Bug 2265387 - Review Request: ulogd - Userspace logging daemon for netfilter
Summary: Review Request: ulogd - Userspace logging daemon for netfilter
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL: https://www.netfilter.org/projects/ul...
Whiteboard: Unretirement
Depends On: 2024579
TreeView+ depends on / blocked
Reported: 2024-02-21 19:46 UTC by Thomas Haller
Modified: 2024-02-27 09:23 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Type: ---

Attachments (Terms of Use)
rpmlint output 1 (rpmlint-for-ulogd-1.txt) (33.88 KB, text/plain)
2024-02-27 09:23 UTC, Thomas Haller
no flags Details

Description Thomas Haller 2024-02-21 19:46:51 UTC
SPEC: https://src.fedoraproject.org/fork/thaller/rpms/ulogd/blob/th/2.0.8/f/ulogd.spec
dist-git: https://src.fedoraproject.org/fork/thaller/rpms/ulogd/commits/th/2.0.8
SRPM: https://thaller.fedorapeople.org/ulogd/ulogd-2.0.8-1.fc41.src.rpm

Fedora Account System Username: thaller

I'd like to unretire (and maintain) ulogd(2) (https://www.netfilter.org/projects/ulogd/).
It's useful for NFLOG logging:

  - https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/4J234RZ7Q5EILLNOSFEUERJ3AAS63LDL/
  - https://github.com/firewalld/firewalld/issues/1094

Quote from commit message of https://src.fedoraproject.org/fork/thaller/rpms/ulogd/commits/th/2.0.8 :

    Update to ulogd 2.0.8 and unretire

    The ulogd package was retried in F25, 2016 as it was sysvinit-only ([1]).

    [1] https://pagure.io/fesco/issue/1605

    - Rebase to 2.0.8. Most recent upstream release from 2022-Nov-11.

    - Add a systemd service file.

    - The package is inspired by Debian's ulogd2 (2.0.8-1) package. The
      point is that the Debian pacakge is maybe in use and possibly works
      well. By doing something similar, we may also do the right thing
      and Debian users may be familiar with it already.
      In particular:

      - create and use system user "ulog".

      - create /var/log/ulog directory and patch configuration to use
        files in that directory.

      - enable a certain stack in /etc/ulogd.conf.

      - add a logrotate and tmpfiles configuration.

      Note that the Debian package is called "ulogd2", while we call the
      package "ulogd". Note that "ulogd" is also the name of the package
      on openSUSE. We thus follow the latter. Also, this is really an
      unretirement of the previous "ulogd" package.

    - create and use system user "ulog". The usage of "-u ulogd" is however
      problematic, because ulogd will start creating files as root before
      changing user. A later SIGHUP fails to reopen the file.  That's why its
      use is configurable via ULOGD_ARGS in /etc/sysconfig/ulogd.

    - don't add COPYING file to each plugin subpackages.

    - drop large "ulogd.{ps,html}" documentation files. They are large,
      and don't seem to useful.

    - requires libnetfilter_log 1.0.2. Find it at
      https://src.fedoraproject.org/rpms/libnetfilter_log/pull-request/1 .

This also depends on libnetfilter_log to 1.0.2, which is currently not yet in Rawhide:
SPEC: https://src.fedoraproject.org/fork/thaller/rpms/libnetfilter_log/blob/th/release-1.0.2/f/libnetfilter_log.spec
dist-git: https://src.fedoraproject.org/rpms/libnetfilter_log/pull-request/1
SRPM: https://thaller.fedorapeople.org/ulogd/libnetfilter_log-1.0.2-1.fc41.src.rpm

Comment 1 Fedora Review Service 2024-02-21 19:49:55 UTC
Copr build:

Build log:

Please make sure the package builds successfully at least for Fedora Rawhide.

- If the build failed for unrelated reasons (e.g. temporary network
  unavailability), please ignore it.
- If the build failed because of missing BuildRequires, please make sure they
  are listed in the "Depends On" field

This comment was created by the fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 2 Eric Garver 2024-02-26 21:45:34 UTC
+ # SIGHUP would reopen files (for logrotate). However, that may not work with
+ # "ULOGD_ARGS=-u ulog", as we won't have permissions to reopen the files.
+ ExecReload=/bin/kill -HUP $MAINPID 

ExecReload is optional. If we expect this to not work then maybe we simply don't define it.

Comment 3 Eric Garver 2024-02-26 21:47:33 UTC
Otherwise this looks good to me. Thanks!

Comment 4 Thomas Haller 2024-02-27 09:01:20 UTC
(In reply to Eric Garver from comment #2)
> ExecReload is optional. If we expect this to not work then maybe we simply
> don't define it.

I dropped `ExecReload`.

Comment 5 Thomas Haller 2024-02-27 09:23:44 UTC
Created attachment 2019097 [details]
rpmlint output 1 (rpmlint-for-ulogd-1.txt)

generated via

  $ ( for f in $(ls -1 *spec *src.rpm x86_64/*rpm); do echo ">>>> rpmlint $f"; rpmlint "$f"; done ; for f in $(rpm -qa |grep '^ulogd' | sed 's/-2\..*//') ; do echo ">>>> rpmlint -i $f"; rpmlint -i "$f"; done ) 2>&1

Note You need to log in before you can comment on or make changes to this bug.