Bug 226452 - Merge Review: system-config-bind
Merge Review: system-config-bind
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Kevin Fenzi
Fedora Package Reviews List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-31 16:04 EST by Nobody's working on this, feel free to take it
Modified: 2009-09-21 16:30 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-28 06:32:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
kevin: fedora‑review+


Attachments (Terms of Use)

  None (edit)
Description Nobody's working on this, feel free to take it 2007-01-31 16:04:33 EST
Fedora Merge Review: system-config-bind

http://cvs.fedora.redhat.com/viewcvs/devel/system-config-bind/
Initial Owner: stransky@redhat.com
Comment 1 Kevin Fenzi 2007-03-13 23:44:02 EDT
OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name.
See below - Spec has consistant macro usage.
OK - Meets Packaging Guidelines.
See below - License
See below - License field in spec matches
See below - License file included in package
OK - Spec in American English
OK - Spec is legible.
See below - Sources match upstream md5sum:
OK - BuildRequires correct
OK - Spec handles locales/find_lang
See below - Package has %defattr and permissions on files is good.
OK - Package has a correct %clean section.
See below - Package has correct buildroot
OK - Package is code or permissible content.
OK - Packages %doc files don't affect runtime.

OK - Package is a GUI app and has a .desktop file

OK - Package compiles and builds on at least one arch.
OK - Package has no duplicate files in %files.
OK - Package doesn't own any directories other packages own.
OK - Package owns all the directories it creates.
See below - No rpmlint output.
See below - final provides and requires are sane

SHOULD Items:

OK - Should build in mock.
OK - Should build on all supported archs
OK - Should function as described.
See below - Should have sane scriptlets.
OK - Should have subpackages require base package with fully versioned depend.
OK - Should have dist tag
OK - Should package latest version
10 outstanding bugs - check for outstanding bugs on package.

Issues:

1. You use $RPM_BUILD_ROOT and %{buildroot}. Pick one style and use that.

2. The URL seems to go to a 404 page:
URL:            http://people.redhat.com/~jvdias/system-config-bind

3. The spec says the license is GPL, but there's no mention of the
license in the contents of the tar.gz. Perhaps a COPYING file or a README
explaining that it's released under the GPL.

4. Since redhat/fedora is upstream for this package, can you add
a note as suggested in:
http://www.fedoraproject.org/wiki/Packaging/SourceURL#head-413e1c297803cfa9de0cc4c56f3ac384bff5dc9e

5. You have a desktop file, but aren't installing it with
desktop-file-install. Perhaps take a look at:
http://www.fedoraproject.org/wiki/PackagingDrafts/DesktopFiles

6. Is there a reason that every file in this package is in the
"bind" group? This results in 361 "non-standard-gid" warnings from rpmlint.

7. The python >= 2.2 Requires shouldn't be needed anymore.

8. %define debug_package %{nil} shouldn't be needed, this is a noarch package.

9. Is all the removing and linking in post and triggerun needed anymore?
How long ago was that version? Looks like aug 2005... perhaps we can remove it now?

10. rpmlint says:

a)
non-standard-gid (361 times)

Why does this need to be gid bind? Doesn't it run as root?

b)
E: system-config-bind invalid-desktopfile
/tmp/system-config-bind-4.0.2-3.fc7.noarch.rpm.8818/usr/s
hare/applications/system-config-bind.desktop

Suggest: Install desktop file correctly.

c)
E: system-config-bind no-cleaning-of-buildroot %install

Suggest: rm -rf $RPM_BUILD_ROOT at the top of install?

d)
E: system-config-bind non-standard-executable-perm
/usr/share/system-config-bind/BIND.py 0754
(repeated for every file in that directory)

Suggest: Permissions on those should be 0755 if they are scripts to be executed,
or more likey if they are just modules being included they should be 0644.

e)
E: system-config-bind obsolete-not-provided bindconf
E: system-config-bind obsolete-not-provided redhat-config-bind

Suggest: Do we need to keep these around still?

f)
E: system-config-bind script-without-shebang
/usr/share/system-config-bind/EditDialog.py
E: system-config-bind script-without-shebang
/usr/share/system-config-bind/NewZone.py
E: system-config-bind script-without-shebang
/usr/share/system-config-bind/system-config-bind.glade
E: system-config-bind script-without-shebang /usr/share/system-config-bind/View.py

Suggest: perms should be 0644?

g)
W: system-config-bind dangerous-command-in-%post rm
W: system-config-bind dangerous-command-in-%trigger rm

Suggest: can we just do away with that post and trigger stuff?

h)
W: system-config-bind macro-in-%changelog version

Suggest: Change the %version to %%version int he changelog. 

i) 
W: system-config-bind mixed-use-of-spaces-and-tabs (spaces: line 40, tab: line 1)

Suggest: minor. Could change to all spaces.

j)
W: system-config-bind no-dependency-on usermode
W: system-config-bind no-dependency-on usermode

Suggest: does there need to be a dependency on usermode here?

k)
W: system-config-bind non-conffile-in-etc /etc/pam.d/bindconf
W: system-config-bind non-conffile-in-etc /etc/pam.d/system-config-bind
W: system-config-bind non-conffile-in-etc /etc/security/console.apps/bindconf
W: system-config-bind non-conffile-in-etc
/etc/security/console.apps/system-config-bind

Suggest: Should any of those be marked %config? or %config(noreplace)?

l)
W: system-config-bind rpm-buildroot-usage %build rm -rf $RPM_BUILD_ROOT

Suggest: get rid of the rm -rf $RPM_BUILD_ROOT at the top of build.

m)
W: system-config-bind summary-ended-with-dot The Red Hat BIND DNS Configuration
Tool.

Suggest: remove . at end of summary. 

n)
W: system-config-bind symlink-should-be-relative
/usr/share/locale/ar/LC_MESSAGES/bindconf.mo /usr/
share/locale/ar/LC_MESSAGES/system-config-bind.mo

Suggest: Make those relative symlinks (works better in chroot type setups).

11. Might check the outstanding bugs and see if any can be cleaned up
as part of this review. In particular you might fix the typos mentioned in
232054
Comment 2 Martin Stransky 2007-03-14 04:00:10 EDT
New owner of this package is Ondrej Dvoracek <odvorace@redhat.com>
Comment 3 Kevin Fenzi 2007-08-05 15:17:07 EDT
Hey Ondrej: Can you look at addressing the issues in the review in comment #1?
Thanks. 
Comment 4 Ondrej Dvoracek 2007-09-01 19:04:56 EDT
Hi,
I'm working on it.
Cheers Ondrej
Comment 5 Kevin Fenzi 2008-02-20 22:13:44 EST
Hey Ondrej, any progress here?
Comment 6 Radek Brich 2008-02-21 06:32:16 EST
Hi, I'm new maintainer of system-config-bind

I'm working on these issues now, it should be fixed soon...
Comment 7 Radek Brich 2008-02-21 10:27:01 EST
Everything should be fixed now: system-config-bind-4.0.5-1.fc9
Comment 8 Kevin Fenzi 2008-02-25 14:39:04 EST
1 and 2 look good. 

3. Is this really 'GPLv2+'? My understanding was that all Red Hat authored
projects must use 'GPLv2' only. Can you make sure this should be "and any later
version" ?

4. Since this is now in the hosted space, can you perhaps add a note about 
how to check out the specific version of the source used? 
ie, 'hg clone http://hg.fedorahosted.org/hg/system-config-bind/' 
Also, there is I think a way to get hosted to have real release tar.gz files you
can point the URL to. Can you investigate that? 

5, 6, 7, 8, 9 and 10 all look good. ;) 

Can you take a look again at 3 and 4 above? 

Thanks for the fixes here... 
Comment 9 Radek Brich 2008-02-26 05:40:59 EST
ad 3.
Yes, I'm pretty sure it's ok, almost all system-config tools are GPLv2+. I don't
know about any Red Hat policy against GPL >2.

ad 4.
I made a note to https://fedorahosted.org/system-config-bind/wiki/ on how to get
sources and tarballs of older releases. The real tarballs are in distCVS and
source RPMs, I hope that suffice, as I would not be happy having to upload each
release twice :-)
Comment 10 Kevin Fenzi 2008-02-26 18:20:47 EST
for #3: 

I am not a employee of Red Hat, so I can't show you any specific place, but I
was told to refer you to "CopyrightGuidelines on the intranet". Is that
something you can find? Or does that mean anything to you? 

for #4: 

Take a look at: https://fedorahosted.org/web/faq and see the "How can I publish
archive releases (tgz, zip, etc) for my project?" You should be able to use that
to upload releases and then you can point your Source0: to that url.
Comment 11 Radek Brich 2008-02-27 04:19:33 EST
3.
Ok, I will update the copyright note and license tag according those guildlines.
Thanks.

4.
Source0 pointing to an URL does not work. It apparently must be local file. In
Fedora CVS, it's solved by special makefile rules and lookaside file cache. To
use hosted space for releases, I'd need to adjust the common makefile, otherwise
the problem with double uploads stays. I understand that hosted releases are
good for external use, but my notes on getting tarball from HG should be
sufficient...
Comment 12 Kevin Fenzi 2008-03-21 19:26:44 EDT
Sorry for the delay here... 

on #3: ok, have you checked in an update on that yet?

on #4: Well, you are the maintainer, so it's up to you. A full Source0 url is
nice for people who are not part of fedora, but I have no idea how many or if
any such users of this package exist. If you could add your note about how to
check out the source to the spec file, that would be just fine. 
Comment 13 Radek Brich 2008-03-25 06:41:31 EDT
> on #3: ok, have you checked in an update on that yet?
Yes.

> on #4: Well, you are the maintainer, so it's up to you. A full Source0 url is
> nice for people who are not part of fedora, but I have no idea how many or if
> any such users of this package exist. If you could add your note about how to
> check out the source to the spec file, that would be just fine. 
I changed my mind, uploaded the tarball to hosted and added that URL to source0.
Hope it'll be useful for someone :)
Comment 14 Kevin Fenzi 2008-03-26 23:08:11 EDT
Excellent. I see no further blockers here, so this package is APPROVED. 

Thanks for all your work on this package. 
Feel free to close this review RAWHIDE whenever you like. 
Comment 15 Radek Brich 2008-03-28 06:32:34 EDT
Ok, thanks for the review. Closing this bug.

Note You need to log in before you can comment on or make changes to this bug.