Bug 522895 - New Package for Dogtag PKI: pki-native-tools
New Package for Dogtag PKI: pki-native-tools
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Parag AN(पराग)
Fedora Extras Quality Assurance
:
Depends On:
Blocks: Dogtag-to-Fedora
  Show dependency treegraph
 
Reported: 2009-09-11 21:53 EDT by Kevin Wright
Modified: 2015-07-13 00:56 EDT (History)
6 users (show)

See Also:
Fixed In Version: pki-native-tools-1.3.0-5.fc11
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-01-07 16:50:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
panemade: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Kevin Wright 2009-09-11 21:53:14 EDT
Spec URL: http://people.redhat.com/kwright/pki-native-tools/pki-native-tools.spec
SRPM URL: http://people.redhat.com/kwright/pki-native-tools/pki-native-tools-1.3.0-1.fc11.src.rpm
Description:
Dogtag pki is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

These platform-dependent PKI executables are used to help make
Dogtag pki into a more complete and robust PKI solution.
Comment 1 Matthew Harmsen 2009-09-16 13:40:06 EDT
# rpmlint pki-native-tools-1.3.0-1.fc11.i586.rpm 
pki-native-tools.i586: E: non-executable-script /usr/share/pki/templates/pki_subsystem_command_wrapper 0644 /bin/sh
pki-native-tools.i586: E: non-executable-script /usr/share/pki/templates/pki_instance_command_wrapper 0644 /bin/sh
1 packages and 0 specfiles checked; 2 errors, 0 warnings.

EXPLANATION:

(1) Both of these files are are non-executable "templates" which require
    substituted values to create executable command-line wrappers.
Comment 3 Matthew Harmsen 2009-11-04 19:28:11 EST
Comment From  John Dennis (jdennis@redhat.com)  2009-11-02 15:16:44 EDT:

The package pki-native-tools is doing a number of bogus things. It installs
these executable scripts:

/usr/bin/pkiarch
/usr/bin/pkidist
/usr/bin/pkiflavor
/usr/bin/pkiname

whose job is to echo (hardcoded) configuration information. This is not how we
store and query configuration information in Fedora (and RHEL). This
information should be located in files under /etc.

pkiarch returns 'i386', pkidist returns 'fc11' on my machine,

Each of the above executable needs to be removed and replaced with mechanisms
appropriate to our distributions (e.g. store the information in a configuration
file, marked as %config, and read the information out of that file) and/or use
the existing mechanisms to determine the arch, release, etc. If the packages
need executables like pkiarch and pkidist then it's an indication of bad
packaging practices elsewhere which also will need to be corrected.

The package pki-native-tools also installs a symbolic link

/usr/bin/pkiperl

which points to /usr/bin/perl

Then all the perl scripts in all the pki packages have this in their shebang
line:

#!/usr/bin/pkiperl

This also is bad packaging practice. If you need a specific version of perl
then that needs to be specified in the spec file so that rpm can resolve those
dependencies. Scripts then invoke /usr/bin/perl. Setting up links in /usr/bin
to specific versions of interpreters is likely to create all sorts of problems
in RPM managed systems.
Comment 4 Dennis Gilmore 2009-11-04 20:39:17 EST
the currently posted build does not build in mock.
Comment 5 Matthew Harmsen 2009-11-09 11:44:36 EST
Comment #3 has been resolved in https://bugzilla.redhat.com/show_bug.cgi?id=522895

Comment #4 will be addressed in https://bugzilla.redhat.com/show_bug.cgi?id=533534
Comment 7 Mamoru TASAKA 2009-11-21 09:45:12 EST
( fedora-review flag must be set by the reviewer, not the
  submitter. Revoking for now )
Comment 8 Parag AN(पराग) 2009-12-11 02:06:18 EST
Review:
+ package builds in mock (rawhide i686).
koji Build =>http://koji.fedoraproject.org/koji/taskinfo?taskID=1864052
+ rpmlint is silent for SRPM and for RPM.
+ source files match upstream url (sha1sum)
135f705c99d00d81c0e7d5058055178d30c181b0  pki-native-tools-1.3.0.tar.gz

Suggestions:
1) you can preserve timestamps
make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"

2) Note that you can safely remove buildroot tag and cleanup of buildroot in %install as per given at
http://fedoraproject.org/wiki/PackagingGuidelines#BuildRoot_tag and
http://fedoraproject.org/wiki/PackagingGuidelines#Prepping_BuildRoot_For_.25install

3) Please add newline after you added new changelog entry.

4) why not to choose following as Group?
Group:          System Environment/Base  

5) Is the license tag "GPLv2 with exceptions" is already discussed and approved by emailing them to fedora-legal-list@redhat.com?


6) Why "Requires: perl" is needed?

7) I don't understand why following is included?
BuildRequires:  bash

See after I removed it , koji scratch build is successful at http://koji.fedoraproject.org/koji/taskinfo?taskID=1869062

8) Try to use macros in all places in SPEC. See 
https://fedoraproject.org/wiki/Packaging:RPMMacros
Comment 9 Kevin Wright 2009-12-14 20:48:27 EST
Regarding the following:

2) Note that you can safely remove buildroot tag and cleanup of buildroot in
%install as per given at
http://fedoraproject.org/wiki/PackagingGuidelines#BuildRoot_tag and
http://fedoraproject.org/wiki/PackagingGuidelines#Prepping_BuildRoot_For_.25install

Since there is discussion of building these in EPEL, we need to continue using 
the buildroot tag and cleanup of buildroot.

The rest of these issues will be addressed in an upcoming update to the package.
Comment 10 Kevin Wright 2009-12-14 22:11:06 EST
These updated files address the issues from Comment #8. (with the exception of issue 2). see Comment #9)

Spec URL:
http://people.redhat.com/kwright/pki-native-tools/pki-native-tools.spec
SRPM URL:
http://people.redhat.com/kwright/pki-native-tools/pki-native-tools-1.3.0-4.fc11.src.rpm
Comment 11 Parag AN(पराग) 2009-12-15 01:56:44 EST
Review:
+ package builds in mock (rawhide i686).
koji Build =>http://koji.fedoraproject.org/koji/taskinfo?taskID=1872517
+ rpmlint is silent for SRPM and for RPM.
+ source files match upstream url (sha1sum)
7062bbc726af7d49488727a1f25fbf7d88b3e490  pki-native-tools-1.3.0.tar.gz
+ package meets naming and packaging guidelines.
+ specfile is properly named, is cleanly written
+ Spec file is written in American English.
+ Spec file is legible.
+ dist tag is present.
+ license is open source-compatible.
+ License text is included in package.
+ %doc is present.
+ BuildRequires are proper.
+ %clean is present.
+ package installed properly.
+ no headers or static libraries.
+ no .pc file present.
+ no -devel subpackage
+ no .la files.
+ no translations are available
+ Does owns the directories it creates.
+ no scriptlets present.
+ no duplicates in %files.
+ file permissions are appropriate.
+ Not a GUI application

APPROVED.
Comment 12 Kevin Wright 2009-12-15 14:08:27 EST
New Package CVS Request
=======================
Package Name: pki-native-tools
Short Description: The Dogtag PKI Native Tools
Owners: kwright
Branches: F-11, F-12, EL-5
InitialCC: ausil
Comment 13 Kevin Fenzi 2009-12-16 00:32:11 EST
cvs done.
Comment 14 Fedora Update System 2009-12-16 14:34:14 EST
pki-native-tools-1.3.0-4.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-4.fc11
Comment 15 Fedora Update System 2009-12-16 14:59:56 EST
pki-native-tools-1.3.0-4.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-4.fc12
Comment 16 Fedora Update System 2009-12-16 15:05:15 EST
pki-native-tools-1.3.0-4.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-4.el5
Comment 17 Fedora Update System 2009-12-17 18:52:30 EST
pki-native-tools-1.3.0-4.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-native-tools'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-1011
Comment 18 Fedora Update System 2009-12-17 23:23:43 EST
pki-native-tools-1.3.0-4.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-native-tools'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13288
Comment 19 Fedora Update System 2009-12-17 23:28:12 EST
pki-native-tools-1.3.0-4.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-native-tools'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-13314
Comment 20 Fedora Update System 2010-01-07 16:50:50 EST
pki-native-tools-1.3.0-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Fedora Update System 2010-01-07 16:53:18 EST
pki-native-tools-1.3.0-4.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 22 Fedora Update System 2010-01-12 18:56:38 EST
pki-native-tools-1.3.0-4.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2010-02-02 14:12:52 EST
pki-native-tools-1.3.0-5.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-5.el5
Comment 24 Fedora Update System 2010-02-02 14:26:09 EST
pki-native-tools-1.3.0-5.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-5.fc11
Comment 25 Fedora Update System 2010-02-02 14:43:53 EST
pki-native-tools-1.3.0-5.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/pki-native-tools-1.3.0-5.fc12
Comment 26 Fedora Update System 2010-02-22 17:36:10 EST
pki-native-tools-1.3.0-5.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 27 Fedora Update System 2010-02-23 00:23:25 EST
pki-native-tools-1.3.0-5.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 28 Fedora Update System 2010-02-23 00:29:58 EST
pki-native-tools-1.3.0-5.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.