Spec URL: http://cern.ch/straylen/rpms/fetch-crl/fetch-crl.spec SRPM URL: http://cern.ch/straylen/rpms/fetch-crl/fetch-crl-2.8.1-2.fc12.src.rpm Description: This tool and associated cron entry ensure that Certificate Revocation Lists (CRLs) are periodically retrieved from the web sites of the respective Certification Authorities. It assumes that the installed CA files follow the hash.crl_url convention.
How does this work with the new packaging from IGTF that uses names and two set of symlinks with hash values? $ rpm -ql ca_NorduGrid /etc/grid-security/certificates /etc/grid-security/certificates/1f0e8352.0 /etc/grid-security/certificates/1f0e8352.info /etc/grid-security/certificates/1f0e8352.namespaces /etc/grid-security/certificates/1f0e8352.signing_policy /etc/grid-security/certificates/NorduGrid.crl_url /etc/grid-security/certificates/NorduGrid.info /etc/grid-security/certificates/NorduGrid.namespaces /etc/grid-security/certificates/NorduGrid.pem /etc/grid-security/certificates/NorduGrid.signing_policy /etc/grid-security/certificates/d0cd0b27.0 /etc/grid-security/certificates/d0cd0b27.info /etc/grid-security/certificates/d0cd0b27.namespaces /etc/grid-security/certificates/d0cd0b27.signing_policy
Re comment #1 The NorduGrid.crl_url file is processed to create just one CRL file. /etc/grid-security/certificates/d0cd0b27.r0 with which ever hash openssl is using. The "other" crl with the different hash is never created. Certainly creating both would be a good new feature for fetch-crl. Verbose log below. fetch-crl[26519]: 20100221T125647+0100 Starting CRL retrieval process at 20100221T125647+0100 fetch-crl[26519]: 20100221T125647+0100 Using OpenSSL version OpenSSL 1.0.0-fips-beta5 20 Jan 2010 at /usr/bin/openssl fetch-crl[26519]: 20100221T125647+0100 processing '/etc/grid-security/certificates/NorduGrid.crl_url' fetch-crl[26519]: 20100221T125648+0100 updating CRL 'NorduGrid Certification Authority (d0cd0b27)' fetch-crl[26519]: 20100221T125649+0100 File /etc/grid-security/certificates/d0cd0b27.r0 valid: yes fetch-crl[26519]: 20100221T125649+0100 Completed CRL retrieval process at 20100221T125649+0100 Steve
Fedora review fetch-url 2010-02-22 $ rpmlint *.rpm fetch-crl.noarch: W: spelling-error %description -l en_US cron -> corn, con, crone fetch-crl.noarch: W: spelling-error %description -l en_US url -> URL, curl, purl fetch-crl.src: W: spelling-error %description -l en_US cron -> corn, con, crone fetch-crl.src: W: spelling-error %description -l en_US url -> URL, curl, purl 2 packages and 0 specfiles checked; 0 errors, 4 warnings. Totally ignorable. + package name follows guidelines + specfile name after package + package license (EU Datagrid) is Fedora approved + package license matches license statements in the sources + no LICENSE file in sources, the README file does mention the license though and this is included as %doc + specfile is written in legible English 3004316879 19081 fetch-crl-2.8.1.tar.gz 3004316879 19081 srpm/fetch-crl-2.8.1.tar.gz + source matches upstream + package builds in mock (Fedora 12) + package owns directories it creates + no duplicates in %files + permissions are sane and %files has %defattr + %clean clears buildroot ? minor inconsistent use of macros: e.g. there is both fetch-crl-%{version} and %{name}-%{version} used redundant / in $RPM_BUILD_ROOT/%{_sysconfdir} redundant / in $RPM_BUILD_ROOT/%{_initddir} + package does not own other's directories + %install clears buildroot + filenames are utf-8 There seems to be copies of files in %doc that are already installed elsewhere for no clear reason. I would suggest removing the copies in %doc. $ cksum /usr/share/doc/fetch-crl-2.8.1/fetch-crl-boot.init /etc/rc.d/init.d/fetch-crl-boot 1589392885 1219 /usr/share/doc/fetch-crl-2.8.1/fetch-crl-boot.init 1589392885 1219 /etc/rc.d/init.d/fetch-crl-boot $ cksum /usr/share/doc/fetch-crl-2.8.1/fetch-crl-cron.cron /etc/cron.d/fetch-crl.cron 1021051804 348 /usr/share/doc/fetch-crl-2.8.1/fetch-crl-cron.cron 1021051804 348 /etc/cron.d/fetch-crl.cron $ cksum /usr/share/doc/fetch-crl-2.8.1/fetch-crl-cron.init /etc/rc.d/init.d/fetch-crl-cron 3689563854 1020 /usr/share/doc/fetch-crl-2.8.1/fetch-crl-cron.init 3689563854 1020 /etc/rc.d/init.d/fetch-crl-cron $ cksum /usr/share/doc/fetch-crl-2.8.1/fetch-crl.sysconfig /etc/fetch-crl.conf 784442183 2213 /usr/share/doc/fetch-crl-2.8.1/fetch-crl.sysconfig 784442183 2213 /etc/fetch-crl.conf Some implementations on cron ignore files in /etc/cron.d that have periods in the filename. The default Fedora cron does not do this, but for better portability you might want to drop the .cron extension from /etc/cron.d/fetch-crl.cron
Thanks for the comments, all valid and accepted. http://cern.ch/straylen/rpms/fetch-crl/fetch-crl.spec http://cern.ch/straylen/rpms/fetch-crl/fetch-crl-2.8.1-3.fc12.src.rpm
This looks good. There are still some redundant slashes around and you made a small mistake when fixing the URL tag. It now ends in %{name}-crl which should be just %{name}. But these minor things you can fix post review. Package approved.
Thanks for review. For the record, updated packages. http://cern.ch/straylen/rpms/fetch-crl/fetch-crl.spec http://cern.ch/straylen/rpms/fetch-crl/fetch-crl-2.8.1-4.fc12.src.rpm It's nice that I first wrote this .spec file some seven years ago... Steve
New Package CVS Request ======================= Package Name: fetch-crl Short Description: Downloads Certificate Revocation Lists Owners: stevetraylen Branches: F-11 F-12 F-13 EL-4 EL-5 InitialCC:
CVS done (by process-cvs-requests.py).
fetch-crl-2.8.1-4.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/fetch-crl-2.8.1-4.el4
fetch-crl-2.8.1-4.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/fetch-crl-2.8.1-4.el5
fetch-crl-2.8.1-4.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/fetch-crl-2.8.1-4.fc11
fetch-crl-2.8.1-4.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/fetch-crl-2.8.1-4.fc12
fetch-crl-2.8.1-4.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/fetch-crl-2.8.1-4.fc13
fetch-crl-2.8.1-4.el4 has been pushed to the Fedora EPEL 4 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-4/FEDORA-EPEL-2010-2309
fetch-crl-2.8.1-4.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2010-2310
fetch-crl-2.8.1-4.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F13/FEDORA-2010-2839
fetch-crl-2.8.1-4.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-2933
fetch-crl-2.8.1-4.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-2956
fetch-crl-2.8.2-1.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-1.el4
fetch-crl-2.8.2-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-1.el5
fetch-crl-2.8.2-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-1.fc11
fetch-crl-2.8.2-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-1.fc12
fetch-crl-2.8.2-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-1.fc13
fetch-crl-2.8.2-1.el4 has been pushed to the Fedora EPEL 4 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-4/FEDORA-EPEL-2010-2353
fetch-crl-2.8.2-1.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2010-2355
fetch-crl-2.8.2-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-1.fc13
fetch-crl-2.8.2-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-1.fc12
fetch-crl-2.8.2-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update fetch-crl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-1.fc11
fetch-crl-2.8.2-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
fetch-crl-2.8.2-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
fetch-crl-2.8.2-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
fetch-crl-2.8.2-1.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
fetch-crl-2.8.2-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.