Spec URL: http://jgu.fedorapeople.org/shorewall-common.spec SRPM URL: http://jgu.fedorapeople.org/shorewall-common-4.0.4-1.fc7.src.rpm Description: The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. The version 3 release series of Shorewall is already available in Fedora. With the release of version 4, upstream has added a new perl based rule compiler and completely changed the way the package is distributed. The shell-based and perl-based compilers are each distributed as individual tarballs, and files required to run shorewall with either compiler are packaged as a third tarball, shorewall-common. The shorewall-perl compilers is suggested for new installed systems and shorewall-shell is provided for backwards compatibility and smooth legacy system upgrades because shorewall perl is not fully compatible with all legacy configurations. This package contains the files required by shorewall-perl and shorewall-shell to run. You need to install the shorewall-perl and/or shorewall-shell package(s) for a functional firewall. shorewall-common is also required by shorewall-lite, a light-weight Shorewall version that will run compiled firewall scripts generated on a system with one of the compiler packages installed.
$ rpmlint -i ../RPMS/noarch/shorewall-common-4.0.4-1.fc7.noarch.rpm shorewall-common.noarch: W: service-default-enabled /etc/rc.d/init.d/shorewall The service is enabled by default after "chkconfig --add"; for security reasons, most services should not be. Use "-" as the default runlevel in the init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword to fix this if appropriate for this service. -->This one is bogus - the startup script has an empty entry for Default-Start. Removing the Default-Start entry makes the warning go away, but it is fine to have an empty one there. shorewall-common.noarch: E: subsys-not-used /etc/rc.d/init.d/shorewall While your daemon is running, you have to put a lock file in /var/lock/subsys/. To see an example, look at this directory on your machine and examine the corresponding init scripts. --> Also bogus - shorewall creates a lock file itself, there's no need for the startup script to generate one. shorewall-common.noarch: W: incoherent-init-script-name shorewall The init script name should be the same as the package name in lower case, or one with 'd' appended if it invokes a process by that name. --> Also bogus - this goes away if I rename the startup script shorewall-common, which is an awkward name.
Added current shorewall package owner to cc. Robert - I'm not trying to usurp your package here, but I thought that because upstream has changed so much, and because Id done the packaging work for other reasons, it would be useful to put them into BZ for review. I am more than happy if you want to continue owning this package. Am also happy to co-maintain shorewall with you, if you like.
$ rpmlint -i ../RPMS/noarch/shorewall-perl-4.0.4-1.fc7.noarch.rpm shorewall-perl.noarch: E: useless-explicit-provides perl(Shorewall::Ports) This package provides 2 times the same capacity. It should only provide it once. --> This is bogus, and is caused by a problem with the way rpm generates automatic Provides. The package contains a perl script (buildports.pl) which parses /etc/services and /etc/protocols to generate a module Ports.pm. This is done at package build time. Because buildports.pl contains the text "package Shorewall::Ports;" which it echo's out to Ports.pm during generation, RPM believes that both Ports.pm and buildports.pl provide Shorewall::Ports. This could be solved by not including buildports.pl in the package, but this file has utility for people who make local mods to /etc/services or /etc/protocols. shorewall-perl.noarch: W: empty-%pre shorewall-perl.noarch: W: empty-%post shorewall-perl.noarch: W: empty-%preun --> These 3 can be ignored.
Crap, please ignore Comment #3 - this was meant to go into the BZ for shorewall-perl (BZ #321711).
Following discussion with Robert, and also on #fedora-devel, consensus seems to be that it is better to have a single package with all tarballs. Therefore, I'm closing this review, and discussion of the multitarball package will continue in BZ #321731
> This one is bogus - the startup script has an empty entry for Default-Start. > Removing the Default-Start entry makes the warning go away, but it is fine to > have an empty one there. correct