Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 608004 - Review Request: sssd - System Security Services Daemon
Review Request: sssd - System Security Services Daemon
Status: CLOSED NEXTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: Package Review (Show other bugs)
5.0
All Linux
medium Severity medium
: rc
: ---
Assigned To: Rob Crittenden
:
Depends On:
Blocks: 188273 579840
  Show dependency treegraph
 
Reported: 2010-06-25 07:50 EDT by Stephen Gallagher
Modified: 2010-10-06 09:27 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-06 09:27:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen Gallagher 2010-06-25 07:50:36 EDT
Spec URL: http://cvs.fedoraproject.org/viewvc/EL-5/sssd/sssd.spec?revision=1.43&view=co
SRPM URL: http://koji.fedoraproject.org/koji/getfile?taskID=2271952&name=sssd-1.2.1-17.el5.src.rpm
Description: 
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

This project is being pulled in from EPEL5.
Comment 1 Stephen Gallagher 2010-08-04 11:56:29 EDT
Updated RPMs aligned with the RHEL6 version of SSSD.

Spec URL:
http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd.spec

SRPM URL:
http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd-1.2.1-23.1.el5.src.rpm
Comment 2 Stephen Gallagher 2010-08-04 12:01:49 EDT
Successfully build in Koji for EPEL5 (not built in Brew yet, since the dependencies libtalloc, libtdb, libtevent and libldb are not yet in RHEL. They are also under review right now)

http://koji.fedoraproject.org/koji/taskinfo?taskID=2379691
Comment 3 Stephen Gallagher 2010-08-04 15:09:18 EDT
Updated RPMs include a new patch fixing LDAP chpass functionality (backported from RHEL6)

Spec URL:
http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd.spec

SRPM URL:
http://sgallagh.fedorapeople.org/packagereview/sssd-rhel5/sssd-1.2.1-26.el5.src.rpm
Comment 4 Rob Crittenden 2010-08-06 14:48:29 EDT
OK source files match upstream:
     6ab14a9e76c215a72b407b286d81548318ad1f13  sssd-1.2.1.tar.gz
OK package meets naming and versioning guidelines.
OK specfile is properly named, is cleanly written and uses macros consistently.
OK dist tag is present.
OK build root is correct.
OK license field matches the actual license.
OK license is open source-compatible
OK license text included in package.
OK BuildRequires are proper.
OK compiler flags are appropriate.
OK %clean is present.
OK package builds in mock (EL5/x86_64) with some packages from EPEL.
OK debuginfo package looks complete.
BAD rpmlint is silent. [1]
OK final provides and requires look sane.
OK %check is present and all tests pass.
OK shared libraries are added to the regular linker search paths, ldconfig is
called
OK owns the directories it creates.
OK doesn't own any directories it shouldn't.
OK no duplicates in %files.
OK file permissions are appropriate. (despite rpmlints complaints)
OK correct scriptlets present.
OK %docs
OK headers in devel
OK pkgconfig files in devel (all 5 of them)
OK no libtool .la droppings.
OK not a GUI app.

[1] rpmlint reports the following:

% rpmlint -iv ../RPMS/x86_64/sssd-1.2.1-26.x86_64.rpm 
sssd.x86_64: I: checking
sssd.x86_64: E: non-readable /etc/sssd/sssd.conf 0600
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-local.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_ldap.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: E: non-standard-dir-perm /etc/sssd 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-krb5.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_krb5.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_simple.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_proxy.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-simple.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-standard-dir-perm /var/lib/sss/pipes/private 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: E: non-standard-dir-perm /var/lib/sss/db 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-ldap.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-proxy.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.d/sssd-ipa.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: E: non-standard-dir-perm /var/log/sssd 0750
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: E: non-readable /etc/sssd/sssd.api.conf 0400
The file can't be read by everybody. If this is expected (for security
reasons), contact your rpmlint distributor to get it added to the list of
exceptions for your distro (or add it to your local configuration if you
installed rpmlint from the source tarball).

sssd.x86_64: W: devel-file-in-non-devel-package /usr/lib64/sssd/libsss_ipa.so
A development file (usually source code) is located in a non-devel package. If
you want to include source code in your package, be sure to create a
development package.

sssd.x86_64: E: non-standard-dir-perm /etc/sssd/sssd.api.d 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-ipa.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-krb5.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-ldap.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-local.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-proxy.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

sssd.x86_64: W: conffile-without-noreplace-flag /etc/sssd/sssd.api.d/sssd-simple.conf
A configuration file is stored in your package without the noreplace flag. A
way to resolve this is to put the following in your SPEC file:
%config(noreplace) /etc/your_config_file_here

1 packages and 0 specfiles checked; 13 errors, 12 warnings.

These all look reasonable to me except perhaps for the config(noreplace) warnings. Can you review errors/warnings?
Comment 5 Stephen Gallagher 2010-08-06 14:53:47 EDT
The config(noreplace) warnings are all intentional. Those are the configuration files for the SSSDConfigAPI, and we want those to be updated whenever the package is updated.

The errors about devel files in non -devel packages are erroneous. They're plugins, not shared libraries.

The non-standard permissions are intentional as well, for security.
Comment 6 Rob Crittenden 2010-08-06 15:16:05 EDT
Ok, approved.

Note You need to log in before you can comment on or make changes to this bug.