Spec URL: ftp://ftp.xelerance.com/unbound/unbound.spec SRPM URL: tp://ftp.xelerance.com/unbound/unbound-1.0.0-1.src.rpm Description: Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. output from rpmlint: unbound.x86_64: E: non-standard-uid /var/unbound unbound unbound.x86_64: E: non-standard-gid /var/unbound unbound unbound.x86_64: E: non-standard-dir-perm /var/unbound 0700 unbound.x86_64: E: non-standard-uid /var/unbound/unbound.conf unbound unbound.x86_64: E: non-standard-gid /var/unbound/unbound.conf unbound unbound.x86_64: W: non-standard-dir-in-var unbound unbound.x86_64: W: dangerous-command-in-%preun rm unbound.x86_64: W: incoherent-subsys /etc/rc.d/init.d/unbound $prog Currently talking to upstream about the problem of including a static ldns shipped with unbound, versus using the real standaline ldns. The dangerous rm in %preun is the chroot /var/unbound getting cleaned up. The chroot() is currently somewhat variable, eg needing the real /etc/resolv.conf, which is manipulated in the init script, since hard links might not work across /etc/ and /var I am not sure about the incoherent-subsys warning. It seems similar to other packages used. Using prog=$(basename $exec) did not help.
ldns 1.3.x is required, but not yet released by upstream. So once that is released and updated in fedora (I am the ldns maintainer), the static lib issue will go away.
ldns 1.3.0 (prerelease) addressed these problems, and the build now uses the installed ldns properly. I've uploaded new rpm and spec file: Spec URL: ftp://ftp.xelerance.com/unbound/unbound.spec SRPM URL: ftp://ftp.xelerance.com/unbound/unbound-1.0.0-2.fc9.src.rpm ldns-1.3.0 should make it in the repo in the next day or so when upstream releases it. currently rpmlint says: unbound.x86_64: E: non-standard-uid /var/unbound unbound unbound.x86_64: E: non-standard-gid /var/unbound unbound unbound.x86_64: E: non-standard-uid /var/unbound/unbound.conf unbound unbound.x86_64: E: non-standard-gid /var/unbound/unbound.conf unbound unbound.x86_64: W: non-standard-dir-in-var unbound unbound.x86_64: W: dangerous-command-in-%preun rm unbound.x86_64: W: incoherent-subsys /etc/rc.d/init.d/unbound $prog I am not sure about the incoherent-subsys error.....
updated to 1.0.1 Spec URL: ftp://ftp.xelerance.com/unbound/unbound.spec SRPM URL: ftp://ftp.xelerance.com/unbound/unbound-1.0.1-1.fc9.src.rpm
It would be nice to have this software in Fedora. I'm going to take care about review.
rpmlint output: unbound.x86_64: W: non-standard-uid /var/unbound unbound unbound.x86_64: W: non-standard-gid /var/unbound unbound unbound.x86_64: W: non-standard-uid /var/unbound/unbound.conf unbound unbound.x86_64: W: non-standard-gid /var/unbound/unbound.conf unbound unbound.x86_64: W: non-standard-dir-in-var unbound unbound.x86_64: W: incoherent-subsys /etc/rc.d/init.d/unbound $prog ^^ OK unbound.x86_64: W: dangerous-command-in-%preun rm Why do you have to call rm? I think rpm could handle remove of such directories automatically. build process: you could see something like Depend daemon/daemon.c Depend daemon/acl_list.c Build services/listen_dnsport.c Build services/localzone.c Is it intentional that gcc parameters are not written to output? It doesn't look fine for me. spec file: is it really needed ship static libunbound.a library?
Hi, I missed the emails telling me someone was reviewing this. Sorry. I've updated unbound to version 1.0.2 Spec URL: ftp://ftp.xelerance.com/unbound/unbound.spec SRPM URL: ftp://ftp.xelerance.com/unbound/unbound-1.0.2-1.fc9.src.rpm As for your comments: - hiding the gcc command is what upstream does. It is not something we do. - the rm command is used because unbound creates these files on startup. I will look into pre-creating these as part of the package, so they are removed when the package is uninstalled without using the rm command manually. - the static library does not need shipping in the -devel package, i remove it in the next release
I'll also update the user addition scheme to comply with the new packaging guidelines.
(In reply to comment #6) > - the static library does not need shipping in the -devel package, i remove it > in the next release MUSTFIX: There is shared libunbound, so you must not ship it as part of the -devel package. If you really feel you must ship static libs (feel strongly encouraged not to do so), move the lib*.a to a -static package. MUSTFIX: /var/unbound violates the FHS. Check the FHS for details, but this likely should be /var/lib/unbound.
I've fixed up all issues and created a new release. rmplint now only shows: unbound.x86_64: W: non-standard-uid /var/run/unbound unbound unbound.x86_64: W: non-standard-gid /var/run/unbound unbound Spec URL: ftp://ftp.xelerance.com/unbound/unbound.spec SRPM URL: ftp://ftp.xelerance.com/unbound/unbound-1.0.2-2.fc9.src.rpm initscript: ftp://ftp.xelerance.com/unbound/unbound.init
source files match upstream: YES package meets naming and versioning guidelines: YES specfile is properly named, is cleanly written and uses macros consistently: YES dist tag is present: YES build root is correct: YES license field matches the actual license: YES license is open source-compatible: YES (BSD) License text included in package: YES latest version is being packaged: YES BuildRequires are proper: YES compiler flags are appropriate: NO - look on http://people.redhat.com/atkac/unbound-build.patch. I think that patch should be included in main source. It shows build parameters %clean is present: YES package builds in mock (Rawhide/x86_64): YES debuginfo package looks complete: YES rpmlint is silent: OK (messages written below are fine) unbound.x86_64: W: non-standard-uid /var/run/unbound unbound unbound.x86_64: W: non-standard-gid /var/run/unbound unbound final provides and requires look sane: OK %check is present and all tests pass: OK (check is not present) no shared libraries are added to the regular linker search paths: NO - it seems that it is possible write "clients" for unbound. Due this reason I think the best will be create unbound-libs subpackage which will contain libunbound.so.0 and libunbound.so.0.14.0 libraries owns the directories it creates: YES doesn't own any directories it shouldn't: YES no duplicates in %files: YES file permissions are appropriate: VERIFY - isn't better to make configuration files and chroot non-readable by "others"? scriptlets: NO - I think you should add unbound group as well. Look on https://fedoraproject.org/wiki/Packaging/UsersAndGroups Please correct/explain problematic points written above.
- I've changed the make command to run with QUIET=no, so it does not require a patch. - the chroot contains no secret information, and is just there for security in case the unbound process would get compromised with a buffer overflow. Since there is nothing to hide, using world-readable seems appropriate. - I've created a separate libs package as you recommended - I've added the unbound group Spec URL: ftp://ftp.xelerance.com/unbound/unbound.spec SRPM URL: ftp://ftp.xelerance.com/unbound/unbound-1.0.2-3.fc9.src.rpm initscript: ftp://ftp.xelerance.com/unbound/unbound.init
All problems were fixed except one - compiler flags: http://fedoraproject.org/wiki/Packaging/Guidelines#Compiler_flags "Standard" approach %build export CFLAGS=$RPM_OPT_FLAGS ./configure doesn't pass CFLAGS to gcc, I don't know why. But something like sed -i 's/CFLAGS=@CFLAGS@/CFLAGS=@CFLAGS@ '"$RPM_OPT_FLAGS"'/' Makefile.in works. I recommend put %configure command to build section (but it isn't needed). Otherwise all looks fine for me.
Ahh, i see. I used: %{__make} CFLAGS="$RPM_OPT_FLAGS" QUIET=no %{?_smp_mflags} Which seems to work, but causes a previous warning to be an error now. So I'll have to make a patch :)
Just for CFLAGS issue (In reply to comment #12) > %build > export CFLAGS=$RPM_OPT_FLAGS > ./configure > > doesn't pass CFLAGS to gcc, I don't know why. Because configure.ac contains: --------------------------------------------------------------- 35 36 CFLAGS= 37 AC_AIX --------------------------------------------------------------- The line 36 is the culprit. --------------------------------------------------------------- sed -i.cflags -e '/^CFLAGS=$/d' configure --------------------------------------------------------------- before calling %configure will save CFLAGS.
Ahh, we lost -D_GNU_SOURCE. I added this to the make line, since it seems it is the only part of CFLAGS that we lose. I also disabled interface-automatic, as this caused unbound to listen on 0.0.0.0 and ::0 instead of just localhost. Spec URL: ftp://ftp.xelerance.com/unbound/unbound.spec SRPM URL: ftp://ftp.xelerance.com/unbound/unbound-1.0.2-4.fc9.src.rpm initscript: ftp://ftp.xelerance.com/unbound/unbound.init
Spec URL: ftp://ftp.xelerance.com/unbound/unbound.spec SRPM URL: ftp://ftp.xelerance.com/unbound/unbound-1.0.2-5.fc9.src.rpm initscript: ftp://ftp.xelerance.com/unbound/unbound.init * Wed Oct 22 2008 Paul Wouters <paul> - 1.0.2-5 - Only call ldconfig in -libs package - Move configure into build section - devel subpackage should only depend on libs subpackage
All problems written in previous comments are fixed (especially from comment #10 which contains detail review steps). Reviewed
New Package CVS Request ======================= Package Name: unbound Short Description: Validating, recursive, and caching DNS(SEC) resolver Owners: pwouters Branches: F-10 F-9 EL-5 InitialCC:
cvs done.