Red Hat Bugzilla – Bug 626862
Review Request: cntlm - Fast NTLM authentication proxy with tunneling
Last modified: 2015-09-24 09:49:49 EDT
Spec URL: http://domsch.com/linux/fedora/cntlm/SPECS/cntlm.spec SRPM URL: http://domsch.com/linux/fedora/cntlm/SRPMS/cntlm-0.35.1-2.fc13.src.rpm Description: Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling, authenticated connection caching, ACLs, proper daemon logging and behavior and much more. It has up to ten times faster responses than similar NTLM proxies, while using by orders or magnitude less RAM and CPU. Manual page contains detailed information.
Created attachment 440684 [details] build.log
Created attachment 440685 [details] rpmlint.log
Couple of items to fix: 1) the daemon command has to be moved out of comments 2) the killproc has to be moved out of comments. 3) %{_initrddir} is deprecated. Please use %{_initddir} instead in %files section. 4) The build log has the following message: /bin/sh: line 4: @echo: command not found This refers to the following line in Makefile: @echo; echo "Cntlm will look for configuration in $(SYSCONFDIR)/$(NAME).conf" Rpmlint: rpmlint cntlm-0.35.1-3.fc12.x86_64.rpm cntlm.x86_64: E: non-readable /etc/cntlm.conf 0600 cntlm.x86_64: W: missing-lsb-keyword Default-Stop in /etc/rc.d/init.d/cntlmd cntlm.x86_64: W: incoherent-subsys /etc/rc.d/init.d/cntlmd $prog Please fix the above lint erorrs and warnings.
The rpmlint messages are all bogus. The conf file can have a password in it in plaintext, so must not be readable by more than root by default. The missing-lsb-keyword warning is crap, because the packaging guidelines say if there's no Default-Start line, then there must also not be a Default-Stop line. The incoherent-subsys warning likewise comes from the guidelines-recommended common initscript. I did fix items 1-4, and changed ownership of the /var/run/cntlm directory where the daemon's pid file will live, as the pid file is created as user cntlm (after dropping root privs). -3 version posted, same URLs as above.
One more thing, In the init script (/etc/init.d/cntlmd), The variable "prog" is assigned "cntlmd" and in the stop() function, killproc is called with "$prog" as argument. The actual executable that is running is "/usr/sbin/cntlm", so the "killproc $prog" function will not kill the running process. If the "prog" variable is assigned "cntlm" instead of "cntlmd", everything should be good. Praveen
Actually, killproc kills by the value stored in $pidfile, which it expects to find in /var/run/$prog.pid. We were creating it in /var/run/ctlm/ctlmd.pid, which is bad. Moving it up a dir into /var/run, we can avoid packaging /var/run/ctlm/ at all. I'll make that change. Anything else, or can you approve it and I"ll make the change at checkin?
nope, that won't work either - it writes the pidfile after dropping privs. So we need to pass -p $pidfile to killproc.
version -4 posted, which only fixes the initscript to be sure daemon uses the right config file, and killproc and status both take the pidfile argument. See URL above.
Version 4 Looks goods. Please go ahead and request CVS access. Praveen
New Package SCM Request ======================= Package Name: cntlm Short Description: Fast NTLM authentication proxy with tunneling Owners: mdomsch Branches: f12 f13 f14 el5 el6 InitialCC:
Git done (by process-git-requests).
cntlm-0.35.1-5.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/cntlm-0.35.1-5.el5
cntlm-0.35.1-5.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cntlm'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/cntlm-0.35.1-5.el5
cntlm-0.35.1-4.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc14
cntlm-0.35.1-4.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc13
cntlm-0.35.1-4.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/cntlm-0.35.1-4.fc12
cntlm-0.35.1-4.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
cntlm-0.35.1-4.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
cntlm-0.35.1-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
cntlm-0.35.1-5.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
Package Change Request ====================== Package Name: cntlm New Branches: epel7 Owners: mdomsch firemanxbr