Spec URL: http://people.redhat.com/fitzsim/bouncycastle.spec SRPM URL: http://people.redhat.com/fitzsim/bouncycastle-1.33-1.src.rpm Description: The Bouncy Castle JCE provider.
I'm introducing this package because currently we include the BouncyCastle JCE in java-1.4.2-gcj-compat, whereas it really deserves to be its own package. I don't think BouncyCastle should go in Extras because it is a crypto library and therefore needs approval by Red Hat legal. The upstream BouncyCastle tarball includes the patented IDEA algorithm. The tarball in this SRPM has those sources and references removed.
NEEDSWORK: - Buildroot should be %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - Remove Epoch: 0 - Specifying 0 epoch on Requires and BuildRequires is not necessary. Remove them. - RPM_BUILD_ROOT=bctmp aot-compile-rpm <-- what is this doing? Why reset the buildroot? - Post and postun scripts should probably have logic for final removal vs upgrade. As it stands you'll run rebuild-security-providers and rebuild-gcj-db twice every time you upgrade the package. Once for the new package, and once for removing the old package. rpmlint output: E: bouncycastle zero-length /etc/java/security/security.d/2000-org.bouncycastle.jce.provider.BouncyCastleProvider W: bouncycastle-debuginfo objdump-failed objdump: /tmp/bouncycastle-debuginfo-1.33-1.x86_64.rpm.17761/usr/lib/debug/usr/lib64/gcj/bouncycastle/bcprov-1.33.jar.so.debug: File format not recognized W: bouncycastle mixed-use-of-spaces-and-tabs W: bouncycastle non-conffile-in-etc /etc/java/security/security.d/2000-org.bouncycastle.jce.provider.BouncyCastleProvider W: bouncycastle objdump-failed objdump: /tmp/bouncycastle-1.33-1.x86_64.rpm.17761/usr/lib64/gcj/bouncycastle/bcprov-1.33.jar.so: File format not recognized The Zero length file, I see it just being touched. Does it just need to exist? If so, we can ignore the error. However it should be marked as a config file. Not sure about the objdump warnings.
(In reply to comment #2) > NEEDSWORK: > - Buildroot should be %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Done. > - Remove Epoch: 0 Done. > - Specifying 0 epoch on Requires and BuildRequires is not necessary. Remove them. Done. > - RPM_BUILD_ROOT=bctmp aot-compile-rpm <-- what is this doing? Why reset the > buildroot? Yeah, I realized I don't need this, it's already done by aot-compile-rpm in the %install section. > - Post and postun scripts should probably have logic for final removal vs > upgrade. As it stands you'll run rebuild-security-providers and rebuild-gcj-db > twice every time you upgrade the package. Once for the new package, and once > for removing the old package. OK. > > rpmlint output: > > E: bouncycastle zero-length > /etc/java/security/security.d/2000-org.bouncycastle.jce.provider.BouncyCastleProvider > W: bouncycastle-debuginfo objdump-failed objdump: > /tmp/bouncycastle-debuginfo-1.33-1.x86_64.rpm.17761/usr/lib/debug/usr/lib64/gcj/bouncycastle/bcprov-1.33.jar.so.debug: > File format not recognized > W: bouncycastle mixed-use-of-spaces-and-tabs > W: bouncycastle non-conffile-in-etc > /etc/java/security/security.d/2000-org.bouncycastle.jce.provider.BouncyCastleProvider > W: bouncycastle objdump-failed objdump: > /tmp/bouncycastle-1.33-1.x86_64.rpm.17761/usr/lib64/gcj/bouncycastle/bcprov-1.33.jar.so: > File format not recognized > > The Zero length file, I see it just being touched. Does it just need to exist? > If so, we can ignore the error. However it should be marked as a config file. The filename 2000-org.bouncycastle.jce.provider.BouncyCastleProvider is interpreted by rebuild-security-providers as <provider priority>-<provider package name>, and is used to rebuild /usr/lib/security/classpath.security. Its contents are meaningless. I don't want to mark it as %config because then if someone edits it and then updates, a backup file with the extension .rpmsave will be created and will cause a bogus entry to appear in /usr/lib/security/classpath.security. > > Not sure about the objdump warnings. I ran rpmlint (0.77-1.fc5) on my x86 workstation and didn't see those warnings. I'll post the updated package shortly.
Updated Spec URL: http://people.redhat.com/fitzsim/bouncycastle.spec Updated SRPM URL: http://people.redhat.com/fitzsim/bouncycastle-1.33-2.src.rpm
No more rpmlint errors. Package approved. I assume that this will be marked as a dep of some other package, and it doesn't need to go into Comps right?
Is the intention of %{_javadir}/gcj-endorsed that only gcj (not other JVMs) should be using stuff from there? Other JVMs, eg. the Sun one, would have problems with the jar because it's not signed.
(In reply to comment #6) > Is the intention of %{_javadir}/gcj-endorsed that only gcj (not other JVMs) > should be using stuff from there? Other JVMs, eg. the Sun one, would have > problems with the jar because it's not signed. Yes, I'm not supporting non-GNU Classpath based JVMs with this RPM.
(In reply to comment #5) > No more rpmlint errors. Package approved. > > I assume that this will be marked as a dep of some other package, and it doesn't > need to go into Comps right? For now let's leave it out.
Was built into rawhide.
Package Change Request ====================== Package Name: bouncycastle New Branches: EL-5 Owners: stevetraylen Quoting the fedora owner from bug #571580: Hi' I have been dealing with bouncycastle updates for the last year. I have no interest in EPEL, so go ahead. Ask for cvs.
cvs done.
Package Change Request ====================== Package Name: bouncycastle New Branches: f20 Owners: mbooth The F20 branch was erroneously retired in pkgdb.
Unretired, take ownership.