Hide Forgot
Spec URL: http://rcritten.fedorapeople.org/freeipa.spec SRPM URL: http://rcritten.fedorapeople.org/freeipa-2.0.0-1.fc14.src.rpm Description: IPA is an integrated solution to provide centrally managed Identity (machine, user, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis thereof). This is a unified spec file creating the client, server, libraries and tools packages needed by IPA. This is replacing the ipa package. FreeIPA v1 is not upgradable to FreeIPA v2. Source0 is a tarball made from the source tip. We are very close but not ready yet to tag/branch at 2.0 but want to get the spec under review.
# MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review.[1] -= FAIL =- freeipa-admintools.i686: W: obsolete-not-provided ipa-admintools * Obvious freeipa-admintools.i686: W: non-conffile-in-etc /etc/bash_completion.d/ipa * This should be specified as %config (arguable whether this belongs as (noreplace) or not) freeipa-client.i686: W: obsolete-not-provided ipa-client * Obvious freeipa-python.i686: W: obsolete-not-provided ipa-python * Obvious freeipa-python.i686: E: zero-length /etc/ipa/default.conf * Could this be a bug? freeipa-server.i686: E: explicit-lib-dependency libcap * RPM should autodetect library dependencies. Unless you need a specific version, in which case that should be specified separately. freeipa-server.i686: W: obsolete-not-provided ipa-server * Obvious freeipa-server.i686: E: non-standard-dir-perm /var/lib/ipa/sysrestore 0700L * Safe to ignore. This directory is intentionally root-only freeipa-server.i686: E: non-standard-dir-perm /var/cache/ipa/kpasswd 0700L * Safe to ignore. This directory is intentionally root-only freeipa-server.i686: E: non-standard-dir-perm /var/cache/ipa/sessions 0700L * Safe to ignore. This directory is intentionally root-only freeipa-server.i686: W: no-manual-page-for-binary ipa-upgradeconfig * Upstream does not provide this manual freeipa-server.i686: W: dangerous-command-in-%post mv * I don't know what the purpose of this is, so I can't say whether this is valid. freeipa-server.i686: E: incoherent-subsys /etc/rc.d/init.d/ipa dirsrv * ipa.init lists /var/lock/subsys/dirsrv, but it should be /var/lock/subsys/ipa (it needs to match the initscript name) freeipa-server.i686: W: no-reload-entry /etc/rc.d/init.d/ipa * Acceptable freeipa-server-selinux.i686: E: explicit-lib-dependency libsemanage * RPM should autodetect library dependencies. Unless you need a specific version, in which case that should be specified separately. freeipa-server-selinux.i686: W: no-documentation * This should contain COPYING, README and Contributors.txt freeipa-server-selinux.i686: W: dangerous-command-in-%pre cp freeipa-server-selinux.i686: W: dangerous-command-in-%post rm freeipa-server-selinux.i686: W: dangerous-command-in-%preun cp freeipa-server-selinux.i686: W: dangerous-command-in-%postun rm * Please comment on this. # MUST: The package must be named according to the Package Naming Guidelines . The package name is wrong for this review. As pre-release material, it needs to follow: http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Snapshot_packages which describes how to name a pre-release package from a source-control snapshot so that it is clear what version of the sources it is based on. In short, the package name, version and release here should be: Name: freeipa Version: 2.0.0 Release: 0.1.beta.git80e87e7 For future snapshots, you would increment release to 0.2.beta.git<COMMIT> # MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [2] . -= PASS =- # MUST: The package must meet the Packaging Guidelines . -= FAIL =- The python sitelib and sitearch should be defines as follows: %if ! (0%{?fedora} > 12 || 0%{?rhel} > 5) %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} %endif # MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines . -= PASS =- License is GPLv3 # MUST: The License field in the package spec file must match the actual license. [3] -= PASS =- # MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc.[4] -= FAIL =- This is missing from the freeipa-server-selinux subdirectory # MUST: The spec file must be written in American English. [5] -= PASS =- # MUST: The spec file for the package MUST be legible. [6] -= PASS =- # MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. The source tarball matches the upstream git checkout of the same version. # MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. [7] -= PASS =- Scratch-built in Koji http://koji.fedoraproject.org/koji/taskinfo?taskID=2745305 # MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. [8] N/A # MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense. -= PASS =- # MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.[9] -= PASS =- # MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [10] N/A # MUST: Packages must NOT bundle copies of system libraries.[11] -= PASS =- # MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. [12] N/A # MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [13] -= PASS =- # MUST: A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations)[14] -= PASS =- # MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. Every %files section must include a %defattr(...) line. [15] -= PASS =- # MUST: Each package must consistently use macros. [16] -= PASS =- # MUST: The package must contain code, or permissable content. [17] -= PASS =- # MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). [18] N/A # MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [18] -= PASS =- # MUST: Header files must be in a -devel package. [19] N/A # MUST: Static libraries must be in a -static package. [20] N/A # MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package. [19] N/A # MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release} [21] N/A # MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built.[20] -= PASS =- # MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. [22] N/A The included GUI is web-based, and therefore does not require a desktop file # MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. [23] -= PASS =- # MUST: All filenames in rpm packages must be valid UTF-8. [24] -= PASS =-
Spec URL: http://rcritten.fedorapeople.org/freeipa.spec SRPM URL: http://rcritten.fedorapeople.org/freeipa-2.0.0-0.2.beta.git442d6ad.fc14.src.rpm For the Obsoletes the way I read the packaging guidelines is if it is not an upgradable package then having just Obsoletes is ok. I went without noreplace on the bash_completion.d script, our update should take priority. The zero-length /etc/ipa/default.conf is our package owns the file. It should have been ghosted but was actually referenced twice in the spec file, once in the server subpackage and once in the python subpackage. I removed the server reference and added ghost to the python subpackage. I added comments about the "dangerous" mv and cp references. They are primarily for maintaining proper state while we load custom SELinux policy. One mv was removed as it is no longer needed. I added the python conditionals, it seems that we could remove this whole block completely since we don't support older versions of RHEL or Fedora. It doesn't hurt anything though. I added a %doc to the server-selinux package.
This package has passed review. Next step is to request an SCM branch. http://fedoraproject.org/wiki/Package_SCM_admin_requests
New Package SCM Request ======================= Package Name: freeipa Short Description: The Identity, Policy and Audit system Owners: rcritten simo Branches: InitialCC:
Git done (by process-git-requests).