Bug 245488 - Review Request: maradns - security-aware DNS server
Summary: Review Request: maradns - security-aware DNS server
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ruben Kerkhof
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-24 05:54 UTC by Brandon Holbrook
Modified: 2008-03-10 04:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-10 04:05:25 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
ruben: fedora-review+
kevin: fedora-cvs+


Attachments (Terms of Use)
Fix rpmlint warnings (1.03 KB, patch)
2007-06-24 23:01 UTC, Ruben Kerkhof
no flags Details | Diff

Description Brandon Holbrook 2007-06-24 05:54:10 UTC
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.06-1.src.rpm

Description:
MaraDNS is a package that implements the Domain Name Service (DNS), an
essential internet service. MaraDNS has the following advantages:
        * Secure.
        * Supported.
        * Easy to use.
        * Small.
        * Open Source.

Comment 1 Ruben Kerkhof 2007-06-24 09:51:26 UTC
Hi Brandon,

Nice, another dns server ;-)

Some initial comments:

rpmlint of maradns:
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/compile.ej
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/authoritative.ej
W: maradns spurious-executable-perm /usr/share/doc/maradns-1.2.12.06/en/man/make.pdf
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/dangling.ej
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/en/misc/compression/decompress_api.html
W: maradns spurious-executable-perm /usr/share/doc/maradns-1.2.12.06/en/tutorial/make.index
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/zoneserver.ej
W: maradns spurious-executable-perm /usr/share/doc/maradns-1.2.12.06/en/webpage/make.page
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/pt_br/source/csv2.ej
W: maradns wrong-file-end-of-line-encoding /usr/share/doc/maradns-
1.2.12.06/en/misc/private_rrs.html
E: maradns no-status-entry /etc/rc.d/init.d/maradns
W: maradns no-reload-entry /etc/rc.d/init.d/maradns
E: maradns subsys-not-used /etc/rc.d/init.d/maradns
E: maradns no-status-entry /etc/rc.d/init.d/maradns-zoneserver
W: maradns no-reload-entry /etc/rc.d/init.d/maradns-zoneserver
E: maradns subsys-not-used /etc/rc.d/init.d/maradns-zoneserver

- The FAQ etc are installed twice, once as FAQ and once as FAQ.txt
- Missing dependancy on chkconfig for %post (package chkconfig)
- Missing dependancy on chkconfig for %preun (package chkconfig)
- Missing dependancy on service for %postun (package initscripts)
- Missing dependancy on service for %preun (package initscripts)

The way of building this package is a bit strange. The Makefile calls ./compile.sh, which in turn calls 
./configure and then make again. This way, $RPM_OPT_FLAGS are not used.

Comment 2 Michael Fleming 2007-06-24 13:22:31 UTC
I had a crack at this previously for my own repository (it was more a test and
I'm using BIND myself, but keep it up-to-date for those that want it. This one
is in better shape IMHO) and found that skipping the ./compile.sh item entirely
a better solution re: ensuring the optimisation flags are honoured.

I used:

./configure
make FLAGS="%{optflags} -DSELECT_PROBLEM"

...and it compiled and worked fine for me.

Michael.


Comment 3 Brandon Holbrook 2007-06-24 20:00:39 UTC
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.06-2.src.rpm

I liked Michael's idea of calling configure and make manually.  Note that
introduced an rpmlint error on the srpm "configure-without-libdir-spec" because
I have to run "./configure" instead of the "%configure" macro (since this is a
homebrew configure and not an autoconf one).  I also made a comment along those
lines in the spec file.

I also added requirements for chkconfig and initscripts, which didn't affect
rpmlint's output.  The initscripts rpmlint is complaining about are the ones
included with the upstream package, and are obviously missing a 'status' and
'reload' section (and whatever 'subsys-not-used' means).  Is it my
responsibility to augment these init scripts to play nicer in Fedoraland?

Comment 4 Brandon Holbrook 2007-06-24 20:04:16 UTC
I also just now added a disttag to Release after pushing these RPMs, in case
somebody notices it was missing :)

Comment 5 Ruben Kerkhof 2007-06-24 23:00:50 UTC
Attached patch fixes most of the rpmlint warnings, but please consider reporting these fixes upstream as 
well.

The subsys-not-used means that you should create a lock file in /var/lock/zoneserver when you start up 
the server. rpmlint -i gives you more info.

Personally, I think it's the same amount of work patching the initscripts, as it is to create new ones in 
Fedora style. I did one for pdns-recursor, you can take that as a template.

Comment 6 Ruben Kerkhof 2007-06-24 23:01:29 UTC
Created attachment 157727 [details]
Fix rpmlint warnings

Comment 7 Brandon Holbrook 2007-06-29 06:45:37 UTC
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.06-3.fc7.src.rpm

Applied Ruben's patch and wrote some new init scripts.  rpmlint is much quieter
now.  tarball permissions and dos line endings have all been reported to upstream.

Comment 8 Ruben Kerkhof 2007-06-29 18:10:21 UTC
rpmlint of maradns:
E: maradns incoherent-subsys /etc/rc.d/init.d/maradns-zoneserver zoneserver
E: maradns incoherent-subsys /etc/rc.d/init.d/maradns-zoneserver zoneserver
E: maradns incoherent-subsys /etc/rc.d/init.d/maradns-zoneserver zoneserver

This one is simple to solve, use /var/lock/subsys/maradns-zoneserver instead of zoneserver in the init 
file.

Patch0:         initscripts.patch can now be removed

# copy symlinked docs to the real thing
%{__rm} FAQ CHANGELOG CREDITS
%{__cp} doc/en/faq.txt FAQ
%{__cp} doc/en/changelog.txt CHANGELOG
%{__cp} doc/en/credits.txt CREDITS

Why not use a symlink? Shipping the same document twice seems like a waste of diskspace.

The condrestart in %postun should only happen on upgrades, not on installs or uninstalls.

By default, maradns runs as root, while it has the option to run as normal user in a chroot.
I think it would be nice if you could :
 - add a user and group
 - add that user to /etc/mararc

Have a look at Pound or pdns for examples
There's also a draft at http://fedoraproject.org/wiki/PackagingDrafts/UsersAndGroups you can look at.

Comment 9 Brandon Holbrook 2007-08-24 06:02:41 UTC
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.07-1.fc7.src.rpm

Updated to 1.2.12.07
Fixed the incorrect symlinks (rather than copy the files)
make condrestart happen only on upgrades
Added a maradns user/group

Comment 10 Brandon Holbrook 2007-10-02 03:38:25 UTC
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.2.12.08-1.fc7.src.rpm

Updated to 1.2.12.08
Converted non-UTF8-encoded files to UTF8

Comment 11 Stephen Warren 2007-11-19 06:03:07 UTC
Ping Ruben. Are you able to review the latest version of the package?


Comment 12 Ruben Kerkhof 2008-01-20 14:08:21 UTC
Brandon, two comments:
-There's a new version out
- The following doesn't work in the %install section:
echo maradns_uid=%(id -u maradns) >> build/rpm.mararc
echo maradns_gid=%(id -g maradns) >> build/rpm.mararc

I think that's because %install runs in a chroot, and %pre runs when you install the rpm. 

Comment 13 Jason Tibbitts 2008-01-27 20:37:39 UTC
Ruben, please set fedora-review to '?' if you're reviewing this.

I see that Brandon has made CVS commits recently so hopefully he's still willing
to work on this package.

Comment 14 Brandon Holbrook 2008-01-29 06:24:59 UTC
Spec URL: http://theholbrooks.org/RPMS/maradns.spec
SRPM URL: http://theholbrooks.org/RPMS/maradns-1.3.07.08-1.fc8.src.rpm

maradns 1.3 has been officially declared stable, so I have updated these RPMs to
the latest in the 1.3 series.  I also fixed the issue with the echo statements
not working in %install (they didn't even belong in %install anyway, they
belonged in %post).

Comment 15 Ruben Kerkhof 2008-02-16 13:20:29 UTC
Hello Brendon,

Apart from the Source0 line, which should be
http://www.maradns.org/download/1.3/%{version}/%{name}-%{version}.tar.bz2
instead of
http://www.maradns.org/download/1.2/%{version}/%{name}-%{version}.tar.bz2

the package looks good. Approved.

Comment 16 Brandon Holbrook 2008-03-08 03:34:06 UTC
New Package CVS Request
=======================
Package Name: maradns
Short Description: Security-aware DNS Server
Owners: static
Branches: F-8, EL-5
InitialCC: 
Cvsextras Commits: yes

Comment 17 Kevin Fenzi 2008-03-08 19:33:10 UTC
cvs done.

Comment 18 Brandon Holbrook 2008-03-10 04:05:25 UTC
Uploaded and building now.  Thanks Ruben!


Note You need to log in before you can comment on or make changes to this bug.