Red Hat Bugzilla – Bug 437686
Build awstats on EPEL4
Last modified: 2012-03-01 15:02:34 EST
I branched awstats for EPEL4 a while ago
However I have not built it yet due to getting stuck with SELinux issues
This bug is a tracker about building it on EPEL4 and the outstanding issues to
get it built.
Here's what I asked Aurelien when I first branched it. Anyone else who can help
please do :-) Otherwise, I could consider releasing it (for now) without any
SELinux support - better than nothing:
"EL-4 is a bit more difficult from the SELinux point of view, because
it's so old. Recent versions of awstats work OK with SELinux turned off,
but it would be better for the package to support SELinux. However even
the FC-5 package (before you split off -selinux) doesn't work, because
EL4 doesn't seem to have "semanage". Do you think it's enough to just do
the "chcon" in %post?"
To give an update, since nobody has stepped forward to help with SELinux policy,
I tried to put together a package which just did the very basic stuff (chcon at
install time, a README that warns if you relabel your filesystem it will break).
The result are at:
Any testing would be welcome, not least because my EL-4 test VM is dead right now.
However, rpmlint on F-8 complains about the above package wrt SELinux:
awstats.noarch: E: forbidden-selinux-command-in-%post chcon
I understand why it's not a good idea for recent distros but I wonder how
"forbidden" it really is for an old distro where we didn't have policytool etc.
All comments/test results etc. welcome.
I have now briefly tested this myself on a clean CentOS 4 machine with SELinux enabled and it seems to work without causing any SELinux violations.
Are the cc'd people still interested in seeing this in EPEL? Really, feedback of any sort would be great :-)
Definitely still interested, and grateful for all your work, Tim. I apologize for not having done any testing of it yet myself.
Thanks, Max. I should add that the above packages are not patched against a recent awstats security issue (XSS). (All the more reason to have easily-updateable packages, really :-) So test with caution. At the point this package goes into EPEL I will patch it up like the EL-5 package which is already live.
Thanks for the work Tim. Sorry for not testing before hand.. had been busy with other stuff. If you want a tester for the awstats update please let me know and I will pull down and put onto server.
Stephen, I'm not sure what update you mean but in any case to everyone: here is an updated awstats package which is patched against the recent security issue:
Due to the fact that since I originally created this branch, I've now retired the EL-4 machines on which I would have used this, it doesn't seem sensible for me to push this into EPEL 4 especially at this relatively late stage in the EL-4 cycle. If anyone would like to take the branch and nurture it, they would be very welcome - otherwise I will close it.
I am willing to test/run for EL4 (I still have El4 servers.)
OK, well I've checked the work I've done to date into CVS. I've released ownership in the Package DB if you would like to add yourself.
N.B. that I have updates to 6.9 ready to roll for EL-5 (as per https://www.redhat.com/archives/epel-devel-list/2009-May/msg00032.html) and I would think these can be readily applied to EL-4.
EPEL-4 has reached end of life and is no longer supported.
Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug.