Policyd has released v2.0.9, so I've produced an updated specfile and SRPM for the new version.

Spec URL: http://www.nebrwesleyan.edu/people/stpierre/cbpolicyd.spec
SRPM URL:
http://www.nebrwesleyan.edu/people/stpierre/cbpolicyd-2.0.9-1.fc11.src.rpm

Turns out there was a blocking bug in 2.0.9, so v2.0.10 has been released.  New specfile is up, and a new SRPM is at:

http://www.nebrwesleyan.edu/people/stpierre/cbpolicyd-2.0.10-1.fc11.src.rpm

I've also added a logrotate config to the 2.0.10 package.

There was a bug in 2.0.10 that prevented recently-autowhitelisted hosts from sending properly, with policyd producing a database error and returning DEFER.  I've uploaded a new specfile that includes a patch to fix this bug, and a new SRPM for it:

http://www.nebrwesleyan.edu/people/stpierre/cbpolicyd.spec
http://www.nebrwesleyan.edu/people/stpierre/cbpolicyd-2.0.10-3.fc12.src.rpm

I've also added a cron entry to automatically clean up old entries.

Ok, rpmlint is throwing up this:
W: mixed-use-of-spaces-and-tabs (spaces: line 7, tab: line 16)

So that needs to be fixed.  

> %define ...

You should use %global rather than %define.
http://fedoraproject.org/wiki/Packaging/Guidelines#.25global_preferred_over_.25define

I'm also not sure they are strictly needed, as they make it harder to read.

>Provides:       policyd = %{version}, %{codename} = %{version}
>Obsoletes:      policyd < 2

Why are those there? as far as I can see, there is no policyd rpm in the repos, so the obsoletes isn't needed, and what problem is the Provides: meant to solve?

> %preun

You should probably stop the service before the chkconfig --del here.

>%dir %{configdir}

This is specified in two places.  Perhaps a -common package?

>%attr(0640,root,apache)

should be %attr(640,root,apache)

>%{logrotateconfdir}/%{name}
>%{crondir}/%{name}

These need the %config macro applied


Other than that, it looks pretty good to me.

Thanks!

I've kept the %codename, but changed %define to %global; I got rid of the others %defines.

The naming of this project is pretty muddled.  It's officially called "policyd"; but v.2 was codenamed "cluebringer"; and lots of files are named with "cbpolicyd".  A spec file is distributed with Policyd (which doesn't conform to the Fedora packaging guidelines) that creates an RPM called 'cluebringer'.  People with policyd v1 installed will have an RPM installed called 'policyd'.  Although these have never been in Fedora as far as I know, I added the Provides and Obsoletes to ensure backwards compat with these older packages since I couldn't find any sort of guidelines on this.

%preun fixed.

Given that /etc/cluebringer is the only thing specified in more than one package, I don't know that a -common package makes a lot of sense here.

The errors you're getting from rpmlint about permissions are actually due to those config files not being world-readable, but they both contain passwords so it's important that they not be.  They'll have to be added to the exception list for that check once I get this package into Fedora.  Until then, those errors from rpmlint can be ignored.  %attr(0640,...) is appropriate here.

%config added where necessary.

New spec and SRPM:

http://www.nebrwesleyan.edu/people/stpierre/cbpolicyd.spec
http://www.nebrwesleyan.edu/people/stpierre/cbpolicyd-2.0.10-5.fc12.src.rpm

Sorry this has sat for so long; I've tried a few times to get someone who knows anything about postfix to look at this to no avail.

The spec uses those terrible macro versions of plain commands like %{__cp} and %{__mkdir_p}.  Honestly I'd just get rid of them all so the spec is readable, but if you really want them, please use them consistently and use %{__rm}, %{__mv}, %{__ln_s} and such.

Do we know what upstream would like their software to be called?

I've changed jobs since entering this review request and I no longer work with Policyd.  Unless someone else wants to take this on it's probably safe to close it.

Cool, thanks.