spec: http://mclasen.fedorapeople.org/accounts/accountsservice.spec srpm: http://mclasen.fedorapeople.org/accounts/accountsservice-0.4-1.src.rpm
It is worth pointing out that the package installs an activated dbus system bus service that runs as root and provides an api to change your own and other users account information, as well as gdm login screen configuration. These functions are protected by PolicyKit privileges: org.freedesktop.accounts.change-own-user-data - for changing your own user name, photo, email address and similar 'ancillary information'. Core data like your home directory, account type and uid is protected by the user-administration privilege below: org.freedesktop.accounts.user-administration - for changing any users user data. org.freedesktop.accounts.set-login-option - for changing gdm login screen configuration. The service stores 'ancillary information' (ie everything that doesn't go into /etc/passwd) in /var/lib/AccountsService.
FIX - MUST: rpmlint must be run on every package. The output should be posted in the review. $ rpmlint /var/lib/mock/fedora-rawhide-x86_64/result/accountsservice-* accountsservice.src: W: no-buildroot-tag accountsservice.x86_64: W: non-conffile-in-etc /etc/dbus-1/system.d/org.freedesktop.Accounts.conf 3 packages and 0 specfiles checked; 0 errors, 2 warnings. OK - MUST: named according to the Package Naming Guidelines OK - MUST: spec file name matches the base package %{name} OK - MUST: package meets the Packaging Guidelines OK - MUST: Fedora approved license and meets the Licensing Guidelines: GPLv3+ OK - MUST: License field in spec file matches the actual license OK - MUST: license file included in %doc OK - MUST: spec is in American English OK - MUST: spec is legible OK - MUST: sources match the upstream source by MD5 cb2ca0e1b45873fdd80fa7d8aeef7eac OK - MUST: successfully compiles and builds into binary rpms on x86_64 OK - MUST: no ExcludeArch OK - MUST: all build dependencies are listed in BuildRequires. N/A - MUST: handles locales properly with %find_lang N/A - MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. OK - MUST: Package does not bundle copies of system libraries. N/A - MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review OK - MUST: owns all directories that it creates (none) OK - MUST: no duplicate files in the %files listing OK - MUST: Permissions on files are set properly, includes %defattr(...) OK - MUST: package has a %clean section, which contains rm -rf $RPM_BUILD_ROOT. OK - MUST: consistently uses macros OK - MUST: package contains code, or permissable content N/A - MUST: Large documentation files should go in a -doc subpackage OK - MUST: Files included as %doc do not affect the runtime of the application N/A - MUST: Header files must be in a -devel package N/A - MUST: Static libraries must be in a -static package N/A - MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig'. N/A - MUST: If a package contains library files with a suffix, then library files that end in .so must go in a -devel package. N/A - MUST: devel packages must require the base package using a fully versioned dependency OK - MUST: The package does not contain any .la libtool archives. N/A - MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. OK - MUST: package does not own files or directories already owned by other packages. OK - MUST: at the beginning of %install, the package runs rm -rf $RPM_BUILD_ROOT OK - MUST: all filenames valid UTF-8 SHOULD Items: OK - SHOULD: Source package includes license text(s) as a separate file. N/A - SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. OK - SHOULD: builds in mock. OK - SHOULD: compiles and builds into binary rpms on all supported architectures. OK - SHOULD: functions as described. N/A - SHOULD: Scriptlets are used, those scriptlets must be sane. N/A - SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. N/A - SHOULD: pkgconfig(.pc) files should be placed in a -devel pkg N/A - SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. Other items: OK - latest stable version OK - SourceURL valid OK - Compiler flags ok OK - Debuginfo complete Issues: - src/user.c is GPLv2+. Is this intended? - TODO should be in %doc - /etc/dbus-1/system.d/org.freedesktop.Accounts.conf should be %config. Please fix these and consider the package APPROVED. BTW: Build fails with --enable-docbook-docs because AccountsService.xml does not validate.
- src/user.c is GPLv2+. Is this intended? This is because it started out as a copy of a gdm source file. At some point I may rewrite it completely. - TODO should be in %doc I disagree. This is my own, private TODO list that I'd rather not install on thousands of user systems. The fact that the autotools incude it in the tarball is a bit unfortunate. I may investigate how to keep it out of the tarball instead. - /etc/dbus-1/system.d/org.freedesktop.Accounts.conf should be %config. Disagreed again. While this is configuration (namely, configuration of the dbus policy for the service), it is not a config file. All an administrator can achieve by editing this file is to either break the functionality of the service, or worse, add security holes.
(In reply to comment #3) > I disagree. This is my own, private TODO list that I'd rather not install on > thousands of user systems. The fact that the autotools incude it in the tarball > is a bit unfortunate. I may investigate how to keep it out of the tarball > instead. Ok, then leave it out, but if it's your private TODO, then it shouldn't be in the tarball ether. IMO shipping TODOs is good practice because it's useful for people who are about to file RFEs and might encourage other developers to help you. > - /etc/dbus-1/system.d/org.freedesktop.Accounts.conf should be %config. > > Disagreed again. While this is configuration (namely, configuration of the dbus > policy for the service), it is not a config file. All an administrator can > achieve by editing this file is to either break the functionality of the > service, or worse, add security holes. Do as you like, but IMHO it should still be marked as %config. Other packages are doing this too. ...I'm wishing back the days when config files were in /etc and not in /var/lib and when files in /etc were true config files. ;)
New Package CVS Request ======================= Package Name: accountsservice Short Description: D-Bus interfaces for querying and manipulating user account information Owners: mclasen Branches: InitialCC:
CVS done (by process-cvs-requests.py).
built done