Bug 739323

Summary: Review Request: mozilla-https-everywhere - HTTPS/HSTS enforcement extension for Mozilla browsers
Product: [Fedora] Fedora Reporter: Russell Golden <niveusluna>
Component: Package ReviewAssignee: Kevin Fenzi <kevin>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: alreay1, notting, package-review, tomspur
Target Milestone: ---Flags: kevin: fedora-review+
gwync: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: mozilla-https-everywhere-1.0.3-2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-18 22:08:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1154321    
Bug Blocks:    

Description Russell Golden 2011-09-17 16:56:41 UTC
Spec URL: mozilla-https-everywhere.spec
SRPM URL: https://niveusluna.org/kahiru/repo/fedora/free/SRPMS/mozilla-https-everywhere-1.0.1-1.fc15.src.rpm
Description: I'm just gonna copy and paste this from upstream, if that's okay.

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

Comment 1 Russell Golden 2011-09-17 16:58:38 UTC
...How the heck did that happen?

Spec URL: https://niveusluna.org/kahiru/repo/fedora/free/SRPMS/mozilla-https-everywhere.spec

Sorry about that, could've sworn I pasted the URL properly...

Comment 2 Al Reay 2011-09-18 23:40:01 UTC
Hi Russell, I'm not a proven packager so I can't sponsor or approve your package but I'll cheerfully do an informal review for you.

* just a niggle, the srpm link isn't fully formed with respect to the https certificate, to avoid wget/curl download errors make sure that it's got a 'www' prefix to match the servername as per the cert.

* I think your use of explicit 'requires' tag is OK here because automatic dependency resolution by RPM won't work as you're using it only to see if a directory structure exists (as opposed to using a library or binary)

Nice simple package, I think you'll have no problems getting this one through.

Good luck
Al

Comment 3 Russell Golden 2011-09-19 00:14:24 UTC
Huh. On my machine, neither wget nor curl complains about my cert.

When I made it, I was under the impression the cert would work for both my SLD and the subdomain www. I only entered the subdomain because StartCom wouldn't give me a cert otherwise.

Thanks for the informal review!

Comment 4 Thomas Spura 2011-09-20 08:41:48 UTC
Hmm, there is a draft of packaging such extensions a bit differently here:
https://fedoraproject.org/wiki/User:Kalev/MozillaExtensionsDraft

So I further adjusted the noscript extension to follow that guideline a bit.
Maybe you want to have a look at the new macros, I'm using there. I think, it's a bit clearer than just inst_dir and symlink_dir:
http://pkgs.fedoraproject.org/gitweb/?p=mozilla-noscript.git;a=blob;f=mozilla-noscript.spec;h=2b16f6814b6f6b4ae9e351a0cbe46e2734b14e8e;hb=HEAD

Not an issue, while reviewing this, more a RFC. Maybe that draft or the current packaging can still be enhanced :)

Comment 5 Russell Golden 2011-09-20 16:36:31 UTC
Hm. Draft or no, that makes the SRPM *much* more readable. Thanks for the info.

Note: This extension is not packaged by upstream with an extension UUID, but with https-everywhere. Every Mozilla browser currently packaged by Fedora can handle a name instead of a UUID, so it shouldn't be a problem. Just wanted to give a heads up in case someone wondered what was going on.

Comment 7 Kevin Fenzi 2011-10-08 20:55:23 UTC
I'll go ahead and look at reviewing this. Expect a review later today hopefully... 

Do you have any packages you have pre-reviewed? Or are you planning on submitting any other packages at this time?

Comment 8 Russell Golden 2011-10-08 21:04:09 UTC
No, and no.

In case it's needed, here's the link for the latest SRPM:
https://niveusluna.org/files/repo/fedora/free/SRPMS/mozilla-https-everywhere-1.0.3-1.fc15.src.rpm

The spec file is still at the same location. It doesn't change except for version number.

Comment 9 Kevin Fenzi 2011-10-08 22:04:06 UTC
OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name. 
OK - Spec has consistant macro usage. 
OK - Meets Packaging Guidelines. 
OK - License (GPLv2+)
OK - License field in spec matches
OK - License file included in package
OK - Spec in American English
OK - Spec is legible.
OK - Sources match upstream md5sum:
05ea1355a3f2e91b1ca10dd8bb88a7ea  ./https-everywhere-1.0.3.xpi
05ea1355a3f2e91b1ca10dd8bb88a7ea  ./https-everywhere-1.0.3.xpi.orig
OK - BuildRequires correct
OK - Package has %defattr and permissions on files is good. 
OK - Package has a correct %clean section. 
OK - Package has correct buildroot
OK - Package is code or permissible content. 
OK - Packages %doc files don't affect runtime. 
OK - Package has rm -rf RPM_BUILD_ROOT at top of %install

OK - Package compiles and builds on at least one arch. 
OK - Package has no duplicate files in %files. 
OK - Package doesn't own any directories other packages own. 
OK - Package owns all the directories it creates. 
OK - Package obey's FHS standard (except for 2 exceptions)
See below - No rpmlint output. 
OK - final provides and requires are sane.

SHOULD Items:

OK - Should build in mock. 
OK - Should build on all supported archs
OK - Should function as described. 
OK - Should have sane scriptlets. 
OK - Should have dist tag
OK - Should package latest version
OK - Should not use file requires outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin

Issues: 

1. rpmlint says: 
mozilla-https-everywhere.noarch: W: spelling-error %description -l en_US unencrypted -> encrypted
mozilla-https-everywhere.noarch: W: incoherent-version-in-changelog 1.0.1-1 ['1.0.3-1.fc17', '1.0.3-1']
mozilla-https-everywhere.src: W: spelling-error %description -l en_US unencrypted -> encrypted

You need to fix the changelog. The others can be ignored. 

So, the only minor issue is the changelog entry. You can fix that before you import. 

This package is APPROVED. 
I will go ahead and sponsor you. 

You can continue the process from: 
https://fedoraproject.org/wiki/PackageMaintainers/Join#Add_Package_to_Source_Code_Management_.28SCM.29_system_and_Set_Owner
Please feel free to ask me if you have any questions or run into problems. 

Welcome to the packagers!

Comment 10 Russell Golden 2011-10-09 01:37:23 UTC
Spec file updated to include changelogs.

New SRPM: https://niveusluna.org/kahiru/repo/fedora/free/RPMS/noarch/mozilla-https-everywhere-1.0.3-2.fc15.noarch.rpm

No idea if this is needed for CVS or not. If so, it's here. If not, people can hit delete on their emails. :)

Comment 11 Russell Golden 2011-10-09 01:49:27 UTC
New Package SCM Request
=======================
Package Name: mozilla-https-everywhere
Short Description: HTTPS/HSTS enforcement extension for Mozilla browsers
Owners: niveusluna
Branches: f14 f15 f16 el5 el6
InitialCC:

Comment 12 Gwyn Ciesla 2011-10-09 17:50:19 UTC
Git done (by process-git-requests).

Comment 13 Fedora Update System 2011-10-09 20:01:25 UTC
mozilla-https-everywhere-1.0.3-2.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/mozilla-https-everywhere-1.0.3-2.fc14

Comment 14 Fedora Update System 2011-10-09 20:03:04 UTC
mozilla-https-everywhere-1.0.3-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/mozilla-https-everywhere-1.0.3-2.fc16

Comment 15 Fedora Update System 2011-10-09 20:04:28 UTC
mozilla-https-everywhere-1.0.3-2.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/mozilla-https-everywhere-1.0.3-2.fc15

Comment 16 Fedora Update System 2011-10-09 20:06:39 UTC
mozilla-https-everywhere-1.0.3-2.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/mozilla-https-everywhere-1.0.3-2.el5

Comment 17 Fedora Update System 2011-10-09 20:06:42 UTC
mozilla-https-everywhere-1.0.3-2.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/mozilla-https-everywhere-1.0.3-2.el6

Comment 18 Fedora Update System 2011-10-10 02:49:48 UTC
mozilla-https-everywhere-1.0.3-2.fc15 has been pushed to the Fedora 15 testing repository.

Comment 19 Fedora Update System 2011-10-18 22:08:12 UTC
mozilla-https-everywhere-1.0.3-2.fc15 has been pushed to the Fedora 15 stable repository.

Comment 20 Fedora Update System 2011-10-18 22:12:29 UTC
mozilla-https-everywhere-1.0.3-2.fc14 has been pushed to the Fedora 14 stable repository.

Comment 21 Fedora Update System 2011-10-19 04:34:42 UTC
mozilla-https-everywhere-1.0.3-2.fc16 has been pushed to the Fedora 16 stable repository.

Comment 22 Fedora Update System 2011-11-02 00:06:26 UTC
mozilla-https-everywhere-1.0.3-2.el5 has been pushed to the Fedora EPEL 5 stable repository.

Comment 23 Fedora Update System 2011-11-02 00:08:50 UTC
mozilla-https-everywhere-1.0.3-2.el6 has been pushed to the Fedora EPEL 6 stable repository.