Bug 321691 - Review Request: shorewall-common - Common files for the shorewall firewall compilers
Summary: Review Request: shorewall-common - Common files for the shorewall firewall co...
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 247057 321731
TreeView+ depends on / blocked
Reported: 2007-10-07 00:32 UTC by Jonathan Underwood
Modified: 2007-11-30 22:12 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-10-07 23:28:31 UTC
Type: ---

Attachments (Terms of Use)

Description Jonathan Underwood 2007-10-07 00:32:01 UTC
Spec URL: http://jgu.fedorapeople.org/shorewall-common.spec
SRPM URL: http://jgu.fedorapeople.org/shorewall-common-4.0.4-1.fc7.src.rpm

The Shoreline Firewall, more commonly known as "Shorewall", is a
Netfilter (iptables) based firewall that can be used on a dedicated
firewall system, a multi-function gateway/ router/server or on a
standalone GNU/Linux system. 

The version 3 release series of Shorewall is already available in Fedora. With the release of version 4, upstream has added a new perl based rule compiler and completely changed the way the package is distributed. The shell-based and perl-based compilers are each distributed as individual tarballs, and files required to run shorewall with either compiler are packaged as a third tarball, shorewall-common. 

The shorewall-perl compilers is suggested for new
installed systems and shorewall-shell is provided for backwards
compatibility and smooth legacy system upgrades because shorewall perl
is not fully compatible with all legacy configurations.

This package contains the files required by shorewall-perl and
shorewall-shell to run. You need to install the shorewall-perl and/or
shorewall-shell package(s) for a functional firewall.

shorewall-common is also required by shorewall-lite, a light-weight Shorewall version that will run compiled firewall scripts generated on a system with one of the compiler packages installed.

Comment 1 Jonathan Underwood 2007-10-07 00:36:40 UTC
$ rpmlint -i ../RPMS/noarch/shorewall-common-4.0.4-1.fc7.noarch.rpm 
shorewall-common.noarch: W: service-default-enabled /etc/rc.d/init.d/shorewall
The service is enabled by default after "chkconfig --add"; for security
reasons, most services should not be. Use "-" as the default runlevel in the
init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword
to fix this if appropriate for this service.

-->This one is bogus - the startup script has an empty entry for Default-Start.
Removing the Default-Start entry makes the warning go away, but it is fine to
have an empty one there.

shorewall-common.noarch: E: subsys-not-used /etc/rc.d/init.d/shorewall
While your daemon is running, you have to put a lock file in
/var/lock/subsys/. To see an example, look at this directory on your
machine and examine the corresponding init scripts.

--> Also bogus - shorewall creates a lock file itself, there's no need for the
startup script to generate one.

shorewall-common.noarch: W: incoherent-init-script-name shorewall
The init script name should be the same as the package name in lower case,
or one with 'd' appended if it invokes a process by that name.

--> Also bogus - this goes away if I rename the startup script shorewall-common,
which is an awkward name. 

Comment 2 Jonathan Underwood 2007-10-07 00:40:07 UTC
Added current shorewall package owner to cc. 

Robert - I'm not trying to usurp your package here, but I thought that because
upstream has changed so much, and because Id done the packaging work for other
reasons, it would be useful to put them into BZ for review. I am more than happy
if you want to continue owning this package. Am also happy to co-maintain
shorewall with you, if you like.

Comment 3 Jonathan Underwood 2007-10-07 00:48:50 UTC
$ rpmlint -i ../RPMS/noarch/shorewall-perl-4.0.4-1.fc7.noarch.rpm 
shorewall-perl.noarch: E: useless-explicit-provides perl(Shorewall::Ports)
This package provides 2 times the same capacity. It should only provide it

--> This is bogus, and is caused by a problem with the way rpm generates
automatic Provides. The package contains a perl script (buildports.pl) which
parses /etc/services and /etc/protocols to generate a module Ports.pm. This is
done at package build time. Because buildports.pl contains the text "package
Shorewall::Ports;" which it echo's out to Ports.pm during generation, RPM
believes that both Ports.pm and buildports.pl provide Shorewall::Ports. This
could be solved by not including buildports.pl in the package, but this file has
utility for people who make local mods to /etc/services or /etc/protocols.

shorewall-perl.noarch: W: empty-%pre
shorewall-perl.noarch: W: empty-%post
shorewall-perl.noarch: W: empty-%preun

--> These 3 can be ignored.

Comment 4 Jonathan Underwood 2007-10-07 00:49:45 UTC
Crap, please ignore Comment #3 - this was meant to go into the BZ for
shorewall-perl (BZ #321711).

Comment 5 Jonathan Underwood 2007-10-07 23:28:31 UTC
Following discussion with Robert, and also on #fedora-devel, consensus seems to
be that it is better to have a single package with all tarballs. Therefore, I'm
closing this review, and discussion of the multitarball package will continue in
BZ #321731

Comment 6 Harald Hoyer 2007-10-08 07:22:12 UTC
> This one is bogus - the startup script has an empty entry for Default-Start.
> Removing the Default-Start entry makes the warning go away, but it is fine to
> have an empty one there.


Note You need to log in before you can comment on or make changes to this bug.