Bug 1235305 - Review Request: hitch - Network proxy that terminates TLS/SSL connections
Review Request: hitch - Network proxy that terminates TLS/SSL connections
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Backus
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-24 09:35 EDT by Ingvar Hagelund
Modified: 2015-10-03 17:53 EDT (History)
4 users (show)

See Also:
Fixed In Version: hitch-1.0.0-0.4.3.beta4.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-19 03:56:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
jeff.backus: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Ingvar Hagelund 2015-06-24 09:35:47 EDT
Spec URL: http://users.linpro.no/ingvar/varnish/hitch/hitch.spec
SRPM URL: http://users.linpro.no/ingvar/varnish/hitch/hitch-1.0.0-0.3.beta3.fc22.src.rpm

Description:
hitch is a network proxy that terminates TLS/SSL connections and forwards the
unencrypted traffic to some backend. It's designed to handle 10s of thousands
of connections efficiently on multicore machines

Fedora Account System Username: ingvar

A bit of background for hitch:

Varnish is a high-performance HTTP accelerator, widely used over the Internet. To use varnish with https, it is often fronted by other general http/proxy servers like nginx or apache, though a more specific proxy-only high-performance tool would be preferable. So they looked at stud.

hitch is a fork of stud. The fork is maintained by the varnish development team. stud seems abandoned by its creators, after the project was taken over by Google, with no new commits after 2012. The varnish developers have tried to contact the old stud upstream without success, so they forked and took up development again.

stud actually already exists as a fedora package. The two packages may coexist, and should be able to install in parallel.

Koji scratch builds:

rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=10194155
f23:     http://koji.fedoraproject.org/koji/taskinfo?taskID=10194149
f22:     http://koji.fedoraproject.org/koji/taskinfo?taskID=10194145
f21:     http://koji.fedoraproject.org/koji/taskinfo?taskID=10194139
epel7:   http://koji.fedoraproject.org/koji/taskinfo?taskID=10194136
epel6:   http://koji.fedoraproject.org/koji/taskinfo?taskID=10194126
Comment 1 Sören Möller 2015-06-24 17:51:45 EDT
I have tried to review your package. Note that this is only a comment, as I havn't the permissions to do a formal review yet, but I hope this will be helpfull for the real reviewer and you. Be aware that there are a few points on lie list below, which I was not able to check.

==Issues==
-tests/certs contains the symlink cc2a776f, which points to a file sites.example.com, which does not exist
-the tests could maybe be added to a %check section

(for further issues see list below)


Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[!]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
The package includes a 2 clause BSD license as stated in the spec-file, but it is unclear if this holds for all source.
[!]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "BSD (3 clause)", "BSD (2 clause)", "Unknown or generated",
     "*No copyright* Public domain". 6 files have unknown license. Detailed
     output of licensecheck in /home/scren/1235305-hitch/licensecheck.txt
The package includes a 2 clause BSD license as stated in the spec-file, but it is unclear if this holds for all source. Some source files state other licenses or no license at all.
[!]: Package requires other packages for directories it uses.
     Note: No known owner of /etc/hitch
The package presumably should create and own this directory
[!]: Package must own all directories that it creates.
     Note: Directories without known owners: /etc/hitch
The package presumably should create and own this directory
[?]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[-]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf %{buildroot} present but not required
[x]: Sources contain only permissible code or content.
[!]: Each %files section contains %defattr if rpm < 4.4
     Note: %defattr present but not needed
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[?]: Package uses nothing in %doc for runtime.
Does not seem so, but I coulnd't verify it
[!]: Package consistently uses macros (instead of hard-coded directory
     names).
For RHEL6 it uses 
export CFLAGS="-I/usr/include/libev"
directly, but this might be necessary. No hard-coded paths for fedora.
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 20480 bytes in 1 files.
Documentation so smalL, thAt it should be fine
[?]: Package complies to the Packaging Guidelines
I did not check everything
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[?]: Buildroot is not preset
     Note: Buildroot: present but not needed
[!]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: %clean present but not required
Might want to remove %clean
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[?]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[!]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
No justification for the patches, apart from what can be guessed from the patch files' name
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[?]: Package should compile and build into binary rpms on all supported
     architectures.
Only tested x86_64
[!]: %check is present and all tests pass.
No %check
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Package should not use obsolete m4 macros
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: hitch-1.0.0-0.3.beta3.fc23.x86_64.rpm
          hitch-1.0.0-0.3.beta3.fc23.src.rpm
hitch.x86_64: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.x86_64: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.x86_64: W: spelling-error %description -l en_US multicore -> multicolored
hitch.x86_64: W: no-manual-page-for-binary hitch-openssl
hitch.src: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.src: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.src: W: spelling-error %description -l en_US multicore -> multicolored
2 packages and 0 specfiles checked; 0 errors, 7 warnings.




Rpmlint (debuginfo)
-------------------
Checking: hitch-debuginfo-1.0.0-0.3.beta3.fc23.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.





Rpmlint (installed packages)
----------------------------
hitch.x86_64: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.x86_64: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.x86_64: W: spelling-error %description -l en_US multicore -> multicolored
hitch.x86_64: W: no-manual-page-for-binary hitch-openssl
2 packages and 0 specfiles checked; 0 errors, 4 warnings.



Requires
--------
hitch (rpmlib, GLIBC filtered):
    /bin/sh
    config(hitch)
    libc.so.6()(64bit)
    libcrypto.so.10()(64bit)
    libcrypto.so.10(OPENSSL_1.0.1_EC)(64bit)
    libcrypto.so.10(OPENSSL_1.0.2)(64bit)
    libcrypto.so.10(libcrypto.so.10)(64bit)
    libev.so.4()(64bit)
    libssl.so.10()(64bit)
    libssl.so.10(libssl.so.10)(64bit)
    openssl
    rtld(GNU_HASH)
    systemd-units



Provides
--------
hitch:
    config(hitch)
    hitch
    hitch(x86-64)



Source checksums
----------------
https://github.com/varnish/hitch/archive/00b264b5537986fecfa1013cc27ad3b7b771a646/hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.tar.gz :
  CHECKSUM(SHA256) this package     : 4ce39f89d4567ab04199a1f41eedfd253165cb2baf3b797ea5def5dfac23a269
  CHECKSUM(SHA256) upstream package : 4ce39f89d4567ab04199a1f41eedfd253165cb2baf3b797ea5def5dfac23a269


Generated by fedora-review 0.6.0 (3c5c9d7) last change: 2015-05-20
Command line :/usr/bin/fedora-review -b 1235305
Buildroot used: fedora-rawhide-x86_64
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6
Comment 2 Ingvar Hagelund 2015-06-25 06:19:38 EDT
(In reply to Sören Möller from comment #1)
> I have tried to review your package. Note that this is only a comment, as I
> havn't the permissions to do a formal review yet, but I hope this will be
> helpfull for the real reviewer and you. Be aware that there are a few points
> on lie list below, which I was not able to check.

Thanks for the effort, Sören. I will try to fix the issues mentioned, and wait for an "official" review.

Updated src.rpm at http://users.linpro.no/ingvar/varnish/hitch/hitch-1.0.0-0.3.1.beta3.fc22.src.rpm
Updated specfile at http://users.linpro.no/ingvar/varnish/hitch/hitch.spec

> ==Issues==
> -tests/certs contains the symlink cc2a776f, which points to a file
> sites.example.com, which does not exist

That is an upstream problem. The symlink is not used in the build process.

> -the tests could maybe be added to a %check section

Added, thanks.
 
> [!]: Package is licensed with an open-source compatible license and meets
>      other legal requirements as defined in the legal section of Packaging
>      Guidelines.
> The package includes a 2 clause BSD license as stated in the spec-file, but
> it is unclear if this holds for all source.
> [!]: License field in the package spec file matches the actual license.
>      Note: Checking patched sources after %prep for licenses. Licenses
>      found: "BSD (3 clause)", "BSD (2 clause)", "Unknown or generated",
>      "*No copyright* Public domain". 6 files have unknown license. Detailed
>      output of licensecheck in /home/scren/1235305-hitch/licensecheck.txt
> The package includes a 2 clause BSD license as stated in the spec-file, but
> it is unclear if this holds for all source. Some source files state other
> licenses or no license at all.

Most files are 2 clause BSD. 1 header file is 3 clause BSD. 1 header file is "public domain". These should all be compatible with 2 clause BSD. 

configuration.c and configuration.h were written by Brane F. Gracnar for the stud project so it should be covered by the general LICENSE file in the original stud distribution, https://github.com/bumptech/stud/blob/master/LICENSE, (2 clause BSD). shctx.c and shctx.h were written by Emeric Brun, and also added to the stud project by him, so the same goes for those. version.h is just a one-line simple define of the the release version. It should not need any license. tests/common.sh is a just a few lines of bash code that is part of the test suite, written by Dag Haavi Finstad of the Varnish project for this release of hitch. It is covered by the general top level LICENSE file.

> [!]: Package requires other packages for directories it uses.
>      Note: No known owner of /etc/hitch
> The package presumably should create and own this directory
> [!]: Package must own all directories that it creates.
>      Note: Directories without known owners: /etc/hitch
> The package presumably should create and own this directory

Fixed

> [!]: Package consistently uses macros (instead of hard-coded directory
>      names).
> For RHEL6 it uses 
> export CFLAGS="-I/usr/include/libev"
> directly, but this might be necessary. No hard-coded paths for fedora.

Fixed

> [?]: Buildroot is not preset
>      Note: Buildroot: present but not needed
> [!]: Package has no %clean section with rm -rf %{buildroot} (or
>      $RPM_BUILD_ROOT)
>      Note: %clean present but not required
> Might want to remove %clean

I think it is a good thing to clean the buildroot explicitly when building for epel6, and it doesn't  hurt to keep it for all builds.

> [!]: Patches link to upstream bugs/comments/lists or are otherwise
>      justified.
> No justification for the patches, apart from what can be guessed from the
> patch files' name

Fixed, except for the obvious systemd.service.patch and initrc.redhat.patch

> [?]: Package should compile and build into binary rpms on all supported
>      architectures.
> Only tested x86_64

The scratch builds were done on all supported archs

> [!]: %check is present and all tests pass.
> No %check

Fixed

> hitch.x86_64: W: no-manual-page-for-binary hitch-openssl
> 2 packages and 0 specfiles checked; 0 errors, 4 warnings.

The manpage is named "hitch", which matches the systemd/sysvinit service name and the configuration directory name. The generated binary is actually called "hitch-openssl". I'm not sure what is the best way to fix this, or if it's even necessary to do anything about it.

br,
Ingvar
Comment 3 Ingvar Hagelund 2015-06-25 12:33:55 EDT
Note that the test suite does not run as default, as it tries to resolve hosts and connect to a test server on the Internet. That won't work on the koji builders.

To run the test suite, do a 

rpmbuild --define "runcheck 1" --rebuild hitch-1.0.0-0.3.1.beta3.fc22.src.rpm


Ingvar
Comment 4 Sören Möller 2015-06-25 17:56:58 EDT
Thanks for the fast reply, I can confirm that most of the points have been adressed now (updated list and rpmliint output below):

For me the remaining comments are:
- Thank you for the license clarification, I think I agree that all of the files are under licenses that are fine for Fedora. I am just in doubt, what should be written in the License-field of the spec file. I think "BSD" (which is the short name for both BSD (2 clause) and BSD (3 clause) is correct, but hope the "real" reviewer will be more certain.
- I am unsure about the best name for the manpage. I interprete  https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages as if it should be called "hitch-openssl", but I am far from sure.
- I am unsure how to chekck if "%build honors applicable compiler flags or justifies otherwise.", although I think it does as it does what I expected in build.log and no obvious changes in the spec-file
- I did not answer if the package follows the packaging guidlines, because I'm unsure as of forementioned comments
- I did not evaluate the proper function of the package (but this is a SHOULD not a MUST, so I don't think this is a problem)
- I was not able to run the tests as I get a lot of errors of this form:
"warning: user ingvar does not exist - using root"
"warning: group ingvar does not exist - using root"
But I tried to run it with buildroot, as I didn't want to install it on the system, so it might work in that case.

Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[ ]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "BSD (3 clause)", "BSD (2 clause)", "Unknown or generated",
     "*No copyright* Public domain". 6 files have unknown license. Detailed
     output of licensecheck in
     /home/scren/review/1235305-hitch/licensecheck.txt
[?]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[-]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf %{buildroot} present but not required
[x]: Sources contain only permissible code or content.
[-]: Each %files section contains %defattr if rpm < 4.4
     Note: %defattr present but not needed
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 20480 bytes in 1 files.
[ ]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[-]: Buildroot is not present
     Note: Buildroot: present but not needed
[-]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: %clean present but not required
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[?]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[?]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Package should not use obsolete m4 macros
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: hitch-1.0.0-0.3.1.beta3.fc23.x86_64.rpm
          hitch-1.0.0-0.3.1.beta3.fc23.src.rpm
hitch.x86_64: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.x86_64: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.x86_64: W: spelling-error %description -l en_US multicore -> multicolored
hitch.x86_64: W: no-manual-page-for-binary hitch-openssl
hitch.src: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.src: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.src: W: spelling-error %description -l en_US multicore -> multicolored
2 packages and 0 specfiles checked; 0 errors, 7 warnings.




Rpmlint (debuginfo)
-------------------
Checking: hitch-debuginfo-1.0.0-0.3.1.beta3.fc23.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.





Rpmlint (installed packages)
----------------------------
hitch.x86_64: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.x86_64: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.x86_64: W: spelling-error %description -l en_US multicore -> multicolored
hitch.x86_64: W: no-manual-page-for-binary hitch-openssl
2 packages and 0 specfiles checked; 0 errors, 4 warnings.



Requires
--------
hitch (rpmlib, GLIBC filtered):
    /bin/sh
    config(hitch)
    libc.so.6()(64bit)
    libcrypto.so.10()(64bit)
    libcrypto.so.10(OPENSSL_1.0.1_EC)(64bit)
    libcrypto.so.10(OPENSSL_1.0.2)(64bit)
    libcrypto.so.10(libcrypto.so.10)(64bit)
    libev.so.4()(64bit)
    libssl.so.10()(64bit)
    libssl.so.10(libssl.so.10)(64bit)
    openssl
    rtld(GNU_HASH)
    systemd-units



Provides
--------
hitch:
    config(hitch)
    hitch
    hitch(x86-64)



Source checksums
----------------
https://github.com/varnish/hitch/archive/00b264b5537986fecfa1013cc27ad3b7b771a646/hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.tar.gz :
  CHECKSUM(SHA256) this package     : 4ce39f89d4567ab04199a1f41eedfd253165cb2baf3b797ea5def5dfac23a269
  CHECKSUM(SHA256) upstream package : 4ce39f89d4567ab04199a1f41eedfd253165cb2baf3b797ea5def5dfac23a269


Generated by fedora-review 0.6.0 (3c5c9d7) last change: 2015-05-20
Command line :/usr/bin/fedora-review -b 1235305
Buildroot used: fedora-rawhide-x86_64
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6
Comment 5 Ingvar Hagelund 2015-06-26 07:29:59 EDT
I updated the package again:

* Wed Jun 10 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.beta3
- Added _hardened_build macro and PIE on el6

http://users.linpro.no/ingvar/varnish/hitch/hitch.spec
http://users.linpro.no/ingvar/varnish/hitch/hitch-1.0.0-0.3.2.beta3.fc22.src.rpm

(In reply to Sören Möller from comment #4)
> - I am unsure about the best name for the manpage. I interprete 
> https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages as if it should
> be called "hitch-openssl", but I am far from sure.

I'l let this rest for now.

> - I am unsure how to chekck if "%build honors applicable compiler flags or
> justifies otherwise.", although I think it does as it does what I expected
> in build.log and no obvious changes in the spec-file

This means that the build will honor changes in the build environment, like changing the CFLAGS and LDFLAGS variables before calling configure/make. It does.

> - I did not evaluate the proper function of the package (but this is a
> SHOULD not a MUST, so I don't think this is a problem)

To test hitch, for example in front of varnish, in front of apache, do

- Install varnish, httpd and hitch
- Start apache (systemctl start httpd.service)
- Edit the varnish config to point to the local httpd
  That is, change the default backend definition in 
  /etc/varnish/default.vcl , like this:

  backend default {
    .host = "127.0.0.1";
    .port = "80";
  }

- Start varnish (systemctl start varnish.service)
- Add an ssl certificate to the hitch config. For a dummy certificate,
  the one in the hitch source may be used:

  sudo cp ~/rpmbuild/BUILD/hitch-*/tests/certs/default.example.com \
          /etc/pki/tls/private/default.example.com.pem

  Edit /etc/hitch/hitch.conf. Change the pem-file option to use that cert

  pem-file = "/etc/pki/tls/private/default.example.com.pem"

- Start hitch (systemctl start hitch.service)

Point your net browser to https://localhost:8443/ . You should be greeted with a warning about a non-official certificate. Past that, you will get the apache frontpage through varnish and hitch.

> - I was not able to run the tests as I get a lot of errors of this form:
> "warning: user ingvar does not exist - using root"
> "warning: group ingvar does not exist - using root"

These messages are not related to the tests. It is just that the user that generated the source package ("ingvar") does not exist on your machine. This is perfectly normal, and may safely be ignored.

> But I tried to run it with buildroot, as I didn't want to install it on the
> system, so it might work in that case.

As stated in a previous comment, %check is not enabled by default, as it won't work on the koji builders, nor on machines that can't reach the Internet. You can run the test suite without installing the package while building:

 rpmbuild --define "runcheck 1" -bb hitch.spec
 rpmbuild --define "runcheck 1" --rebuild hitch-1.0.0-0.3.2.beta3.fc22.src.rpm


Ingvar
Comment 6 Sören Möller 2015-06-26 16:21:56 EDT
Thank you, now I was able to run the tests (successful) by
rpmbuild --define "runcheck 1" -bs hitch.spec
rpmbuild --define "runcheck 1" --rebuild hitch-1.0.0-0.3.1.beta3.fc23.src.rpm 
(note the -bs instead of -bb)
Comment 7 Jeff Backus 2015-07-04 21:01:50 EDT
Hi folks,

I've done a formal review. Here are the highlights, with the formal review below:
* BR redhat-rpm-config isn't needed, however, as there is an on-going discussion about what should go in the minimum buildroot, I won't insist this is removed. Any reason this was added?
* Even though BuildRequires allows multiple listings on one line, please only provide one. Specifically, line 25...
* Please add comments above %check section explaining why it is disabled by default and how to use it. Your explanation above is sufficient, just add it to the .spec file.
* Missed the -p when installing hitch.conf on line 98.
* Please remove the commented %setup macro in %prep.
* Please remove the commented commands in %build
* While you're making changes, the description has "It's" but should be "Its"... :)

Overall, looks good. Please address the above and I'll approve it.

Regards,
Jeff


Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


Issues:
=======
- All build dependencies are listed in BuildRequires, except for any that
  are listed in the exceptions section of Packaging Guidelines.
  Note: These BR are not needed: redhat-rpm-config
  See: http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions_2


===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "BSD (3 clause)", "BSD (2 clause)", "Unknown or generated",
     "*No copyright* Public domain". 6 files have unknown license. Detailed
     output of licensecheck in
     /mnt/storage/backed_up/homes/jeff/tmp/reviews/hitch/review-
     hitch/licensecheck.txt
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf %{buildroot} present but not required
     Addressed in bug comments.
[x]: Sources contain only permissible code or content.
[x]: Each %files section contains %defattr if rpm < 4.4
     Note: %defattr present but not needed
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[x]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 20480 bytes in 1 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[x]: Buildroot is not present
     Note: Buildroot: present but not needed
     Addressed in bug comments
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: %clean present but not required
     Addressed in bug comments.
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[?]: Package functions as described.
     Verified by another reviewer
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[!]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
     Patches are Fedora/RHEL specific.
[x]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[!]: %check is present and all tests pass.
     Need to document reasons it is not enabled by default and how to run it.
[!]: Packages should try to preserve timestamps of original installed
     files.
     Missed the -p on hitch.conf.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Package should not use obsolete m4 macros
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: hitch-1.0.0-0.3.2.beta3.fc22.i686.rpm
          hitch-1.0.0-0.3.2.beta3.fc22.src.rpm
hitch.i686: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.i686: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.i686: W: spelling-error %description -l en_US multicore -> multicolored
hitch.i686: W: no-manual-page-for-binary hitch-openssl
hitch.src: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.src: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.src: W: spelling-error %description -l en_US multicore -> multicolored
2 packages and 0 specfiles checked; 0 errors, 7 warnings.




Rpmlint (debuginfo)
-------------------
Checking: hitch-debuginfo-1.0.0-0.3.2.beta3.fc22.i686.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.





Rpmlint (installed packages)
----------------------------
hitch.i686: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.i686: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.i686: W: spelling-error %description -l en_US multicore -> multicolored
hitch.i686: W: no-manual-page-for-binary hitch-openssl
2 packages and 0 specfiles checked; 0 errors, 4 warnings.



Requires
--------
hitch (rpmlib, GLIBC filtered):
    /bin/sh
    config(hitch)
    libc.so.6
    libcrypto.so.10
    libcrypto.so.10(OPENSSL_1.0.1)
    libcrypto.so.10(OPENSSL_1.0.1_EC)
    libcrypto.so.10(libcrypto.so.10)
    libev.so.4
    libssl.so.10
    libssl.so.10(libssl.so.10)
    openssl
    rtld(GNU_HASH)
    systemd-units



Provides
--------
hitch:
    config(hitch)
    hitch
    hitch(x86-32)



Source checksums
----------------
https://github.com/varnish/hitch/archive/00b264b5537986fecfa1013cc27ad3b7b771a646/hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.tar.gz :
  CHECKSUM(SHA256) this package     : 4ce39f89d4567ab04199a1f41eedfd253165cb2baf3b797ea5def5dfac23a269
  CHECKSUM(SHA256) upstream package : 4ce39f89d4567ab04199a1f41eedfd253165cb2baf3b797ea5def5dfac23a269


Generated by fedora-review 0.6.0 (3c5c9d7) last change: 2015-05-20
Command line :/usr/bin/fedora-review -n hitch
Buildroot used: fedora-22-i386
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6
Comment 8 Jeff Backus 2015-07-04 21:15:13 EDT
Hi Sören,

Nice job on the review. A couple of notes:

(In reply to Sören Möller from comment #4)
> - Thank you for the license clarification, I think I agree that all of the
> files are under licenses that are fine for Fedora. I am just in doubt, what
> should be written in the License-field of the spec file. I think "BSD"
> (which is the short name for both BSD (2 clause) and BSD (3 clause) is
> correct, but hope the "real" reviewer will be more certain.

My understanding is that the 2-clause and 3-clause forms are considered interchangeable. Regardless, both have the same shorthand in the license table, so the answer is "BSD".

> - I am unsure about the best name for the manpage. I interprete 
> https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages as if it should
> be called "hitch-openssl", but I am far from sure.

My reading of the guidelines is that manpages should match the names of the executables, i.e. hitch.

> - I am unsure how to chekck if "%build honors applicable compiler flags or
> justifies otherwise.", although I think it does as it does what I expected
> in build.log and no obvious changes in the spec-file

I compare the contents of build.log with the appropriate optflags line in /usr/lib/rpm/rpmrc.


Regards,
Jeff
Comment 9 Jeff Backus 2015-07-04 21:19:55 EDT
(In reply to Jeff Backus from comment #8)
> (In reply to Sören Möller from comment #4)
> > - I am unsure about the best name for the manpage. I interprete 
> > https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages as if it should
> > be called "hitch-openssl", but I am far from sure.
> 
> My reading of the guidelines is that manpages should match the names of the
> executables, i.e. hitch.

Yeah, my bad. You were right re: hitch-openssl. However, guidelines also say *should*, so not a requirement. In cases like these, it is best to stick with whatever upstream uses, particularly since it is the name of the systemd unit...
Comment 10 Sören Möller 2015-07-11 10:53:48 EDT
Hi Jeff

Thanks for the comments.

(In reply to Jeff Backus from comment #8)
> (In reply to Sören Möller from comment #4)
> > - Thank you for the license clarification, I think I agree that all of the
> > files are under licenses that are fine for Fedora. I am just in doubt, what
> > should be written in the License-field of the spec file. I think "BSD"
> > (which is the short name for both BSD (2 clause) and BSD (3 clause) is
> > correct, but hope the "real" reviewer will be more certain.
> 
> My understanding is that the 2-clause and 3-clause forms are considered
> interchangeable. Regardless, both have the same shorthand in the license
> table, so the answer is "BSD".

OK, that makes sense, thank you.
 
> > - I am unsure how to chekck if "%build honors applicable compiler flags or
> > justifies otherwise.", although I think it does as it does what I expected
> > in build.log and no obvious changes in the spec-file
> 
> I compare the contents of build.log with the appropriate optflags line in
> /usr/lib/rpm/rpmrc.

Thank you for the pointer, I didn't know that /usr/lib/rpm/rpmrc was the appropriate place to look, and will use that for future revies.

Best
Sören
Comment 11 Ingvar Hagelund 2015-07-16 11:22:15 EDT
(In reply to Jeff Backus from comment #7)
> Hi folks,
> 
> I've done a formal review. Here are the highlights, with the formal review
> below:

Thanks, Jeff

New .src.rpm: http://users.linpro.no/ingvar/varnish/hitch/hitch-1.0.0-0.3.3.beta3.fc22.src.rpm

New .spec: http://users.linpro.no/ingvar/varnish/hitch/hitch.spec

> * BR redhat-rpm-config isn't needed, however, as there is an on-going
> discussion about what should go in the minimum buildroot, I won't insist
> this is removed. Any reason this was added?

It used to be a requirement for hardened build, but that is probably long gone. Fixed.

> * Even though BuildRequires allows multiple listings on one line, please
> only provide one. Specifically, line 25...

Fixed

> * Please add comments above %check section explaining why it is disabled by
> default and how to use it. Your explanation above is sufficient, just add it
> to the .spec file.

Fixed

> * Missed the -p when installing hitch.conf on line 98.

As the file is generated at build time, as was a bit unsure if this was necessary. Fixed

> * Please remove the commented %setup macro in %prep.

Fixed

> * Please remove the commented commands in %build

Fixed 

> * While you're making changes, the description has "It's" but should be
> "Its"... :)

This was dumped from an upstream description, but still; "It is" -> "Its"???  I'll use "It is", to avoid any confusion.
 
> Overall, looks good. Please address the above and I'll approve it.

Great, thanks!

Ingvar
Comment 12 Jeff Backus 2015-07-17 22:02:09 EDT
(In reply to Ingvar Hagelund from comment #11)
> (In reply to Jeff Backus from comment #7)
> > * Missed the -p when installing hitch.conf on line 98.
> 
> As the file is generated at build time, as was a bit unsure if this was
> necessary. Fixed

The one justification I can think of is it is an easy way to tell if the file may have been changed using only the metadata in the RPM.

> > * While you're making changes, the description has "It's" but should be
> > "Its"... :)
> 
> This was dumped from an upstream description, but still; "It is" -> "Its"???
> I'll use "It is", to avoid any confusion.

Doh! Yeah, you're right. One of the many reasons I tell people my native language is C++... :) Sorry for the confusion!

Package looks good. Thanks for making the requested changes. Package APPROVED.



Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "BSD (3 clause)", "BSD (2 clause)", "Unknown or generated",
     "*No copyright* Public domain". 6 files have unknown license. Detailed
     output of licensecheck in
     /mnt/storage/backed_up/homes/jeff/tmp/reviews/hitch/review-
     hitch/licensecheck.txt
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf %{buildroot} present but not required
[x]: Sources contain only permissible code or content.
[x]: Each %files section contains %defattr if rpm < 4.4
     Note: %defattr present but not needed
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[x]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[x]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 20480 bytes in 1 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[x]: Buildroot is not present
     Note: Buildroot: present but not needed
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: %clean present but not required
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[x]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[x]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Package should not use obsolete m4 macros
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: hitch-1.0.0-0.3.3.beta3.fc22.i686.rpm
          hitch-1.0.0-0.3.3.beta3.fc22.src.rpm
hitch.i686: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.i686: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.i686: W: spelling-error %description -l en_US multicore -> multicolored
hitch.i686: W: no-manual-page-for-binary hitch-openssl
hitch.src: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.src: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.src: W: spelling-error %description -l en_US multicore -> multicolored
2 packages and 0 specfiles checked; 0 errors, 7 warnings.




Rpmlint (debuginfo)
-------------------
Checking: hitch-debuginfo-1.0.0-0.3.3.beta3.fc22.i686.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.





Rpmlint (installed packages)
----------------------------
hitch.i686: W: spelling-error %description -l en_US unencrypted -> encrypted
hitch.i686: W: spelling-error %description -l en_US backend -> backed, back end, back-end
hitch.i686: W: spelling-error %description -l en_US multicore -> multicolored
hitch.i686: W: no-manual-page-for-binary hitch-openssl
2 packages and 0 specfiles checked; 0 errors, 4 warnings.



Requires
--------
hitch (rpmlib, GLIBC filtered):
    /bin/sh
    config(hitch)
    libc.so.6
    libcrypto.so.10
    libcrypto.so.10(OPENSSL_1.0.1)
    libcrypto.so.10(OPENSSL_1.0.1_EC)
    libcrypto.so.10(libcrypto.so.10)
    libev.so.4
    libssl.so.10
    libssl.so.10(libssl.so.10)
    openssl
    rtld(GNU_HASH)
    systemd-units



Provides
--------
hitch:
    config(hitch)
    hitch
    hitch(x86-32)



Source checksums
----------------
https://github.com/varnish/hitch/archive/00b264b5537986fecfa1013cc27ad3b7b771a646/hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.tar.gz :
  CHECKSUM(SHA256) this package     : 4ce39f89d4567ab04199a1f41eedfd253165cb2baf3b797ea5def5dfac23a269
  CHECKSUM(SHA256) upstream package : 4ce39f89d4567ab04199a1f41eedfd253165cb2baf3b797ea5def5dfac23a269


Generated by fedora-review 0.6.0 (3c5c9d7) last change: 2015-05-20
Command line :/usr/bin/fedora-review -n hitch
Buildroot used: fedora-22-i386
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6
Comment 13 Ingvar Hagelund 2015-07-18 13:29:55 EDT
New Package SCM Request
=======================
Package Name: hitch
Short Description: Network proxy that terminates TLS/SSL connections
Upstream URL: https://github.com/varnish/hitch
Owners: ingvar
Branches: f21 f22 el6 epel7
InitialCC:
Comment 14 Christopher Meng 2015-07-19 01:47:09 EDT
I have some advices for the spec:

1. %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
BuildRequires: systemd-units
%else

You should use 'systemd' instead of 'systemd-units' for these 4 entries.

2. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

This line is not needed if you don't plan to push it to el5(I think so).

3. LDFLAGS="%{optflags} -pie"

There must be something wrong within your project, I don't think cflags should be inserted here, should be %{__global_ldflags} instead.

4. rm -rf %{buildroot}

Drop it unless for el5.

5. # check is not enabled by default, as it won't work on the koji builders, 
# nor on machines that can't reach the Internet. 
%check
%if 0%{?runcheck} == 1
cd tests; ./runtests
cd -
%endif

Maybe 'cd -' is redundant?

6. Drop %clean section unless for el5.

7. Drop %defattr(-,root,root,-)

8. Consider %ghost %verify(not md5 size mtime)  /run/hitch/hitch.pid at %files.

9. hitch is a network proxy that terminates TLS/SSL connections and forwards the
unencrypted traffic to some backend. It is designed to handle 10s of thousands
of connections efficiently on multicore machines

A missing dot at the end of the final line.

10. %{_mandir}/man8/hitch.8.gz -> %{_mandir}/man8/hitch.8*

This will help once they are not compressed(RPM will compress these pages).
Comment 15 Ingvar Hagelund 2015-07-19 09:59:59 EDT
Updated .src.rpm at http://users.linpro.no/ingvar/varnish/hitch/hitch-1.0.0-0.3.4.beta3.fc22.src.rpm
Updated .spec at http://users.linpro.no/ingvar/varnish/hitch/hitch.spec


(In reply to Christopher Meng from comment #14)
> I have some advices for the spec:
> 
> 1. %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
> Requires(post): systemd-units
> Requires(preun): systemd-units
> Requires(postun): systemd-units
> BuildRequires: systemd-units
> %else
> 
> You should use 'systemd' instead of 'systemd-units' for these 4 entries.

Fixed

> 2. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
> 
> This line is not needed if you don't plan to push it to el5(I think so).

I considered building for epel5, but there were too many obstacles. Removed.
 
> 3. LDFLAGS="%{optflags} -pie"
> 
> There must be something wrong within your project, I don't think cflags
> should be inserted here, should be %{__global_ldflags} instead.

Right. Removed %optflags. -pie is for hardening, and it is only added on el6. (el6 does not have any of the macros %__global_ldflags or  %_hardened_ldflags.)

> 4. rm -rf %{buildroot}
> 
> Drop it unless for el5.

As above. Dropped.
 
> 5. # check (...)
> 
> Maybe 'cd -' is redundant?

Right. Dropped.

> 6. Drop %clean section unless for el5.

As above. Dropped.

> 7. Drop %defattr(-,root,root,-)

Ah, I still do copy-and-paste from spec files I built for el3 and el4. Fixed.
 
> 8. Consider %ghost %verify(not md5 size mtime)  /run/hitch/hitch.pid at
> %files.

Ah, nice. I didn't know about %ghost. 
 
> 9. hitch is a network proxy (...)
> 
> A missing dot at the end of the final line.

Fixed

> 10. %{_mandir}/man8/hitch.8.gz -> %{_mandir}/man8/hitch.8*
> 
> This will help once they are not compressed(RPM will compress these pages).

Fixed

Thanks, Christopher :-)

Ingvar
Comment 16 Kevin Fenzi 2015-07-20 13:18:07 EDT
Git done (by process-git-requests).
Comment 17 Fedora Update System 2015-07-26 12:06:00 EDT
hitch-1.0.0-0.3.4.beta3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.3.4.beta3.el6
Comment 18 Fedora Update System 2015-07-26 12:06:09 EDT
hitch-1.0.0-0.3.4.beta3.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.3.4.beta3.el7
Comment 19 Fedora Update System 2015-07-26 12:06:17 EDT
hitch-1.0.0-0.3.4.beta3.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.3.4.beta3.fc22
Comment 20 Fedora Update System 2015-07-26 12:06:24 EDT
hitch-1.0.0-0.3.4.beta3.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.3.4.beta3.fc21
Comment 21 Fedora Update System 2015-07-27 19:11:06 EDT
Package hitch-1.0.0-0.3.4.beta3.el7:
* should fix your issue,
* was pushed to the Fedora EPEL 7 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing hitch-1.0.0-0.3.4.beta3.el7'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7355/hitch-1.0.0-0.3.4.beta3.el7
then log in and leave karma (feedback).
Comment 22 Ingvar Hagelund 2015-08-04 02:26:44 EDT
Package Change Request
======================
Package Name: hitch
New Branches: f23
Owners: ingvar
Comment 23 Fedora Update System 2015-08-04 02:32:07 EDT
hitch-1.0.0-0.4.2.beta4.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.2.beta4.el7
Comment 24 Fedora Update System 2015-08-04 02:32:14 EDT
hitch-1.0.0-0.4.2.beta4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.2.beta4.el6
Comment 25 Fedora Update System 2015-08-04 02:32:21 EDT
hitch-1.0.0-0.4.2.beta4.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.2.beta4.fc22
Comment 26 Fedora Update System 2015-08-04 02:32:29 EDT
hitch-1.0.0-0.4.2.beta4.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.2.beta4.fc21
Comment 27 Gwyn Ciesla 2015-08-04 09:07:08 EDT
Git done (by process-git-requests).
Comment 28 Fedora Update System 2015-08-04 09:46:54 EDT
hitch-1.0.0-0.4.2.beta4.fc23 has been submitted as an update for Fedora 23.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.2.beta4.fc23
Comment 29 Fedora Update System 2015-08-05 03:44:35 EDT
hitch-1.0.0-0.4.3.beta4.fc23 has been submitted as an update for Fedora 23.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.3.beta4.fc23
Comment 30 Fedora Update System 2015-08-05 03:44:42 EDT
hitch-1.0.0-0.4.3.beta4.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.3.beta4.fc22
Comment 31 Fedora Update System 2015-08-05 03:45:52 EDT
hitch-1.0.0-0.4.3.beta4.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.3.beta4.fc21
Comment 32 Fedora Update System 2015-08-05 03:46:00 EDT
hitch-1.0.0-0.4.3.beta4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.3.beta4.el6
Comment 33 Fedora Update System 2015-08-05 03:46:06 EDT
hitch-1.0.0-0.4.3.beta4.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.4.3.beta4.el7
Comment 34 Fedora Update System 2015-08-17 10:53:00 EDT
hitch-1.0.0-0.5.1.beta5.fc23 has been submitted as an update for Fedora 23.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.5.1.beta5.fc23
Comment 35 Fedora Update System 2015-08-17 10:53:08 EDT
hitch-1.0.0-0.5.1.beta5.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.5.1.beta5.fc22
Comment 36 Fedora Update System 2015-08-17 10:53:15 EDT
hitch-1.0.0-0.5.1.beta5.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.5.1.beta5.el7
Comment 37 Fedora Update System 2015-08-17 10:53:22 EDT
hitch-1.0.0-0.5.1.beta5.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.5.1.beta5.el6
Comment 38 Fedora Update System 2015-08-17 10:54:32 EDT
hitch-1.0.0-0.5.1.beta5.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/hitch-1.0.0-0.5.1.beta5.fc21
Comment 39 Fedora Update System 2015-08-19 03:56:29 EDT
hitch-1.0.0-0.4.2.beta4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 40 Fedora Update System 2015-08-19 03:58:20 EDT
hitch-1.0.0-0.4.3.beta4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 41 Fedora Update System 2015-08-19 04:03:42 EDT
hitch-1.0.0-0.4.2.beta4.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 42 Fedora Update System 2015-08-19 04:06:17 EDT
hitch-1.0.0-0.4.3.beta4.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 43 Fedora Update System 2015-10-02 18:25:23 EDT
hitch-1.0.0-0.5.1.beta5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 44 Fedora Update System 2015-10-02 19:23:47 EDT
hitch-1.0.0-0.5.1.beta5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Comment 45 Fedora Update System 2015-10-03 14:02:19 EDT
hitch-1.0.0-0.5.1.beta5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 46 Fedora Update System 2015-10-03 17:18:46 EDT
hitch-1.0.0-0.5.1.beta5.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 47 Fedora Update System 2015-10-03 17:53:37 EDT
hitch-1.0.0-0.5.1.beta5.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.