Bug 1013485 - Re-Review Request: mod_scgi - Apache2 module for the SCGI protocol
Summary: Re-Review Request: mod_scgi - Apache2 module for the SCGI protocol
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Dridi Boukelmoune
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-DEADREVIEW 1013488
TreeView+ depends on / blocked
 
Reported: 2013-09-30 08:12 UTC by Ankur Sinha (FranciscoD)
Modified: 2016-09-25 19:08 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-09-25 19:08:09 UTC
Type: ---
Embargoed:
dridi.boukelmoune: fedora-review?


Attachments (Terms of Use)

Description Ankur Sinha (FranciscoD) 2013-09-30 08:12:59 UTC
Spec URL: http://ankursinha.fedorapeople.org/mod_scgi/mod_scgi.spec
SRPM URL: http://ankursinha.fedorapeople.org/mod_scgi/mod_scgi-1.14-1.fc20.src.rpm

Description: 
The SCGI protocol is a replacement for the Common Gateway
Interface (CGI) protocol. It is a standard for applications
to interface with HTTP servers. It is similar to FastCGI
but is designed to be easier to implement.


Fedora Account System Username: ankursinha

Comment 1 Dridi Boukelmoune 2013-10-16 10:59:28 UTC
Everything seems OK to fedora-review. I'm starting a manual review, at first glance it doesn't seem OK to me.

Comment 2 Dridi Boukelmoune 2013-10-17 07:01:42 UTC
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


Issues:
=======
- Permissions on files are set properly.
  Note: See rpmlint output
  See: http://fedoraproject.org/wiki/Packaging/Guidelines#FilePermissions
- Package contains BR: python2-devel or python3-devel
- Package do not use a name that already exist
  Note: A package already exist with this name, please check
  https://admin.fedoraproject.org/pkgdb/acls/name/mod_scgi
  See:
  https://fedoraproject.org/wiki/Packaging/NamingGuidelines#Conflicting_Package_Names


- Package is licensed with MIT, and CNRI for the code it forked
- Long running packages must be hardened (_hardened_build)
- Package has a %clean section with rm -rf $RPM_BUILD_ROOT
- Package contains a bundled passfd
  The upstream name is actually scgi, the package should maybe be named scgi
  and build sub-packages python-passfd and mod_scgi.
- Does it really run with the specific version of httpd it was built against ?
  Requires: httpd-mmn = %(cat %{_includedir}/httpd/.mmn || echo missing)
- Spec uses unversionned __python macro
- Missing .py and .pyo for quixote_handler and scgi_server
- Patches don't link to upstream bugs/comments/lists and are not justified.
- Spec uses %define instead of %global

===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Development (unversioned) .so files in -devel subpackage, if present.
     Note: Unversioned so-files in private %_libdir subdirectory (see
     attachment). Verify they are not in ld path.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[!]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "Unknown or generated". 9 files have unknown license. Detailed output of
     licensecheck in
     /home/dridi/fedora/_reviews/1013485-mod_scgi/licensecheck.txt
[!]: %build honors applicable compiler flags or justifies otherwise.
[!]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory names).
[x]: Package is named according to the Package Naming Guidelines.
[?]: Package does not generate any conflict.
[?]: Package obeys FHS, except libexecdir and /usr/target.
[?]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[?]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[?]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 51200 bytes in 8 files.
[!]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[!]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: %config files are marked noreplace or the reason is justified.
[x]: Each %files section contains %defattr if rpm < 4.4
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package does not contain duplicates in %files.
[-]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: No %config files under /usr.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

Python:
[?]: Python eggs must not download any dependencies during the build process.
[x]: A package which is used by another package via an egg interface should
     provide egg info.
[!]: Package meets the Packaging Guidelines::Python
[?]: Binary eggs must be removed in %prep

===== SHOULD items =====

Generic:
[!]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: %clean present but not required
[-]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[!]: Final provides and requires are sane (see attachments).
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[!]: Patches link to upstream bugs/comments/lists or are otherwise justified.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[?]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[-]: Packages should try to preserve timestamps of original installed files.
[!]: Spec use %global instead of %define unless justified.
     Note: %define requiring justification: %{!?python_sitearch: %define
     python_sitearch %(%{__python} -c "from distutils.sysconfig import
     get_python_lib; print get_python_lib(1)")}
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Dist tag is present (not strictly required in GL).
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[-]: Fully versioned dependency in subpackages if applicable.
[x]: SourceX tarball generation or download is documented.
[x]: SourceX is a working URL.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package is
     arched.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: mod_scgi-1.14-1.fc18.x86_64.rpm
          mod_scgi-1.14-1.fc18.src.rpm
mod_scgi.x86_64: W: private-shared-object-provides /usr/lib64/python2.7/site-packages/scgi/passfd.so passfd.so()(64bit)
mod_scgi.x86_64: W: non-executable-in-bin /usr/bin/quixote_handler 0644L
mod_scgi.x86_64: E: non-executable-script /usr/bin/quixote_handler 0644L /usr/bin/env
mod_scgi.x86_64: W: non-executable-in-bin /usr/bin/scgi_server 0644L
mod_scgi.x86_64: E: non-executable-script /usr/bin/scgi_server 0644L /usr/bin/env
mod_scgi.x86_64: E: non-standard-executable-perm /usr/lib64/python2.7/site-packages/scgi/passfd.so 0775L
mod_scgi.x86_64: W: python-bytecode-without-source /usr/lib64/python2.7/site-packages/scgi/scgi_server.pyc
mod_scgi.x86_64: W: python-bytecode-without-source /usr/lib64/python2.7/site-packages/scgi/quixote_handler.pyc
2 packages and 0 specfiles checked; 3 errors, 5 warnings.




Rpmlint (installed packages)
----------------------------
# rpmlint mod_scgi
mod_scgi.x86_64: W: private-shared-object-provides /usr/lib64/python2.7/site-packages/scgi/passfd.so passfd.so()(64bit)
mod_scgi.x86_64: W: non-executable-in-bin /usr/bin/quixote_handler 0644L
mod_scgi.x86_64: E: non-executable-script /usr/bin/quixote_handler 0644L /usr/bin/env
mod_scgi.x86_64: W: non-executable-in-bin /usr/bin/scgi_server 0644L
mod_scgi.x86_64: E: non-executable-script /usr/bin/scgi_server 0644L /usr/bin/env
mod_scgi.x86_64: E: non-standard-executable-perm /usr/lib64/python2.7/site-packages/scgi/passfd.so 0775L
mod_scgi.x86_64: W: python-bytecode-without-source /usr/lib64/python2.7/site-packages/scgi/scgi_server.pyc
mod_scgi.x86_64: W: python-bytecode-without-source /usr/lib64/python2.7/site-packages/scgi/quixote_handler.pyc
1 packages and 0 specfiles checked; 3 errors, 5 warnings.
# echo 'rpmlint-done:'



Requires
--------
mod_scgi (rpmlib, GLIBC filtered):
    config(mod_scgi)
    httpd-mmn
    libc.so.6()(64bit)
    libpthread.so.0()(64bit)
    libpython2.7.so.1.0()(64bit)
    python(abi)
    rtld(GNU_HASH)



Provides
--------
mod_scgi:
    config(mod_scgi)
    mod_scgi
    mod_scgi(x86-64)
    mod_scgi.so()(64bit)
    passfd.so()(64bit)



Unversioned so-files
--------------------
mod_scgi: /usr/lib64/httpd/modules/mod_scgi.so
mod_scgi: /usr/lib64/python2.7/site-packages/scgi/passfd.so

Source checksums
----------------
http://python.ca/scgi/releases/scgi-1.14.tar.gz :
  CHECKSUM(SHA256) this package     : 0cde41e4ae58ea666f17f6b1984e8ed8ebaff92cabac4b1b36f86bc47eb18e75
  CHECKSUM(SHA256) upstream package : 0cde41e4ae58ea666f17f6b1984e8ed8ebaff92cabac4b1b36f86bc47eb18e75


Generated by fedora-review 0.5.0 (920221d) last change: 2013-08-30
Command line :/usr/bin/fedora-review -b 1013485
Buildroot used: fedora-18-x86_64

Comment 3 Dridi Boukelmoune 2013-10-17 07:39:06 UTC
I've also just noticed that quixote_handler and scgi_server are in both bindir and python_sitearch.

Comment 4 Ankur Sinha (FranciscoD) 2013-10-19 07:12:39 UTC
(In reply to Dridi Boukelmoune from comment #2)
> Package Review
> ==============
> 
> Legend:
> [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
> [ ] = Manual review needed
> 
> 
> Issues:
> =======
> - Permissions on files are set properly.
>   Note: See rpmlint output
>   See: http://fedoraproject.org/wiki/Packaging/Guidelines#FilePermissions
> - Package contains BR: python2-devel or python3-devel
> - Package do not use a name that already exist
>   Note: A package already exist with this name, please check
>   https://admin.fedoraproject.org/pkgdb/acls/name/mod_scgi
>   See:
>  
> https://fedoraproject.org/wiki/Packaging/
> NamingGuidelines#Conflicting_Package_Names


This is only a re-review. Package name is the same. 

> 
> 
> - Package is licensed with MIT, and CNRI for the code it forked

License corrected.

> - Long running packages must be hardened (_hardened_build)
> - Package has a %clean section with rm -rf $RPM_BUILD_ROOT
> - Package contains a bundled passfd

Removed bundled passfd and removed unrequired bits from the spec.

>   The upstream name is actually scgi, the package should maybe be named scgi
>   and build sub-packages python-passfd and mod_scgi.
> - Does it really run with the specific version of httpd it was built against
> ?
>   Requires: httpd-mmn = %(cat %{_includedir}/httpd/.mmn || echo missing)

It's there from the original spec, so I think yes.

> - Spec uses unversionned __python macro
> - Missing .py and .pyo for quixote_handler and scgi_server
> - Patches don't link to upstream bugs/comments/lists and are not justified.
> - Spec uses %define instead of %global


Updated spec to correct this.

> 
> ===== MUST items =====
> 
> C/C++:
> [x]: Package does not contain kernel modules.
> [x]: Package contains no static executables.
> [x]: Development (unversioned) .so files in -devel subpackage, if present.
>      Note: Unversioned so-files in private %_libdir subdirectory (see
>      attachment). Verify they are not in ld path.
> [x]: Package does not contain any libtool archives (.la)
> [x]: Rpath absent or only used for internal libs.
> 
> Generic:
> [x]: Package is licensed with an open-source compatible license and meets
>      other legal requirements as defined in the legal section of Packaging
>      Guidelines.
> [!]: License field in the package spec file matches the actual license.
>      Note: Checking patched sources after %prep for licenses. Licenses found:
>      "Unknown or generated". 9 files have unknown license. Detailed output of
>      licensecheck in
>      /home/dridi/fedora/_reviews/1013485-mod_scgi/licensecheck.txt
> [!]: %build honors applicable compiler flags or justifies otherwise.
> [!]: Package contains no bundled libraries without FPC exception.
> [x]: Changelog in prescribed format.
> [x]: Sources contain only permissible code or content.
> [-]: Package contains desktop file if it is a GUI application.
> [-]: Development files must be in a -devel package
> [x]: Package uses nothing in %doc for runtime.
> [x]: Package consistently uses macros (instead of hard-coded directory
> names).
> [x]: Package is named according to the Package Naming Guidelines.
> [?]: Package does not generate any conflict.
> [?]: Package obeys FHS, except libexecdir and /usr/target.
> [?]: If the package is a rename of another package, proper Obsoletes and
>      Provides are present.
> [?]: Requires correct, justified where necessary.
> [x]: Spec file is legible and written in American English.
> [-]: Package contains systemd file(s) if in need.
> [x]: Useful -debuginfo package or justification otherwise.
> [x]: Package is not known to require an ExcludeArch tag.
> [?]: Large documentation must go in a -doc subpackage. Large could be size
>      (~1MB) or number of files.
>      Note: Documentation size is 51200 bytes in 8 files.
> [!]: Package complies to the Packaging Guidelines
> [x]: Package successfully compiles and builds into binary rpms on at least
> one
>      supported primary architecture.
> [x]: Package installs properly.
> [x]: Rpmlint is run on all rpms the build produces.
>      Note: There are rpmlint messages (see attachment).
> [x]: If (and only if) the source package includes the text of the license(s)
>      in its own file, then that file, containing the text of the license(s)
>      for the package is included in %doc.
> [x]: Package requires other packages for directories it uses.
> [x]: Package must own all directories that it creates.
> [x]: Package does not own files or directories owned by other packages.
> [x]: All build dependencies are listed in BuildRequires, except for any that
>      are listed in the exceptions section of Packaging Guidelines.
> [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
> [!]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
>      beginning of %install.
> [x]: %config files are marked noreplace or the reason is justified.
> [x]: Each %files section contains %defattr if rpm < 4.4
> [x]: Macros in Summary, %description expandable at SRPM build time.
> [x]: Package does not contain duplicates in %files.
> [-]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
>      work.
> [x]: Package is named using only allowed ASCII characters.
> [x]: No %config files under /usr.
> [x]: Package is not relocatable.
> [x]: Sources used to build the package match the upstream source, as provided
>      in the spec URL.
> [x]: Spec file name must match the spec package %{name}, in the format
>      %{name}.spec.
> [x]: File names are valid UTF-8.
> [x]: Packages must not store files under /srv, /opt or /usr/local
> 
> Python:
> [?]: Python eggs must not download any dependencies during the build process.
> [x]: A package which is used by another package via an egg interface should
>      provide egg info.
> [!]: Package meets the Packaging Guidelines::Python
> [?]: Binary eggs must be removed in %prep
> 
> ===== SHOULD items =====
> 
> Generic:
> [!]: Package has no %clean section with rm -rf %{buildroot} (or
>      $RPM_BUILD_ROOT)
>      Note: %clean present but not required
> [-]: If the source package does not include license text(s) as a separate
> file
>      from upstream, the packager SHOULD query upstream to include it.
> [!]: Final provides and requires are sane (see attachments).
> [x]: Package functions as described.
> [x]: Latest version is packaged.
> [x]: Package does not include license text files separate from upstream.
> [!]: Patches link to upstream bugs/comments/lists or are otherwise justified.
> [-]: Description and summary sections in the package spec file contains
>      translations for supported Non-English languages, if available.
> [?]: Package should compile and build into binary rpms on all supported
>      architectures.
> [-]: %check is present and all tests pass.
> [-]: Packages should try to preserve timestamps of original installed files.
> [!]: Spec use %global instead of %define unless justified.
>      Note: %define requiring justification: %{!?python_sitearch: %define
>      python_sitearch %(%{__python} -c "from distutils.sysconfig import
>      get_python_lib; print get_python_lib(1)")}
> [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
> [x]: Sources can be downloaded from URI in Source: tag
> [x]: Reviewer should test that the package builds in mock.
> [x]: Buildroot is not present
> [x]: Dist tag is present (not strictly required in GL).
> [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
> [-]: Fully versioned dependency in subpackages if applicable.
> [x]: SourceX tarball generation or download is documented.
> [x]: SourceX is a working URL.
> 
> ===== EXTRA items =====
> 
> Generic:
> [x]: Rpmlint is run on all installed packages.
>      Note: There are rpmlint messages (see attachment).
> [x]: Large data in /usr/share should live in a noarch subpackage if package
> is
>      arched.
> [x]: Spec file according to URL is the same as in SRPM.
> 
> 
> Rpmlint
> -------
> Checking: mod_scgi-1.14-1.fc18.x86_64.rpm
>           mod_scgi-1.14-1.fc18.src.rpm
> mod_scgi.x86_64: W: private-shared-object-provides
> /usr/lib64/python2.7/site-packages/scgi/passfd.so passfd.so()(64bit)
> mod_scgi.x86_64: W: non-executable-in-bin /usr/bin/quixote_handler 0644L
> mod_scgi.x86_64: E: non-executable-script /usr/bin/quixote_handler 0644L
> /usr/bin/env
> mod_scgi.x86_64: W: non-executable-in-bin /usr/bin/scgi_server 0644L
> mod_scgi.x86_64: E: non-executable-script /usr/bin/scgi_server 0644L
> /usr/bin/env
> mod_scgi.x86_64: E: non-standard-executable-perm
> /usr/lib64/python2.7/site-packages/scgi/passfd.so 0775L
> mod_scgi.x86_64: W: python-bytecode-without-source
> /usr/lib64/python2.7/site-packages/scgi/scgi_server.pyc
> mod_scgi.x86_64: W: python-bytecode-without-source
> /usr/lib64/python2.7/site-packages/scgi/quixote_handler.pyc
> 2 packages and 0 specfiles checked; 3 errors, 5 warnings.
> 
> 
> 
> 
> Rpmlint (installed packages)
> ----------------------------
> # rpmlint mod_scgi
> mod_scgi.x86_64: W: private-shared-object-provides
> /usr/lib64/python2.7/site-packages/scgi/passfd.so passfd.so()(64bit)
> mod_scgi.x86_64: W: non-executable-in-bin /usr/bin/quixote_handler 0644L
> mod_scgi.x86_64: E: non-executable-script /usr/bin/quixote_handler 0644L
> /usr/bin/env
> mod_scgi.x86_64: W: non-executable-in-bin /usr/bin/scgi_server 0644L
> mod_scgi.x86_64: E: non-executable-script /usr/bin/scgi_server 0644L
> /usr/bin/env
> mod_scgi.x86_64: E: non-standard-executable-perm
> /usr/lib64/python2.7/site-packages/scgi/passfd.so 0775L
> mod_scgi.x86_64: W: python-bytecode-without-source
> /usr/lib64/python2.7/site-packages/scgi/scgi_server.pyc
> mod_scgi.x86_64: W: python-bytecode-without-source
> /usr/lib64/python2.7/site-packages/scgi/quixote_handler.pyc
> 1 packages and 0 specfiles checked; 3 errors, 5 warnings.
> # echo 'rpmlint-done:'
> 
> 
> 
> Requires
> --------
> mod_scgi (rpmlib, GLIBC filtered):
>     config(mod_scgi)
>     httpd-mmn
>     libc.so.6()(64bit)
>     libpthread.so.0()(64bit)
>     libpython2.7.so.1.0()(64bit)
>     python(abi)
>     rtld(GNU_HASH)
> 
> 
> 
> Provides
> --------
> mod_scgi:
>     config(mod_scgi)
>     mod_scgi
>     mod_scgi(x86-64)
>     mod_scgi.so()(64bit)
>     passfd.so()(64bit)
> 
> 
> 
> Unversioned so-files
> --------------------
> mod_scgi: /usr/lib64/httpd/modules/mod_scgi.so

It's an apache module. I don't think it needs to be versioned as usual shared objects.

> mod_scgi: /usr/lib64/python2.7/site-packages/scgi/passfd.so
> 
> Source checksums
> ----------------
> http://python.ca/scgi/releases/scgi-1.14.tar.gz :
>   CHECKSUM(SHA256) this package     :
> 0cde41e4ae58ea666f17f6b1984e8ed8ebaff92cabac4b1b36f86bc47eb18e75
>   CHECKSUM(SHA256) upstream package :
> 0cde41e4ae58ea666f17f6b1984e8ed8ebaff92cabac4b1b36f86bc47eb18e75
> 
> 
> Generated by fedora-review 0.5.0 (920221d) last change: 2013-08-30
> Command line :/usr/bin/fedora-review -b 1013485
> Buildroot used: fedora-18-x86_64

Updated spec/srpms:

http://ankursinha.fedorapeople.org/mod_scgi/mod_scgi.spec
http://ankursinha.fedorapeople.org/mod_scgi/mod_scgi-1.14-1.fc21.src.rpm

Thanks, 
Warm regards,
Ankur

Comment 5 Dridi Boukelmoune 2013-10-21 21:51:05 UTC
You've removed the bundled passfd, but I don't see any alternative. The package should require something that would provide passfd. Since I don't find any, this spec should build both the mod_scgi and python-passfd package, shouldn't it ?

OTOH, /usr/lib64/python2.7/site-packages/scgi/scgi_server.py does
```
from scgi import passfd
```

Is it really bundled then, other packages seem to do the same thing ? Sorry about that, the rest of the package looks good (still needs a closer look).

Comment 6 Ankur Sinha (FranciscoD) 2013-10-22 01:39:18 UTC
(In reply to Dridi Boukelmoune from comment #5)
> You've removed the bundled passfd, but I don't see any alternative. The
> package should require something that would provide passfd. Since I don't
> find any, this spec should build both the mod_scgi and python-passfd
> package, shouldn't it ?
> 
> OTOH, /usr/lib64/python2.7/site-packages/scgi/scgi_server.py does
> ```
> from scgi import passfd
> ```
> 
> Is it really bundled then, other packages seem to do the same thing ? Sorry
> about that, the rest of the package looks good (still needs a closer look).

I looked this up. I found a python-passfd[1], but it's quite different from the implementation provided in scgi. I'd say that scgi is using a specific implementation of passfd(pass file descriptor), and this should be included as an internal library, not one that other applications are supposed to use. 

I think I should build it, include it in the same package (since we don't want yum finding a python-passfd package), but filter it from requires, since it's only to be used by the python scripts in this package. Does that sound OK Dridi?

Thanks,
Ankur

Comment 7 Ankur Sinha (FranciscoD) 2013-10-22 01:39:53 UTC
http://code.google.com/p/python-passfd/ -> A python-passfd module.

Comment 8 Dridi Boukelmoune 2013-10-22 05:12:08 UTC
(In reply to Ankur Sinha (FranciscoD) from comment #7)
> http://code.google.com/p/python-passfd/ -> A python-passfd module.

Yes! This is the project I found, that's why I thought it was a bundled library.

Please submit a new spec and srpm with passfd, and I'll finish the review.

Comment 9 Ankur Sinha (FranciscoD) 2013-10-22 12:46:51 UTC
(In reply to Dridi Boukelmoune from comment #8)
> (In reply to Ankur Sinha (FranciscoD) from comment #7)
> > http://code.google.com/p/python-passfd/ -> A python-passfd module.
> 
> Yes! This is the project I found, that's why I thought it was a bundled
> library.
> 
> Please submit a new spec and srpm with passfd, and I'll finish the review.

Hi Dridi,

New spec/srpm:
http://ankursinha.fedorapeople.org/mod_scgi/mod_scgi.spec
http://ankursinha.fedorapeople.org/mod_scgi/mod_scgi-1.14-1.fc20.src.rpm


* Tue Oct 22 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 1.14-1
- Filter passfd since it's only to be used by the handlers this package
  provides
- Follow debian packaging and break into two separate packages
- http://packages.debian.org/sid/python-scgi
- http://packages.debian.org/sid/alpha/libapache2-mod-scgi 
- Updated as per https://bugzilla.redhat.com/show_bug.cgi?id=1013485#c8


As the changelog says, I've split out the python part which isn't required by httpd. It's a python implementation of SCGI, and should live in a separate package as Debian keeps it.

rpmlint output:
[asinha@ankur-laptop  SRPMS]$ rpmlint  /var/lib/mock/fedora-rawhide-x86_64/result/*.rpm ../SPECS/mod_scgi.spec ./mod_scgi-1.14-1.fc20.src.rpm
cat: /usr/include/httpd/.mmn: No such file or directory
python-scgi.x86_64: E: non-standard-executable-perm /usr/lib64/python2.7/site-packages/scgi/passfd.so 0775L

^^
I've checked and shared objects in /usr/lib64/python2.7/site-packages have a 0755 permission, so this should be OK. 

cat: /usr/include/httpd/.mmn: No such file or directory
cat: /usr/include/httpd/.mmn: No such file or directory
5 packages and 1 specfiles checked; 1 errors, 0 warnings.

python-scgi also does not provide passfd since it's an internally used python module specific to the package.

[asinha@ankur-laptop  SRPMS]$ rpm -qp --provides /var/lib/mock/fedora-rawhide-x86_64/result/python-scgi-1.14-1.fc21.x86_64.rpm                                          python-scgi = 1.14-1.fc21
python-scgi(x86-64) = 1.14-1.fc21


Thanks,
Warm regards,
Ankur

Comment 10 Dridi Boukelmoune 2013-10-25 12:48:10 UTC
I've taken a closer look at the latest submission, and I've found the following issues:

Requires
--------
mod_scgi (rpmlib, GLIBC filtered):
    config(mod_scgi)
    httpd-mmn
    libc.so.6()(64bit)
    rtld(GNU_HASH)

python-scgi (rpmlib, GLIBC filtered):
    libc.so.6()(64bit)
    libpthread.so.0()(64bit)
    libpython2.7.so.1.0()(64bit)
    python(abi)
    rtld(GNU_HASH)

As you can see, autoreq didn't pick python-scgi for the mod_scgi package, so we need to add one. The httpd-mmn version you're enforcing is missing, I get this in the build log:
cat: /usr/include/httpd/.mmn: No such file or directory

Other packages use an _httpd_mmn macro [1] but not all of them actually use it in the Requires tag. This may be a packaging mistake, but I haven't seen guidelines for httpd modules.

Another issue:
sed -i "1d" $RPM_BUILD_ROOT/%{python_sitearch}/scgi/*

Is it necessary to remove the shebangs ? If the scripts can both be used as modules and standalone scripts, it's probably best not to remove them.

Everything else looks fine to me.

Best Regards,
Dridi

[1] http://pkgs.fedoraproject.org/cgit/mod_auth_cas.git/tree/mod_auth_cas.spec
    http://pkgs.fedoraproject.org/cgit/mod_auth_kerb.git/tree/mod_auth_kerb.spec
    http://pkgs.fedoraproject.org/cgit/mod_auth_openid.git/tree/mod_auth_openid.spec

Comment 11 Remi Collet 2013-10-25 13:35:41 UTC
About httpd-mmn, correct solution is


%{!?_httpd_mmn:  %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo missing-httpd-devel)}}
(notice, the previous can probably be omitted, as always provided by recent httpd-develà

Requires: httpd-mmn = %{_httpd_mmn}

@dridi, you're right, this is missing in mod_auth_cas (probably worth a bug report)

About scgi.conf, with apache 2.4 this files have to be splited 
- /etc/httpd/conf.modules.d/10-scgi.conf => only the loadmodule
- /etc/httpd/conf.d/scgi.conf

(and please remove comment about "a2enmod" command which is debian specific)

Comment 12 Dridi Boukelmoune 2013-11-25 15:01:26 UTC
Hi Ankur,

Have you forgotten this review ? We were close to an approval, and it is needed for your other review request (rutorrent).

Dridi

Comment 13 Dridi Boukelmoune 2013-11-25 15:32:07 UTC
@remi I have opened the bug 1034318 for mod_auth_cas.

Comment 14 Ankur Sinha (FranciscoD) 2013-11-25 23:20:03 UTC
(In reply to Dridi Boukelmoune from comment #12)
> Hi Ankur,
> 
> Have you forgotten this review ? We were close to an approval, and it is
> needed for your other review request (rutorrent).
> 
> Dridi

Sorry. Just busy. I'll update the package today. 

Thanks,
Ankur

Comment 15 frollic nilsson 2014-03-04 19:15:41 UTC
I've been looking into the mod_scgi issue for the rutorrent client, 
and dicovered that the mod_proxy_scgi shipped with Fedora, seem to 
work perfectly well as a substitute (or are those two actually the same ?).

I only added ProxyPass /RPC2 scgi://localhost:<port>/ to the 00-proxy.conf in /etc/httpd/conf.modules.d , and rutorrent started working with my local rtorrent.

Comment 16 Ankur Sinha (FranciscoD) 2016-09-25 19:08:09 UTC
Sorry Dridi, I moved to a part of the world where I don't use torrents any more - no point maintaining either rutorrent or the dep :(.


Note You need to log in before you can comment on or make changes to this bug.