Spec URL: ftp://ftp.xelerance.com/dnssec-trigger/dnssec-trigger.spec SRPM URL: ftp://ftp.xelerance.com/dnssec-trigger/dnssec-trigger-0.7-1.fc14.src.rpm Description: dnssec-trigger reconfigures the local unbound DNS server. This unbound DNS server performs DNSSEC validation, but dnsesc-trigger will signal it to use the DHCP obtained forwarders if possible, and fallback to doing its own AUTH queries if that fails, and if that fails prompt the user via dnssec-trigger-applet the option to go with insecure DNS only.
$ rpmlint /home/paul/SRPMS/dnssec-trigger-0.7-1.fc14.src.rpm /home/paul/RPMS/x86_64/dnssec-trigger-0.7-1.fc14.x86_64.rpm /home/paul/RPMS/x86_64/dnssec-trigger-debuginfo-0.7-1.fc14.x86_64.rpm dnssec-trigger.src: W: spelling-error Summary(en_US) plugin -> plug in, plug-in, plugging dnssec-trigger.src: W: spelling-error %description -l en_US dnsesc -> menses, descant, descend dnssec-trigger.x86_64: W: spelling-error Summary(en_US) plugin -> plug in, plug-in, plugging dnssec-trigger.x86_64: W: spelling-error %description -l en_US dnsesc -> menses, descant, descend dnssec-trigger.x86_64: W: no-manual-page-for-binary dnssec-trigger-panel dnssec-trigger.x86_64: W: no-manual-page-for-binary dnssec-triggerd dnssec-trigger.x86_64: W: no-manual-page-for-binary dnssec-trigger-control dnssec-trigger.x86_64: W: no-manual-page-for-binary dnssec-trigger-control-setup 3 packages and 0 specfiles checked; 0 errors, 8 warnings. Note one concern that needs addressing before adding to fedora is whether or not to enable the dns-over-port-433 fallback, that uses an open recursor at NLnetlabs.nl that has a dnssec capable validator listening at that port. It could in theory be a privacy issue (though I trust NLnetlabs as they write lots of software that runs as root, like unbound and nsd). Though they might also not be expecting as many clients as fedora might possible end up giving them. We could setup such a DNS resolver within the Fedora Project as well, where we do control the logging (eg none) I will talk to NLnetlabs, and with Adam@fedora about this, but other opinions also appreciated on this issue.
I will review this pkg.
I had some discussion with Wouter Wijngaards about some behaviour 1) dnssec-triggerd does not remove the immutable flag from resolv.conf when stopped. We might have to add this in the spec file or init script. On uninstall this is important. On update, it would be best to skip the immutable bit so that there is no 1s window where we are exposed. Not sure if this is worth the logic though 2) if the panel is updated with the triggerd we might need to tell the user to restart it. I'm still on F14 and there we have gpk-update-icon that notifies the user to relogin, but I have not yet looked at how/when to call this in the upgrade process. I am also not sure if this still exists in gnome3 as I've avoided running it after my first experience :/
Formal review, generated by fedora-review tool. There is only one major issue - package is not buildable in mock. Please make it buildable with following command: mock -r fedora-rawhide-x86_64 dnssec-trigger-0.7-1.fc14.src.rpm or mock -r fedora-rawhide-i386 dnssec-trigger-0.7-1.fc14.src.rpm Package Review ============== Key: - = N/A x = Pass ! = Fail ? = Not evaluated ==== C/C++ ==== [x]: MUST Package does not contain any libtool archives (.la) [x]: MUST Package does not contain kernel modules. [x]: MUST Package contains no static executables. [x]: MUST Rpath absent or only used for internal libs. [x]: MUST Package is not relocatable. ==== Generic ==== [x]: MUST Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: MUST Package successfully compiles and builds into binary rpms on at least one supported architecture. [!]: MUST All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. Note: The package did not built BR could therefore not be checked or the package failed to build because of missing BR [!]: MUST Buildroot is not present Note: Buildroot is not needed unless packager plans to package for EPEL5 [x]: MUST Package contains no bundled libraries. [x]: MUST Changelog in prescribed format. [!]: MUST Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) Note: Clean is needed only if supporting EPEL [x]: MUST Sources contain only permissible code or content. [!]: MUST Each %files section contains %defattr if rpm < 4.4 Note: defattr(....) present in %files section. This is OK if packaging for EPEL5. Otherwise not needed [x]: MUST Macros in Summary, %description expandable at SRPM build time. [x]: MUST Package requires other packages for directories it uses. [x]: MUST Package uses nothing in %doc for runtime. [x]: MUST Package is not known to require ExcludeArch. [x]: MUST Permissions on files are set properly. [x]: MUST Package does not contain duplicates in %files. [x]: MUST Spec file lacks Packager, Vendor, PreReq tags. [!]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. Note: rm -rf is only needed if supporting EPEL5 [!]: MUST If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: MUST License field in the package spec file matches the actual license. [x]: MUST Package consistently uses macros (instead of hard-coded directory names). [x]: MUST Package meets the Packaging Guidelines. [x]: MUST Package is named according to the Package Naming Guidelines. [x]: MUST Package does not generates any conflict. [x]: MUST Package obeys FHS, except libexecdir and /usr/target. [ ]: MUST Package must own all directories that it creates. [x]: MUST Package does not own files or directories owned by other packages. [ ]: MUST Package installs properly. [x]: MUST Requires correct, justified where necessary. [x]: MUST Rpmlint output is silent. [x]: MUST Sources used to build the package match the upstream source, as provided in the spec URL. [x]: MUST Spec file is legible and written in American English. [x]: MUST Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: MUST Package contains a SysV-style init script if in need of one. [x]: MUST File names are valid UTF-8. [!]: SHOULD Reviewer should test that the package builds in mock. [x]: SHOULD Dist tag is present. [ ]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q --requires). [ ]: SHOULD Package functions as described. [ ]: SHOULD Package does not include license text files separate from upstream. [x]: SHOULD Scriptlets must be sane, if used. [x]: SHOULD SourceX is a working URL. [x]: SHOULD Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [!]: SHOULD Package should compile and build into binary rpms on all supported architectures. [x]: SHOULD Packages should try to preserve timestamps of original installed files. [x]: SHOULD Spec use %global instead of %define. Generated by fedora-review 0.1.1 External plugins:
[paul@bofh ~]$ cat /etc/redhat-release Fedora release 16 (Verne) [paul@bofh ~]$ sudo mock rebuild /tmp/dnssec-trigger-0.7-1.fc14.src.rpm INFO: mock.py version 1.1.17 starting... State Changed: init plugins INFO: selinux disabled State Changed: start INFO: Start(/tmp/dnssec-trigger-0.7-1.fc14.src.rpm) Config(fedora-14-x86_64) State Changed: lock buildroot State Changed: clean INFO: chroot (/var/lib/mock/fedora-14-x86_64) unlocked and deleted State Changed: unlock buildroot State Changed: init State Changed: lock buildroot Mock Version: 1.1.17 INFO: Mock Version: 1.1.17 INFO: calling preinit hooks INFO: enabled root cache State Changed: unpacking root cache INFO: enabled yum cache State Changed: cleaning yum metadata INFO: enabled ccache State Changed: running yum State Changed: unlock buildroot State Changed: setup State Changed: build INFO: Done(/tmp/dnssec-trigger-0.7-1.fc14.src.rpm) Config(default) 1 minutes 39 seconds INFO: Results and/or logs in: /var/lib/mock/fedora-14-x86_64/result State Changed: end Can you tell me exactly how your mock is failing?
(In reply to comment #5) > [paul@bofh ~]$ cat /etc/redhat-release > Fedora release 16 (Verne) > > [paul@bofh ~]$ sudo mock rebuild /tmp/dnssec-trigger-0.7-1.fc14.src.rpm > INFO: mock.py version 1.1.17 starting... > State Changed: init plugins > INFO: selinux disabled > State Changed: start > INFO: Start(/tmp/dnssec-trigger-0.7-1.fc14.src.rpm) Config(fedora-14-x86_64) > State Changed: lock buildroot > State Changed: clean > INFO: chroot (/var/lib/mock/fedora-14-x86_64) unlocked and deleted > State Changed: unlock buildroot > State Changed: init > State Changed: lock buildroot > Mock Version: 1.1.17 > INFO: Mock Version: 1.1.17 > INFO: calling preinit hooks > INFO: enabled root cache > State Changed: unpacking root cache > INFO: enabled yum cache > State Changed: cleaning yum metadata > INFO: enabled ccache > State Changed: running yum > State Changed: unlock buildroot > State Changed: setup > State Changed: build > INFO: Done(/tmp/dnssec-trigger-0.7-1.fc14.src.rpm) Config(default) 1 minutes 39 > seconds > INFO: Results and/or logs in: /var/lib/mock/fedora-14-x86_64/result > State Changed: end > > > Can you tell me exactly how your mock is failing? Build must pass in current rawhide buildroot, not in F14 buildroot. Please try this: $ sudo mock -r fedora-rawhide-i386 dnssec-trigger-0.7-1.fc14.src.rpm This failed on my machine.
Maybe it got fixed the issue meanwhile? I cannot reproduce it. Please try version 0.9 Spec URL: ftp://ftp.xelerance.com/dnssec-trigger/dnssec-trigger.spec SRPM URL: ftp://ftp.xelerance.com/dnssec-trigger/dnssec-trigger-0.9-1.fc16.src.rpm [paul@bofh mock]$ ls -l default.cfg lrwxrwxrwx 1 root root 25 Dec 18 15:28 default.cfg -> fedora-rawhide-x86_64.cfg [paul@bofh mock]$ mock rebuild ~/SRPMS/dnssec-trigger-0.9-1.fc16.src.rpm INFO: mock.py version 1.1.18 starting... State Changed: init plugins INFO: selinux disabled State Changed: start INFO: Start(/home/paul/SRPMS/dnssec-trigger-0.9-1.fc16.src.rpm) Config(fedora-rawhide-x86_64) State Changed: lock buildroot State Changed: clean INFO: chroot (/var/lib/mock/fedora-rawhide-x86_64) unlocked and deleted State Changed: unlock buildroot State Changed: init State Changed: lock buildroot Mock Version: 1.1.18 INFO: Mock Version: 1.1.18 INFO: calling preinit hooks INFO: enabled root cache INFO: root cache aged out! cache will be rebuilt INFO: enabled yum cache State Changed: cleaning yum metadata INFO: enabled ccache State Changed: running yum State Changed: creating cache State Changed: unlock buildroot INFO: Installed packages: State Changed: setup State Changed: build INFO: Done(/home/paul/SRPMS/dnssec-trigger-0.9-1.fc16.src.rpm) Config(default) 7 minutes 49 seconds INFO: Results and/or logs in: /var/lib/mock/fedora-rawhide-x86_64/result State Changed: end I'm currently rebuilding with mock on i386 to see if that makes a difference...
mock -r fedora-rawhide-i386 ~/SRPMS/dnssec-trigger-0.9-1.fc16.src.rpm State Changed: creating cache State Changed: unlock buildroot INFO: Installed packages: State Changed: setup State Changed: build INFO: Done(/home/paul/SRPMS/dnssec-trigger-0.9-1.fc16.src.rpm) Config(fedora-rawhide-i386) 13 minutes 33 seconds INFO: Results and/or logs in: /var/lib/mock/fedora-rawhide-i386/result State Changed: end [paul@bofh mock]$ cd /var/lib/mock/fedora-rawhide-i386/result [paul@bofh result]$ ls build.log dnssec-trigger-0.9-1.fc17.i686.rpm dnssec-trigger-0.9-1.fc17.src.rpm dnssec-trigger-debuginfo-0.9-1.fc17.i686.rpm root.log state.log Works for me. Please retest ?
(In reply to comment #8) > mock -r fedora-rawhide-i386 ~/SRPMS/dnssec-trigger-0.9-1.fc16.src.rpm > State Changed: creating cache > State Changed: unlock buildroot > INFO: Installed packages: > State Changed: setup > State Changed: build > INFO: Done(/home/paul/SRPMS/dnssec-trigger-0.9-1.fc16.src.rpm) > Config(fedora-rawhide-i386) 13 minutes 33 seconds > INFO: Results and/or logs in: /var/lib/mock/fedora-rawhide-i386/result > State Changed: end > [paul@bofh mock]$ cd /var/lib/mock/fedora-rawhide-i386/result > [paul@bofh result]$ ls > build.log > dnssec-trigger-0.9-1.fc17.i686.rpm > dnssec-trigger-0.9-1.fc17.src.rpm > dnssec-trigger-debuginfo-0.9-1.fc17.i686.rpm > root.log > state.log > > Works for me. Please retest ? Yes, it is now fine, thanks! There is only one missing thing - package should include LICENSE file in the %doc, can you please fix this?
Spec URL: ftp://ftp.xelerance.com/dnssec-trigger/dnssec-trigger.spec SRPM URL: ftp://ftp.xelerance.com/dnssec-trigger/dnssec-trigger-0.9-2.fc14.src.rpm I added the LICENCE to the %doc section. I guess the only thing needed now is to convert the initscript to the new Fedora/RHEL init script systems
(In reply to comment #10) > Spec URL: ftp://ftp.xelerance.com/dnssec-trigger/dnssec-trigger.spec > SRPM URL: > ftp://ftp.xelerance.com/dnssec-trigger/dnssec-trigger-0.9-2.fc14.src.rpm > > I added the LICENCE to the %doc section. > > I guess the only thing needed now is to convert the initscript to the new > Fedora/RHEL init script systems Thanks for the correction, package is now reviewed.
New Package SCM Request ======================= Package Name: dnssec-trigger Short Description: NetworkManager plugin to update/reconfigure DNSSEC resolving Owners: pwouters atkac Branches: devel InitialCC:
Failing, paul is not a valid bugzilla email address. Your FAS email and bugzilla email should match.
Unsetting cvs flag.
(In reply to comment #13) > Failing, paul is not a valid bugzilla email address. Your FAS > email and bugzilla email should match. Should be fixed now, resubmitting the request.
New Package SCM Request ======================= Package Name: dnssec-trigger Short Description: Daemon which updates/reconfigures DNSSEC resolving Owners: pwouters atkac Branches: devel InitialCC:
Sorry, I updated my FAS email to be pwouters
pkgb still complains, maybe wait a few hours and try again? Email address paul is not a valid bugzilla email address. Either make a bugzilla account with that email address or change your email address in the Fedora Account System https://admin.fedoraproject.org/accounts/ to a valid bugzilla email address and try again.
Git done.
New Package SCM Request ======================= Package Name: dnssec-trigger Short Description: Daemon which updates/reconfigures DNSSEC resolving Owners: pwouters atkac Branches: f16 el6 InitialCC:
Already exists, please use a Package Change request instead of New Package.
oops. thanks Package Change Request ====================== Package Name: dnssec-trigger New Branches: f16 el6 Owners: pwouters atkac InitialCC: It's a good (optional) feature for those branches too :)
Git done (by process-git-requests).
dnssec-trigger-0.10-4.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/dnssec-trigger-0.10-4.fc16
Package dnssec-trigger-0.10-4.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing dnssec-trigger-0.10-4.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-3088/dnssec-trigger-0.10-4.fc16 then log in and leave karma (feedback).
dnssec-trigger-0.10-4.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.