Fedora Merge Review: ncpfs http://cvs.fedora.redhat.com/viewcvs/devel/ncpfs/ Initial Owner: mitr
This should be fun. First, the rpmlint issues: W: ncpfs no-url-tag Is there actually an upstream for this? It's probably best to at least add URL: http://ftp.cvut.cz/ncpfs/ W: ncpfs devel-file-in-non-devel-package /usr/lib/libncp.so W: ncpfs devel-file-in-non-devel-package /usr/include/ncp/obsolete/o_ndslib.h And many more .h files. These should all be placed into a separate -devel subpackage. E: ncpfs setuid-binary /usr/bin/ncplogin root 04755 E: ncpfs non-standard-executable-perm /usr/bin/ncplogin 04755 A couple like these. I suppose these are necessary, but has anyone looked at the security issues? Just adding URL: and making the -devel packages would take care of all of the real rpmlint issues. More review coming tomorrow after sleep.
Here's the full review; fixing the above issues and the buildroot should be all that's necessary. * source files match upstream: 2837046046bcdb46d77a80c1d17dbfd15e878700e879edab4cda9f080e0337f9 ncpfs-2.2.6.tar.gz * package meets naming and versioning guidelines. * specfile is properly named, is cleanly written and uses macros consistently. O dist tag is not present (not required) X build root is not correct; should be %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) * license field matches the actual license. * license is open source-compatible. License text included in package. * latest version is being packaged. * BuildRequires are proper. * compiler flags are appropriate. * %clean is present. * %makeinstall is not used. * package builds in mock. * debuginfo package looks complete. X rpmlint is silent. * final provides and requires are sane: /sbin/ldconfig ipxutils libncp.so.2.3 libncp.so.2.3(NCPFS.2.2.0.17) libncp.so.2.3(NCPFS.2.2.0.18) libncp.so.2.3(NCPFS.INTERNAL) libncp.so.2.3(NCPFS_2.2.0.19) libncp.so.2.3(NCPFS_2.2.1) libncp.so.2.3(NCPFS_2.2.4) = libncp.so.2.3 libncp.so.2.3(NCPFS.2.2.0.17) libncp.so.2.3(NCPFS.2.2.0.18) libncp.so.2.3(NCPFS.INTERNAL) libncp.so.2.3(NCPFS.MPILIB) libncp.so.2.3(NCPFS_2.2.0.19) libncp.so.2.3(NCPFS_2.2.1) libncp.so.2.3(NCPFS_2.2.4) ncpfs = 2.2.6-6 (ipxutils provides only ipxutils = 2.2.6-6) * %check is present; no test suite upstream. * shared libraries are present; ldconfig called as necessary. X unversioned .so files should be in -devel subpackage. * owns the directories it creates. * doesn't own any directories it shouldn't. * no duplicates in %files. * file permissions are appropriate. * scriptlets present are OK (ldconfig). * code, not content. * documentation is small, so no -docs subpackage is necessary. * %docs are not necessary for the proper functioning of the package. X headers present and should be in -devel package. * no pkgconfig files. * no libtool .la droppings. * not a GUI app.
Thanks! W: ncpfs no-url-tag FTP URL added W: ncpfs devel-file-in-non-devel-package /usr/lib/libncp.so W: ncpfs devel-file-in-non-devel-package /usr/include/ncp/obsolete/o_ndslib.h > And many more .h files. These should all be placed into a separate -devel > subpackage. Done. E: ncpfs setuid-binary /usr/bin/ncplogin root 04755 E: ncpfs non-standard-executable-perm /usr/bin/ncplogin 04755 > A couple like these. I suppose these are necessary, but has anyone looked > at the security issues? A few security issues in ncpfs have been discovered, so at least someone has :) X build root is not correct; should be %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Fixed. X unversioned .so files should be in -devel subpackage. X headers present and should be in -devel package. Both fixed. Please review ncpfs-2.2.6-7.
Hey mitr... I think the procedure we are using currently is to reassign back to the reviewer and reset the fedora-review flag to ? when you want the reviewer to check back on changes... I am doing so here so tibbs can continue.
OK, this builds fine and all that remains of the rpmlint output are the complaints about setuid binaries. So BuildRoot is good, rpmlint output is OK, headers and unversioned .so files are in a -devel subpackage, and everything else still looks good. APPROVED At this point I'm not sure if we're still ping-ponging the ticket assignments, so I'll leave this assigned to myself.
Thanks. http://www.fedoraproject.org/wiki/WarrenTogami/ReviewWithFlags says it should be assigned to me, so let's see what happens ;)
Actually not. Just close this bug when the fixed package is built for rawhide. I think it already is.
Thanks for the correction.