Spec URL: https://athmane.fedorapeople.org/review/mod_security3.spec SRPM URL: https://athmane.fedorapeople.org/review/mod_security3-0.1.1-0.20170821git4e8854c.fc27.src.rpm Description: The ModSecurity-apache connector is the connection point between Apache and libmodsecurity (ModSecurity v3). Said another way, this project provides a communication channel between Apache and libmodsecurity. This connector is required to use LibModSecurity with Apache. Fedora Account System Username: athmane
Rpmlint output: mod_security3.spec:38: W: unversioned-explicit-provides mod_security mod_security3.src: W: spelling-error %description -l en_US libmodsecurity -> molecularity mod_security3.src:38: W: unversioned-explicit-provides mod_security mod_security3.x86_64: W: spelling-error %description -l en_US libmodsecurity -> molecularity mod_security3.x86_64: E: non-standard-dir-perm /var/lib/mod_security3 770 2 packages and 1 specfiles checked; 1 errors, 4 warnings. NB. This pkg depends on libmodsecurity (v3) which is available only in rawhide.
Hello, - Build fails because you're missing a bunch of BR: /usr/bin/ld: cannot find -lcurl /usr/bin/ld: cannot find -lGeoIP /usr/bin/ld: cannot find -lyajl /usr/bin/ld: cannot find -lxml2 /usr/bin/ld: cannot find -lz /usr/bin/ld: cannot find -llzma /usr/bin/ld: cannot find -lpcre collect2: error: ld returned 1 exit status Here is the needed BR: BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(geoip) BuildRequires: pkgconfig(yajl) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpcre) Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "GPL (v2 or later)", "Unknown or generated", "*No copyright* Apache (v2.0)". 88 files have unknown license. Detailed output of licensecheck in /home/bob/packaging/review/mod_security3/review- mod_security3/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [-]: Package does not own files or directories owned by other packages. /etc/httpd/modsecurity.d/activated_rules(mod_security), /etc/httpd/modsecurity.d/local_rules(mod_security), /etc/httpd/modsecurity.d(mod_security) [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: %config files are marked noreplace or the reason is justified. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in mod_security3-debuginfo , mod_security3-debugsource [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Package should not use obsolete m4 macros [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: mod_security3-0.1.1-0.20170821git4e8854c.fc28.x86_64.rpm mod_security3-debuginfo-0.1.1-0.20170821git4e8854c.fc28.x86_64.rpm mod_security3-debugsource-0.1.1-0.20170821git4e8854c.fc28.x86_64.rpm mod_security3-0.1.1-0.20170821git4e8854c.fc28.src.rpm mod_security3.x86_64: W: spelling-error %description -l en_US libmodsecurity -> molecularity mod_security3.x86_64: E: non-standard-dir-perm /var/lib/mod_security3 770 mod_security3-debugsource.x86_64: W: no-documentation mod_security3.src: W: spelling-error %description -l en_US libmodsecurity -> molecularity mod_security3.src:45: W: unversioned-explicit-provides mod_security mod_security3.src: E: specfile-error warning: line 41: Possible unexpanded macro in: Requires: httpd-mmn = %{_httpd_mmn} 4 packages and 0 specfiles checked; 2 errors, 4 warnings.
Sorry I forget to put the full BR, fixed now. mod_security3 and mod_security are supposed to use the same rules hence the shared ownership of some directories (it's not the case at the moment since v3 is not feature complete yet) SPEC: https://athmane.fedorapeople.org/review/libmodsecurity.spec SRPM: https://athmane.fedorapeople.org/review/mod_security3-0.1.1-0.20170821git4e8854c.1.fc27.src.rpm Koji: https://koji.fedoraproject.org/koji/taskinfo?taskID=22811086
Ok, package accepted.
(fedrepo-req-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/mod_security3
This package was never imported, but the repo was created... Othman, do you want to push it to the repos, or should we properly retire the package?
(In reply to Mattia Verga from comment #6) > This package was never imported, but the repo was created... Othman, do you > want to push it to the repos, or should we properly retire the package? Yes, I'm planning to import it on the current Fedora Rawhide and EPEL8 if possible, and retire mod_sec2 and leave it only on the old branches. Initially, I thought it was easy to share the rules and keep both of them in parallel, afterward I realized that the format of the rules is not grantee to be compatible with the old mod_sec2 ie. to keep mod_sec2 one needs to keep the old rules as well.
I previously didn't look throughly and I'm a bit confused here: this review is for package 'mod_security3' and the repo 'mod_security3' was created, but the latest spec file you uploaded in this review is named 'libmodsecurity', which seems to exist in Fedora repositories and at a first glance it seems the same as this one...
(In reply to Mattia Verga from comment #8) > I previously didn't look throughly and I'm a bit confused here: this review > is for package 'mod_security3' and the repo 'mod_security3' was created, but > the latest spec file you uploaded in this review is named 'libmodsecurity', > which seems to exist in Fedora repositories and at a first glance it seems > the same as this one... Starting from mod_security v3, upstream split the core filtering library from the Apache module, so it can be used with different webservers (right now Microsoft IIS and Nginx are supported). libmodsecurity is already pushed in Fedora and EPEL long time ago, this review is for mod_security3 which itself depends on libmodsecurity, at the time of the review it was still in beta/RC. I hope that clears up the confusion.
So, here we go again: any progress? This was originally approved 4 years ago, so the review is greatly outdated, either import it or I will proceed and ask releng to retire the package repository.
Imported in rawhide, although it will not replace mod_security2 yet since upstream still consider mod_security3 as beta Quote from upstream: NOTE: This project is not production ready This project should be considered under development and not production ready. The functionality is not complete and so should not be used. With Apache HTTP Server, the recommended version of ModSecurity is v2.9.x.