Spec URL: https://api.nicehomeservices.com/images/temp/kde-inotify-survey.spec SRPM URL: https://api.nicehomeservices.com/images/temp/kde-inotify-survey-1.0.0-1.fc39.src.rpm Description: Tooling for monitoring inotify limits and informing the user when they have been or about to be reached. Fedora Account System Username: farchord
Copr build: https://copr.fedorainfracloud.org/coprs/build/5563796 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2173178-kde-inotify-survey/fedora-rawhide-x86_64/05563796-kde-inotify-survey/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Updated quite a few things in the spec, and reuploaded files. [fedora-review-service-build]
Created attachment 1946208 [details] The .spec file difference from Copr build 5563796 to 5564269
Copr build: https://copr.fedorainfracloud.org/coprs/build/5564269 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2173178-kde-inotify-survey/fedora-rawhide-x86_64/05564269-kde-inotify-survey/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
kde-inotify-survey.x86_64: E: communication not allowed /usr/share/dbus-1/system.d/org.kde.kded.inotify.conf This error I very much have no idea what to do about.
Opened an issue upstream about the rpmlint issue: https://bugs.kde.org/show_bug.cgi?id=466366 and a bug on the rpmlint package about the ambiguous and misformatted error message: https://github.com/rpm-software-management/rpmlint/issues/1008
Is there anything I can do to get this pushed through, or do we need to wait for upstream? Just checking to see if there's anything I can do, thanks!
The rpmlint issue seems to have been resolved: https://github.com/rpm-software-management/rpmlint/pull/1011/files $ rpmlint -e dbus-policy-missing-allow dbus-policy-missing-allow: Every dbus config normally needs a line of the form <allow send_destination="org.foo.bar"/> or similar. If that is missing the service will not work with a dbus that uses deny as default policy Is a patch needed?
(In reply to Benson Muite from comment #8) > The rpmlint issue seems to have been resolved: > https://github.com/rpm-software-management/rpmlint/pull/1011/files > > $ rpmlint -e dbus-policy-missing-allow > dbus-policy-missing-allow: > Every dbus config normally needs a line of the form <allow > send_destination="org.foo.bar"/> or similar. If that is missing the service > will not work with a dbus that uses deny as default policy > > Is a patch needed? Yeah i already notified upstream. I am not sure how to go at it myself as that specific file is created during the build process and doesn't exist as a source file.
So I'm trying to understand what's needed to go forward on this. The rpmlint error mentions a missing allow, but the config does have an allow. This is the content of the config file: <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <!-- Only user root can own the foo helper --> <policy user="root"> <allow own="org.kde.kded.inotify"/> </policy> </busconfig> And honestly, I'm looking at other dbus configs installed on my system, they all largely use the same format with the almost same structure (Minus the "own" parameter for obvious reasons). Also, after checking out https://dbus.freedesktop.org/doc/dbus-daemon.1.html, I see this: Rules with the own or own_prefix attribute are checked when a connection attempts to own a well-known bus names. As a special case, own="*" matches any well-known bus name. The well-known session bus normally allows any connection to own any name, while the well-known system bus normally does not allow any connection to own any name, except where allowed by further configuration. System services that will own a name must install configuration that allows them to do so, usually via rules of the form <policy user="some-system-user"><allow own="…"/></policy>. So I'm not sure if rpmlint's being too overzealous in this case. Also, I installed the package and it does work on my machine. I'm not sure what the procedure is here, is there any way we can let this pass?
Examining this.
(In reply to Benson Muite from comment #11) > Examining this. @benson_muite any news on this? It would be interesting if we'd knew what we need to do to continue with this package-review and, also, to know if we need to fix stuff in other packages.
Further issues from fedora-review 0.9.0 (6761b6c): 1) Package must own all directories that it creates. Note: Directories without known owners: /usr/share/dbus-1, /usr/lib64/qt5/plugins/kf5/kded, /usr/share/polkit-1, /usr/share/polkit-1/actions These directories should owned by dependencies: https://docs.fedoraproject.org/en-US/packaging-guidelines/UnownedDirectories/ Maybe explicit requires should be added to the spec? 2) kde-inotify-survey.src: W: inconsistent-file-extension kde-inotify-survey-1.0.0.tar.zst $ rpmlint -e inconsistent-file-extension inconsistent-file-extension: The file name extension indicates a different compression format than what is actually used (as checked by file(1)). $ file kde-inotify-survey-1.0.0.tar.zst kde-inotify-survey-1.0.0.tar.zst: Zstandard compressed data (v0.8+), Dictionary ID: None Is this a bug as zst seems to be supported? 3) kde-inotify-survey.x86_64: E: communication not allowed /usr/share/dbus-1/system.d/org.kde.kded.inotify.conf Maybe a dbus activation file is needed? https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#activation_dbus 4) There are multiple licenses used, in particular GPL3, GPL2, LGPL2.1 and CCO, probably some of these should be added and a license breakdown given. 5) OpenSUSE seems to check signatures: https://build.opensuse.org/package/show/KDE:Applications/kde-inotify-survey Could this be done as well?
Releases do not seem to have zst file: https://invent.kde.org/system/kde-inotify-survey/-/releases
Sorry, there is a signed zst file.
Updated the spec and source: 2) I updated the spec to use the .tar.gz error. It should dodge the .tar.zst error (No idea why that even showed, but there's a way to avoid it, so....) 1) I added the requires that should fix the errors about nothing owning those folders. Though I'm not seeing that in my fedora-review output so I can't verify. 3) The "communication-not-allowed" bug is the one giving me much grief. I tried to add a systemd activator service as instructed by https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/ as the package already has a dbus activator service. But the rpmlint error remained. So I removed that from the spec as it doesn't seem to be the problem in this case. 4) I updated the spec to point to the additional licenses. 5) I checked, the opensuse package seems to be using the unstable source, while we use the stable source. I checked, and there doesn't seem to be a signature for the stable version. Thank you
[fedora-review-service-build]
Created attachment 1953194 [details] The .spec file difference from Copr build 5564269 to 5698868
Copr build: https://copr.fedorainfracloud.org/coprs/build/5698868 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2173178-kde-inotify-survey/fedora-rawhide-x86_64/05698868-kde-inotify-survey/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Let me know what you'd like to do in this matter. This specific error occurs on many kde packages. I've been talking with the kde sig alot, and we're unsure that's a real issue, as I tested the package (Using it right now and tried triggering it with success) and as I mentioned, this kind of error for some reason shows in many kde packages. Though if there is indeed an issue, I'd really like to find it, but I spent a few hours on this one up til now and didn't find a fix for it yet
Thanks for the updates. Can you add a license breakdown in the spec file, see: https://download.copr.fedorainfracloud.org/results/%40fedora-review/fedora-review-2173178-kde-inotify-survey/fedora-rawhide-x86_64/05698868-kde-inotify-survey/fedora-review/licensecheck.txt There is a fix to the reported issue on GitHub: https://github.com/rpm-software-management/rpmlint/pull/1009/files Probably a fix to the conf file is required.
I went ahead and uploaded an updated version of the spec with the licensing breakdown. I'm trying to see about building the latest rpmlint to see what happens of this error.
A number of Deepin desktop packages have send_interface in their conf files. For KDE, some that do are: org.kde.kpmcore.helperinterface.conf: send_interface="org.kde.kpmcore.externalcommand"/> org.kde.kf5auth.conf: <allow send_interface="org.kde.kf5auth"/> Most KDE conf files do not have explicit listings of send_interface Maybe it is helpful to check: https://dbus.freedesktop.org/doc/dbus-daemon.1.html Perhaps also list the configuration and service files explicitly: %{_datadir}/dbus-1/system.d/org.kde.kded.inotify.conf %{_datadir}/dbus-1/system-services/org.kde.kded.inotify.service
Yeah I went ahead and added it in the spec. Though for now I set it as "*" because I honestly have no idea where it needs to be allowed to send to, but that gets rid of the lint error. I updated the spec. [fedora-review-service-build]
Copr build: https://copr.fedorainfracloud.org/coprs/build/5700741 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2173178-kde-inotify-survey/fedora-rawhide-x86_64/05700741-kde-inotify-survey/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Okay, so it still shows on the latest release of rpmlint, but I installed the latest git version and the error seemed to be gone for me
This is with the latest git of rpmlint: Rpmlint ------- Checking: kde-inotify-survey-1.0.0-1.fc39.x86_64.rpm kde-inotify-survey-debuginfo-1.0.0-1.fc39.x86_64.rpm kde-inotify-survey-debugsource-1.0.0-1.fc39.x86_64.rpm kde-inotify-survey-1.0.0-1.fc39.src.rpm ================================================================= rpmlint session starts ================================================================= rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmprq9i1nc2')] checks: 32, packages: 4 kde-inotify-survey.x86_64: W: no-manual-page-for-binary kde-inotify-survey =========================== 4 packages and 0 specfiles checked; 0 errors, 1 warnings, 26 filtered, 0 badness; has taken 0.2 s ============================ Rpmlint (debuginfo) ------------------- Checking: kde-inotify-survey-debuginfo-1.0.0-1.fc39.x86_64.rpm ================================================================= rpmlint session starts ================================================================= rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmp5loooayr')] checks: 32, packages: 1 =========================== 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 14 filtered, 0 badness; has taken 0.1 s ============================ Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 3 kde-inotify-survey.x86_64: W: no-manual-page-for-binary kde-inotify-survey 3 packages and 0 specfiles checked; 0 errors, 1 warnings, 0 badness; has taken 0.5 s
I submitted a PR to KDE to fix the issue with kauth (The source of the dbus config problem). For now, after talking with the KDE sig and checking Fedora's best practices on the subject, I added a source file to the spec that fixes that specific file. I added it to this url (Didn't know how to add it to the topmost post): https://api.nicehomeservices.com/images/temp/org.kde.kded.inotify.conf
One last update.... updated the Source1 in the spec to point to the temporary url for the replacement config (That'll be modified later once I have the distgit).
Btw I made a PR on the KDE Bugtracker for this: https://invent.kde.org/frameworks/kauth/-/merge_requests/44#note_648465
Hello @benson_muite Is there anything further I can do to push this along? Thank you!
Thanks. Checking dbus documentation. Sorry for the delay.
Your changes were merged. This application only needs to interact with org.freedesktop.Notifications though there seem to be bugs in some desktop environments: https://bugzilla.redhat.com/show_bug.cgi?id=484945 Perhaps should just use org.freedesktop.Notifications in org.kde.kded.inotify.conf ? Rather than allowing everything.
I went ahead and did the changes you suggested. I decided to test for good measure, I removed the package I already installed and replaced it with the modified one. Tried to lower my fs.inotify.max_user_watches and waited a bit, and the notification did pop up. So I think it works, on KDE at least. But honestly, it's the main platform it's meant for anyway. Anything else I can do @benson_muite ?
Built on all architectures: https://copr.fedorainfracloud.org/coprs/fed500/kde-inotify-survey/build/5939231/ File at: https://api.nicehomeservices.com/images/temp/org.kde.kded.inotify.conf does not seem to have been updated.
Yeah that's my bad, I updated the dbus patch.diff file, but the spec no longer uses that. I updated the .conf file I'm using, and re-tested it with success. It should be good to go now.
Checking. To get tests to run use %{cmake_kf5} -DBUILD_TESTING=ON Then add %check %ctest to the spec file. Arch does not seem to need a modified conf file: https://gitlab.archlinux.org/archlinux/packaging/packages/kde-inotify-survey/-/blob/main/PKGBUILD https://archlinux.org/packages/extra/x86_64/kde-inotify-survey/ Maybe there is a problem with Fedora setup?
Done, I updated the spec with the testing changes. Build was successful locally on mock. As far as the config, the reason why I added a different config is because rpmlint was giving an error related to dbus permissions caused by the file (See comment #8 on this thread). So this is a Fedora specific change.
Copr build: https://copr.fedorainfracloud.org/coprs/build/5970727 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2173178-kde-inotify-survey/fedora-rawhide-x86_64/05970727-kde-inotify-survey/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Are we ready to release this one, @benson_muite ?
Thanks for adding the tests and your patience in getting this package into Fedora. a) Please update org.kde.kded.inotify.conf file to use just org.freedesktop.Notifications rather than * for everything. This has a security implication, and would be best to allow for least required privileges - which is why for example one does not use root, even though it would be convenient. Will check on kauth separately, figure out if something is needed to improve a secure Fedora KDE experience. b) Output of last build : https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2173178-kde-inotify-survey/fedora-rawhide-x86_64/05970727-kde-inotify-survey/fedora-review/review.txt indicates: - Sources used to build the package match the upstream source, as provided in the spec URL. Note: Upstream MD5sum check error, diff is in /var/lib/copr- rpmbuild/results/kde-inotify-survey/diff.txt See: https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/ c) Finally, in the spec file for the patch and conf file, just give the names, no need to have the url other than as a comment. Perhaps rename the patch file to something more meaningful. When creating the source rpm on your machine, provided the files are in the same directory, they should be incorporated. With those changes expect should be ok.
a) Are you maybe looking at an old version of the config file? This is the org.kde.kded.inotify.conf file that is currently on the server: <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <!-- Only user root can own the foo helper --> <policy user="root"> <allow own="org.kde.kded.inotify"/> </policy> <policy context="default"> <allow send_destination="org.freedesktop.Notifications"/> </policy> </busconfig> b) That's because of the patch. It's hanging on the "org.kde.kded.inotify.conf" file because it's modified most likely, which is normal in this case. https://api.nicehomeservices.com/images/temp/org.kde.kded.inotify.conf : CHECKSUM(SHA256) this package : b850ffd8d8a141dcd9a684991213bdff7445f573eb979dbe5b58decd6506d6e7 CHECKSUM(SHA256) upstream package : b34a0ce3612f17108603096c23e256f20740dde862d0878d55fb4d3ff3ae9843 https://invent.kde.org/system/kde-inotify-survey/-/archive/v1.0.0/kde-inotify-survey-v1.0.0.tar.gz : CHECKSUM(SHA256) this package : 8cae21eefb84b16e2a1b93a105cbfd8be8680eb4a74fbff3d2bd024eca4365ba CHECKSUM(SHA256) upstream package : 8cae21eefb84b16e2a1b93a105cbfd8be8680eb4a74fbff3d2bd024eca4365ba
And for c), If I don't put the URL, how will fedora-review fetch it? Once I have my distgit, I'll remove the URL and simply use the filename, but for now if I remove it I believe that would break the automated review process.
For c - it will not fetch it, it will just use what is packaged.
Oh, fair enough. I didn't know that was a thing. I went ahead and updated the spec and created a new src.rpm and uploaded them to the server. I deleted the config off the server too (As it's no longer needed).
Thanks for the changes. a) In the spec file, the line Patch: https://invent.kde.org/system/%{name}/-/commit/efbf77b480c2f5a8c40fadfd169a916a51363a23.diff should be just Patch: efbf77b480c2f5a8c40fadfd169a916a51363a23.diff Urls are only needed for files that will not be put into dist-git. The patch can also be named so that one can understand what it does, for example fix-translations.patch b) In the spec file, rather than globbing: %{_datadir}/dbus-1/* please use %{_datadir}/dbus-1/system-services/org.kde.kded.inotify.service %{_datadir}/dbus-1/system.d/org.kde.kded.inotify.conf Please make the changes upon import. Approved.
The Pagure repository was created at https://src.fedoraproject.org/rpms/kde-inotify-survey