Spec URL: http://dyroff.org/fcgiwrap.spec SRPM URL: http://dyroff.org/fcgiwrap-1.1.0-1.fc20.src.rpm Description: Fcgiwrap is a simple server for running CGI applications over FastCGI. It hopes to provide clean CGI support to Nginx (and other web servers that may need it). Fedora Account System Username: sdyroff
1. No systemd unit file, please write one. 2. %_sbindir/* %_datadir/man/man8/* %_sbindir --> %{_sbindir} %_datadir/man/man8 --> %{_mandir}/man8
Hi Christopher, What a coincidence, I just made the spec file for fcgiwrap around April 20. Mine version include the systems unit files. And the %file section is specified using the right style as you requested. It also builds the RPM correctly on non-systemd OS. The location of SRPM: https://github.com/schnell18/packaging/blob/master/fcgiwrap/fcgiwrap-1.1.0-1.fc20.src.rpm The spec file: https://raw.githubusercontent.com/schnell18/packaging/master/fcgiwrap/fcgiwrap.spec Since Sebastian Dyroff does not look active, can you look at my work? My work passed the koji build against both f20(http://koji.fedoraproject.org/koji/taskinfo?taskID=6787143) and f21(http://koji.fedoraproject.org/koji/taskinfo?taskID=6787147). Thanks!
(In reply to Justin Zhang from comment #2) No. Your spec doesn't match the guideline. Thank you anyway.
Hi Christopher, Thanks for quickly response! This is my first attempt to submit an RPM spec file to Fedora. Do you wish I fix the spec or just wait for Sebastian Dyroff's response? Thank you!
(In reply to Justin Zhang from comment #4) > This is my first attempt to submit an RPM spec file to Fedora. > Do you wish I fix the spec or just wait for Sebastian Dyroff's response? I have no interests of reviewing anything except from the submitter, and my suggestion is that do not reinvent the wheel unless it's a dire need, save your time.
Hi Christopher, It's not re-inventing the wheel. It's just trying to contribute to help move this issue forward. I think this is beneficial to the fedora project. Maybe let's contact Sebastian Dyroff to see if he can expedite the fix and if he would accept some of ideas of my implementation. Thanks!
(In reply to Justin Zhang from comment #6) > Hi Christopher, > It's not re-inventing the wheel. It's just trying to contribute to help > move this issue forward. I think this is beneficial to the fedora project. > > Maybe let's contact Sebastian Dyroff to see if he can expedite the fix and > if he would accept some of ideas of my implementation. > > Thanks! We have many bugs like this, not stalled tickets, but the reporter is busy or because of something else. Please don't ask me to do anything here anymore. Thanks.
Hi, sorry I was busy with other work. I will take a look at the issues this evening. Any suggestions about what user should run fcgi-wrap? Personally I am using spawn-fcgi to spawn the fcgi-wrap service.
Hi Sebastian, The spawn-fcgi is no longer necessary on Fedora. The systemd socket activation is a good replacement for spawn-fcgi. The upstream already has the right unit files included under the systemd sub directory. You need package these files to make it included in the RPM. The upstream build script already copes the unit files into %{build root}. You can package simply by list them in the %file like: %{_unitdir}/*.service %{_unitdir}/*.socket Regarding the user to run fcgiwrap, the default user is 'http' from upstream. Probably 'nobody' is a better choice as it is a pre-defined user on Fedora. But I think the administrators is in better position to determine the right user to run fcgiwrap. And they can customize it by coping the /lib/systemd/system/fcgiwrap.service to /etc/systemd/system/ and changing "User" and "Group" as they see fit. My personal experience is to run fcgiwrap using 'git' on a server that hosts our company's Git repositories. This significantly simplifies the permission setup of Git repository.
ping.
Sorry for the long delay. I am still working on this. I couldn't get socket activation working for the systemd unit file, so I have to look deeper into this.
Sorry for removing the needinfo flag...
Hey just a short info. I am still working on it, when I have time. The systemd unit files are now included, but it is neccessary to write an selinux module to use the systemd socket by any webserver. While creating the module, I stumbled over the following behaviour https://bugzilla.redhat.com/show_bug.cgi?id=1197886. I will continue, if this issue is resolved.
Hi, could you publish your spec file again? the link is dead and I'd like to build it. Thank you.
(In reply to Sebastian Dyroff from comment #14) > Hey just a short info. I am still working on it, when I have time. The > systemd unit files are now included, but it is neccessary to write an > selinux module to use the systemd socket by any webserver. While creating > the module, I stumbled over the following behaviour > https://bugzilla.redhat.com/show_bug.cgi?id=1197886. I will continue, if > this issue is resolved. I've build fcgiwrap on my own, and it's working fine using systemd socket activation. Maybe the problem you comment is already solved. Are you still interested in pushing this forward? I can help comaintaining if you wish. This is my version of the spec file and a copr with it: https://jorti.fedorapeople.org/fcgiwrap/ https://copr.fedoraproject.org/coprs/jorti/fcgiwrap/
First of all, I really appreciate any help to get this done. Sorry, I am very busy with non fedora related things. I tested your version, and it did not work for me. The fcgiwrap.service file requires a user http that does not exist on a system without apache installed and fails to start. Also I did not see any selinux rules. By default, the selinux policy forbids the webserver to connect to the fcgiwrap socket(I could not test this step with your version, because it didn't start on the cloud image). Steps I did for installing: - Used a fedora 21 cloud base image (Sorry do not have a 22 for now) - installed your copr repo with dnf - installed your fcgiwrap package with dnf - started the fcgiwrap socket with systemctl - started the fcgiwrap service with systemctl log output was: $ sudo systemctl status fcgiwrap ● fcgiwrap.service - Simple CGI Server Loaded: loaded (/usr/lib/systemd/system/fcgiwrap.service; static) Active: failed (Result: exit-code) since Sun 2015-05-31 19:49:22 UTC; 8min ago Process: 1003 ExecStart=/usr/sbin/fcgiwrap (code=exited, status=217/USER) Main PID: 1003 (code=exited, status=217/USER) May 31 19:49:22 fcgiwrap-test.localdomain systemd[1]: Starting Simple CGI Server... May 31 19:49:22 fcgiwrap-test.localdomain systemd[1]: Started Simple CGI Server. May 31 19:49:22 fcgiwrap-test.localdomain systemd[1]: fcgiwrap.service: main process exited, code=exited, status=217/USER May 31 19:49:22 fcgiwrap-test.localdomain systemd[1]: Unit fcgiwrap.service entered failed state. May 31 19:49:22 fcgiwrap-test.localdomain systemd[1]: fcgiwrap.service failed. I uploaded my intermediate version of the spec file here: http://www.dyroff.net/fedora/fcgiwrap.tar.bz2 If you want to continue working on my spec file, we should setup a git repo to cordinate and bring it in shape.
I have no SELinux problems with the units shown below, just write the socket to /run/nginx or elsewhere already covered by the policy. Anyway, I agree that we should patch the provided units to work out of the box. # /etc/systemd/system/gitweb.socket [Unit] Description=GitWeb socket [Socket] SocketMode=0600 SocketUser=nginx SocketGroup=nginx ListenStream=/run/nginx/gitweb.sock [Install] WantedBy=sockets.target # /etc/systemd/system/gitweb.service [Unit] Description=GitWeb service [Service] ExecStart=/usr/sbin/fcgiwrap User=apache Group=apache
Well this is interesting. I was about to create a review request for an fcgiwrap package I put together, when I found this request from 2014. Since the activity in this review appears to have died out, is anyone opposed to closing this request and allowing me to create a new review request?
Go for it.