Bug 1016221 - Review Request: courier-authlib - The Courier authentication library provides authentication services for other Courier applications. [NEEDINFO]
Review Request: courier-authlib - The Courier authentication library provides...
Status: ASSIGNED
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Björn "besser82" Esser
Fedora Extras Quality Assurance
:
: courier-authlib (view as bug list)
Depends On:
Blocks: FE-NEEDSPONSOR
  Show dependency treegraph
 
Reported: 2013-10-07 13:54 EDT by Zvi "Viz" Effron
Modified: 2014-02-15 17:53 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
fedora: fedora‑review?
i: needinfo? (fedora)


Attachments (Terms of Use)

  None (edit)
Description Zvi "Viz" Effron 2013-10-07 13:54:14 EDT
Spec URL: http://fedorapkgs.flippedperspective.com/SPECS/courier-authlib.spec
SRPM URL: http://fedorapkgs.flippedperspective.com/SRPMS/courier-authlib-0.66.0-1.fc19.src.rpm

Description: 

The Courier authentication library provides authentication services for
other Courier applications.

Fedora Account System Username: viz

Notes:

This is my first package, so I need a sponsor

When I ran rpmlint I saw 6 errors.  One was an incorrect-fsf-address which I've already reported to upstream.  The other 5 are non-readable /etc/authlib/auth*rc 0660L.  I believe there are security reasons for not making these files world readable, especially for authmysqlrc, authpgsqlrc, and authldaprc, as these files contain passwords.

I intend to also pick up the courier-imap package (https://bugzilla.redhat.com/show_bug.cgi?id=514105) but figured I'd do courier-authlib first, as courier-authlib is a dependency for courier-imap.

Koji f19 scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=6030607
Koji f20 scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=6030575
Comment 1 Christopher Meng 2013-10-07 18:54:56 EDT
*** Bug 486570 has been marked as a duplicate of this bug. ***
Comment 2 Christopher Meng 2013-10-07 19:51:06 EDT
CCing because of interests.

Marking DUP of before one.

Thoughts:

1. I can see license clarification at the top of the spec, I don't think we need that.

2. I don't know if you can remove :

################################################################################

in the spec? As it's looking funny since this spec is not difficult for reading like kernel.

3. Group:          System Environment/Daemons

Since Fedora doesn't need it as MUST, you can remove that or change to the correct one, I don't think it's a daemon.

4. Remove some tags cause they are obsoleted after Fedora 10:

BuildRoot:
--
rm -rf $RPM_BUILD_ROOT in %install
--
Whole %clean section
--
%defattr(-,root,root,-)

5. I can see old style:

Requires:   %{name} = 0:%{version}-%{release}

Please remove epoch in the version requires:

Requires:   %{name} = %{version}-%{release}

I think we should add isa tag as:

Requires:   %{name}%{?_isa} = %{version}-%{release}

http://fedoraproject.org/wiki/Packaging:Guidelines#BuildRequires_and_.25.7B_isa.7D

6. Sort BR like in alphabetical order:

BuildRequires:  expect
BuildRequires:  libltdl-devel
BuildRequires:  gdbm-devel
BuildRequires:  openldap-devel
BuildRequires:  pam-devel
BuildRequires:  mysql-devel
BuildRequires:  postgresql-devel
BuildRequires:  sqlite3-devel

7. Why this?

MAKEFLAGS= make -j 1 install DESTDIR=$RPM_BUILD_ROOT
MAKEFLAGS= make -j 1 install-configure DESTDIR=$RPM_BUILD_ROOT

Why can't use parallel make?

http://fedoraproject.org/wiki/Packaging:Guidelines#Parallel_make

8. All install should be with -p option to preserve the timestamps.

http://fedoraproject.org/wiki/Packaging:Guidelines#Timestamps

9. The authenumerate.8 page comes from Debian, but do you think it's helpful?

http://sources.debian.net/data/main/c/courier-authlib/0.63.0-6/debian/authenumerate.pod

(pod2man convert is needed if you really want to build from 'source')

10. %changelog:

-New initial RPM release heavily based on source spec file and the below changes

We can see others keeping a good style, so you can leave a space after "-"

11. Other distros have -authdaemon subpackage, would you like keep the same style with them?

12. configure should be with --disable-static

13. mkdir -p $RPM_BUILD_ROOT%{_datadir}
install -m 555 %{name}.sysvinit $RPM_BUILD_ROOT%{_datadir}

First, you should use %doc to mark it as doc, avoid installing them directly.

Second, do we need this under systemd? Any substitution avail?
Comment 3 Zvi "Viz" Effron 2013-10-08 03:44:09 EDT
SPEC: http://fedorapkgs.flippedperspective.com/courier-authlib/0.66.0-2/SPECS/courier-authlib.spec
SRPM: http://fedorapkgs.flippedperspective.com/courier-authlib/0.66.0-2/SRPMS/courier-authlib-0.66.0-2.fc19.src.rpm

Koji f19 scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=6035077
Koji f20 scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=6035070

I think I've addressed all of the points above in a new build (except for #11 which I respond to below).

11. There's no reason we couldn't do a separate -authdaemon package, but it deviates more from the upstream spec files.
It seems that some of the courier programs (e.g. courier-imap) don't need authdaemond, so there may be some interest in forming a separate package to install it.
I'm not sure it warrants deviating further from upstream.  Thoughts?

13.  Currently the upstream provided unit file is just a wrapper around the sysvinit script.
I've changed that in the new build, and have recommended the change to upstream.

Notes:

In the previous bug for this package (https://bugzilla.redhat.com/show_bug.cgi?id=486570) there was a discussion of placing libs being in %{_libdir} instead of %{_libdir}/%{name}.
I brought this up with upstream, and they pointed out than many packages install groups of libraries to %{_libdir}/%{name}.
They also suggested that an ld.so.conf.d entry is not needed because everything that uses those libraries loads them via dlopen.

However, when I tried to build upstream's latest courier-imap package it would fail unless I included the .la files.
So for the time being, I'm including the ld.so.conf file and running ldconfig.
When I take a look at packaging courier-imap, I'll see if I can figure out why the .la files are needed for it to find the shared libs.

This only seems to be a problem when building packages that rely on courier-authlib, though.
Should the ownership of the ld.so.conf file and the runs of ldconfig be placed on the -devel subpackage instead of the base package?
Comment 4 Christopher Meng 2013-10-08 08:12:51 EDT
All 0:%{version}-%{release} should be removed, you didn't...

For 11/12 issues, sorry, I'm not sure, too.

Waiting for others' opinions.
Comment 6 Björn "besser82" Esser 2013-10-19 05:44:15 EDT
taken  ;)
Comment 7 Christopher Meng 2013-11-12 10:53:11 EST
I'd like to see this package get approved.

Bjorn, any progress here?
Comment 8 Zvi "Viz" Effron 2014-02-15 17:53:19 EST
SPEC: http://fedorapkgs.flippedperspective.com/courier-authlib/0.66.1-1/SPECS/courier-authlib.spec
SRPM: http://fedorapkgs.flippedperspective.com/courier-authlib/0.66.1-1/SRPMS/courier-authlib-0.66.1-1.fc19.src.rpm

Koji f19 scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=6534172
Koji f20 scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=6534168
Koji f21 scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=6534161
Koji rawhide scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=6534160

Several of the changes I suggested to upstream were merged into 0.66.1.

Also, I've determined the ld.so.conf file and ldconfig runs do need to be in the base package or the executables won't be able to find the shared libraries.

Note You need to log in before you can comment on or make changes to this bug.