Bug 226560 - Merge Review: xinetd
Merge Review: xinetd
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jon Ciesla
Fedora Package Reviews List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-31 16:19 EST by Nobody's working on this, feel free to take it
Modified: 2008-09-18 08:27 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-18 08:27:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
limburgher: fedora‑review+


Attachments (Terms of Use)

  None (edit)
Description Nobody's working on this, feel free to take it 2007-01-31 16:19:38 EST
Fedora Merge Review: xinetd

http://cvs.fedora.redhat.com/viewcvs/devel/xinetd/
Initial Owner: fenlason@redhat.com
Comment 1 Jon Ciesla 2008-09-17 13:15:15 EDT
rpmlint on SRPM:

xinetd.src:24: E: prereq-use /sbin/chkconfig /etc/init.d /sbin/service
The use of PreReq is deprecated. In the majority of cases, a plain Requires is
enough and the right thing to do. Sometimes Requires(pre), Requires(post),
Requires(preun) and/or Requires(postun) can also be used instead of PreReq.

xinetd.src:27: W: unversioned-explicit-provides inetd
The specfile contains an unversioned Provides: token, which will match all
older, equal, and newer versions of the provided thing.  This may cause update
problems and will make versioned dependencies, obsoletions and conflicts on
the provided thing useless -- make the Provides versioned if possible.

xinetd.src:29: W: unversioned-explicit-obsoletes inetd
The specfile contains an unversioned Obsoletes: token, which will match all
older, equal and newer versions of the obsoleted thing.  This may cause update
problems, restrict future package/provides naming, and may match something it
was originally not inteded to match -- make the Obsoletes versioned if
possible.

xinetd.src:29: W: unversioned-explicit-obsoletes netkit-base
The specfile contains an unversioned Obsoletes: token, which will match all
older, equal and newer versions of the obsoleted thing.  This may cause update
problems, restrict future package/provides naming, and may match something it
was originally not inteded to match -- make the Obsoletes versioned if
possible.

Fix.

xinetd.src: W: %ifarch-applied-patch Patch0: xinetd-2.3.11-pie.patch
A patch is applied inside an %ifarch block. Patches must be applied on all
architectures and may contain necessary configure and/or code patch to be
effective only on a given arch.

xinetd.src: W: %ifarch-applied-patch Patch7: xinetd-2.3.11-PIE.patch
A patch is applied inside an %ifarch block. Patches must be applied on all
architectures and may contain necessary configure and/or code patch to be
effective only on a given arch.

Fine.

xinetd.src: W: summary-ended-with-dot A secure replacement for inetd.
Summary ends with a dot.

Fix.

rpmlint on RPMS:

xinetd.i386: E: executable-marked-as-config-file /etc/rc.d/init.d/xinetd
Executables must not be marked as config files because that may prevent
upgrades from working correctly. If you need to be able to customize an
executable, make it for example read a config file in /etc/sysconfig.

xinetd.i386: W: summary-ended-with-dot A secure replacement for inetd.
Summary ends with a dot.

Fix.

xinetd.i386: W: obsolete-not-provided netkit-base
If a package is obsoleted by a compatible replacement, the obsoleted package
must also be provided in order to provide clean upgrade paths and not cause
unnecessary dependency breakage.  If the obsoleting package is not a
compatible replacement for the old one, leave out the provides.

Fix or document.

xinetd.i386: W: conffile-without-noreplace-flag /etc/rc.d/init.d/xinetd
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

Fix.

xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd
The service is enabled by default after "chkconfig --add"; for security
reasons, most services should not be. Use "-" as the default runlevel in the
init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword
to fix this if appropriate for this service.

xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd
The service is enabled by default after "chkconfig --add"; for security
reasons, most services should not be. Use "-" as the default runlevel in the
init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword
to fix this if appropriate for this service.

Fine, it's xinetd FFS. . .:)

xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/pset.h 0640
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/xlog.h 0640
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/sio.h 0640
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/str.h 0640
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

xinetd-debuginfo.i386: E: non-readable /usr/src/debug/xinetd-2.3.14/libs/include/m_env.h 0640
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

Not really a concern, but should be documented in spec, filed against rpmlint or fixed, your call.


Otherwise, full review looks great, no other blockers.
Comment 2 Jan Safranek 2008-09-18 04:42:44 EDT
(In reply to comment #1)
> rpmlint on SRPM:
> 
> xinetd.src:24: E: prereq-use /sbin/chkconfig /etc/init.d /sbin/service
> The use of PreReq is deprecated. In the majority of cases, a plain Requires is
> enough and the right thing to do. Sometimes Requires(pre), Requires(post),
> Requires(preun) and/or Requires(postun) can also be used instead of PreReq.

Fixed.

> xinetd.src:27: W: unversioned-explicit-provides inetd
> The specfile contains an unversioned Provides: token, which will match all
> older, equal, and newer versions of the provided thing.  This may cause update
> problems and will make versioned dependencies, obsoletions and conflicts on
> the provided thing useless -- make the Provides versioned if possible.

Heh, I wasn't able to find the last version of inetd we shipped, Fedora Core 1 had already xinetd -> no version info is available.
 
> xinetd.src:29: W: unversioned-explicit-obsoletes inetd
> The specfile contains an unversioned Obsoletes: token, which will match all
> older, equal and newer versions of the obsoleted thing.  This may cause update
> problems, restrict future package/provides naming, and may match something it
> was originally not inteded to match -- make the Obsoletes versioned if
> possible.
> 
> xinetd.src:29: W: unversioned-explicit-obsoletes netkit-base
> The specfile contains an unversioned Obsoletes: token, which will match all
> older, equal and newer versions of the obsoleted thing.  This may cause update
> problems, restrict future package/provides naming, and may match something it
> was originally not inteded to match -- make the Obsoletes versioned if
> possible.
>
> Fix.

Fixed, both Obsoletes: removed.

> xinetd.src: W: %ifarch-applied-patch Patch0: xinetd-2.3.11-pie.patch
> A patch is applied inside an %ifarch block. Patches must be applied on all
> architectures and may contain necessary configure and/or code patch to be
> effective only on a given arch.
> 
> xinetd.src: W: %ifarch-applied-patch Patch7: xinetd-2.3.11-PIE.patch
> A patch is applied inside an %ifarch block. Patches must be applied on all
> architectures and may contain necessary configure and/or code patch to be
> effective only on a given arch.
> 
> Fine.

Fine.

> xinetd.src: W: summary-ended-with-dot A secure replacement for inetd.
> Summary ends with a dot.
> 
> Fix.

Fixed.
 
> rpmlint on RPMS:
> 
> xinetd.i386: E: executable-marked-as-config-file /etc/rc.d/init.d/xinetd
> Executables must not be marked as config files because that may prevent
> upgrades from working correctly. If you need to be able to customize an
> executable, make it for example read a config file in /etc/sysconfig.
> 
> xinetd.i386: W: summary-ended-with-dot A secure replacement for inetd.
> Summary ends with a dot.
> 
> Fix.

Fixed.

> xinetd.i386: W: obsolete-not-provided netkit-base
> If a package is obsoleted by a compatible replacement, the obsoleted package
> must also be provided in order to provide clean upgrade paths and not cause
> unnecessary dependency breakage.  If the obsoleting package is not a
> compatible replacement for the old one, leave out the provides.
> 
> Fix or document.

Fixed, Obsolete: removed.

> xinetd.i386: W: conffile-without-noreplace-flag /etc/rc.d/init.d/xinetd
> A configuration file is stored in your package without the noreplace flag. A
> way to resolve this is to put the following in your SPEC file:
> %config(noreplace) /etc/your_config_file_here
> 
> Fix.

Fixed, init script is not a config file anymore.

> xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd
> The service is enabled by default after "chkconfig --add"; for security
> reasons, most services should not be. Use "-" as the default runlevel in the
> init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword
> to fix this if appropriate for this service.
> 
> xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd
> The service is enabled by default after "chkconfig --add"; for security
> reasons, most services should not be. Use "-" as the default runlevel in the
> init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword
> to fix this if appropriate for this service.
> 
> Fine, it's xinetd FFS. . .:)

Fine.

> xinetd-debuginfo.i386: E: non-readable
> /usr/src/debug/xinetd-2.3.14/libs/include/pset.h 0640
> The file can't be read by everybody. If this is expected (for security
> reasons), contact your rpmlint distributor to get it added to the list of
> exceptions for your distro (or add it to your local configuration if you
> installed rpmlint from the source tarball).
> 
> xinetd-debuginfo.i386: E: non-readable
> /usr/src/debug/xinetd-2.3.14/libs/include/xlog.h 0640
> The file can't be read by everybody. If this is expected (for security
> reasons), contact your rpmlint distributor to get it added to the list of
> exceptions for your distro (or add it to your local configuration if you
> installed rpmlint from the source tarball).
> 
> xinetd-debuginfo.i386: E: non-readable
> /usr/src/debug/xinetd-2.3.14/libs/include/sio.h 0640
> The file can't be read by everybody. If this is expected (for security
> reasons), contact your rpmlint distributor to get it added to the list of
> exceptions for your distro (or add it to your local configuration if you
> installed rpmlint from the source tarball).
> 
> xinetd-debuginfo.i386: E: non-readable
> /usr/src/debug/xinetd-2.3.14/libs/include/str.h 0640
> The file can't be read by everybody. If this is expected (for security
> reasons), contact your rpmlint distributor to get it added to the list of
> exceptions for your distro (or add it to your local configuration if you
> installed rpmlint from the source tarball).
> 
> xinetd-debuginfo.i386: E: non-readable
> /usr/src/debug/xinetd-2.3.14/libs/include/m_env.h 0640
> The file can't be read by everybody. If this is expected (for security
> reasons), contact your rpmlint distributor to get it added to the list of
> exceptions for your distro (or add it to your local configuration if you
> installed rpmlint from the source tarball).
> 
> Not really a concern, but should be documented in spec, filed against rpmlint
> or fixed, your call.

Fixed, sources in debuginfo package should be readable by everyone.

I released xinetd-2.3.14-21.fc10 with all the fixes mentioned above. Rpmlint output looks fine to me:
xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd
xinetd.i386: W: service-default-enabled /etc/rc.d/init.d/xinetd
xinetd.src:28: W: unversioned-explicit-provides inetd
xinetd.src: W: %ifarch-applied-patch Patch0: xinetd-2.3.11-pie.patch
xinetd.src: W: %ifarch-applied-patch Patch7: xinetd-2.3.11-PIE.patch
Comment 3 Jon Ciesla 2008-09-18 08:27:59 EDT
WOW that was fast.  And complete.  Thank you!

APPROVED.

Note You need to log in before you can comment on or make changes to this bug.