Spec URL: people.redhat.com/sgrubb/fapolicyd/fapolicyd.spec SRPM URL: people.redhat.com/sgrubb/fapolicyd/fapolicyd-0.8.5-1.src.rpm Description: Fapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights. Fedora Account System Username: sgrubb
Hello, - Not used in Fedora anymore: Group: BuildRoot: rm -rf $RPM_BUILD_ROOT %defattr(-,root,root,-) - Use the correct systemd macros: %{?systemd_requires} BuildRequires: systemd - the license file must be included with %license, not %doc: %files %doc README %license COPYING - These %attr(644,root,root) %attr(755,root,root) are not needed because they are already the default value. - COPYING contains GNU General Public License v3.0 but your license header contains GPLv2+. Please use GPLv3 or GPLv3+. - Please follow https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation to add user and group. Add Requires(pre): shadow-utils %pre getent group GROUPNAME >/dev/null || groupadd -r GROUPNAME getent passwd USERNAME >/dev/null || \ useradd -r -g GROUPNAME -d HOMEDIR -s /sbin/nologin \ -c "Useful comment about the purpose of this account" USERNAME exit 0 - In %files, for man pages, don't directly link to the gz extension but use a glob: %{_mandir}/man8/fapolicyd.8.* %{_mandir}/man5/fapolicyd.rules.5.* See https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages for rationale.
Thanks for the review. New SRPM and spec file reposted. (In reply to Robert-André Mauchin from comment #1) > Hello, > > - Not used in Fedora anymore: > > Group: > > BuildRoot: > > rm -rf $RPM_BUILD_ROOT > > %defattr(-,root,root,-) Removed > - Use the correct systemd macros: > > %{?systemd_requires} > BuildRequires: systemd Removed -devel > - the license file must be included with %license, not %doc: > > %files > %doc README > %license COPYING Fixed > - These %attr(644,root,root) %attr(755,root,root) are not needed because > they are already the default value. I like explicit permissions in case the make file has an accident. There are a number of executable man pages on Fedora. :-) > - COPYING contains GNU General Public License v3.0 but your license header > contains GPLv2+. Please use GPLv3 or GPLv3+. Doh! Fixed. > - Please follow > https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation > to add user and group. > Add Requires(pre): shadow-utils Fixed. > %pre > getent group GROUPNAME >/dev/null || groupadd -r GROUPNAME > getent passwd USERNAME >/dev/null || \ > useradd -r -g GROUPNAME -d HOMEDIR -s /sbin/nologin \ > -c "Useful comment about the purpose of this account" USERNAME > exit 0 I think the existing code should do the trick. The default behavior is to create both user and group unless overridden. So, checking the user should suffice for simple cases. > - In %files, for man pages, don't directly link to the gz extension but use > a glob: > > %{_mandir}/man8/fapolicyd.8.* > %{_mandir}/man5/fapolicyd.rules.5.* > > See https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages for > rationale. Fixed. I widened the glob as there will certainly be future man pages added.
Missing: 'BuildRequires: systemd-devel' BuildRequires - no multiple requires in one line. Every package should be on unique line. In files use macros i.e. etc: %{_sysconfdir} == /etc
(In reply to Marek Tamaskovic from comment #3) > Missing: 'BuildRequires: systemd-devel' I think we are good here. The report in Comment #1 was that the -devel needed to go. I check the systemd guidelines and that appears true: https://fedoraproject.org/wiki/Packaging:Systemd#Filesystem_locations rpm -ql systemd-devel shows nothing useful unless you are building a C program against libsystemd. > BuildRequires - no multiple requires in one line. Every package should be on > unique line. I can't find this in the packaging guidelines. Packaging guidelines just say all dependencies need to be stated. https://fedoraproject.org/wiki/Packaging:Guidelines#Build-Time_Dependencies_.28BuildRequires.29 > In files use macros i.e. etc: %{_sysconfdir} == /etc Fixed. New spec and SRPM posted.
I can't build that package without the systemd-devel Checking for required libraries checking for udev_device_get_devnode in -ludev... no configure: error: libudev not found error: Bad exit status from /var/tmp/rpm-tmp.f6JG6O (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.f6JG6O (%build)
Ah! You are right. We are using libudev and it has been subsumed into systemd. So, systemd-devel is appropriate. Fixed. New spec and SRPM is posted.
Issues: ======= - Dist tag is present. - Header files in -devel subpackage, if present. Note: fapolicyd-debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/event.h fapolicyd-debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/file.h fapolicyd- debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/lru.h fapolicyd-debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/message.h fapolicyd- debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/mounts.h fapolicyd-debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/notify.h fapolicyd- debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/nv.h fapolicyd- debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/object-attr.h fapolicyd-debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/object.h fapolicyd- debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/policy.h fapolicyd-debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/process.h fapolicyd- debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/queue.h fapolicyd-debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/rules.h fapolicyd-debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/subject-attr.h fapolicyd- debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/subject.h See: http://fedoraproject.org/wiki/Packaging/Guidelines#DevelPackages - Sources used to build the package match the upstream source, as provided in the spec URL. Note: Upstream MD5sum check error, diff is in /home/mtamasko/Work/pkg- review/fapolicyd/review-fapolicyd/diff.txt See: http://fedoraproject.org/wiki/Packaging/SourceURL Other issues: ============= [!]: %build honors applicable compiler flags or justifies otherwise. 'rpm_build_macro is not applied' [!]: Package consistently uses macros (instead of hard-coded directory names). 'path /sbin is not a macro %{_sbindir}' 'log path is not using macro %{_localstatedir}/log' Rpmlint ------- Checking: fapolicyd-0.8.5-1.x86_64.rpm fapolicyd-debuginfo-0.8.5-1.x86_64.rpm fapolicyd-debugsource-0.8.5-1.x86_64.rpm fapolicyd-0.8.5-1.src.rpm fapolicyd.x86_64: W: spelling-error %description -l en_US whitelisting -> white listing, white-listi ng, whitewashing fapolicyd.x86_64: W: spelling-error %description -l en_US fanotify -> fa notify, fa-notify, notify fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd fapolicyd fapolicyd.x86_64: E: non-standard-dir-perm /etc/fapolicyd 750 fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.mounts fapolicyd fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.rules fapolicyd fapolicyd.x86_64: W: log-files-without-logrotate ['/var/log/fapolicyd-access.log'] fapolicyd-debugsource.x86_64: W: no-documentation fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/e vent.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/e vent.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/f apolicyd.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/f ile.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/f ile.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/l ru.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/l ru.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/m essage.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/m essage.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/m ounts.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/m ounts.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/n otify.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/n otify.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/n v.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/o bject-attr.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/o bject-attr.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/o bject.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/o bject.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/p olicy.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/p olicy.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/p rocess.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/p rocess.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/r ules.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/r ules.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/s ubject-attr.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/s ubject-attr.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/s ubject.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/s ubject.h fapolicyd.src: W: spelling-error %description -l en_US whitelisting -> white listing, white-listing, whitewashing fapolicyd.src: W: spelling-error %description -l en_US fanotify -> fa notify, fa-notify, notify fapolicyd.src: W: file-size-mismatch fapolicyd-0.8.5.tar.gz = 398677, https://people.redhat.com/sgru bb/fapolicyd/fapolicyd-0.8.5.tar.gz = 398610 4 packages and 0 specfiles checked; 29 errors, 10 warnings. Rpmlint (installed packages) ---------------------------- sh: /usr/bin/python: No such file or directory fapolicyd-debuginfo.x86_64: W: invalid-url URL: http://people.redhat.com/sgrubb/fapolicyd <urlopen e rror [Errno -2] Name or service not known> fapolicyd-debugsource.x86_64: W: invalid-url URL: http://people.redhat.com/sgrubb/fapolicyd <urlopen error [Errno -2] Name or service not known> fapolicyd-debugsource.x86_64: W: no-documentation fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/e vent.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/e vent.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/f apolicyd.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/f ile.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/f ile.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/l ru.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/l ru.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/m essage.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/m essage.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/m ounts.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/m ounts.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/n otify.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/n otify.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/n v.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/o bject-attr.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/o bject-attr.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/o bject.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/o bject.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/p olicy.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/p olicy.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/p rocess.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/p rocess.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/r ules.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/r ules.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/s ubject-attr.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/s ubject-attr.h fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/s ubject.c fapolicyd-debugsource.x86_64: E: incorrect-fsf-address /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/s ubject.h fapolicyd.x86_64: W: spelling-error %description -l en_US whitelisting -> white listing, white-listi ng, whitewashing fapolicyd.x86_64: W: spelling-error %description -l en_US fanotify -> fa notify, fa-notify, notify fapolicyd.x86_64: W: invalid-url URL: http://people.redhat.com/sgrubb/fapolicyd <urlopen error [Errn o -2] Name or service not known> fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd fapolicyd fapolicyd.x86_64: E: non-standard-dir-perm /etc/fapolicyd 750 fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.mounts fapolicyd fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.mounts fapolicyd fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.rules fapolicyd fapolicyd.x86_64: W: log-files-without-logrotate ['/var/log/fapolicyd-access.log'] 3 packages and 0 specfiles checked; 29 errors, 10 warnings. Source checksums ---------------- https://people.redhat.com/sgrubb/fapolicyd/fapolicyd-0.8.5.tar.gz : CHECKSUM(SHA256) this package : 225436757118535b6ffd5a87b8fb9f560599a46954edcab581bd51c4586ab4 5f CHECKSUM(SHA256) upstream package : 10a18cb18a835911599d62bc10e2268105dac37453420e19509fa43bd88a01 74 diff -r also reports differences ==================================================================== Why are you using /sbin in configure? On your github you are working with /usr/sbin. Working with /sbin is not standard. And why are you using runtime arguments with %configure? Why are you ghosting the log file?
Created attachment 1396423 [details] first review checklist
And build is passing: https://koji.fedoraproject.org/koji/taskinfo?taskID=25067209
>Why are you using /sbin in configure? On your github you are working with >/usr/sbin. Working with /sbin is not standard. Its because /sbin is where daemons belong on most distributions. To fix this means also changing the systemd.service file. And this spec file is exactly the upstream spec file. Regardless, changed to /usr/sbin. > And why are you using runtime arguments with %configure? Because ./configure takes options like whether or not to use the audit library. >Why are you ghosting the log file? Because it doesn't always exist but if it does, then we want to claim ownership when someonme runs rpm -qf /var/log/fapolicyd-access.log. This is normal for log files. New spec and SRPM posted.
If the daemon is not required during boot or recovery it is supposed to go to /usr/sbin.[1] And change RPM_BUILD_ROOT variable to macro `%{buildroot}`. It should be consistent. Don't mix macros and variables. [1] - http://www.pathname.com/fhs/pub/fhs-2.3.html#SBINSYSTEMBINARIES
(In reply to Marek Tamaskovic from comment #11) > If the daemon is not required during boot or recovery it is supposed to go > to /usr/sbin.[1] This was already moved in last respin. :-) Is there something else wrong? > And change RPM_BUILD_ROOT variable to macro `%{buildroot}`. It should be > consistent. Don't mix macros and variables. I'm not mixing styles. %{buildroot} is not used anywhere, and RPM_BUILD_ROOT is used once. I prefer using RPM_BUILD_ROOT. The rule is about using both in the same spec file. So...are we done? I think everything has been fixed. :-)
In %build section you are using macro style and in %install you are using variable style. Choose one. [1] Fix the rpmlint incorrect-fsf-address as well. [1] https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#Using_.25.7Bbuildroot.7D_and_.25.7Boptflags.7D_vs_.24RPM_BUILD_ROOT_and_.24RPM_OPT_FLAGS
>In %build section you are using macro style and in %install you are > using variable style. Choose one. To make sure we are looking at the same thing, this is what I see in the spec file: %build %configure --with-audit make CFLAGS="%{optflags}" %{?_smp_mflags} %install make DESTDIR="${RPM_BUILD_ROOT}" INSTALL='install -p' install There is no %{buildroot} anywhere. It only uses ${RPM_BUILD_ROOT}. Will check on the fsf address. But if we can close the above issue, then I can do a respin with updated fsf address.
(In reply to Steve Grubb from comment #14) > >In %build section you are using macro style and in %install you are > > using variable style. Choose one. > > To make sure we are looking at the same thing, this is what I see in the > spec file: > > %build > %configure --with-audit > make CFLAGS="%{optflags}" %{?_smp_mflags} > > %install > make DESTDIR="${RPM_BUILD_ROOT}" INSTALL='install -p' install I think the point is to use "%{buildroot}" instead of "${RPM_BUILD_ROOT}" so that macros are used everywhere instead of mixing them with usage of variables.
The guidelines say we can use the variables as long as we are self consistent. There are no uses of %{buildroot}, so it is self consistent. However, its not worth discussing. I changed it and updated the FSF address. New spec file and SRPM are posted.
(In reply to Steve Grubb from comment #16) > The guidelines say we can use the variables as long as we are self > consistent. There are no uses of %{buildroot}, so it is self consistent. Consistent would be to use "%{optflags}" and "%{buildroot}". Or "$RPM_OPT_FLAGS" and "$RPM_BUILD_ROOT". Macros or variables, not both. See the official guidelines: https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#Using_.25.7Bbuildroot.7D_and_.25.7Boptflags.7D_vs_.24RPM_BUILD_ROOT_and_.24RPM_OPT_FLAGS > However, its not worth discussing. I changed it and updated the FSF address. > New spec file and SRPM are posted. Thanks!
Rpmlint ------- Checking: fapolicyd-0.8.5-1.x86_64.rpm fapolicyd-debuginfo-0.8.5-1.x86_64.rpm fapolicyd-debugsource-0.8.5-1.x86_64.rpm fapolicyd-0.8.5-1.src.rpm fapolicyd.x86_64: W: spelling-error %description -l en_US whitelisting -> white listing, white-listi ng, whitewashing fapolicyd.x86_64: W: spelling-error %description -l en_US fanotify -> fa notify, fa-notify, notify fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd fapolicyd fapolicyd.x86_64: E: non-standard-dir-perm /etc/fapolicyd 750 fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.mounts fapolicyd fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.rules fapolicyd fapolicyd.x86_64: W: log-files-without-logrotate ['/var/log/fapolicyd-access.log'] fapolicyd-debugsource.x86_64: W: no-documentation fapolicyd.src: W: spelling-error %description -l en_US whitelisting -> white listing, white-listing, whitewashing fapolicyd.src: W: spelling-error %description -l en_US fanotify -> fa notify, fa-notify, notify 4 packages and 0 specfiles checked; 1 errors, 9 warnings. -------------------------------------------------------- Now I am satisfied with spec file. The build is passing so I think we are done here. https://koji.fedoraproject.org/koji/taskinfo?taskID=25087975
One thing, why are you using some obscure file permissions?
It is using non-standard permissions because the people being watched should not be able to see the actual policy to work out loop holes in the policy. The group permission is so that the daemon can reread its config files on a SIGHUP once that is supported.
(fedrepo-req-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/fapolicyd
fapolicyd-0.8.5-1 was built into rawhide. Thanks for the assistance.