ] MUST: The spec file MUST handle locales properly. This is done by
using the %find_lang macro. Using %{_datadir}/locale/* is strictly
forbidden.
[ N/A ] MUST: Every binary RPM package (or subpackage) which stores shared
library files (not just symlinks) in any of the dynamic linker's
default paths, must call ldconfig in %post and %postun.
[ OK ] MUST: Packages must NOT bundle copies of system libraries.
[ N/A ] MUST: If the package is designed to be relocatable, the packager
must state this fact in the request for review, along with the
rationalization for relocation of that specific package. Without
this, use of Prefix: /usr is considered a blocker.
[ OK ] MUST: A package must own all directories that it creates. If it does
not create a directory that it uses, then it should require a package
which does create that directory.
[ OK ] MUST: A Fedora package must not list a file more than once in the
spec file's %files listings. (Notable exception: license texts in
specific situations)
[ OK ] MUST: Permissions on files must be set properly. Executables should
be set with executable permissions, for example. Every %files section
must include a %defattr(...) line.
[ OK ] MUST: Each package must consistently use macros.
-> $RPM_BUILD_ROOT and %{buildroot} is used
[ OK ] MUST: The package must contain code, or permissable content.
[ N/A ] MUST: Large documentation files must go in a -doc subpackage. (The
definition of large is left up to the packager's best judgement, but
is not restricted to size. Large can refer to either size or
quantity).
[ N/A ] MUST: If a package includes something as %doc, it must not affect
the runtime of the application. To summarize: If it is in %doc, the
program must run properly if it is not present.
[ N/A ] MUST: Header files must be in a -devel package.
[ N/A ] MUST: Static libraries must be in a -static package.
[ N/A ] MUST: If a package contains library files with a suffix (e.g.
libfoo.so.1.1), then library files that end in .so (without suffix)
must go in a -devel package.
[ N/A ] MUST: In the vast majority of cases, devel packages must require the
base package using a fully versioned dependency: Requires: %{name}
%{?_isa} = %{version}-%{release}
[ N/A ] MUST: Packages must NOT contain any .la libtool archives, these must
be removed in the spec if they are built.
[ N/A ] MUST: Packages containing GUI applications must include a
%{name}.desktop file, and that file must be properly installed with
desktop-file-install in the %install section. If you feel that your
packaged GUI application does not need a .desktop file, you must put
a comment in the spec file with your explanation.
[ OK ] MUST: Packages must not own files or directories already owned by
other packages. The rule of thumb here is that the first package to
be installed should own the files or directories that other packages
may rely upon. This means, for example, that no package in Fedora
should ever share ownership with any of the files or directories
owned by the filesystem or man package. If you feel that you have a
good reason to own a file or directory that another package owns,
then please present that at package review time.
[ OK ] MUST: All filenames in rpm packages must be valid UTF-8.
[ N/A ] SHOULD: If the source package does not include license text(s) as a
separate file from upstream, the packager SHOULD query upstream to
include it.
[ OK ] SHOULD: The description and summary sections in the package spec file
should contain translations for supported Non-English languages, if
available.
[ OK ] SHOULD: The reviewer should test that the package builds in mock.
[ OK ] SHOULD: The package should compile and build into binary rpms on all
supported architectures.
[ SKIP ] SHOULD: The reviewer should test that the package functions as
described. A package should not segfault instead of running, for
example.
[ N/A ] SHOULD: If scriptlets are used, those scriptlets must be sane. This
is vague, and left up to the reviewers judgement to determine sanity.
[ N/A ] SHOULD: Usually, subpackages other than devel should require the base
package using a fully versioned dependency.
[ N/A ] SHOULD: The placement of pkgconfig(.pc) files depends on their
usecase, and this is usually for development purposes, so should be
placed in a -devel pkg. A reasonable exception is that the main pkg
itself is a devel tool not installed in a user runtime, e.g. gcc or
gdb.
[ N/A ] SHOULD: If the package has file dependencies outside of /etc, /bin,
/sbin, /usr/bin, or /usr/sbin consider requiring the package which
provides the file instead of the file itself.
[ N/A ] SHOULD: your package should contain man pages for binaries/scripts.
If it doesn't, work with upstream to add them where they make sense.
Further things (mixed, must and should):
- "unstripped-binary-or-object" can (and must) be solved by putting the
forgotten/missing line "%setup -q -T -c" after line "%prep".
- Summary "Apache Module mod_remoteip" doesn't say anything. Example for a
proper summary is "Apache module to replace client IP/hostname with that
given by a proxy", however something better than now is a must.
- May you explain where you get the version number from? I was not able to
find a version number anywhere. If unsure use "Version: 0" rather current
"Version: 0.1.20100929". A correct version/release tag is a must.
- If you want to mention a date from a checkout or similar, please note that
it needs to be specified in release tag and by mentioning the type of SCM.
- Recommented to replace "%defattr (-,root,root)" by "%defattr(-,root,root,-)"
- Are you sure that /etc/httpd/conf.d/mod_remoteip.conf is really correct
and not /etc/httpd/conf.d/remoteip.conf, like most other Apache modules are
using? IMHO there is no need for mod_* in the configuration file name.
- Why is the configuration file mentioned previously inline? If somebody is
configuring that module using your default configuration file and if you
are performing a rebuild of the package or a dist-upgrade takes place, rpm
will generate a .rpm(new|old|save) file - even if your default file did not
change but the timestamp of your packaged file is newer, because it is
created during build. I highly recommend here to put the configuration file
default into a separate source file, e.g. "Source1: remoteip.conf".
- Replace "install %{SOURCE0} ." by "install -m 644 %{SOURCE0} ." or even by
a "cp -pf %{SOURCE0} ." to avoid unnecessary "spurious-executable-perm"
warning in -debuginfo subpackage that will show up once first issue in this
list is solved.
- Is "Requires: httpd >= 2.2, httpd < 2.3" really needed? If yes, I would
like to get explained why. From my point of view, the ABI compatibility
is guaranteed via httpd-mmn requirement and 2.3 should have another value
for that field, shouldn't it? Keeping the restriction for buildrequires is
nevertheless okay from my point of view.
Okay...that's it for now.
Ping? Still interested? I've been meaning to look into packaging this module for EPEL 6. Jonathan, still interested? I would be very much interested in this package. We have a lot of sites that rely on IP-based access controls and I'm looking to setup a load balancer. We won't be ready for Apache 2.4 for a long time yet, so this module would be a tremendous help. I'm also available to test it. Jonathan, are you still interested in getting this package into Fedora? Yes. I will work on updates to the spec tomorrow and submit a new revision to address the concerns. Spec URL: http://jsteffan.fedorapeople.org/SPECS/mod_remoteip.spec SRPM URL: http://jsteffan.fedorapeople.org/SRPMS/mod_remoteip-0.1.20100929-1.fc13.src.rpm $ rpmlint /var/lib/mock/fedora-17-x86_64/result/*.rpm mod_remoteip.src: W: spelling-error Summary(en_US) Backport -> Back port, Back-port, Backpacker mod_remoteip.src: W: spelling-error Summary(en_US) remoteip -> remote mod_remoteip.src: W: spelling-error Summary(en_US) httpd -> HTTP mod_remoteip.src: W: name-repeated-in-summary C mod_remoteip mod_remoteip.src: W: spelling-error %description -l en_US httpd -> HTTP mod_remoteip.src: W: spelling-error %description -l en_US balancer -> balance, balances, balanced mod_remoteip.src: W: spelling-error %description -l en_US hostname -> host name, host-name, hostage mod_remoteip.src: W: spelling-error %description -l en_US authz -> author mod_remoteip.src: W: spelling-error %description -l en_US ip -> pi, up, op mod_remoteip.src: W: spelling-error %description -l en_US config -> con fig, con-fig, configure mod_remoteip.src: W: spelling-error %description -l en_US inetd -> dinette mod_remoteip.src: W: spelling-error %description -l en_US ident -> dent, indent, i dent mod_remoteip.src: W: invalid-url Source0: mod_remoteip-0.1.tar.gz mod_remoteip.x86_64: W: spelling-error Summary(en_US) Backport -> Back port, Back-port, Backpacker mod_remoteip.x86_64: W: spelling-error Summary(en_US) remoteip -> remote mod_remoteip.x86_64: W: name-repeated-in-summary C mod_remoteip mod_remoteip.x86_64: W: spelling-error %description -l en_US balancer -> balance, balances, balanced mod_remoteip.x86_64: W: spelling-error %description -l en_US hostname -> host name, host-name, hostage mod_remoteip.x86_64: W: spelling-error %description -l en_US authz -> author mod_remoteip.x86_64: W: spelling-error %description -l en_US ip -> pi, up, op mod_remoteip.x86_64: W: spelling-error %description -l en_US config -> con fig, con-fig, configure mod_remoteip.x86_64: W: spelling-error %description -l en_US inetd -> dinette mod_remoteip.x86_64: W: spelling-error %description -l en_US ident -> dent, indent, i dent mod_remoteip-debuginfo.x86_64: W: spelling-error Summary(en_US) remoteip -> remote mod_remoteip-debuginfo.x86_64: W: spelling-error %description -l en_US remoteip -> remote 3 packages and 0 specfiles checked; 0 errors, 25 warnings. http://koji.fedoraproject.org/koji/taskinfo?taskID=4726162 Got bit by copy and paste: Spec URL: http://jsteffan.fedorapeople.org/SPECS/mod_remoteip.spec SRPM URL: http://jsteffan.fedorapeople.org/SRPMS/mod_remoteip-0.1-2.30078fc0a9git.fc17.src.rpm Robert, Are you still interested in doing this review? As we are getting httpd 2.4 in f18+ this is not as critical for Fedora but I'll doing builds for f16, f17, el5 and el6 as they will remain httpd 2.2. Thanks for your review. Fifteen packages in Fedora 17 have a httpd configuration file that begins with "mod_" so there is certainly precedent for keeping the "mod_" prefix in the name. Ken, I disagree. The package is intended for EPEL only as per description. I will try to do the package review these days. Sorry for the delay. (In reply to comment #12) > Ken, I disagree. The package is intended for EPEL only as per description. I > will try to do the package review these days. Sorry for the delay. Respectfully I disagree as well. As Comment 10 indicates, F17 still ships httpd 2.2. Additionally the EL+EPEL repos still contain eight (el5) and seven (el6) unique packages that fit the "mod_" convention. There's also something to be said for keeping in line with upstream, since they ship a "mod_remoteip.conf" file. I finally don't get your issue. I am fine with /etc/httpd/conf.d/remoteip.conf as long as it's on a branch having Apache < 2.3. That is at least how IMHO most of the separate Apache modules are packaged or were packaged for years now. And if the packager wants /etc/httpd/conf.d/mod_remoteip.conf while Apache < 2.3, it is also fine to me. I can not detect anything conflicting in the packaging draft: http://fedoraproject.org/wiki/PackagingDrafts/ApacheHTTPModules (In reply to comment #14) > I finally don't get your issue. I am fine with > /etc/httpd/conf.d/remoteip.conf > as long as it's on a branch having Apache < 2.3. That is at least how IMHO > most > of the separate Apache modules are packaged or were packaged for years now. > And > if the packager wants /etc/httpd/conf.d/mod_remoteip.conf while Apache < 2.3, > it is also fine to me. I can not detect anything conflicting in the > packaging draft: > http://fedoraproject.org/wiki/PackagingDrafts/ApacheHTTPModules I'm fine with either mod_remoteip.conf or remoteip.conf. My preference is mod_remoteip.conf but it's a simple change to make it remoteip.conf in %install. I'm also fine with adding a Conflicts: httpd >= 2.3 if that will enforce for you I will not be building for anything greater then httpd 2.2. After building and installing http://jsteffan.fedorapeople.org/SRPMS/mod_remoteip-0.1-2.30078fc0a9git.fc17.src.rpm on CentOS 6.3 I'm getting the following segfault: # gdb --batch --eval-command='bt full' --exec=/usr/sbin/httpd --core=/var/run/httpd/core.httpd.1715 [New Thread 1715] Missing separate debuginfo for Try: yum --disablerepo='*' --enablerepo='*-debug*' install /usr/lib/debug/.build-id/8e/312e8752e924c26341440ec3a032bc0e20cba3 [Thread debugging using libthread_db enabled] Core was generated by `/usr/sbin/httpd'. Program terminated with signal 11, Segmentation fault. #0 0x00007feb7a9b1a4b in apr_ipsubnet_test (ipsub=0x7feb7d0fc968, sa=0x7feb7d56dab8) at network_io/unix/sockaddr.c:1007 1007 else if (IN6_IS_ADDR_V4MAPPED((struct in6_addr *)sa->ipaddr_ptr)) { #0 0x00007feb7a9b1a4b in apr_ipsubnet_test (ipsub=0x7feb7d0fc968, sa=0x7feb7d56dab8) at network_io/unix/sockaddr.c:1007 No locals. #1 0x00007feb78f62131 in find_allowdeny (r=0x7feb7d56bf68, a=0x7feb7d0fc8a8, method=<value optimized out>) at /usr/src/debug/httpd-2.2.15/modules/aaa/mod_authz_host.c:239 ap = <value optimized out> mmask = 1 i = <value optimized out> gothost = <value optimized out> remotehost = <value optimized out> #2 0x00007feb78f6221b in check_dir_access (r=0x7feb7d56bf68) at /usr/src/debug/httpd-2.2.15/modules/aaa/mod_authz_host.c:295 method = 0 ret = 403 a = 0x7feb7d0fc798 #3 0x00007feb7beceab0 in ?? () No symbol table info available. #4 0x0000000000000000 in ?? () No symbol table info available. What can be done to prevent this SegFault? By the way, I've disabled IPv6 on the affected machine: # grep IPV6 /etc/sysconfig/network NETWORKING_IPV6=no # cat /etc/modprobe.d/local.conf install net-pf-10 /bin/true blacklist net-pf-10 install ipv6 /bin/true blacklist ipv6 This neither affects Fedora anymore nor RHEL 7 since they both ship with newer httpd which includes mod_remoteip. Close this issue? We have switched to RHEL 7 which includes httpd 2.4 and mod_remoteip, so I vote for closing this issue. |