Red Hat Bugzilla – Bug 739323
Review Request: mozilla-https-everywhere - HTTPS/HSTS enforcement extension for Mozilla browsers
Last modified: 2014-10-18 15:32:00 EDT
Spec URL: mozilla-https-everywhere.spec
SRPM URL: https://niveusluna.org/kahiru/repo/fedora/free/SRPMS/mozilla-https-everywhere-1.0.1-1.fc15.src.rpm
Description: I'm just gonna copy and paste this from upstream, if that's okay.
HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.
Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.
...How the heck did that happen?
Spec URL: https://niveusluna.org/kahiru/repo/fedora/free/SRPMS/mozilla-https-everywhere.spec
Sorry about that, could've sworn I pasted the URL properly...
Hi Russell, I'm not a proven packager so I can't sponsor or approve your package but I'll cheerfully do an informal review for you.
* just a niggle, the srpm link isn't fully formed with respect to the https certificate, to avoid wget/curl download errors make sure that it's got a 'www' prefix to match the servername as per the cert.
* I think your use of explicit 'requires' tag is OK here because automatic dependency resolution by RPM won't work as you're using it only to see if a directory structure exists (as opposed to using a library or binary)
Nice simple package, I think you'll have no problems getting this one through.
Huh. On my machine, neither wget nor curl complains about my cert.
When I made it, I was under the impression the cert would work for both my SLD and the subdomain www. I only entered the subdomain because StartCom wouldn't give me a cert otherwise.
Thanks for the informal review!
Hmm, there is a draft of packaging such extensions a bit differently here:
So I further adjusted the noscript extension to follow that guideline a bit.
Maybe you want to have a look at the new macros, I'm using there. I think, it's a bit clearer than just inst_dir and symlink_dir:
Not an issue, while reviewing this, more a RFC. Maybe that draft or the current packaging can still be enhanced :)
Hm. Draft or no, that makes the SRPM *much* more readable. Thanks for the info.
Note: This extension is not packaged by upstream with an extension UUID, but with firstname.lastname@example.org. Every Mozilla browser currently packaged by Fedora can handle a name instead of a UUID, so it shouldn't be a problem. Just wanted to give a heads up in case someone wondered what was going on.
New SRPM: https://niveusluna.org/kahiru/repo/fedora/free/SRPMS/mozilla-https-everywhere-1.0.2-1.fc15.src.rpm
New spec file: https://niveusluna.org/kahiru/repo/fedora/free/SRPMS/mozilla-https-everywhere.spec
I'll go ahead and look at reviewing this. Expect a review later today hopefully...
Do you have any packages you have pre-reviewed? Or are you planning on submitting any other packages at this time?
No, and no.
In case it's needed, here's the link for the latest SRPM:
The spec file is still at the same location. It doesn't change except for version number.
OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name.
OK - Spec has consistant macro usage.
OK - Meets Packaging Guidelines.
OK - License (GPLv2+)
OK - License field in spec matches
OK - License file included in package
OK - Spec in American English
OK - Spec is legible.
OK - Sources match upstream md5sum:
OK - BuildRequires correct
OK - Package has %defattr and permissions on files is good.
OK - Package has a correct %clean section.
OK - Package has correct buildroot
OK - Package is code or permissible content.
OK - Packages %doc files don't affect runtime.
OK - Package has rm -rf RPM_BUILD_ROOT at top of %install
OK - Package compiles and builds on at least one arch.
OK - Package has no duplicate files in %files.
OK - Package doesn't own any directories other packages own.
OK - Package owns all the directories it creates.
OK - Package obey's FHS standard (except for 2 exceptions)
See below - No rpmlint output.
OK - final provides and requires are sane.
OK - Should build in mock.
OK - Should build on all supported archs
OK - Should function as described.
OK - Should have sane scriptlets.
OK - Should have dist tag
OK - Should package latest version
OK - Should not use file requires outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin
1. rpmlint says:
mozilla-https-everywhere.noarch: W: spelling-error %description -l en_US unencrypted -> encrypted
mozilla-https-everywhere.noarch: W: incoherent-version-in-changelog 1.0.1-1 ['1.0.3-1.fc17', '1.0.3-1']
mozilla-https-everywhere.src: W: spelling-error %description -l en_US unencrypted -> encrypted
You need to fix the changelog. The others can be ignored.
So, the only minor issue is the changelog entry. You can fix that before you import.
This package is APPROVED.
I will go ahead and sponsor you.
You can continue the process from:
Please feel free to ask me if you have any questions or run into problems.
Welcome to the packagers!
Spec file updated to include changelogs.
New SRPM: https://niveusluna.org/kahiru/repo/fedora/free/RPMS/noarch/mozilla-https-everywhere-1.0.3-2.fc15.noarch.rpm
No idea if this is needed for CVS or not. If so, it's here. If not, people can hit delete on their emails. :)
New Package SCM Request
Package Name: mozilla-https-everywhere
Short Description: HTTPS/HSTS enforcement extension for Mozilla browsers
Branches: f14 f15 f16 el5 el6
Git done (by process-git-requests).
mozilla-https-everywhere-1.0.3-2.fc14 has been submitted as an update for Fedora 14.
mozilla-https-everywhere-1.0.3-2.fc16 has been submitted as an update for Fedora 16.
mozilla-https-everywhere-1.0.3-2.fc15 has been submitted as an update for Fedora 15.
mozilla-https-everywhere-1.0.3-2.el5 has been submitted as an update for Fedora EPEL 5.
mozilla-https-everywhere-1.0.3-2.el6 has been submitted as an update for Fedora EPEL 6.
mozilla-https-everywhere-1.0.3-2.fc15 has been pushed to the Fedora 15 testing repository.
mozilla-https-everywhere-1.0.3-2.fc15 has been pushed to the Fedora 15 stable repository.
mozilla-https-everywhere-1.0.3-2.fc14 has been pushed to the Fedora 14 stable repository.
mozilla-https-everywhere-1.0.3-2.fc16 has been pushed to the Fedora 16 stable repository.
mozilla-https-everywhere-1.0.3-2.el5 has been pushed to the Fedora EPEL 5 stable repository.
mozilla-https-everywhere-1.0.3-2.el6 has been pushed to the Fedora EPEL 6 stable repository.