Bug 226426 - Merge Review: spamassassin
Merge Review: spamassassin
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Gwyn Ciesla
Fedora Package Reviews List
:
: 224477 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-31 16:00 EST by Nobody's working on this, feel free to take it
Modified: 2009-04-01 08:43 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-01 08:43:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
limburgher: fedora‑review+


Attachments (Terms of Use)

  None (edit)
Description Nobody's working on this, feel free to take it 2007-01-31 16:00:44 EST
Fedora Merge Review: spamassassin

http://cvs.fedora.redhat.com/viewcvs/devel/spamassassin/
Initial Owner: wtogami@redhat.com
Comment 1 Warren Togami 2007-01-31 16:03:07 EST
*** Bug 224477 has been marked as a duplicate of this bug. ***
Comment 2 Gwyn Ciesla 2008-09-17 12:55:24 EDT
rpmlint on SRPM:

spamassassin.src:37: W: redundant-prefix-tag
The Prefix tag is uselessly defined as %{_prefix} in your spec file. It should
be removed, as it is redundant with rpm defaults.

spamassassin.src:72: W: unversioned-explicit-obsoletes perl-Mail-SpamAssassin
The specfile contains an unversioned Obsoletes: token, which will match all
older, equal and newer versions of the obsoleted thing.  This may cause update
problems, restrict future package/provides naming, and may match something it
was originally not inteded to match -- make the Obsoletes versioned if
possible.

Fix.

spamassassin.src:101: W: rpm-buildroot-usage %build %{__perl} Makefile.PL DESTDIR=$RPM_BUILD_ROOT/ SYSCONFDIR=%{_sysconfdir} INSTALLDIRS=vendor ENABLE_SSL=yes < /dev/null
$RPM_BUILD_ROOT should not be touched during %build or %prep stage, as it will
break short circuiting.

There may be a good reason for this.  Is there?

spamassassin.src:542: W: macro-in-%changelog postun
Macros are expanded in %changelog too, which can in unfortunate cases lead to
the package not building at all, or other subtle unexpected conditions that
affect the build.  Even when that doesn't happen, the expansion results in
possibly "rewriting history" on subsequent package revisions and generally odd
entries eg. in source rpms, which is rarely wanted.  Avoid use of macros in
%changelog altogether, or use two '%'s to escape them, like '%%foo'.

spamassassin.src:580: W: macro-in-%changelog post
Macros are expanded in %changelog too, which can in unfortunate cases lead to
the package not building at all, or other subtle unexpected conditions that
affect the build.  Even when that doesn't happen, the expansion results in
possibly "rewriting history" on subsequent package revisions and generally odd
entries eg. in source rpms, which is rarely wanted.  Avoid use of macros in
%changelog altogether, or use two '%'s to escape them, like '%%foo'.

spamassassin.src: W: mixed-use-of-spaces-and-tabs (spaces: line 135, tab: line 108)
The specfile mixes use of spaces and tabs for indentation, which is a cosmetic
annoyance.  Use either spaces or tabs for indentation, not both.

spamassassin.src: W: summary-ended-with-dot Spam filter for email which can be invoked from mail delivery agents.
Summary ends with a dot.

Fix.

spamassassin.src: W: strange-permission spamassassin-helper.sh 0755
A file that you listed to include in your package has strange permissions.
Usually, a file should have 0644 permissions.

Fix, or document in spec.

rpmlint on RPMS:

spamassassin.i386: E: incoherent-logrotate-file /etc/logrotate.d/sa-update
Your logrotate file should be named /etc/logrotate.d/<package name>.

Fix, if it won't be too catastrophic.

spamassassin.i386: W: non-conffile-in-etc /etc/logrotate.d/sa-update
A non-executable file in your package is being installed in /etc, but is not a
configuration file. All non-executable files in /etc should be configuration
files. Mark the file as %config in the spec file.

Fix.

spamassassin.i386: E: executable-marked-as-config-file /etc/mail/spamassassin/spamassassin-helper.sh
Executables must not be marked as config files because that may prevent
upgrades from working correctly. If you need to be able to customize an
executable, make it for example read a config file in /etc/sysconfig.

????

spamassassin.i386: E: non-readable /etc/cron.d/sa-update 0600
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

Probably OK.

spamassassin.i386: E: non-standard-executable-perm /usr/share/spamassassin/sa-update.cron 0744
A standard executable should have permission set to 0755. If you get this
message, it means that you have a wrong executable permissions in some files
included in your package.

Fix or document.

spamassassin.i386: E: executable-marked-as-config-file /etc/rc.d/init.d/spamassassin
Executables must not be marked as config files because that may prevent
upgrades from working correctly. If you need to be able to customize an
executable, make it for example read a config file in /etc/sysconfig.

Fix.

spamassassin.i386: W: summary-ended-with-dot Spam filter for email which can be invoked from mail delivery agents.
Summary ends with a dot.

spamassassin.i386: W: obsolete-not-provided perl-Mail-SpamAssassin
If a package is obsoleted by a compatible replacement, the obsoleted package
must also be provided in order to provide clean upgrade paths and not cause
unnecessary dependency breakage.  If the obsoleting package is not a
compatible replacement for the old one, leave out the provides.

spamassassin.i386: W: conffile-without-noreplace-flag /etc/rc.d/init.d/spamassassin
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

spamassassin.i386: W: dangerous-command-in-%post cp
spamassassin.i386: W: no-reload-entry /etc/rc.d/init.d/spamassassin
In your init script (/etc/rc.d/init.d/your_file), you don't have a 'reload'
entry, which is necessary for good functionality.

Fix.


Otherwise, full review looks good, no other blockers.
Comment 3 Gwyn Ciesla 2008-12-10 09:11:13 EST
Ping?
Comment 4 Kevin Fenzi 2008-12-10 13:35:15 EST
I became a co-maintainer here a while back, and haven't done much since. ;) 

I guess the least I can do is try and finish off this review. 
Will take a look soon and get back to you.
Comment 5 Gwyn Ciesla 2008-12-10 13:46:11 EST
Thanks Kevin. :)
Comment 6 Kevin Fenzi 2008-12-14 21:33:20 EST
>rpmlint on SRPM:
>
>spamassassin.src:37: W: redundant-prefix-tag
>The Prefix tag is uselessly defined as %{_prefix} in your spec file. It should
>be removed, as it is redundant with rpm defaults.

Removed. 

>spamassassin.src:72: W: unversioned-explicit-obsoletes perl-Mail-SpamAssassin
>The specfile contains an unversioned Obsoletes: token, which will match all
>older, equal and newer versions of the obsoleted thing.  This may cause update
>problems, restrict future package/provides naming, and may match something it
>was originally not inteded to match -- make the Obsoletes versioned if
>possible.
>
>Fix.

Well, the problem here is that upsteam uses that package name. 
So, if someone installs the upstream rpms, then decides to upgrade 
to the fedora one, without this they will get a confusing mix. ;( 


>spamassassin.src:101: W: rpm-buildroot-usage %build %{__perl} Makefile.PL
>DESTDIR=$RPM_BUILD_ROOT/ SYSCONFDIR=%{_sysconfdir} INSTALLDIRS=vendor
>ENABLE_SSL=yes < /dev/null
>$RPM_BUILD_ROOT should not be touched during %build or %prep stage, as it will
>break short circuiting.
>
>There may be a good reason for this.  Is there?

It's not clear to me where it is using the build root. It's setting DESTDIR to
it, but it shouldn't be using it. Will dig more, but ideas welcome. 


>spamassassin.src:542: W: macro-in-%changelog postun
>Macros are expanded in %changelog too, which can in unfortunate cases lead to
>the package not building at all, or other subtle unexpected conditions that
>affect the build.  Even when that doesn't happen, the expansion results in
>possibly "rewriting history" on subsequent package revisions and generally odd
>entries eg. in source rpms, which is rarely wanted.  Avoid use of macros in
>%changelog altogether, or use two '%'s to escape them, like '%%foo'.

Fixed. 

>spamassassin.src:580: W: macro-in-%changelog post
>Macros are expanded in %changelog too, which can in unfortunate cases lead to
>the package not building at all, or other subtle unexpected conditions that
>affect the build.  Even when that doesn't happen, the expansion results in
>possibly "rewriting history" on subsequent package revisions and generally odd
>entries eg. in source rpms, which is rarely wanted.  Avoid use of macros in
>%changelog altogether, or use two '%'s to escape them, like '%%foo'.

Fixed. 

>spamassassin.src: W: mixed-use-of-spaces-and-tabs (spaces: line 135, tab: line
>108)
>The specfile mixes use of spaces and tabs for indentation, which is a cosmetic
>annoyance.  Use either spaces or tabs for indentation, not both.

At least that instance fixed up. ;) 

>spamassassin.src: W: summary-ended-with-dot Spam filter for email which can be
>invoked from mail delivery agents.
>Summary ends with a dot.
>
>Fix.

Fixed. 

>spamassassin.src: W: strange-permission spamassassin-helper.sh 0755
>A file that you listed to include in your package has strange permissions.
>Usually, a file should have 0644 permissions.
>
>Fix, or document in spec.

It's a shell script that runs and shows the exit code (spam/notspam). 
I guess I can add a comment that it's expected to be executable. 


>rpmlint on RPMS:
>
>spamassassin.i386: E: incoherent-logrotate-file /etc/logrotate.d/sa-update
>Your logrotate file should be named /etc/logrotate.d/<package name>.
>
>Fix, if it won't be too catastrophic.

Well, it's not spamassassin itself that logs anything, it's the daily
sa-update job that pulls updates to rules. I think it makes more sense 
to leave it as sa-update since thats the command that generates the logs. 

>spamassassin.i386: W: non-conffile-in-etc /etc/logrotate.d/sa-update
>A non-executable file in your package is being installed in /etc, but is not a
>configuration file. All non-executable files in /etc should be configuration
>files. Mark the file as %config in the spec file.
>
>Fix.

Good catch. Fixed. 

>spamassassin.i386: E: executable-marked-as-config-file
>/etc/mail/spamassassin/spamassassin-helper.sh
>Executables must not be marked as config files because that may prevent
>upgrades from working correctly. If you need to be able to customize an
>executable, make it for example read a config file in /etc/sysconfig.
>
>????

Humm. Not sure why thats marked as config. No one should ever change it. 
Sadly, thats generated the file that the make process generates. 
It might need a patch or getting upstream to fix it. 

>spamassassin.i386: E: non-readable /etc/cron.d/sa-update 0600
>The file can't be read by everybody. If this is expected (for security
>reasons), contact your rpmlint distributor to get it added to the list of
>exceptions for your distro (or add it to your local configuration if you
>installed rpmlint from the source tarball).
>
>Probably OK.

This makes little sense to me. I would expect 644 here. 
Perhaps Warren can chime in with a reason for 600 ?

>spamassassin.i386: E: non-standard-executable-perm
>/usr/share/spamassassin/sa-update.cron 0744
>A standard executable should have permission set to 0755. If you get this
>message, it means that you have a wrong executable permissions in some files
>included in your package.
>
>Fix or document.

I suppose this is due to it not making much sense to run as non root
but yet, it's fine it anyone looks at it. 
Will document. 

>spamassassin.i386: E: executable-marked-as-config-file
>/etc/rc.d/init.d/spamassassin
>Executables must not be marked as config files because that may prevent
>upgrades from working correctly. If you need to be able to customize an
>executable, make it for example read a config file in /etc/sysconfig.
>
>Fix.

Fixed. 

>spamassassin.i386: W: summary-ended-with-dot Spam filter for email which can be
>invoked from mail delivery agents.
>Summary ends with a dot.

Fixed. 

>spamassassin.i386: W: obsolete-not-provided perl-Mail-SpamAssassin
>If a package is obsoleted by a compatible replacement, the obsoleted package
>must also be provided in order to provide clean upgrade paths and not cause
>unnecessary dependency breakage.  If the obsoleting package is not a
>compatible replacement for the old one, leave out the provides.

See above. 

>spamassassin.i386: W: conffile-without-noreplace-flag
>/etc/rc.d/init.d/spamassassin
>A configuration file is stored in your package without the noreplace flag. A
>way to resolve this is to put the following in your SPEC file:
>%config(noreplace) /etc/your_config_file_here

Fixed above by making it not a config file. 

>spamassassin.i386: W: dangerous-command-in-%post cp

This is so that updates with old config file options that are no longer 
supported will get updated. I don't see any easy way around it. 

>spamassassin.i386: W: no-reload-entry /etc/rc.d/init.d/spamassassin
>In your init script (/etc/rc.d/init.d/your_file), you don't have a 'reload'
>entry, which is necessary for good functionality.

spamd doesn't have any functionality to do a reload without just restarting
as far as I know. 

>Otherwise, full review looks good, no other blockers.

Ok. 

new spec: http://www.scrye.com/~kevin/fedora/spamassassin.spec
diff against old: http://www.scrye.com/~kevin/fedora/spamassassin.diff
scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=998690

Warren is going to look it over as well.
Comment 7 Gwyn Ciesla 2008-12-15 09:49:48 EST
(In reply to comment #6)

> >spamassassin.src:72: W: unversioned-explicit-obsoletes perl-Mail-SpamAssassin
> >The specfile contains an unversioned Obsoletes: token, which will match all
> >older, equal and newer versions of the obsoleted thing.  This may cause update
> >problems, restrict future package/provides naming, and may match something it
> >was originally not inteded to match -- make the Obsoletes versioned if
> >possible.
> >
> >Fix.
> 
> Well, the problem here is that upsteam uses that package name. 
> So, if someone installs the upstream rpms, then decides to upgrade 
> to the fedora one, without this they will get a confusing mix. ;( 

Then commenting this in the spec should be sufficient.

> 
> >spamassassin.src:101: W: rpm-buildroot-usage %build %{__perl} Makefile.PL
> >DESTDIR=$RPM_BUILD_ROOT/ SYSCONFDIR=%{_sysconfdir} INSTALLDIRS=vendor
> >ENABLE_SSL=yes < /dev/null
> >$RPM_BUILD_ROOT should not be touched during %build or %prep stage, as it will
> >break short circuiting.
> >
> >There may be a good reason for this.  Is there?
> 
> It's not clear to me where it is using the build root. It's setting DESTDIR to
> it, but it shouldn't be using it. Will dig more, but ideas welcome. 

I'll peek at it.


> >spamassassin.src: W: strange-permission spamassassin-helper.sh 0755
> >A file that you listed to include in your package has strange permissions.
> >Usually, a file should have 0644 permissions.
> >
> >Fix, or document in spec.
> 
> It's a shell script that runs and shows the exit code (spam/notspam). 
> I guess I can add a comment that it's expected to be executable. 

That'd be perfect.

> 
> >rpmlint on RPMS:
> >
> >spamassassin.i386: E: incoherent-logrotate-file /etc/logrotate.d/sa-update
> >Your logrotate file should be named /etc/logrotate.d/<package name>.
> >
> >Fix, if it won't be too catastrophic.
> 
> Well, it's not spamassassin itself that logs anything, it's the daily
> sa-update job that pulls updates to rules. I think it makes more sense 
> to leave it as sa-update since thats the command that generates the logs. 

Agreed, might want to comment in spec.


> 
> >spamassassin.i386: E: executable-marked-as-config-file
> >/etc/mail/spamassassin/spamassassin-helper.sh
> >Executables must not be marked as config files because that may prevent
> >upgrades from working correctly. If you need to be able to customize an
> >executable, make it for example read a config file in /etc/sysconfig.
> >
> >????
> 
> Humm. Not sure why thats marked as config. No one should ever change it. 
> Sadly, thats generated the file that the make process generates. 
> It might need a patch or getting upstream to fix it. 

Hmm.



> >spamassassin.i386: W: conffile-without-noreplace-flag
> >/etc/rc.d/init.d/spamassassin
> >A configuration file is stored in your package without the noreplace flag. A
> >way to resolve this is to put the following in your SPEC file:
> >%config(noreplace) /etc/your_config_file_here
> 
> Fixed above by making it not a config file. 
> 
> >spamassassin.i386: W: dangerous-command-in-%post cp
> 
> This is so that updates with old config file options that are no longer 
> supported will get updated. I don't see any easy way around it. 

Neither do I.  Comment in spec.
 
> >spamassassin.i386: W: no-reload-entry /etc/rc.d/init.d/spamassassin
> >In your init script (/etc/rc.d/init.d/your_file), you don't have a 'reload'
> >entry, which is necessary for good functionality.
> 
> spamd doesn't have any functionality to do a reload without just restarting
> as far as I know. 

In this instance, just make reload do what restart does.

> >Otherwise, full review looks good, no other blockers.
> 
> Ok. 
> 
> new spec: http://www.scrye.com/~kevin/fedora/spamassassin.spec
> diff against old: http://www.scrye.com/~kevin/fedora/spamassassin.diff
> scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=998690
> 
> Warren is going to look it over as well.

I'll await his input.
Comment 8 Warren Togami 2008-12-15 12:59:35 EST
I'm OK with his proposed changes.  I also suggested switching it to pidgin.spec style automatic boolean setting.
Comment 9 Gwyn Ciesla 2008-12-15 16:10:04 EST
That would be fine, too. Kevin, looks like once the above are finished, we're good.
Comment 10 Kevin Fenzi 2008-12-16 00:52:49 EST
ok. Checked in and built in rawhide. 

Take a look and see if there is anything further that needs addressing. 

http://koji.fedoraproject.org/koji/taskinfo?taskID=1001301
Comment 11 Robert Scheck 2008-12-16 02:36:15 EST
It seems to me, you're lacking a "chmod -R u+w $RPM_BUILD_ROOT/*" for 
spamassassin as much of the other perl packages do. All files in the
directory /usr/lib/perl5 are readonly, but for perl packages I got in
the past usually remembered to change that to 644 rather 444. The same
applies to the man pages, so command above should fit and solve.
Comment 12 Kevin Fenzi 2008-12-16 21:50:08 EST
In reply to comment #11: 

Strange, so you think the perl files should be 644 instead of 444? 
Is root likely to need to write them? 
Or is there something thats broken by them being 444?

I suppose if it's needed we could just change the defattr for those files?
Comment 13 Robert Scheck 2008-12-28 16:20:40 EST
The guys from the Perl SIG or similar shall explain and decide whether it is
needed here, adding hereby and requesting info regarding 444 vs. 644.
Comment 14 Kevin Fenzi 2008-12-30 12:39:02 EST
ok. Happy for any input on the 444 vs 644 issue.
Comment 15 Warren Togami 2008-12-30 20:47:16 EST
Why did 444 happen?  It seems completely unimportant?
Comment 16 Kevin Fenzi 2009-01-03 01:13:41 EST
I have no idea why it happened, and personally I don't see any issue with those files being 444 instead of 644. Perhaps someone from the perl list will enlighten us?
Comment 17 Gwyn Ciesla 2009-03-31 11:28:07 EDT
Ping?
Comment 18 Kevin Fenzi 2009-03-31 14:01:09 EDT
Well, I was waiting for input on the 644 vs 444 permissions issue. 
I personally don't see any guideline this violates or problem this causes. 

I guess your ping was for the fedora-perl-list members?
Comment 19 Warren Togami 2009-03-31 15:51:55 EDT
Perhaps we should just close this?  Everything that matters was fixed.  This last issue does not matter.
Comment 20 Gwyn Ciesla 2009-04-01 08:43:07 EDT
It was, and I'm busy with $_DAYJOB and real life, as well as many other Fedora things, so I'll take Warren's suggestion.

APPROVED.

Thanks all for your help.

Note You need to log in before you can comment on or make changes to this bug.