Bug 245488 - Review Request: maradns - security-aware DNS server
Review Request: maradns - security-aware DNS server
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ruben Kerkhof
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-24 01:54 EDT by Brandon Holbrook
Modified: 2008-03-10 00:05 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-10 00:05:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
ruben: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)
Fix rpmlint warnings (1.03 KB, patch)
2007-06-24 19:01 EDT, Ruben Kerkhof
no flags Details | Diff

  None (edit)
Description Brandon Holbrook 2007-06-24 01:54:10 EDT
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.06-1.src.rpm

Description:
MaraDNS is a package that implements the Domain Name Service (DNS), an
essential internet service. MaraDNS has the following advantages:
        * Secure.
        * Supported.
        * Easy to use.
        * Small.
        * Open Source.
Comment 1 Ruben Kerkhof 2007-06-24 05:51:26 EDT
Hi Brandon,

Nice, another dns server ;-)

Some initial comments:

rpmlint of maradns:
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/compile.ej
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/authoritative.ej
W: maradns spurious-executable-perm /usr/share/doc/maradns-1.2.12.06/en/man/make.pdf
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/dangling.ej
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/en/misc/compression/decompress_api.html
W: maradns spurious-executable-perm /usr/share/doc/maradns-1.2.12.06/en/tutorial/make.index
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/zoneserver.ej
W: maradns spurious-executable-perm /usr/share/doc/maradns-1.2.12.06/en/webpage/make.page
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/csv2.ej
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/en/misc/private_rrs.html
E: maradns no-status-entry /etc/rc.d/init.d/maradns
W: maradns no-reload-entry /etc/rc.d/init.d/maradns
E: maradns subsys-not-used /etc/rc.d/init.d/maradns
E: maradns no-status-entry /etc/rc.d/init.d/maradns-zoneserver
W: maradns no-reload-entry /etc/rc.d/init.d/maradns-zoneserver
E: maradns subsys-not-used /etc/rc.d/init.d/maradns-zoneserver

- The FAQ etc are installed twice, once as FAQ and once as FAQ.txt
- Missing dependancy on chkconfig for %post (package chkconfig)
- Missing dependancy on chkconfig for %preun (package chkconfig)
- Missing dependancy on service for %postun (package initscripts)
- Missing dependancy on service for %preun (package initscripts)

The way of building this package is a bit strange. The Makefile calls ./compile.sh, which in turn calls 
./configure and then make again. This way, $RPM_OPT_FLAGS are not used.
Comment 2 Michael Fleming 2007-06-24 09:22:31 EDT
I had a crack at this previously for my own repository (it was more a test and
I'm using BIND myself, but keep it up-to-date for those that want it. This one
is in better shape IMHO) and found that skipping the ./compile.sh item entirely
a better solution re: ensuring the optimisation flags are honoured.

I used:

./configure
make FLAGS="%{optflags} -DSELECT_PROBLEM"

...and it compiled and worked fine for me.

Michael.
Comment 3 Brandon Holbrook 2007-06-24 16:00:39 EDT
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.06-2.src.rpm

I liked Michael's idea of calling configure and make manually.  Note that
introduced an rpmlint error on the srpm "configure-without-libdir-spec" because
I have to run "./configure" instead of the "%configure" macro (since this is a
homebrew configure and not an autoconf one).  I also made a comment along those
lines in the spec file.

I also added requirements for chkconfig and initscripts, which didn't affect
rpmlint's output.  The initscripts rpmlint is complaining about are the ones
included with the upstream package, and are obviously missing a 'status' and
'reload' section (and whatever 'subsys-not-used' means).  Is it my
responsibility to augment these init scripts to play nicer in Fedoraland?
Comment 4 Brandon Holbrook 2007-06-24 16:04:16 EDT
I also just now added a disttag to Release after pushing these RPMs, in case
somebody notices it was missing :)
Comment 5 Ruben Kerkhof 2007-06-24 19:00:50 EDT
Attached patch fixes most of the rpmlint warnings, but please consider reporting these fixes upstream as 
well.

The subsys-not-used means that you should create a lock file in /var/lock/zoneserver when you start up 
the server. rpmlint -i gives you more info.

Personally, I think it's the same amount of work patching the initscripts, as it is to create new ones in 
Fedora style. I did one for pdns-recursor, you can take that as a template.
Comment 6 Ruben Kerkhof 2007-06-24 19:01:29 EDT
Created attachment 157727 [details]
Fix rpmlint warnings
Comment 7 Brandon Holbrook 2007-06-29 02:45:37 EDT
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.06-3.fc7.src.rpm

Applied Ruben's patch and wrote some new init scripts.  rpmlint is much quieter
now.  tarball permissions and dos line endings have all been reported to upstream.
Comment 8 Ruben Kerkhof 2007-06-29 14:10:21 EDT
rpmlint of maradns:
E: maradns incoherent-subsys /etc/rc.d/init.d/maradns-zoneserver zoneserver
E: maradns incoherent-subsys /etc/rc.d/init.d/maradns-zoneserver zoneserver
E: maradns incoherent-subsys /etc/rc.d/init.d/maradns-zoneserver zoneserver

This one is simple to solve, use /var/lock/subsys/maradns-zoneserver instead of zoneserver in the init 
file.

Patch0:         initscripts.patch can now be removed

# copy symlinked docs to the real thing
%{__rm} FAQ CHANGELOG CREDITS
%{__cp} doc/en/faq.txt FAQ
%{__cp} doc/en/changelog.txt CHANGELOG
%{__cp} doc/en/credits.txt CREDITS

Why not use a symlink? Shipping the same document twice seems like a waste of diskspace.

The condrestart in %postun should only happen on upgrades, not on installs or uninstalls.

By default, maradns runs as root, while it has the option to run as normal user in a chroot.
I think it would be nice if you could :
 - add a user and group
 - add that user to /etc/mararc

Have a look at Pound or pdns for examples
There's also a draft at http://fedoraproject.org/wiki/PackagingDrafts/UsersAndGroups you can look at.
Comment 9 Brandon Holbrook 2007-08-24 02:02:41 EDT
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.07-1.fc7.src.rpm

Updated to 1.2.12.07
Fixed the incorrect symlinks (rather than copy the files)
make condrestart happen only on upgrades
Added a maradns user/group
Comment 10 Brandon Holbrook 2007-10-01 23:38:25 EDT
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.08-1.fc7.src.rpm

Updated to 1.2.12.08
Converted non-UTF8-encoded files to UTF8
Comment 11 Stephen Warren 2007-11-19 01:03:07 EST
Ping Ruben. Are you able to review the latest version of the package?
Comment 12 Ruben Kerkhof 2008-01-20 09:08:21 EST
Brandon, two comments:
-There's a new version out
- The following doesn't work in the %install section:
echo maradns_uid=%(id -u maradns) >> build/rpm.mararc
echo maradns_gid=%(id -g maradns) >> build/rpm.mararc

I think that's because %install runs in a chroot, and %pre runs when you install the rpm. 
Comment 13 Jason Tibbitts 2008-01-27 15:37:39 EST
Ruben, please set fedora-review to '?' if you're reviewing this.

I see that Brandon has made CVS commits recently so hopefully he's still willing
to work on this package.
Comment 14 Brandon Holbrook 2008-01-29 01:24:59 EST
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.3.07.08-1.fc8.src.rpm

maradns 1.3 has been officially declared stable, so I have updated these RPMs to
the latest in the 1.3 series.  I also fixed the issue with the echo statements
not working in %install (they didn't even belong in %install anyway, they
belonged in %post).
Comment 15 Ruben Kerkhof 2008-02-16 08:20:29 EST
Hello Brendon,

Apart from the Source0 line, which should be
http://www.maradns.org/download/1.3/%{version}/%{name}-%{version}.tar.bz2
instead of
http://www.maradns.org/download/1.2/%{version}/%{name}-%{version}.tar.bz2

the package looks good. Approved.
Comment 16 Brandon Holbrook 2008-03-07 22:34:06 EST
New Package CVS Request
=======================
Package Name: maradns
Short Description: Security-aware DNS Server
Owners: static
Branches: F-8, EL-5
InitialCC: 
Cvsextras Commits: yes
Comment 17 Kevin Fenzi 2008-03-08 14:33:10 EST
cvs done.
Comment 18 Brandon Holbrook 2008-03-10 00:05:25 EDT
Uploaded and building now.  Thanks Ruben!

Note You need to log in before you can comment on or make changes to this bug.