Red Hat Bugzilla – Bug 245919
Review Request: openvpn-auth-ldap - OpenVPN plugin for LDAP authentication
Last modified: 2008-04-24 11:32:14 EDT
The OpenVPN Auth-LDAP Plugin implements username/password authentication via
LDAP for OpenVPN 2.x.
I'd be happy to review this package, but first:
Since this package needs a copy of the openvpn source to build, wouldn't it be
better if this was just added to the openvpn package as a subpackage? That would
also keep it in sync with the openvpn package version...
Or is there some reason that wouldn't work?
Well, the plugin doesn't seem to need to be updated for each OpenVPN update. The
reason it requires the sources is that no openvpn-devel or similar package
providing original OpenVPN headers exists...
Maybe just ripping out a few headers from the OpenVPN sources would be enough to
get it to build, but upstream seems to assume users install OpenVPN from
sources, thus can simply point the plugin's configure script to the OpenVPN sources.
I'd be OK with making a openvpn-devel package that included whatever a plugin
needed to compile. If you can narrow down what we'd need to include for me,
that would be great.
Anything happening with this package? It's been nearly six months since the
last comment. I'll go ahead and close it out soon if there's no further response.
Oops. No, don't close it. I didn't realize I was the blocker here. I'll check
how easy if would be (if possible at all) to have this plugin build against some
devel files split out of openvpn.
The "fix" was much easier than I thought. The package only needs a single header
file from the OpenVPN sources : openvpn-plugin.h.
Since the plugin doesn't link against OpenVPN, I've included that header file as
a source of the rpm. It's not the cleanest solution, but I'm not sure it's worth
creating an "openvpn-devel" package just for this.
Yeah, a devel package for just a single header seems somewhat of a waste.
Matthias: Can you post updated packages and I can do a formal review?
Oops, I didn't realize that this review was so old, that the initial packages
were still in the old location I used to use :-) Updated packages (2.0.3-3) are
OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name.
OK - Spec has consistant macro usage.
OK - Meets Packaging Guidelines.
OK - License (BSD)
OK - License field in spec matches
OK - License file included in package
OK - Spec in American English
OK - Spec is legible.
OK - Sources match upstream md5sum:
OK - BuildRequires correct
OK - Package has %defattr and permissions on files is good.
OK - Package has a correct %clean section.
OK - Package has correct buildroot
OK - Package is code or permissible content.
OK - Packages %doc files don't affect runtime.
OK - Package has rm -rf RPM_BUILD_ROOT at top of %install
OK - Package compiles and builds on at least one arch.
OK - Package has no duplicate files in %files.
OK - Package doesn't own any directories other packages own.
OK - Package owns all the directories it creates.
See below - No rpmlint output.
OK - final provides and requires are sane:
OK - Should build in mock.
OK - Should build on all supported archs
OK - Should have dist tag
OK - Should package latest version
1. rpmlint says:
openvpn-auth-ldap.x86_64: E: non-readable /etc/openvpn/auth/ldap.conf 0600
I assume the conf file is not readable due to containing the LDAP bind info?
openvpn-auth-ldap.x86_64: W: no-soname
This is not a dynamic library, but a dlopened plugin, so ignore this.
Everything looks good here... this package is APPROVED.
Hey Matthias... any progress here? The package is approved, you just need to
request CVS and build. ;)
New Package CVS Request
Package Name: openvpn-auth-ldap
Short Description: OpenVPN plugin for LDAP authentication
Branches: F-7 F-8 EL-5
Cvsextras Commits: yes
(FYI: I'm not requesting EL-4 since check-devel isn't available there)
You forgot to set fedora-cvs on this request. ;)
Since I was processing them though, I went ahead and did this one too...
All packages have been rebuilt a while back, so closing now. Thanks all!