Bug 520479 - Review Request: myproxy - Manage X.509 Public Key Infrastructure (PKI)
Summary: Review Request: myproxy - Manage X.509 Public Key Infrastructure (PKI)
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Mattias Ellert
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 517763 523972
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-31 17:25 UTC by Steve Traylen
Modified: 2009-11-05 21:28 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-11 08:42:47 UTC
mattias.ellert: fedora-review+
kevin: fedora-cvs+


Attachments (Terms of Use)

Description Steve Traylen 2009-08-31 17:25:14 UTC
Spec URL: http://cern.ch/straylen/myproxy-rpms/myproxy.spec
SRPM URL: http://cern.ch/straylen/myproxy-rpms/myproxy-4.7-1.fc11.src.rpm
Description: 
MyProxy is open source software for managing X.509 Public Key Infrastructure
(PKI) security credentials (certificates and private keys). MyProxy
combines an online credential repository with an online certificate
authority to allow users to securely obtain credentials when and where needed.
Users run myproxy-logon to authenticate and obtain credentials, including
trusted CA certificates and Certificate Revocation Lists (CRLs).

Comment 1 Steve Traylen 2009-09-11 15:30:44 UTC
These are updated packages with new myproxy version and also contain
some corrections.

Spec: http://cern.ch/straylen/rpms/myproxy/myproxy.spec
SRPM: http://cern.ch/straylen/rpms/myproxy/myproxy-4.8-1.fc11.src.rpm

Comment 2 Steve Traylen 2009-09-21 10:20:06 UTC
Updated to require the voms version fixed for bug 523972

Spec: http://cern.ch/straylen/rpms/myproxy/myproxy.spec
SRPM: http://cern.ch/straylen/rpms/myproxy/myproxy-4.8-2.fc11.src.rpm  

A koji build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1694311

$ rpmlint SPECS/myproxy.spec 
0 packages and 1 specfiles checked; 0 errors, 0 warnings.

$ rpmlint SRPMS/myproxy-4.8-2.fc11.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

$ rpmlint RPMS/x86_64/myproxy-*
myproxy-devel.x86_64: W: no-documentation
myproxy-server.x86_64: W: non-standard-uid /var/lib/myproxy myproxy
myproxy-server.x86_64: W: non-standard-gid /var/lib/myproxy myproxy
myproxy-server.x86_64: E: non-standard-dir-perm /var/lib/myproxy 0700
myproxy-server.x86_64: W: incoherent-subsys /etc/rc.d/init.d/myproxy-server $prog

These are all justified in particular /var/lib/myproxy should not be
readable by anyone other than the myproxy user.

Steve

Comment 3 Steve Traylen 2009-09-27 18:28:13 UTC
Hi,
All the blocking bugs on this are now resolved and a koji build is now
quite possible:

http://koji.fedoraproject.org/koji/taskinfo?taskID=1711749

really looking for a review of this.

Steve

Comment 4 Steve Traylen 2009-10-01 18:21:45 UTC
http://cern.ch/straylen/rpms/myproxy/myproxy.spec
http://cern.ch/straylen/rpms/myproxy/myproxy-4.8-3.fc11.src.rpm

.spec file altered so that it now builds on .el5 as well.

http://koji.fedoraproject.org/koji/taskinfo?taskID=1722508

still looking for a review.

Steve

Comment 5 Mattias Ellert 2009-10-07 09:00:59 UTC
Fedora review myproxy-4.8-3.fc11.src.rpm 2009-10-07

rpmlint results:

myproxy-devel.x86_64: W: no-documentation
myproxy-server.x86_64: W: non-standard-uid /var/lib/myproxy myproxy
myproxy-server.x86_64: W: non-standard-gid /var/lib/myproxy myproxy
myproxy-server.x86_64: E: non-standard-dir-perm /var/lib/myproxy 0700
myproxy-server.x86_64: W: incoherent-subsys /etc/rc.d/init.d/myproxy-server $prog
8 packages and 0 specfiles checked; 1 errors, 4 warnings.

All fine.

+ OK
- needs some work

+ package name follows naming guidelines

+ spec file name matches package name

+ The package license tag (NCSA and BSD) is a Fedoara approved license

- In addition to the license tags stated - which corresponds to the license
  statements in the license files - the following source files contain
  license statements saying they are licensed under Apache license v 2.0:
  pubcookie.h, safe_id_range_list.[ch], safe_is_path_trusted.[ch]

+ License files in the sources are installed as %doc:
  LICENSE, LICENSE.netbsd, LICENSE.sasl

+ Specfile is written in legible English

+ Source matches upstream - and is the latest upstream version.

$ md5sum myproxy-4.8.tar.gz src/myproxy-4.8.tar.gz 
85f29d553bfec5fa5f2042440542524f  myproxy-4.8.tar.gz
85f29d553bfec5fa5f2042440542524f  src/myproxy-4.8.tar.gz

+ Package builds in mock (Fedora-11)

+ BuildRequires are sane

+ Library package calls ldconfig appropiately

+ No bundled system libraries

- The package owns most directories it creates except /etc/grid-security

I know this is a tricky one, since many exernal third party non-Fedora
packages put files there - the IGTF CA packages in particular. But
currently the only package that is in Fedora that owns this directory
is the voms server which the myproxy server does not have a dependency
on.

+ No duplicate files

+ File permissions are sane and all %files sections have %defattr

+ %clean clears buildroot

+ Specfile uses macros consistently

+ Package contains code

+ Documentation is in doc sub package

+ %doc is not runtime essential

+ Headers are in devel

+ No static libraries

+ .so symlink in devel

+ devel requires main with full version

+ No libtool archives

+ Package does not own other's files

+ %install clears buildroot

+ filenames are valid UTF8

So formally mostly OK

Some additional comments:

The %_initddir macro is (as you noticed) not available in RHEL4/5, but
the older (now considered misspelled) %_initrddir macro is. You could
use the following definition to define the new macro to the value of
the old macro if the new macro is not available:

%{!?_initddir: %global _initddir %{_initrddir}}

The %define should be replaced by %global anyway - see
https://fedoraproject.org/wiki/Packaging:Guidelines#.25global_preferred_over_.25define

Since the package name (unlike the globus packages) does not contain
any underscores, the %_name macro is not really needed for this
package and the %name can be used instead.

The main package rpm tags values are aligned on column 16, while the
subpackage tag values are separated by a single space - except for the
Group tag. I can see why you might want to do it differently for the
main and the sub packages, but not really why you then treat the Group
tag differently.

The voms not available yet comment should be removed (the --with-voms
option to configure is already there).

Many of the %attr statements in the %files sections look redundant and
seems to be covered by the %defattr.

There is a missing empty line between two entries in the changelog.

In Fedora 11 the autogenerated requires in the devel package from the
pkg-config dependencies will be sufficient, but if you intend to put
the package in EPEL these will not be present, and there will be no
dependency that will drag in globus-gss-assist-devel package when
installing myproxy-devel. Adding a requires on globus-gss-assist-devel
in the devel package would help.

$ rpm -q --requires -p myproxy-devel-4.8-3.fc11.x86_64.rpm 
/usr/bin/pkg-config  
libmyproxy.so.4()(64bit)  
myproxy = 4.8-3.fc11
pkgconfig(globus-gss-assist) >= 3        < This will not be there in EPEL
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(VersionedDependencies) <= 3.0.3-1

Comment 6 Steve Traylen 2009-10-07 19:18:13 UTC
Thanks.
Updated packages include white space changes, change in how initddir is
set for epel, removal of useless _name variable and removal of redundant
%attr flags.

Also:

- Add ASL 2.0 license as well.
- Explicitly add /etc/grid-security to files list
- For .el4/5 build only add globus-gss-assist-devel as requirement 
  to myproxy-devel package.

i.e everything you mentioned.

Also I swapped %{_sharedstatedir} for %{_var}/lib since the former
is /usr/com on .el5 it seems.

rpmlint is unchanged:

myproxy-devel.x86_64: W: no-documentation
myproxy-server.x86_64: W: non-standard-uid /var/lib/myproxy myproxy
myproxy-server.x86_64: W: non-standard-gid /var/lib/myproxy myproxy
myproxy-server.x86_64: E: non-standard-dir-perm /var/lib/myproxy 0700
myproxy-server.x86_64: W: incoherent-subsys /etc/rc.d/init.d/myproxy-server $prog

a .fc13 and .el5 koji build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1733813
http://koji.fedoraproject.org/koji/taskinfo?taskID=1733819

and the update:
http://cern.ch/straylen/rpms/myproxy/myproxy.spec
http://cern.ch/straylen/rpms/myproxy/myproxy-4.8-4.fc11.src.rpm

Comment 7 Mattias Ellert 2009-10-09 11:24:19 UTC
Package approved.

Comment 8 Steve Traylen 2009-10-09 13:31:03 UTC
New Package CVS Request
=======================
Package Name: myproxy
Short Description: Manage X.509 Public Key Infrastructure
Owners: stevetraylen
Branches: F-11 F-12 EL-4 EL-5
InitialCC:

Comment 9 Kevin Fenzi 2009-10-10 22:08:12 UTC
cvs done.

Comment 10 Fedora Update System 2009-10-11 08:38:41 UTC
myproxy-4.8-4.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/myproxy-4.8-4.fc12

Comment 11 Fedora Update System 2009-10-11 08:39:44 UTC
myproxy-4.8-4.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/myproxy-4.8-4.fc11

Comment 12 Fedora Update System 2009-10-11 08:40:46 UTC
myproxy-4.8-4.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/myproxy-4.8-4.el5

Comment 13 Fedora Update System 2009-10-13 07:42:40 UTC
myproxy-4.8-5.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/myproxy-4.8-5.el4

Comment 14 Fedora Update System 2009-11-04 12:33:22 UTC
myproxy-4.8-4.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2009-11-05 21:28:00 UTC
myproxy-4.8-4.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2009-11-05 21:28:13 UTC
myproxy-4.8-5.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.