Bug 965443

Summary:	Review Request: mod_auth_openid - OpenID authentication for apache
Product:	[Fedora] Fedora	Reporter:	Patrick Uiterwijk <puiterwijk>
Component:	Package Review	Assignee:	Kevin Fenzi <kevin>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	bos, i, kevin, notting, package-review, puiterwijk
Target Milestone:	---	Flags:	kevin: fedora-review+ gwync: fedora-cvs+
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	mod_auth_openid-0.7-2.el6	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2013-06-14 22:26:21 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	825333
Bug Blocks:

Description Patrick Uiterwijk 2013-05-21 09:09:33 UTC

Spec URL: http://puiterwijk.fedorapeople.org//mod_auth_openid.spec
SRPM URL: http://puiterwijk.fedorapeople.org//mod_auth_openid-0.7-1.fc18.src.rpm

Description:
mod_auth_openid is an authentication module for the Apache 2 webserver.
It handles the functions of an OpenID consumer as specified in the OpenID 2.0 specification.

Comment 1 Patrick Uiterwijk 2013-05-21 09:10:56 UTC

I did not create a mock build because libopkele has not yet landed in rawhide.
When that is installed manually, you can build this package.

Comment 2 Patrick Uiterwijk 2013-05-21 09:14:38 UTC

Also, please note that because of the newer version of httpd, this will not currently build on rawhide.
I am currently working with upstream to fix this, but I need this package primarily for the EPEL6 branch.

Comment 3 Patrick Uiterwijk 2013-05-21 09:21:42 UTC

*** Bug 691602 has been marked as a duplicate of this bug. ***

Comment 4 Kevin Fenzi 2013-05-21 18:57:51 UTC

I'll go ahead and review this, look for a review later today.

Comment 5 Kevin Fenzi 2013-05-21 19:24:55 UTC

OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name. 
OK - Spec has consistant macro usage. 
OK - Meets Packaging Guidelines. 
OK - License (MIT)
OK - License field in spec matches
OK - License file included in package
OK - Spec in American English
OK - Spec is legible.
OK - Sources match upstream md5sum:
58cb927121d39557a3593b10db8c960440295fb49cddf8120d6a5b521877ed4c  mod_auth_openid-0.7.tar.gz
58cb927121d39557a3593b10db8c960440295fb49cddf8120d6a5b521877ed4c  mod_auth_openid-0.7.tar.gz.orig

See below - BuildRequires correct
OK - Package has %defattr and permissions on files is good. 
OK - Package has a correct %clean section. 
OK - Package has correct buildroot
OK - Package is code or permissible content. 
OK - Packages %doc files don't affect runtime. 
OK - Package compiles and builds on at least one arch. 
OK - Package has no duplicate files in %files. 
See below - Package doesn't own any directories other packages own. 
OK - Package owns all the directories it creates. 
OK - Package obey's FHS standard (except for 2 exceptions)
See below - No rpmlint output. 
See below - final provides and requires are sane.

SHOULD Items:

OK - Should build in mock. 
OK - Should build on all supported archs
OK - Should function as described. 
OK - Should have dist tag
OK - Should package latest version
OK - Should not use file requires outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin

Issues: 

1. You are missing a
BuildRequires: tidy-devel 
that causes it to not build. 

2. The module is installed with mode 644, but that causes rpm to not be able to 
handle looking for deps on it. Installed with 755, it finds them and you can drop: 

Requires:       libopkele
Requires:       sqlite
Requires:       pcre
Requires:       libcurl

3. You have: 
cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf

Shouldn't that be: 
cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_auth_openid.conf

4. rpmlint says:

mod_auth_openid.src: W: spelling-error Summary(en_US) apache -> Apache, apace
mod_auth_openid.src: W: spelling-error %description -l en_US auth -> auto, Ruth, author
mod_auth_openid.src: W: spelling-error %description -l en_US openid -> opined, opened, open id
mod_auth_openid.src: W: spelling-error %description -l en_US webserver -> web server, web-server, observer
mod_auth_openid.x86_64: W: spelling-error Summary(en_US) apache -> Apache, apace
mod_auth_openid.x86_64: W: spelling-error %description -l en_US auth -> auto, Ruth, author
mod_auth_openid.x86_64: W: spelling-error %description -l en_US openid -> opined, opened, open id
mod_auth_openid.x86_64: W: spelling-error %description -l en_US webserver -> web server, web-server, observer
mod_auth_openid-debuginfo.x86_64: W: spelling-error Summary(en_US) auth -> auto, Ruth, author
mod_auth_openid-debuginfo.x86_64: W: spelling-error Summary(en_US) openid -> opined, opened, open id
mod_auth_openid-debuginfo.x86_64: W: spelling-error %description -l en_US auth -> auto, Ruth, author
mod_auth_openid-debuginfo.x86_64: W: spelling-error %description -l en_US openid -> opined, opened, open id

Useless spelling errors, can be ignored. 

mod_auth_openid.src: E: description-line-too-long C It handles the functions of an OpenID consumer as specified in the OpenID 2.0 specification.
mod_auth_openid.x86_64: E: description-line-too-long C It handles the functions of an OpenID consumer as specified in the OpenID 2.0 specification.

Might change this to: "OpenID 2.0 consumer module for apache web server" ?

mod_auth_openid.x86_64: E: explicit-lib-dependency libcurl
mod_auth_openid.x86_64: E: explicit-lib-dependency libopkele

These would be fixed by above requires being dropped. 

mod_auth_openid.x86_64: E: non-standard-dir-perm /var/lib/mod_auth_openid 0770L

Do you need this perm?

Comment 6 Patrick Uiterwijk 2013-05-21 19:44:29 UTC

BuildRequires and Requires fixed.
Description line changed according to suggestion.

The permission is strict because that directory will be the default location for the OpenID state database, which contains the negotiated secret keys.


New Spec URL: http://puiterwijk.fedorapeople.org/mod_auth_openid.spec
New SRPM URL: http://puiterwijk.fedorapeople.org/mod_auth_openid-0.7-2.fc18.src.rpm

Comment 7 Kevin Fenzi 2013-05-21 21:07:53 UTC

All those changes look good. I see no further blockers, so this package is APPROVED. 

Happy to co-maintain.

Comment 8 Patrick Uiterwijk 2013-05-21 21:12:53 UTC

New Package SCM Request
=======================
Package Name: mod_auth_openid
Short Description: OpenID authentication for apache
Owners: puiterwijk kevin
Branches: el6
InitialCC:

Comment 9 Gwyn Ciesla 2013-05-22 16:43:23 UTC

Git done (by process-git-requests).

Comment 10 Fedora Update System 2013-05-29 22:36:41 UTC

mod_auth_openid-0.7-2.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/mod_auth_openid-0.7-2.el6

Comment 11 Fedora Update System 2013-05-30 00:01:51 UTC

mod_auth_openid-0.7-2.el6 has been pushed to the Fedora EPEL 6 testing repository.

Comment 12 Fedora Update System 2013-06-14 22:26:21 UTC

mod_auth_openid-0.7-2.el6 has been pushed to the Fedora EPEL 6 stable repository.

Comment 13 Christopher Meng 2013-10-23 10:45:41 UTC

Upstream has released 0.8 version.  Can you build it on rawhide now?

Comment 14 Patrick Uiterwijk 2013-10-26 11:26:55 UTC

Package Change Request
======================
Package Name: mod_auth_openid
New Branches: f19 f20
Owners: puiterwijk kevin
InitialCC: 

It got fixed for Apache 2.4, so I can now build it for this

Comment 15 Gwyn Ciesla 2013-10-28 12:02:48 UTC

Git done (by process-git-requests).

f20 already existed.