Bug 633240 - Review Request: mod_auth_token - token based URI access for apache
Summary: Review Request: mod_auth_token - token based URI access for apache
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Lukas Zapletal
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-09-13 11:28 UTC by Jan-Frode Myklebust
Modified: 2012-06-15 02:14 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-07 22:52:15 UTC
Type: ---
Embargoed:
lzap: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)
Fixes all the minor spec issues (307 bytes, patch)
2012-05-25 11:21 UTC, Lukas Zapletal
no flags Details | Diff

Description Jan-Frode Myklebust 2010-09-13 11:28:13 UTC
Spec URL: http://blag.tanso.net/code/mod_auth_token.spec
SRPM URL: http://blag.tanso.net/code/mod_auth_token-1.0.6-beta.tar.gz
Description: 
mod_auth_token allow you to generate URIS for a determined time window,
you can also limit them by IP. This is very useful to handle file
downloads, generated URIS can't be hot-linked (after it expires), also
it allows you to protect very large files that can't be piped trough a
script languages due to memory limitation.

Comment 1 Andreas Thienemann 2010-11-25 16:43:01 UTC
I noticed that you do wrote on your wikipage, that you do not have access to fedora yet. Is that still correct? Do you need sponsoring for this package?

Comment 2 Jan-Frode Myklebust 2010-11-27 08:24:42 UTC
I'm not familiar with the sponsoring system, but yes, I don't have access to any fedora infrastructure, and would probably need some sponsoring.

Comment 3 Lukas Zapletal 2012-04-02 15:14:24 UTC
@Jan - you did not set FE-NEEDSPONSOR depedency. It is likely sponsors will be missing your requests.

http://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group

@Andreas - Are you still working on this review?

NOTE TO SPONSOR: This package is still valid, 1.0.6-beta is the latest version and I can do review if interested.

Comment 4 Lukas Zapletal 2012-04-02 15:42:41 UTC
@Jan - I set the dependency for you.

SRPM URL is not valid, you are linking tarball (which is broken btw). The valid url is: 

http://mod-auth-token.googlecode.com/files/mod_auth_token-1.0.6-beta.tar.gz

My first look:

%setup -q -n %{name}-%{version}-%{release}

this is no longer valid for the current tarball, change to

%setup -q -n %{name}

Apparently, the upstream touched the tarball, this is not good. Also there is permissions issue with the upstream tarball, permissions are not right and unfortunately root user is needed to fix this or we cannot use the prep macro.

I have contacted upstream: http://code.google.com/p/mod-auth-token/issues/detail?id=31

Comment 5 Lukas Zapletal 2012-04-02 16:34:55 UTC
Whole autotools seem to be broken in trunk, I'd suggest to compile the module with:

apxs -a -c mod_auth_token.c

and then copying over to the correct place.

@Jan - can you do the changes and publish new spec file?

- use 1.0.5 version that has correct permissions or correct permissions for the 1.0.6b version
- compile it with apxs directly

Comment 6 Pradeep Kilambi 2012-05-21 17:15:39 UTC
Any update on this? Pulp is planning to use this module and it would be very useful if this gets into fedora soon.

Comment 7 Jan-Frode Myklebust 2012-05-24 18:52:11 UTC
How does these look:

http://blag.tanso.net/code/mod_auth_token-1.0.5-0.el6.src.rpm
http://blag.tanso.net/code/mod_auth_token.spec


$ rpmlint mod_auth_token.spec
mod_auth_token.spec:26: W: configure-without-libdir-spec
0 packages and 1 specfiles checked; 0 errors, 1 warnings.
$ rpmlint mod_auth_token-1.0.5-0.el6.src.rpm 
mod_auth_token.src: I: enchant-dictionary-not-found en_US
mod_auth_token.src:26: W: configure-without-libdir-spec
1 packages and 0 specfiles checked; 0 errors, 1 warnings.

Comment 8 Lukas Zapletal 2012-05-25 07:26:08 UTC
Taking for review.

Comment 9 Lukas Zapletal 2012-05-25 07:41:34 UTC
Jan, the package does not build unfortunately:

http://koji.fedoraproject.org/koji/taskinfo?taskID=4100034

Please fix that so I can start with the review. Thanks.

Comment 10 Jan-Frode Myklebust 2012-05-25 08:40:36 UTC

Fixed the build error where it couldn't find apxs. Seems this has moved around in later fedoras..


http://blag.tanso.net/code/mod_auth_token-1.0.5-1.el6.src.rpm
http://blag.tanso.net/code/mod_auth_token.spec

Comment 11 Lukas Zapletal 2012-05-25 11:20:35 UTC
Package Review
==============

Key:
- = N/A
x = Pass
! = Fail
? = Not evaluated



==== C/C++ ====
[x]: MUST Package does not contain any libtool archives (.la)
[x]: MUST Package does not contain kernel modules.
[x]: MUST Package contains no static executables.
[x]: MUST Rpath absent or only used for internal libs.
[x]: MUST Package is not relocatable.
[-]: MUST Development (unversioned) .so files in -devel subpackage, if
     present.
     Note: mod_auth_token-1.0.5-1.fc18.i686.rpm :
     /usr/lib/httpd/modules/mod_auth_token.so


==== Generic ====
[x]: MUST Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: MUST Package successfully compiles and builds into binary rpms on at
     least one supported primary architecture.
[x]: MUST %build honors applicable compiler flags or justifies otherwise.
[x]: MUST All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[!]: MUST Buildroot is not present
     Note: Buildroot is not needed unless packager plans to package for EPEL5
[x]: MUST Package contains no bundled libraries.
[x]: MUST Changelog in prescribed format.
[!]: MUST Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: Clean is needed only if supporting EPEL
[x]: MUST Sources contain only permissible code or content.
[!]: MUST Each %files section contains %defattr if rpm < 4.4
     Note: defattr(....) present in %files section. This is OK if packaging
     for EPEL5. Otherwise not needed
[x]: MUST Macros in Summary, %description expandable at SRPM build time.
[x]: MUST Package requires other packages for directories it uses.
[x]: MUST Package uses nothing in %doc for runtime.
[x]: MUST Package is not known to require ExcludeArch.
[x]: MUST Permissions on files are set properly.
[x]: MUST Package does not contain duplicates in %files.
[x]: MUST Spec file lacks Packager, Vendor, PreReq tags.
[!]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf is only needed if supporting EPEL5
[-]: MUST Large documentation files are in a -doc subpackage, if required.
[x]: MUST If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %doc.
[x]: MUST License field in the package spec file matches the actual license.
[x]: MUST Package consistently uses macros (instead of hard-coded directory
     names).
[x]: MUST Package is named according to the Package Naming Guidelines.
[x]: MUST Package does not generate any conflict.
[x]: MUST Package obeys FHS, except libexecdir and /usr/target.
[x]: MUST Package must own all directories that it creates.
[x]: MUST Package does not own files or directories owned by other packages.
[x]: MUST Package installs properly.
[x]: MUST Requires correct, justified where necessary.
[!]: MUST Rpmlint output is silent.

rpmlint mod_auth_token-1.0.5-1.fc18.i686.rpm

mod_auth_token.i686: W: spelling-error %description -l en_US auth -> auto, Ruth, author
mod_auth_token.i686: W: wrong-file-end-of-line-encoding /usr/share/doc/mod_auth_token-1.0.5/README
mod_auth_token.i686: W: wrong-file-end-of-line-encoding /usr/share/doc/mod_auth_token-1.0.5/ChangeLog
mod_auth_token.i686: W: install-file-in-docs /usr/share/doc/mod_auth_token-1.0.5/INSTALL
1 packages and 0 specfiles checked; 0 errors, 4 warnings.


rpmlint mod_auth_token-1.0.5-1.fc18.src.rpm

mod_auth_token.src: W: spelling-error %description -l en_US auth -> auto, Ruth, author
mod_auth_token.src:26: W: configure-without-libdir-spec
1 packages and 0 specfiles checked; 0 errors, 2 warnings.


rpmlint mod_auth_token-debuginfo-1.0.5-1.fc18.i686.rpm

mod_auth_token-debuginfo.i686: W: spelling-error Summary(en_US) auth -> auto, Ruth, author
mod_auth_token-debuginfo.i686: W: spelling-error %description -l en_US auth -> auto, Ruth, author
1 packages and 0 specfiles checked; 0 errors, 2 warnings.


[x]: MUST Sources used to build the package match the upstream source, as
     provided in the spec URL.
/home/lzap/Download/633240/mod_auth_token-1.0.5.tar.gz :
  MD5SUM this package     : e70f3b08f1d74d4274ddf429336c4d10
  MD5SUM upstream package : e70f3b08f1d74d4274ddf429336c4d10

[x]: MUST Spec file is legible and written in American English.
[x]: MUST Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[-]: MUST Package contains a SysV-style init script if in need of one.
[x]: MUST File names are valid UTF-8.
[x]: MUST Useful -debuginfo package or justification otherwise.
[x]: SHOULD Reviewer should test that the package builds in mock.
[x]: SHOULD If the source package does not include license text(s) as a
     separate file from upstream, the packager SHOULD query upstream to
     include it.
[x]: SHOULD Dist tag is present.
[x]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin,
     /usr/sbin.
[x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).
[x]: SHOULD Package functions as described.
[x]: SHOULD Latest version is packaged.
[x]: SHOULD Package does not include license text files separate from
     upstream.
[x]: SHOULD SourceX is a working URL.
[x]: SHOULD Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: SHOULD Package should compile and build into binary rpms on all supported
     architectures.
[-]: SHOULD %check is present and all tests pass.
[x]: SHOULD Packages should try to preserve timestamps of original installed
     files.
[x]: SHOULD Spec use %global instead of %define.

Issues:
[!]: MUST Buildroot is not present
     Note: Buildroot is not needed unless packager plans to package for EPEL5
See: http://fedoraproject.org/wiki/Packaging/Guidelines#BuildRoot_tag
[!]: MUST Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: Clean is needed only if supporting EPEL
See: http://fedoraproject.org/wiki/Packaging/Guidelines#.25clean
[!]: MUST Each %files section contains %defattr if rpm < 4.4
     Note: defattr(....) present in %files section. This is OK if packaging
     for EPEL5. Otherwise not needed
See: http://fedoraproject.org/wiki/Packaging/Guidelines#FilePermissions
[!]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf is only needed if supporting EPEL5
See: None
[!]: MUST Rpmlint output is silent.

Generated by fedora-review 0.1.3
External plugins:

I have fixed all the issues, attaching patch you need to apply and you are 
good to go (please test it if it compiles).

*** PACKAGE IS APPROVED ***

Please submit it into f16 f17 and epel6 if possible. If you don't mind, I'd 
like to be commiter as well. Thanks.

Comment 12 Lukas Zapletal 2012-05-25 11:21:30 UTC
Created attachment 586833 [details]
Fixes all the minor spec issues

Comment 13 Jan-Frode Myklebust 2012-05-29 07:53:34 UTC
Thanks for the patch. Applied to:

http://blag.tanso.net/code/mod_auth_token-1.0.5-2.el6.src.rpm
http://blag.tanso.net/code/mod_auth_token.spec

Comment 14 Jan-Frode Myklebust 2012-05-29 07:58:23 UTC
New Package SCM Request
=======================
Package Name: mod_auth_token
Short Description: Token based URI access module for Apache
Owners: janfrode
Branches: f15 f16 f17 el6 el5

Comment 15 Gwyn Ciesla 2012-05-29 12:26:10 UTC
Git done (by process-git-requests).

Comment 16 Jan-Frode Myklebust 2012-05-29 13:43:50 UTC
  

Lukáš Zapletal, please apply for access to all the "collections" https://admin.fedoraproject.org/pkgdb/acls/name/mod_auth_token

Also, I'd appreciate if we could do all development in "master", and just merge into the other branches to keep them in sync..

Comment 17 Fedora Update System 2012-05-30 07:20:04 UTC
mod_auth_token-1.0.5-2.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/mod_auth_token-1.0.5-2.el6

Comment 18 Fedora Update System 2012-05-30 07:20:20 UTC
mod_auth_token-1.0.5-2.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/mod_auth_token-1.0.5-2.fc15

Comment 19 Fedora Update System 2012-05-30 07:20:34 UTC
mod_auth_token-1.0.5-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/mod_auth_token-1.0.5-2.fc16

Comment 20 Fedora Update System 2012-05-30 07:22:57 UTC
mod_auth_token-1.0.5-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/mod_auth_token-1.0.5-2.fc17

Comment 21 Fedora Update System 2012-05-31 00:54:00 UTC
mod_auth_token-1.0.5-2.fc15 has been pushed to the Fedora 15 testing repository.

Comment 22 Fedora Update System 2012-06-07 22:52:15 UTC
mod_auth_token-1.0.5-2.fc16 has been pushed to the Fedora 16 stable repository.

Comment 23 Fedora Update System 2012-06-07 23:03:42 UTC
mod_auth_token-1.0.5-2.fc15 has been pushed to the Fedora 15 stable repository.

Comment 24 Fedora Update System 2012-06-07 23:09:54 UTC
mod_auth_token-1.0.5-2.fc17 has been pushed to the Fedora 17 stable repository.

Comment 25 Fedora Update System 2012-06-15 02:14:43 UTC
mod_auth_token-1.0.5-2.el6 has been pushed to the Fedora EPEL 6 stable repository.


Note You need to log in before you can comment on or make changes to this bug.