Bug 438665 - Contains files owned by buildsystem
Contains files owned by buildsystem
Product: Fedora
Classification: Fedora
Component: freeradius (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: John Dennis
Fedora Extras Quality Assurance
: 442696 446597 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2008-03-24 06:35 EDT by Enrico Scholz
Modified: 2008-05-18 13:51 EDT (History)
3 users (show)

See Also:
Fixed In Version: freeradius-2.0.3-1.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-17 14:20:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Enrico Scholz 2008-03-24 06:35:23 EDT
Description of problem:

| $ rpm -qlpv /tmp/freeradius-2.0.2-2.fc9.i386.rpm
| drwxr-x---    2 mockbuilradiusd             0 Mar 18 18:17 /etc/raddb
| drwxr-x---    2 mockbuilradiusd             0 Mar 18 18:17 /etc/raddb/certs
| ...

This can become a security problem when 'mockbuild' user exists in the system.

It is caused by

| %attr(640,-,radiusd)

like tags.

Version-Release number of selected component (if applicable):

Comment 1 John Dennis 2008-03-24 11:45:25 EDT
Thank you Enrico for reporting this, I'll fix it immediately.

The new 2.x version of FreeRADIUS had a lot of changes and although I "ported"
the spec file to upgrade to the new version I never had a chance to actually
test the result and carefully go over it, something I wanted to do before
building it into rawhide. In the interim someone else did build it into rawhide
which I was surprised by. So, I'm wondering, have you exercised the package and
if so do you have any other feedback?
Comment 2 Enrico Scholz 2008-03-24 13:17:19 EDT
I like the new packaging concept as it helps to slim down dependencies.
After first installation (of only the base package), I got an error due
to a missing database (mysql???) configuration file which is included
by the default configuration but shipped in a subpackage.

Then, I dislike the 'Requires: net-snmp net-snmp-utils' because it
adds an heavy dependency tree (perl).

Some other notes:

* '%files utils' is missing %defattr()

* are all the explicit

  | Requires: krb5-libs
  | Requires: python-libs
  | Requires: perl-libs

  really needed? Usually, they are deprecated as rpm generates them

* are

  | Requires: mysql
  | Requires: openldap

  really needed? These packages contain management utilities for the
  databases, but freeradius needs only the libs (afais)

* to prevent version mix between the various subpackages, I would add
  some explicit

  | Requires: %name-libs = %version-%release

  to (all?) subpackages.

* I would write

  | BuildRequires: /usr/bin/perlcc

  instead of

  | BuildRequires: perl-devel

  to make it build both on e.g. RHEL5 and F8+

* CVS tree needs some cleanup of old patches
Comment 3 John Dennis 2008-04-17 14:17:04 EDT
*** Bug 442696 has been marked as a duplicate of this bug. ***
Comment 4 John Dennis 2008-04-17 14:20:52 EDT
I incorporated several of your suggestions, thank you. At the same time the
package was upgraded to the current 2.0.3 upstream. MySQL, Postgresql, & LDAP
were further factored out in the dialup-admin package.
Comment 5 John Dennis 2008-05-15 11:37:17 EDT
*** Bug 446597 has been marked as a duplicate of this bug. ***
Comment 6 Fedora Update System 2008-05-15 14:32:59 EDT
freeradius-2.0.3-2.fc9 has been submitted as an update for Fedora 9
Comment 7 Fedora Update System 2008-05-17 18:17:40 EDT
freeradius-2.0.3-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Mads Kiilerich 2008-05-18 13:51:03 EDT
I would say that the problem still persist - only slightly changed. Please reopen.

[root@localhost ~]# rpm -ihv freeradius-2.0.3-3.fc9.i386.rpm 
Preparing...                ########################################### [100%]
   1:freeradius             warning: group radiusd does not exist - using root
warning: user radiusd does not exist - using root
warning: group radiusd does not exist - using root
/bin/chown: invalid user: `radiusd.radiusd'

I can see that preinstall says to create the radiusd user and group, and if it
worked I assume that the problem would be solved. If the user and group exists
before installing then it will succeed.

User creation in preinstall has been totally muted with "> /dev/null 2>&1 || :",
so I can't see how/why it failed - or if it was run at all. I would say that
user creation shouldn't be muted; I wan't to know when something goes wrong. And
useradd is quiet on success. The packaging guidelines might however say
something different...

Another explanation could be that rpm for some reason doesn't run the preinstall

Note You need to log in before you can comment on or make changes to this bug.