Bug 226221 - Merge Review: openswan
Summary: Merge Review: openswan
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Matěj Cepl
QA Contact: Fedora Package Reviews List
Depends On:
TreeView+ depends on / blocked
Reported: 2007-01-31 20:19 UTC by Nobody's working on this, feel free to take it
Modified: 2018-04-11 07:39 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-05-18 18:46:02 UTC
Type: ---
mcepl: fedora-review?

Attachments (Terms of Use)

Description Nobody's working on this, feel free to take it 2007-01-31 20:19:14 UTC
Fedora Merge Review: openswan

Initial Owner: harald@redhat.com

Comment 1 Matěj Cepl 2012-05-02 12:13:22 UTC
Legend: + = PASSED, - = FAILED, 0 = Not Applicable

- MUST: rpmlint must be run on every package. The output should be posted in
the review

wycliff:openswan (f17) $ fedpkg lint
/home/matej/build/Extras/openswan/openswan.spec:128: W: rpm-buildroot-usage %build fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_libexecdir}/ipsec/* \
/home/matej/build/Extras/openswan/openswan.spec:129: W: rpm-buildroot-usage %build fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_sbindir}/ipsec \
/home/matej/build/Extras/openswan/openswan.spec:255: W: macro-in-%changelog %ghost

This is a false positive from rpmlint. Maybe it could be better not to irritate rpmlint and put that definition somewhere else (%install ?). Not sure whether it wouldn't break anything though. Certainly this is not an issue over which I would stop this review going through though.

/home/matej/build/Extras/openswan/openswan.spec: W: invalid-url Source0: openswan-2.6.37.tar.gz

Couldn't we get better URL here, please? Upstream seems to have rather nice URLs for download (e.g., http://download.openswan.org/openswan/openswan-2.6.38.tar.gz).

openswan.src:255: W: macro-in-%changelog %ghost

Use %%ghost instead (or eliminate macro from %chagelog entirely).

openswan.x86_64: W: only-non-binary-in-usr-lib

Most likely a false positive ... there is only directory %{_libdir}/fipscheck which is most likely hardwired by fipscheck, right?

openswan.x86_64: E: incorrect-fsf-address /usr/share/doc/openswan-2.6.37/COPYING

Correct address is (according to https://www.fsf.org/about/contact/):
Free Software Foundation
51 Franklin Street, Fifth Floor
Boston, MA 02110-1301

Or you can completely new fresh version of the license at https://www.gnu.org/licenses/gpl-2.0.txt Just let upstream know about it, please.

openswan.x86_64: E: subsys-not-used /etc/rc.d/init.d/ipsec
While your daemon is running, you have to put a lock file in
/var/lock/subsys/. To see an example, look at this directory on your machine
and examine the corresponding init scripts.

I have absolutely no idea, whether this is a false positive or not. Please, comment.

+ MUST: package named according to the Package Naming Guidelines
+ MUST: The spec file name must match the base package %{name}
+ MUST: The package must meet the Packaging Guidelines .
+ MUST: The package licensed with a Fedora approved license and meets the
Licensing Guidelines

I assume that kernel part of the upstream package is not compiled in our binary packages, right? Otherwise, we would have to include all licenses mentioned in LICENSING file.

- MUST: The License field in the package spec file matches the actual
At least according to programs/pluto/plutomain.c, the licensing includes "or (at your option) any later version", so this should be GPLv2+

+ MUST: If (and only if) the source package includes the text of the license(s)
in its own file, then that file, containing the text of the license(s) for the
package must be included in %doc.
+ MUST: The spec file must be written in American English.
+ MUST: The spec file for the package MUST be legible.
+ MUST: The sources used to build the package must match the upstream
source, as provided in the spec URL. Reviewers should use md5sum for this task
MD5: e5c948555088df06cfadcfbe6c13adfe
+ MUST: The package successfully compiles and builds into binary rpms on at
least one primary architecture - built many times in koji and brew
0 MUST: If the package does not successfully compile, build or work on an
architecture, then those architectures should be listed in the spec in
+ MUST: All build dependencies must be listed in BuildRequires, except for any
that are listed in the exceptions section of the Packaging Guidelines
0 MUST: The spec file handles locales properly. This is done by using the
%find_lang macro
No locales are present.
0 MUST: Every binary RPM package (or subpackage) which stores shared library
files (not just symlinks) in any of the dynamic linker's default paths, must
call ldconfig in %post and %postun.
+ MUST: Packages must NOT bundle copies of system libraries
0 MUST: If the package is designed to be relocatable, the packager must state
this fact in the request for review, along with the rationalization for
relocation of that specific package. Without this, use of Prefix: /usr is
considered a blocker
+ MUST: Package must own all directories that it creates. If it does not create
a directory that it uses, then it should require a package which does create
that directory
+ MUST: Package must not list a file more than once in the spec file's %files
+ MUST: Permissions on files must be set properly. Every %files section must
include a %defattr(...) line.
+ MUST: Each package must have a %clean section, which contains rm -rf
%{buildroot} (or $RPM_BUILD_ROOT).
+ MUST: Each package must consistently use macros
+ MUST: The package must contain code, or permissible content
+ MUST: Large documentation files must go in a -doc subpackage
+ MUST: If a package includes something as %doc, it must not affect the runtime
of the application
0 MUST: Header files must be in a -devel package
0 MUST: Static libraries must be in a -static package
0 MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig'
0 MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1),
then library files that end in .so (without suffix) must go in a -devel package
0 MUST: devel packages must require the base package using a fully versioned
dependency: Requires: %{name} = %{version}-%{release}
0 MUST: Packages must NOT contain any .la libtool archives, these must be
removed in the spec if they are built
0 MUST: Packages containing GUI applications must include a %{name}.desktop
file, and that file must be properly installed with desktop-file-install in the
%install section
+ MUST: Packages must not own files or directories already owned by other
+ MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot}
+ MUST: All filenames in rpm packages must be valid UTF-8

Please just comment on the result of rpmlint and fix small issues mentioned in the rest of the review.

Comment 2 Paul Wouters 2013-05-18 03:39:44 UTC
This bug should probably be closed?

Comment 3 Matěj Cepl 2013-05-18 09:53:45 UTC
(In reply to comment #2)
> This bug should probably be closed?

What's the status of openswan? It seems to be orphaned in Rawhide. Does it mean it should die eventually? If it is so, then yes, this bug should be closed as WONTFIX.

Comment 4 Paul Wouters 2013-05-18 18:05:03 UTC
Yes. libreswan has obsoleted openswan in rawhide and fedora18. But not yet in fedora19 because of the freeze.

Note You need to log in before you can comment on or make changes to this bug.