Bug 462163 - Review Request: checkdns - A Domain Name Server analysis and reporting tool
Review Request: checkdns - A Domain Name Server analysis and reporting tool
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: manuel wolfshant
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-13 02:39 EDT by John Guthrie
Modified: 2009-04-23 15:41 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-07 16:51:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
wolfy: fedora‑review+


Attachments (Terms of Use)

  None (edit)
Description John Guthrie 2008-09-13 02:39:40 EDT
Spec URL: http://www.guthrie.info/RPMS/f9/checkdns.spec
SRPM URL: http://www.guthrie.info/RPMS/f9/checkdns-0.5-4.fc9.src.rpm
Description: This program is a domain name server analysis and reporting tool. It checks and reports whether a domain name, hosted by your organization, is still in use, and if so, reports whether your name servers are still the delegated name servers of the domain name in question.

Reports are generated both to the console and as HTML output. HTMLs also include
information about the MX and WWW records of the domain name.

The tool is expected to be of great use for Internet Service Providers who are
in need of keeping track of lame dns records.
Comment 1 John Guthrie 2008-09-13 02:48:42 EDT
I would like to note at the outset that rpmlint does give me some grief about some of the permissions that I have set:

john@hopf_1031% rpmlint ../RPMS/i386/checkdns-0.5-4.fc9.i386.rpm   
checkdns.i386: W: non-standard-gid /usr/sbin/checkdns checkdns
checkdns.i386: E: setgid-binary /usr/sbin/checkdns checkdns 02755
checkdns.i386: E: non-standard-executable-perm /usr/sbin/checkdns 02755
checkdns.i386: W: non-standard-gid /var/www/html/checkdns checkdns
checkdns.i386: E: non-standard-dir-perm /var/www/html/checkdns 02775

And, yes I actually do create the group checkdns, and I have the binary setgid so that it can write to the directory that I have created.  I am open to any more reasonable suggestions about how I should set this up.
Comment 2 Jan ONDREJ 2008-09-25 08:06:20 EDT
Just a comment, unable to downloaded spec file or src.rpm.
Please, update your links.
Comment 3 John Guthrie 2008-09-26 03:57:19 EDT
(In reply to comment #2)
> Just a comment, unable to downloaded spec file or src.rpm.
> Please, update your links.

Sorry, I had a domain issue to clear up.  Could you please try the links again?

Thanks.
Comment 4 Jan ONDREJ 2008-09-26 04:03:46 EDT
(In reply to comment #3)
> (In reply to comment #2)
> > Just a comment, unable to downloaded spec file or src.rpm.
> > Please, update your links.
> 
> Sorry, I had a domain issue to clear up.  Could you please try the links again?

I can, but still same problem. :-)

Is it working for you?
Comment 5 John Guthrie 2008-09-26 17:20:45 EDT
(In reply to comment #4)
> (In reply to comment #3)
> > (In reply to comment #2)
> > > Just a comment, unable to downloaded spec file or src.rpm.
> > > Please, update your links.
> > 
> > Sorry, I had a domain issue to clear up.  Could you please try the links again?
> 
> I can, but still same problem. :-)
> 
> Is it working for you?

It is.  I can even get the links to work from a site external to me.  Could I ask you to check one more time.  If it doesn't work, then I'll post a alternate URL.

Thanks.
Comment 6 Jan ONDREJ 2008-09-27 03:29:28 EDT
Well, forks for me now.
Just I am not interested in review (no time).
Will be helpful for someone else.
Comment 7 manuel wolfshant 2008-10-15 19:40:04 EDT
A couple of remarks, before the full review
- the correct license is GPLv2+. All files that include a license in the header specify, and I quote:
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
- the compilation flags which are mandatory for Fedora are ignored. Please make sure that the make process uses %{optflags}
- I did not examine carefully the program, but I think that you can eliminate the need of suid group for the checkdns folder if - in %post - you create a checkdns user and use
     chown checkdns.apache  /var/www/html/checkdns
     chmod 755 /var/www/html/checkdns
     make sure that the checkdns program is run as the checkdns user (which is
             extremely easy to do in cron)
The only drawback is that if the program is run by another user (in a console), the HTML files will not be created with the correct ownership. But as the output is sent to the console, it can be redirected anywhere.
- in addition to the above, I urge you to install an example cron file, either in /var/spool/cron/checkdns (make sure you match the user created above) or in /etc/cron.d (in which case make sure you specify the user that the script runs as, for instance:
     # Runs the chkdns periodic check
     17 01 * * * checkdns /bin/checkdns 1> /dev/null 2> /dev/null
once again, the user after the time fields must match the one created in %post

- feel free to drop the TODO file, it's useless in the current form. However, leave it in if you think that it might contain something useful in the foreseeable future
Comment 8 manuel wolfshant 2008-10-27 08:43:05 EDT
John, do you want to submit a new version or should I review the existing one (which we already know that has at least two blockers) ?
Comment 9 John Guthrie 2008-11-25 23:25:25 EST
I apologize for the late reply.  Life stepped in and I wasn't able to look at this when you started looking at it.  I am going to submit a new version to correct the blockers.  One quick question though.  When I was going through all of the Fedora packaging guidelines, I don't recall seeing anything about the %{optflags} variable.  Could you refer me to the page that discusses this variable, so I can make certain that I use it correctly?

Thank you very much.
Comment 10 John Guthrie 2008-11-26 00:06:26 EST
(In reply to comment #7)
> - I did not examine carefully the program, but I think that you can eliminate
> the need of suid group for the checkdns folder if - in %post - you create a
> checkdns user and use
>      chown checkdns.apache  /var/www/html/checkdns
>      chmod 755 /var/www/html/checkdns
>      make sure that the checkdns program is run as the checkdns user (which is
>              extremely easy to do in cron)
> The only drawback is that if the program is run by another user (in a console),
> the HTML files will not be created with the correct ownership. But as the
> output is sent to the console, it can be redirected anywhere.

I'm a little confused.  Why would I want to do all of that in %post?  Why not in %pre, and just set the ownership and permissions in the %files section?  Unless I'm mistaken, what you are proposing would require changing perms/ownership after they have been placed into the RPM database, with the result that rpm -V will always flag them as having been changed.  Am I missing something?

(In addition, every other package that I have seen add users or groups has done so in %pre.)
Comment 11 manuel wolfshant 2008-11-26 04:16:09 EST
You are right, %pre is more suitable
Comment 12 manuel wolfshant 2008-11-26 04:19:24 EST
http://fedoraproject.org/wiki/Packaging/Guidelines#Compiler_flags is the answer to comment #9
Comment 13 John Guthrie 2008-11-26 13:21:31 EST
I have just uploaded new versions of the spec file and srpm that should satisfy all of your concerns:

Spec URL: http://www.guthrie.info/RPMS/f9/checkdns.spec
SRPM URL: http://www.guthrie.info/RPMS/f9/checkdns-0.5-6.fc9.src.rpm

- License tag should be fixed
- I have adjusted ownership and permissions of stuff in /var/www/html
- %{optflags} is now being used
- I have installed a cron file

Let me know what you think.

Thanks.
Comment 14 manuel wolfshant 2008-11-27 07:19:15 EST
Package Review
==============

Key:
 - = N/A
 x = Check
 ! = Problem
 ? = Not evaluated

=== REQUIRED ITEMS ===
 [x] Package is named according to the Package Naming Guidelines.
 [x] Spec file name must match the base package %{name}, in the format %{name}.spec.
 [x] Package meets the Packaging Guidelines.
 [x] Package successfully compiles and builds into binary rpms on at least one supported architecture.
     Tested on: devel/x86_64
 [x] Rpmlint output:
source RPM:
    checkdns.src: E: unknown-key GPG#84490216
--> ignorable
binary RPM:
    checkdns.x86_64: W: non-standard-uid /var/www/html/checkdns checkdns
    checkdns.x86_64: W: non-standard-gid /var/www/html/checkdns apache
--> both are intended and hence ignorable
    checkdns.x86_64: W: dangerous-command-in-%postun userdel
--> see Note 1
 [x] Package is not relocatable.
 [x] Buildroot is correct (%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n))
 [x] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines.
 [x] License field in the package spec file matches the actual license.
     License type:GPLv2+
 [x] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
 [x] Spec file is legible and written in American English.
 [x] Sources used to build the package match the upstream source, as provided in the spec URL.
     SHA1SUM of package: cb6b51995f44857427f4467d815405b978bba1f7 checkdns-0.5.tar.gz
 [x] Package is not known to require ExcludeArch
 [x] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines.
 [-] The spec file handles locales properly.
 [-] ldconfig called in %post and %postun if required.
 [x] Package must own all directories that it creates.
 [x] Package requires other packages for directories it uses.
 [x] Package does not contain duplicates in %files.
 [x] Permissions on files are set properly.
 [x] Package has a %clean section, which contains rm -rf $RPM_BUILD_ROOT.
 [!] Package consistently uses macros.
--> see note 2
 [x] Package contains code, or permissable content.
 [-] Large documentation files are in a -doc subpackage, if required.
 [x] Package uses nothing in %doc for runtime.
 [-] Header files in -devel subpackage, if present.
 [-] Static libraries in -devel subpackage, if present.
 [-] Package requires pkgconfig, if .pc files are present.
 [-] Development .so files in -devel subpackage, if present.
 [-] Fully versioned dependency in subpackages, if present.
 [x] Package does not contain any libtool archives (.la).
 [-] Package contains a properly installed %{name}.desktop file if it is a GUI application.
 [x] Package does not own files or directories owned by other packages.
 [x] Final provides and requires are sane:

=== SUGGESTED ITEMS ===
 [x] Latest version is packaged.
 [x] Package does not include license text files separate from upstream.
 [-] Description and summary sections in the package spec file contains translations for supported Non-English languages, if available.
 [x] Reviewer should test that the package builds in mock.
     Tested on: devel/x86_64
 [?] Package should compile and build into binary rpms on all supported architectures.
     Tested on:
 [x] Package functions as described.
 [!] Scriptlets must be sane, if used.
-> see note 1
 [-] The placement of pkgconfig(.pc) files is correct.
 [-] File based requires are sane.
 [-] %check is present and the test passes.


=== Final Notes ===
1. Please do not use userdel in %post. The Fedora policy is to allow the sysadmin to clean at will, if/when needed.
2. Since you are using RPM_BUILD_ROOT in a lot of places, please replace %{optflags} with its uppercase equivalent. Technically we are OK, but estethically we are not.

Please make the above mentioned 2 modifications and we are good to go.
Comment 15 John Guthrie 2008-11-28 00:46:46 EST
(In reply to comment #14)
> === Final Notes ===
> 1. Please do not use userdel in %post. The Fedora policy is to allow the
> sysadmin to clean at will, if/when needed.
> 2. Since you are using RPM_BUILD_ROOT in a lot of places, please replace
> %{optflags} with its uppercase equivalent. Technically we are OK, but
> estethically we are not.
> 
> Please make the above mentioned 2 modifications and we are good to go.

I have made both of these modifications:

Spec URL: http://www.guthrie.info/RPMS/f9/checkdns.spec
SRPM URL: http://www.guthrie.info/RPMS/f9/checkdns-0.5-7.fc9.src.rpm

Thank you very much.
Comment 16 manuel wolfshant 2008-11-28 04:04:00 EST
great job. APPROVED.
Comment 17 John Guthrie 2008-11-28 06:50:26 EST
New Package CVS Request
=======================
Package Name: checkdns
Short Description: A Domain Name Server analysis and reporting tool
Owners: guthrie
Branches: F-9 F-10
InitialCC:
Comment 18 John Guthrie 2008-11-29 09:49:17 EST
New Package CVS Request
=======================
Package Name: checkdns
Short Description: A Domain Name Server analysis and reporting tool
Owners: guthrie
Branches: F-9 F-10
InitialCC: guthrie

I am adding myself to the InitialCC list.
Comment 19 Kevin Fenzi 2008-12-01 16:08:48 EST
cvs done. 

No need to add yourself to InitialCC, the owner gets all bugs anyway as they are assigned them.
Comment 20 John Guthrie 2008-12-07 16:51:46 EST
I've submitted the builds, and they have all built successfully.  Closing this bug.
Comment 21 John Guthrie 2009-04-23 15:33:55 EDT
Package Change Request
======================
Package Name: checkdns
New Branches: F-11
Owners: guthrie
Comment 22 John Guthrie 2009-04-23 15:41:25 EDT
Never mind.  I was trying to check the F-11 branch out incorrectly.  I figured it out now.

Note You need to log in before you can comment on or make changes to this bug.