Bug 522895 - New Package for Dogtag PKI: pki-native-tools
Summary: New Package for Dogtag PKI: pki-native-tools
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Parag AN(पराग)
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: Dogtag-to-Fedora
TreeView+ depends on / blocked
 
Reported: 2009-09-12 01:53 UTC by Kevin Wright
Modified: 2015-07-13 04:56 UTC (History)
6 users (show)

Fixed In Version: pki-native-tools-1.3.0-5.fc11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-01-07 21:50:55 UTC
Type: ---
Embargoed:
panemade: fedora-review+
kevin: fedora-cvs+


Attachments (Terms of Use)

Description Kevin Wright 2009-09-12 01:53:14 UTC
Spec URL: http://people.redhat.com/kwright/pki-native-tools/pki-native-tools.spec
SRPM URL: http://people.redhat.com/kwright/pki-native-tools/pki-native-tools-1.3.0-1.fc11.src.rpm
Description:
Dogtag pki is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

These platform-dependent PKI executables are used to help make
Dogtag pki into a more complete and robust PKI solution.

Comment 1 Matthew Harmsen 2009-09-16 17:40:06 UTC
# rpmlint pki-native-tools-1.3.0-1.fc11.i586.rpm 
pki-native-tools.i586: E: non-executable-script /usr/share/pki/templates/pki_subsystem_command_wrapper 0644 /bin/sh
pki-native-tools.i586: E: non-executable-script /usr/share/pki/templates/pki_instance_command_wrapper 0644 /bin/sh
1 packages and 0 specfiles checked; 2 errors, 0 warnings.

EXPLANATION:

(1) Both of these files are are non-executable "templates" which require
    substituted values to create executable command-line wrappers.

Comment 3 Matthew Harmsen 2009-11-05 00:28:11 UTC
Comment From  John Dennis (jdennis)  2009-11-02 15:16:44 EDT:

The package pki-native-tools is doing a number of bogus things. It installs
these executable scripts:

/usr/bin/pkiarch
/usr/bin/pkidist
/usr/bin/pkiflavor
/usr/bin/pkiname

whose job is to echo (hardcoded) configuration information. This is not how we
store and query configuration information in Fedora (and RHEL). This
information should be located in files under /etc.

pkiarch returns 'i386', pkidist returns 'fc11' on my machine,

Each of the above executable needs to be removed and replaced with mechanisms
appropriate to our distributions (e.g. store the information in a configuration
file, marked as %config, and read the information out of that file) and/or use
the existing mechanisms to determine the arch, release, etc. If the packages
need executables like pkiarch and pkidist then it's an indication of bad
packaging practices elsewhere which also will need to be corrected.

The package pki-native-tools also installs a symbolic link

/usr/bin/pkiperl

which points to /usr/bin/perl

Then all the perl scripts in all the pki packages have this in their shebang
line:

#!/usr/bin/pkiperl

This also is bad packaging practice. If you need a specific version of perl
then that needs to be specified in the spec file so that rpm can resolve those
dependencies. Scripts then invoke /usr/bin/perl. Setting up links in /usr/bin
to specific versions of interpreters is likely to create all sorts of problems
in RPM managed systems.

Comment 4 Dennis Gilmore 2009-11-05 01:39:17 UTC
the currently posted build does not build in mock.

Comment 5 Matthew Harmsen 2009-11-09 16:44:36 UTC
Comment #3 has been resolved in https://bugzilla.redhat.com/show_bug.cgi?id=522895

Comment #4 will be addressed in https://bugzilla.redhat.com/show_bug.cgi?id=533534

Comment 7 Mamoru TASAKA 2009-11-21 14:45:12 UTC
( fedora-review flag must be set by the reviewer, not the
  submitter. Revoking for now )

Comment 8 Parag AN(पराग) 2009-12-11 07:06:18 UTC
Review:
+ package builds in mock (rawhide i686).
koji Build =>http://koji.fedoraproject.org/koji/taskinfo?taskID=1864052
+ rpmlint is silent for SRPM and for RPM.
+ source files match upstream url (sha1sum)
135f705c99d00d81c0e7d5058055178d30c181b0  pki-native-tools-1.3.0.tar.gz

Suggestions:
1) you can preserve timestamps
make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"

2) Note that you can safely remove buildroot tag and cleanup of buildroot in %install as per given at
http://fedoraproject.org/wiki/PackagingGuidelines#BuildRoot_tag and
http://fedoraproject.org/wiki/PackagingGuidelines#Prepping_BuildRoot_For_.25install

3) Please add newline after you added new changelog entry.

4) why not to choose following as Group?
Group:          System Environment/Base  

5) Is the license tag "GPLv2 with exceptions" is already discussed and approved by emailing them to fedora-legal-list?


6) Why "Requires: perl" is needed?

7) I don't understand why following is included?
BuildRequires:  bash

See after I removed it , koji scratch build is successful at http://koji.fedoraproject.org/koji/taskinfo?taskID=1869062

8) Try to use macros in all places in SPEC. See 
https://fedoraproject.org/wiki/Packaging:RPMMacros

Comment 9 Kevin Wright 2009-12-15 01:48:27 UTC
Regarding the following:

2) Note that you can safely remove buildroot tag and cleanup of buildroot in
%install as per given at
http://fedoraproject.org/wiki/PackagingGuidelines#BuildRoot_tag and
http://fedoraproject.org/wiki/PackagingGuidelines#Prepping_BuildRoot_For_.25install

Since there is discussion of building these in EPEL, we need to continue using 
the buildroot tag and cleanup of buildroot.

The rest of these issues will be addressed in an upcoming update to the package.

Comment 10 Kevin Wright 2009-12-15 03:11:06 UTC
These updated files address the issues from Comment #8. (with the exception of issue 2). see Comment #9)

Spec URL:
http://people.redhat.com/kwright/pki-native-tools/pki-native-tools.spec
SRPM URL:
http://people.redhat.com/kwright/pki-native-tools/pki-native-tools-1.3.0-4.fc11.src.rpm

Comment 11 Parag AN(पराग) 2009-12-15 06:56:44 UTC
Review:
+ package builds in mock (rawhide i686).
koji Build =>http://koji.fedoraproject.org/koji/taskinfo?taskID=1872517
+ rpmlint is silent for SRPM and for RPM.
+ source files match upstream url (sha1sum)
7062bbc726af7d49488727a1f25fbf7d88b3e490  pki-native-tools-1.3.0.tar.gz
+ package meets naming and packaging guidelines.
+ specfile is properly named, is cleanly written
+ Spec file is written in American English.
+ Spec file is legible.
+ dist tag is present.
+ license is open source-compatible.
+ License text is included in package.
+ %doc is present.
+ BuildRequires are proper.
+ %clean is present.
+ package installed properly.
+ no headers or static libraries.
+ no .pc file present.
+ no -devel subpackage
+ no .la files.
+ no translations are available
+ Does owns the directories it creates.
+ no scriptlets present.
+ no duplicates in %files.
+ file permissions are appropriate.
+ Not a GUI application

APPROVED.

Comment 12 Kevin Wright 2009-12-15 19:08:27 UTC
New Package CVS Request
=======================
Package Name: pki-native-tools
Short Description: The Dogtag PKI Native Tools
Owners: kwright
Branches: F-11, F-12, EL-5
InitialCC: ausil

Comment 13 Kevin Fenzi 2009-12-16 05:32:11 UTC
cvs done.

Comment 14 Fedora Update System 2009-12-16 19:34:14 UTC
pki-native-tools-1.3.0-4.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-4.fc11

Comment 15 Fedora Update System 2009-12-16 19:59:56 UTC
pki-native-tools-1.3.0-4.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-4.fc12

Comment 16 Fedora Update System 2009-12-16 20:05:15 UTC
pki-native-tools-1.3.0-4.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-4.el5

Comment 17 Fedora Update System 2009-12-17 23:52:30 UTC
pki-native-tools-1.3.0-4.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-native-tools'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-1011

Comment 18 Fedora Update System 2009-12-18 04:23:43 UTC
pki-native-tools-1.3.0-4.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-native-tools'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13288

Comment 19 Fedora Update System 2009-12-18 04:28:12 UTC
pki-native-tools-1.3.0-4.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-native-tools'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-13314

Comment 20 Fedora Update System 2010-01-07 21:50:50 UTC
pki-native-tools-1.3.0-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Fedora Update System 2010-01-07 21:53:18 UTC
pki-native-tools-1.3.0-4.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2010-01-12 23:56:38 UTC
pki-native-tools-1.3.0-4.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 Fedora Update System 2010-02-02 19:12:52 UTC
pki-native-tools-1.3.0-5.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-5.el5

Comment 24 Fedora Update System 2010-02-02 19:26:09 UTC
pki-native-tools-1.3.0-5.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-5.fc11

Comment 25 Fedora Update System 2010-02-02 19:43:53 UTC
pki-native-tools-1.3.0-5.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-5.fc12

Comment 26 Fedora Update System 2010-02-22 22:36:10 UTC
pki-native-tools-1.3.0-5.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 27 Fedora Update System 2010-02-23 05:23:25 UTC
pki-native-tools-1.3.0-5.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 28 Fedora Update System 2010-02-23 05:29:58 UTC
pki-native-tools-1.3.0-5.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.