Spec URL: http://abartlet.net/heimdal-rpm/heimdal.spec SRPM URL: http://abartlet.net/heimdal-rpm/heimdal-1.2-1.src.rpm Description: Heimdal is a Kerberos distribution, distinct from MIT's krb5. Heimdal is a free implementation of Kerberos 5. The goals are to: - have an implementation that can be freely used by anyone - be protocol compatible with existing implementations and, if not in conflict, with RFC 1510 (and any future updated RFC) - be reasonably compatible with the M.I.T Kerberos V5 API - have support for Kerberos V5 over GSS-API (RFC1964) - include enough backwards compatibility with Kerberos V4 - IPv6 support I'm packaging it for Fedora because I would like Samba4 to depend on a system-provided krb5, rather than rely on it's internal copy of Heimdal. (I also happen to think it's a better Kerberos package :-)
The manual says it's not recommended to start kadmind from xinetd. I guess replacing the xinetd conf with an init script would be in order. http://www.h5l.org/manual/HEAD/info/heimdal.html#Remote-administration The binaries are going to be after the MIT Kerberos binaries in the PATH. I'm not sure if that matters much one way or the other. Is there going to be a conflict with krb5-debuginfo regarding libkrb5.so.debug?
I can help review this (and the rest of the samba4/libmapi stack as time permits). I'm Cc'ing the krb5 maintainer (nalin) for comments too (on parallel-installability, potential gotchas, etc).
A few initial (minor) comments: 1. BuildRoot doesn't match any of those recommnded in packaging guidelines. 2. in -libs, Requires(preun,post): info, /sbin/install-info is extraneous, Requires(...): /sbin/install-info is sufficient 3. -clients: Groups: Networking/Other isn't used in Fedora. maybe use something like (matching krb5-workstation-clients): Group: System Environment/Base while you're at it, maybe also consider using a subpkg name -workstation-clients to match krb5 as well. 4. Consider using %{?dist} tag in Release, something like: Release: 1%{?dist} Submitted a scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=707572 failed. 5. looks like missing deps, per: xnlock.c:18:28: error: X11/StringDefs.h: No such file or directory xnlock.c:19:27: error: X11/Intrinsic.h: No such file or directory xnlock.c:21:23: error: X11/Shell.h: No such file or directory so, add BuildRequires: libXt-devel 6. build failed again with Installed (but unpackaged) file(s) found: /usr/share/info/dir.gz so, need to remove that in %install (or otherwise omit from packaging) 7. shlibs. I noticed -libs includes all shlibs, but libkdc.so.*, libhdb.so.* and libkadm5srv.so.* are (also) included in -server. On purpose or oversight? 8. -devel installs a pkgconfig file, so this subpkg should include Requires: pkgconfig fixed 5,6 submitted new build: http://koji.fedoraproject.org/koji/taskinfo?taskID=707650
build finished, rpmlint output (on x86_64 binaries): $ rpmlint *.rpm heimdal-devel.x86_64: E: only-non-binary-in-usr-lib heimdal-server.x86_64: E: non-readable /var/lib/heimdal/kadmind.acl 0600 heimdal-server.x86_64: E: description-line-too-long This package contains the KDC, and associated services such as kpasswdd and kadmind 4 packages and 0 specfiles checked; 3 errors, 0 warnings.
For 7, these shared libs are for the KDC, so I figured they belonged there, or in s -server-libs (but that seemed like overkill). Samba4 will be linking against libkdc. I'll look at the other issues and some other feedback I have got, and provide an updated spec (based on what you left in koji, I hope).
I think I've addressed most of these concerns with a new spec file and SRPM at http://abartlet.net/heimdal-rpm
(This is not a formal review, Rex is doing that and besides neither me nor Andrew is sponsored.) $ rpmlint dl/heimdal-1.2-1.fc9.2.src.rpm heimdal.src: W: mixed-use-of-spaces-and-tabs (spaces: line 49, tab: line 11) $ rpmbuild ... ... + autoreconf configure.in:3: error: Autoconf version 2.62 or higher is required That was on F9. Hmm, let's see if I have a rawhide machine at hand...
kpasswdd.init line 24 looks wrong: kpasswdd=/usr/heimdal/sbin/kdc
With regard to Comment #4, I'm very much at a loss to understand what is wrong with the /usr/lib stuff. What I'm putting there in the devel package looks sane... I'll fix the kpasswdd issue and upload to my website again.
I'll need to be sponsored for this package.
Some stuff from rpmlint: heimdal-devel.i386: W: dangling-relative-symlink /usr/lib/windc.so windc.so.0.0.0 Maybe it would be best to remove the windc.so symlink from -devel if the library is not supposed to be used outside of the -server package? (I guess that's why the library is in -server instead of in -libs.) heimdal-libs.i386: E: info-files-without-install-info-post{in,un} /usr/share/info/{heimdal,hx509}.info.gz Does this matter? Lots of unstripped-binary-or-object for /usr/{lib,bin,sbin}.
I suppose we could move windc back to the library package, as Samba4 will use that. (but otherwise, like libkdc, it is useless on a client, so hence why I put it in the server package). Adding a server-libs seemed overkill.
I guess that'd be better. The system-sqlite patch needs rebasing to make it build with --fuzz=0. I'll attach an updated version.
Created attachment 314783 [details] rebased patch
Sorry for my going awol here for awhile, I can still do sponsoring if still needed, Andrew, can you chime in on the current state of affairs here, and offer something newish to continue the review (if available)?
We have not yet made Samba4 use the external Heimdal libs, so this isn't required for now. I'm also no longer in the packaging game, so this will be for someone else to pick up.
Fair enough then, thanks for the update. I'll close this then.
anybody continuing this? .. else i'll create a new review ticket .. needing it here in my deployment ..
Asking a question in a long-dead ticket is not the best way to get an answer, but see bug 613001. *** This bug has been marked as a duplicate of bug 613001 ***