Bug 245919 - Review Request: openvpn-auth-ldap - OpenVPN plugin for LDAP authentication
Review Request: openvpn-auth-ldap - OpenVPN plugin for LDAP authentication
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Kevin Fenzi
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-27 08:58 EDT by Matthias Saou
Modified: 2008-04-24 11:32 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-24 11:32:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
kevin: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Matthias Saou 2007-06-27 08:58:37 EDT
Spec URL:
http://ftp.es6.freshrpms.net/tmp/extras/openvpn-auth-ldap/openvpn-auth-ldap.spec
SRPM URL:
http://ftp.es6.freshrpms.net/tmp/extras/openvpn-auth-ldap/openvpn-auth-ldap-2.0.3-2.src.rpm

Description:
The OpenVPN Auth-LDAP Plugin implements username/password authentication via
LDAP for OpenVPN 2.x.
Comment 1 Kevin Fenzi 2007-07-06 16:41:44 EDT
I'd be happy to review this package, but first: 

Since this package needs a copy of the openvpn source to build, wouldn't it be
better if this was just added to the openvpn package as a subpackage? That would
also keep it in sync with the openvpn package version... 
Or is there some reason that wouldn't work?
Comment 2 Matthias Saou 2007-07-14 14:32:23 EDT
Well, the plugin doesn't seem to need to be updated for each OpenVPN update. The
reason it requires the sources is that no openvpn-devel or similar package
providing original OpenVPN headers exists...
Maybe just ripping out a few headers from the OpenVPN sources would be enough to
get it to build, but upstream seems to assume users install OpenVPN from
sources, thus can simply point the plugin's configure script to the OpenVPN sources.
Comment 3 Steven Pritchard 2007-07-30 13:30:53 EDT
I'd be OK with making a openvpn-devel package that included whatever a plugin 
needed to compile.  If you can narrow down what we'd need to include for me, 
that would be great.
Comment 4 Jason Tibbitts 2008-01-27 00:32:57 EST
Anything happening with this package?  It's been nearly six months since the
last comment.  I'll go ahead and close it out soon if there's no further response.
Comment 5 Matthias Saou 2008-01-28 04:25:59 EST
Oops. No, don't close it. I didn't realize I was the blocker here. I'll check
how easy if would be (if possible at all) to have this plugin build against some
devel files split out of openvpn.
Comment 6 Matthias Saou 2008-02-03 09:28:36 EST
The "fix" was much easier than I thought. The package only needs a single header
file from the OpenVPN sources : openvpn-plugin.h.
Since the plugin doesn't link against OpenVPN, I've included that header file as
a source of the rpm. It's not the cleanest solution, but I'm not sure it's worth
creating an "openvpn-devel" package just for this.
Comment 7 Kevin Fenzi 2008-02-04 16:17:36 EST
Yeah, a devel package for just a single header seems somewhat of a waste. 

Matthias: Can you post updated packages and I can do a formal review?
Comment 8 Matthias Saou 2008-02-05 07:42:16 EST
Oops, I didn't realize that this review was so old, that the initial packages
were still in the old location I used to use :-) Updated packages (2.0.3-3) are
here :
http://thias.fedorapeople.org/review/openvpn-auth-ldap/
Comment 9 Kevin Fenzi 2008-02-14 22:54:15 EST
OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name.
OK - Spec has consistant macro usage.
OK - Meets Packaging Guidelines.
OK - License (BSD)
OK - License field in spec matches
OK - License file included in package
OK - Spec in American English
OK - Spec is legible.
OK - Sources match upstream md5sum:
03dedc57efc8d4fc2ffe2c014121299d  auth-ldap-2.0.3.tar.gz
03dedc57efc8d4fc2ffe2c014121299d  auth-ldap-2.0.3.tar.gz.1
OK - BuildRequires correct
OK - Package has %defattr and permissions on files is good.
OK - Package has a correct %clean section.
OK - Package has correct buildroot
OK - Package is code or permissible content.
OK - Packages %doc files don't affect runtime.
OK - Package has rm -rf RPM_BUILD_ROOT at top of %install

OK - Package compiles and builds on at least one arch.
OK - Package has no duplicate files in %files.
OK - Package doesn't own any directories other packages own.
OK - Package owns all the directories it creates.
See below - No rpmlint output.
OK - final provides and requires are sane:

SHOULD Items:

OK - Should build in mock.
OK - Should build on all supported archs
OK - Should have dist tag
OK - Should package latest version

Issues:

1. rpmlint says:

openvpn-auth-ldap.x86_64: E: non-readable /etc/openvpn/auth/ldap.conf 0600

I assume the conf file is not readable due to containing the LDAP bind info?

openvpn-auth-ldap.x86_64: W: no-soname
/usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so

This is not a dynamic library, but a dlopened plugin, so ignore this.

Everything looks good here... this package is APPROVED.
Comment 10 Kevin Fenzi 2008-03-21 20:29:50 EDT
Hey Matthias... any progress here? The package is approved, you just need to
request CVS and build. ;) 
Comment 11 Matthias Saou 2008-03-22 15:38:35 EDT
New Package CVS Request
=======================
Package Name: openvpn-auth-ldap
Short Description: OpenVPN plugin for LDAP authentication
Owners: thias
Branches: F-7 F-8 EL-5
InitialCC:
Cvsextras Commits: yes

(FYI: I'm not requesting EL-4 since check-devel isn't available there)
Comment 12 Kevin Fenzi 2008-03-22 21:18:07 EDT
You forgot to set fedora-cvs on this request. ;) 

Since I was processing them though, I went ahead and did this one too... 
cvs done.
Comment 13 Matthias Saou 2008-04-24 11:32:14 EDT
All packages have been rebuilt a while back, so closing now. Thanks all!

Note You need to log in before you can comment on or make changes to this bug.