Spec URL: http://data.pavlix.net/fedora/racoon2.spec SRPM URL: http://data.pavlix.net/fedora/racoon2-20100526a-1.fc15.src.rpm Description: The Racoon2 project is a joint effort which provides an implementation of key management system for IPsec. The implementation is called Racoon2, a successor of Racoon, which was developed by the KAME project. It supports IKEv1, IKEv2, and KINK protocols. It works on FreeBSD, NetBSD, Linux, and Mac OS X. Racoon2 is provided under a BSD-style license. To support various environments that use IPsec, we will develop various functions.
It's my first Fedora package. I'm sorry for any inconvenience.
Created attachment 532398 [details] build log from the koji scratch build Unfortunately this package doesn't build in koji (http://koji.fedoraproject.org/koji/taskinfo?taskID=3498102). I will attach all logs from the build.
Created attachment 532400 [details] root.log
Created attachment 532401 [details] mock_output.log
Created attachment 532402 [details] state.log
You seem to have posted this request twice: https://bugzilla.redhat.com/show_bug.cgi?id=752222
*** Bug 752222 has been marked as a duplicate of this bug. ***
Created attachment 532406 [details] Specfile with openssl dependecy added I'm adding a new specfile with openssl-devel dependency.
New SRPM: http://data.pavlix.net/fedora/racoon2-20100526a-2.fc15.src.rpm
Created attachment 532408 [details] SRPM with byacc dependency
Created attachment 532409 [details] specfile with byacc dependency
Created attachment 532410 [details] SRPM with flex
Created attachment 532411 [details] specfile with flex
Created attachment 532412 [details] SRPM with lib/lib64 fixed
Created attachment 532413 [details] specfile with lib/lib64 fixed
Created attachment 532414 [details] SRPM v6 (fixed $ -> %)
Created attachment 532415 [details] specfile
http://koji.fedoraproject.org/koji/taskinfo?taskID=3498367 builds correctly for Rawhide on all architectures.
Informal review, I'm not sponsored yet. === Can you add changelog entries to the spec file? Also getting the following when building: yacc -d cfparse.y make[1]: yacc: Command not found
Created attachment 532587 [details] SRPM with cosmetical changes
Created attachment 532589 [details] new specfile
(In reply to comment #19) > Can you add changelog entries to the spec file? It's just a new package, please see the changelog of -7 version. > Also getting the following when building: > yacc -d cfparse.y > make[1]: yacc: Command not found You probably used an older version, -6 or -7 should build for you.
Yes you're right, it builds with -7. Some other notes: You don't need to clean buildroot in your spec anymore and aren't required to specify a buildroot either. And here's the rpmlint message: [!] : MUST - Rpmlint output is silent. rpmlint racoon2-20100526a-7.fc17.i686.rpm ================================================================================ racoon2.i686: W: non-conffile-in-etc /etc/racoon2/hook/functions racoon2.i686: E: non-executable-script /etc/racoon2/hook/functions 0644L /bin/sh racoon2.i686: E: script-without-shebang /lib/systemd/system/spmd.service racoon2.i686: E: non-readable /etc/racoon2/transport_ike.conf 0600L racoon2.i686: W: non-conffile-in-etc /etc/racoon2/transport_ike.conf racoon2.i686: E: non-readable /etc/racoon2/racoon2.conf 0600L racoon2.i686: W: non-conffile-in-etc /etc/racoon2/racoon2.conf racoon2.i686: E: non-readable /etc/racoon2/vals.conf 0600L racoon2.i686: W: non-conffile-in-etc /etc/racoon2/vals.conf racoon2.i686: E: non-readable /etc/racoon2/tunnel_ike.conf 0600L racoon2.i686: W: non-conffile-in-etc /etc/racoon2/tunnel_ike.conf racoon2.i686: E: non-readable /etc/racoon2/local-test.conf 0600L racoon2.i686: W: non-conffile-in-etc /etc/racoon2/local-test.conf racoon2.i686: E: non-readable /etc/racoon2/tunnel_ike_natt.conf 0600L racoon2.i686: W: non-conffile-in-etc /etc/racoon2/tunnel_ike_natt.conf racoon2.i686: E: non-readable /etc/racoon2/transport_kink.conf 0600L racoon2.i686: W: non-conffile-in-etc /etc/racoon2/transport_kink.conf racoon2.i686: E: non-readable /etc/racoon2/default.conf 0600L racoon2.i686: W: non-conffile-in-etc /etc/racoon2/default.conf racoon2.i686: E: script-without-shebang /lib/systemd/system/iked.service racoon2.i686: E: non-readable /etc/racoon2/tunnel_kink.conf 0600L racoon2.i686: W: non-conffile-in-etc /etc/racoon2/tunnel_kink.conf racoon2.i686: W: no-manual-page-for-binary iked racoon2.i686: W: dangerous-command-in-%post chmod 1 packages and 0 specfiles checked; 12 errors, 12 warnings. ================================================================================ rpmlint racoon2-20100526a-7.fc17.src.rpm ================================================================================ 1 packages and 0 specfiles checked; 0 errors, 0 warnings. ================================================================================ rpmlint racoon2-debuginfo-20100526a-7.fc17.i686.rpm ================================================================================ 1 packages and 0 specfiles checked; 0 errors, 0 warnings. ================================================================================
Created attachment 532682 [details] SRPM with shorter rpmlint output I improved the specfile to get rid of some rpmlint messages on the binary. I'd glady take some advice on the rest of the messages. $ rpmlint RPMS/i686/racoon2-20100526a-8.fc15.i686.rpm racoon2.i686: W: non-conffile-in-etc /etc/racoon2/hook/functions racoon2.i686: E: non-executable-script /etc/racoon2/hook/functions 0644L /bin/sh racoon2.i686: E: non-readable /etc/racoon2/transport_ike.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/racoon2.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/vals.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/tunnel_ike.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/local-test.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/tunnel_ike_natt.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/transport_kink.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/default.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/tunnel_kink.conf 0600L racoon2.i686: W: no-manual-page-for-binary iked racoon2.i686: W: dangerous-command-in-%post chmod 1 packages and 0 specfiles checked; 10 errors, 3 warnings. I guess Racoon2 authors made the config files non-world-readable intentinally. Non-executable "script" could be patched if needed. The chmod is probably necessary.
I've had a look at previous packages and the remaining errors and warnings seem OK to me. There are a few man pages you've forgotten to add to the spec file: racoon2-20100526a/iked/iked.8 racoon2-20100526a/kinkd/kinkd.8
Is there a reason we would ship both this and ipsec-tools?
(In reply to comment #25) > I've had a look at previous packages and the remaining errors and warnings seem > OK to me. There are a few man pages you've forgotten to add to the spec file: > racoon2-20100526a/iked/iked.8 > racoon2-20100526a/kinkd/kinkd.8 Ben, do you want to take over review of this bug?
(In reply to comment #26) > Is there a reason we would ship both this and ipsec-tools? Ah, I overlooked the --disable-kinkd option, so just the iked.8 might come in useful.
(In reply to comment #27) > (In reply to comment #25) > > I've had a look at previous packages and the remaining errors and warnings seem > > OK to me. There are a few man pages you've forgotten to add to the spec file: > > racoon2-20100526a/iked/iked.8 > > racoon2-20100526a/kinkd/kinkd.8 > > Ben, do you want to take over review of this bug? Well I'm just getting started and my reviews are "informal", as I am not yet sponsored. Just practising, let me know if it's not helping or you have some advice, thanks!
(In reply to comment #29) > Well I'm just getting started and my reviews are "informal", as I am not yet > sponsored. Just practising, let me know if it's not helping or you have some > advice, thanks! Sure, make a complete review here, please, (https://fedoraproject.org/wiki/Packaging:ReviewGuidelines) and let me know. I cannot sponsor you, but certainly every done review is helpful.
I have no problem with shipping both racoon2 and ipsec-tools. Ipsec-tools seem to be more stable base on the other hand racoon2 has multiple new features that ipsec-tools do not have. So both have their own opportunities to be used.
(In reply to comment #26) > Is there a reason we would ship both this and ipsec-tools? There definitely is. Racoon2 and Racoon are two very different projects. Racoon is well known and used in some environments, ipsec howto includes Racoon configuration. Racoon2 supports IKEv2 which Racoon doesn't. Therefore, both of them are useful.
(In reply to comment #28) > (In reply to comment #26) > > Is there a reason we would ship both this and ipsec-tools? > > Ah, I overlooked the --disable-kinkd option, so just the iked.8 might come in > useful. Please feel free to test without --disable-kinkd. It didn't compile for me, so I disabled it for the beginning. Of course I would be happy to have it enabled too.
Package Review (Informal) ============== Key: - = N/A x = Check ! = Problem ? = Not evaluated ==== C/C++ ==== [x] : MUST - Header files in -devel subpackage, if present. [x] : MUST - Package does not contain any libtool archives (.la) ==== Generic ==== [x] : MUST - Package successfully compiles and builds into binary rpms on at least one supported architecture. [x] : MUST - Package has a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT).(EPEL6 & Fedora < 13) [x] : MUST - %config files are marked noreplace or the reason is justified. [x] : MUST - Each %files section contains %defattr [x] : MUST - Permissions on files are set properly. [x] : MUST - Package does not contain duplicates in %files. [x] : MUST - Spec file lacks Packager, Vendor, PreReq tags. [x] : MUST - Package run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) and the beginning of %install. (EPEL5) [x] : MUST - Package is named according to the Package Naming Guidelines. [!] : MUST - Rpmlint output is silent. rpmlint racoon2-debuginfo-20100526a-8.fc17.i686.rpm ================================================================================ 1 packages and 0 specfiles checked; 0 errors, 0 warnings. ================================================================================ rpmlint racoon2-20100526a-8.fc17.src.rpm ================================================================================ 1 packages and 0 specfiles checked; 0 errors, 0 warnings. ================================================================================ rpmlint racoon2-20100526a-8.fc17.i686.rpm ================================================================================ racoon2.i686: W: non-conffile-in-etc /etc/racoon2/hook/functions racoon2.i686: E: non-executable-script /etc/racoon2/hook/functions 0644L /bin/sh racoon2.i686: E: non-readable /etc/racoon2/transport_ike.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/racoon2.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/vals.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/tunnel_ike.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/local-test.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/tunnel_ike_natt.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/transport_kink.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/default.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/tunnel_kink.conf 0600L racoon2.i686: W: no-manual-page-for-binary iked racoon2.i686: W: dangerous-command-in-%post chmod 1 packages and 0 specfiles checked; 10 errors, 3 warnings. ================================================================================ [x] : MUST - Sources used to build the package matches the upstream source, as provided in the spec URL. /mnt/docs/development/fedora-git/FedoraReview/src/752223/racoon2-20100526a.tgz : MD5SUM this package : 2fa33abff1ccd6fc22876a23db77aaa8 MD5SUM upstream package : 2fa33abff1ccd6fc22876a23db77aaa8 [x] : MUST - Spec file is legible and written in American English. [x] : MUST - Spec file name must match the spec package %{name}, in the format %{name}.spec. [x] : MUST - File names are valid UTF-8. [x] : SHOULD - Reviewer should test that the package builds in mock. [x] : SHOULD - Dist tag is present. [!] : SHOULD - SourceX / PatchY prefixed with %{name}. Source0: http://ftp.racoon2.wide.ad.jp/pub/racoon2/racoon2-20100526a.tgz (racoon2-20100526a.tgz) Patch0: racoon2-autotools.patch (racoon2-autotools.patch) Patch1: racoon2-systemd.patch (racoon2-systemd.patch) [x] : SHOULD - SourceX is a working URL. [x] : SHOULD - Spec use %global instead of %define. Issues: [!] : MUST - Buildroot is correct (EPEL5 & Fedora < 10) Multiple BuildRoot definitions found [!] : MUST - Rpmlint output is silent. rpmlint racoon2-debuginfo-20100526a-8.fc17.i686.rpm ================================================================================ 1 packages and 0 specfiles checked; 0 errors, 0 warnings. ================================================================================ rpmlint racoon2-20100526a-8.fc17.src.rpm ================================================================================ 1 packages and 0 specfiles checked; 0 errors, 0 warnings. ================================================================================ rpmlint racoon2-20100526a-8.fc17.i686.rpm ================================================================================ racoon2.i686: W: non-conffile-in-etc /etc/racoon2/hook/functions racoon2.i686: E: non-executable-script /etc/racoon2/hook/functions 0644L /bin/sh racoon2.i686: E: non-readable /etc/racoon2/transport_ike.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/racoon2.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/vals.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/tunnel_ike.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/local-test.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/tunnel_ike_natt.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/transport_kink.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/default.conf 0600L racoon2.i686: E: non-readable /etc/racoon2/tunnel_kink.conf 0600L racoon2.i686: W: no-manual-page-for-binary iked racoon2.i686: W: dangerous-command-in-%post chmod 1 packages and 0 specfiles checked; 10 errors, 3 warnings. ================================================================================
bug 753354 is related
Please try this new: http://data.pavlix.net/fedora/racoon2-20100526a-11.fc16.src.rpm The updated specfile is still at the same location: http://data.pavlix.net/fedora/racoon2.spec The main news are: * Fri Dec 30 2011 Pavel Šimerda <pavlix> - 20100526a-11 - Removed -fno-strict-aliasing - Removed -D_GNU_SOURCE=1 - Added rationale for --disable-kinkd and --disable-pedant - Removed @prefix@ from configuration files (patch) * Thu Dec 29 2011 Pavel Šimerda <pavlix> - 20100526a-10 - Added pwgen dependency - Moved various inline fixes from specfile to patches - Fixed racoon2 configuration path (/etc/racoon2) * Wed Dec 07 2011 Pavel Šimerda <pavlix> - 20100526a-9 - Incorporated more rpmlint feedback - Directories are now specified by macros - Added systemd scriptlets - Added needed /var/run/racoon2 directory - Added directories to %files section Racoon2 builds (on my i686 using rpmbuild), and runs. --disable-kinkd: KINK must be disabled unless krb5 is compiled --with-crypto-impl=builtin because kinkd uses krb5's internal crypto functions that are not compiled otherwise. I consider this a problem in racoon2 and not in krb5.
Racoon2 now also builds for EPEL6: http://data.pavlix.net/fedora/racoon2.spec http://data.pavlix.net/fedora/racoon2-20100526a-12.el6.src.rpm * Sun Jan 01 2012 Pavel Šimerda <pavlix - 20100526a-12 - Added conditionals to build on epel6 - Fixed macro usage: initrddir to initddir
FYI I have stopped to use one spec file for both Fedora and EPEL when sysvinit and systemd should be in play and track them separately. It can easily make the spec file illegible which would violate one of the major guidelines. And cherry-picking in git still allows to maintain situations like version updates very easily.
Created attachment 556688 [details] SRPM release 12 The wiki pages about initscripts and systemd units packaging is rather confusing. I decided to remove the sysvinit package because the wiki recommendations simply don't work. The current package is still intended for both Fedora and EPEL, tested on Fedora, and this is accomplished by two simple conditionals. It can be split into branches when it gets to Git if needed. rpmlint output: racoon2.i686: E: non-standard-dir-perm /etc/racoon2 0700L /etc/racoon2 contains IPsec configuration. Administrator can include keys in there and forget to set proper permissions. Setting mode 700 is *not* necessary but it helps to prevent ordinary users from accessing IPsec configuration. Upstream protects individual files but we have the advantage of knowing the diretory name. Please see also Bug 753354, review request for Strongswan. racoon2.i686: E: non-standard-dir-perm /var/run/racoon2 0700L Setting mode 700 helps users prevent accessing runtime data of Racoon2. racoon2.i686: W: dangerous-command-in-%post chmod Running chmod is necessary to protect a key generated during %post. Changes: * Sun Jan 15 2012 Pavel Šimerda <pavlix> - 20100526a-12 - Removed sysvinit subpackage - Added conditionals to handle different init systems - Changed initrd macro to initd - Marked functions as config file
Legend: + = PASSED, - = FAILED, 0 = Not Applicable + MUST: rpmlint must be run on every package. The output should be posted in the review see comment 39 with explanations, which satisfy me + MUST: package named according to the Package Naming Guidelines Not sure that this breach of Guidelines, but this is really wrong %if 0%{?fedora} I really am not sure what it is supposed to achieve (are you 100% certain that no RHEL ever will provide fedora element?). What about this one? %if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 (or something equivalent)? + MUST: The spec file name must match the base package %{name} + MUST: The package must meet the Packaging Guidelines . + MUST: The package licensed with a Fedora approved license and meets the Licensing Guidelines + MUST: The License field in the package spec file matches the actual license BSD + MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. License is included. + MUST: The spec file must be written in American English. + MUST: The spec file for the package MUST be legible. + MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task MD5: 2fa33abff1ccd6fc22876a23db77aaa8 + MUST: The package successfully compiles and builds into binary rpms on at least one primary architecture - build in koji, no problems 0 MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch + MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines Build in koji (http://koji.fedoraproject.org/koji/taskinfo?taskID=3733429) 0 MUST: The spec file handles locales properly. This is done by using the %find_lang macro No locales are present. 0 MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. No libraries provided. + MUST: Packages must NOT bundle copies of system libraries 0 MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker + MUST: Package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory + MUST: Package must not list a file more than once in the spec file's %files listings + MUST: Permissions on files must be set properly. Every %files section must include a %defattr(...) line. + MUST: Each package must have a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). + MUST: Each package must consistently use macros + MUST: The package must contain code, or permissible content 0 MUST: Large documentation files must go in a -doc subpackage + MUST: If a package includes something as %doc, it must not affect the runtime of the application 0 MUST: Header files must be in a -devel package 0 MUST: Static libraries must be in a -static package 0 MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig' 0 MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package 0 MUST: devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release} + MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built 0 MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section + MUST: Packages must not own files or directories already owned by other packages - MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) + MUST: All filenames in rpm packages must be valid UTF-8 Just a nitpicks: - please fix those conditionals - please add rm -rf %{buildroot} to %install (and %check if it will ever be present)
Created attachment 557601 [details] New SRPM “are you 100% certain that no RHEL ever will provide fedora element?” If it does, I'm not sure what version number will be used there. This is beyond my knowledge, so I'm using the line you provided. * Sat Jan 21 2012 Pavel Šimerda <pavlix> - 20100526a-13 - Added rm at the beginning of install section - Changed conditionals to versioned ones
Created attachment 557606 [details] Updated SPEC
(In reply to comment #41) > * Sat Jan 21 2012 Pavel Šimerda <pavlix> - 20100526a-13 > - Added rm at the beginning of install section > - Changed conditionals to versioned ones APPROVED! (although, there is IMHO a bug in spec ... will racoon2 ever work on RHEL6 where there is no /bin/systemctl at all? I think there is more %if-ing required).
New Package SCM Request ======================= Package Name: strongswan Short Description: An implementation of key management system for IPsec Owners: pavlix Branches: f16 f17 el6 InitialCC:
New Package SCM Request ======================= Package Name: racoon2 Short Description: An implementation of key management system for IPsec Owners: pavlix Branches: f16 f17 el6 InitialCC:
Git done (by process-git-requests).
racoon2-20100526a-14.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/racoon2-20100526a-14.fc16
racoon2-20100526a-14.fc16 has been pushed to the Fedora 16 testing repository.
racoon2-20100526a-14.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/racoon2-20100526a-14.el6
racoon2-20100526a-16.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/racoon2-20100526a-16.fc16
racoon2-20100526a-17.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/racoon2-20100526a-17.fc16
racoon2-20100526a-17.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/racoon2-20100526a-17.el6
racoon2-20100526a-17.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
racoon2-20100526a-17.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
What about closing this bug when all packages are in stable for a long time?