Bug 739323 - Review Request: mozilla-https-everywhere - HTTPS/HSTS enforcement extension for Mozilla browsers
Summary: Review Request: mozilla-https-everywhere - HTTPS/HSTS enforcement extension f...
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Kevin Fenzi
QA Contact: Fedora Extras Quality Assurance
Depends On: 1154321
TreeView+ depends on / blocked
Reported: 2011-09-17 16:56 UTC by Russell Golden
Modified: 2014-10-18 19:32 UTC (History)
4 users (show)

Fixed In Version: mozilla-https-everywhere-1.0.3-2.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-10-18 22:08:12 UTC
Type: ---
kevin: fedora-review+
gwync: fedora-cvs+

Attachments (Terms of Use)

Description Russell Golden 2011-09-17 16:56:41 UTC
Spec URL: mozilla-https-everywhere.spec
SRPM URL: https://niveusluna.org/kahiru/repo/fedora/free/SRPMS/mozilla-https-everywhere-1.0.1-1.fc15.src.rpm
Description: I'm just gonna copy and paste this from upstream, if that's okay.

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

Comment 1 Russell Golden 2011-09-17 16:58:38 UTC
...How the heck did that happen?

Spec URL: https://niveusluna.org/kahiru/repo/fedora/free/SRPMS/mozilla-https-everywhere.spec

Sorry about that, could've sworn I pasted the URL properly...

Comment 2 Al Reay 2011-09-18 23:40:01 UTC
Hi Russell, I'm not a proven packager so I can't sponsor or approve your package but I'll cheerfully do an informal review for you.

* just a niggle, the srpm link isn't fully formed with respect to the https certificate, to avoid wget/curl download errors make sure that it's got a 'www' prefix to match the servername as per the cert.

* I think your use of explicit 'requires' tag is OK here because automatic dependency resolution by RPM won't work as you're using it only to see if a directory structure exists (as opposed to using a library or binary)

Nice simple package, I think you'll have no problems getting this one through.

Good luck

Comment 3 Russell Golden 2011-09-19 00:14:24 UTC
Huh. On my machine, neither wget nor curl complains about my cert.

When I made it, I was under the impression the cert would work for both my SLD and the subdomain www. I only entered the subdomain because StartCom wouldn't give me a cert otherwise.

Thanks for the informal review!

Comment 4 Thomas Spura 2011-09-20 08:41:48 UTC
Hmm, there is a draft of packaging such extensions a bit differently here:

So I further adjusted the noscript extension to follow that guideline a bit.
Maybe you want to have a look at the new macros, I'm using there. I think, it's a bit clearer than just inst_dir and symlink_dir:

Not an issue, while reviewing this, more a RFC. Maybe that draft or the current packaging can still be enhanced :)

Comment 5 Russell Golden 2011-09-20 16:36:31 UTC
Hm. Draft or no, that makes the SRPM *much* more readable. Thanks for the info.

Note: This extension is not packaged by upstream with an extension UUID, but with https-everywhere@eff.org. Every Mozilla browser currently packaged by Fedora can handle a name instead of a UUID, so it shouldn't be a problem. Just wanted to give a heads up in case someone wondered what was going on.

Comment 7 Kevin Fenzi 2011-10-08 20:55:23 UTC
I'll go ahead and look at reviewing this. Expect a review later today hopefully... 

Do you have any packages you have pre-reviewed? Or are you planning on submitting any other packages at this time?

Comment 8 Russell Golden 2011-10-08 21:04:09 UTC
No, and no.

In case it's needed, here's the link for the latest SRPM:

The spec file is still at the same location. It doesn't change except for version number.

Comment 9 Kevin Fenzi 2011-10-08 22:04:06 UTC
OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name. 
OK - Spec has consistant macro usage. 
OK - Meets Packaging Guidelines. 
OK - License (GPLv2+)
OK - License field in spec matches
OK - License file included in package
OK - Spec in American English
OK - Spec is legible.
OK - Sources match upstream md5sum:
05ea1355a3f2e91b1ca10dd8bb88a7ea  ./https-everywhere-1.0.3.xpi
05ea1355a3f2e91b1ca10dd8bb88a7ea  ./https-everywhere-1.0.3.xpi.orig
OK - BuildRequires correct
OK - Package has %defattr and permissions on files is good. 
OK - Package has a correct %clean section. 
OK - Package has correct buildroot
OK - Package is code or permissible content. 
OK - Packages %doc files don't affect runtime. 
OK - Package has rm -rf RPM_BUILD_ROOT at top of %install

OK - Package compiles and builds on at least one arch. 
OK - Package has no duplicate files in %files. 
OK - Package doesn't own any directories other packages own. 
OK - Package owns all the directories it creates. 
OK - Package obey's FHS standard (except for 2 exceptions)
See below - No rpmlint output. 
OK - final provides and requires are sane.


OK - Should build in mock. 
OK - Should build on all supported archs
OK - Should function as described. 
OK - Should have sane scriptlets. 
OK - Should have dist tag
OK - Should package latest version
OK - Should not use file requires outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin


1. rpmlint says: 
mozilla-https-everywhere.noarch: W: spelling-error %description -l en_US unencrypted -> encrypted
mozilla-https-everywhere.noarch: W: incoherent-version-in-changelog 1.0.1-1 ['1.0.3-1.fc17', '1.0.3-1']
mozilla-https-everywhere.src: W: spelling-error %description -l en_US unencrypted -> encrypted

You need to fix the changelog. The others can be ignored. 

So, the only minor issue is the changelog entry. You can fix that before you import. 

This package is APPROVED. 
I will go ahead and sponsor you. 

You can continue the process from: 
Please feel free to ask me if you have any questions or run into problems. 

Welcome to the packagers!

Comment 10 Russell Golden 2011-10-09 01:37:23 UTC
Spec file updated to include changelogs.

New SRPM: https://niveusluna.org/kahiru/repo/fedora/free/RPMS/noarch/mozilla-https-everywhere-1.0.3-2.fc15.noarch.rpm

No idea if this is needed for CVS or not. If so, it's here. If not, people can hit delete on their emails. :)

Comment 11 Russell Golden 2011-10-09 01:49:27 UTC
New Package SCM Request
Package Name: mozilla-https-everywhere
Short Description: HTTPS/HSTS enforcement extension for Mozilla browsers
Owners: niveusluna
Branches: f14 f15 f16 el5 el6

Comment 12 Gwyn Ciesla 2011-10-09 17:50:19 UTC
Git done (by process-git-requests).

Comment 13 Fedora Update System 2011-10-09 20:01:25 UTC
mozilla-https-everywhere-1.0.3-2.fc14 has been submitted as an update for Fedora 14.

Comment 14 Fedora Update System 2011-10-09 20:03:04 UTC
mozilla-https-everywhere-1.0.3-2.fc16 has been submitted as an update for Fedora 16.

Comment 15 Fedora Update System 2011-10-09 20:04:28 UTC
mozilla-https-everywhere-1.0.3-2.fc15 has been submitted as an update for Fedora 15.

Comment 16 Fedora Update System 2011-10-09 20:06:39 UTC
mozilla-https-everywhere-1.0.3-2.el5 has been submitted as an update for Fedora EPEL 5.

Comment 17 Fedora Update System 2011-10-09 20:06:42 UTC
mozilla-https-everywhere-1.0.3-2.el6 has been submitted as an update for Fedora EPEL 6.

Comment 18 Fedora Update System 2011-10-10 02:49:48 UTC
mozilla-https-everywhere-1.0.3-2.fc15 has been pushed to the Fedora 15 testing repository.

Comment 19 Fedora Update System 2011-10-18 22:08:12 UTC
mozilla-https-everywhere-1.0.3-2.fc15 has been pushed to the Fedora 15 stable repository.

Comment 20 Fedora Update System 2011-10-18 22:12:29 UTC
mozilla-https-everywhere-1.0.3-2.fc14 has been pushed to the Fedora 14 stable repository.

Comment 21 Fedora Update System 2011-10-19 04:34:42 UTC
mozilla-https-everywhere-1.0.3-2.fc16 has been pushed to the Fedora 16 stable repository.

Comment 22 Fedora Update System 2011-11-02 00:06:26 UTC
mozilla-https-everywhere-1.0.3-2.el5 has been pushed to the Fedora EPEL 5 stable repository.

Comment 23 Fedora Update System 2011-11-02 00:08:50 UTC
mozilla-https-everywhere-1.0.3-2.el6 has been pushed to the Fedora EPEL 6 stable repository.

Note You need to log in before you can comment on or make changes to this bug.