Bug 1021719 - Review Request: opensmtpd - Minimalistic but powerful smtp server
Review Request: opensmtpd - Minimalistic but powerful smtp server
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Kevin Fenzi
Fedora Extras Quality Assurance
:
: 825415 (view as bug list)
Depends On: 1123184
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-21 17:42 EDT by Denis Fateyev
Modified: 2014-07-25 00:53 EDT (History)
6 users (show)

See Also:
Fixed In Version: opensmtpd-5.4.2p1-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-12 17:50:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
kevin: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Denis Fateyev 2013-10-21 17:42:00 EDT
Spec URL: http://www.fateyev.com/RPMS/Fedora19/testing/opensmtpd.spec
SRPM URL: http://www.fateyev.com/RPMS/Fedora19/testing/SRPMS/opensmtpd-5.3.3p1-1.201310101759.fc19.denf.src.rpm
Description: OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined by RFC 5321, with some additional standart extensions.
Fedora Account System Username: dfateyev

There is OpenSMTPD mail server new package review request. Started out of dissatisfaction with other implementations, OpenSMTPD nowadays is a fairly complete SMTP implementation. OpenSMTPD is primarily developed by Gilles Chehade, Eric Faurot and Charles Longeau, with contributions from various OpenBSD hackers. OpenSMTPD is part of the OpenBSD Project. The software is freely usable and re-usable by everyone under an ISC license.

Rawhide scratch builds for this package are available here: https://koji.fedoraproject.org/koji/taskinfo?taskID=6085177

There are small minor issues left: "libexecdir" detection and usage (currently `%{_libexecdir}/opensmtpd/smtpd` instead of `%{_libexecdir}/opensmtpd` is used during build), and a wrong path substitution in `smtpd.conf` (need to replace `/etc/opensmtpd/aliases` with `/etc/aliases` after package install). They're portable-specific issues and hopefully will be fixed shortly. Alternatively, I can write a small patch.
Comment 1 Christopher Meng 2013-10-21 21:55:58 EDT
1. Remove Buildroot/%{__rm} -rf %{buildroot}/%clean

2. RPM can handle paths well, you should use make but not %{__make} now, same like %{__rm}/%{__mv}/%{__ln_s}

3. Ship %doc INSTALL is useless IMO.

4. %{_mandir}/man5/*.5.gz
%{_mandir}/man8/*.8.gz

-->

%{_mandir}/man5/*.5*
%{_mandir}/man8/*.8*

5. Requires(pre):	%{_sbindir}/groupadd
Requires(pre):	%{_sbindir}/useradd

-->

Requires(pre):	shadow-utils

6. Only a few packages still ship sysv scripts

http://pkgs.org/search/?keyword=-sysvinit&search_on=name&distro=80

Do we really need it?

7. [rpmaker@fab SPECS]$ rpm -E %_localstatedir 
/var

8. install with -p option to preserve timestamp.

9. Do we need a systemd socket file like:

[Unit]
Description=OpenSMTPD Socket

[Socket]
ListenStream=/var/run/smtpd.sock

[Install]
WantedBy=sockets.target

10. Do we need to set conflicts with other packages in systemd service file like 

http://pkgs.fedoraproject.org/cgit/postfix.git/tree/postfix.service ?
Comment 2 Matthias Runge 2013-10-22 02:46:08 EDT
*** Bug 825415 has been marked as a duplicate of this bug. ***
Comment 3 Denis Fateyev 2013-10-22 18:20:53 EDT
Thanks for reviewing. 1,3,4,7,8 are fixed, packages and updated spec are available on the same location from the first post.

2: I haven't found any recommendations in guidelines. Do these macros violate any rules or anything?

5: As for `useradd/groupadd` stuff, I've seen it in postfix and exim packages. I think this dependency is obvious but I can add it anyway if needed (?)

6: Why not? It won't be installed automatically, and moreover, the packaging guidelines mention and don't forbid them.

9: As for ListenStream: perhaps, but I'm not sure whether this behavior fully supported due OpenSMTPD portable nature (needs more investigation). I provide more common systemd file.

10: It's already there, please see `opensmtpd.service` in source RPM provided.
Comment 4 Christopher Meng 2013-10-22 22:23:15 EDT
> 2: I haven't found any recommendations in guidelines. Do these macros
> violate any rules or anything?

No. But now we dont use it. As these are often used in old RPM, I will have a special feeling when seeing these. BTW using 2 chars rm instead of 6 chars rm macro can help save your place. 

> 5: As for `useradd/groupadd` stuff, I've seen it in postfix and exim
> packages. I think this dependency is obvious but I can add it anyway if
> needed (?)

They belong to shadow-utils, so should be required. You can use any type you want. I prefer shadow style.

> 6: Why not? It won't be installed automatically, and moreover, the packaging
> guidelines mention and don't forbid them.

Hmm.. Welcome ideas from others. 

> 9: As for ListenStream: perhaps, but I'm not sure whether this behavior
> fully supported due OpenSMTPD portable nature (needs more investigation). I
> provide more common systemd file.

Ok. I will ask some systemd upstream folks.


> 10: It's already there, please see `opensmtpd.service` in source RPM
> provided.

Sorry, I shouldn't paste this line.
Comment 5 Denis Fateyev 2013-10-23 18:14:41 EDT
Introduced `shadow-utils` and `chkconfig` in Requires section (since `alternatives` is located in `chkconfig`). Changed macro binary calls to direct calls. 

Updated spec: http://www.fateyev.com/RPMS/Fedora19/testing/opensmtpd.spec
Source RPM built against the latest snapshot: http://www.fateyev.com/RPMS/Fedora19/testing/SRPMS/opensmtpd-5.3.3p1-1.201310231634.fc19.denf.src.rpm

>> 9: As for ListenStream: perhaps, but I'm not sure whether this behavior
>> fully supported due OpenSMTPD portable nature (needs more investigation). I
>> provide more common systemd file.

> Ok. I will ask some systemd upstream folks.

I think OpenSMTPD core developers now using ".sock" mostly for internal purposes. Really doubt it would listen to anything coming there from 3rd party. Actually, systemd service file now provides all basic functionality for the service management.
Comment 6 Kevin Fenzi 2013-10-28 21:45:25 EDT
I'll try and review and look at sponsoring in the next few days. ;)
Comment 7 Kevin Fenzi 2013-10-29 16:07:08 EDT
Will try and get you a formal review soon. :)
Comment 8 Kevin Fenzi 2013-10-29 16:15:39 EDT
some general quick questions: 

- Why a prerelease? Is there some compelling thing in the prerelease thats needed over the last stable?

- Prerelease versioning is a bit off. See: 
https://fedoraproject.org/wiki/Packaging:NamingGuidelines#Pre-Release_packages
Something like: 
Version:        5.3.4p1
Release:        0.1%{?prerelease:.%{prerelease}}%{?dist}
?

- Since this is a long running process, might be worth adding hardening flags? See:
http://fedoraproject.org/wiki/Packaging:Guidelines#PIE
Comment 9 Denis Fateyev 2013-11-01 07:35:57 EDT
Quick updates:

>  Why a prerelease? Is there some compelling thing in the prerelease thats needed over the last stable?

The thing is the latest stable caused a lot of portable issues and required some patches - that's the reason why I'm trying to avoid it and not to package it. All the things needed are integrated into recent snapshots. The next stable release which comes in the next week or two will provide all that functionality out of box - when it comes I'll switch the "prerelease support" off, and planning to package only stable versions in the future. Meanwhile, working with prerelease builds allows to prepare valid spec which meets all the requirements by then.

> Since this is a long running process, might be worth adding hardening flags?

I'll investigate it (according my latest e-mail answer). Seems there is an issue in Opensmtpd portable layer, just filled a bug.
Comment 10 Denis Fateyev 2013-11-19 08:16:31 EST
Updates: prerelease tag assigned as suggested; "libexecdir" detection/usage and path substitution were corrected in upstream. PIE support along with various small fixes also recently added by core developers.

Updated spec: http://www.fateyev.com/RPMS/Fedora19/testing/opensmtpd.spec
Source RPM built against the latest snapshot: http://www.fateyev.com/RPMS/Fedora19/testing/SRPMS/opensmtpd-5.4.1p1-0.1.201311182347.fc19.denf.src.rpm

Koji scratch build for this snapshot (if anybody interested): https://koji.fedoraproject.org/koji/taskinfo?taskID=6197629
Comment 11 Kevin Fenzi 2013-11-30 14:07:43 EST
Sorry for the delay here... 

Outstanding things to fix (mentioned in more detail below with !):

1. You need to own the /etc/opensmtpd and /usr/libexec/opensmtpd directories. 
   You can either add them as %dir to files, or remove the /* from them. 

2. Are you planning on maintaining this in EPEL as well? If so, you 
   could look at putting conditionals around the sysvinit script. If not, 
   I would remove the sysvinit subpackage entirely. There's 0 point in 
   having it if you aren't shipping in EPEL/rhel, and the FPC recently 
   changed guidelines to disallow shipping them at all.

3. The debuginfo file lacks sources. Either -g isn't getting used to compile
   or something is stripping the binaries before the debuginfo is generated.

4. There's a few rpmlint issues to look into. Some are bogus, but a few of 
   them actually look like things to be fixed. missing-call-to-setgroups, 
   non-conffile-in-etc, use-old-pam-stack at least. 

5. Please use %global instead of %define.

Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "GPL (v2 or later)", "Unknown or generated", "BSD (4 clause)", "ISC",
     "BSD (3 clause)", "BSD (2 clause)", "BSD". 7 files have unknown license.
     Detailed output of licensecheck in /home/fedora/kevin/opensmtpd/review-
     opensmtpd/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[!]: Package requires other packages for directories it uses.
     Note: No known owner of /usr/libexec/opensmtpd, /etc/opensmtpd
[!]: Package must own all directories that it creates.
     Note: Directories without known owners: /etc/opensmtpd,
     /usr/libexec/opensmtpd
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[!]: Useful -debuginfo package or justification otherwise.
[x]: Package is known to not require an ExcludeArch tag.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: %config files are marked noreplace or the reason is justified.
[x]: Each %files section contains %defattr if rpm < 4.4
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: No %config files under /usr.
[x]: Package do not use a name that already exist
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[x]: Buildroot is not present
     Note: Buildroot: present but not needed
[x]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[!]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in opensmtpd-
     sysvinit
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Scriptlets must be sane, if used.
[x]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[x]: Packages should try to preserve timestamps of original installed files.
[!]: Spec use %global instead of %define unless justified.
     Note: %define requiring justification: %define _with_pam 1
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: Dist tag is present (not strictly required in GL).
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX tarball generation or download is documented.
[x]: SourceX is a working URL.

===== EXTRA items =====

Generic:
[!]: Package should not use obsolete m4 macros
     Note: Some obsoleted macros found, see the attachment.
     See: https://fedorahosted.org/FedoraReview/wiki/AutoTools
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package is
     arched.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: opensmtpd-5.4.1p1-0.1.201311182347.fc21.x86_64.rpm
          opensmtpd-sysvinit-5.4.1p1-0.1.201311182347.fc21.noarch.rpm
          opensmtpd-5.4.1p1-0.1.201311182347.fc21.src.rpm
opensmtpd.x86_64: W: spelling-error %description -l en_US mta -> mat, mt, ma
opensmtpd.x86_64: W: spelling-error %description -l en_US sendmail -> send mail, send-mail, Sendai
opensmtpd.x86_64: W: incoherent-version-in-changelog 5.4.1p1-0.1.denf ['5.4.1p1-0.1.201311182347.fc21', '5.4.1p1-0.1.201311182347']
opensmtpd.x86_64: E: missing-call-to-setgroups /usr/libexec/opensmtpd/mail.local
opensmtpd.x86_64: W: only-non-binary-in-usr-lib
opensmtpd.x86_64: W: manual-page-warning /usr/share/man/man5/aliases.opensmtpd.5.gz 52: warning: macro `Ba' not defined
opensmtpd.x86_64: W: non-conffile-in-etc /etc/pam.d/smtp.opensmtpd
opensmtpd.x86_64: W: manual-page-warning /usr/share/man/man5/smtpd.conf.5.gz 497: warning: macro `Ba' not defined
opensmtpd.x86_64: W: manual-page-warning /usr/share/man/man5/smtpd.conf.5.gz 886: warning: macro `Gt' not defined
opensmtpd.x86_64: E: non-standard-dir-perm /var/empty/smtpd 0711L
opensmtpd.x86_64: W: no-manual-page-for-binary mailq.opensmtpd
opensmtpd.x86_64: W: no-manual-page-for-binary newaliases.opensmtpd
opensmtpd.x86_64: W: non-standard-dir-in-var empty
opensmtpd.x86_64: E: use-old-pam-stack /etc/pam.d/smtp.opensmtpd (line 2)
opensmtpd-sysvinit.noarch: W: spelling-error Summary(en_US) SysV -> Sysop
opensmtpd-sysvinit.noarch: W: spelling-error Summary(en_US) initscript -> inscription, postscript
opensmtpd-sysvinit.noarch: W: spelling-error %description -l en_US initscripts -> postscripts, transcripts, inscription
opensmtpd-sysvinit.noarch: W: no-documentation
opensmtpd-sysvinit.noarch: W: service-default-enabled /etc/rc.d/init.d/opensmtpd
opensmtpd-sysvinit.noarch: E: incoherent-subsys /etc/rc.d/init.d/opensmtpd smtpd
opensmtpd-sysvinit.noarch: E: incoherent-subsys /etc/rc.d/init.d/opensmtpd smtpd
opensmtpd-sysvinit.noarch: W: service-default-enabled /etc/rc.d/init.d/opensmtpd
opensmtpd-sysvinit.noarch: W: no-reload-entry /etc/rc.d/init.d/opensmtpd
opensmtpd.src: W: spelling-error %description -l en_US usr -> use, us, user
opensmtpd.src: W: spelling-error %description -l en_US sbin -> sin, bin, bins
opensmtpd.src: W: spelling-error %description -l en_US mta -> mat, mt, ma
opensmtpd.src: W: spelling-error %description -l en_US sendmail -> send mail, send-mail, Sendai
opensmtpd.src: W: strange-permission opensmtpd.init 0755L
opensmtpd.src:14: W: unversioned-explicit-provides MTA
opensmtpd.src:14: W: unversioned-explicit-provides smtpd
opensmtpd.src:14: W: unversioned-explicit-provides smtpdaemon
opensmtpd.src:14: W: unversioned-explicit-provides server(smtp)
opensmtpd.src:127: E: hardcoded-library-path in /usr/lib/sendmail
3 packages and 0 specfiles checked; 6 errors, 27 warnings.




Rpmlint (installed packages)
----------------------------
# rpmlint opensmtpd-sysvinit opensmtpd
opensmtpd-sysvinit.noarch: W: spelling-error Summary(en_US) SysV -> Sysop
opensmtpd-sysvinit.noarch: W: spelling-error Summary(en_US) initscript -> inscription, postscript
opensmtpd-sysvinit.noarch: W: spelling-error %description -l en_US initscripts -> postscripts, transcripts, inscription
opensmtpd-sysvinit.noarch: W: no-documentation
opensmtpd-sysvinit.noarch: W: service-default-enabled /etc/rc.d/init.d/opensmtpd
opensmtpd-sysvinit.noarch: E: incoherent-subsys /etc/rc.d/init.d/opensmtpd smtpd
opensmtpd-sysvinit.noarch: E: incoherent-subsys /etc/rc.d/init.d/opensmtpd smtpd
opensmtpd-sysvinit.noarch: W: service-default-enabled /etc/rc.d/init.d/opensmtpd
opensmtpd-sysvinit.noarch: W: no-reload-entry /etc/rc.d/init.d/opensmtpd
opensmtpd.x86_64: W: spelling-error %description -l en_US mta -> mat, mt, ma
opensmtpd.x86_64: W: spelling-error %description -l en_US sendmail -> send mail, send-mail, Sendai
opensmtpd.x86_64: W: incoherent-version-in-changelog 5.4.1p1-0.1.denf ['5.4.1p1-0.1.201311182347.fc21', '5.4.1p1-0.1.201311182347']
opensmtpd.x86_64: E: missing-call-to-setgroups /usr/libexec/opensmtpd/mail.local
opensmtpd.x86_64: W: only-non-binary-in-usr-lib
opensmtpd.x86_64: W: manual-page-warning /usr/share/man/man5/aliases.opensmtpd.5.gz 52: warning: macro `Ba' not defined
opensmtpd.x86_64: W: non-conffile-in-etc /etc/pam.d/smtp.opensmtpd
opensmtpd.x86_64: W: manual-page-warning /usr/share/man/man5/smtpd.conf.5.gz 497: warning: macro `Ba' not defined
opensmtpd.x86_64: W: manual-page-warning /usr/share/man/man5/smtpd.conf.5.gz 886: warning: macro `Gt' not defined
opensmtpd.x86_64: E: non-standard-dir-perm /var/empty/smtpd 0711L
opensmtpd.x86_64: W: no-manual-page-for-binary mailq.opensmtpd
opensmtpd.x86_64: W: no-manual-page-for-binary newaliases.opensmtpd
opensmtpd.x86_64: W: non-standard-dir-in-var empty
opensmtpd.x86_64: E: use-old-pam-stack /etc/pam.d/smtp.opensmtpd (line 2)
2 packages and 0 specfiles checked; 5 errors, 18 warnings.
# echo 'rpmlint-done:'



Requires
--------
opensmtpd-sysvinit (rpmlib, GLIBC filtered):
    /bin/bash
    /bin/sh
    /sbin/chkconfig
    /sbin/service
    opensmtpd

opensmtpd (rpmlib, GLIBC filtered):
    /bin/sh
    chkconfig
    config(opensmtpd)
    libc.so.6()(64bit)
    libcrypt.so.1()(64bit)
    libcrypto.so.10()(64bit)
    libcrypto.so.10(OPENSSL_1.0.1)(64bit)
    libcrypto.so.10(OPENSSL_1.0.1_EC)(64bit)
    libcrypto.so.10(libcrypto.so.10)(64bit)
    libdb-4.8.so()(64bit)
    libdl.so.2()(64bit)
    libevent-2.0.so.5()(64bit)
    libpam.so.0()(64bit)
    libpam.so.0(LIBPAM_1.0)(64bit)
    libresolv.so.2()(64bit)
    libssl.so.10()(64bit)
    libssl.so.10(libssl.so.10)(64bit)
    libz.so.1()(64bit)
    rtld(GNU_HASH)
    shadow-utils
    systemd



Provides
--------
opensmtpd-sysvinit:
    opensmtpd-sysvinit

opensmtpd:
    MTA
    config(opensmtpd)
    opensmtpd
    opensmtpd(x86-64)
    server(smtp)
    smtpd
    smtpdaemon



AutoTools: Obsoleted m4s found
------------------------------
  AC_PROG_LIBTOOL found in: opensmtpd-201311182347p1/configure.ac:31


Source checksums
----------------
Using local file /home/fedora/kevin/opensmtpd/opensmtpd.init as upstream
file:///home/fedora/kevin/opensmtpd/opensmtpd.init :
  CHECKSUM(SHA256) this package     : c13f52bcc1fab307030ce79dbe0e2642fbc2eb810493a122605d9d4e3af2351d
  CHECKSUM(SHA256) upstream package : c13f52bcc1fab307030ce79dbe0e2642fbc2eb810493a122605d9d4e3af2351d
Using local file /home/fedora/kevin/opensmtpd/opensmtpd.pam as upstream
file:///home/fedora/kevin/opensmtpd/opensmtpd.pam :
  CHECKSUM(SHA256) this package     : 86aac59ff45d1e8d84791e1635daf24d20fbf4f4c30b6e99a2ca27c6a098f135
  CHECKSUM(SHA256) upstream package : 86aac59ff45d1e8d84791e1635daf24d20fbf4f4c30b6e99a2ca27c6a098f135
http://www.opensmtpd.org/archives/opensmtpd-201311182347p1.tar.gz :
  CHECKSUM(SHA256) this package     : 82619db15c2c0d77793c9bb7d0640ddfac634e1c05bda9bd2f8cb7365a4bdef0
  CHECKSUM(SHA256) upstream package : 82619db15c2c0d77793c9bb7d0640ddfac634e1c05bda9bd2f8cb7365a4bdef0
Using local file /home/fedora/kevin/opensmtpd/opensmtpd.service as upstream
file:///home/fedora/kevin/opensmtpd/opensmtpd.service :
  CHECKSUM(SHA256) this package     : eea4f1eeb2958cbc052cf3f41dd2979856bcde689f9adcb70c77f6569e28f27d
  CHECKSUM(SHA256) upstream package : eea4f1eeb2958cbc052cf3f41dd2979856bcde689f9adcb70c77f6569e28f27d


Generated by fedora-review 0.5.0 (920221d) last change: 2013-08-30
Command line :/usr/bin/fedora-review -n opensmtpd
Buildroot used: fedora-rawhide-x86_64
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, SugarActivity, Perl, R, PHP, Ruby
Disabled flags: EPEL5, EXARCH, DISTTAG
Comment 12 Denis Fateyev 2013-12-07 12:36:43 EST
All fixed, please look at the latest scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=6267548 . This is the recently released 5.4.1 stable version.

Current spec adapted both for RHEL and Fedora: http://www.fateyev.com/RPMS/Fedora19/testing/opensmtpd.spec (I have used 'fedora' and 'rhel' conditionals), there are also some changes in initscripts and PAM file replacement.

Some notes:

1) As for the "E: missing-call-to-setgroups", here is the developer's answer for the reference:

"Unlike other delivery backends where we do setgroups() as can be seen in smtpd.c:forkmda():1117, we can't do the same with mail.local which requires root to write in the spooler but also for its locking (think NFS amongst other weird but popular use-cases).

mail.local never really drops privileges, it simply reduces them as a mean to reduce the code that runs as root but it's a best effort."

2) "E: non-standard-dir-perm /var/empty/smtpd 0711L" - actually the same as for openssh directory ("var/empty/sshd"), so I haven't changed it.
Comment 13 Kevin Fenzi 2013-12-08 12:58:34 EST
All the issues from comment 11 appear fixed. ;) 

However, I see a few new rpmlint complaints: 

opensmtpd.i686: E: missing-call-to-chdir-with-chroot /usr/sbin/smtpctl
opensmtpd.i686: E: missing-call-to-chdir-with-chroot /usr/libexec/opensmtpd/queue-ram
opensmtpd.i686: E: missing-call-to-chdir-with-chroot /usr/libexec/opensmtpd/scheduler-stub
opensmtpd.i686: E: missing-call-to-chdir-with-chroot /usr/libexec/opensmtpd/scheduler-ram
opensmtpd.i686: E: missing-call-to-chdir-with-chroot /usr/libexec/opensmtpd/queue-null
opensmtpd.i686: E: missing-call-to-chdir-with-chroot /usr/libexec/opensmtpd/queue-stub
opensmtpd.i686: E: missing-call-to-chdir-with-chroot /usr/sbin/smtpd

$ rpmlint -I missing-call-to-chdir-with-chroot
missing-call-to-chdir-with-chroot:
This executable appears to call chroot without using chdir to change the
current directory. This is likely an error and permits an attacker to break
out of the chroot by using fchdir. While that's not always a security issue,
this has to be checked.

Could you ask upstream on this? 

Also, a nitpick: 

opensmtpd.i686: W: incoherent-version-in-changelog 5.4.1p1-1.denf ['5.4.1p1-1.fc21', '5.4.1p1-1']

drop the 'denf' in changelogs?

We are getting close here. ;)
Comment 14 Denis Fateyev 2013-12-08 13:19:48 EST
Interesting, these errors don't appear on 64bit version of packages, so I haven't seen them last time checking with 'rpmlint'. OK, I'll contact upstream regarding this issue.
Comment 15 Kevin Fenzi 2013-12-08 13:23:27 EST
Yeah, I just happened to check with a 32bit build this time... so yeah, could be a difference somehow between the two arches.
Comment 16 Michael Scherer 2013-12-08 15:47:58 EST
That's a bug in rpmlint, who was detecting syscall only on 64 bits, and not 32 bits. I fixed it in git. ( now, i need to do the same for arm )
Comment 17 Kevin Fenzi 2013-12-08 15:55:29 EST
So, I don't see any more blockers here... please fix the changelog versions before importing, but otherwise this package is APPROVED.
Comment 18 Denis Fateyev 2013-12-10 14:44:26 EST
New Package SCM Request
=======================
Package Name: opensmtpd
Short Description: OpenSMTPD - Minimalistic but powerful smtp server
Owners: dfateyev
Branches: f18 f19 f20 el6
InitialCC:
Comment 19 Gwyn Ciesla 2013-12-11 08:05:29 EST
Git done (by process-git-requests).
Comment 20 Terje Røsten 2013-12-13 09:57:02 EST
Nice work Denis!
Comment 21 Fedora Update System 2013-12-13 15:09:15 EST
opensmtpd-5.4.1p1-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/opensmtpd-5.4.1p1-1.fc18
Comment 22 Fedora Update System 2013-12-13 15:13:43 EST
opensmtpd-5.4.1p1-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/opensmtpd-5.4.1p1-1.fc19
Comment 23 Fedora Update System 2013-12-13 15:16:01 EST
opensmtpd-5.4.1p1-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/opensmtpd-5.4.1p1-1.fc20
Comment 24 Fedora Update System 2013-12-13 15:18:14 EST
opensmtpd-5.4.1p1-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/opensmtpd-5.4.1p1-1.el6
Comment 25 Fedora Update System 2013-12-22 00:31:19 EST
opensmtpd-5.4.1p1-1.fc20 has been pushed to the Fedora 20 stable repository.
Comment 26 Fedora Update System 2013-12-22 22:47:42 EST
opensmtpd-5.4.1p1-1.fc19 has been pushed to the Fedora 19 stable repository.
Comment 27 Fedora Update System 2013-12-22 22:52:37 EST
opensmtpd-5.4.1p1-1.fc18 has been pushed to the Fedora 18 stable repository.
Comment 28 Fedora Update System 2014-01-03 00:33:21 EST
opensmtpd-5.4.1p1-1.el6 has been pushed to the Fedora EPEL 6 stable repository.
Comment 29 Fedora Update System 2014-03-08 15:06:20 EST
opensmtpd-5.4.2p1-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/opensmtpd-5.4.2p1-1.fc20
Comment 30 Fedora Update System 2014-03-18 04:05:35 EDT
opensmtpd-5.4.2p1-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 31 Fedora Update System 2014-03-18 04:06:38 EDT
opensmtpd-5.4.2p1-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 32 Fedora Update System 2014-03-24 19:20:57 EDT
opensmtpd-5.4.2p1-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 33 Denis Fateyev 2014-06-30 18:38:26 EDT
Package Change Request
======================
Package Name: opensmtpd
New Branches: epel7
Owners: dfateyev
Comment 34 Gwyn Ciesla 2014-07-01 07:59:31 EDT
Git done (by process-git-requests).

Note You need to log in before you can comment on or make changes to this bug.