This is my first package and I'm seeking a sponsor. Spec URL: http://www.fi.muni.cz/~xjakub/boinc/boinc-client.spec SRPM URL: http://www.fi.muni.cz/~xjakub/boinc/boinc-client-5.10.40-4.20080206svn.fc8.src.rpm Description: The Berkeley Open Infrastructure for Network Computing (BOINC) is a software platform for distributed computing: several initiatives of various scientific disciplines all compete for the idle time of desktop computers. BOINC will be part of the Fedora Astronomy spin. (http://fedoraproject.org/wiki/SIGs/Astronomy) The BOINC core client program is required to participate in any project that uses BOINC. A central server distributes work units and collects results via this client. When attaching a local machine to a project, it will also dynamically download the project's application program to be then wrapped by the BOINC core client.
The spec file seems correct, the package builds in mock and the program works properly. I write the Italian description, if You want include this with the other languages: %description -l it Berkeley Open Infrastructure for Network Computing (BOINC) e' una piattaforma software per il calcolo distribuito: molti progetti appartenenti a varie discipline scientifiche si appoggiano ad esso per eseguire i propri calcoli nei periodi di inattivita' del computer che lo esegue. Il BOINC core client e' richiesto per partecipare a qualsiasi progetto che usa BOINC. Un server centrale distribuisce unita' di lavoro e raccoglie i risultati tramite questo client. Quando una macchina locale viene collegate al progetto, viene scaricato in automatico l'applicazione specifica del progetto che viene eseguita tramite il wrapper del BOINC core client.
Thanks, I've added it of course! Could you provide also the Summary(it) field?
Yes, of course: Summary(it): BOINC client
I get some trouble with SELinux: SELinux denied access requested by /usr/sbin/logrotate. /var/lib/boinc/error.log may be a mislabeled. /var/lib/boinc/error.log default SELinux type is var_lib_t, while its current type is rpm_var_lib_t. SELinux denied access requested by /usr/sbin/logrotate. /var/lib/boinc/boinc.log may be a mislabeled. /var/lib/boinc/boinc.log default SELinux type is var_lib_t, while its current type is rpm_var_lib_t. This should fix the problem: restorecon /var/lib/boinc/error.log restorecon /var/lib/boinc/boinc.log These are the raw audit messages: avc: denied { getattr } for comm=logrotate dev=sda2 egid=0 euid=0 exe=/usr/sbin/logrotate exit=-13 fsgid=0 fsuid=0 gid=0 items=0 path=/var/lib/boinc/error.log pid=9513 scontext=system_u:system_r:logrotate_t:s0 sgid=0 subj=system_u:system_r:logrotate_t:s0 suid=0 tclass=file tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tty=(none) uid=0 avc: denied { getattr } for comm=logrotate dev=sda2 egid=0 euid=0 exe=/usr/sbin/logrotate exit=-13 fsgid=0 fsuid=0 gid=0 items=0 path=/var/lib/boinc/boinc.log pid=9513 scontext=system_u:system_r:logrotate_t:s0 sgid=0 subj=system_u:system_r:logrotate_t:s0 suid=0 tclass=file tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tty=(none) uid=0
Additional issues: -- rpmlint output - boinc-client.i386: W: spurious-executable-perm /usr/share/doc/boinc-client-5.10.40/checkin_notes - boinc-client.i386: W: spurious-executable-perm /usr/share/doc/boinc-client-5.10.40/checkin_notes_2006 \- no reason to have executable documentation :) - boinc-client.i386: W: file-not-utf8 /usr/share/doc/boinc-client-5.10.40/checkin_notes_2005 - boinc-client.i386: W: file-not-utf8 /usr/share/doc/boinc-client-5.10.40/checkin_notes_2004 \- these files are not in utf8, use iconv in the spec file to convert - boinc-client.i386: W: bogus-variable-use-in-%pre $RPM_BUILD_ROOT \- do not use $RPM_BUILD_ROOT in %pre environment - boinc-client.i386: W: service-default-enabled /etc/rc.d/init.d/boinc-client \- it's not recommenced to have service enabled by default, user should decide if he wants to enable it or not (imho) - boinc-client.i386: E: missing-mandatory-lsb-keyword Short-Description in /etc/rc.d/init.d/boinc-client - boinc-client.i386: W: service-default-enabled /etc/rc.d/init.d/boinc-client - boinc-client.i386: W: no-reload-entry /etc/rc.d/init.d/boinc-client - boinc-client.i386: E: subsys-not-used /etc/rc.d/init.d/boinc-client \- http://fedoraproject.org/wiki/PackagingDrafts/SysVInitScript draft only but it can help to resolve it -- sources contains .svn directories \- use svn export instead of svn checkout -- translations are a good idea, but it's more elegant to translate it via specspo once the spec file is imported \- http://translate.fedoraproject.org/module/specspo
Ooops, it seems that I've run rpmlint only on the spec file:( All the things should be fixed; the translations have been removed, I'll add them later via specspo as you suggest. Just a remark to this: >- boinc-client.i386: E: subsys-not-used /etc/rc.d/init.d/boinc-client This is actually a rpmlint issue. The init script used the subsys directory, however its path has been composed from the lockfile's name and lockfile's directory ($LOCKDIR) while rpmlint checks whether there is a string "/var/lock/subsys/<lockfile>" in the init script (using a regex). Maybe it would be enough to check whether there is only the directory path ("/var/lock/subsys")? Anyway I've changed the init script so that rpmlint is silent. New SPEC file and SRPM: http://www.fi.muni.cz/~xjakub/boinc/boinc-client.spec http://www.fi.muni.cz/~xjakub/boinc/boinc-client-5.10.40-5.20080206svn.fc8.src.rpm
This does not build on dist-f9, at least on i386. http://koji.fedoraproject.org/koji/taskinfo?taskID=471083 http://koji.fedoraproject.org/koji/getfile?taskID=471086&name=build.log It seems that most (all?) error was caused by missing headers like "#include <cstring>" or so.
You're right (all the errors were caused by missing headers). I've created a patch for this (and also sent it to upstream). New SPEC file and SRPM: http://www.fi.muni.cz/~xjakub/boinc/boinc-client-5.10.40-6.20080206svn.fc8.src.rpm http://www.fi.muni.cz/~xjakub/boinc/boinc-client.spec Koji scratch builds: dist-F9: http://koji.fedoraproject.org/koji/taskinfo?taskID=472787 dist-F8: http://koji.fedoraproject.org/koji/taskinfo?taskID=471367
Well, for 5.10.40-6: * %pre script ------------------------------------------------------ [ -x /etc/init.d/boinc-client ] && /sbin/service boinc-client stop ------------------------------------------------------ - This line is not needed, and actually this is problematic because with this script boinc-client stops every time boinc-client is upgraded. * /sbin/ldconfig ------------------------------------------------------ %post devel -p /sbin/ldconfig %postun devel -p /sbin/ldconfig ------------------------------------------------------ - These are not needed * Macros usage - Please unify macros usage. For example: ------------------------------------------------------ mv $RPM_BUILD_ROOT%{_bindir}/ca-bundle.crt \ $RPM_BUILD_ROOT%{_localstatedir}/lib/boinc ....... ^^^^^^^^^^^^^^^^^ /sbin/restorecon /var/lib/boinc/error.log ^^^^^^^ ------------------------------------------------------ * Directory ownership issue - %_localstatedir/lib/boinc is not owned by any package. * Dependency for -devel subpackage - Please check the dependency for -devel package. For example, %_includedir/BOINC/crypt.h contains: ------------------------------------------------------ 28 #if !(defined(USE_OPENSSL) || defined(USE_RSAEURO)) 29 #define USE_OPENSSL 1 30 //#define USE_RSAEURO 1 31 #endif 43 #ifdef USE_OPENSSL 44 #include <openssl/rsa.h> ------------------------------------------------------ This means -devel subpackage should have: "Requires: openssl-devel" (here I am not mentioning about BuildRequires).
>* %pre script >------------------------------------------------------ >[ -x /etc/init.d/boinc-client ] && /sbin/service boinc-client stop >------------------------------------------------------ > - This line is not needed, and actually this is problematic > because with this script boinc-client stops every time > boinc-client is upgraded. Oh yes, this is a relict from previous versions where the service was enabled by default. Removed. >* /sbin/ldconfig >------------------------------------------------------ >%post devel -p /sbin/ldconfig >%postun devel -p /sbin/ldconfig >------------------------------------------------------ > - These are not needed Fixed. >* Macros usage > - Please unify macros usage. For example: >------------------------------------------------------ >mv $RPM_BUILD_ROOT%{_bindir}/ca-bundle.crt \ > $RPM_BUILD_ROOT%{_localstatedir}/lib/boinc >....... ^^^^^^^^^^^^^^^^^ >/sbin/restorecon /var/lib/boinc/error.log > ^^^^^^^ >------------------------------------------------------ Fixed, hope in all (3?) occurrences. >* Directory ownership issue > - %_localstatedir/lib/boinc is not owned by any package. Fixed. >* Dependency for -devel subpackage > - Please check the dependency for -devel package. > For example, %_includedir/BOINC/crypt.h contains: >------------------------------------------------------ > 28 #if !(defined(USE_OPENSSL) || defined(USE_RSAEURO)) > 29 #define USE_OPENSSL 1 > 30 //#define USE_RSAEURO 1 > 31 #endif > 43 #ifdef USE_OPENSSL > 44 #include <openssl/rsa.h> >------------------------------------------------------ > This means -devel subpackage should have: > "Requires: openssl-devel" (here I am not mentioning about > BuildRequires). I see, I went through the headers using a (foolish) script: cd /usr/share/BOINC for HEADER in `grep "#include" * | sed -e '/\".*\.h\"/d' -e 's/^.*<\([^.]*\).*>.*/\/usr\/include\/\1\.h/g'`; do rpm -qf $HEADER; done And it seems that this was the only missing Requires. Just hope I didn't miss anything. Thanks for all remarks! New SPEC file and SRPM: http://www.fi.muni.cz/~xjakub/boinc/boinc-client-5.10.40-7.20080206svn.fc8.src.rpm http://www.fi.muni.cz/~xjakub/boinc/boinc-client.spec
For 5.10.40-7: * Source - BTW what are Source8-10 for? * Dependency for -devel subpackage - One more: From %{_includedir}/BOINC/db_base.h: ------------------------------------------------------- 23 #include <mysql.h> ------------------------------------------------------- Other things seem okay. Then as this is NEEDSPONSOR ticket: (I am checking this review request as one of the sponsor members) ------------------------------------------------------------- NOTE: Before being sponsored: This package will be accepted with another few work. But before I accept this package, someone (I am a candidate) must sponsor you. Once you are sponsored, you have the right to review other submitters' review requests and approve the packages formally. For this reason, the person who want to be sponsored (like you) are required to "show that you have an understanding of the process and of the packaging guidelines" as is described on : http://fedoraproject.org/wiki/PackageMaintainers/HowToGetSponsored Usually there are two ways to show this. A. submit other review requests with enough quality. B. Do a "pre-review" of other person's review request (at the time you are not sponsored, you cannot do a formal review) When you have submitted a new review request or have pre-reviewed other person's review request, please write the bug number on this bug report so that I can check your comments or review request. Fedora package collection review requests which are waiting for someone to review can be checked on: http://fedoraproject.org/PackageReviewStatus/NEW.html (NOTE: please don't choose "Merge Review") Review guidelines are described mainly on: http://fedoraproject.org/wiki/Packaging/ReviewGuidelines http://fedoraproject.org/wiki/Packaging/Guidelines http://fedoraproject.org/wiki/Packaging/ScriptletSnippets ------------------------------------------------------------
>* Source > - BTW what are Source8-10 for? > It's explained in the comment at the beginning of the SPEC file and also in the changelog. Source8: trim Trims the sources for binaries and third-party source code which is already packaged for fedora (openssl, curl, ...). Source9: noexec Removes execute rights from some documentation files. Source10: unicode Converts some of the documentation files to utf8. Is there any better way how to do these things? >* Dependency for -devel subpackage > - One more: > From %{_includedir}/BOINC/db_base.h: >------------------------------------------------------- > 23 #include <mysql.h> Fixed, thanks. New SPEC file and SRPM: http://www.fi.muni.cz/~xjakub/boinc/boinc-client-5.10.40-8.20080206svn.fc8.src.rpm http://www.fi.muni.cz/~xjakub/boinc/boinc-client.spec I've posted two new review requests: https://bugzilla.redhat.com/show_bug.cgi?id=436753 https://bugzilla.redhat.com/show_bug.cgi?id=436754 And done two small review remarks: https://bugzilla.redhat.com/show_bug.cgi?id=435598 https://bugzilla.redhat.com/show_bug.cgi?id=394871 Thanks in advance for your goodwill, time and patience:)
Umm.. I don't know why I didn't notice before, however for 5.10.40-8: * compilation flags - From build.log: ---------------------------------------------------------------------------------- 1215 make[2]: Entering directory `/builddir/build/BUILD/boinc_core_release_5_10_40/client' 1216 g++ -DHAVE_CONFIG_H -I. -I.. -O3 -fomit-frame-pointer -fforce-addr -ffast-math -I../lib -I../api -I../db -I../client -I../tools -I../sched -I../lib/mac -I/usr/include/mysql -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -fno-strict-aliasing -fwrapv -pthread -I../lib -I../api -I../db -I../client -I../tools -I../sched -I../lib/mac -I/usr/include/mysql -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -fno-strict-aliasing -fwrapv -pthread -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -I/usr/include -I/usr/include/openssl -pthread -MT boinc_client-acct_mgr.o -MD -MP -MF .deps/boinc_client-acct_mgr.Tpo -c -o boinc_client-acct_mgr.o `test -f 'acct_mgr.C' || echo './'`acct_mgr.C --------------------------------------------------------------------------------- Here: - Fedora does not allow -fomit-frame-pointer because this option makes debugging difficult - Also, -ffast-math is discouraged because this changes precision of calculation, which may make debugging difficult. * restorecon --------------------------------------------------------------------------------- %post /sbin/restorecon %{_localstatedir}/lib/boinc/error.log /sbin/restorecon %{_localstatedir}/lib/boinc/boinc.log --------------------------------------------------------------------------------- - First of all, these two files are not owned by any packages --------------------------------------------------------------------------------- $ LANG=C rpm -qf /var/lib/boinc/error.log file /var/lib/boinc/error.log is not owned by any package ---------------------------------------------------------------------------------- - Well, I am not familiar with SELinux, however: * at the first time boinc-client is installed, these two files do not exist. So restorerecon does not do anything. * Then sysadmin activates boinc-client service. At this stage SELinux shows AVC denial? (I turn SELinux off...) I guess the best way to solve SELinux issue is to ask Dan Walsh for help after this review is passed?
<offtopic> Milos, Dan Walsh will come to our town in two weeks and even he's giving a presentation about SELinux at your university FI.MUNI on Thursday 27.03 (D3, 14:00 - 16:00). </offtopic>
> * compilation flags Fixed (as Patch1). Shouldn't this be mentioned somewhere (in best case directly at http://fedoraproject.org/wiki/Packaging/Guidelines)? I haven't found it anywhere... > * restorecon Now I touch both of those files (boinc.log, error.log) in the %install section and later change their SELinux file_type from var_lib_t to var_log_t (following http://fedoraproject.org/wiki/PackagingDrafts/SELinux). I noticed that the majority of files handled by logrotate has this file_type (because they're in /var/log which is of course much more correct). The problem for me with this issue is that it is hard to reproduce. On my own PC it happened only once that setroubleshoot complained about accessing those files and even running logrotate manually (with --force) works fine (files are rotated, no SELinux trouble). NOTE: Before updating to this package, please remove error.log and boinc.log! Otherwise the relabeling doesn't work (don't know why) and both files remain as var_lib_t. If this will work, I'll change the location of both logfiles from /var/lib/boinc directly to /var/log so that we can get rid of additional dependency on policycoreutils (and from a logical point of view this is also the appropriate place to store logfiles, IMHO). New SPEC file and SRPM: http://www.fi.muni.cz/~xjakub/boinc/boinc-client-5.10.45-1.20080315svn.fc8.src.rpm http://www.fi.muni.cz/~xjakub/boinc/boinc-client.spec
Sorry, the previous release is ugly: I just found out a typo in the semanage command (causing also the issue in the previous "NOTE:" which you can safely ignore now). And also touching the logfiles has been substituted by echoing a short text into them as rpmlint complains about installing empty files. And finally also the patch has been created before propagating the gcc flags via the _autosetup script, so some of them haven't been patched. This is fixed now too. New SPEC file and SRPM: http://www.fi.muni.cz/~xjakub/boinc/boinc-client-5.10.45-2.20080315svn.fc8.src.rpm http://www.fi.muni.cz/~xjakub/boinc/boinc-client.spec
Well, for 5.10.45-2: * File lists/scriptlet order for log files under %_localstatedir/log/boinc ---------------------------------------------------------------- %postun # SELinux support if [ $1 -eq 0 ]; then # final removal semanage fcontext -d -t var_log_t %{_localstatedir}/lib/boinc/.*\.log 2>/dev/null || : fi ---------------------------------------------------------------- - As %_localstatedir/lib/boinc is in %files lists, at %postun %_localstatedir/lib/boinc/{boinc,error}.log are already deleted at this time. Then: - Should {boinc,error}.log be removed at final removal? If not (for example, you think that some sysadmins don't want to have those log files automatically deleted), then these 2 files should not be in %files list <-> But this contradicts my comment 13... i.e. if these two files are not in %files list, then when boinc_client is installed at first time these two files does not exists, then semanage or restorecon on %post does nothing... - If you think these two files can be removed at final removal, then the above scriptlet is not needed.
>- As %_localstatedir/lib/boinc is in %files lists, at %postun > %_localstatedir/lib/boinc/{boinc,error}.log are already deleted > at this time. But that's not a problem, is it? The command proceeds and succeeds without the files too and I find it correct to delete the rule when the package has been removed. It is also the recommended way mentioned in http://fedoraproject.org/wiki/PackagingDrafts/SELinux (I know it's a draft, but...). Obviously it just deletes the corresponding line in /etc/selinux/targeted/contexts/files/file_contexts.local >Then: > - Should {boinc,error}.log be removed at final removal? Yes, they should, _for_now_. As I wrote in the previous comment, when fixing the SELinux filetype solves the SELinux troubles with boinc, I'll move both of the logfiles directly to /var/log, remove them from the %files list and also remove all the SELinux related commands and dependency on policycoreutils. I find it so more proper (logs should be under /var/log, especially when SELinux targeted policy expects logrotate to rotate logs in that directory), second, we can get rid of additional dependency and third as the logs won't be in the %files section, they will remain after uninstallation (what I prefer). I'm waiting for some feedback, especially from Francesco who reported the problem. On the machines I can test it (4 pcs) I haven't seen any SELinux problems with 5.10.45-2 as far. > - If you think these two files can be removed at final removal, > then the above scriptlet is not needed. Why? As I expressed above, I find it correct to remove the rules and don't leave "garbage" after uninstallation.
It' seem ok, I try the new version and i didn't get any error from selinux.
Some informal review hints done at https://bugzilla.redhat.com/show_bug.cgi?id=438575.
> It' seem ok, I try the new version and i didn't get any error from selinux. Great, thanks for quick response! So I definitely moved the logs directly to /var/log. New SPEC file and SRPM: http://www.fi.muni.cz/~xjakub/boinc/boinc-client-5.10.45-3.20080315svn.fc8.src.rpm http://www.fi.muni.cz/~xjakub/boinc/boinc-client.spec
Okay. One trivial issue: ----------------------------------------------------------------------- useradd -r -g boinc -d /%{_localstatedir}/lib/boinc -s /sbin/nologin \ ^^^^ -c "BOINC client account." boinc ----------------------------------------------------------------------- %{_localstatedir}/lib/boinc is enough (%_localstatedir is expanded to %_var) - This package itself is okay - Your pre-review seems good for initial comments ------------------------------------------------------------------------ This package (boinc-client) is APPROVED by me ------------------------------------------------------------------------- Please follow the procedure written on: http://fedoraproject.org/wiki/PackageMaintainers/Join from "Get a Fedora Account". It seems that the procedure of CLA signing seems a bit changed. At a point a mail should be sent to sponsor members which notifies that you need a sponsor. At the stage, please also write on this bug for confirmation that you requested for sponsorship and your FAS (Fedora Account System) name. Then I will sponsor you. If you want to import this package into Fedora 7/8, you also have to look at http://fedoraproject.org/wiki/Infrastructure/UpdatesSystem/Bodhi-info-DRAFT (after once you rebuilt this package on koji Fedora rebuilding system). If you have questions, please ask me.
>Okay. > >One trivial issue: >----------------------------------------------------------------------- >useradd -r -g boinc -d /%{_localstatedir}/lib/boinc -s /sbin/nologin \ > ^^^^ > -c "BOINC client account." boinc Fixed, thanks! New SPEC file and SRPM: http://www.fi.muni.cz/~xjakub/boinc/boinc-client-5.10.45-4.20080315svn.fc8.src.rpm http://www.fi.muni.cz/~xjakub/boinc/boinc-client.spec I've already had a FAS account, now I applied for the "cvsextras" and "fedorabugs" group according to the procedure described on the wiki. My FAS name is "mjakubicek".
Now I should be sponsoring you. Please follow "Join" wiki again.
Thanks again! New Package CVS Request ======================= Package Name: boinc-client Short Description: A platform for distributed computing Owners: mjakubicek Branches: F-7 F-8 InitialCC: Cvsextras Commits: yes
cvs done.
Package Change Request ====================== Package Name: boinc-client New Branches: EL-5 Owners: mjakubicek