Bug 1268716 - Review Request: cjdns - IP6 VPN with crypto address allocation
Review Request: cjdns - IP6 VPN with crypto address allocation
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Jared Smith
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-04 20:40 EDT by Stuart D Gathman
Modified: 2016-04-21 21:51 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-13 01:56:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
jsmith.fedora: fedora‑review+


Attachments (Terms of Use)

  None (edit)
Description Stuart D Gathman 2015-10-04 20:40:48 EDT
Spec URL: http://gathman.org/linux/SPECS/cjdns.spec
SRPM URL: http://gathman.org/linux/f22/src/cjdns-16.0-6.fc22.src.rpm
Description: Cjdns implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. This provides near-zero-configuration networking, and prevents many of the security and scalability issues that plague existing networks.
Fedora Account System Username: sdgathman
Comment 1 Stuart D Gathman 2015-10-04 20:59:32 EDT
Running on 5 systems, and connected to hyperboria mesh: http://hyperboria.net/

Koji build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=11329375
Comment 2 Stuart D Gathman 2015-10-04 21:01:50 EDT
Can use Fedora nacl (static) library on 32-bit systems, but 64-bit nacl library is not compiled with PIC on Fedora.
Comment 3 Upstream Release Monitoring 2015-10-27 10:32:46 EDT
sdgathman's scratch build of cjdns-16.3-1.fc22.src.rpm for f22 failed http://koji.fedoraproject.org/koji/taskinfo?taskID=11599364
Comment 4 Upstream Release Monitoring 2015-10-27 10:57:31 EDT
sdgathman's scratch build of cjdns-16.3-1.fc22.src.rpm for f22 completed http://koji.fedoraproject.org/koji/taskinfo?taskID=11599495
Comment 5 Christopher Meng 2015-10-28 02:35:52 EDT
Good to see this got packaged by someone else, I tried to package it 1 year ago, it actually sucked a lot, all nodejs to native suck.

1. Bundled nacl and libuv are still issues, that's the main point why it sucks IMO.

2. You shouldn't put files under libdir/cjdns, use libexec instead.

3. %defattr(-,root,root,-)
rm -rf $RPM_BUILD_ROOT

Drop them.

4. Read https://fedoraproject.org/wiki/Packaging:SysVInitScript and see how to handle init files.

5.  /usr/sbin/useradd -g cjdns -c "IPv6 VPN" 

"IPv6 VPN" is not enough.

== Small issues ==

%if 0%{?rhel} == 6
/%{_sysconfdir}/init/*

->

%{_sysconfdir}/init/*
Comment 6 Stuart D Gathman 2015-10-28 10:45:51 EDT
Thank you for looking at this.  I do use the system libnacl for i686.  Unfortunately, the system libnacl is not compiled with -fPIC, so I have to fall back to the bundled nacl for x86_64 and ARM.  Should I file a bug report with the nacl package?

The problem with system libuv, is that it is the wrong version (incompat API), and a different wrong version on EL6 (although much closer).

The tools don't belong in libexec, IMO.  They are not used by cjdns.  They are CLI tools.  There are two versions, python and nodejs.  Both have libraries.  lib, not libexec seems appropriate for those libraries.  Why didn't I put the CLI tools directly in /bin?  Because several of the python and nodejs tools conflict - e.g. peerStats.  So I put them all in lib and symlink an arbitrary selection to /bin.  Note that moving just the commands to libexec would entail lots of code changes - the libraries are found by relative path.

I would prefer to drop EL6 support rather than deal with sysvinit files.  Can we leave the EL6 support as caveat emptor?  If not, I'll just delete EL6 support for Fedora.  EL7 works fine with the systemd units.

I changed the passwd comment (useradd) to "End to end encrypted IPv6 mesh".  Or were you looking for something along the lines of "user id for cjdroute"?
Comment 7 Stuart D Gathman 2015-10-28 11:02:45 EDT
https://bugzilla.redhat.com/show_bug.cgi?id=1276066
Comment 8 Upstream Release Monitoring 2015-10-28 11:18:14 EDT
sdgathman's scratch build of cjdns-16.3-2.fc22.src.rpm for f22 completed http://koji.fedoraproject.org/koji/taskinfo?taskID=11613868
Comment 9 Stuart D Gathman 2015-11-03 18:21:15 EST
nacl is now being built with -fPIC in rawhide, and is supposed to have a dynamic version as well.  So nacl will no longer be embedded by the time rawhide is f24.  cjdns is updating lubuv to 1.4 - so I should be able to drop that embedded library also when that is finished.

sdgathman's scratch build of cjdns-17.1-1.fc22.src.rpm for f22 completed http://koji.fedoraproject.org/koji/taskinfo?taskID=11689480

sdgathman's scratch build of cjdns-17.1-1.fc22.src.rpm for f23 completed http://koji.fedoraproject.org/koji/taskinfo?taskID=11689755
Comment 10 Stuart D Gathman 2015-11-04 20:26:15 EST
Successfully built and tested on f22 with dynamic nacl library rebuilt from rawhide.
Comment 11 Upstream Release Monitoring 2015-11-07 19:57:42 EST
sdgathman's scratch build of cjdns-17.1-3.fc22.src.rpm for f23 completed http://koji.fedoraproject.org/koji/taskinfo?taskID=11748569
Comment 12 Stuart D Gathman 2015-11-09 11:24:00 EST
This is why cjd thinks we should continue using the embedded nacl library:

Caleb J. Delisle writes in https://github.com/hyperboria/cjdns/issues/43#issuecomment-154882318

1. When I started cjdns, libsodium was a bit of a joke, if you wanted nacl you needed to use it.
2. Libsodium does not use the fastest implementations for each processor, instead it uses a single implementation which works on everything.
3. Cjdns/NaCl has a poly1305 implementation for mips32r2 processors which doubles the packet forwarding speed... It's written in assembly so it will never end up in Libsodium and probably not in the OpenWRT nacl.
4. Dynamic linking opens up some various types of security bullshit see: https://startpage.com/do/search?q=dynamic+linking+exploit
5. How much space savings it is really ? (is it even net-positive if there are no other applications using nacl?)
6. The more stuff which is external to cjdns that cjdns relies upon, the more possibility for bugs which only happen on certain systems. I program with the assumption that the environment is hostile. For example cjdns has it's own random generator, after what happened with Debian OpenSSL, I would immediately -1 any attempt to replace that with a dynamically linked source of random. Basically the nacl that I use on my laptop matches the one that you use and that makes the safety of cjdns easier to validate. When there is a big major security vulnerability and it is exposed, everyone is going to point at the one feature which caused it and say "ho ho ho, that was stupid!" but until that day comes, everybody is going to push and push for more features, more edge cases, more things which don't work for the original vision and every one that I let by will make the security model a little more complex, a little more nuanced and a little more difficult to validate. Until the day when one of them finally bites us.

For what this claims to bring, I don't see value worth the pain it (and other features like it) will cause in the long term.
Comment 13 Stuart D Gathman 2015-11-09 11:25:40 EST
Whatever the decision of Fedora, I will add a flag to the SPEC file so that uses can easily get the embedded nacl (or not) when desired.
Comment 14 Stuart D Gathman 2015-12-11 20:48:53 EST
I'm not sure how long koji keeps the scratch builds, so the latest SRPM is here:
http://gathman.org/linux/f22/src/cjdns-17.1-3.fc22.src.rpm
Comment 15 Jared Smith 2015-12-15 15:30:24 EST
Can you please also build against Rawhide, to make sure it's working well there?  If you do that, I'd be happy to help with the package review.
Comment 16 Stuart D Gathman 2015-12-15 22:08:41 EST
Still builds on rawhide (and uses libnacl.so).  http://koji.fedoraproject.org/koji/taskinfo?taskID=12206449
Comment 17 Upstream Release Monitoring 2016-02-02 16:24:04 EST
sdgathman's scratch build of cjdns-17.3-2.fc22.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12792206
Comment 18 Stuart D Gathman 2016-02-02 16:33:16 EST
The 17.3-2 build works fine on f23 for i686 and x86_64.  There seems to be some compiler changes for rawhide.
Comment 19 Upstream Release Monitoring 2016-02-02 17:41:37 EST
sdgathman's scratch build of cjdns-17.3-2.fc22.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12792872
Comment 20 Upstream Release Monitoring 2016-02-02 17:49:14 EST
sdgathman's scratch build of cjdns-17.3-2.fc22.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12792947
Comment 21 Upstream Release Monitoring 2016-02-02 20:07:44 EST
sdgathman's scratch build of cjdns-17.3-2.fc22.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12794390
Comment 22 Stuart D Gathman 2016-02-02 20:13:33 EST
Finally!  I used #pragma GCC diagnostic to ignore some false positives from -Wstrict-aliasing and -Wunused-const-variable, and patched ~0 << to ~0U <<
Comment 23 Stuart D Gathman 2016-02-02 21:49:49 EST
./dht/CJDHTConstants.h:21:9: error: unknown option after '#pragma GCC diagnostic' kind [-Werror=pragmas]
#pragma GCC diagnostic ignored "-Wunused-const-variable"
cc1: all warnings being treated as errors

Added:
#pragma GCC diagnostic ignored "-Wpragmas"
Comment 24 Upstream Release Monitoring 2016-02-02 22:24:36 EST
sdgathman's scratch build of cjdns-17.3-3.fc22.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12795960
Comment 25 Stuart D Gathman 2016-02-02 22:46:07 EST
New SRPM link:
http://gathman.org/linux/f22/src/cjdns-17.3-3.fc22.src.rpm
Comment 26 Upstream Release Monitoring 2016-02-12 16:49:01 EST
sdgathman's scratch build of cjdns-17.3-4.fc22.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12957404
Comment 27 Jared Smith 2016-02-13 11:50:04 EST
I'm working on the formal review of this package now.
Comment 28 Stuart D Gathman 2016-02-13 12:39:45 EST
I see that there is a compat-libuv010, which will probably work with cjdns.  That will get rid of the last embedded library.
Comment 29 Stuart D Gathman 2016-02-14 22:42:29 EST
The embedded libuv is 0.11.4, and does not seem to work with compat-libuv010.  We'll have to wait until upstream upgrades to use 1.4.  There is an upstream dev working on it.
Comment 30 Stuart D Gathman 2016-02-17 18:37:42 EST
TODO: instead of patching the default chroot dir and unprivileged user for the generated config, submit a patch upstream to add command line options to make those alterations to a generated config.  Upstream has indicated they would accept such a patch.  Then make those changes when generating the initial config in the systemd service instead.
Comment 31 Jared Smith 2016-02-22 14:01:31 EST
The package is coming along nicely, but isn't yet ready for approval.  Here's my running list of things that should be addressed:

- Fix the license tag to be "GPLv3"
- Permissions on files are set properly.
  Note: See rpmlint output
  See: http://fedoraproject.org/wiki/Packaging/Guidelines#FilePermissions
- Package contains BR: python2-devel or python3-devel
- All build dependencies are listed in BuildRequires, except for any that
  are listed in the exceptions section of Packaging Guidelines.
  Note: These BR are not needed: make
  See: http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions_2
- Package uses either %{buildroot} or $RPM_BUILD_ROOT
  Note: Using both %{buildroot} and $RPM_BUILD_ROOT
  See: http://fedoraproject.org/wiki/Packaging/Guidelines#macros
- If (and only if) the source package includes the text of the license(s)
  in its own file, then that file, containing the text of the license(s)
  for the package is included in %license.
  Note: Cannot find bencode.py.LICENSE.txt in rpm(s)
  See:
  http://fedoraproject.org/wiki/Packaging/LicensingGuidelines#License_Text
- The main package should own the %{_libdir}/cjdns directory
- Do you need FPC exception approval for bundled nacl and libuv libraries?
Comment 32 Ivan Afonichev 2016-02-23 05:26:36 EST
FPC exception seems to be not needed nowdays https://fedoraproject.org/wiki/Bundled_Software_policy
https://lwn.net/Articles/660429/
Comment 33 Stuart D Gathman 2016-02-23 13:28:48 EST
The nacl library does not need to be bundled.  I made a flag whether to use Fedora or embedded nacl in rel 5.  I added the Provides for the embedded libuv.  The %{_libdir}/cjdns directory is not used by the main package.  It is only for the tools packages.  I suppose I should treat the tools package as a nodejs package, and the python tools as a python package.  I may need to add proper python packaging for them.  I can just delete the python tools in the meantime.

make *is* needed to build the embedded libuv library.

I am redoing the %install section to use /bin/install instead of cp so as to force desired permissions.  Using %defattr was too cumbersome with the mix of files that are executable or not.

Changed license string and changed all $RPM_BUILD_ROOT to %{buildroot}

I'll have to investigate the bencode.py license - or just delete the python tools.
Comment 34 Jared Smith 2016-02-24 10:23:26 EST
Please also note that I was doing additional testing on cjdns last night, I got severa SELinux alerts, specifically around cjdroute trying to access things it didn't have permissions to.  I'll paste the details below, and hopefully you can get those worked out as well:

SELinux is preventing cjdroute from search access on the directory machines.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that cjdroute should be allowed search access on the machines directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep cjdroute /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:cjdns_t:s0
Target Context                system_u:object_r:systemd_machined_var_run_t:s0
Target Objects                machines [ dir ]
Source                        cjdroute
Source Path                   cjdroute
Port                          <Unknown>
Host                          slapshot-jaredsmith-net
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-171.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     slapshot-jaredsmith-net
Platform                      Linux slapshot-jaredsmith-net
                              4.5.0-0.rc5.git0.1.fc24.x86_64 #1 SMP Sun Feb 21
                              22:39:46 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-02-23 18:41:56 EST
Last Seen                     2016-02-23 18:41:56 EST
Local ID                      fc532d84-17d9-4fc3-b7ac-bc726da00e50

Raw Audit Messages
type=AVC msg=audit(1456270916.93:1055): avc:  denied  { search } for  pid=26366 comm="cjdroute" name="machines" dev="tmpfs" ino=20797 scontext=system_u:system_r:cjdns_t:s0 tcontext=system_u:object_r:systemd_machined_var_run_t:s0 tclass=dir permissive=0


Hash: cjdroute,cjdns_t,systemd_machined_var_run_t,dir,search

---

SELinux is preventing cjdroute from open access on the file /etc/hosts.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that cjdroute should be allowed open access on the hosts file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep cjdroute /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:cjdns_t:s0
Target Context                system_u:object_r:net_conf_t:s0
Target Objects                /etc/hosts [ file ]
Source                        cjdroute
Source Path                   cjdroute
Port                          <Unknown>
Host                          slapshot-jaredsmith-net
Source RPM Packages           
Target RPM Packages           setup-2.10.1-1.fc24.noarch
Policy RPM                    selinux-policy-3.13.1-171.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     slapshot-jaredsmith-net
Platform                      Linux slapshot-jaredsmith-net
                              4.5.0-0.rc5.git0.1.fc24.x86_64 #1 SMP Sun Feb 21
                              22:39:46 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-02-23 18:41:56 EST
Last Seen                     2016-02-23 18:41:56 EST
Local ID                      09b781ff-9a3a-4985-8717-fbb153cd7780

Raw Audit Messages
type=AVC msg=audit(1456270916.90:1054): avc:  denied  { open } for  pid=26366 comm="cjdroute" path="/etc/hosts" dev="dm-2" ino=3182078 scontext=system_u:system_r:cjdns_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file permissive=0


Hash: cjdroute,cjdns_t,net_conf_t,file,open
Comment 35 Upstream Release Monitoring 2016-02-24 22:10:48 EST
sdgathman's scratch build of cjdns-17.3-5.fc22.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=13120808
Comment 36 Stuart D Gathman 2016-02-24 23:49:21 EST
I addressed most of the problems with release 5.  I did permit /etc/hosts access in selinux.  I haven't reproduced the selinux traps myself, however, and I have no idea what would make it try to access systemd/machines in /var/run.

I switched to 'install' instead of 'cp' to set permissions properly.  cp worked when I was using %defattr.  

I added a patch to ensure setgroups() is called before setuid(), and it seems to make rpmlint happy.

I've updated the changelog since the koji build.
Comment 37 Stuart D Gathman 2016-02-25 12:15:34 EST
Now that I've tagged the python tools noarch, rpmlint doesn't like them in /usr/lib.  I'm thinking I should move the remaining C tools to the main package, and make the nodejs tools noarch as well.  There are name conflicts between the nodejs and python tools - so I can't put them all in /usr/bin.  I was happy personally with /usr/lib/cjdns and /usr/lib/cjdns/python, but that doesn't fit with the Fedora paradigm.
Comment 38 Stuart D Gathman 2016-02-29 22:55:08 EST
Submitted release 6.  I moved all the tools to /usr/libexec/cjdns.  This make rpmlint much happier.  Now it just complains about lack of documentation and the /var/empty/cjdns dir.

I also added a few man pages.  I'll add more man pages as I get time.
Comment 39 Upstream Release Monitoring 2016-02-29 22:58:59 EST
sdgathman's scratch build of cjdns-17.3-6.fc22.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=13184124
Comment 40 Jared Smith 2016-03-01 08:56:23 EST
When doing package reviews, it's customary to provide links to the spec file and SRPM again in the following format, so that the fedora-review tool can find them:

Spec URL: http://gathman.org/linux/SPECS/cjdns.spec
SRPM URL: http://gathman.org/linux/f22/src/cjdns-17.3-6.fc22.src.rpm
Comment 41 Jared Smith 2016-03-01 08:59:22 EST
And, of course, I messed up the link for the SRPM file :-(

Let's try this again:

Spec URL: http://gathman.org/linux/SPECS/cjdns.spec
SRPM URL: http://gathman.org/linux/f23/src/cjdns-17.3-6.fc23.src.rpm
Comment 42 Stuart D Gathman 2016-03-01 10:09:09 EST
Both links are now valid.  :-)
Comment 43 Jared Smith 2016-03-01 12:20:25 EST
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


Issues: =======
- Package contains BR: python2-devel or python3-devel
- All build dependencies are listed in BuildRequires, except for any that are
  listed in the exceptions section of Packaging Guidelines.  Note: These BR are
  not needed: make
  See: http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions_2
- License says it's GPL v3, but licensecheck finds many other licenses
- Contains bundled versions of bootstrap and select2 (admin/www), but those
  don't follow the web assets packaging guidelines.  See
  https://fedoraproject.org/wiki/Packaging:Web_Assets and
  https://fedoraproject.org/wiki/Packaging:JavaScript for these files.
- The package shouldn't start on installation -- that's frowned upon in Fedora
- Subpackages should have strictly versioned requires on the main package
- You should use %global instead of %define, unless you really need only
  locally defined submacros within other macro definitions (a very rare case).
- Make sure that the spec file used to build the SRPM is the same one linked
  in the bugzilla ticket.
- I'm still getting an SELinux alert on the "machines" directory when running
  the 'peerStats' utility.


===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[!]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "Apache (v2.0)", "GPL (v3 or later)", "Unknown or generated",
     "MIT/X11 (BSD like)", "*No copyright* ISC", "ISC", "GPL (v3 or later)
     (with incorrect FSF address)", "BSD (3 clause)", "GPL (v2 or later)
     (with incorrect FSF address)", "BSD (2 clause)", "BSD (3 clause)
     MIT/X11 (BSD like)". 2365 files have unknown license. Detailed output
     of licensecheck in
     /home/jsmith/Git/FedoraReview/1268716-cjdns/licensecheck.txt
[!]: License file installed when any subpackage combination is installed.
[!]: Package must own all directories that it creates.
     Note: Directories without known owners: /usr/share/selinux/targeted,
     /usr/lib/systemd/system, /usr/libexec/cjdns, /usr/lib/systemd
[x]: %build honors applicable compiler flags or justifies otherwise.
[!]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 92160 bytes in 10 files.
[!]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

Python:
[x]: Python eggs must not download any dependencies during the build
     process.
[-]: A package which is used by another package via an egg interface should
     provide egg info.
[x]: Package meets the Packaging Guidelines::Python
[x]: Binary eggs must be removed in %prep

===== SHOULD items =====

Generic:
[-]: Uses parallel make %{?_smp_mflags} macro.
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[!]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in cjdns-
     selinux , cjdns-tools , cjdns-python , cjdns-graph , cjdns-debuginfo
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[!]: Scriptlets must be sane, if used.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[!]: Spec use %global instead of %define unless justified.
     Note: %define requiring justification: %define use_embedded 1, %define
     use_embedded 0, %define use_systemd 0, %define use_systemd 1, %define
     use_upstart 1, %define use_upstart 0, %define with_admin 0, %define
     with_python 1
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.

===== EXTRA items =====

Generic:
[!]: Spec file according to URL is the same as in SRPM.
     Note: Spec file as given by url is not the same as in SRPM (see
     attached diff).
     See: (this test has no URL)
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.


Rpmlint
-------
Checking: cjdns-17.3-6.fc24.x86_64.rpm
          cjdns-selinux-17.3-6.fc24.x86_64.rpm
          cjdns-tools-17.3-6.fc24.x86_64.rpm
          cjdns-python-17.3-6.fc24.noarch.rpm
          cjdns-graph-17.3-6.fc24.noarch.rpm
          cjdns-debuginfo-17.3-6.fc24.x86_64.rpm
          cjdns-17.3-6.fc24.src.rpm
cjdns.x86_64: W: spelling-error %description -l en_US scalability -> availability, sociability, implacability
cjdns.x86_64: E: missing-call-to-chdir-with-chroot /usr/sbin/cjdroute
cjdns.x86_64: E: missing-call-to-chdir-with-chroot /usr/libexec/cjdns/sybilsim
cjdns.x86_64: W: wrong-file-end-of-line-encoding /usr/share/doc/cjdns/README_RU.md
cjdns.x86_64: E: non-standard-dir-perm /var/empty/cjdns 100
cjdns.x86_64: W: spurious-executable-perm /usr/share/man/man5/cjdroute.conf.5.gz
cjdns.x86_64: W: non-standard-dir-in-var empty
cjdns-tools.x86_64: W: no-documentation
cjdns-tools.x86_64: W: no-manual-page-for-binary dumpLinks
cjdns-tools.x86_64: W: no-manual-page-for-binary search
cjdns-tools.x86_64: W: no-manual-page-for-binary pingAll
cjdns-tools.x86_64: W: no-manual-page-for-binary dumptable
cjdns-tools.x86_64: W: no-manual-page-for-binary sessionStats
cjdns-tools.x86_64: W: no-manual-page-for-binary peerStats
cjdns-tools.x86_64: W: no-manual-page-for-binary pathfinderTree
cjdns-tools.x86_64: W: no-manual-page-for-binary dumpRumorMill
cjdns-tools.x86_64: W: no-manual-page-for-binary cjdnslog
cjdns-python.noarch: W: no-manual-page-for-binary getLinks
cjdns-python.noarch: W: no-manual-page-for-binary cjdnsa
cjdns-python.noarch: W: no-manual-page-for-binary ip6topk
cjdns-python.noarch: W: no-manual-page-for-binary pingAll.py
cjdns-python.noarch: W: no-manual-page-for-binary trashroutes
cjdns-python.noarch: W: no-manual-page-for-binary searches
cjdns-python.noarch: W: no-manual-page-for-binary pktoip6
cjdns-python.noarch: W: no-manual-page-for-binary findnodes
cjdns-graph.noarch: W: no-documentation
cjdns-graph.noarch: W: no-manual-page-for-binary dumpgraph
cjdns-graph.noarch: W: no-manual-page-for-binary drawgraph
cjdns-graph.noarch: W: no-manual-page-for-binary graphStats
cjdns.src: W: spelling-error %description -l en_US scalability -> availability, sociability, implacability
cjdns.src:405: W: macro-in-%changelog %{_libdir}
cjdns.src:69: W: mixed-use-of-spaces-and-tabs (spaces: line 29, tab: line 69)
7 packages and 0 specfiles checked; 3 errors, 29 warnings.




Rpmlint (debuginfo)
-------------------
Checking: cjdns-debuginfo-17.3-6.fc24.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.





Rpmlint (installed packages)
----------------------------
cjdns.x86_64: W: spelling-error %description -l en_US scalability -> availability, sociability, implacability
cjdns.x86_64: E: missing-call-to-chdir-with-chroot /usr/libexec/cjdns/sybilsim
cjdns.x86_64: E: missing-call-to-chdir-with-chroot /usr/sbin/cjdroute
cjdns.x86_64: E: non-standard-dir-perm /var/empty/cjdns 100
cjdns.x86_64: W: spurious-executable-perm /usr/share/man/man5/cjdroute.conf.5.gz
cjdns.x86_64: W: wrong-file-end-of-line-encoding /usr/share/doc/cjdns/README_RU.md
cjdns.x86_64: W: non-standard-dir-in-var empty
cjdns-tools.x86_64: W: no-documentation
cjdns-tools.x86_64: W: no-manual-page-for-binary cjdnslog
cjdns-tools.x86_64: W: no-manual-page-for-binary dumpLinks
cjdns-tools.x86_64: W: no-manual-page-for-binary sessionStats
cjdns-tools.x86_64: W: no-manual-page-for-binary pathfinderTree
cjdns-tools.x86_64: W: no-manual-page-for-binary peerStats
cjdns-tools.x86_64: W: no-manual-page-for-binary pingAll
cjdns-tools.x86_64: W: no-manual-page-for-binary dumpRumorMill
cjdns-tools.x86_64: W: no-manual-page-for-binary dumptable
cjdns-tools.x86_64: W: no-manual-page-for-binary search
cjdns-graph.noarch: W: no-documentation
cjdns-graph.noarch: W: no-manual-page-for-binary graphStats
cjdns-graph.noarch: W: no-manual-page-for-binary drawgraph
cjdns-graph.noarch: W: no-manual-page-for-binary dumpgraph
cjdns-python.noarch: W: no-manual-page-for-binary findnodes
cjdns-python.noarch: W: no-manual-page-for-binary pktoip6
cjdns-python.noarch: W: no-manual-page-for-binary searches
cjdns-python.noarch: W: no-manual-page-for-binary trashroutes
cjdns-python.noarch: W: no-manual-page-for-binary pingAll.py
cjdns-python.noarch: W: no-manual-page-for-binary cjdnsa
cjdns-python.noarch: W: no-manual-page-for-binary ip6topk
cjdns-python.noarch: W: no-manual-page-for-binary getLinks
6 packages and 0 specfiles checked; 3 errors, 26 warnings.



Diff spec file in url and in SRPM
---------------------------------
--- /home/jsmith/Git/FedoraReview/1268716-cjdns/srpm/cjdns.spec	2016-03-01 09:46:42.900705383 -0500
+++ /home/jsmith/Git/FedoraReview/1268716-cjdns/srpm-unpacked/cjdns.spec	2016-02-29 22:28:33.000000000 -0500
@@ -67,5 +67,5 @@
 Patch8:  cjdns.warnings.patch
 # Man pages
-Patch9:  cjdns.man.patch
+Patch9:	 cjdns.man.patch
 
 BuildRequires:  nodejs, make, nodejs-ronn


Requires
--------
cjdns-selinux (rpmlib, GLIBC filtered):
    /bin/sh
    cjdns
    policycoreutils
    selinux-policy

cjdns (rpmlib, GLIBC filtered):
    /bin/sh
    libc.so.6()(64bit)
    libnacl.so.0()(64bit)
    libpthread.so.0()(64bit)
    librt.so.1()(64bit)
    libstdc++.so.6()(64bit)
    rtld(GNU_HASH)
    shadow-utils

cjdns-tools (rpmlib, GLIBC filtered):
    /usr/bin/env
    nodejs

cjdns-graph (rpmlib, GLIBC filtered):
    /usr/bin/python2
    cjdns-python
    python-networkx

cjdns-debuginfo (rpmlib, GLIBC filtered):

cjdns-python (rpmlib, GLIBC filtered):
    /bin/sh
    /usr/bin/python2
    python



Provides
--------
cjdns-selinux:
    cjdns-selinux
    cjdns-selinux(x86-64)

cjdns:
    bundled(libuv)
    cjdns
    cjdns(x86-64)

cjdns-tools:
    cjdns-tools
    cjdns-tools(x86-64)

cjdns-graph:
    cjdns-graph

cjdns-debuginfo:
    cjdns-debuginfo
    cjdns-debuginfo(x86-64)

cjdns-python:
    cjdns-python



Source checksums
----------------
https://github.com/cjdelisle/cjdns/archive/cjdns-v17.3.tar.gz :
  CHECKSUM(SHA256) this package     : 3193df651ad9c00f31ab04feb33f801645996f6647c89b63bcc327b48e17e602
  CHECKSUM(SHA256) upstream package : 3193df651ad9c00f31ab04feb33f801645996f6647c89b63bcc327b48e17e602


Generated by fedora-review 0.6.0 (7737a2a) last change: 2015-11-26
Command line :./try-fedora-review -b 1268716
Buildroot used: fedora-rawhide-x86_64
Active plugins: Python, Generic, Shell-api, C/C++
Disabled plugins: Java, SugarActivity, fonts, Haskell, Ocaml, Perl, R, PHP, Ruby
Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6
Comment 44 Stuart D Gathman 2016-03-01 21:26:32 EST
The chroot flag is a false positive: 
void Security_chroot(char* root, struct Except* eh)
{
    if (chdir(root)) {
        Except_throw(eh, "chdir(%s) -> [%s]", root, strerror(errno));
    }
    if (chroot(root)) {
        Except_throw(eh, "chroot(%s) -> [%s]", root, strerror(errno));
    }
}
Comment 45 Stuart D Gathman 2016-03-02 00:18:30 EST
Not ready for another review yet, testing 

- Add explicit systemd dependency
- Add selinux-policy-targeted dependency
- Add version to main package dependencies
- Remove use of #!/usr/bin/env in nodejs tools
- Change all top level define to global
- Remove workaround for missing -fPIC on libnacl for X86_64 on f22.

Spec URL: http://gathman.org/linux/SPECS/cjdns.spec
SRPM URL: http://gathman.org/linux/f22/src/cjdns-17.3-6.fc22.src.rpm
Comment 46 Stuart D Gathman 2016-03-02 01:03:31 EST
Messed up the SRPM url:

Spec URL: http://gathman.org/linux/SPECS/cjdns.spec
SRPM URL: http://gathman.org/linux/f22/src/cjdns-17.3-7.fc22.src.rpm

I think I addressed all the issues.  Maybe not well enough to pass.
Comment 47 Stuart D Gathman 2016-03-02 01:05:00 EST
For EPEL, I am just requiring nacl-devel.  The nacl SRPM from rawhide built just fine for EPEL.
Comment 48 Stuart D Gathman 2016-03-02 11:23:02 EST
bencode.js (used by cjdns-tools) has this license:


    /* Copyright (c) 2009 Anton Ekblad
     
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
     
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software. */
     
     
This seems to be very similar to a BSD license, but I suppose legal should confirm.

Otherwise, everything is GPLv3 except libuv, which is MIT+BSD+ISC.
Comment 49 Stuart D Gathman 2016-03-02 13:09:06 EST
Also, licensecheck needs work. Most of the files it reports as UNKNOWN, actually have a GPLv3 license - right at the start.  I'm not sure why it doesn't recognize it.
Comment 50 Stuart D Gathman 2016-03-08 17:28:30 EST
For release 8, I added more man pages.  

TODO: 

Should I move the config to /etc/cjdns/cjdroute.conf ?  The issue is that a server might run multiple instances of cjdns - each with its own config and unique IP6.  Then the unit could support @ like openvpn.  Can there also be a cjdns.service (without the @) that uses /etc/cjdroute.conf ?  Then this could wait for a later release.

For services that listen on a cjdns IP, there needs to be a cjdns-wait-online.service unit that functions like NetworkManager-wait-online.service.  This can wait, but is needed to, for instance, run thttpd on cjdns to provide nodeinfo.json.
Comment 51 Stuart D Gathman 2016-03-09 00:06:36 EST
Added cjdns-online and cjdns-wait-online.service, more man pages.

Spec URL: http://gathman.org/linux/SPECS/cjdns.spec
SRPM URL: http://gathman.org/linux/f22/src/cjdns-17.3-8.fc22.src.rpm
Comment 52 Jared Smith 2016-03-10 16:04:28 EST
Just a couple of remaining items... Also note that I'm no longer getting SELinux alerts when running "peerStats" (either the node or python versions).

Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


Issues:
=======
- I think you need a BuildRequires on either python2-devel or python3-devel,
  at least for the -python subpackage
- Requires on sub-packages should use the form:
  %{name}%{?_isa} = %{version}-%{release}
  instead of:
  %{name} = %{version}-%{release}

===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
[x]: License file installed when any subpackage combination is installed.
[x]: If the package is under multiple licenses, the licensing breakdown
     must be documented in the spec.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 92160 bytes in 10 files.
[?]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

Python:
[x]: Python eggs must not download any dependencies during the build
     process.
[x]: A package which is used by another package via an egg interface should
     provide egg info.
[ ]: Package meets the Packaging Guidelines::Python
[x]: Binary eggs must be removed in %prep

===== SHOULD items =====

Generic:
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[-]: Uses parallel make %{?_smp_mflags} macro.
[x]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[!]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in cjdns-
     selinux , cjdns-tools , cjdns-python , cjdns-graph , cjdns-debuginfo
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[x]: Scriptlets must be sane, if used.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Spec file according to URL is the same as in SRPM.


Installation errors
-------------------
INFO: mock.py version 1.2.15 starting (python version = 3.5.1)...
Start: init plugins
INFO: selinux enabled
Finish: init plugins
Start: run
Start: chroot init
INFO: calling preinit hooks
INFO: enabled root cache
INFO: enabled dnf cache
Start: cleaning dnf metadata
Finish: cleaning dnf metadata
Mock Version: 1.2.15
INFO: Mock Version: 1.2.15
Finish: chroot init
INFO: installing package(s): /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-17.3-8.fc25.x86_64.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-selinux-17.3-8.fc25.x86_64.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-tools-17.3-8.fc25.x86_64.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-python-17.3-8.fc25.noarch.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-graph-17.3-8.fc25.noarch.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-debuginfo-17.3-8.fc25.x86_64.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-debuginfo-17.3-8.fc25.x86_64.rpm
ERROR: Command failed. See logs for output.
 # /usr/bin/dnf --installroot /var/lib/mock/fedora-rawhide-x86_64/root/ --releasever 25 --disableplugin=local --setopt=deltarpm=false install /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-17.3-8.fc25.x86_64.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-selinux-17.3-8.fc25.x86_64.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-tools-17.3-8.fc25.x86_64.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-python-17.3-8.fc25.noarch.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-graph-17.3-8.fc25.noarch.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-debuginfo-17.3-8.fc25.x86_64.rpm /home/jsmith/Documents/Personal/Reviews/1268716-cjdns/results/cjdns-debuginfo-17.3-8.fc25.x86_64.rpm --setopt=tsflags=nocontexts
WARNING: unable to delete selinux filesystems (/tmp/mock-selinux-plugin.oyuqo5lr): [Errno 1] Operation not permitted: '/tmp/mock-selinux-plugin.oyuqo5lr'


Rpmlint
-------
Checking: cjdns-17.3-8.fc25.x86_64.rpm
          cjdns-selinux-17.3-8.fc25.x86_64.rpm
          cjdns-tools-17.3-8.fc25.x86_64.rpm
          cjdns-python-17.3-8.fc25.noarch.rpm
          cjdns-graph-17.3-8.fc25.noarch.rpm
          cjdns-debuginfo-17.3-8.fc25.x86_64.rpm
          cjdns-17.3-8.fc25.src.rpm
cjdns.x86_64: W: spelling-error %description -l en_US scalability -> availability, sociability, implacability
cjdns.x86_64: E: missing-call-to-chdir-with-chroot /usr/libexec/cjdns/sybilsim
cjdns.x86_64: E: missing-call-to-chdir-with-chroot /usr/sbin/cjdroute
cjdns.x86_64: W: wrong-file-end-of-line-encoding /usr/share/doc/cjdns/README_RU.md
cjdns.x86_64: E: non-readable /etc/cjdroute.conf 600
cjdns.x86_64: E: zero-length /etc/cjdroute.conf
cjdns.x86_64: E: non-standard-dir-perm /var/empty/cjdns 100
cjdns.x86_64: W: non-standard-dir-in-var empty
cjdns-tools.x86_64: W: no-documentation
cjdns-tools.x86_64: W: no-manual-page-for-binary peerStats
cjdns-tools.x86_64: W: no-manual-page-for-binary pathfinderTree
cjdns-tools.x86_64: W: no-manual-page-for-binary cjdnslog
cjdns-tools.x86_64: W: no-manual-page-for-binary search
cjdns-tools.x86_64: W: no-manual-page-for-binary dumpRumorMill
cjdns-tools.x86_64: W: no-manual-page-for-binary sessionStats
cjdns-tools.x86_64: W: no-manual-page-for-binary pingAll
cjdns-tools.x86_64: W: no-manual-page-for-binary dumpLinks
cjdns-tools.x86_64: W: no-manual-page-for-binary dumptable
cjdns-python.noarch: W: no-manual-page-for-binary pktoip6
cjdns-python.noarch: W: no-manual-page-for-binary pingAll.py
cjdns-python.noarch: W: no-manual-page-for-binary cjdnsa
cjdns-python.noarch: W: no-manual-page-for-binary getLinks
cjdns-python.noarch: W: no-manual-page-for-binary ip6topk
cjdns-python.noarch: W: no-manual-page-for-binary findnodes
cjdns-python.noarch: W: no-manual-page-for-binary trashroutes
cjdns-python.noarch: W: no-manual-page-for-binary searches
cjdns-graph.noarch: W: no-documentation
cjdns-graph.noarch: W: no-manual-page-for-binary drawgraph
cjdns-graph.noarch: W: no-manual-page-for-binary graphStats
cjdns-graph.noarch: W: no-manual-page-for-binary dumpgraph
cjdns.src: W: spelling-error %description -l en_US scalability -> availability, sociability, implacability
cjdns.src:100: W: macro-in-comment %{name}
cjdns.src:100: W: macro-in-comment %{version}
cjdns.src:455: W: macro-in-%changelog %{_libdir}
cjdns.src:184: W: mixed-use-of-spaces-and-tabs (spaces: line 24, tab: line 184)
7 packages and 0 specfiles checked; 5 errors, 30 warnings.




Requires
--------
cjdns-selinux (rpmlib, GLIBC filtered):
    /bin/sh
    cjdns
    drupal8(core)
    policycoreutils
    selinux-policy-targeted

cjdns (rpmlib, GLIBC filtered):
    /bin/sh
    config(cjdns)
    drupal8(core)
    libc.so.6()(64bit)
    libnacl.so.0()(64bit)
    libpthread.so.0()(64bit)
    librt.so.1()(64bit)
    libstdc++.so.6()(64bit)
    rtld(GNU_HASH)
    shadow-utils
    systemd

cjdns-tools (rpmlib, GLIBC filtered):
    /usr/bin/node
    cjdns
    nodejs

cjdns-graph (rpmlib, GLIBC filtered):
    /usr/bin/python2
    cjdns-python
    python-networkx

cjdns-debuginfo (rpmlib, GLIBC filtered):

cjdns-python (rpmlib, GLIBC filtered):
    /bin/sh
    /usr/bin/python2
    cjdns
    drupal8(core)
    python



Provides
--------
cjdns-selinux:
    cjdns-selinux
    cjdns-selinux(x86-64)

cjdns:
    bundled(libuv)
    cjdns
    cjdns(x86-64)
    config(cjdns)

cjdns-tools:
    cjdns-tools
    cjdns-tools(x86-64)

cjdns-graph:
    cjdns-graph

cjdns-debuginfo:
    cjdns-debuginfo
    cjdns-debuginfo(x86-64)

cjdns-python:
    cjdns-python



Source checksums
----------------
https://github.com/cjdelisle/cjdns/archive/cjdns-v17.3.tar.gz :
  CHECKSUM(SHA256) this package     : 3193df651ad9c00f31ab04feb33f801645996f6647c89b63bcc327b48e17e602
  CHECKSUM(SHA256) upstream package : 3193df651ad9c00f31ab04feb33f801645996f6647c89b63bcc327b48e17e602


Generated by fedora-review 0.6.0 (3c5c9d7) last change: 2015-05-20
Command line :/usr/bin/fedora-review -b 1268716
Buildroot used: fedora-rawhide-x86_64
Active plugins: Python, Generic, Shell-api, C/C++
Disabled plugins: Java, SugarActivity, fonts, Haskell, Ocaml, Perl, R, PHP, Ruby
Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6
Comment 53 Stuart D Gathman 2016-03-10 18:28:27 EST
* Wed Mar  9 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-9
- Strip /8 from IPs printed by cjdns-online
- Add GPL3+ to cjdns-online
- ghost /etc/cjdroute.conf
- Include _isa formula in subpackage requires.

Spec URL: http://gathman.org/linux/SPECS/cjdns.spec
SRPM URL: http://gathman.org/linux/f22/src/cjdns-17.3-9.fc22.src.rpm
Comment 54 Stuart D Gathman 2016-03-10 19:25:08 EST
koji does not like the %{_isa} for the noarch subpackages.  I think I was correct the first time (with release 8).
Comment 55 Stuart D Gathman 2016-03-10 20:16:53 EST
- Mark nodejs and selinux noarch
- Remove %{?_isa} from noarch subpackages.

Spec URL: http://gathman.org/linux/SPECS/cjdns.spec
SRPM URL: http://gathman.org/linux/f23/src/cjdns-17.3-9.fc23.src.rpm

Koji is now happy.
Comment 57 Jared Smith 2016-03-15 11:32:26 EDT
Looks good -- you've addressed all my outstanding concerns, so I'm going to go ahead and mark this as approved.  I know it's been a lot of work, but I appreciate you sticking with it and pushing forward.
Comment 58 Kevin Fenzi 2016-03-21 15:47:48 EDT
I've sponsored you into the packager group, you can continue the process at 

https://fedoraproject.org/wiki/Join_the_package_collection_maintainers?rd=PackageMaintainers/Join#Add_Package_to_Source_Code_Management_.28SCM.29_system_and_Set_Owner

If you have any questions, feel free to contact me via irc (nick: nirik) or email.
Comment 59 Gwyn Ciesla 2016-03-22 09:43:51 EDT
Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/rpms/cjdns
Comment 60 Fedora Update System 2016-03-22 12:42:10 EDT
cjdns-17.3-10.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8fb1a8db25
Comment 61 Stuart D Gathman 2016-03-22 13:00:54 EDT
F22 is missing the required nacl-devel version for dynamic libraries (I removed static library support from the SPEC since it was built with -fpic instead of -fPIC and thus doesn't work for x86_64 or arm).  Since F22 is almost EOL, it is probably best to just skip it.  I'll see about asking the nacl maintainer to issue an update for f22 if he gets a chance.
Comment 62 Fedora Update System 2016-03-23 21:53:31 EDT
cjdns-17.3-10.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8fb1a8db25
Comment 63 Fedora Update System 2016-03-26 12:09:08 EDT
cjdns-17.3-10.el7 nacl-20110221-15.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0ee03feec9
Comment 64 Fedora Update System 2016-03-26 12:09:17 EDT
cjdns-17.3-10.el7 nacl-20110221-15.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0ee03feec9
Comment 65 Fedora Update System 2016-03-26 14:17:55 EDT
cjdns-17.3-10.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-eb3d6e16f1
Comment 66 Fedora Update System 2016-03-27 17:17:43 EDT
cjdns-17.3-10.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-eb3d6e16f1
Comment 67 Fedora Update System 2016-03-27 17:21:13 EDT
cjdns-17.3-10.el7, nacl-20110221-15.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0ee03feec9
Comment 68 Fedora Update System 2016-03-31 20:27:13 EDT
cjdns-17.3-10.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 69 Fedora Update System 2016-04-05 23:33:15 EDT
cjdns-17.3-11.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce63703998
Comment 70 Fedora Update System 2016-04-07 12:49:53 EDT
cjdns-17.3-11.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce63703998
Comment 71 Fedora Update System 2016-04-13 01:56:26 EDT
cjdns-17.3-10.el7, nacl-20110221-15.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 72 Fedora Update System 2016-04-13 02:24:54 EDT
cjdns-17.3-10.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Comment 73 Fedora Update System 2016-04-21 21:51:11 EDT
cjdns-17.3-11.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.