Bug 1066573 - Review Request: taskd - Secure server providing multi-user, multi-client access to task data
Summary: Review Request: taskd - Secure server providing multi-user, multi-client acce...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Christopher Meng
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-18 16:23 UTC by Ralph Bean
Modified: 2015-01-26 02:37 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-21 16:36:09 UTC
i: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Description Ralph Bean 2014-02-18 16:23:26 UTC
Spec URL: http://ralph.fedorapeople.org//taskd.spec
SRPM URL: http://ralph.fedorapeople.org//taskd-1.0.0-4.src.rpm

Description:
The Taskserver is a lightweight, secure server providing multi-user,
multi-client access to task data.  This allows true syncing between desktop and
mobile clients.

Users want task list access from multiple devices running software of differing
sophistication levels to synchronize data seamlessly.  Synchronization requires
the ability to exchange transactions between devices that may not have
continuous connectivity, and may not have feature parity.

The Taskserver provides this and builds a framework to go several steps beyond
merely synchronizing data.

Comment 1 Ralph Bean 2014-02-18 16:23:30 UTC
This package built on koji:  http://koji.fedoraproject.org/koji/taskinfo?taskID=6543490

Comment 2 Ralph Bean 2014-02-18 16:24:34 UTC
Also, there is a copr for this:  http://copr.fedoraproject.org/coprs/ralph/taskd/

Comment 3 Christopher Meng 2014-02-20 07:53:50 UTC
1. Release:        4

No %?dist

2. Systemd requires missing:
Requires(post):    systemd
Requires(preun):   systemd
Requires(postun):  systemd

3. %setup -q -n %{name}-%{version}

just %setup -q is fine. (not an issue)

4. We don't recommend using macros for commands without special reasons(different python versions with different macros defines), so you'd better change %{__mkdir_p} to mkdir -p directly, also applies to %{__install} macro.

5. No slash needed after %{buildroot} macro, please remove.

6. cp pki/* %{buildroot}/%{_sysconfdir}/pki/taskd/.

Better add -a option.

7. %pre section needs improvement:

https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation

8. Please use * for manpages in %files:

%{_mandir}/man1/taskd.1.gz
%{_mandir}/man5/taskdrc.5.gz

to

%{_mandir}/man1/taskd.1*
%{_mandir}/man5/taskdrc.5*

9. Systemd scriptlets missing:

https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd

10. rpmlint results:

Rpmlint (installed packages)
----------------------------
# rpmlint taskd
taskd.i686: W: spelling-error Summary(en_US) multi -> mulch, mufti
taskd.i686: W: spelling-error %description -l en_US multi -> mulch, mufti
taskd.i686: W: only-non-binary-in-usr-lib
taskd.i686: W: non-standard-uid /etc/pki/taskd/README taskd
taskd.i686: W: non-standard-gid /etc/pki/taskd/README taskd
taskd.i686: E: non-readable /etc/pki/taskd/README 0750L
taskd.i686: E: non-standard-executable-perm /etc/pki/taskd/README 0750L
taskd.i686: E: executable-marked-as-config-file /etc/pki/taskd/README
taskd.i686: E: script-without-shebang /etc/pki/taskd/README
taskd.i686: W: non-standard-uid /var/lib/taskd/orgs taskd
taskd.i686: W: non-standard-gid /var/lib/taskd/orgs taskd
taskd.i686: E: non-standard-dir-perm /var/lib/taskd/orgs 0750L
taskd.i686: W: non-standard-uid /var/lib/taskd taskd
taskd.i686: W: non-standard-gid /var/lib/taskd taskd
taskd.i686: E: non-standard-dir-perm /var/lib/taskd 0750L
taskd.i686: W: non-standard-uid /etc/pki/taskd/generate.client taskd
taskd.i686: W: non-standard-gid /etc/pki/taskd/generate.client taskd
taskd.i686: E: non-readable /etc/pki/taskd/generate.client 0750L
taskd.i686: E: non-standard-executable-perm /etc/pki/taskd/generate.client 0750L
taskd.i686: E: executable-marked-as-config-file /etc/pki/taskd/generate.client
taskd.i686: W: non-standard-uid /etc/pki/taskd taskd
taskd.i686: W: non-standard-gid /etc/pki/taskd taskd
taskd.i686: E: non-standard-dir-perm /etc/pki/taskd 0750L
taskd.i686: W: non-standard-uid /etc/pki/taskd/generate.crl taskd
taskd.i686: W: non-standard-gid /etc/pki/taskd/generate.crl taskd
taskd.i686: E: non-readable /etc/pki/taskd/generate.crl 0750L
taskd.i686: E: non-standard-executable-perm /etc/pki/taskd/generate.crl 0750L
taskd.i686: E: executable-marked-as-config-file /etc/pki/taskd/generate.crl
taskd.i686: W: non-standard-uid /etc/pki/taskd/generate.server taskd
taskd.i686: W: non-standard-gid /etc/pki/taskd/generate.server taskd
taskd.i686: E: non-readable /etc/pki/taskd/generate.server 0750L
taskd.i686: E: non-standard-executable-perm /etc/pki/taskd/generate.server 0750L
taskd.i686: E: executable-marked-as-config-file /etc/pki/taskd/generate.server
taskd.i686: W: non-standard-uid /etc/pki/taskd/generate taskd
taskd.i686: W: non-standard-gid /etc/pki/taskd/generate taskd
taskd.i686: E: non-readable /etc/pki/taskd/generate 0750L
taskd.i686: E: non-standard-executable-perm /etc/pki/taskd/generate 0750L
taskd.i686: E: executable-marked-as-config-file /etc/pki/taskd/generate
taskd.i686: W: non-standard-uid /etc/pki/taskd/generate.ca taskd
taskd.i686: W: non-standard-gid /etc/pki/taskd/generate.ca taskd
taskd.i686: E: non-readable /etc/pki/taskd/generate.ca 0750L
taskd.i686: E: non-standard-executable-perm /etc/pki/taskd/generate.ca 0750L
taskd.i686: E: executable-marked-as-config-file /etc/pki/taskd/generate.ca
taskd.i686: W: non-standard-uid /var/log/taskd taskd
taskd.i686: W: non-standard-gid /var/log/taskd taskd
taskd.i686: E: non-standard-dir-perm /var/log/taskd 0750L
taskd.i686: E: script-without-shebang /usr/lib/systemd/system/taskd.service
taskd.i686: W: non-standard-uid /var/lib/taskd/config taskd
taskd.i686: W: non-standard-gid /var/lib/taskd/config taskd
taskd.i686: E: non-readable /var/lib/taskd/config 0750L
taskd.i686: E: non-standard-executable-perm /var/lib/taskd/config 0750L
taskd.i686: E: executable-marked-as-config-file /var/lib/taskd/config
taskd.i686: E: script-without-shebang /var/lib/taskd/config
taskd.i686: W: log-files-without-logrotate /var/log/taskd
taskd.i686: W: no-manual-page-for-binary taskdctl
taskd.i686: W: install-file-in-docs /usr/share/doc/taskd/INSTALL
1 packages and 0 specfiles checked; 28 errors, 28 warnings.

------------------
Please double check above, issues found.

11. License check:


MIT/X11 (BSD like)
------------------
taskd-1.0.0/scripts/profile.py
taskd-1.0.0/src/Color.cpp
taskd-1.0.0/src/Color.h
taskd-1.0.0/src/ConfigFile.cpp
taskd-1.0.0/src/ConfigFile.h
taskd-1.0.0/src/Database.cpp
taskd-1.0.0/src/Database.h
taskd-1.0.0/src/Date.cpp
taskd-1.0.0/src/Date.h
taskd-1.0.0/src/Directory.cpp
taskd-1.0.0/src/Directory.h
taskd-1.0.0/src/Duration.cpp
taskd-1.0.0/src/Duration.h
taskd-1.0.0/src/File.cpp
taskd-1.0.0/src/File.h
taskd-1.0.0/src/JSON.cpp
taskd-1.0.0/src/JSON.h
taskd-1.0.0/src/Log.cpp
taskd-1.0.0/src/Log.h
taskd-1.0.0/src/Msg.cpp
taskd-1.0.0/src/Msg.h
taskd-1.0.0/src/Nibbler.cpp
taskd-1.0.0/src/Nibbler.h
taskd-1.0.0/src/Path.cpp
taskd-1.0.0/src/Path.h
taskd-1.0.0/src/RX.cpp
taskd-1.0.0/src/RX.h
taskd-1.0.0/src/Server.cpp
taskd-1.0.0/src/Server.h
taskd-1.0.0/src/TLSClient.cpp
taskd-1.0.0/src/TLSClient.h
taskd-1.0.0/src/TLSServer.cpp
taskd-1.0.0/src/TLSServer.h
taskd-1.0.0/src/Task.cpp
taskd-1.0.0/src/Task.h
taskd-1.0.0/src/Thread.cpp
taskd-1.0.0/src/Thread.h
taskd-1.0.0/src/Timer.cpp
taskd-1.0.0/src/Timer.h
taskd-1.0.0/src/admin.cpp
taskd-1.0.0/src/api.cpp
taskd-1.0.0/src/client.cpp
taskd-1.0.0/src/config.cpp
taskd-1.0.0/src/daemon.cpp
taskd-1.0.0/src/diag.cpp
taskd-1.0.0/src/en-US.h
taskd-1.0.0/src/help.cpp
taskd-1.0.0/src/i18n.h
taskd-1.0.0/src/init.cpp
taskd-1.0.0/src/status.cpp
taskd-1.0.0/src/taskd.cpp
taskd-1.0.0/src/taskd.h
taskd-1.0.0/src/text.cpp
taskd-1.0.0/src/text.h
taskd-1.0.0/src/tls/TLSClient.cpp
taskd-1.0.0/src/tls/TLSClient.h
taskd-1.0.0/src/tls/TLSServer.cpp
taskd-1.0.0/src/tls/TLSServer.h
taskd-1.0.0/src/utf8.cpp
taskd-1.0.0/src/utf8.h
taskd-1.0.0/src/util.cpp
taskd-1.0.0/src/util.h

Unknown or generated
--------------------
taskd-1.0.0/cmake.h
taskd-1.0.0/commit.h
taskd-1.0.0/src/tls/c.cpp
taskd-1.0.0/src/tls/s.cpp
taskd-1.0.0/src/wcwidth6.cpp

12. Koji:

warning: File listed twice: /etc/pki/taskd/README
warning: File listed twice: /etc/pki/taskd/generate
warning: File listed twice: /etc/pki/taskd/generate.ca
warning: File listed twice: /etc/pki/taskd/generate.client
warning: File listed twice: /etc/pki/taskd/generate.crl
warning: File listed twice: /etc/pki/taskd/generate.server
warning: File listed twice: /usr/share/doc/taskd
warning: File listed twice: /usr/share/doc/taskd/AUTHORS
warning: File listed twice: /usr/share/doc/taskd/COPYING
warning: File listed twice: /usr/share/doc/taskd/ChangeLog
warning: File listed twice: /usr/share/doc/taskd/INSTALL
warning: File listed twice: /usr/share/doc/taskd/NEWS
warning: File listed twice: /var/lib/taskd/orgs

Please rm %{buildroot}%{_datadir}/doc/taskd/ in %install and use %doc, currently I can see INSTALL even appears in the docdir, no such need to do that.

Suggestion: %doc AUTHORS COPYING ChangeLog NEWS README

13. Systemd unit file:

Documentation=http://tasktools.org/projects/taskd.html

You should also add the manpages.

14. You forgot to own itself:

%{_sysconfdir}/pki/taskd/

15. Why do we need this:

%{_sysconfdir}/pki/taskd/README

************************************************

Requires
--------
taskd (rpmlib, GLIBC filtered):
    /bin/bash
    /bin/sh
    config(taskd)
    libc.so.6
    libgcc_s.so.1
    libgcc_s.so.1(GCC_3.0)
    libgnutls.so.28
    libgnutls.so.28(GNUTLS_1_4)
    libgnutls.so.28(GNUTLS_2_10)
    libgnutls.so.28(GNUTLS_2_12)
    libgnutls.so.28(GNUTLS_3_1_0)
    libm.so.6
    libpthread.so.0
    libstdc++.so.6
    libstdc++.so.6(CXXABI_1.3)
    libuuid.so.1
    libuuid.so.1(UUID_1.0)
    rtld(GNU_HASH)



Provides
--------
taskd:
    config(taskd)
    taskd
    taskd(x86-32)



Source checksums
----------------
http://taskwarrior.org/download/taskd-1.0.0.tar.gz :
  CHECKSUM(SHA256) this package     : 162ef1eec48f8145870ef0dbe0121b78a6da99815bc18af77de07fbb0abe02d0
  CHECKSUM(SHA256) upstream package : 162ef1eec48f8145870ef0dbe0121b78a6da99815bc18af77de07fbb0abe02d0


Generated by fedora-review 0.5.1 (bb9bf27) last change: 2013-12-13
Command line :/bin/fedora-review -rvn taskd-1.0.0-4.src.rpm
Buildroot used: fedora-rawhide-i386
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, EPEL5, BATCH, DISTTAG

Comment 4 Christopher Meng 2014-02-20 07:56:08 UTC
For issue 14:

%config(noreplace) %attr(0750, taskd, taskd) %{_sysconfdir}/pki/taskd/

IMO should be

%dir %attr(0750, taskd, taskd) %{_sysconfdir}/pki/taskd/

Comment 5 Pete Travis 2014-02-23 04:39:19 UTC
/etc/pki/taskd/generate is using /usr/bin/certtool; you should add Requires: gnutls-utils .

Comment 6 Ralph Bean 2014-02-28 04:29:28 UTC
Thanks for the thorough review.  I think this should take care of the issues raised.

Spec URL: http://threebean.org/rpm/taskd.spec
SRPM URL: http://threebean.org/rpm/taskd-1.0.0-5.fc20.src.rpm

Comment 7 Christopher Meng 2014-04-16 05:43:42 UTC
Heheh:

getent group taskd >/dev/null || groupadd -r taskd
getent passwd taskd >/dev/null || \
    useradd -r -g taskd -d HOMEDIR -s /sbin/nologin \
    -c "Task Server system user" taskd
exit 0

What's the actual path of HOMEDIR? ;)

Comment 8 Ankur Sinha (FranciscoD) 2014-07-30 13:59:49 UTC
This should clear up the value of HOMEDIR:

"HOMEDIR should usually be a directory created and owned by the package, with appropriately restrictive permissions. One good choice for the location of the directory is the package's data directory in case it has one."

from https://fedoraproject.org/wiki/Packaging:UsersAndGroups?rd=Packaging/UsersAndGroups

Since it doesn't have a data directory, the sharedstatedir seems right. It has appropriately restrictive permissions.

I was wondering if it's worth adding a firewalld configuration file that will enable users to easily enable/disable the port used by taskd?
Something like this: http://paste.fedoraproject.org/121983/72870114 ?

Thanks,
Warm regards,
Ankur

Comment 9 Ralph Bean 2014-08-16 18:56:45 UTC
Ankur, I think both ideas are good.  Thanks!  They're added here in a new release:

Spec URL: http://threebean.org/rpm/SPECS/taskd.spec
SRPM URL: http://threebean.org/rpm/SRPMS/taskd-1.0.0-6.fc20.src.rpm

Comment 10 Ralph Bean 2014-08-20 23:27:31 UTC
Updated to allow login as the taskd user:

Spec URL: http://threebean.org/rpm/SPECS/taskd.spec
SRPM URL: http://threebean.org/rpm/SRPMS/taskd-1.0.0-7.fc20.src.rpm

Comment 11 Luke Macken 2014-08-21 04:31:29 UTC
The log setting in the default config needs to be under the /var/log/taskd directory for it to work it seems.

Comment 12 Ankur Sinha (FranciscoD) 2014-08-21 09:18:13 UTC
I can't seem to get it to work with systemd

systemctl start taskd.service #does not work

This looks like the error:
2014-08-21 09:16:09 CA /etc/pki/taskd/ca.cert.pem
2014-08-21 09:16:09 Certificate not readable: '/etc/pki/taskd/ca.cert.pem'

taskd server --daemon --data /var/lib/taskd #works fine

Comment 13 Ralph Bean 2014-08-21 16:58:34 UTC
Ankur, what user owns /etc/pki/taskd/ca.cert.pem ?  the taskd user?

Here is a new release with the log setting tweak suggested by lmacken:

Spec URL: http://threebean.org/rpm/SPECS/taskd.spec
SRPM URL: http://threebean.org/rpm/SRPMS/taskd-1.0.0-9.fc20.src.rpm

Comment 14 Ankur Sinha (FranciscoD) 2014-08-22 00:04:57 UTC
(In reply to Ralph Bean from comment #13)
> Ankur, what user owns /etc/pki/taskd/ca.cert.pem ?  the taskd user?
> 

Ah, no. root owned all the files in there because I'd generated the certs using sudo back then. Should they all be owned by taskd?

Comment 15 Ankur Sinha (FranciscoD) 2014-08-22 00:12:34 UTC
(In reply to Ankur Sinha (FranciscoD) from comment #14)
> (In reply to Ralph Bean from comment #13)
> > Ankur, what user owns /etc/pki/taskd/ca.cert.pem ?  the taskd user?
> > 
> 
> Ah, no. root owned all the files in there because I'd generated the certs
> using sudo back then. Should they all be owned by taskd?

Yep. Looks like it. Since I had created my user etc as root too, the org and user files in /var/lib/taskd were also not owned by taskd. Everything needs to be owned by taskd for it to work properly using systemd. Can this be noted somewhere? Most people, like me, will probably use root login to configure the server. :D

Comment 16 Ralph Bean 2014-08-22 14:44:03 UTC
(In reply to Ankur Sinha (FranciscoD) from comment #15)
> Can this be noted somewhere? Most people, like me, will probably use root login to configure the server. :D

I'm not sure where to put it in a package like this :(  I currently have it mentioned in the instructions on the copr:  
http://copr.fedoraproject.org/coprs/ralph/taskd/

Perhaps I could add it to a README.Fedora that we additionally distribute with the rpm?

Comment 17 Ankur Sinha (FranciscoD) 2014-08-25 04:01:56 UTC
(In reply to Ralph Bean from comment #16)
> (In reply to Ankur Sinha (FranciscoD) from comment #15)
> > Can this be noted somewhere? Most people, like me, will probably use root login to configure the server. :D
> 
> I'm not sure where to put it in a package like this :(  I currently have it
> mentioned in the instructions on the copr:  
> http://copr.fedoraproject.org/coprs/ralph/taskd/
> 
> Perhaps I could add it to a README.Fedora that we additionally distribute
> with the rpm?

Yeah. I guess a README.fedora would be the best way to go. I just don't want you getting bug reports caused by permission issues :)

Comment 18 Ralph Bean 2014-08-27 21:37:13 UTC
Ok, here it is now with a README.Fedora:

Spec URL: http://threebean.org/rpm/SPECS/taskd.spec
SRPM URL: http://threebean.org/rpm/SRPMS/taskd-1.0.0-10.fc20.src.rpm

Comment 19 Matthew Miller 2014-10-19 14:13:57 UTC
Christopher, any comments on updated RPM? Is this good to go?

Comment 20 Christopher Meng 2014-12-31 06:14:57 UTC
Ok.

Comment 21 Ralph Bean 2015-01-05 17:18:33 UTC
New Package SCM Request
=======================
Package Name: taskd
Short Description: Secure server providing multi-user, multi-client access to task data
Upstream URL: http://tasktools.org/projects/taskd.html
Owners: ralph
Branches: f21
InitialCC:

Comment 22 Gwyn Ciesla 2015-01-05 18:09:17 UTC
Git done (by process-git-requests).

Comment 23 Fedora Update System 2015-01-05 20:17:40 UTC
taskd-1.0.0-10.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/taskd-1.0.0-10.fc21

Comment 24 Fedora Update System 2015-01-26 02:37:27 UTC
taskd-1.0.0-10.fc21 has been pushed to the Fedora 21 stable repository.


Note You need to log in before you can comment on or make changes to this bug.