Bug 226431 - Merge Review: squid
Merge Review: squid
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Package Reviews List
:
Depends On: 198251
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-31 16:01 EST by Nobody's working on this, feel free to take it
Modified: 2013-04-30 19:35 EDT (History)
6 users (show)

See Also:
Fixed In Version: squid-3.1.0.17-3.fc14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-02 09:39:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
atkac: fedora‑review+


Attachments (Terms of Use)

  None (edit)
Description Nobody's working on this, feel free to take it 2007-01-31 16:01:33 EST
Fedora Merge Review: squid

http://cvs.fedora.redhat.com/viewcvs/devel/squid/
Initial Owner: mbacovsk@redhat.com
Comment 1 Rex Dieter 2007-02-16 10:10:58 EST
MUST blocker (imo, anyway), 
samba RFE: "samba: make /var/cache/samba/windind_privledged group owned", bug
#198251 (and related squid bug #198253),
changing owner/group/permissions on a file/dir owned by another pkg is
unacceptable (ie, squid's existing 
%triggerin -- samba-common
/usr/sbin/usermod -a -G winbind squid >/dev/null 2>&1 || \
    chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :

Comment 2 Dmitry Butskoy 2007-03-26 09:49:29 EDT
Since samba has changed the group name to "wbpriv", and already accepted the
idea of such a group, the triggerin script should be now:

%triggerin -- samba-common
/usr/sbin/usermod -a -G wbpriv squid >/dev/null 2>&1 || :


Please, remove "chgrp" fall-back, it is no more needed and too hackish...
Comment 3 Dmitry Butskoy 2007-04-28 09:35:56 EDT
Again,
Remove "chgrp" fall-back in %triggerin, it is not needed. Moreover, it uses
/var/cache/samba, whereas samba do not use such a dir anymore now.
Comment 4 Adam Tkac 2009-12-15 10:40:59 EST
Formal review of squid-3.1.0.15-2.fc13:

"+" means OK, "-" means not OK

+ MUST: The package must be named according to the Package Naming Guidelines
+ MUST: The spec file name must match the base package %{name}, in the format %{name}.spec
- MUST(1): The package must meet the Packaging Guidelines
+ MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines .
- MUST(2): The License field in spec match the actual license
- MUST(3): If (and only if) the source package includes the text of the license(s) in its own file, then that file must be included in %doc
+ MUST: The spec file written in American English
+ MUST: The spec file for the package is legible
+ MUST: The sources used to build the package must match the upstream source, as provided in the spec URL
+ MUST: The package successfully compile
+ MUST: All build dependencies must be listed in BuildRequires
- MUST(4): The spec file handle locales properly
+ MUST: Every package which stores shared library files in any of the dynamic linker's default paths, must call ldconfig in %post and %postun
+ MUST: Packages does not bundle copies of system libraries
+ MUST: Package own all directories that it creates
+ MUST: Package does not list a file more than once in the spec file
+ MUST: Permissions on files must be set properly. Every %files section must include a %defattr(...) line
+ MUST: Package has a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT)
- MUST(5): Package use macros consistently
+ MUST: Package contains code, or permissable content
+ MUST: Large documentation files must go in a -doc subpackage
+ MUST: If a package includes something as %doc, it must not affect the runtime of the application
+ MUST: Header files in a -devel package
+ MUST: Static libraries in a -static package
+ MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig'
+ MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package
+ MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release}
+ MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built
+ MUST: Packages containing GUI applications must include a %{name}.desktop file
+ MUST: Packages must not own files or directories already owned by other packages
+ MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot} (or $RPM_BUILD_ROOT)
+ MUST: All filenames in rpm packages must be valid UTF-8.

1: Use versioned Sources, please (s/Source/Source0/)
2: It seems package is distributed under GPLv2 only, not GPLv2+
3: Include COPYING and COPYRIGHT files in %doc, please
4: use %find_lang macro, please. Check
https://fedoraproject.org/wiki/Packaging:Guidelines#Handling_Locale_Files for
more information
5: Use $RPM_OPT_FLAGS macro instead of %{optflags}


Other:
- please remove Source1 (the .asc signature). I don't see any reason to include
  it in the package
- don't use -fPIE flag on architectures where -fpie is sufficient because -fpie
  generates faster code. I suggest to use this in the specfile:

%ifarch sparcv9 sparc64 s390 s390x
export CXXFLAGS="$RPM_OPT_FLAGS -fPIE"
export CFLAGS="$RPM_OPT_FLAGS -fPIE"
%else
export CXXFLAGS="$RPM_OPT_FLAGS -fpie"
export CFLAGS="$RPM_OPT_FLAGS -fpie"
%endif

export LDFLAGS="-pie"

- I recommend to drop -Os, -g, -pipe and -fsigned-char parameters
- don't export CFLAGS, CXXFLAGS and LDFLAGS twice, the first export is
  sufficient
- please use macros instead of hardcoded paths:
  - use %{_sysconfdir} instead of /etc
  - use %{_datadir} instead of /usr/share
- fix (or explain) all rpmlint warnings
- consider to add LSB header to initscript (not required, check
  https://fedoraproject.org/wiki/Packaging:SysVInitScript#LSB_Header)
- remove the %triggerin as written in comments #1, #2 and #3
Comment 5 Jiri Skala 2010-02-03 08:13:47 EST
squid.x86_64: W: name-repeated-in-summary Squid
COMMENT: intention

squid.x86_64: W: conffile-without-noreplace-flag /etc/squid/errorpage.css.default
squid.x86_64: W: conffile-without-noreplace-flag /etc/squid/mime.conf.default
squid.x86_64: W: conffile-without-noreplace-flag /etc/squid/squid.conf.default
squid.x86_64: W: conffile-without-noreplace-flag /etc/squid/cachemgr.conf.default
squid.x86_64: W: conffile-without-noreplace-flag /etc/squid/msntauth.conf.default
COMMENT: sample files don't use no-replace

squid.x86_64: E: zero-length /usr/share/squid/errors/ca/ERR_CACHE_ACCESS_DENIED
COMMENT: tarball issue - complained to upstream

squid.x86_64: E: non-readable /etc/squid/squid.conf 0640
squid.x86_64: E: non-standard-dir-perm /var/spool/squid 0750
squid.x86_64: E: non-standard-dir-perm /var/log/squid 0750
COMMENT: intention - no access for others

squid.x86_64: W: dangerous-command-in-%pre chown
squid.x86_64: W: dangerous-command-in-%preun rm
COMMENT: correct-intended

squid.x86_64: W: missing-lsb-keyword Required-Start in /etc/rc.d/init.d/squid
squid.x86_64: W: missing-lsb-keyword Required-Stop in /etc/rc.d/init.d/squid
squid.x86_64: W: missing-lsb-keyword Default-Stop in /etc/rc.d/init.d/squid
COMMENT: no intention to define (check for chkconfig tag in initscript)

squid-debuginfo.x86_64: W: hidden-file-or-dir /usr/src/debug/squid-3.1.0.16/src/.libs
squid-debuginfo.x86_64: W: hidden-file-or-dir /usr/src/debug/squid-3.1.0.16/src/.libs
COMMENT: strange behaviour somewhere between find-debuginfo.sh and rpmlint. probably filing a bug against find-debugingo.sh
Comment 6 Adam Tkac 2010-03-02 09:39:31 EST
I checked squid-3.1.0.17-3.fc14 and it looks fine for me, approved.
Comment 7 Adam Tkac 2010-03-02 09:41:56 EST
(In reply to comment #6)
> I checked squid-3.1.0.17-3.fc14 and it looks fine for me, approved.    

There is only one non-blocking issue:
squid.spec:137: W: mixed-use-of-spaces-and-tabs (spaces: line 5, tab: line 137)

Please correct it in the next commit.

Note You need to log in before you can comment on or make changes to this bug.