Bug 738153 - Review Request: ipset - Manage Linux IP sets
Summary: Review Request: ipset - Manage Linux IP sets
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Pierre-YvesChibon
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2011-09-14 07:28 UTC by Mathieu Bridon
Modified: 2011-09-19 03:13 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-09-19 03:13:53 UTC
pingou: fedora-review+
gwync: fedora-cvs+

Attachments (Terms of Use)

Description Mathieu Bridon 2011-09-14 07:28:43 UTC
Spec URL: http://bochecha.fedorapeople.org/packages/ipset.spec
SRPM URL: http://bochecha.fedorapeople.org/packages/ipset-6.9.1-1.fc16.src.rpm
IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel, which can be
administered by the ipset utility. Depending on the type, currently an IP set
may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC
addresses in a way, which ensures lightning speed when matching an entry
against a set.

If you want to:
 - store multiple IP addresses or port numbers and match against the collection
   by iptables at one swoop;
 - dynamically update iptables rules against IP addresses or ports without
   performance penalty;
 - express complex IP address and ports based rulesets with one single iptables
   rule and benefit from the speed of IP sets
then ipset may be the proper tool for you.

$ rpmlint ipset*
ipset.src: W: spelling-error %description -l en_US iptables -> potables, portables, inflatables
ipset.src: W: spelling-error %description -l en_US rulesets -> rule sets, rule-sets, rules
ipset.x86_64: W: spelling-error %description -l en_US iptables -> potables, portables, inflatables
ipset.x86_64: W: spelling-error %description -l en_US rulesets -> rule sets, rule-sets, rules
4 packages and 1 specfiles checked; 0 errors, 4 warnings.

Comment 1 Mathieu Bridon 2011-09-15 07:25:18 UTC
Note that the patch I apply to this package has just been accepted upstream without modification, so it should be included in the next release (and thus dropped from the package).

Comment 2 Pierre-YvesChibon 2011-09-15 08:40:30 UTC
[X] rpmlint must be run on every package.
    ipset.src: W: spelling-error %description -l en_US iptables -> stables, tables
    ipset.src: W: spelling-error %description -l en_US rulesets -> rule sets, rule-sets, runlets
    ipset.x86_64: W: spelling-error %description -l en_US iptables -> stables, tables
    ipset.x86_64: W: spelling-error %description -l en_US rulesets -> rule sets, rule-sets, runlets
    4 packages and 0 specfiles checked; 0 errors, 4 warnings.
These can be safely ignored.

[X] The package must be named according to the Package Naming Guidelines.

[X] The spec file name must match the base package %{name}, in the format
      %{name}.spec unless your package has an exemption.

[X] The package must meet the Packaging Guidelines.

[X] The package must be licensed with a Fedora approved license and meet the
      Licensing Guidelines.

[X] The License field in the package spec file must match the actual license.
   License is GPLv2 for most files, except:
        - one file on the kernel folder which is under Public Domain 
        - the file ax_cflags_gcc_option.m4 in the m4 folder which is 
        under GPLv3+ 
        - the file ipset.8 on the src folder which is GPLv2+
    GPLv2 is thus the most restrictive license and the GPLv3+ from the m4
    file can be ignored as explained in the said file.

[X] If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s) for
     the package must be included in %doc.

[X] The spec file must be written in American English.

[X] The spec file for the package MUST be legible.

[X] The sources used to build the package must match the upstream source, as
      provided in the spec URL.
    source from the src.rpm: 781d5ad6a9e4d5bf6f8ccad3dfee8a578ed06c2a  ipset-6.9.1.tar.bz2
    upstream source:         781d5ad6a9e4d5bf6f8ccad3dfee8a578ed06c2a  ~/rpmbuild/SOURCES/ipset-6.9.1.tar.bz2

[X] The package MUST successfully compile and build into binary rpms on at
     least one primary architecture.
    Build properly under
    Koji build: http://koji.fedoraproject.org/koji/taskinfo?taskID=3352759

[NA] If the package does not successfully compile, build or work on an
      architecture, then those architectures should be listed in the spec in

[X] All build dependencies must be listed in BuildRequires, except for any
     that are listed in the exceptions section of the Packaging Guidelines ;
     inclusion of those as BuildRequires is optional.

[NA] The spec file MUST handle locales properly. This is done by using the
      %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.

[X] Every binary RPM package (or subpackage) which stores shared library
      files(not just symlinks) in any of the dynamic linker's default paths,
      must call ldconfig in %post and %postun.

[X] Packages must NOT bundle copies of system libraries.

[NA] If the package is designed to be relocatable, the packager must state
      this fact in the request for review, along with the rationalization for
      relocation of that specific package. Without this, use of Prefix: /usr is
      considered a blocker.

[NA] A package must own all directories that it creates. If it does not create
     a directory that it uses, then it should require a package which does
     create that directory.

[X] A Fedora package must not list a file more than once in the spec file's
      %files listings. 

[X] Permissions on files must be set properly. Executables should be set with
     executable permissions, for example. Every %files section must include a
     %defattr(...) line.

[!] Each package must consistently use macros.
        make install DESTDIR=$RPM_BUILD_ROOT
        find %{buildroot} -name '*.la' -exec rm -f '{}' \;
    One of the two has to be changed

[X] The package must contain code, or permissable content.

[NA] Large documentation files must go in a -doc subpackage.

[!] If a package includes something as %doc, it must not affect the runtime
     of the application. To summarize: If it is in %doc, the program must run
     properly if it is not present.
    I believe it could be interesting to include the ChangeLog file as %doc.

[X] Header files must be in a -devel package.

[NA] Static libraries must be in a -static package.

[X] If a package contains library files with a suffix (e.g. libfoo.so.1.1),
      then library files that end in .so (without suffix) must go in a -devel

[X] In the vast majority of cases, devel packages must require the base
      package using a fully versioned dependency: 
        non-noarch: Requires: %{name}%{?_isa} = %{version}-%{release}.
        noarch: Requires: %{name} = %{version}-%{release}

[X] Packages must NOT contain any .la libtool archives, these must be removed
      in the spec if they are built.

[NA] Packages containing GUI applications must include a %{name}.desktop file,
      and that file must be properly installed with desktop-file-install in the
      %install section.

[X] Packages must not own files or directories already owned by other

[X] All filenames in rpm packages must be valid UTF-8.

I am confident you can fix the macro used and add the ChangeLog files to the %doc
section before importing the package into Fedora.

This package is therefore APPROVED.

Comment 3 Mathieu Bridon 2011-09-16 02:13:44 UTC
Thanks PY!

New Package SCM Request
Package Name: ipset
Short Description: Manage Linux IP sets
Owners: bochecha
Branches: f16 el6

Comment 4 Mathieu Bridon 2011-09-16 03:32:43 UTC
Oops, this can't go in el6 as the kernel is way too old (I mistook this with my other review requests which all go in el6).

Doing it again...

New Package SCM Request
Package Name: ipset
Short Description: Manage Linux IP sets
Owners: bochecha
Branches: f16

Comment 5 Gwyn Ciesla 2011-09-16 13:34:18 UTC
Git done (by process-git-requests).

Comment 6 Mathieu Bridon 2011-09-19 03:13:53 UTC
Pushed and built, thanks PY and Jon.

Note You need to log in before you can comment on or make changes to this bug.