Spec URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow.spec SRPM URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow-2.1-1.src.rpm Description: When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as "nobody". mod_auth_shadow addresses this difficulty by opening a pipe to an suid root program, validate, which does the actual validation. When there is a failure, validate writes an error message to the system log, and waits three seconds before exiting.
Good: + Rpmlint is quite on source rpm. + Local build works fine. + License seems ok + Naming semms ok Bad: + Rpmlint complaints binary RPM. rpmlint mod_auth_shadow-2.1-1.x86_64.rpm E: mod_auth_shadow setuid-binary /usr/sbin/validate root 04755 E: mod_auth_shadow non-standard-executable-perm /usr/sbin/validate 04755 - Debuginfo RPM contains no sources - Use a better source URL to sf.net (??)
Thanks for the review. I believe everything's OK now. New versions with URLs as before. Debuginfo RPM: Fixed (I shouldn't have stripped the binaries on installation). rpmlint complains about the setuid root binary : this can be disregarded - it's meant to be a setuid binary, that's the design; you can't read /etc/shadow without it! (The non-standard permission is a permutation on this error: it's the setuid bit which is nonstandard). Sourceforge URL... I can't see any problem with this. (http://downloads.sourceforge.net/mod-auth-shadow/%{name}-%{version}.tar.gz)
Good: + Tar ball matches with upstream. + License ok. Bad: - Package contains no verbatin text of the license (Please contact upstream to include it in the next release) - Debuginfo package contains no sources. Please increase release number when upload a new release of your package.
New versions, which I believe satisfy both mentioned requirements: Spec URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow.spec SRPM URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow-2.1-2.src.rpm I've included a copy of the GPL to satisfy the GPL's own requirements, and I've contacted upstream to ask them to include it themselves in future releases. The debuginfo was a mistake - somehow I'd not updated the uploaded src.rpm which had fixed this. I've bumped the version to make sure that doesn't happen this time.
David, you should not include the license by yourself. Please see http://fedoraproject.org/wiki/Packaging/ReviewGuidelines, under MUST: - MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc.
Spec URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow.spec SRPM URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow-2.1-3.src.rpm Thanks wolfshant. New versions. I disagree with those guidelines, as the GPL itself requires that the GPL be included in the distribution. It seems to me that Fedora can't redistribute without fulfilling those terms. Upstream isn't bound by those terms as it's the copyright holder, but we are, so we ought to include a copy of the GPL. So I think Tom Callaway has got that wrong. But, I don't make the rules, so the new SRPM I've uploaded does it the suggested way... I assume that Fedora legal knows what it's doing.
God: + Naming semms ok + License ok. + Local build works ok. + Binary package ok. + Debuginfo package ok. + Mock build works fine. + Local install and uninstall works fine. + Start of httpd with installed package works fine. Bad: - Package conains no verbatin copy of the license (Please contact upstream for including it in the next release)
New Package CVS Request ======================= Package Name: mod_auth_shadow Short Description: An Apache module for authentication using /etc/shadow Owners: fedora-packaging.uk Branches: FC-5 FC-6 EL-4 EL-5 InitialCC:
Upstream has released a new release which includes the license file: Spec URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow.spec SRPM URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow-2.2-1.src.rpm
OK, in CVS and built for devel now. Thanks to everyone who helped.