Spec URL: http://trousers.sf.net/trousers-0.3.1-1cvs.src.rpm SRPM URL: http://trousers.sf.net/trousers.spec Description: Trousers is an implementation of the Trusted Computing Group's Software Stack specification, created and maintained by IBM. Trousers consists of a library, libtspi.so, which communicates through RPC to a daemon, resident on the TPM chip's platform. The library can be used without the daemon for some tasks and so the package should be included for all architectures. For questions, please contact Kent Yoder at key.ibm.com.
A) You need to have Requires for the binaries you are using in the scriptlets. So this is required: Requires(post): /sbin/ldconfig Requires(post): /sbin/chkconfig B) %post, %preun and %postun section: You should reorganize this and re-use your macros: /sbin/ldconfig if [ $1 = 1 ]; then /sbin/chkconfig --add %{name} if [ $? == 0 ]; then /sbin/chkconfig --level 35 %{name} on fi fi (take a look at http://ibmasm.cvs.sourceforge.net/*checkout*/ibmasm/ibmasm/ibmasm.spec?revision=1.10 for examples what else to do in scriptlets) C). Attributes: <code> iles devel %defattr(755, root, root) %{_libdir}/libtspi.so %attr(644, root, root) %{_libdir}/libtddl.a %attr(644, root, root) %{_includedir}/tss/*.h %attr(644, root, root) %{_includedir}/trousers/*.h %attr(644, root, root) %{_mandir}/man3/Tspi_* </code> You use the 644 attr most of the time, why not make the defattr 644, and label 755 the libtspi (should it even be 755?) D). rpmlint. konrad@dl380 ~]$ rpmlint -v trousers-0.3.1-1cvs.src.rpm trousers.src: I: checking trousers.src:37: W: setup-not-quiet trousers.src:95: W: macro-in-%changelog files
Hi Konrad, There are now some bugfixes against this tarball as well, how should updates to the code and specfile be provided? I don't have a way of providing patches for individual bugs against this release, I'd only be able to do one big patch to bring the source up to the current level. Kent
Just follow the normal process. Release a new version of sourceforge and provide the URLs to the SRPM and SPEC file in this BZ.
Thanks - Also, I'm not following B) above. What does $1 = 1 test? Is this passed in from something in the system rpm macros file? (I'm not seeing it if so..) Kent
Here's the updated spec and src rpm: http://trousers.sf.net/fedora_submit2/trousers-0.3.1-1.src.rpm http://trousers.sourceforge.net/fedora_submit2/trousers.spec The "cvs" string is gone as this source is the actual 0.3.1 source. Here's the output from rpmlint: I: trousers checking E: trousers no-packager-tag W: trousers non-standard-group System Environment/Libraries E: trousers no-signature "System Environment/Libraries" is used elsewhere, so I'm hoping this is fine. Thanks, Kent
When I try to build it under FC7 and F8 I get this: + make -j2 /bin/sh ./config.status --recheck running /bin/sh ./configure --with-openssl=/usr/local/ssl --prefix=/usr --no-create --no-recursion checking build system type... x86_64-unknown-linux checking host system type... x86_64-unknown-linux checking target system type... x86_64-unknown-linux checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking Non-standard OpenSSL location... configure: error: /usr/local/ssl/include or /usr/local/ssl/lib doen't exist! make: *** [config.status] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.18291 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.18291 (%build)
Hi Konrad -- let me re upload you a new src rpm... I'd configured the source in that one already for an old system that needed to be pointed at an openssl 0.9.8 installation from source in /usr/local/ssl. Kent
Latest submission can be found here: http://trousers.sourceforge.net/fedora_submit3/trousers.spec http://trousers.sourceforge.net/fedora_submit3/trousers-0.3.1-1.src.rpm
When I try to build this on my fresh Fedora 8 system it fails because I don't have a tss user or group. It seems like this srpm would work if you built it as root, but not if you do it from a user's sandbox. Also there are a couple places where the spec file is wider than 80chars. This is more of a nit, but could be something to clean up if you end up respinning it.
mra: Ok, there was a recent feature request for setting the user/group during configure. I'll add this to me list... Kent
Its probably the right thing to do to have its own user and group. I think the only trouble is when the rpm tried to create it. If it were to only do it at %install I don't think this would cause any problems for users making the rpm in their sandbox. I'm not sure what the correct procedure is for system daemons like this, but you might want to check out what the beagle or amanda rpms do, since those both show up on my system with created users.
Currently the spec file lists BuildRequires: libtool, gtk2-devel, openssl-devel and Requires: gtk+ >= 2.0, openssl Should the Requires be changed to gtk2, openssl ?
Hi, Kent: Some random comments for 0.3.1-1. (I just glanced at your spec file. I have not tried to rebuild your srpm, and so have not tried to install the rebuilt rpms) - Please consider to use %?dist tag. http://fedoraproject.org/wiki/Packaging/DistTag - Source must be given with full URL. http://fedoraproject.org/wiki/Packaging/SourceURL Please check the section "Sourceforge.net" - For sourceforge hosted project, I prefer to use http://foo.sourceforge.net/ for URL. - "Requires: gtk+, openssl" is not needed. * rpmbuild checks dependencies for libraries when rebuild is done and then adds the dependencies to Requires automatically. - "Requires(post/postun): ldconfig" is not needed. - "--prefix=/usr --libdir=%_libdir" is not needed for %configure. (You can check what %configure actually does by $ rpm --eval %configure). - Please remove unneeded [ "${RPM_BUILD_ROOT}" != "/" ] && [ -d ${RPM_BUILD_ROOT} ] && - You should not turn chkconfig service on by default. - Please use "-p" option for "cp" or "install" commands to keep timestamps on installed files. - Now we recommend %defattr(-,root,root,-) - This package seems to need tss user/group. Please refer to http://fedoraproject.org/wiki/Packaging/UsersAndGroups - If you want to package static archives (for this package, %_libdir/libtddl.a), create -static subpackage and move all static archives to -static subpackage. - Check what package owns %{_includedir}/tss/ and %_includedir/trousers directories.
>" "Requires(post/postun): ldconfig" is not needed. It is required for ordering issues. As explained to me by Jarod Willson, "otherwise the Requires could be batched in the same rpm transaction, but not actually on the system when the package that actually needs it for its %post or %postun script [when] it [is] being handled."
In reply to comment #14) > >" "Requires(post/postun): ldconfig" is not needed. > > It is required for ordering issues. As explained to me by Jarod Willson, > "otherwise the Requires could be batched in the same rpm transaction, but not > actually on the system when the package that actually needs it for its %post or > %postun script [when] it [is] being handled." Ah.. in this case this is needed because /sbin/ldconfig scriptlet is written within sh script executed on scriptlet. Usually this is not needed because when we write --------------------------------------------------------- %post -p /sbin/ldconfig --------------------------------------------------------- (i.e. write /sbin/ldconfig in one line) rpmbuild adds "Requires(post): /sbin/ldconfig" "automatically" to binary rpms. But for this package, you are right.
Hi Mamoru, > - Please consider to use %?dist tag. > http://fedoraproject.org/wiki/Packaging/DistTag Thanks, added this to the release. > - Source must be given with full URL. > http://fedoraproject.org/wiki/Packaging/SourceURL > Please check the section "Sourceforge.net" done > - "Requires: gtk+, openssl" is not needed. > * rpmbuild checks dependencies for libraries when rebuild is > done and then adds the dependencies to Requires automatically. Ok, deleted. > - "Requires(post/postun): ldconfig" is not needed. In response to other comments, I'll keep this... > - "--prefix=/usr --libdir=%_libdir" is not needed for %configure. > (You can check what %configure actually does by > $ rpm --eval %configure). Cool, thanks, very handy to know. > - Please remove unneeded > [ "${RPM_BUILD_ROOT}" != "/" ] && [ -d ${RPM_BUILD_ROOT} ] && done > - You should not turn chkconfig service on by default. Ok, the chkconfig stuff was added on instructions from others. Can we get consensus? > - Please use "-p" option for "cp" or "install" commands to > keep timestamps on installed files. done > - Now we recommend %defattr(-,root,root,-) done. What does the second '-' do? (I didn't see this int he RPM howto). > - This package seems to need tss user/group. Please refer to > http://fedoraproject.org/wiki/Packaging/UsersAndGroups Thanks, updated. > - If you want to package static archives (for this package, > %_libdir/libtddl.a), create -static subpackage and > move all static archives to -static subpackage. done > - Check what package owns %{_includedir}/tss/ and > %_includedir/trousers directories. I'm not sure I understand here, can you explain? THanks, Kent
The latest spec and srpm are available here: http://trousers.sourceforge.net/fedora_submit4
I was confused by directory ownership in the past, basically what you need to do is adjust the %files section to include the paths as well as the globbed files. That way the directory is considered owned by the rpm, in addition to the files under it. I think all you need is something like: # The files to be used by developers, 'trousers-devel' %files devel %defattr(-, root, root, -) %attr(755, root, root) %{_libdir}/libtspi.so %{_includedir}/tss/ %{_includedir}/tss/*.h %{_includedir}/trousers/ %{_includedir}/trousers/*.h %{_mandir}/man3/Tspi_*
Well, while I have not checked your newest srpm: - From next time please increase the release number of spec file (if version is not changed) every time you modify your spec file. http://fedoraproject.org/wiki/Packaging/FrequentlyMadeMistakes For directory ownership issue: (In reply to comment #16) > > - Check what package owns %{_includedir}/tss/ and > > %_includedir/trousers directories. > I'm not sure I understand here, can you explain? Okay, now I explain. (In reply to comment #18) > I was confused by directory ownership in the past, basically what you need to do > is adjust the %files section to include the paths as well as the globbed files. > That way the directory is considered owned by the rpm, in addition to the files > under it. > > I think all you need is something like: > > # The files to be used by developers, 'trousers-devel' > %files devel > %defattr(-, root, root, -) > %attr(755, root, root) %{_libdir}/libtspi.so > %{_includedir}/tss/ > %{_includedir}/tss/*.h > %{_includedir}/trousers/ > %{_includedir}/trousers/*.h > %{_mandir}/man3/Tspi_* Umm.. this is not correct. When you write (as currently) ---------------------------------------------------- %files devel %{_includedir}/tss/*.h ---------------------------------------------------- This contains all files named /usr/include/tss/*.h, but does not contain the directory /usr/include/tss itself, which leaves this directory unowned by any package. ---------------------------------------------------- # LANG=C rpm -qf /usr/include/tss file /usr/include/tss is not owned by any package ---------------------------------------------------- For several (non-trivial) reasons a directory created by rpm install must be owned by one package. A. One of the ways to make /usr/include/tss owned by -devel subpackage is to write ---------------------------------------------------- %files devel %dir %{_includedir}/tss/ %{_includedir}/tss/*.h ---------------------------------------------------- Here "%dir %{_includedir}/tss/" contains the directory /usr/include/tss only. B. But I usually write as below: ---------------------------------------------------- %files devel %{_includedir}/tss/ ---------------------------------------------------- Note that compared to A, the macro "%dir" is missing. When written as B, this contains the directory %_includedir/tss *and* all files/directories/etc under %_includedir/tss.
By the way rebuild failed. http://koji.fedoraproject.org/koji/taskinfo?taskID=265276
Ok, I checked the build log, and the install hooks that create the user/group 'tss' were failing. I've added a patch to remove that code for the rpm build. Also I bumped the build number in this release and have changed the *.h's in the devel rpm file section to just tss/ and trousers/. Latest srpm and specfile are here: http://trousers.sourceforge.net/fedora_submit5/ Kent
Well, I just tried to rebuild 3.3.1-2, however it again failed. http://koji.fedoraproject.org/koji/taskinfo?taskID=267051 You have to patch against Makefile.in. Patching against Makefile.am does not change anything (unless you call automake or so, however please avoid to use autotools when possible). * By the way: - Not a big problem, however your comments ---------------------------------------------------------- %build %configure make %{?_smp_mflags} # <- FROM THIS LINE # $1 is the number of entries in the RPM database for the package after the step is # executed. So in the post step, if $1 is 1, then this is the first time we've been # installed. If its 2, we're upgrading. # <- TO THIS LINE %post /sbin/ldconfig ------------------------------------------------------------- is in %build section. - And I usually write in the order of %prep, %build, %install, %clean, %pre, %post, %preun, and %postun (I am only saying my habit). By the way, where is %clean section? - calling ldconfig for -devel package is not needed. - I recomment to use http://trousers.sourceforge.net/ for URL.
ping?
(In reply to comment #22) > Well, I just tried to rebuild 3.3.1-2, however it again failed. > http://koji.fedoraproject.org/koji/taskinfo?taskID=267051 > > You have to patch against Makefile.in. Patching against Makefile.am > does not change anything (unless you call automake or so, however > please avoid to use autotools when possible). Ok, I'll patch Makefile.in... > * By the way: > - Not a big problem, however your comments > ---------------------------------------------------------- > %build > %configure > make %{?_smp_mflags} > > # <- FROM THIS LINE > # $1 is the number of entries in the RPM database for the package after the step is > # executed. So in the post step, if $1 is 1, then this is the first time we've been > # installed. If its 2, we're upgrading. > # <- TO THIS LINE > %post > /sbin/ldconfig > ------------------------------------------------------------- > is in %build section. Do I need to fix this then? > - And I usually write in the order of %prep, %build, %install, %clean, > %pre, %post, %preun, and %postun (I am only saying my habit). Ok, do I need to change it then? > By the way, where is %clean section? I removed it in response to your comment #13: > - Please remove unneeded > [ "${RPM_BUILD_ROOT}" != "/" ] && [ -d ${RPM_BUILD_ROOT} ] && Should I put it back in the %clean section? > - calling ldconfig for -devel package is not needed. Yep, I'll take this out. > - I recomment to use http://trousers.sourceforge.net/ > for URL. Ok, I'll change this when I update for Makefile.in. Kent
(In reply to comment #24) > (In reply to comment #22) > > * By the way: > > - Not a big problem, however your comments > > ---------------------------------------------------------- > > %build > > %configure > > make %{?_smp_mflags} > > > > # <- FROM THIS LINE > > # $1 is the number of entries in the RPM database for the package after the > step is > > # executed. So in the post step, if $1 is 1, then this is the first time we've > been > > # installed. If its 2, we're upgrading. > > # <- TO THIS LINE > > %post > > /sbin/ldconfig > > ------------------------------------------------------------- > > is in %build section. > > Do I need to fix this then? I recomment to fix this. > > - And I usually write in the order of %prep, %build, %install, %clean, > > %pre, %post, %preun, and %postun (I am only saying my habit). > > Ok, do I need to change it then? I recomment to fix this, as this order is what rpm actually does. > > By the way, where is %clean section? > I removed it in response to your comment #13: > > > - Please remove unneeded > > [ "${RPM_BUILD_ROOT}" != "/" ] && [ -d ${RPM_BUILD_ROOT} ] && What I said is exactly ------------------------------------------------------ [ "${RPM_BUILD_ROOT}" != "/" ] && [ -d ${RPM_BUILD_ROOT} ] && ------------------------------------------------------ should be removed and I didn't say that %clean section should be removed :) > Should I put it back in the %clean section? Absolutely.
Latest fixes here: http://trousers.sourceforge.net/fedora_submit6/
I just built this as a user in my private sandbox and had no problems with that (related to the tss user/group). I also noticed that when I installed the built rpms the tcsd service was no longer started automatically. I don't see any blocking issues, but I wonder if there is a use for the trousers-static rpm that gets built? I know static libraries need to be packaged separately, but I was wondering if there were any users of these static libraries or if they could be omitted?
Well, for 0.3.1-2: ? License related issue - build.log says that * the two binaries ps_convert and ps_inspect are created, but they are not installed. ------------------------------------------------- 891 creating ps_convert 892 creating ps_inspect 893 make[1]: Leaving directory `/builddir/build/BUILD/trousers-0.3.1/tools' 894 make[1]: Entering directory `/builddir/build/BUILD/trousers-0.3.1' 895 make[1]: Nothing to be done for `all-am'. 896 make[1]: Leaving directory `/builddir/build/BUILD/trousers-0.3.1' 897 + exit 0 ------------------------------------------------- Is this okay? ! If these two binaries are not needed, it is okay. If needed, it is legally problematic. ! Patch name - Please rename the name of the patch for us to understand what the patch is for easily. * Timestamps - Please use -------------------------------------------------- make install DESTDIR=${RPM_BUILD_ROOT} INSTALL="install -p" -------------------------------------------------- to keep timestamps on installed files. While sometimes this does not work, this ususally works for most recent Makefiles. * Again %clean section - Please remove "[ "${RPM_BUILD_ROOT}" != "/" ] && [ -d ${RPM_BUILD_ROOT} ] && " again. i.e. Leave only "rm -rf ${RPM_BUILD_ROOT}" * scriptlets - What is the below part in %post for? --------------------------------------------------- if [ $? == 0 ]; then /sbin/chkconfig --level 35 tcsd on fi --------------------------------------------------- On %post $1 is not be 0 (check the section "Syntax" in http://fedoraproject.org/wiki/Packaging/ScriptletSnippets ) And actually this part is not needed as service should not be activated by default. * Documents - I think the following files can be added to %doc. ------------------------------------------------- ChangeLog -------------------------------------------------- (In reply to comment #27) > I don't see any blocking issues, but I wonder if there is a use for the > trousers-static rpm that gets built? I know static libraries need to be > packaged separately, but I was wondering if there were any users of these static > libraries or if they could be omitted? - Generally static archives should be removed. If you don't think this is not needed, please remove static archives completely.
By the way, I could not found your name in cvsextras group. Do you have to get sponsored? Please refer to http://fedoraproject.org/wiki/PackageMaintainers/HowToGetSponsored For now blocking FE-NEEDSPONSOR.
Hi Mamoru, (In reply to comment #28) > Well, for 0.3.1-2: > > ? License related issue > - build.log says that > * the two binaries ps_convert and ps_inspect are created, but > they are not installed. > ------------------------------------------------- > 891 creating ps_convert > 892 creating ps_inspect > 893 make[1]: Leaving directory `/builddir/build/BUILD/trousers-0.3.1/tools' > 894 make[1]: Entering directory `/builddir/build/BUILD/trousers-0.3.1' > 895 make[1]: Nothing to be done for `all-am'. > 896 make[1]: Leaving directory `/builddir/build/BUILD/trousers-0.3.1' > 897 + exit 0 > ------------------------------------------------- > Is this okay? > ! If these two binaries are not needed, it is okay. If needed, > it is legally problematic. Yes, this is ok. Those binaries are for converting the trousers key stores from one previous version to another. They are only needed in the case a user has been running trousers since version 0.2.1 or so. > ! Patch name > - Please rename the name of the patch for us to understand > what the patch is for easily. Oops, that was unintentional. I'll upload a new version today. > * Timestamps > - Please use > -------------------------------------------------- > make install DESTDIR=${RPM_BUILD_ROOT} INSTALL="install -p" > -------------------------------------------------- > to keep timestamps on installed files. While sometimes this does not > work, this ususally works for most recent Makefiles. No problem. > * Again %clean section > - Please remove "[ "${RPM_BUILD_ROOT}" != "/" ] && [ -d ${RPM_BUILD_ROOT} ] && " > again. > i.e. Leave only "rm -rf ${RPM_BUILD_ROOT}" Ok. > * scriptlets > - What is the below part in %post for? > --------------------------------------------------- > if [ $? == 0 ]; then > /sbin/chkconfig --level 35 tcsd on > fi > --------------------------------------------------- > On %post $1 is not be 0 (check the section "Syntax" in > http://fedoraproject.org/wiki/Packaging/ScriptletSnippets ) > And actually this part is not needed as service should not > be activated by default. Ok, I left in the --add section and ldconfig call only. > * Documents > - I think the following files can be added to %doc. > ------------------------------------------------- > ChangeLog > -------------------------------------------------- Added. > (In reply to comment #27) > > I don't see any blocking issues, but I wonder if there is a use for the > > trousers-static rpm that gets built? I know static libraries need to be > > packaged separately, but I was wondering if there were any users of these static > > libraries or if they could be omitted? > - Generally static archives should be removed. > If you don't think this is not needed, please remove static archives > completely. For completeness of the TSS itself, I'd like to at least have this available to developers. The TDDL is an interface documented by the TCG specs for use by software. Its possible that others may want to develop code against it. Thanks, Kent
(In reply to comment #28) > - Generally static archives should be removed. > If you don't think this is not needed, please remove static archives > completely. Of course this was "If you don't think this is needed", sorry........
Latest stuff is here: http://trousers.sourceforge.net/fedora_submit7/ Looks like I broke one of the submission rules. The account I have set up for the fedora submission guidelines was key.ibm.com, but I'm using yoder1.com here. I'm now waiting for a new bugzilla account to be created for my key address. Kent
I will check your newest srpm later, however please also update your srpm on bug 394941 for sponsorship process.
Ok, I'll start work on the tpm-tools stuff next. I've added the key@ account, which should be in the cvsextras group. Kent
One more thing: trousers-static.i386: E: description-line-too-long The TCG Device Driver Library (TDDL) used by the TrouSerS tcsd as the interface to This means: [tasaka1@localhost ~]$ rpmlint -I description-line-too-long description-line-too-long : Your description lines must not exceed 79 characters. If a line is exceeding this number, cut it to fit in two lines. Other things are okay. ------------------------------------------------------------------- This package (trousers) is APPROVED by me ------------------------------------------------------------------- Now I am sponsoring you. Please follow the procedure according to: http://fedoraproject.org/wiki/PackageMaintainers/Join If you want to import this package into Fedora 7/8, you also have to look at http://fedoraproject.org/wiki/Infrastructure/UpdatesSystem/Bodhi-info-DRAFT (after once you rebuilt this package on Fedora rebuilding system). If you have questions, please ask me.
Hi Mamoru, Here's the latest updated specfile/srpm w/ the static rpm fix: http://trousers.sourceforge.net/fedora_submit8/ Fedora 9 onwards only is fine with me... Thanks, Kent
Okay, please follow the "Join" wiki page written in my comment 35 to import this package into Fedora.
Hi Mamoru, After clicking submit after doing this step: http://fedoraproject.org/wiki/PackageMaintainers/CVSAdminProcedure#head-1ef2a3bc00349ad095c689ab7caf283db0e2d723 I got this message: You tried to request fedora-cvs. Only an authorized user can make this change. Was this step supposed to be done by you? Or how do I get authorized? Thanks, Kent
You mean that you tried to set fedora-cvs flag on this bug to ?, but it is refused? If so, with what mail address are you logging in bugzilla? You can't set fedora-cvs flag with yoder1_AT_ account as you are registered with key_AT accrount on FAS (Fedora Account System).
New Package CVS Request ======================= Package Name: trousers Short Description: The Open-Source TCG Software Stack Owners: key Branches: F-9 InitialCC: Cvsextras Commits: yes
F-9 is not a valid branch (yet). Do you really only want this package to go into rawhide, and not F-7 or F-8?
This fedora review request is being driven by RHIT#184785... So really I think I meant EL-5. Do F-7 and F-8 have TPM device driver support? If so, F-7 F-8 and EL-5 are fine. Kent
cvs done (F-7, F-8, EL-5) If EL-5 has TPM, then F-7+ definitely do as well.
Hi Mamoru, I was having mail trouble earlier, so sorry if this is a dupe... Is there a way I can add more ssh keys to a redhat buzilla account? I'd like to be able to do updates from more than one machine. I've looked through the account settings and help but don't see a way to do this... Kent
nm - I finally found https://admin.fedoraproject.org/accounts/
Don't forget to close this bug when rebuild and request on bodhi is done.
ping?? Please request to push trousers on F-7/8 to stable or testing by using bodhi.
Closing as this is already in devel.
Package Change Request ====================== Package Name: trousers Updated Fedora Owners: key,ejratl
Looks like you have requested co-maintainer via the pkgdb web interface... Kent: Can you approve from there? Or ack the request here?
Ack'd request for co-maintainership by ejratl.
cvs done.