Spec Name or Url: http://rpm.greysector.net/extras/clamsmtp.spec SRPM Name or Url: http://rpm.greysector.net/extras/clamsmtp-1.6-1.src.rpm Description: ClamSMTP is an SMTP filter that checks for viruses using ClamAV. It aims to be lightweight, reliable, and simple.
(NB I am not a reviewer, these are just comments) 1. BuildRoot should probably be: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) 2. $rpm -ivh clamsmtp-1.6-1.i386.rpm Preparing... ########################################### [100%] 1:clamsmtp ########################################### [100%] error reading information on service clamsmtpd: No such device error: %post(clamsmtp-1.6-1.i386) scriptlet failed, exit status 1 This is because the clamsmtpd init script is ending up in a subdirectory: $ls -ld /etc/init.d/clamsmtpd drwxr-xr-x 2 root root 4096 Jan 10 14:37 /etc/init.d/clamsmtpd fix to the spec: 32c32 < %{__install} -d %{buildroot}%{_initrddir}/clamsmtpd --- > %{__install} -d %{buildroot}%{_initrddir} 3. rpmlint says: E: clamsmtp non-standard-gid /etc/clamsmtpd.conf clamav This is tricky. clamsmtp does require clamav, which creates the clamav user in its %post, but that seems a bit fragile in case the clamav package changes. Also, the "clamav" user in the clamav package owns the virus databases, so having daemons run as the same user is not a good idea. It would probably be better for the package to create its own "clamsmtp" user to run as and own the config. 4. W: clamsmtp no-reload-entry /etc/rc.d/init.d/clamsmtpd from "man clamsmtpd" it does not have a reload signal. W: clamsmtp incoherent-init-script-name clamsmtpd It would probably be better to rename this to "clamsmtp", to match the package name. Ditto the init file refers to "ClamSmtpd" which should perhaps be "clamsmtp" 4. I wonder if /etc/clamsmtpd.conf should be mode 0640 rather than 0644, for privacy? 5. the %doc "scripts/clamsmtpd.sh" can probably be removed, it seems to just be a crude init script. other than that, a few things I checked: - Naming looks OK - license is OK (BSD) - license in spec matches package - license is packaged in %doc - spec file is in en_US - spec is legible - source matches upstream - package builds - package superficially works (it runs) - ldconfig not necessary - no locales - no relocation - no directories created and therefore needing ownership - permissions look ok - %clean is present - package uses macros - %doc is docs. scripts/virus_action.sh is an example, so that's OK. - scriptlets look sane, with Requires(post) and (postun)
1. Fixed. 2. Fixed. 3. for now I just left it root-owned. 4. Naming is tricky, because the software (and the tarball) is called clamsmtp by its author, even though the daemon is clamsmtpd and the config file is clamsmtpd.conf. What should I do then? 5. Fixed. Thanks for the comments!
you should post the SPEC and SRPM every comment when possible. Also increment the revision number every time you post. Also, postun should require /sbin/service not /sbin/chkconfig
Fixed. http://rpm.greysector.net/extras/clamsmtp-1.6-2.src.rpm (spec as above)
Created attachment 127527 [details] Change default port to make it work with SELinux I have two comments : - "condrestart" does not exist in the init script, and you use this option in the scriptlets. You'll have to add it to the init script. - The setup with postfix explained on clamsmtpd's website will not work with SELinux enabled (and it's the default). Postfix is not allowed to listen on port 10026 as requested on http://memberwebs.com/nielsen/software/clamsmtp/postfix.html but it may listen on port 10025 (this is the default for amavis). I think the best solution would be to have clamsmtp listen on port 10024, like amavis, and forward mails to postfix on port 10025. Two ways to do this: 1. only patch the config file and enable the option to have it listen on the non-default port 2. make port 10024 the default. Here's a patch that does (2). Doing (1) has its benefits too, since it avoids patching the source code. In any case, a README.Fedora is a must-have to explain what's going on. I've written one, I'll attach it right afterwards. add selinux patch and readme
Created attachment 127528 [details] README for SELinux Please install this file as README.Fedora. You can edit it all you want, I'm not a native english speaker and there may be mistakes. Both options are fine to me, but if you choose to only patch the config file, make sure you edit this readme accordingly.
Dropping FE-NEEDSPONSOR. Tom Callaway offered sponsorship in bug 177235 (and bugzilla change-several-bugs-at-once feature requires me to add/edit something).
It's been about a year since anything happened here. I'll fix up the flags but if this submission isn't going anywhere then this ticket should be closed, and indeed I'll close it if there's no response soon.