Fedora Merge Review: xinetd http://cvs.fedora.redhat.com/viewcvs/devel/xinetd/ Initial Owner: fenlason
rpmlint on SRPM: xinetd.src:24: E: prereq-use /sbin/chkconfig /etc/init.d /sbin/service The use of PreReq is deprecated. In the majority of cases, a plain Requires is enough and the right thing to do. Sometimes Requires(pre), Requires(post), Requires(preun) and/or Requires(postun) can also be used instead of PreReq. xinetd.src:27: W: unversioned-explicit-provides inetd The specfile contains an unversioned Provides: token, which will match all older, equal, and newer versions of the provided thing. This may cause update problems and will make versioned dependencies, obsoletions and conflicts on the provided thing useless -- make the Provides versioned if possible. xinetd.src:29: W: unversioned-explicit-obsoletes inetd The specfile contains an unversioned Obsoletes: token, which will match all older, equal and newer versions of the obsoleted thing. This may cause update problems, restrict future package/provides naming, and may match something it was originally not inteded to match -- make the Obsoletes versioned if possible. xinetd.src:29: W: unversioned-explicit-obsoletes netkit-base The specfile contains an unversioned Obsoletes: token, which will match all older, equal and newer versions of the obsoleted thing. This may cause update problems, restrict future package/provides naming, and may match something it was originally not inteded to match -- make the Obsoletes versioned if possible. Fix. xinetd.src: W: %ifarch-applied-patch Patch0: xinetd-2.3.11-pie.patch A patch is applied inside an %ifarch block. Patches must be applied on all architectures and may contain necessary configure and/or code patch to be effective only on a given arch. xinetd.src: W: %ifarch-applied-patch Patch7: xinetd-2.3.11-PIE.patch A patch is applied inside an %ifarch block. Patches must be applied on all architectures and may contain necessary configure and/or code patch to be effective only on a given arch. Fine. xinetd.src: W: summary-ended-with-dot A secure replacement for inetd. Summary ends with a dot. Fix. rpmlint on RPMS: xinetd.i386: E: executable-marked-as-config-file /etc/rc.d/init.d/xinetd Executables must not be marked as config files because that may prevent upgrades from working correctly. If you need to be able to customize an executable, make it for example read a config file in /etc/sysconfig. xinetd.i386: W: summary-ended-with-dot A secure replacement for inetd. Summary ends with a dot. Fix. xinetd.i386: W: obsolete-not-provided netkit-base If a package is obsoleted by a compatible replacement, the obsoleted package must also be provided in order to provide clean upgrade paths and not cause unnecessary dependency breakage. If the obsoleting package is not a compatible replacement for the old one, leave out the provides. Fix or document. xinetd.i386: W: conffile-without-noreplace-flag /etc/rc.d/init.d/xinetd A configuration file is stored in your package without the noreplace flag. A way to resolve this is to put the following in your SPEC file: %config(noreplace) /etc/your_config_file_here Fix. xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd The service is enabled by default after "chkconfig --add"; for security reasons, most services should not be. Use "-" as the default runlevel in the init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword to fix this if appropriate for this service. xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd The service is enabled by default after "chkconfig --add"; for security reasons, most services should not be. Use "-" as the default runlevel in the init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword to fix this if appropriate for this service. Fine, it's xinetd FFS. . .:) xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/pset.h 0640 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/xlog.h 0640 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/sio.h 0640 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/str.h 0640 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/m_env.h 0640 The file can't be read by everybody. If this is expected (for security reasons), contact your rpmlint distributor to get it added to the list of exceptions for your distro (or add it to your local configuration if you installed rpmlint from the source tarball). Not really a concern, but should be documented in spec, filed against rpmlint or fixed, your call. Otherwise, full review looks great, no other blockers.
(In reply to comment #1) > rpmlint on SRPM: > > xinetd.src:24: E: prereq-use /sbin/chkconfig /etc/init.d /sbin/service > The use of PreReq is deprecated. In the majority of cases, a plain Requires is > enough and the right thing to do. Sometimes Requires(pre), Requires(post), > Requires(preun) and/or Requires(postun) can also be used instead of PreReq. Fixed. > xinetd.src:27: W: unversioned-explicit-provides inetd > The specfile contains an unversioned Provides: token, which will match all > older, equal, and newer versions of the provided thing. This may cause update > problems and will make versioned dependencies, obsoletions and conflicts on > the provided thing useless -- make the Provides versioned if possible. Heh, I wasn't able to find the last version of inetd we shipped, Fedora Core 1 had already xinetd -> no version info is available. > xinetd.src:29: W: unversioned-explicit-obsoletes inetd > The specfile contains an unversioned Obsoletes: token, which will match all > older, equal and newer versions of the obsoleted thing. This may cause update > problems, restrict future package/provides naming, and may match something it > was originally not inteded to match -- make the Obsoletes versioned if > possible. > > xinetd.src:29: W: unversioned-explicit-obsoletes netkit-base > The specfile contains an unversioned Obsoletes: token, which will match all > older, equal and newer versions of the obsoleted thing. This may cause update > problems, restrict future package/provides naming, and may match something it > was originally not inteded to match -- make the Obsoletes versioned if > possible. > > Fix. Fixed, both Obsoletes: removed. > xinetd.src: W: %ifarch-applied-patch Patch0: xinetd-2.3.11-pie.patch > A patch is applied inside an %ifarch block. Patches must be applied on all > architectures and may contain necessary configure and/or code patch to be > effective only on a given arch. > > xinetd.src: W: %ifarch-applied-patch Patch7: xinetd-2.3.11-PIE.patch > A patch is applied inside an %ifarch block. Patches must be applied on all > architectures and may contain necessary configure and/or code patch to be > effective only on a given arch. > > Fine. Fine. > xinetd.src: W: summary-ended-with-dot A secure replacement for inetd. > Summary ends with a dot. > > Fix. Fixed. > rpmlint on RPMS: > > xinetd.i386: E: executable-marked-as-config-file /etc/rc.d/init.d/xinetd > Executables must not be marked as config files because that may prevent > upgrades from working correctly. If you need to be able to customize an > executable, make it for example read a config file in /etc/sysconfig. > > xinetd.i386: W: summary-ended-with-dot A secure replacement for inetd. > Summary ends with a dot. > > Fix. Fixed. > xinetd.i386: W: obsolete-not-provided netkit-base > If a package is obsoleted by a compatible replacement, the obsoleted package > must also be provided in order to provide clean upgrade paths and not cause > unnecessary dependency breakage. If the obsoleting package is not a > compatible replacement for the old one, leave out the provides. > > Fix or document. Fixed, Obsolete: removed. > xinetd.i386: W: conffile-without-noreplace-flag /etc/rc.d/init.d/xinetd > A configuration file is stored in your package without the noreplace flag. A > way to resolve this is to put the following in your SPEC file: > %config(noreplace) /etc/your_config_file_here > > Fix. Fixed, init script is not a config file anymore. > xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd > The service is enabled by default after "chkconfig --add"; for security > reasons, most services should not be. Use "-" as the default runlevel in the > init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword > to fix this if appropriate for this service. > > xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd > The service is enabled by default after "chkconfig --add"; for security > reasons, most services should not be. Use "-" as the default runlevel in the > init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword > to fix this if appropriate for this service. > > Fine, it's xinetd FFS. . .:) Fine. > xinetd-debuginfo.i386: E: non-readable > /usr/src/debug/xinetd-2.3.14/libs/include/pset.h 0640 > The file can't be read by everybody. If this is expected (for security > reasons), contact your rpmlint distributor to get it added to the list of > exceptions for your distro (or add it to your local configuration if you > installed rpmlint from the source tarball). > > xinetd-debuginfo.i386: E: non-readable > /usr/src/debug/xinetd-2.3.14/libs/include/xlog.h 0640 > The file can't be read by everybody. If this is expected (for security > reasons), contact your rpmlint distributor to get it added to the list of > exceptions for your distro (or add it to your local configuration if you > installed rpmlint from the source tarball). > > xinetd-debuginfo.i386: E: non-readable > /usr/src/debug/xinetd-2.3.14/libs/include/sio.h 0640 > The file can't be read by everybody. If this is expected (for security > reasons), contact your rpmlint distributor to get it added to the list of > exceptions for your distro (or add it to your local configuration if you > installed rpmlint from the source tarball). > > xinetd-debuginfo.i386: E: non-readable > /usr/src/debug/xinetd-2.3.14/libs/include/str.h 0640 > The file can't be read by everybody. If this is expected (for security > reasons), contact your rpmlint distributor to get it added to the list of > exceptions for your distro (or add it to your local configuration if you > installed rpmlint from the source tarball). > > xinetd-debuginfo.i386: E: non-readable > /usr/src/debug/xinetd-2.3.14/libs/include/m_env.h 0640 > The file can't be read by everybody. If this is expected (for security > reasons), contact your rpmlint distributor to get it added to the list of > exceptions for your distro (or add it to your local configuration if you > installed rpmlint from the source tarball). > > Not really a concern, but should be documented in spec, filed against rpmlint > or fixed, your call. Fixed, sources in debuginfo package should be readable by everyone. I released xinetd-2.3.14-21.fc10 with all the fixes mentioned above. Rpmlint output looks fine to me: xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd xinetd.src:28: W: unversioned-explicit-provides inetd xinetd.src: W: %ifarch-applied-patch Patch0: xinetd-2.3.11-pie.patch xinetd.src: W: %ifarch-applied-patch Patch7: xinetd-2.3.11-PIE.patch
WOW that was fast. And complete. Thank you! APPROVED.