This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 518441 - Review Request: ike - Shrew Soft VPN Client For Linux
Review Request: ike - Shrew Soft VPN Client For Linux
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ruediger Landmann
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-20 08:45 EDT by Andrew Colin Kissa
Modified: 2011-03-23 18:58 EDT (History)
8 users (show)

See Also:
Fixed In Version: ike-2.1.7-4.fc14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-03-21 23:50:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
r.landmann: fedora‑review+
tibbs: fedora‑cvs+


Attachments (Terms of Use)
New ike respecting different lib dependings. (3.83 KB, text/plain)
2010-08-02 06:23 EDT, cerebrosus
no flags Details

  None (edit)
Description Andrew Colin Kissa 2009-08-20 08:45:44 EDT
Spec URL: http://topdog-software.com/oss/SRPMS/fedora/ike/ike.spec
SRPM URL: http://topdog-software.com/oss/SRPMS/fedora/ike/ike-2.1.5-0.1.rc2.fc11.src.rpm
Description:
This free IPSEC VPN client can be used to communicate with 
Open Source IPSEC VPN servers as well as some commercial
IPSEC VPN servers.


* Rpmlint is clean
* Scratch build - http://koji.fedoraproject.org/koji/taskinfo?taskID=1617339
Comment 1 Joshua Roys 2009-12-14 13:52:05 EST
Hello,

(The official 2.1.5 is out now, by the way.)

I'm not entirely sure where you get the "Sleepycat" license from...  is the license used in LICENSE.TXT just word-for-word identical for that?  Is there an email thread somewhere?

Two rpmlint issues:
Fix the init script (see below).
Use the %cmake macro... this avoids/fixes a rpmlint error on the debuginfo package (see below).
http://fedoraproject.org/wiki/Packaging/cmake
https://fedoraproject.org/wiki/Packaging/Debuginfo#Useless_or_incomplete_debuginfo_packages_due_to_packaging_issues (esp. the note about CFLAGS, ...)

$ rpmlint -vi /var/lib/mock/fedora-12-x86_64/result/ike-*
ike.src: I: checking
ike.x86_64: I: checking
ike.x86_64: W: service-default-enabled /etc/rc.d/init.d/iked
The service is enabled by default after "chkconfig --add"; for security
reasons, most services should not be. Use "-" as the default runlevel in the
init script's "chkconfig:" line and/or remove the "Default-Start:" LSB keyword
to fix this if appropriate for this service.

ike-debuginfo.x86_64: I: checking
ike-debuginfo.x86_64: E: debuginfo-without-sources
This debuginfo package appears to contain debug symbols but no source files.
This is often a sign of binaries being unexpectedly stripped too early during
the build, or being compiled without compiler debug flags (which again often
is a sign of distro's default compiler flags ignored which might have security
consequences), or other compiler flags which result in rpmbuild's debuginfo
extraction not working as expected.  Verify that the binaries are not
unexpectedly stripped and that the intended compiler flags are used.

3 packages and 0 specfiles checked; 1 errors, 1 warnings.

Thanks.
Comment 2 Andrew Colin Kissa 2009-12-15 06:47:57 EST
- The license is based on the text in LICENSE.TXT, i have sent a mail to the devel list to clarify this.

- %cmake macro implemented

- Given the fact that this is a desktop app, users expect that it should just work on installation, disabling the service would prevent this from happening. So i think it is best to leave the service default enabled.

- Updated spec and srpm

http://www.topdog-software.com/oss/SRPMS/fedora/ike/ike-2.1.5-1.fc12.src.rpm
http://www.topdog-software.com/oss/SRPMS/fedora/ike/ike.spec
Comment 3 Andrew Colin Kissa 2009-12-15 06:54:40 EST
On checking the devel list achives, i can confirm that it is indeed the sleepycat license.

http://lists.shrew.net/mailman/htdig/vpn-devel/2007-October/000020.html
Comment 5 cerebrosus 2010-08-02 06:22:26 EDT
There seem to be some problems. I want to create the packages standing above. But when it has compiled, libs are missing bei all ike* binaries. These libs were created by cmake during the compile process in the ike package, but they were not be installed by cmake, so rpmbuild missed to add them to the package. Because i got no idea about cmake, i had some lines in the spec file.

This spec file will be added as an attachment here and later i will post a link with a ready rpm x86_64 package.

Greeze
Comment 6 cerebrosus 2010-08-02 06:23:29 EDT
Created attachment 435994 [details]
New ike respecting different lib dependings.
Comment 7 Jochen Schmitt 2010-10-13 12:18:20 EDT
My suggestion for this package:

SPEC: http://www.herr-schmitt.de/pub/ike/ike.spec
SRPM: http://www.herr-schmitt.de/pub/ike/ike-2.1.7-1.fc13.src.rpm
Comment 8 Jochen Schmitt 2010-10-14 15:55:21 EDT
Because I have found some cmake related issues which caused the unavailbility of some so files build by this package, I have created a new release of it:

SPEC: http://www.herr-schmitt.de/pub/ike/ike.spec
SRPM: http://www.herr-schmitt.de/pub/ike/ike-2.1.7-2.fc13.src.rpm
Comment 9 Ruediger Landmann 2010-10-30 00:43:46 EDT
(In reply to comment #7)

Jochen, you should not add your own version of the package here.

We have a process to deal with reviews that stall.[0] If it turns out that Andrew isn't interested in working on this package any more, you will be able to close this review request and open a new request for your version of the package.

Andrew, could you please let us know if you still want to package ike for Fedora?

Cheers
Rudi

[0] http://fedoraproject.org/wiki/PackageMaintainers/Policy#Submitter_not_responding
Comment 10 Andrew Colin Kissa 2010-10-30 03:39:03 EDT
I wasn't technically non responsive, no one picked up this review so there was no point in continuing to work on it, as am on vacation from fedora work if Jochen wants to continue working on this and someone is willing to review then so be it.
Comment 11 Jochen Schmitt 2010-11-01 13:29:24 EDT
@Andrea,

I assume that you are be the maintainer of this package. Because I'm interested to see this package in Fedora and have found any issue on it, I have post my suggestion for this package on comment #8
Comment 12 Jason Tibbitts 2011-01-25 12:26:26 EST
Is anything going to happen here?  Jochen, if you wish to submit this, I suggest you open a new ticket and just close this one as a duplicate.  If you don't wish to submit it, would you want to review it?  And if so, would Andrew want to continue working on this?

This is the second oldest review ticket that's not assigned to someone, and it would be really nice to either move forward with it or close it out.
Comment 13 Andrew Colin Kissa 2011-01-25 12:40:10 EST
Jason if you can review it i am still willing to make some time to work on it, In certain situations this package is really valuable due to the interop that it provides to several vpn implementations.
Comment 14 Jason Tibbitts 2011-01-25 12:45:44 EST
I'll add it to my list.  My list isn't short, though, so it may be a while.
Comment 15 Andrew Colin Kissa 2011-01-25 12:49:36 EST
Thank you.
Comment 16 Jason Tibbitts 2011-01-25 13:07:43 EST
Have you looked at the spec Jochen suggested?  I did a quick comparison and while they seem significantly different on the surface, the main difference seems to be breaking out the desktop and logrotate stuff out to separate SourceN: files, which honestly makes little difference to me although I suppose Jochen's method looks a little simpler.  Is there anything you'd want to incorporate from his spec?

Also, is there anything to comment 5?
Comment 17 Andrew Colin Kissa 2011-01-25 13:16:44 EST
I was building on 32bit before, but build on 64bit these days if there any issues i will fix them. I will see if i can incorporate some of the suggestions. I will post an updated spec and srpm when am done.
Comment 18 Andrew Colin Kissa 2011-02-12 07:34:47 EST
I have gone with Jochem's spec. Please find updated spec and srpm

http://www.topdog-software.com/oss/SRPMS/fedora/ike/ike-2.1.7-3.fc14.src.rpm
http://www.topdog-software.com/oss/SRPMS/fedora/ike/ike.spec
Comment 19 nucleo 2011-02-12 10:13:59 EST
Is there reason not to use qt4 version (2.2.0-beta-1)?
qt3 is obsoleted and maybe will be retired soon or later.
Comment 20 Andrew Colin Kissa 2011-02-12 10:45:15 EST
2.2.x branch is not a stable release
Comment 21 nucleo 2011-02-12 10:52:40 EST
(In reply to comment #20)
> 2.2.x branch is not a stable release

Packaging of not stable releases is not forbidden and used often enough.
Comment 22 Andrew Colin Kissa 2011-02-12 10:55:40 EST
I am aware of that but i would rather go with the stable version.
Comment 23 Jason Tibbitts 2011-02-15 14:34:26 EST
It is foolish and ill-advised to encourage the packaging of unreleased versions or unstable releases.

Unfortunately now after these three weeks I'm out of free time, so I don't know when I'll have a chance to get back to this.
Comment 24 nucleo 2011-02-15 14:53:56 EST
(In reply to comment #23)
> packaging of unreleased versions
2.2.0-beta-1 version is released.
> or unstable releases
Upstream can be asked about how "unstable" this release and is it good enough to package it.
Comment 25 Andrew Colin Kissa 2011-02-15 15:01:58 EST
If it was good enough (i.e fully tested and relatively glitch free and feature stable) for use it would be a stable release.
Comment 26 nucleo 2011-02-15 20:11:37 EST
(In reply to comment #25)
There may be many reasons why qt4 version is still in development branch.
Is real quality of 2.2.0-beta1 release not sufficient to package it now?
Comment 27 Ruediger Landmann 2011-02-15 23:31:54 EST
(In reply to comment #23)

> Unfortunately now after these three weeks I'm out of free time, so I don't know
> when I'll have a chance to get back to this.

I'm happy to take this up -- I should be able to do a review in the next day or two.
Comment 28 nucleo 2011-02-16 09:21:37 EST
What known about plans fro making 2.2.0 stable release or RC's?
Comment 29 Ruediger Landmann 2011-02-25 19:41:57 EST
Andrew -- rpmlint shows some problems:

$ rpmlint /home/rlandmann/rpmbuild/RPMS/x86_64/ike-2.1.7-3.fc14.x86_64.rpm
ike.x86_64: E: executable-marked-as-config-file /etc/logrotate.d/ike
ike.x86_64: W: spurious-executable-perm /etc/logrotate.d/ike
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libith.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/liblog.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libip.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libike.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libpfk.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libidb.so
ike.x86_64: W: service-default-enabled /etc/rc.d/init.d/iked
1 packages and 0 specfiles checked; 1 errors, 8 warnings.

Please update the spec file so that you:

* install /etc/logrotate.d/ike with mode 644
* put the .so files in a -devel subpackage

I agree with your reasoning about having the service enabled and ready to use on installation.

When you've rebuilt the SRPM to address the above points, verify the rpmlint output and I'll complete this review.

Cheers
Rudi
Comment 30 Andrew Colin Kissa 2011-02-26 01:43:30 EST
Rudi

The libs are required by the binaries so putting them in a devel package is not really an option as the binaries will not work without the libs.
Comment 31 Ruediger Landmann 2011-03-07 18:49:58 EST
(In reply to comment #30)
> Rudi
> 
> The libs are required by the binaries so putting them in a devel package is not
> really an option as the binaries will not work without the libs.

Fair enough :) So, fix the perms on the logrotate file and I think we're done here.
Comment 33 Ruediger Landmann 2011-03-13 20:46:42 EDT
Thanks Andrew -- looks good now. Please go ahead and make your SCM request.

Thanks for your patience with the process and sorry that this has dragged on for so long.

ACCEPT

 - = N/A
 / = Check
 ! = Problem
 ? = Not evaluated

=== REQUIRED ITEMS ===
 [/] Rpmlint output is clean:
$ rpmlint SPECS/ike.spec 
0 packages and 1 specfiles checked; 0 errors, 0 warnings.
$ rpmlint SRPMS/ike-2.1.7-4.fc14.src.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
$ rpmlint RPMS/x86_64/ike-2.1.7-4.fc14.x86_64.rpm
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libith.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/liblog.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libip.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libike.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libpfk.so
ike.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libidb.so
ike.x86_64: W: service-default-enabled /etc/rc.d/init.d/iked
1 packages and 0 specfiles checked; 0 errors, 7 warnings.
$ rpmlint RPMS/x86_64/ike-debuginfo-2.1.7-4.fc14.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

 [/] Package is named according to the Package Naming Guidelines.
 [/] Spec file name must match the base package %{name}, in the format
%{name}.spec.
 [/] Package meets the Packaging Guidelines including the Language specific
items
 [/] Package is licensed with an open-source compatible license and meets other
legal requirements as defined in the legal section of Packaging Guidelines.
 [/] License field in the package spec file matches the actual license.
     License type: Sleepycat
 [/] If (and only if) the source package includes the text of the license(s) in
its own file, then that file, containing the text of the license(s) for the
package is included in %doc.
 [/] Spec file is legible and written in American English.
 [/] Sources used to build the package matches the upstream source, as provided
in the spec URL.
$ md5sum SOURCES/ike-2.1.7-release.tbz2 
bc86e101809fc750013e18480c8c1040  SOURCES/ike-2.1.7-release.tbz2
$ md5sum ~/Download/ike-2.1.7-release.tbz2 
bc86e101809fc750013e18480c8c1040  /home/rlandmann/Download/ike-2.1.7-release.tbz2

 [/] Package successfully compiles and builds into binary rpms on at least one
supported architecture.
     Tested: http://koji.fedoraproject.org/koji/taskinfo?taskID=2909578
 [/] Package is not known to require ExcludeArch
 [/] All build dependencies are listed in BuildRequires, except for any that
are listed in the exceptions section of Packaging Guidelines.
 [-] The spec file handles locales properly (with the %find_lang macro)
 [/] ldconfig called in %post and %postun if required.
 [/] Package does not bundle copies of system libraries
 [/] Package is not relocatable.
 [/] Package must own all directories that it creates.
 [/] Package does not contain duplicates in %files.
 [/] Permissions on files are set properly
 [/] %files section includes a %defattr(...) line
 [/] Package consistently uses macros.
 [-] Large documentation files are in a -doc subpackage, if required.
 [/] Package uses nothing in %doc for runtime.
 [-] Header files in -devel subpackage, if present.
 [-] Static libraries in -static subpackage, if present.
 [-] Development .so files in -devel subpackage, if present.
.so files discussed above

 [-] -devel packages require base package with full versioning.
 [/] Package does not contain any libtool archives (.la).
 [/] Package contains a properly installed %{name}.desktop file if it is a GUI
application.
 [/] Package does not own files or directories owned by other packages.
 [/] Filenames are valid UTF-8
Comment 34 Andrew Colin Kissa 2011-03-14 13:51:22 EDT
Thank you Rudi, for the review, finally this ticket is being put to bed.

New Package SCM Request
=======================
Package Name: ike
Short Description: Shrew Soft VPN Client For Linux
Owners: topdog
Branches: f13 f14 f15 el5 el6
Comment 35 Jason Tibbitts 2011-03-14 19:13:32 EDT
Git done (by process-git-requests).
Comment 36 Fedora Update System 2011-03-15 13:06:43 EDT
ike-2.1.7-4.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/ike-2.1.7-4.fc14
Comment 37 Fedora Update System 2011-03-15 13:08:45 EDT
ike-2.1.7-4.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/ike-2.1.7-4.fc13
Comment 38 Fedora Update System 2011-03-15 13:11:46 EDT
ike-2.1.7-4.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/ike-2.1.7-4.fc15
Comment 39 Fedora Update System 2011-03-15 17:49:58 EDT
ike-2.1.7-4.fc14 has been pushed to the Fedora 14 testing repository.
Comment 40 Fedora Update System 2011-03-21 23:50:18 EDT
ike-2.1.7-4.fc15 has been pushed to the Fedora 15 stable repository.
Comment 41 Fedora Update System 2011-03-23 18:58:11 EDT
ike-2.1.7-4.fc13 has been pushed to the Fedora 13 stable repository.
Comment 42 Fedora Update System 2011-03-23 18:58:38 EDT
ike-2.1.7-4.fc14 has been pushed to the Fedora 14 stable repository.

Note You need to log in before you can comment on or make changes to this bug.