Bug 1171129 - Review Request: freeradius-client - Client library and utilities for radius
Summary: Review Request: freeradius-client - Client library and utilities for radius
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Mattias Ellert
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-12-05 13:07 UTC by Nikos Mavrogiannopoulos
Modified: 2015-02-17 19:01 UTC (History)
3 users (show)

Fixed In Version: freeradius-client-1.1.7-3.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-30 21:35:18 UTC
mattias.ellert: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Description Nikos Mavrogiannopoulos 2014-12-05 13:07:47 UTC
Spec URL: http://people.redhat.com/nmavrogi/fedora/freeradius-client.spec
SRPM URL: http://people.redhat.com/nmavrogi/fedora/freeradius-client-1.1.6-1.fc20.src.rpm
Description: Client library and utilities for radius
Fedora Account System Username: nmavrogi

Comment 1 Volker Fröhlich 2014-12-05 13:19:07 UTC
Version 1 is an outdated series from 2009. Freeradius exists in Fedora as "freeradius".

http://koji.fedoraproject.org/koji/packageinfo?packageID=298

Comment 2 Nikos Mavrogiannopoulos 2014-12-05 13:26:34 UTC
(In reply to Volker Fröhlich from comment #1)
> Version 1 is an outdated series from 2009. Freeradius exists in Fedora as
> "freeradius".
> http://koji.fedoraproject.org/koji/packageinfo?packageID=298

Are you referring to freeradius or the client library? This package is about the client library, which is not included in the package you refer to.

It looks pretty actively developed:
https://github.com/FreeRADIUS/freeradius-client/commits/master

Comment 3 Volker Fröhlich 2014-12-05 14:46:13 UTC
The tarball you refer to in "Source" is from 2008 regardless and those commits on Github appear to me as being backport attempts.

Comment 4 Nikos Mavrogiannopoulos 2014-12-05 14:47:59 UTC
(In reply to Volker Fröhlich from comment #3)
> The tarball you refer to in "Source" is from 2008 regardless and those
> commits on Github appear to me as being backport attempts.

I don't understand what you are arguing about. Do the freeradius package you referred to include the client libraries or not?

Comment 5 Volker Fröhlich 2014-12-05 15:24:20 UTC
I would think so. At least it contains the binaries radiusclient, radlogin, radacct, radstatus.

Comment 6 Nikos Mavrogiannopoulos 2014-12-05 15:44:20 UTC
(In reply to Volker Fröhlich from comment #5)
> I would think so. At least it contains the binaries radiusclient, radlogin,
> radacct, radstatus.

Ok I stop commenting on that, as it is unproductive. radlogin is being provided by radiusclient-ng, which is an old abandoned library, and the freeradius package that you mention doesn't include the client library. If you know there  is another package which do, please provide the package and the library name, so that no-one's time is wasted.

Comment 8 Nikos Mavrogiannopoulos 2015-01-22 09:13:41 UTC
Updated version on 1.1.7:
Spec URL: http://people.redhat.com/nmavrogi/fedora/freeradius-client.spec
SRPM URL: http://people.redhat.com/nmavrogi/fedora/freeradius-client-1.1.7-1.src.rpm

Comment 9 Mattias Ellert 2015-01-27 12:13:25 UTC
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated

===== ISSUES =====

Since there were some indications in the specfile that this is
intended for EPEL as well, I ran fedora-review with the -D EPEL5
flag. If this was not intended, some comments should be modified.

%prep does "rm -f lib/md5.c", but leaves "lib/md5.h" in place. Shouldn't
the header file be removed too?

The URL: tag points to https://github.com/FreeRADIUS/freeradius-client
On this page the first thing that you see is a link to
http://freeradius.org/freeradius-client/ which seems to be the upstream
project website. Would this link be a better choice for the URL tag?

The Source0: tag points to
https://github.com/FreeRADIUS/freeradius-client/archive/release_1_1_7.tar.gz
The download link of the website points to
ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.7.tar.gz
The content of the tarballs is the same, but which of them is the one
upstream considers to be their published version?
Using the one from ftp.freeradius.org you could avoid the
%global filename release_1_1_7

See also the issues marked [!] below.

===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig called in %post and %postun if required.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.
[x]: Development (unversioned) .so files in -devel subpackage, if present.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[!]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %license.
     The license file (COPYRIGHT) is marked "%doc" not "%license".
     (This is a recent change to the guidelines. 2015-01-15)
     https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#License_Text
     Note that for older rpm versions (RHEL 5 and 6) using %license to tag
     files in the %files section is not supported.
     When not used as a tag in the %files section %license expands to
     the value of the License: tag in the specfile. This also happens with
     older rpm versions in the %files section.
     For this reason it is not possible to write %{?license: ...} to do
     conditional things depending on whether %license is supported in the
     %files section or not. Using %{?_licensedir: ...} works.
[x]: License field in the package spec file matches the actual license.
[x]: License file installed when any subpackage combination is installed.
[!]: If the package is under multiple licenses, the licensing breakdown must
     be documented in the spec.
     https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Multiple_Licensing_Scenarios
     "In addition, the package must contain a comment explaining the multiple
     licensing breakdown. The actual implementation of this ..."
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[!]: Each %files section contains %defattr if rpm < 4.4
     Note: %defattr present but not needed
     There is no need for %defattr even on EPEL5 - RHEL5 has rpm version 4.4.2
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory names).
[x]: Package is named according to the Package Naming Guidelines.
[!]: Package does not generate any conflict.
     $ repoquery -ql radiusclient-ng-utils
     /usr/sbin/login.radius
     /usr/sbin/radacct
     /usr/sbin/radiusclient
     /usr/sbin/radlogin
     /usr/sbin/radstatus
     /usr/share/doc/radiusclient-ng-utils
     /usr/share/doc/radiusclient-ng-utils/COPYRIGHT

     Four of these files are also provided by the new radiusclient-utils
     package. (For the libraries and devel files the existing
     radiusclient-ng uses a naming containing -ng so there are no conflicts.)
     Will this package replace existing radiusclient-ng-utils package, or do
     you need something like alternatives?
[x]: Package obeys FHS, except libexecdir and /usr/target.
[!]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
     Will these packages replace or be parallel installable with the existing
     radiusclient-ng packages?
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 40960 bytes in 7 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[!]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
     What is the purpose of:
     BuildRequires: autoconf
     BuildRequires: libtool
     BuildRequires: automake
     The %build section does not rerun autotools
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: EPEL5: Package does run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: %config files are marked noreplace or the reason is justified.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: No %config files under /usr.
[x]: Package do not use a name that already exist
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local
[x]: EPEL5 requires explicit %clean with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)

===== SHOULD items =====

Generic:
[!]: Explicit BuildRoot: tag as required by EPEL5 present.
     Note: Missing buildroot (required for EPEL5)
     See: http://fedoraproject.org/wiki/Packaging/Guidelines#BuildRoot_tag
[!]: Dist tag is present (not strictly required in GL).
[-]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[?]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise justified.
[x]: Scriptlets must be sane, if used.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[?]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[-]: Packages should try to preserve timestamps of original installed files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[!]: Package should not use obsolete m4 macros
     Note: Some obsoleted macros found, see the attachment.
     See: https://fedorahosted.org/FedoraReview/wiki/AutoTools
     This is probably best addressed by forwarding it upstream.
     See the list below for the obsolete macros found by fedora-review.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package is
     arched.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: freeradius-client-1.1.7-1.x86_64.rpm
          freeradius-client-devel-1.1.7-1.x86_64.rpm
          freeradius-client-utils-1.1.7-1.x86_64.rpm
          freeradius-client-1.1.7-1.src.rpm
freeradius-client.x86_64: E: description-line-too-long C The library lets you develop a RADIUS-aware application in less than 50 lines of C code.
freeradius-client.x86_64: E: non-readable /etc/radiusclient/servers 0600L
freeradius-client-devel.x86_64: W: only-non-binary-in-usr-lib
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radembedded
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radiusclient
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radexample
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radacct
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radlogin
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radstatus
freeradius-client.src: E: description-line-too-long C The library lets you develop a RADIUS-aware application in less than 50 lines of C code.
4 packages and 0 specfiles checked; 3 errors, 7 warnings.




Rpmlint (installed packages)
----------------------------
Cannot parse rpmlint output:


Requires
--------
freeradius-client-utils (rpmlib, GLIBC filtered):
    freeradius-client(x86-64)
    libc.so.6()(64bit)
    libcrypt.so.1()(64bit)
    libfreeradius-client.so.2()(64bit)
    libnsl.so.1()(64bit)
    rtld(GNU_HASH)

freeradius-client (rpmlib, GLIBC filtered):
    /sbin/ldconfig
    config(freeradius-client)
    ld-linux-x86-64.so.2()(64bit)
    libc.so.6()(64bit)
    libcrypt.so.1()(64bit)
    libnettle.so.4()(64bit)
    libnsl.so.1()(64bit)
    rtld(GNU_HASH)

freeradius-client-devel (rpmlib, GLIBC filtered):
    freeradius-client(x86-64)
    libfreeradius-client.so.2()(64bit)



Provides
--------
freeradius-client-utils:
    freeradius-client-utils
    freeradius-client-utils(x86-64)

freeradius-client:
    config(freeradius-client)
    freeradius-client
    freeradius-client(x86-64)
    libfreeradius-client.so.2()(64bit)

freeradius-client-devel:
    freeradius-client-devel
    freeradius-client-devel(x86-64)



Source checksums
----------------
https://github.com/FreeRADIUS/freeradius-client/archive/release_1_1_7.tar.gz :
  CHECKSUM(SHA256) this package     : 5eb20eb0eb0c194ba2efeedbe00aa40fe3e774615bbb4d5814ba085cd1b26557
  CHECKSUM(SHA256) upstream package : 5eb20eb0eb0c194ba2efeedbe00aa40fe3e774615bbb4d5814ba085cd1b26557


AutoTools: Obsoleted m4s found
------------------------------
  AM_PROG_LIBTOOL found in: freeradius-client-release_1_1_7/configure.in:36
  AC_PROG_LIBTOOL found in: freeradius-client-release_1_1_7/configure.in:30
  AM_CONFIG_HEADER found in: freeradius-client-release_1_1_7/configure.in:349


Generated by fedora-review 0.5.2 (63c24cb) last change: 2014-07-14
Command line :/usr/bin/fedora-review -D EPEL5 -m fedora-rawhide-x86_64 -b 1171129
Buildroot used: fedora-rawhide-x86_64
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, BATCH, DISTTAG

Comment 10 Nikos Mavrogiannopoulos 2015-01-27 12:59:08 UTC
(In reply to Mattias Ellert from comment #9)

Thanks for the review. Comments inline.

> Package Review
> ==============
> 
> Legend:
> [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
> Since there were some indications in the specfile that this is
> intended for EPEL as well, I ran fedora-review with the -D EPEL5
> flag. If this was not intended, some comments should be modified.

This was unintended. All epel5 leftovers should be removed.

> %prep does "rm -f lib/md5.c", but leaves "lib/md5.h" in place. Shouldn't
> the header file be removed too?

No, that file is needed when used with nettle.

> The URL: tag points to https://github.com/FreeRADIUS/freeradius-client
> On this page the first thing that you see is a link to
> http://freeradius.org/freeradius-client/ which seems to be the upstream
> project website. Would this link be a better choice for the URL tag?

updated.

> The Source0: tag points to
> https://github.com/FreeRADIUS/freeradius-client/archive/release_1_1_7.tar.gz
> The download link of the website points to
> ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.7.tar.gz
> The content of the tarballs is the same, but which of them is the one
> upstream considers to be their published version?
> Using the one from ftp.freeradius.org you could avoid the
> %global filename release_1_1_7

The link on that site was wrong when I packaged it, but I reported it it is now fixed. Updated to use that one.

> [!]: If (and only if) the source package includes the text of the license(s)

> [!]: If the package is under multiple licenses, the licensing breakdown must
>      be documented in the spec.

Should be fixed. Added special file with license breakdown.

> [!]: Each %files section contains %defattr if rpm < 4.4

Removed.

> [!]: Package does not generate any conflict.
> [!]: If the package is a rename of another package, proper Obsoletes and

Now it obsoletes that package.

> [!]: All build dependencies are listed in BuildRequires, except for any that
>      are listed in the exceptions section of Packaging Guidelines.
>      What is the purpose of:
>      BuildRequires: autoconf
>      BuildRequires: libtool
>      BuildRequires: automake

Removed. It was leftover when I was building against git.

> [!]: Explicit BuildRoot: tag as required by EPEL5 present.
>      Note: Missing buildroot (required for EPEL5)

No more epel5 compat.

> [!]: Dist tag is present (not strictly required in GL).

Added.

> Generic:
> [!]: Package should not use obsolete m4 macros
>      Note: Some obsoleted macros found, see the attachment.
>      See: https://fedorahosted.org/FedoraReview/wiki/AutoTools
>      This is probably best addressed by forwarding it upstream.
>      See the list below for the obsolete macros found by fedora-review.

I believe that these are autogenerated macros. If you check the open and closed issues in https://github.com/FreeRADIUS/freeradius-client/issues
I have reported that they should not keep these files forever but auto-generate them per release. They upstream believes otherwise though.

Anyway. Issues should be addressed.

http://people.redhat.com/nmavrogi/fedora/freeradius-client.spec
http://people.redhat.com/nmavrogi/fedora/freeradius-client-1.1.7-2.src.rpm

Comment 11 Nikos Mavrogiannopoulos 2015-01-27 13:57:37 UTC
> > Generic:
> > [!]: Package should not use obsolete m4 macros
> >      Note: Some obsoleted macros found, see the attachment.
> >      See: https://fedorahosted.org/FedoraReview/wiki/AutoTools
> >      This is probably best addressed by forwarding it upstream.
> >      See the list below for the obsolete macros found by fedora-review.
> 
> I believe that these are autogenerated macros. If you check the open and
> closed issues in https://github.com/FreeRADIUS/freeradius-client/issues
> I have reported that they should not keep these files forever but
> auto-generate them per release. They upstream believes otherwise though.

My reply on this one, doesn't seem on the point. However, yes, I have brought that issue to upstream.
https://github.com/nmav/radiusclient-dtls/commit/cd6ca2df74f9783115ca0265e35522f145889917

Comment 12 Mattias Ellert 2015-01-28 16:07:36 UTC
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated


Issues:
=======

Items that were either [x], [-] or [?] in the previous review and
whose status did not change have been removed from the list.

This time fedora-review was run without the -D EPEL5 flag.

The issues from the previous review were mostly addressed. I do
however have some remaining questions. See the few remaining items
marked [!].

I assume the spec file mismatch was an unintended glitch.

The "description-line-too-long" rpmlint error can be easily fixed by
adding a line break in the long line.


===== MUST items =====

Generic:
[x]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %license.
[x]: License file installed when any subpackage combination is installed.
[!]: If the package is under multiple licenses, the licensing breakdown must
     be documented in the spec.

     The PACKAGE-LICENSING file only lists the .c files not the .h files.
     I think the licenses for the headers are relevant too.

[x]: Package does not generate any conflict.
[!]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.

     A) There is an Obsoletes, but no Provides. Is this intentional?

     http://fedoraproject.org/wiki/Packaging:Guidelines#Renaming.2FReplacing_Existing_Packages

     "If a package supersedes/replaces an existing package without
     being a compatible enough replacement as defined in above, use
     only the Obsoletes"

     Without looking into details, I imagine that the -utils
     subpackage is compatible enough with the radiusclient-ng-utils
     and that a Provides would be resonable here. You might know
     details that invalidates this assumpion though.

     Anyway, the Obsoletes (and Provides if added) should be versioned
     Obsoletes: radiusclient-ng-utils < 0.5.6-13
     Provides: radiusclient-ng-utils = %{version}-%{release}

     If using %{version}-%{release} for the Provides doesn't make
     sense some hardcoded value (greater than the current
     0.5.6-12%{?dist}) might be used.

     See also the "obsolete-not-provided" and "unversioned-explicit-obsoletes"
     rpmlint warnings below.

     B) What will happen with the other packages built from the
     radiusclient-ng source rpm (radiusclient-ng and -devel)?

     Will the whole package be retired, or only the -utils subpackage
     dropped? If the whole package will be retired, the corresponding
     new packages should Obsolete the old packages also for these. A
     Provides probably shouldn't be addad here though since it is
     probably not a "compatible enough replacement" since names of
     header files and libraries are different.

     If the radiusclient-ng package will remain in Fedora but no longer
     provide the -utils subpackage there is no need for Obsoletes in the
     main and -devel subpackages.

     Have you coordinated the transition with the maintainer of the
     radiusclient-ng package?

[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.

===== SHOULD items =====

Generic:
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: Dist tag is present (not strictly required in GL).

===== EXTRA items =====

Generic:
[!]: Spec file according to URL is the same as in SRPM.
     Note: Spec file as given by url is not the same as in SRPM (see attached
     diff).


Rpmlint
-------
Checking: freeradius-client-1.1.7-2.x86_64.rpm
          freeradius-client-devel-1.1.7-2.x86_64.rpm
          freeradius-client-utils-1.1.7-2.x86_64.rpm
          freeradius-client-1.1.7-2.src.rpm
freeradius-client.x86_64: E: description-line-too-long C The library lets you develop a RADIUS-aware application in less than 50 lines of C code.
freeradius-client.x86_64: E: non-readable /etc/radiusclient/servers 0600L
freeradius-client-devel.x86_64: W: only-non-binary-in-usr-lib
freeradius-client-devel.x86_64: W: no-documentation
freeradius-client-utils.x86_64: W: obsolete-not-provided radiusclient-ng-utils
freeradius-client-utils.x86_64: W: no-documentation
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radembedded
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radiusclient
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radexample
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radacct
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radlogin
freeradius-client-utils.x86_64: W: no-manual-page-for-binary radstatus
freeradius-client.src: E: description-line-too-long C The library lets you develop a RADIUS-aware application in less than 50 lines of C code.
freeradius-client.src:33: W: unversioned-explicit-obsoletes radiusclient-ng-utils
4 packages and 0 specfiles checked; 3 errors, 11 warnings.

The description-line-too-long error can be easily fixed by adding a line break.


Rpmlint (installed packages)
----------------------------
Cannot parse rpmlint output:


Diff spec file in url and in SRPM
---------------------------------
--- /home/ellert/1171129-freeradius-client/srpm/freeradius-client.spec	2015-01-27 14:56:58.465677335 +0100
+++ /home/ellert/1171129-freeradius-client/srpm-unpacked/freeradius-client.spec	2015-01-27 13:49:52.000000000 +0100
@@ -2,5 +2,5 @@
 Name: freeradius-client
 Version: 1.1.7
-Release: 2%{?dist}
+Release: 2
 # For a breakdown of the licensing, see PACKAGE-LICENSING 
 License: BSD and MIT
@@ -100,6 +100,4 @@
 - Cleanup licensing
 - Link to main upstream web page
-- Properly obsolete radiusclient-ng-utils
-- Remove dependencies on autotools
 
 * Thu Jan 22 2015 Nikos Mavrogiannopoulos - 1.1.7-1


Source checksums
----------------
ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.7.tar.gz :
  CHECKSUM(SHA256) this package     : eada2861b8f4928e3ac6b5bbfe11e92cd6cdcacfce40cae1085e77c1b6add0e9
  CHECKSUM(SHA256) upstream package : eada2861b8f4928e3ac6b5bbfe11e92cd6cdcacfce40cae1085e77c1b6add0e9


Generated by fedora-review 0.5.2 (63c24cb) last change: 2014-07-14
Command line :/usr/bin/fedora-review -m fedora-rawhide-x86_64 -b 1171129
Buildroot used: fedora-rawhide-x86_64
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, EPEL5, BATCH, DISTTAG

Comment 13 Nikos Mavrogiannopoulos 2015-01-28 18:58:03 UTC
(In reply to Mattias Ellert from comment #12)

> The "description-line-too-long" rpmlint error can be easily fixed by
> adding a line break in the long line.

Done.

> [!]: If the package is a rename of another package, proper Obsoletes and
>      Provides are present.
>      A) There is an Obsoletes, but no Provides. Is this intentional?

Yes, it doesn't provide the previous package. There are sufficient differences to make that pointless. I don't even ship a binary which I believe is obsolete (radius.login).

>      Anyway, the Obsoletes (and Provides if added) should be versioned
>      Obsoletes: radiusclient-ng-utils < 0.5.6-13
>      Provides: radiusclient-ng-utils = %{version}-%{release}

It obsoletes any version of that package. These projects were merged at some point. I could add a version if you insist but I see it problematic as I don't control the other package and while unlikely the maintainer could push a new version.

>      B) What will happen with the other packages built from the
>      radiusclient-ng source rpm (radiusclient-ng and -devel)?

They will have to be ported to that library.

>      Will the whole package be retired, or only the -utils subpackage
>      dropped? If the whole package will be retired, the corresponding
>      new packages should Obsolete the old packages also for these. A
>      Provides probably shouldn't be addad here though since it is
>      probably not a "compatible enough replacement" since names of
>      header files and libraries are different.

I have no control over the other library. I have opened bug #1170578, but it's up to that maintainer to retire it when he deems necessary (and when there are no longer dependencies of it). The projects are different enough for them to stay in Fedora (except for the utils).

>      Have you coordinated the transition with the maintainer of the
>      radiusclient-ng package?

No, I got no response from him.

> Generic:
> [!]: Spec file according to URL is the same as in SRPM.
>      Note: Spec file as given by url is not the same as in SRPM (see attached
>      diff).

Thanks, it seems I'll need to rebuilt it.

Comment 14 Nikos Mavrogiannopoulos 2015-01-29 08:29:04 UTC
My updated spec and srpm. As far as I understand the only open issue is whether obsoletes will provide version. I'll prefer not, but let me know if you insist on having it.

http://people.redhat.com/nmavrogi/fedora/freeradius-client.spec
http://people.redhat.com/nmavrogi/fedora/freeradius-client-1.1.7-3.fc21.src.rpm

Comment 15 Mattias Ellert 2015-01-29 14:11:32 UTC
It is mostly OK. But...

Obsoleting a package that continues to exist in the destribution is a packaging bug. (See today's notification on devel@lists.fp.o about obsoleted packages still remaining in the repos and the reqest to the maintainers to fix it.)

If you introduce an Obsoletes, there must exist a plan to remove the obsoleted package. Introducing an Obsoletes against a package that is planning to stay in the distribution is not really an Obsoletes but rather a very aggressive version of a Conflicts, and therefore not allowed.

You have a couple of options:

A. Agree with the maintainer of radiusclient-ng that there will be an updated radiusclient-ng package that removes the radiusclient-ng-utils subpackage. Then your latest version of the freeradius-client.spec is OK. Except you will know the first version-release of radiusclient-ng that has dropped the -utils subpackage and you can use a versioned Obsolete.

B. Agree with the maintainer of radiusclient-ng that the entire radiusclient-ng will be retired. You will then know the last version of radiusclient-ng that existed before it was retired, and you can use a versioned Obsoletes. In this case you should also add Obsoletes for radiusclient-ng and radiusclient-ng-devel.

C. Agree with the maintainer of radiusclient-ng that both radiusclient-ng-utils and freeradius-client-utils will both provide the utilities and that both will introduce alternatives and how. The radiusclient-ng-utils package that introduces the alternatives must have a proper %pre that deletes the files that will be replaced by alternatives to upgrade properly and you should not have an Obsloetes for the radiusclient-ng-utils in the freeradius-client-utils package. You should insted have a versioned Conflicts against versions of radiusclient-ng-utils earlier than the first version-release that adds the alternatives (i.e. versions no longer present in the distribution).

D. You remove the freeradius-client-utils subpackage from the freeradius-client source package and only build the freeradius-client and freeradius-client-devel packages. This will introduce the new package without any conflicts with the existing package.

If you are unable to make an agreement with the maintainer of radiusclient-ng at this time, you can if you wish do option D first and then change to A, B or C at a later point in time when an agreement has been reached.

If you have been trying to contact the maintainer of radiusclient-ng without success, then follow the procedure outlined in the Policy for Non-responsive Maintainers:

http://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers

Comment 16 Nikos Mavrogiannopoulos 2015-01-29 14:13:56 UTC
(In reply to Mattias Ellert from comment #15)
> It is mostly OK. But...
> 
> Obsoleting a package that continues to exist in the destribution is a
> packaging bug. (See today's notification on devel@lists.fp.o about obsoleted
> packages still remaining in the repos and the reqest to the maintainers to
> fix it.)
> 
> If you introduce an Obsoletes, there must exist a plan to remove the
> obsoleted package. Introducing an Obsoletes against a package that is
> planning to stay in the distribution is not really an Obsoletes but rather a
> very aggressive version of a Conflicts, and therefore not allowed.
[...]
> If you are unable to make an agreement with the maintainer of
> radiusclient-ng at this time, you can if you wish do option D first and then
> change to A, B or C at a later point in time when an agreement has been
> reached.
> If you have been trying to contact the maintainer of radiusclient-ng without
> success, then follow the procedure outlined in the Policy for Non-responsive
> Maintainers:

I will not. I don't want to delay the freeradius-client library for that issue to be resolved. I'll remove the utils part of the freeradius-client. Would that be ok with you?

Comment 18 Mattias Ellert 2015-01-29 15:09:31 UTC
Package approved.

Comment 19 Nikos Mavrogiannopoulos 2015-01-29 16:44:08 UTC
Thanks.

New Package SCM Request
=======================
Package Name: ocserv
Short Description: OpenConnect server (ocserv) is an SSL VPN server. 
Owners: nmav
Branches: f21 epel7
InitialCC:

Comment 20 Gwyn Ciesla 2015-01-29 20:55:41 UTC
WARNING: Requested package name ocserv doesn't match bug summary
freeradius-client 

Please correct.

Comment 21 Nikos Mavrogiannopoulos 2015-01-29 23:32:12 UTC
Wrong copy paste. Here is the correct.

New Package SCM Request
=======================
Package Name: freeradius-client
Short Description:  Client library for radius
Owners: nmav
Branches: f21 epel7
InitialCC:

Comment 22 Gwyn Ciesla 2015-01-30 13:50:18 UTC
Git done (by process-git-requests).

Comment 23 Fedora Update System 2015-01-30 22:23:20 UTC
freeradius-client-1.1.7-3.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/freeradius-client-1.1.7-3.fc21

Comment 24 Fedora Update System 2015-01-30 22:25:19 UTC
freeradius-client-1.1.7-3.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/freeradius-client-1.1.7-3.el7

Comment 25 Nikos Mavrogiannopoulos 2015-02-12 14:22:56 UTC
Package Change Request
======================
Package Name: freeradius-client
New Branches: el6
Owners: nmav
InitialCC:

Comment 26 Gwyn Ciesla 2015-02-12 18:16:13 UTC
Git done (by process-git-requests).

Comment 27 Fedora Update System 2015-02-13 02:22:45 UTC
freeradius-client-1.1.7-3.fc21 has been pushed to the Fedora 21 stable repository.

Comment 28 Fedora Update System 2015-02-17 19:01:44 UTC
freeradius-client-1.1.7-3.el7 has been pushed to the Fedora EPEL 7 stable repository.


Note You need to log in before you can comment on or make changes to this bug.