Spec URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec.spec SRPM URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec-0.4-1.fc12.src.rpm Description: Lua binding for OpenSSL library to provide TLS/SSL communication. It takes an already established TCP connection and creates a secure session between the peers.
rpmlint is clean for all produced packages. SRPM builds fine in mock.
There seems to be a lot of duplicate code from luasocket here. Do you think it is possible to figure out if some of it can be removed (since luasec depends on luasocket anyway), or at least figure out how much code is duplicated? I mention this because of this: http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
I really do no know, I'll take a look at that. I did not pay attention code should be duplicated here :)
Looks like file embedded from luasocket are from an older version, but the one in the repositories should be used I guess. Problem is that luasocket doe not provide any -devel packages including .h files luasec should require. What can I do? Do I have to open a bug against luasocket for it to provide a -devel package?
Hmm. I think the correct thing to do is to get the necessary changes merged back into luasocket. I am not sure how easy it would be to get a new release of luasocket with these changes, there hasn't been a release in a while. Also, I am not sure how safe it would be for luasec to require "socket.core", because that would really tie luasec to the internals of the C interfaces. (It would probably be ok.) It looks like only a tiny amount of changes would be necessary. io.h, socket.h, usocket.c? Possibly it would make sense to merge luasocket and luasec together into one package at some point. luasocket is lacking IPv6, and this would require a new luasocket, so maybe it could just include luasec all together. Practially speaking, if we want to move forward with luasec and prosody in Fedora soon, probably we should try to get a FESCO exemption for luasec's duplicate code from luasocket and then get a new luasocket/luasec released upstream that fixes these problems. Then IPv6 can be next.
Hi Johan, what's the current state, please? I would like to see Prosody in Fedora. If you haven't tried so far, I can contact luasocket author to find out his opinion of possible merge with luasec.
I think luasocket is pretty much completed, the upstream considers it finished, if I remember. Another big issue here is IPv6 support, which luasocket does not support and I don't think ever really will. I commented on the prosody bugtracker on the IPv6 bug: http://code.google.com/p/lxmppd/issues/detail?id=68#c6 I think that nixio is the way forward, since it takes care of IPv6 and SSL all in one.
Adam, any updates on this?
There have been no changes: IPv6 is still not supported, and luasec is still a fork of luasocket. I consider both of these blockers for this review.
Johan, how do you feel about nixio vs. lua-sec?
The main reason for this package is to run prosody. You probably want to convince prosody upstream to use nixio instead of luasocket and luasec. Otherwise, there isn't much point to packaging nixio.
Since I've opened that review request, I've stopped to maintain packages in Fedora repositories. I do not really know what to do with this request, should it be closed? Anyways, Adam is right, the only reason for me to make a package such as lua-sec was to run the Prosody jabber (see https://bugzilla.redhat.com/show_bug.cgi?id=551765) server over SSL.
Does anybody want to take over this package submission? (Adam?) If not we should probably close it and if someone wants to take it up in the future, they can either reopen this request or start a new one.
No, this package is a dead end as it stands.
What about Prosody?
I love prosody and use it myself. If it can be built without lua-sec, then it should go into Fedora. Lack of IPv6 support is unfortunate, but not a total showshopper in my opinion. lua-sec being a fork of luasocket is.
Just (In reply to comment #15) > What about Prosody? just to note bug 551765 comment 21.
According to the last Fesco meeting forks are allowed and if I understand it well, it should be possible to review lua-sec now (If I'm not right, please correct me): > At the 2012-02-27 meeting we agreed to forks are allowed provided they do not > conflict or interfere with other packages. FPC may add additional guidelines to > forks as they see fit -- https://fedorahosted.org/fesco/ticket/810
In view of comment 18, reopening this bug and taking over the review.
Legend: + = PASSED, - = FAILED, 0 = Not Applicable + MUST: rpmlint must be run on every package. The output should be posted in the review $ rpmlint -i *.rpm 3 packages and 0 specfiles checked; 0 errors, 0 warnings. $ + MUST: package named according to the Package Naming Guidelines changed from luasec to lua-sec to follow https://fedoraproject.org/wiki/PackagingDrafts/Lua + MUST: The spec file name must match the base package %{name} - MUST: The package must meet the Packaging Guidelines . Per above mentioned Lua Packaging Guidelines spec file should contain %if 0%{?fedora} >= 16 || 0%{?rhel} >= 7 Requires: lua(abi) = %{luaver} %else Requires: lua >= %{luaver} %endif + MUST: The package licensed with a Fedora approved license and meets the Licensing Guidelines + MUST: The License field in the package spec file matches the actual license MIT + MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. LICENSE is included. + MUST: The spec file must be written in American English. + MUST: The spec file for the package MUST be legible. + MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task MD5: 712158d60207bdbb6215fc7e07d8db24 + MUST: The package successfully compiles and builds into binary rpms on at least one primary architecture - build in koji, no problems 0 MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch + MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines Builds in koji (http://koji.fedoraproject.org/koji/taskinfo?taskID=3846510) 0 MUST: The spec file handles locales properly. This is done by using the %find_lang macro No locales are present. 0 MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. No libraries provided. + MUST: Packages must NOT bundle copies of system libraries 0 MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker - MUST: Package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory Missing explicit requirement of lua package (which owns %{luapkgdir} used by package). + MUST: Package must not list a file more than once in the spec file's %files listings + MUST: Each package must have a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). + MUST: Each package must consistently use macros + MUST: The package must contain code, or permissible content 0 MUST: Large documentation files must go in a -doc subpackage + MUST: If a package includes something as %doc, it must not affect the runtime of the application 0 MUST: Header files must be in a -devel package 0 MUST: Static libraries must be in a -static package 0 MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig' 0 MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package 0 MUST: devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release} + MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built 0 MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section + MUST: Packages must not own files or directories already owned by other packages - MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) + MUST: All filenames in rpm packages must be valid UTF-8 Just a nitpicks: - please fix lua requirement as shown above.
I've upgraded the package to latest upstream release (0.4.1). I'm unsure about lua requirement, since lua-sec requires lua-socket, wich one should take care of lua requirement; anyways, I've added the requirement to the new specfile version. Spec URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec.spec SRPM URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec-0.4.1-1.fc16.trashy.src.rpm Package builds fine in mock; rpmlint is clean.
(In reply to comment #21) > I'm unsure about lua requirement, since lua-sec requires lua-socket, wich one > should take care of lua requirement; anyways, I've added the requirement to the > new specfile version. It is not only requirements, but also packages are required to require packages which provide directories they use. > Spec URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec.spec > SRPM URL: > http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec-0.4.1-1.fc16.trashy.src.rpm > > Package builds fine in mock; rpmlint is clean. Builds in koji as well http://koji.fedoraproject.org/koji/taskinfo?taskID=3860851 APPROVED!
One more thing, please remove %{__mkdir} macros from %{__mkdir} -p $RPM_BUILD_ROOT%{luapkgdir} %{__mkdir} -p $RPM_BUILD_ROOT%{lualibdir} It is a bad mannerism and use of these macros is strongly discouraged by the Packaging guidelines.
New Package SCM Request ======================= Package Name: lua-sec Short Description: Lua binding for OpenSSL library Owners: trasher Branches: f15 f16 el6 InitialCC: trasher
(In reply to comment #23) > One more thing, please remove %{__mkdir} macros from > [...] OK, I'll fix that. Thank you for the review :)
Git done (by process-git-requests). Added f17.
lua-sec-0.4.1-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/lua-sec-0.4.1-2.fc17
lua-sec-0.4.1-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/lua-sec-0.4.1-2.fc15
lua-sec-0.4.1-2.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/lua-sec-0.4.1-2.el6
lua-sec-0.4.1-2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/lua-sec-0.4.1-2.fc16
lua-sec-0.4.1-2.fc17 has been pushed to the Fedora 17 testing repository.
lua-sec-0.4.1-2.el6 has been pushed to the Fedora EPEL 6 stable repository.
lua-sec-0.4.1-2.fc16 has been pushed to the Fedora 16 stable repository.
lua-sec-0.4.1-2.fc15 has been pushed to the Fedora 15 stable repository.
lua-sec-0.4.1-2.fc17 has been pushed to the Fedora 17 stable repository.
Package Change Request ====================== Package Name: lua-sec New Branches: epel7 Owners: robert
Git done (by process-git-requests).