Bug 1110913 - Review Request: pam_script - PAM module for executing scripts
Summary: Review Request: pam_script - PAM module for executing scripts
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2014-06-18 18:40 UTC by Jason Taylor
Modified: 2014-07-18 12:40 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-07-07 12:45:38 UTC
Type: ---
lkundrak: fedora-review+
gwync: fedora-cvs+

Attachments (Terms of Use)

Description Jason Taylor 2014-06-18 18:40:55 UTC
Spec URL: https://github.com/jmtaylor90/pam-script-rpm/blob/master/specs/pam_script.spec

SRPM URL: https://github.com/jmtaylor90/pam-script-rpm/blob/master/rpm/pam_script-1.1.7-1.fc20.src.rpm

Description: pam_script allows you to execute scripts during authorization, password changes and session openings or closings.

Fedora Account System Username: jtaylor

Comment 1 Jason Taylor 2014-06-18 18:48:05 UTC
This is my first package, so I am also looking for a sponsor. I would like to learn more about the packaging process and consequently help maintain any packages with someone willing to sponsor me has.

Additionally, the target platforms are fedora, el6 and el5.

Scratch builds:

http://koji.fedoraproject.org/koji/taskinfo?taskID=7055592 --rawhide

http://koji.fedoraproject.org/koji/taskinfo?taskID=7055570 --f20

http://koji.fedoraproject.org/koji/taskinfo?taskID=7055564 --el6

http://koji.fedoraproject.org/koji/taskinfo?taskID=7055582 --el5

Preliminary fedora-review report:

This is a review *template*. Besides handling the [ ]-marked tests you are
also supposed to fix the template before pasting into bugzilla:
- Add issues you find to the list of issues on top. If there isn't such
  a list, create one.
- Add your own remarks to the template checks.
- Add new lines marked [!] or [?] when you discover new things not
  listed by fedora-review.
- Change or remove any text in the template which is plain wrong. In this
  case you could also file a bug against fedora-review
- Remove the "[ ] Manual check required", you will not have any such lines
  in what you paste.
- Remove attachments which you deem not really useful (the rpmlint
  ones are mandatory, though)
- Remove this text

Package Review

[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed

===== MUST items =====

[ ]: Package does not contain kernel modules.
[ ]: Package contains no static executables.
[ ]: Development (unversioned) .so files in -devel subpackage, if present.
     Note: Unversioned so-files in private %_libdir subdirectory (see
     attachment). Verify they are not in ld path.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

[ ]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
[ ]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "GPL (v2 or later) (with incorrect FSF address)", "*No copyright* GPL (v2
     or later)". Detailed output of licensecheck in /home/jason/trash/review-
[ ]: Package must own all directories that it creates.
     Note: Directories without known owners: /lib64/security
[ ]: %build honors applicable compiler flags or justifies otherwise.
[ ]: Package contains no bundled libraries without FPC exception.
[ ]: Changelog in prescribed format.
[ ]: Sources contain only permissible code or content.
[ ]: Package contains desktop file if it is a GUI application.
[ ]: Development files must be in a -devel package
[ ]: Package uses nothing in %doc for runtime.
[ ]: Package consistently uses macros (instead of hard-coded directory names).
[ ]: Package is named according to the Package Naming Guidelines.
[ ]: Package does not generate any conflict.
[ ]: Package obeys FHS, except libexecdir and /usr/target.
[ ]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[ ]: Requires correct, justified where necessary.
[ ]: Spec file is legible and written in American English.
[ ]: Package contains systemd file(s) if in need.
[ ]: Useful -debuginfo package or justification otherwise.
[ ]: Package is not known to require an ExcludeArch tag.
[ ]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 51200 bytes in 7 files.
[ ]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
[x]: Package requires other packages for directories it uses.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
[x]: Package is named using only allowed ASCII characters.
[x]: Package do not use a name that already exist
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

[ ]: Package has no %clean section with rm -rf %{buildroot} (or
     Note: %clean present but not required
[ ]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[ ]: Final provides and requires are sane (see attachments).
[ ]: Package functions as described.
[ ]: Latest version is packaged.
[ ]: Package does not include license text files separate from upstream.
[ ]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[ ]: Package should compile and build into binary rpms on all supported
[ ]: %check is present and all tests pass.
[ ]: Packages should try to preserve timestamps of original installed files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Dist tag is present (not strictly required in GL).
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

[!]: Package should not use obsolete m4 macros
     Note: Some obsoleted macros found, see the attachment.
     See: https://fedorahosted.org/FedoraReview/wiki/AutoTools
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package is
[x]: Spec file according to URL is the same as in SRPM.

Checking: pam_script-1.1.7-1.fc20.x86_64.rpm
pam_script.x86_64: W: spelling-error %description -l en_US pam -> map, Pam, pan
pam_script.x86_64: E: incorrect-fsf-address /usr/share/doc/pam_script/COPYING
pam_script.src: W: spelling-error %description -l en_US pam -> map, Pam, pan
2 packages and 0 specfiles checked; 1 errors, 2 warnings.

Rpmlint (installed packages)
# rpmlint pam_script
pam_script.x86_64: W: spelling-error %description -l en_US pam -> map, Pam, pan
pam_script.x86_64: E: incorrect-fsf-address /usr/share/doc/pam_script/COPYING
1 packages and 0 specfiles checked; 1 errors, 1 warnings.
# echo 'rpmlint-done:'

pam_script (rpmlib, GLIBC filtered):


Unversioned so-files
pam_script: /lib64/security/pam_script.so

Source checksums
https://github.com/jeroennijhof/pam_script/archive/1.1.7.tar.gz :
  CHECKSUM(SHA256) this package     : f72a290ab92daed8e7e224ce22c9a300840ee20c6523a796cf6dfa852f101f11
  CHECKSUM(SHA256) upstream package : f72a290ab92daed8e7e224ce22c9a300840ee20c6523a796cf6dfa852f101f11

AutoTools: Obsoleted m4s found
  AM_PROG_LIBTOOL found in: pam_script-1.1.7/configure.ac:32

Comment 2 Lubomir Rintel 2014-06-18 19:14:27 UTC
0.) Why would this be needed?

restorecon %{_sysconfdir}/pam_script*
restorecon %{_sysconfdir}/pam-script.d/

1.) The %el5 conditionals are way too ugly

Please remove them -- if you wish to support el5, feel free to -- just remove the conditions, the obsolete rpm artifacts such as %clean section or BuildRoot are ignored anyway.

2.) Mark the files in /etc as %config(noreplace)

%dir %{_sysconfdir}/pam-script.d/

Not sure why didn't rpmlint warn you.

3.) The dangling "cd -" is probably left there by accident.

Please remove it

4.) Please comment non-obvious stuff you do:

e.g. why would you do this?

cp etc/README etc/README.module_types
autoreconf -vfi

Comment 3 Jason Taylor 2014-06-20 18:38:20 UTC
Hi Lubomir,

Thank you for taking the time to review this package. I have made the updates you suggested and updated the spec and src links.

spec location: https://github.com/jmtaylor90/pam-script-rpm/blob/master/specs/pam_script.spec

src rpm location: https://github.com/jmtaylor90/pam-script-rpm/blob/master/rpm/pam_script-1.1.7-1.fc20.src.rpm

updated scratch koji builds:

http://koji.fedoraproject.org/koji/taskinfo?taskID=7063030 -- rawhide

http://koji.fedoraproject.org/koji/taskinfo?taskID=7063034 -- f20

http://koji.fedoraproject.org/koji/taskinfo?taskID=7063038 -- el6

http://koji.fedoraproject.org/koji/taskinfo?taskID=7063042 -- el5

Comment 4 Lubomir Rintel 2014-06-21 11:40:44 UTC
I'm sponsoring Jason, removing FE_NEEDSPONSOR.
Taking for an official review.

Comment 5 Lubomir Rintel 2014-06-24 13:59:13 UTC
* Package named correctly
* Latest version packaged
* License OK for fedora
* License text included
- License not field correct (see below)
* SPEC file clean and legible
* Builds fine in mock
* Requires sane
* Provides sane
* Filelist sane
* Proper compiler flags used

0.) Please use correct GitHub source file

"For a number of reasons (immutability, availability, uniqueness), you must use the full commit revision hash when referring to the sources."


-Source0: https://github.com/jeroennijhof/pam_script/archive/%{version}.tar.gz
+Source0:        https://github.com/$OWNER/$PROJECT/archive/%{commit}/$PROJECT-%{commit}.tar.gz

1.) License is likely GPLv2+, not GPLv2

See the "or later version" clause in:

Comment 6 Jason Taylor 2014-06-24 14:56:15 UTC
updated spec and srpm

spec: https://github.com/jmtaylor90/pam-script-rpm/blob/master/specs/pam_script.spec

srpm: https://github.com/jmtaylor90/pam-script-rpm/blob/master/rpm/pam_script-1.1.7-1.fc20.src.rpm

I initially thought I needed to add a snapshot portion to the version but it turns out I had specified the wrong commit in the %global. I have updated to the 1.1.7 release commit as I had initially intended. koji scratch builds were subsequently successful.

http://koji.fedoraproject.org/koji/taskinfo?taskID=7071657 -- el5

http://koji.fedoraproject.org/koji/taskinfo?taskID=7071731 -- el6

http://koji.fedoraproject.org/koji/taskinfo?taskID=7071761 -- f20

http://koji.fedoraproject.org/koji/taskinfo?taskID=7071746 -- rawhide

Comment 7 Lubomir Rintel 2014-06-24 14:59:17 UTC
Thank you.


Comment 8 Jason Taylor 2014-06-24 15:12:06 UTC
New Package SCM Request
Package Name: pam_script 
Short Description: PAM module for executing scripts
Upstream URL: https://github.com/jeroennijhof/pam_script
Owners: jtaylor
Branches: rawhide f20 el5 el6
InitialCC: jtaylor

Comment 9 Jason Taylor 2014-06-24 15:52:12 UTC
Package Change Request
Package Name: pam_script
New Branches: rawhide f20 el5 el6
Owners: jtaylor
InitialCC: jtaylor

Discovered this package had somewhat existed and had a repo already created but had since been retired.

Comment 10 Gwyn Ciesla 2014-06-24 18:13:32 UTC
Git done (by process-git-requests).

Comment 11 Jason Taylor 2014-07-17 18:18:13 UTC
Package Change Request
Package Name: pam_script 
New Branches: epel7
Owners: jtaylor
InitialCC: jtaylor

Comment 12 Gwyn Ciesla 2014-07-18 12:40:49 UTC
Git done (by process-git-requests).

Note You need to log in before you can comment on or make changes to this bug.