Spec URL: http://jhrozek.fedorapeople.org/sssd/sssd.spec SRPM URL: http://jhrozek.fedorapeople.org/sssd/sssd-0.1.0-2.fc10.src.rpm Description: Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.
I should note that sssd is currently not buildable with libtevent,libtdb and libldb versions of packages available in Fedora. These are also requirements of samba4 that is under review, too. However, a reviewer can already look at the specfile and/or build sssd with the in-tree versions of libraries and headers, there's a couple of hints in the BUILD.txt file in the tarball.
The packages required to build are no longer in-tree. They're not in Fedora yet, but they can be obtained by rebuilding the samba-base SRPM that is placed at: http://simo.fedorapeople.org/samba-base/SRPMS/ I've updated the packages linked in the opening comment. I'll also update this bug again once the packages are in Fedora.
talloc,tdb,tevent and ldb are now available as subpackages of the samba4 package and are built in rawhide.
rpmlint output: sssd.i386: W: no-documentation sssd.i386: W: devel-file-in-non-devel-package /usr/lib/sssd/libsss_proxy.so sssd.i386: W: devel-file-in-non-devel-package /usr/lib/sssd/libsss_ldap.so Can you please comment on these? %files section: %{_sharedstatedir}/sss/ expands to /usr/com/sss/ which doesn't exist. I think you meant %{_localstatedir}/%{_lib}/sss/ Additionally, I think the %{sssd_release} and %{sssd_version} macros aren't really useful. Please consider using standard macros. Please take a look at the following MUST and SHOULD items: MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines. - according to the Licensing Guidelines, "In addition, the package must contain a comment explaining the multiple licensing breakdown.", please see section 1.2.9 MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package. SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. I have some problems with mock, so I will try building the package in mock later.
(In reply to comment #4) > rpmlint output: > sssd.i386: W: no-documentation > sssd.i386: W: devel-file-in-non-devel-package /usr/lib/sssd/libsss_proxy.so > sssd.i386: W: devel-file-in-non-devel-package /usr/lib/sssd/libsss_ldap.so > > Can you please comment on these? > No documentation is expected, there really is not one (yet?). See below for the .so issue. > %files section: > %{_sharedstatedir}/sss/ expands to /usr/com/sss/ which doesn't exist. I think > you meant %{_localstatedir}/%{_lib}/sss/ > On my F10 system: $ rpm --showrc | grep /var/lib -14: _sharedstatedir /var/lib RPM documentation really says that sharedstatedir expands to /usr/com/sss but it's not true. FWIW, the macro is defined in /usr/lib/rpm/platform/*. There is also a corresponding autotools macro. > Additionally, I think the %{sssd_release} and %{sssd_version} macros aren't > really useful. Please consider using standard macros. > Umm, okay. I pretty much continued using them since they were in the specfile I based this upon and also in all the related samba packages. > Please take a look at the following MUST and SHOULD items: > MUST: The package must be licensed with a Fedora approved license and meet the > Licensing Guidelines. > - according to the Licensing Guidelines, "In addition, the package must ontain > a comment explaining the multiple licensing breakdown.", please see section > 1.2.9 OK. > MUST: The sources used to build the package must match the upstream source, as > provided in the spec URL. Reviewers should use md5sum for this task. If no > upstream URL can be specified for this package, please see the Source URL > Guidelines for how to deal with this. Fair point, but there is no upstream tarball yet as there has been no release. For the time being, I've put a comment that describes how to create the tarball that's in srpm. If there's no released tarball by the F-11 deadline, we still might package a git snapshot as described in https://fedoraproject.org/wiki/Packaging/NamingGuidelines#NonNumericRelease. If you consider this important I might do this also for every round of reviewed packages. > MUST: Every binary RPM package (or subpackage) which stores shared library > files (not just symlinks) in any of the dynamic linker's default paths, must > call ldconfig in %post and %postun. /usr/lib/sssd/ is not linker's default path. The symlinks are created manually during "make install". If we want to have them created via ldconfig, we should drop a config file to /etc/ld.so.conf.d/. But that'd work for rpm only anyway. > MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), > then library files that end in .so (without suffix) must go in a -devel > package. So we would have a -devel subpackage that contains just the two symlinks? It's certainly doable, but I wonder if we need to ship these versionless symlinks at all.. > SHOULD: If the source package does not include license text(s) as a separate > file from upstream, the packager SHOULD query upstream to include it. > OK. Consider upstream queried :-) > I have some problems with mock, so I will try building the package in mock > later. If you're trying to build rawhide packages on F-10 host machine in mock, keep in mind that there is a bug mock that prevented doing so (#487430). Maybe the quickest way now is to grab some rawhide box..
(In reply to comment #4) > rpmlint output: > sssd.i386: W: no-documentation > sssd.i386: W: devel-file-in-non-devel-package /usr/lib/sssd/libsss_proxy.so > sssd.i386: W: devel-file-in-non-devel-package /usr/lib/sssd/libsss_ldap.so This are share dmodules private to sssd, and are not versioned. I would ignore this warning at the moment unless there is some rule in fedora that prevents upstream from managing its private libs the way it wants to :-) > MUST: The sources used to build the package must match the upstream source, as > provided in the spec URL. Reviewers should use md5sum for this task. If no > upstream URL can be specified for this package, please see the Source URL > Guidelines for how to deal with this. If necessary I can make a quick alpha release, you tell me. > MUST: Every binary RPM package (or subpackage) which stores shared library > files (not just symlinks) in any of the dynamic linker's default paths, must > call ldconfig in %post and %postun. Those libraries are private and dlopen()ed at run time, they are not supposed to be seen by the linker. > MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), > then library files that end in .so (without suffix) must go in a -devel > package. We do not have a suffix :) > SHOULD: If the source package does not include license text(s) as a separate > file from upstream, the packager SHOULD query upstream to include it. My fault, I'll add a COPYING file asap
(In reply to comment #5) > (In reply to comment #4) > No documentation is expected, there really is not one (yet?). See below for the > .so issue. Good enough. > > %files section: > > %{_sharedstatedir}/sss/ expands to /usr/com/sss/ which doesn't exist. I think > > you meant %{_localstatedir}/%{_lib}/sss/ > > > > On my F10 system: > $ rpm --showrc | grep /var/lib > -14: _sharedstatedir /var/lib > > RPM documentation really says that sharedstatedir expands to /usr/com/sss but > it's not true. FWIW, the macro is defined in /usr/lib/rpm/platform/*. There is > also a corresponding autotools macro. On my F9 system it expands to /usr/com. If this package is only going to be packaged for F10 and higher this is ok. I'll try to confirm that this is the right way, just to make sure. > > Additionally, I think the %{sssd_release} and %{sssd_version} macros aren't > > really useful. Please consider using standard macros. > > > > Umm, okay. I pretty much continued using them since they were in the specfile I > based this upon and also in all the related samba packages. I can see you're reluctant :) It's not really a requirement, but it would really make me happy. FYI, you can also use rpmdev-newspec for template generation in the future if you want. > > MUST: The sources used to build the package must match the upstream source, as > > provided in the spec URL. Reviewers should use md5sum for this task. If no > > upstream URL can be specified for this package, please see the Source URL > > Guidelines for how to deal with this. > > Fair point, but there is no upstream tarball yet as there has been no release. > For the time being, I've put a comment that describes how to create the tarball > that's in srpm. If there's no released tarball by the F-11 deadline, we still > might package a git snapshot as described in > https://fedoraproject.org/wiki/Packaging/NamingGuidelines#NonNumericRelease. An alpha release like Simo suggested would be great. A snapshot will be good enough. > If you consider this important I might do this also for every round of > reviewed packages. You can take your time. I can review the rest and then approve the package right after you provide a tarball that will comply with guidelines. > > MUST: Every binary RPM package (or subpackage) which stores shared library > > files (not just symlinks) in any of the dynamic linker's default paths, must > > call ldconfig in %post and %postun. > > /usr/lib/sssd/ is not linker's default path. The symlinks are created manually > during "make install". If we want to have them created via ldconfig, we should > drop a config file to /etc/ld.so.conf.d/. But that'd work for rpm only anyway. > > > MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), > > then library files that end in .so (without suffix) must go in a -devel > > package. > > So we would have a -devel subpackage that contains just the two symlinks? It's > certainly doable, but I wonder if we need to ship these versionless symlinks at > all.. OK. > If you're trying to build rawhide packages on F-10 host machine in mock, keep > in mind that there is a bug mock that prevented doing so (#487430). Maybe the > quickest way now is to grab some rawhide box.. Ah, then I'm lucky, I'm hitting something else :-)
I finally managed to build the package in mock. Few problems I noticed: Missing build requires: mozldap-devel, pam-devel I also had to include check-devel, configure claims it doesn't recognize --without-tests. Finally, I also had to include openldap-devel as a workaround to build the package, because LDAP_CFLAGS are not used anywhere, which causes build to fail.
New SRPM and specfile that should address your comments. Also adds an initscript. http://jhrozek.fedorapeople.org/sssd/sssd-0.1.0-4.fc10.src.rpm http://jhrozek.fedorapeople.org/sssd/sssd.spec
Looks pretty good. However, could you please split the client parts to a separate package?
Here you are: http://jhrozek.fedorapeople.org/sssd/sssd-0.1.0-5.20090308git6b20fac.fc10.src.rpm http://jhrozek.fedorapeople.org/sssd/sssd.spec Changes: * split into client and server * package git snapshot, mention that in SRPM
Sorry I have to nack the split. None of the parts involved can work w/o any of the other parts, while we call these components client and server, that does not mean that they are useful standalone, indeed they aren't. The 'client' bits can't work without the 'server', and the server is useless w/o the clients.
Another iteration: http://jhrozek.fedorapeople.org/sssd/sssd-0.1.0-5.20090309git691c9b3.fc10.src.rpm http://jhrozek.fedorapeople.org/sssd/sssd.spec Changes: * merge back * chkconfig --add on %post
Yeat another iteration that packages the current HEAD with the last-minute improvements in InfoPipe and shared libraries packaging: http://jhrozek.fedorapeople.org/sssd/sssd-0.1.0-6.20090309gitad269ed.fc10.src.rpm http://jhrozek.fedorapeople.org/sssd/sssd.spec
Thanks, looks good now. This package is APPROVED.
New Package CVS Request ======================= Package Name: sssd Short Description: System Security Services Daemon Owners: sgallagh simo Branches: N/A InitialCC: jhrozek sbose
cvs done. sgallagh wasn't added as an owner due to not being in packager group. He can be added as a comaintainer once he has that by visiting the pkgdb page: https://admin.fedoraproject.org/pkgdb/packages/name/sssd
Built for rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=1232421
Package Change Request ====================== Package Name: libtdb New Branches: EL-5 Owners: sgallagh
Sorry, copy-paste error. Should read: Package Change Request ====================== Package Name: sssd New Branches: EL-5 Owners: sgallagh
cvs done.