Bug 851279 - Review Request: eucalyptus - Elastic Utility Computing Architecture
Review Request: eucalyptus - Elastic Utility Computing Architecture
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Garrett Holmstrom
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-23 12:30 EDT by Andy Grimm
Modified: 2016-11-07 22:46 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-11-29 04:00:41 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
gholms: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)
rpmlint output for eucalyptus-3.1.2-0.3.20120917gitb8c109b4 (27.52 KB, text/plain)
2012-09-25 21:11 EDT, Garrett Holmstrom
no flags Details
rpmlint output for eucalyptus-3.1.2-0.5.20120917gitb8c109b4 (27.91 KB, text/plain)
2012-10-05 17:32 EDT, Garrett Holmstrom
no flags Details

  None (edit)
Description Andy Grimm 2012-08-23 12:30:42 EDT
Name        : eucalyptus
Version     : 3.1.0
License     : GPLv3
URL         : http://www.eucalyptus.com
Summary     : Elastic Utility Computing Architecture
Description :
Eucalyptus is a service overlay that implements elastic computing
using existing resources. The goal of Eucalyptus is to allow sites
with existing clusters and server infrastructure to co-host an elastic
computing service that is interface-compatible with Amazon AWS.

SPEC:
http://arg.fedorapeople.org/reviews/eucalyptus/3.1.0-16/eucalyptus.spec

SRPM:
http://arg.fedorapeople.org/reviews/eucalyptus/3.1.0-16/eucalyptus-3.1.0-16.fc18.src.rpm


There are a number of lint warnings.  I'll go through my rationale on them:

1) eucalyptus.x86_64: W: dangerous-command-in-%pre tar

This could be changed to copy commands if that's deemed "safer" ... this is how upstream packages currently work, though.

2) dangling-symlink (many of these)

Eucalyptus relies on all jars being in a common directory.  jetty does something similar in /usr/share/jetty/lib.  All symlink targets are unversioned jar filenames and are contained in Requires. 

3) explicit-lib-dependency (json-lib and cglib)

Bogus.  These are java packages

4) install-file-in-docs

The install file does also contain some setup instructions, but I could get rid of it.

5) log-files-without-logrotate

We use log4j to rotate almost all of our logs.  We may instate logrotate for the remaining logs

6) no-documentation

Subpackages depend on the eucalyptus package, which contains docs.  The only exception is the python admin tools, which are actually licensed separately (as BSD) but do not ship a license file at this time.

7) no-manual-page-for-binary

Eucalyptus does not create manual pages for most binaries.  End-user binaries have help text, and I've used help2man for some of those.  The service binaries are not really intended to be run by an end user in most cases, and could perhaps be moved into libexec

8) non-conffile-in-etc

We may simply need to relocate /etc/eucalyptus/cloud.d entirely.  I'm just not certain of the right place, and would like advice on this.  In some cases, these are files that users may want/need to modify (jrxml templates for jasperreports, for example).  Generally they won't be modified, though.

The file not in /etc/eucalyptus should likely be config files.  I'll talk to our developers about this.

9) non-standard-dir-perm 0700

I'm not sure why 0700 is strange.  The instances of this are mainly sensitive data which should only be readable by the eucalyptus user.

10) non-standard-executable-perm / setuid-binary (these are related)

The "rootwrap" and "mountwrap" binaries, unfortunately, are used to give eucalyptus root privileges for specific operations.  I wish this were better, but this is how eucalyptus currently works

11) non-standard-gid / non-standard-uid

eucalyptus owns a number of directories, usually so that permissions can be set to 0700

12) only-non-binary-in-usr-lib

This is RHBZ 794777

13) spelling-error

This is due to our acronyms (NC, CC, SC)

Sorry, that's a lot to work through.  Hopefully some brave reviewer can take this on.
Comment 1 Michael Scherer 2012-08-24 06:00:07 EDT
This spec is quite complex.

I noticed a few issues :
- %{_libdir}/eucalyptus/ is unowned

- Source11:      eucalyptus-3.1.0-generated.tgz
there is no comment on where and how this was generated or downloaded from

- the whole stuff like :
%global euca_libvirt      libvirt

do not make the spec very readable, IMHO. It would be easier to inline directly

- some patch do not have a mention of being sent upstream ( 14, 15, 16 among others ), any reasons ?

- some packages would be installed without license file, like eucalyptus-axis2-clients or python%{?pybasever}-eucadmin

- by the way, if nothing define %ybasever, what is the use ?

- the various %post are puzzling, why does it reload udev, why does -walrus restart eucalyptus-cloud.service ?
Comment 2 Andy Grimm 2012-08-24 07:20:23 EDT
(In reply to comment #1)
> This spec is quite complex.

Yes it is.

> I noticed a few issues :
> - %{_libdir}/eucalyptus/ is unowned

Oops... I'll certainly correct that
 
> - Source11:      eucalyptus-3.1.0-generated.tgz
> there is no comment on where and how this was generated or downloaded from

Good point, I should be more specific about exactly how to reproduce it.  My hope is that we'll get a more compatible version of axis2 into Fedora so that I can get rid of this.

> - the whole stuff like :
> %global euca_libvirt      libvirt
> 
> do not make the spec very readable, IMHO. It would be easier to inline
> directly

These variables were pulled in from upstream's official rpm packaging, which suport several different distros.  I can remove the ones related to file / package names.  I'd like to keep the ones which refer to paths which are specified throughout the SPEC, though.

> - some patch do not have a mention of being sent upstream ( 14, 15, 16 among
> others ), any reasons ?

I just haven't filed issues for them yet.  In the case of 15, it's closely related to #13, and should just be grouped under the same comment

> - some packages would be installed without license file, like
> eucalyptus-axis2-clients or python%{?pybasever}-eucadmin

Those are BSD, and upstream does not package a copy of that license file.

> - by the way, if nothing define %ybasever, what is the use ?

That was related to RHEL 6 packaging, and isn't really necessary for this version of the package.  I Can remove those.
 
> - the various %post are puzzling, why does it reload udev, why does -walrus
> restart eucalyptus-cloud.service ?

I'm not sure about the udev reload; that came from upstream packaging.

walrus is a component of the eucalyptus-cloud service.  When that or eucalyptus-sc changes, eucalyptus-cloud must be restarted.

Thank you for the comments.  I'll work on some changes an post a new spec.
Comment 3 Marek Goldmann 2012-08-24 08:18:13 EDT
I assigned this ticket to myself, but if there are any other takers who want to do a full/partial review of it (whether official or not), then feel free to add your comments.
Comment 4 Michael Scherer 2012-08-24 08:31:25 EDT
Review would be surely easier if the source was splitted into smaller component, but I guess that this would require a rather huge change upstream :)

I am also quite surprised by the number of BuildRequires, are we sure they are all needed ?

For the license of eucalyptus-axis2-clients, that's GPLv3, not BSD in the spec ? And if upstream do not ship license, you should ask them to include it
Comment 5 Michael Scherer 2012-08-24 08:41:32 EDT
Also, i think the definition of python_sitelib can be dropped, should be good on all supported fedora version.

BuildRequires: libxml2-devel

can be dropped, already pulled by by libxslt-devel

same for awk :
https://fedoraproject.org/wiki/Packaging:Guidelines#Exceptions_2

BuildRequires: %{euca_libvirt}-devel
BuildRequires: %{euca_libvirt}

is duplicating requires with libvirt-devel previously added.

There is also 3 ant requires, and it seems ant and ant-nodeps have been merged, so just 1 buildRequires should be enough.
Comment 6 Michael Scherer 2012-08-24 08:48:22 EDT
While on it :
$ repoquery --requires velocity          
apache-commons-collections
apache-commons-lang
apache-commons-logging
bcel
hsqldb
jakarta-oro
jdom
junit
log4j
servlet3
werken-xpath

$ repoquery --requires bcel    
/bin/sh
regexp
$ repoquery --requires hsqldb
/bin/sh
coreutils
initscripts
java
shadow-utils
tomcat-servlet-3.0-api

there is lots of BuildRequires that could be removed, since I am pretty sure they all pull the same bits. I
Comment 7 Michael Scherer 2012-08-24 09:07:34 EDT
In file httpd-cc.conf, you have /usr/lib64 hardcoded, that's likely not working on 32 bits.

I also find weird to have :
ServerRoot "/etc/httpd"

even if i am likely too cuatious about potential side effects.

PidFile /var/run/eucalyptus/httpd.pid

would be cleaner to use the suffix -cc there too, as this would be more coherent with the -nc web service.

Another potential improvement would be to have a common file that would be included, and maybe removing a bit the various modules ( so 1) this would take less memory, start faster and easier to read ).

For example :
LoadModule userdir_module modules/mod_userdir.so

seems weird there. setenvif_module is not used in the configuration so could be dropped, etc, etc.

Also, since it use mpm_event, maybe the other part of the config file could be dropped : ( mpm_prefork_module, etc ) so the file is easier to read and maintain ?
Comment 8 Michael Scherer 2012-08-24 09:42:11 EDT
One last comment ( or you will never be able to digest everything ), why are all services using PrivateTmp=false ? Do they communicate between them using /tmp ?

If not, I think it would be better to enable that, as a added security measure.
Comment 9 Andy Grimm 2012-08-24 10:30:24 EDT
(In reply to comment #4)
> Review would be surely easier if the source was splitted into smaller
> component, but I guess that this would require a rather huge change upstream
> :)
> 
> I am also quite surprised by the number of BuildRequires, are we sure they
> are all needed ?

They are all requirements, but I am removing a number of them which are transitive.
 
> For the license of eucalyptus-axis2-clients, that's GPLv3, not BSD in the
> spec ? And if upstream do not ship license, you should ask them to include it

Sorry, I missed that you mentioned that package; I was referring to the python subpackages.  axis2-clients depends on eucalyptus-cc, which depends on eucalyptus, which contains the license file.
Comment 10 Andy Grimm 2012-08-24 10:37:00 EDT
(In reply to comment #7)
> In file httpd-cc.conf, you have /usr/lib64 hardcoded, that's likely not
> working on 32 bits.

Ah, true; I don't ever use 32-bit, so I had not tested that yet.

> I also find weird to have :
> ServerRoot "/etc/httpd"
>
> even if i am likely too cuatious about potential side effects.

What's the suggestion here?  I used that so that specifying relative paths for modules would work.  I'm open to other ideas here. 
 
> PidFile /var/run/eucalyptus/httpd.pid
> 
> would be cleaner to use the suffix -cc there too, as this would be more
> coherent with the -nc web service.

Indeed, this is a bug.

> Another potential improvement would be to have a common file that would be
> included, and maybe removing a bit the various modules ( so 1) this would
> take less memory, start faster and easier to read ).
> 
> For example :
> LoadModule userdir_module modules/mod_userdir.so
> 
> seems weird there. setenvif_module is not used in the configuration so could
> be dropped, etc, etc.
> 
> Also, since it use mpm_event, maybe the other part of the config file could
> be dropped : ( mpm_prefork_module, etc ) so the file is easier to read and
> maintain ?

I'm actually not yet sure which is our preferred mpm.  And as for the other modules, I started with a very minimal list and got frustrated trying to figure out which modules are now required for a functional apache instance, so I added all of those which are enabled by default in Fedora's apache config.  I would love to prune that list.  Suggestions on a true minimally viable set would be great.  And yes, a common file definitely makes sense.  I'll work on that.
Comment 11 Michael Scherer 2012-08-24 10:49:18 EDT
In the spec, I only see this for eucalyptis-axis2-client, so is the requirement missing ?

%package axis2-clients
Summary:      Axis2/C web service clients for Eucalyptus services
License:      GPLv3
Requires:     wso2-axis2
Comment 12 Andy Grimm 2012-08-24 10:59:05 EDT
(In reply to comment #11)
> In the spec, I only see this for eucalyptis-axis2-client, so is the
> requirement missing ?
> 
> %package axis2-clients
> Summary:      Axis2/C web service clients for Eucalyptus services
> License:      GPLv3
> Requires:     wso2-axis2

yes, that's one of the many many things I'm fixing at the moment.  Should have a new version posted soon.
Comment 13 Michael Scherer 2012-08-24 11:08:18 EDT
> What's the suggestion here?  I used that so that specifying relative paths for > modules would work.  I'm open to other ideas here. 

I do not have any cleaner suggestion, but I wonder how this would work on a server non dedicated to eucalyptus. For example, I am not sure the default logs file would not end in /var/log/httpd due to link in /etc/httpd, this kind of thing. But if your test didn't show a issue, there is then likely no issue.

And the only thing to do would be to duplicate the tree of /etc/httpd, that's not a good idea IMHO.

For a minimal set of modules, I guess removing them one by one could be easy to do once the rpm is in, so that's not urgent.
Comment 14 Andy Grimm 2012-08-24 11:23:36 EDT
Actually, I don't have to duplicate much.  I can just make /etc/eucalyptus/httpd, make that ServerRoot, and put a modules symlink under it.
Comment 15 Andy Grimm 2012-08-24 12:10:54 EDT
next revision:

SPEC:
http://arg.fedorapeople.org/reviews/eucalyptus/3.1.0-17/eucalyptus.spec

SRPM:
http://arg.fedorapeople.org/reviews/eucalyptus/3.1.0-17/eucalyptus-3.1.0-17.fc18.src.rpm

This one built against rawhide in koji:
http://koji.fedoraproject.org/koji/taskinfo?taskID=4420182

I realized after I submitted it that I still have to finish fixing the apache configs; they're in a broken state at the moment.  I'd still like to have comments about other things in the spec or layouts of the resulting packages that might not be acceptable.
Comment 16 Garrett Holmstrom 2012-08-24 22:28:09 EDT
Here's a first stab at a package review.  It isn't as bad as it looks, as most of these issues are trivially-fixable.

I can take this if you would like Marek, but this one is going to need multiple sets of eyes to review either way.  ;-)


=== List of issues ===

As some binaries are composed of code with multiple, compatible licenses, I believe the license tag should be "GPLv3 and (GPLv3 and ASL 2.0) and (GPLv3 and BSD)".  It might be worth double-checking with Spot, though.

clc/modules/www/src/licenses/webui-iconic-icons.LICENSE must be included with %doc.

/etc/eucalyptus/cloud.d/init.d/01_pg_kernel_params appears in two packages.

/etc/eucalyptus/eucalyptus.conf is owned by the eucalyptus user.  If that is actually correct (yuck) then please state so in the spec file.

Rather than starting tgtd in the sc package's %post scriptlet, consider adding Wants=tgtd.service to eucalyptus-cloud.service.

Are multiple restarts of the same service in %postun really the safest/most reasonable way to do upgrades?

axis2-clients should probably require eucalyptus-cc with a fully-versioned dependency.

The following files have filesystem layout problems:
     These go in /usr/share/%name:
       /etc/eucalyptus/cloud.d/init.d/01_pg_kernel_params
       /etc/eucalyptus/eucalyptus-version
       /etc/eucalyptus/vtunall.conf.template
     These go in /usr/share/%name or /usr/libexec/%name:
       /etc/eucalyptus/cloud.d/scripts/*
       /etc/eucalyptus/cloud.d/upgrade/*
       /usr/sbin/eucalyptus-*.init
     This goes with documentation:
       /etc/eucalyptus/drbd.conf.example

The following configuration files are not marked with %config(noreplace) or %config:
     /etc/eucalyptus/axis2.xml
     /etc/eucalyptus/eucalyptus.conf
     /etc/eucalyptus/httpd/conf/httpd-cc.conf
     /etc/eucalyptus/httpd/conf/httpd-common.conf
     /etc/eucalyptus/httpd/conf/httpd-nc.conf

%install uses %{S:2}, whereas the rest of the file uses the %{SOURCE#} format.

/var/run/eucalyptus needs a tmpfiles.d entry.

eucalyptus-cc cleanstart, cleanstop, and cleanrestart are supposed to be converted to standalone scripts.

The spec file must contain BuildRequires: systemd-units for the %_unitdir macro.

The Java guidelines require arch-independent JARs to go under %_javadir, not /usr/share/eucalyptus.  This affects the following files:
     /usr/share/eucalyptus/eucalyptus-auth-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-bootstrap-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-cloud-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-clustermgr-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-component-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-config-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-core-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-dns-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-euare-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-euare-common-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-msgs-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-notifications-common-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-postgresql-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-storage-common-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-walrus-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-ws-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-www-3.1.0.jar

Similarly, JNI-using JARs must go in %_libdir/%name.  There is one of these:
     /usr/share/eucalyptus/eucalyptus-storagecontroller-3.1.0.jar

Calls to System.loadLibrary must be replaced with System.load with complete .so paths.  This affects the following file in the source tree:
     clc/modules/storage-controller/src/main/java/com/eucalyptus/storage/OverlayManager.java

/usr/lib/python2.7/site-packages/eucadmin/local.py from the python-eucadmin package requires m2crypto and python-paramiko.  However, that module is unused, so you could also patch it out if you would like.


=== Other commentary ===

I must admit that I am not a fan of macros like %eucastatedir, which don't really do much to enhance readability.  I would rather see the real paths inline.

Are all of those httpd modules really necessary?

If possible, please see if you can filter out Provides and Requires for internal libs.

Please query upstream about including license files for the BSD sub-packages.

I'd change "Eucalyptus Enterprise Edition" to "Eucalyptus Enterprise plugins" since there's only one version of eucalyptus now.

provide_abi isn't necessary for a Fedora package, so I'd just remove it.

You should probably add commentary about why you're explicitly setting LANG when you call make.


Mandatory review guidelines:
ok - rpmlint output:
     eucalyptus.src: W: spelling-error %description -l en_US nc -> NC, n, c
     eucalyptus.src: W: spelling-error %description -l en_US sc -> SC, tic, cs
     eucalyptus.src: W: strange-permission eucalyptus-nc.init 0755L
     eucalyptus.src: W: strange-permission eucalyptus-cc.init 0755L
     eucalyptus.src:477: W: macro-in-comment %patch7
     eucalyptus.src: W: invalid-url Source12: eucalyptus-3.1.0-generated.tgz
     eucalyptus.x86_64: W: spelling-error %description -l en_US nc -> NC, n, c
     eucalyptus.x86_64: W: spelling-error %description -l en_US sc -> SC, tic, cs
     eucalyptus.x86_64: W: non-standard-uid /etc/eucalyptus/eucalyptus.conf eucalyptus
     eucalyptus.x86_64: W: non-standard-gid /etc/eucalyptus/eucalyptus.conf eucalyptus
     eucalyptus.x86_64: W: non-conffile-in-etc /etc/eucalyptus/eucalyptus.conf
     eucalyptus.x86_64: W: non-standard-uid /var/lib/eucalyptus eucalyptus
     eucalyptus.x86_64: W: non-standard-gid /var/lib/eucalyptus eucalyptus
     eucalyptus.x86_64: W: non-conffile-in-etc /etc/eucalyptus/httpd/conf/httpd-common.conf
     eucalyptus.x86_64: W: non-standard-gid /usr/libexec/eucalyptus eucalyptus
     eucalyptus.x86_64: W: non-standard-uid /var/lib/eucalyptus/keys eucalyptus
     eucalyptus.x86_64: W: non-standard-gid /var/lib/eucalyptus/keys eucalyptus
     eucalyptus.x86_64: E: non-standard-dir-perm /var/lib/eucalyptus/keys 0700L
     eucalyptus.x86_64: W: dangling-symlink /etc/eucalyptus/httpd/modules /usr/lib64/httpd/modules
     eucalyptus.x86_64: W: non-standard-uid /var/lib/eucalyptus/upgrade eucalyptus
     eucalyptus.x86_64: W: non-standard-gid /var/lib/eucalyptus/upgrade eucalyptus
     eucalyptus.x86_64: E: non-standard-dir-perm /var/lib/eucalyptus/upgrade 0700L
     eucalyptus.x86_64: W: non-standard-uid /var/lib/eucalyptus/db eucalyptus
     eucalyptus.x86_64: W: non-standard-gid /var/lib/eucalyptus/db eucalyptus
     eucalyptus.x86_64: E: non-standard-dir-perm /var/lib/eucalyptus/db 0700L
     eucalyptus.x86_64: W: non-conffile-in-etc /etc/eucalyptus/axis2.xml
     eucalyptus.x86_64: W: non-standard-uid /var/log/eucalyptus eucalyptus
     eucalyptus.x86_64: W: non-standard-gid /var/log/eucalyptus eucalyptus
     eucalyptus.x86_64: W: non-standard-gid /usr/libexec/eucalyptus/euca_mountwrap eucalyptus
     eucalyptus.x86_64: E: setuid-binary /usr/libexec/eucalyptus/euca_mountwrap root 04750L
     eucalyptus.x86_64: E: non-standard-executable-perm /usr/libexec/eucalyptus/euca_mountwrap 04750L
     eucalyptus.x86_64: E: non-standard-executable-perm /usr/libexec/eucalyptus/euca_mountwrap 04750L
     eucalyptus.x86_64: W: non-conffile-in-etc /etc/eucalyptus/eucalyptus-version
     eucalyptus.x86_64: W: non-standard-gid /usr/libexec/eucalyptus/euca_rootwrap eucalyptus
     eucalyptus.x86_64: E: setuid-binary /usr/libexec/eucalyptus/euca_rootwrap root 04750L
     eucalyptus.x86_64: E: non-standard-executable-perm /usr/libexec/eucalyptus/euca_rootwrap 04750L
     eucalyptus.x86_64: E: non-standard-executable-perm /usr/libexec/eucalyptus/euca_rootwrap 04750L
     eucalyptus.x86_64: W: non-standard-uid /var/run/eucalyptus eucalyptus
     eucalyptus.x86_64: W: non-standard-gid /var/run/eucalyptus eucalyptus
     eucalyptus.x86_64: W: log-files-without-logrotate /var/log/eucalyptus
     eucalyptus.x86_64: W: no-manual-page-for-binary euca_sync_key
     eucalyptus.x86_64: W: install-file-in-docs /usr/share/doc/eucalyptus-3.1.0/INSTALL
     eucalyptus.x86_64: W: percent-in-%pre
     eucalyptus.x86_64: W: dangerous-command-in-%pre tar
     eucalyptus-admin-tools.noarch: W: no-manual-page-for-binary euca-get-credentials
     eucalyptus-admin-tools.noarch: W: no-manual-page-for-binary euca_conf
     eucalyptus-axis2-clients.x86_64: W: spelling-error %description -l en_US webservices -> web services, web-services, services
     eucalyptus-axis2-clients.x86_64: W: no-documentation
     eucalyptus-axis2-clients.x86_64: W: no-manual-page-for-binary NCclient
     eucalyptus-axis2-clients.x86_64: W: no-manual-page-for-binary GLclient
     eucalyptus-axis2-clients.x86_64: W: no-manual-page-for-binary CCclient
     eucalyptus-cc.x86_64: W: no-documentation
     eucalyptus-cc.x86_64: W: dangling-symlink /usr/lib64/eucalyptus/axis2/cc/services/EucalyptusGL /usr/lib64/eucalyptus/axis2/gl/services/EucalyptusGL
     eucalyptus-cc.x86_64: W: non-conffile-in-etc /etc/eucalyptus/httpd/conf/httpd-cc.conf
     eucalyptus-cc.x86_64: W: dangling-symlink /usr/lib64/eucalyptus/axis2/cc/axis2.xml /etc/eucalyptus/axis2.xml
     eucalyptus-cc.x86_64: W: dangling-symlink /usr/lib64/eucalyptus/axis2/cc/modules /usr/lib64/wso2-axis2/modules
     eucalyptus-cc.x86_64: W: dangling-symlink /usr/lib64/eucalyptus/axis2/cc/lib /usr/lib64
     eucalyptus-cc.x86_64: W: non-standard-uid /var/lib/eucalyptus/CC eucalyptus
     eucalyptus-cc.x86_64: W: non-standard-gid /var/lib/eucalyptus/CC eucalyptus
     eucalyptus-cc.x86_64: E: non-standard-dir-perm /var/lib/eucalyptus/CC 0700L
     eucalyptus-cc.x86_64: W: non-conffile-in-etc /etc/eucalyptus/vtunall.conf.template
     eucalyptus-cc.x86_64: E: non-standard-executable-perm /usr/libexec/eucalyptus/shutdownCC 0555L
     eucalyptus-cc.x86_64: W: no-manual-page-for-binary eucalyptus-cc.init
     eucalyptus-cloud.x86_64: W: no-documentation
     eucalyptus-cloud.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/init.d/01_pg_kernel_params
     eucalyptus-cloud.x86_64: W: no-manual-page-for-binary euca-lictool
     eucalyptus-common-java.x86_64: E: explicit-lib-dependency json-lib
     eucalyptus-common-java.x86_64: W: spelling-error Summary(en_US) ws -> es, w, s
     eucalyptus-common-java.x86_64: W: only-non-binary-in-usr-lib
     eucalyptus-common-java.x86_64: W: no-documentation
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/mule-module-builders.jar /usr/share/java/mule/mule-module-builders.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jsr-305.jar /usr/share/java/jsr-305.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/upgrade/upgrade_20_31.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-io.jar /usr/share/java/apache-commons-io.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/avalon-framework-impl.jar /usr/share/java/avalon-framework-impl.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-http.jar /usr/share/java/jetty/jetty-http.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-util.jar /usr/share/java/batik/batik-util.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/javassist.jar /usr/share/java/javassist.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/storage.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/dnsjava.jar /usr/share/java/dnsjava.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/stax2-api.jar /usr/share/java/stax2-api.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/setup_db.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/spring-web.jar /usr/share/java/springframework/spring-web.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/hibernate-jpa-2.0-api.jar /usr/share/java/hibernate-jpa-2.0-api.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/run.jar /usr/share/java/jibx/run.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/commons-digester.jar /usr/share/java/commons-digester.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-util.jar /usr/share/java/jetty/jetty-util.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/channels.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jboss-logging.jar /usr/share/java/jboss-logging.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/bcprov.jar /usr/share/java/bcprov.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/user_s3.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-fileupload.jar /usr/share/java/apache-commons-fileupload.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/hibernate-ehcache.jar /usr/share/java/hibernate3/hibernate-ehcache.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/notifications.groovy
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/nested_s3.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-overlay-deployer.jar /usr/share/java/jetty/jetty-overlay-deployer.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-beanutils.jar /usr/share/java/apache-commons-beanutils.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/nested_storage.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-compress.jar /usr/share/java/apache-commons-compress.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/gwt-web.xml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-css.jar /usr/share/java/batik/batik-css.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-deploy.jar /usr/share/java/jetty/jetty-deploy.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/s3.jrxml
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/user_storage.jrxml
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/eucalyptus-web.properties
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/hibernate-jbosscache.jar /usr/share/java/hibernate3/hibernate-jbosscache.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-logging.jar /usr/share/java/apache-commons-logging.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/transfer.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/spring-context-support.jar /usr/share/java/springframework/spring-context-support.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-svggen.jar /usr/share/java/batik/batik-svggen.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/setup_persistence.groovy
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/walrusprops.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-collections.jar /usr/share/java/apache-commons-collections.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/tools.jar /usr/share/java/jibx/tools.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/extras.jar /usr/share/java/jibx/extras.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/xpp3.jar /usr/share/java/xpp3.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/walruslogger.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/spring-beans.jar /usr/share/java/springframework/spring-beans.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/mule-module-spring-config.jar /usr/share/java/mule/mule-module-spring-config.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jsch.jar /usr/share/java/jsch.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-policy.jar /usr/share/java/jetty/jetty-policy.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/tomcat-servlet-3.0-api.jar /usr/share/java/tomcat-servlet-3.0-api.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jgroups212.jar /usr/share/java/jgroups212.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/hibernate-entitymanager.jar /usr/share/java/hibernate3/hibernate-entitymanager.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/api.jar /usr/share/java/slf4j/api.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/xstream.jar /usr/share/java/xstream.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-servlet.jar /usr/share/java/jetty/jetty-servlet.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/axiom-api.jar /usr/share/java/axiom/axiom-api.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/setup_membership.groovy
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/notifications_digest.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jcl-over-slf4j.jar /usr/share/java/slf4j/jcl-over-slf4j.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/mule-transport-vm.jar /usr/share/java/mule/mule-transport-vm.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/Pruner.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-jxpath.jar /usr/share/java/apache-commons-jxpath.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/avalon-logkit.jar /usr/share/java/avalon-logkit.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/woodstox-core.jar /usr/share/java/woodstox-core.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/json-lib.jar /usr/share/java/json-lib.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-ext.jar /usr/share/java/batik/batik-ext.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/mysqldbsource.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/geronimo-jta.jar /usr/share/java/geronimo-jta.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/storageprops.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-jndi.jar /usr/share/java/jetty/jetty-jndi.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/xalan-j2-serializer.jar /usr/share/java/xalan-j2-serializer.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-annotations.jar /usr/share/java/jetty/jetty-annotations.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/nested_instance.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/xalan-j2.jar /usr/share/java/xalan-j2.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/all.jar /usr/share/java/hamcrest12/all.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-websocket.jar /usr/share/java/jetty/jetty-websocket.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-awt-util.jar /usr/share/java/batik/batik-awt-util.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-rewrite.jar /usr/share/java/jetty/jetty-rewrite.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jakarta-commons-httpclient.jar /usr/share/java/jakarta-commons-httpclient.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-webapp.jar /usr/share/java/jetty/jetty-webapp.jar
     eucalyptus-common-java.x86_64: W: non-standard-uid /var/lib/eucalyptus/webapps eucalyptus
     eucalyptus-common-java.x86_64: W: non-standard-gid /var/lib/eucalyptus/webapps eucalyptus
     eucalyptus-common-java.x86_64: E: non-standard-dir-perm /var/lib/eucalyptus/webapps 0700L
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-start.jar /usr/share/java/jetty/jetty-start.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/cglib.jar /usr/share/java/cglib.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/wss4j.jar /usr/share/java/wss4j.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jbosscache-core.jar /usr/share/java/jbosscache-core.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/log4j.jar /usr/share/java/log4j.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/hibernate-commons-annotations.jar /usr/share/java/hibernate/hibernate-commons-annotations.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/components.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/schema.jar /usr/share/java/jibx/schema.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-client.jar /usr/share/java/jetty/jetty-client.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/asm-all.jar /usr/share/java/objectweb-asm/asm-all.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/upgrade/upgrade_30_31.groovy
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/eucalyptus-web-default.properties
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/guava.jar /usr/share/java/guava.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/instance.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/bcel.jar /usr/share/java/bcel.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-server.jar /usr/share/java/jetty/jetty-server.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/spring-context.jar /usr/share/java/springframework/spring-context.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/mule-module-xml.jar /usr/share/java/mule/mule-module-xml.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-logging-api.jar /usr/share/java/apache-commons-logging-api.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/mule-module-management.jar /usr/share/java/mule/mule-module-management.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-script.jar /usr/share/java/batik/batik-script.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/netty31.jar /usr/share/java/netty31.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/qname.jar /usr/share/java/qname.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/users_groups.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/xml-security.jar /usr/share/java/xml-security.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-xml.jar /usr/share/java/jetty/jetty-xml.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/proxool.jar /usr/share/java/proxool.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-ajp.jar /usr/share/java/jetty/jetty-ajp.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/mule-core.jar /usr/share/java/mule/mule-core.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-anim.jar /usr/share/java/batik/batik-anim.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-xml.jar /usr/share/java/batik/batik-xml.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/java-uuid-generator.jar /usr/share/java/java-uuid-generator.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/velocity.jar /usr/share/java/velocity.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/postgresql-jdbc.jar /usr/share/java/postgresql-jdbc.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/bind.jar /usr/share/java/jibx/bind.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/ezmorph.jar /usr/share/java/ezmorph.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/axiom-dom.jar /usr/share/java/axiom/axiom-dom.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/init.d/01_pg_kernel_params
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/btm.jar /usr/share/java/btm.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-continuation.jar /usr/share/java/jetty/jetty-continuation.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/ha-jdbc.jar /usr/share/java/ha-jdbc.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/describe_nodes.groovy
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/security.policy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/axiom-impl.jar /usr/share/java/axiom/axiom-impl.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-lang.jar /usr/share/java/apache-commons-lang.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-security.jar /usr/share/java/jetty/jetty-security.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/ehcache-core.jar /usr/share/java/ehcache-core.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jboss-connector-1.6-api.jar /usr/share/java/jboss-connector-1.6-api.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/bsf.jar /usr/share/java/bsf.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/geronimo-ejb.jar /usr/share/java/geronimo-ejb.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jaxen.jar /usr/share/java/jaxen.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jul-to-slf4j.jar /usr/share/java/slf4j/jul-to-slf4j.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-cli.jar /usr/share/java/apache-commons-cli.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-parser.jar /usr/share/java/batik/batik-parser.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/mule-module-client.jar /usr/share/java/mule/mule-module-client.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/user_vms.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/wsdl4j.jar /usr/share/java/wsdl4j.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/antlr.jar /usr/share/java/antlr.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/dom4j.jar /usr/share/java/dom4j.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/commons-codec.jar /usr/share/java/commons-codec.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-plus.jar /usr/share/java/jetty/jetty-plus.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jboss-common-core.jar /usr/share/java/jboss-common-core.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/hibernate-proxool.jar /usr/share/java/hibernate3/hibernate-proxool.jar
     eucalyptus-common-java.x86_64: W: non-standard-uid /var/lib/eucalyptus/webapps/root.war eucalyptus
     eucalyptus-common-java.x86_64: W: non-standard-gid /var/lib/eucalyptus/webapps/root.war eucalyptus
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/xerces-j2.jar /usr/share/java/xerces-j2.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-jmx.jar /usr/share/java/jetty/jetty-jmx.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-logging-adapters.jar /usr/share/java/apache-commons-logging-adapters.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/system.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/ant.jar /usr/share/java/ant.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/setup_dbpool.groovy
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/PrunerThread.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-io.jar /usr/share/java/jetty/jetty-io.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/drbd/drbd.conf.example
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/tomcat-el-2.2-api.jar /usr/share/java/tomcat-el-2.2-api.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/jmx/com.eucalyptus.component.Component
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jcip-annotations.jar /usr/share/java/jcip-annotations.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-bridge.jar /usr/share/java/batik/batik-bridge.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/vmstate.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/xom.jar /usr/share/java/xom.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/backport-util-concurrent-3.1.jar /usr/share/java/backport-util-concurrent-3.1.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/jetty-servlets.jar /usr/share/java/jetty/jetty-servlets.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/hibernate-core.jar /usr/share/java/hibernate3/hibernate-core.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/quartz.jar /usr/share/java/quartz.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/spring-core.jar /usr/share/java/springframework/spring-core.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/regexp.jar /usr/share/java/regexp.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/apache-commons-pool.jar /usr/share/java/apache-commons-pool.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/xml-commons-apis.jar /usr/share/java/xml-commons-apis.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/reports/msg.jrxml
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/geronimo-jms.jar /usr/share/java/geronimo-jms.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/scripts/initialize_cloud.groovy
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-dom.jar /usr/share/java/batik/batik-dom.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/log4j12.jar /usr/share/java/slf4j/log4j12.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/spring-expression.jar /usr/share/java/springframework/spring-expression.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-svg-dom.jar /usr/share/java/batik/batik-svg-dom.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/batik-gvt.jar /usr/share/java/batik/batik-gvt.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/groovy.jar /usr/share/java/groovy.jar
     eucalyptus-common-java.x86_64: W: dangling-symlink /usr/share/eucalyptus/mail.jar /usr/share/java/javamail/mail.jar
     eucalyptus-common-java.x86_64: W: non-conffile-in-etc /etc/eucalyptus/cloud.d/www/admin.xml
     eucalyptus-common-java.x86_64: W: no-manual-page-for-binary eucalyptus-cloud.init
     eucalyptus-common-java.x86_64: W: no-manual-page-for-binary eucalyptus-cloud
     eucalyptus-gl.x86_64: W: no-documentation
     eucalyptus-nc.x86_64: W: no-documentation
     eucalyptus-nc.x86_64: W: dangling-symlink /usr/lib64/eucalyptus/axis2/nc/axis2.xml /etc/eucalyptus/axis2.xml
     eucalyptus-nc.x86_64: W: non-conffile-in-etc /etc/eucalyptus/httpd/conf/httpd-nc.conf
     eucalyptus-nc.x86_64: W: dangling-symlink /usr/lib64/eucalyptus/axis2/nc/services/EucalyptusGL /usr/lib64/eucalyptus/axis2/gl/services/EucalyptusGL
     eucalyptus-nc.x86_64: W: non-standard-uid /var/lib/eucalyptus/instances eucalyptus
     eucalyptus-nc.x86_64: W: non-standard-gid /var/lib/eucalyptus/instances eucalyptus
     eucalyptus-nc.x86_64: E: non-standard-dir-perm /var/lib/eucalyptus/instances 0771L
     eucalyptus-nc.x86_64: W: dangling-symlink /usr/lib64/eucalyptus/axis2/nc/modules /usr/lib64/wso2-axis2/modules
     eucalyptus-nc.x86_64: W: non-conffile-in-etc /etc/eucalyptus/nc-hooks/example.sh
     eucalyptus-nc.x86_64: E: non-executable-script /etc/eucalyptus/nc-hooks/example.sh 0644L /bin/bash
     eucalyptus-nc.x86_64: W: dangling-symlink /usr/lib64/eucalyptus/axis2/nc/lib /usr/lib64
     eucalyptus-nc.x86_64: W: no-manual-page-for-binary euca_test_nc
     eucalyptus-nc.x86_64: W: no-manual-page-for-binary eucalyptus-nc.init
     eucalyptus-sc.x86_64: W: no-documentation
     eucalyptus-sc.x86_64: W: non-standard-uid /var/lib/eucalyptus/volumes eucalyptus
     eucalyptus-sc.x86_64: W: non-standard-gid /var/lib/eucalyptus/volumes eucalyptus
     eucalyptus-sc.x86_64: E: non-standard-dir-perm /var/lib/eucalyptus/volumes 0700L
     eucalyptus-walrus.x86_64: W: no-documentation
     eucalyptus-walrus.x86_64: W: non-conffile-in-etc /etc/eucalyptus/drbd.conf.example
     eucalyptus-walrus.x86_64: W: non-standard-uid /var/lib/eucalyptus/bukkits eucalyptus
     eucalyptus-walrus.x86_64: W: non-standard-gid /var/lib/eucalyptus/bukkits eucalyptus
     eucalyptus-walrus.x86_64: E: non-standard-dir-perm /var/lib/eucalyptus/bukkits 0700L
     python-eucadmin.noarch: W: no-documentation
     python-eucadmin.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/eucadmin/generic.py 0644L /usr/bin/env
     13 packages and 0 specfiles checked; 18 errors, 263 warnings.

     Some of these are bogus, and you've addressed the rest.

ok - License is acceptable (GPLv3, LGPLv2+, ASL 2.0, BSD, Public Domain)
NO - License field in spec is correct
     GPLv3 should be GPLv3 and (GPLv3 and ASL 2.0) and (GPLv3 and BSD)
NO - License files included in package %docs if included in source package
     Missing clc/modules/www/src/licenses/webui-iconic-icons.LICENSE
ok - License files installed when any subpackage combination is installed
     Upstream does not include license files for the BSD sub-packages
ok - Spec written in American English
ok - Spec is legible
ok - Sources match upstream unless altered to fix permissibility issues
     Upstream SHA256: 4e36c398321403a2de915e1e14abc336ec088c99f734c9693c068b8a248edc85  eucalyptus-3.1.0.tar.gz
     Your SHA256:     4e36c398321403a2de915e1e14abc336ec088c99f734c9693c068b8a248edc85  eucalyptus-3.1.0.tar.gz
ok - Build succeeds on at least one primary arch
ok - Build succeeds on all primary arches or has ExcludeArch + bugs filed
ok - BuildRequires correct, justified where necessary
-- - Locales handled with %find_lang, not %_datadir/locale/*
-- - %post, %postun call ldconfig if package contains shared .so files
ok - No bundled libs
-- - Relocatability is justified
ok - Package owns all directories it creates
ok - Package requires others for directories it uses but does not own
NO - No duplication in %files unless necessary for license files
     /etc/eucalyptus/cloud.d/init.d/01_pg_kernel_params
NO - File permissions are sane
     -rw-r--r-- eucalyptus eucalyptus /etc/eucalyptus/eucalyptus.conf
ok - Package contains permissible code or content
ok - Large docs go in -doc subpackage
ok - %doc files not required at runtime
-- - Static libs go in -static package/virtual Provides
-- - Development files go in -devel package
-- - -devel packages Require base with fully-versioned dependency, %_isa
ok - No .la files
-- - GUI app uses .desktop file, installs it with desktop-file-install
ok - File list does not conflict with other packages' without justification
ok - File names are valid UTF-8

Optional review guidelines:
ok - Query upstream about including license files
-- - Translations of description, summary
ok - Builds in mock
no - Builds on all arches
     (Standard no-java-on-ppc disclaimer)
no - Scriptlets are sane
     Rather than starting tgtd, add Wants=tgtd.service to
     eucalyptus-sc.service.
no - Subpackages require base with fully-versioned dependency if sensible
     axis2-clients should require eucalyptus-cc with a fully-versioned dep.
-- - .pc file subpackage placement is sensible
ok - No file deps outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin
ok - Include man pages if available

Naming guidelines:
ok - Package names use only a-zA-Z0-9-._+ subject to restrictions on -._+
ok - Package names are sane
ok - No naming conflicts
ok - Spec file name matches base package name
ok - Version is sane
ok - Version does not contain ~
ok - Release is sane
ok - %dist tag
ok - Case used only when necessary
-- - Renaming handled correctly

Packaging guidelines:
ok - Useful without external bits
ok - No kmods
NO - Pre-built binaries, libs removed in %prep
     tools/floppy contains grub
ok - Sources contain only redistributable code or content
ok - Spec format is sane
NO - Package obeys FHS, except libexecdir, /run, /usr/target
     These go in /usr/share/%name:
       /etc/eucalyptus/cloud.d/init.d/01_pg_kernel_params
       /etc/eucalyptus/eucalyptus-version
       /etc/eucalyptus/vtunall.conf.template
     These go in /usr/share/%name or /usr/libexec/%name:
       /etc/eucalyptus/cloud.d/scripts/*
       /etc/eucalyptus/cloud.d/upgrade/*
       /usr/sbin/eucalyptus-*.init
     This goes with documentation:
       /etc/eucalyptus/drbd.conf.example
ok - No files in /bin, /sbin, /lib* on >= F17
-- - Programs run before FS mounting use /run instead of /var/run
-- - Binaries in /bin, /sbin do not depend on files in /usr on < F17
ok - No files under /srv, /opt, /usr/local
ok - Changelog in prescribed format
ok - No Packager, Vendor, Copyright, PreReq tags
ok - Summary does not end in a period
-- - Correct BuildRoot tag on < EL6
-- - Correct %clean section on < EL6
NO - Requires correct, justified where necessary
     cloud, sc should require systemd-units since they restart services
ok - Summary, description do not use trademarks incorrectly
no - All relevant documentation is packaged, appropriately marked with %doc
     Example configs are documentation.
ok - Doc files do not drag in extra dependencies (e.g. due to +x)
ok - Code compilable with gcc is compiled with gcc
NO - Build honors applicable compiler flags or justifies otherwise
     LDFLAGS not supplied to build
NO - PIE used for long-running/root daemons, setuid/filecap programs
     Long-running daemons and setuid binaries require _hardened_build
ok - Useful -debuginfo package or disabled and justified
-- - Package with .pc files Requires pkgconfig on < EL6
ok - No static executables
ok - Rpath absent or only used for internal libs
NO - Config files marked with %config(noreplace) or justified %config
     /etc/eucalyptus/axis2.xml
     /etc/eucalyptus/eucalyptus.conf
     /etc/eucalyptus/httpd/conf/httpd-cc.conf
     /etc/eucalyptus/httpd/conf/httpd-common.conf
     /etc/eucalyptus/httpd/conf/httpd-nc.conf
ok - No config files under /usr
-- - Third party package manager configs acceptable, in %_docdir
-- - .desktop files are sane
NO - Spec uses macros consistently
     %install uses %{S:2} instead of %{SOURCE2}
ok - Spec uses macros instead of hard-coded names where appropriate
ok - Spec uses macros for executables only when configurability is needed
-- - %makeinstall used only when alternatives don't work
-- - Macros in Summary, description are expandable at srpm build time
ok - Spec uses %{SOURCE#} instead of $RPM_SOURCE_DIR and %sourcedir
ok - No software collections (scl)
-- - Macro files named /etc/rpm/macros.%name
ok - Build uses only python/perl/shell+coreutils/lua/BuildRequired langs
ok - %global, not %define
-- - Package translating with gettext BuildRequires it
-- - Package translating with Linguist BuildRequires qt-devel
ok - File ops preserve timestamps
no - Parallel make
     Justified in spec
ok - No Requires(pre,post) notation
ok - User, group creation handled correctly (See Packaging:UsersAndGroups)
     Note that the packaging guidelines require shadow-utils, not paths.
ok - Web apps go in /usr/share/%name, not /var/www
-- - Conflicts are justified
ok - One project per package
ok - No bundled fonts
ok - Patches have appropriate commentary
-- - Available test suites executed in %check
NO - tmpfiles.d used for /run, /run/lock on >= F15
     /var/run/eucalyptus

Systemd guidelines:
ok - Traditional service uses a unit file
NO - Non-standard service commands converted to standalone scripts
     eucalyptus-cc cleanstart, cleanstop, cleanrestart
ok - Unit names are sane
ok - Description= lines do not exceed 80 characters
-- - Documentation field has correct URI format
ok - Service Types= are correct
ok - Requires=, Wants= used only when necessary
ok - Units do not refer to runlevel*.target
ok - Symlinks used instead of Name=
ok - StandardOutput=, StandardError= used only when necessary
-- - Socket-activated service has FESCo approval, correct unit files
ok - Unit files go in %_unitdir
NO - BuildRequires: systemd-units for %_unitdir macro
ok - Packaged unit files are not %config files
ok - Unit file scriptlets are correct

Java guidelines:
-- - Javadocs go in javadoc subpackage
ok - Prefer split JARs over monolithic
ok - JAR file names correct
NO - JAR files go in %{_javadir} or %{_javadir}-$version
     /usr/share/eucalyptus/eucalyptus-auth-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-bootstrap-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-cloud-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-clustermgr-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-component-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-config-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-core-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-dns-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-euare-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-euare-common-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-msgs-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-notifications-common-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-postgresql-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-storage-common-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-walrus-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-ws-3.1.0.jar
     /usr/share/eucalyptus/eucalyptus-www-3.1.0.jar
ok - Multiple JAR files go in a %{name} subdirectory
-- - Javadocs go in unversioned %{_javadocdir}/%{name}
-- - javadoc subpackage is noarch on > EL5
ok - BuildRequires java-devel, jpackage-utils
ok - Requires java, jpackage-utils
ok - Dependencies on java/java-devel >= 1.6.0 add epoch 1
-- - Package requiring maven2 Requires jpackage-utils for post and postun
-- - Package requiring maven contains correct maven-specific code in spec
-- - Wrapper script in %{_bindir}
-- - GCJ AOT bits follow GCJ guidelines
ok - No devel package
-- - pom.xml files, if any, installed with %add_maven_depmap
NO - JNI shared objects, JARs that require them go in %{_libdir}/%{name}
     /usr/share/eucalyptus/eucalyptus-storagecontroller-3.1.0.jar
NO - Calls to System.loadLibrary replaced w/ System.load w/ full .so path
     clc/modules/storage-controller/src/main/java/com/eucalyptus/storage/OverlayManager.java
ok - Bundled JAR files not included or used for build
ok - No Javadoc %post/%ghost
ok - No class-path elements in JAR manifests

Perl guidelines:
ok - Module requirements use virtual perl(modname) syntax
ok - Spec BuildRequires correct core modules, not perl-devel
-- - Spec contains correct MODULE_COMPAT Requires
ok - Requires/Provides are sane
-- - CPAN URL tag is not versioned
-- - All tests enabled where possible
-- - Use Build.PL if present unless justified otherwise
-- - .h files not split into -devel package

Python guidelines:
NO - Runtime Requires correct
     /usr/lib/python2.7/site-packages/eucadmin/local.py requires:
       m2crypto
       python-paramiko
     That file is actually unused, so you could patch it out.
-- - Python macros declared on < EL6
ok - All .py files packaged with .pyc, .pyo counterparts
-- - Includes .egg-info files/directories when generated
ok - Provides/Requires properly filtered
-- - Code that invokes gtk.gdk.get_pixels_array() Requires numpy
Comment 17 Marek Goldmann 2012-08-27 03:59:37 EDT
Garrett, Michael, feel free to assign the ticket to you, since you did the job already.
Comment 18 Andy Grimm 2012-09-17 14:39:12 EDT
(In reply to comment #16)
> === List of issues ===
> 
> As some binaries are composed of code with multiple, compatible licenses, I
> believe the license tag should be "GPLv3 and (GPLv3 and ASL 2.0) and (GPLv3
> and BSD)".  It might be worth double-checking with Spot, though.

Fixed.
 
> clc/modules/www/src/licenses/webui-iconic-icons.LICENSE must be included
> with %doc.

I think we discussed this one offline; this isn't needed until we build the UI.

> /etc/eucalyptus/cloud.d/init.d/01_pg_kernel_params appears in two packages.

This file is now completely excluded from the install, as it's not really an approved way to deal with setting kernel parameters.

> /etc/eucalyptus/eucalyptus.conf is owned by the eucalyptus user.  If that is
> actually correct (yuck) then please state so in the spec file.

Added a comment.

> Rather than starting tgtd in the sc package's %post scriptlet, consider
> adding Wants=tgtd.service to eucalyptus-cloud.service.

Fixed.

> Are multiple restarts of the same service in %postun really the safest/most
> reasonable way to do upgrades?

I've removed all duplication of these for now.  I think we need to more closely investigate the right way to upgrade this package, but you're right that restarting multiple times is awful.

> axis2-clients should probably require eucalyptus-cc with a fully-versioned
> dependency.

Fixed.

> The following files have filesystem layout problems:
>      These go in /usr/share/%name:
>        /etc/eucalyptus/cloud.d/init.d/01_pg_kernel_params
>        /etc/eucalyptus/eucalyptus-version
>        /etc/eucalyptus/vtunall.conf.template

Removed the first; fixed the other two.

>      These go in /usr/share/%name or /usr/libexec/%name:
>        /etc/eucalyptus/cloud.d/scripts/*
>        /etc/eucalyptus/cloud.d/upgrade/*
>        /usr/sbin/eucalyptus-*.init

Moved these into libexec, but had the symlink the cloud.d ones for now.

>      This goes with documentation:
>        /etc/eucalyptus/drbd.conf.example

Moved.

> The following configuration files are not marked with %config(noreplace) or
> %config:
>      /etc/eucalyptus/axis2.xml
>      /etc/eucalyptus/eucalyptus.conf
>      /etc/eucalyptus/httpd/conf/httpd-cc.conf
>      /etc/eucalyptus/httpd/conf/httpd-common.conf
>      /etc/eucalyptus/httpd/conf/httpd-nc.conf

Fixed.

> %install uses %{S:2}, whereas the rest of the file uses the %{SOURCE#}
> format.

Fixed (I found at least one other like this as well)

> /var/run/eucalyptus needs a tmpfiles.d entry.

Added.

> eucalyptus-cc cleanstart, cleanstop, and cleanrestart are supposed to be
> converted to standalone scripts.

/usr/sbin/eucalyptus-clean-cc is now a separate script which performs the "clean" function which was formerly part of the init script.

> The spec file must contain BuildRequires: systemd-units for the %_unitdir
> macro.

Fixed.
 
> The Java guidelines require arch-independent JARs to go under %_javadir, not
> /usr/share/eucalyptus.  This affects the following files:
>      /usr/share/eucalyptus/eucalyptus-auth-3.1.0.jar
>      ... 

Fixed.  /usr/share now just has symlinks.
 
> Similarly, JNI-using JARs must go in %_libdir/%name.  There is one of these:
>      /usr/share/eucalyptus/eucalyptus-storagecontroller-3.1.0.jar

Fixed
 
> Calls to System.loadLibrary must be replaced with System.load with complete
> .so paths.  This affects the following file in the source tree:
>     
> clc/modules/storage-controller/src/main/java/com/eucalyptus/storage/
> OverlayManager.java

Fixed

> /usr/lib/python2.7/site-packages/eucadmin/local.py from the python-eucadmin
> package requires m2crypto and python-paramiko.  However, that module is
> unused, so you could also patch it out if you would like.

Removed.

> 
> === Other commentary ===
> 
> I must admit that I am not a fan of macros like %eucastatedir, which don't
> really do much to enhance readability.  I would rather see the real paths
> inline.

I have remove most of these, except for:

%global eucalibexecdir    %{_libexecdir}/%{name}
%global eucadatadir       %{_datadir}/%{name}
%global eucajavalibdir    %{_datadir}/%{name}
%global helperdir         %{_datadir}/%{name}

These are here because they are things that the current upstream packages put in strange / unacceptable places, and files of distinctly different types are placed in the same directory.  Keeping these notations will make it easier to move these into cleaner directory structure at some point.  It's easy enough to run the srpm through rpmspec to get readable names.

> Are all of those httpd modules really necessary?

Nope.  The list is much smaller now.  Figuring out the smallest usable subset was nontrivial!

> If possible, please see if you can filter out Provides and Requires for
> internal libs.

Done.

> Please query upstream about including license files for the BSD sub-packages.

Filed an issue for this upstream.  I think it might be assigned to you.  ;)

> I'd change "Eucalyptus Enterprise Edition" to "Eucalyptus Enterprise
> plugins" since there's only one version of eucalyptus now.

where?  I don't see reference to this in the spec.  I only see it in a script in the tools directory.

> provide_abi isn't necessary for a Fedora package, so I'd just remove it.

Removed.

> You should probably add commentary about why you're explicitly setting LANG
> when you call make.

This was done due to a single invalid character, and has now been removed.

> Packaging guidelines:
> NO - Pre-built binaries, libs removed in %prep
>      tools/floppy contains grub

This is now truncated in prep.  Left as a placeholder and to avoid having to patch the makefile.

> NO - Requires correct, justified where necessary
>      cloud, sc should require systemd-units since they restart services

This has been changed.

> NO - Build honors applicable compiler flags or justifies otherwise
>      LDFLAGS not supplied to build

TODO.

> NO - PIE used for long-running/root daemons, setuid/filecap programs
>      Long-running daemons and setuid binaries require _hardened_build

TODO.

I'll post a new SPEC and SRPM later today when I finish these last two things.  I just wanted to give an update here document my progress.
Comment 19 Andy Grimm 2012-09-17 15:36:52 EDT
Updates:

* LDFLAGS are now set prior to configure, and I've confirmed that they are respected (a patch was needed for the mountwrap/rootwrap Makefile)

* _hardened_build is now set.

Note that this package is now using a git snapshot.  I've versioned it as a 3.1.2 prerelease, since that's the closest applicable version.

SPEC:
http://arg.fedorapeople.org/reviews/eucalyptus/3.1.2-0.3.20120917gitb8c109b4/eucalyptus.spec

SRPM:
http://arg.fedorapeople.org/reviews/eucalyptus/3.1.2-0.3.20120917gitb8c109b4/eucalyptus-3.1.2-0.3.20120917gitb8c109b4.fc18.src.rpm
Comment 20 Andy Grimm 2012-09-17 16:23:29 EDT
Also, latest koji scratch build:

http://koji.fedoraproject.org/koji/taskinfo?taskID=4493209
Comment 21 Marek Goldmann 2012-09-18 05:40:26 EDT
Releasing the review, since Garrett took it. Feel free to assign it to yourself.
Comment 22 Garrett Holmstrom 2012-09-25 21:10:04 EDT
Thanks for slogging through all that, Andy.  There's little left to go, as far as I can tell, though of course someone else could always chime in.

=== List of issues ===

Please filter out Provides for internal libraries.  These include:
     libEucalyptusCC.so()(64bit)
     libEucalyptusGL.so()(64bit)
     libEucalyptusNC.so()(64bit)
     liblvm2control.so()(64bit)

rpmlint found some filesystem permission issues.  The latter is due to +x.
     E: non-standard-executable-perm /usr/libexec/eucalyptus/shutdownCC 0555L
     E: script-without-shebang /usr/share/eucalyptus/floppy

=== Other commentary ===

You don't need to %doc the INSTALL file.

Are you sure you need to run euca_conf in %post?  You already write that info to eucalyptus.conf with sed during %install.

rpmlint complained about missing logrotate configs.  Does eucalyptus rotate all of its logs or would it benefit from logrotate's picking up any stragglers?

I suggest double-checking the license header with spot, but I'm not going to hold the review up for that.  It already has my best guess.

=== Review of eucalyptus-3.1.2-0.3.20120917gitb8c109b4 ===

Mandatory review guidelines:
NO - rpmlint output (attached)
     13 packages and 0 specfiles checked; 22 errors, 239 warnings.

     Most of the issues are bogus or previously-addressed.  The rest appear
     above.

ok - License is acceptable (GPLv3, LGPLv2+, ASL 2.0, BSD, Public Domain)
ok - License field in spec is correct
     It might be worth double-checking with spot to ensure this is correct.
ok - License files included in package %docs if included in source package
ok - License files installed when any subpackage combination is installed
     Upstream does not include license files for the BSD sub-packages
ok - Spec written in American English
ok - Spec is legible
-- - Sources match upstream unless altered to fix permissibility issues
     Built directly from upstream git
ok - Build succeeds on at least one primary arch
ok - Build succeeds on all primary arches or has ExcludeArch + bugs filed
ok - BuildRequires correct, justified where necessary
-- - Locales handled with %find_lang, not %_datadir/locale/*
-- - %post, %postun call ldconfig if package contains shared .so files
ok - No bundled libs
-- - Relocatability is justified
ok - Package owns all directories it creates
ok - Package requires others for directories it uses but does not own
ok - No duplication in %files unless necessary for license files
NO - File permissions are sane
     -rwxr-xr-x root root /usr/share/eucalyptus/floppy
     -r-xr-xr-x root root /usr/libexec/eucalyptus/shutdownCC
ok - Package contains permissible code or content
ok - Large docs go in -doc subpackage
ok - %doc files not required at runtime
-- - Static libs go in -static package/virtual Provides
-- - Development files go in -devel package
-- - -devel packages Require base with fully-versioned dependency, %_isa
ok - No .la files
-- - GUI app uses .desktop file, installs it with desktop-file-install
ok - File list does not conflict with other packages' without justification
ok - File names are valid UTF-8

Optional review guidelines:
ok - Query upstream about including license files
-- - Translations of description, summary
ok - Builds in mock
no - Builds on all arches
     (Standard no-java-on-ppc disclaimer)
ok - Scriptlets are sane
ok - Subpackages require base with fully-versioned dependency if sensible
-- - .pc file subpackage placement is sensible
ok - No file deps outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin
ok - Include man pages if available

Naming guidelines:
ok - Package names use only a-zA-Z0-9-._+ subject to restrictions on -._+
ok - Package names are sane
ok - No naming conflicts
ok - Spec file name matches base package name
ok - Version is sane
ok - Version does not contain ~
ok - Release is sane
ok - %dist tag
ok - Case used only when necessary
-- - Renaming handled correctly

Packaging guidelines:
ok - Useful without external bits
ok - No kmods
ok - Pre-built binaries, libs removed in %prep
ok - Sources contain only redistributable code or content
ok - Spec format is sane
ok - Package obeys FHS, except libexecdir, /run, /usr/target
ok - No files in /bin, /sbin, /lib* on >= F17
-- - Programs run before FS mounting use /run instead of /var/run
-- - Binaries in /bin, /sbin do not depend on files in /usr on < F17
ok - No files under /srv, /opt, /usr/local
ok - Changelog in prescribed format
ok - No Packager, Vendor, Copyright, PreReq tags
ok - Summary does not end in a period
-- - Correct BuildRoot tag on < EL6
-- - Correct %clean section on < EL6
ok - Requires correct, justified where necessary
ok - Summary, description do not use trademarks incorrectly
ok - All relevant documentation is packaged, appropriately marked with %doc
ok - Doc files do not drag in extra dependencies (e.g. due to +x)
ok - Code compilable with gcc is compiled with gcc
ok - Build honors applicable compiler flags or justifies otherwise
ok - PIE used for long-running/root daemons, setuid/filecap programs
ok - Useful -debuginfo package or disabled and justified
-- - Package with .pc files Requires pkgconfig on < EL6
ok - No static executables
ok - Rpath absent or only used for internal libs
ok - Config files marked with %config(noreplace) or justified %config
ok - No config files under /usr
-- - Third party package manager configs acceptable, in %_docdir
-- - .desktop files are sane
ok - Spec uses macros consistently
ok - Spec uses macros instead of hard-coded names where appropriate
ok - Spec uses macros for executables only when configurability is needed
-- - %makeinstall used only when alternatives don't work
-- - Macros in Summary, description are expandable at srpm build time
ok - Spec uses %{SOURCE#} instead of $RPM_SOURCE_DIR and %sourcedir
ok - No software collections (scl)
-- - Macro files named /etc/rpm/macros.%name
ok - Build uses only python/perl/shell+coreutils/lua/BuildRequired langs
ok - %global, not %define
-- - Package translating with gettext BuildRequires it
-- - Package translating with Linguist BuildRequires qt-devel
ok - File ops preserve timestamps
no - Parallel make
     Justified in spec
ok - No Requires(pre,post) notation
ok - User, group creation handled correctly (See Packaging:UsersAndGroups)
     Note that the packaging guidelines require shadow-utils, not paths.
ok - Web apps go in /usr/share/%name, not /var/www
-- - Conflicts are justified
ok - One project per package
ok - No bundled fonts
ok - Patches have appropriate commentary
-- - Available test suites executed in %check
ok - tmpfiles.d used for /run, /run/lock on >= F15

Systemd guidelines:
ok - Traditional service uses a unit file
ok - Non-standard service commands converted to standalone scripts
ok - Unit names are sane
ok - Description= lines do not exceed 80 characters
-- - Documentation field has correct URI format
ok - Service Types= are correct
ok - Requires=, Wants= used only when necessary
ok - Units do not refer to runlevel*.target
ok - Symlinks used instead of Name=
ok - StandardOutput=, StandardError= used only when necessary
-- - Socket-activated service has FESCo approval, correct unit files
ok - Unit files go in %_unitdir
ok - BuildRequires: systemd-units for %_unitdir macro
ok - Packaged unit files are not %config files
ok - Unit file scriptlets are correct

Java guidelines:
-- - Javadocs go in javadoc subpackage
ok - Prefer split JARs over monolithic
ok - JAR file names correct
ok - JAR files go in %{_javadir} or %{_javadir}-$version
ok - Multiple JAR files go in a %{name} subdirectory
-- - Javadocs go in unversioned %{_javadocdir}/%{name}
-- - javadoc subpackage is noarch on > EL5
ok - BuildRequires java-devel, jpackage-utils
ok - Requires java, jpackage-utils
ok - Dependencies on java/java-devel >= 1.6.0 add epoch 1
-- - Package requiring maven2 Requires jpackage-utils for post and postun
-- - Package requiring maven contains correct maven-specific code in spec
-- - Wrapper script in %{_bindir}
-- - GCJ AOT bits follow GCJ guidelines
ok - No devel package
-- - pom.xml files, if any, installed with %add_maven_depmap
ok - JNI shared objects, JARs that require them go in %{_libdir}/%{name}
ok - Calls to System.loadLibrary replaced w/ System.load w/ full .so path
ok - Bundled JAR files not included or used for build
ok - No Javadoc %post/%ghost
ok - No class-path elements in JAR manifests

Perl guidelines:
ok - Module requirements use virtual perl(modname) syntax
ok - Spec BuildRequires correct core modules, not perl-devel
-- - Spec contains correct MODULE_COMPAT Requires
ok - Requires/Provides are sane
-- - CPAN URL tag is not versioned
-- - All tests enabled where possible
-- - Use Build.PL if present unless justified otherwise
-- - .h files not split into -devel package

Python guidelines:
ok - Runtime Requires correct
-- - Python macros declared on < EL6
ok - All .py files packaged with .pyc, .pyo counterparts
-- - Includes .egg-info files/directories when generated
ok - Provides/Requires properly filtered
-- - Code that invokes gtk.gdk.get_pixels_array() Requires numpy
Comment 23 Garrett Holmstrom 2012-09-25 21:11:08 EDT
Created attachment 617345 [details]
rpmlint output for eucalyptus-3.1.2-0.3.20120917gitb8c109b4
Comment 24 Andy Grimm 2012-10-03 12:57:19 EDT
Update:
* Filtered out the lib provides
* Fixed the permissions on the two files mentioned
* Removed INSTALL from %doc line
* Removed euca_conf from %post

I will investigate the logrotate thing, but I don't want to do something that conflicts with the 3.2 logging changes, so I need to talk to other developers about this.

New build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=4555991

SPEC:
https://raw.github.com/a13m/eucalyptus-rpmspec/32ce790eab950df06579249ca6a918aa6c757457/eucalyptus.spec

SRPM:
http://kojipkgs.fedoraproject.org//work/tasks/5992/4555992/eucalyptus-3.1.2-0.5.20120917gitb8c109b4.fc18.src.rpm
Comment 25 Garrett Holmstrom 2012-10-05 17:32:05 EDT
Created attachment 622466 [details]
rpmlint output for eucalyptus-3.1.2-0.5.20120917gitb8c109b4
Comment 26 Garrett Holmstrom 2012-10-05 19:24:41 EDT
That looks good to me.  The cc package requires euca_conf twice, but that isn't going to break anything.

Nice job!

=== Review of eucalyptus-3.1.2-0.5.20120917gitb8c109b4 ===

Mandatory review guidelines:
ok - rpmlint output (attached)
     13 packages and 0 specfiles checked; 20 errors, 243 warnings.
     The issues here are bogus or already addressed in the spec or this bug.

ok - License is acceptable (GPLv3, LGPLv2+, ASL 2.0, BSD, Public Domain)
ok - License field in spec is correct
     It might be worth double-checking with spot to ensure this is correct.
ok - License files included in package %docs if included in source package
ok - License files installed when any subpackage combination is installed
     Upstream does not include license files for the BSD sub-packages
ok - Spec written in American English
ok - Spec is legible
-- - Sources match upstream unless altered to fix permissibility issues
     Built directly from upstream git
ok - Build succeeds on at least one primary arch
ok - Build succeeds on all primary arches or has ExcludeArch + bugs filed
ok - BuildRequires correct, justified where necessary
-- - Locales handled with %find_lang, not %_datadir/locale/*
-- - %post, %postun call ldconfig if package contains shared .so files
ok - No bundled libs
-- - Relocatability is justified
ok - Package owns all directories it creates
ok - Package requires others for directories it uses but does not own
ok - No duplication in %files unless necessary for license files
ok - File permissions are sane
ok - Package contains permissible code or content
ok - Large docs go in -doc subpackage
ok - %doc files not required at runtime
-- - Static libs go in -static package/virtual Provides
-- - Development files go in -devel package
-- - -devel packages Require base with fully-versioned dependency, %_isa
ok - No .la files
-- - GUI app uses .desktop file, installs it with desktop-file-install
ok - File list does not conflict with other packages' without justification
ok - File names are valid UTF-8

Optional review guidelines:
ok - Query upstream about including license files
-- - Translations of description, summary
ok - Builds in mock
no - Builds on all arches
     (Standard no-java-on-ppc disclaimer)
ok - Scriptlets are sane
ok - Subpackages require base with fully-versioned dependency if sensible
-- - .pc file subpackage placement is sensible
ok - No file deps outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin
ok - Include man pages if available

Naming guidelines:
ok - Package names use only a-zA-Z0-9-._+ subject to restrictions on -._+
ok - Package names are sane
ok - No naming conflicts
ok - Spec file name matches base package name
ok - Version is sane
ok - Version does not contain ~
ok - Release is sane
ok - %dist tag
ok - Case used only when necessary
-- - Renaming handled correctly

Packaging guidelines:
ok - Useful without external bits
ok - No kmods
ok - Pre-built binaries, libs removed in %prep
ok - Sources contain only redistributable code or content
ok - Spec format is sane
ok - Package obeys FHS, except libexecdir, /run, /usr/target
ok - No files in /bin, /sbin, /lib* on >= F17
-- - Programs run before FS mounting use /run instead of /var/run
-- - Binaries in /bin, /sbin do not depend on files in /usr on < F17
ok - No files under /srv, /opt, /usr/local
ok - Changelog in prescribed format
ok - No Packager, Vendor, Copyright, PreReq tags
ok - Summary does not end in a period
-- - Correct BuildRoot tag on < EL6
-- - Correct %clean section on < EL6
ok - Requires correct, justified where necessary
ok - Summary, description do not use trademarks incorrectly
ok - All relevant documentation is packaged, appropriately marked with %doc
ok - Doc files do not drag in extra dependencies (e.g. due to +x)
ok - Code compilable with gcc is compiled with gcc
ok - Build honors applicable compiler flags or justifies otherwise
ok - PIE used for long-running/root daemons, setuid/filecap programs
ok - Useful -debuginfo package or disabled and justified
-- - Package with .pc files Requires pkgconfig on < EL6
ok - No static executables
ok - Rpath absent or only used for internal libs
ok - Config files marked with %config(noreplace) or justified %config
ok - No config files under /usr
-- - Third party package manager configs acceptable, in %_docdir
-- - .desktop files are sane
ok - Spec uses macros consistently
ok - Spec uses macros instead of hard-coded names where appropriate
ok - Spec uses macros for executables only when configurability is needed
-- - %makeinstall used only when alternatives don't work
-- - Macros in Summary, description are expandable at srpm build time
ok - Spec uses %{SOURCE#} instead of $RPM_SOURCE_DIR and %sourcedir
ok - No software collections (scl)
-- - Macro files named /etc/rpm/macros.%name
ok - Build uses only python/perl/shell+coreutils/lua/BuildRequired langs
ok - %global, not %define
-- - Package translating with gettext BuildRequires it
-- - Package translating with Linguist BuildRequires qt-devel
ok - File ops preserve timestamps
no - Parallel make
     Noted in spec
ok - No Requires(pre,post) notation
ok - User, group creation handled correctly (See Packaging:UsersAndGroups)
     Note that the packaging guidelines require shadow-utils, not paths.
ok - Web apps go in /usr/share/%name, not /var/www
-- - Conflicts are justified
ok - One project per package
ok - No bundled fonts
ok - Patches have appropriate commentary
-- - Available test suites executed in %check
ok - tmpfiles.d used for /run, /run/lock on >= F15

Systemd guidelines:
ok - Traditional service uses a unit file
ok - Non-standard service commands converted to standalone scripts
ok - Unit names are sane
ok - Description= lines do not exceed 80 characters
-- - Documentation field has correct URI format
ok - Service Types= are correct
ok - Requires=, Wants= used only when necessary
ok - Units do not refer to runlevel*.target
ok - Symlinks used instead of Name=
ok - StandardOutput=, StandardError= used only when necessary
-- - Socket-activated service has FESCo approval, correct unit files
ok - Unit files go in %_unitdir
ok - BuildRequires: systemd-units for %_unitdir macro
ok - Packaged unit files are not %config files
ok - Unit file scriptlets are correct

Java guidelines:
-- - Javadocs go in javadoc subpackage
ok - Prefer split JARs over monolithic
ok - JAR file names correct
ok - JAR files go in %{_javadir} or %{_javadir}-$version
ok - Multiple JAR files go in a %{name} subdirectory
-- - Javadocs go in unversioned %{_javadocdir}/%{name}
-- - javadoc subpackage is noarch on > EL5
ok - BuildRequires java-devel, jpackage-utils
ok - Requires java, jpackage-utils
ok - Dependencies on java/java-devel >= 1.6.0 add epoch 1
-- - Package requiring maven2 Requires jpackage-utils for post and postun
-- - Package requiring maven contains correct maven-specific code in spec
-- - Wrapper script in %{_bindir}
-- - GCJ AOT bits follow GCJ guidelines
ok - No devel package
-- - pom.xml files, if any, installed with %add_maven_depmap
ok - JNI shared objects, JARs that require them go in %{_libdir}/%{name}
ok - Calls to System.loadLibrary replaced w/ System.load w/ full .so path
ok - Bundled JAR files not included or used for build
ok - No Javadoc %post/%ghost
ok - No class-path elements in JAR manifests

Perl guidelines:
ok - Module requirements use virtual perl(modname) syntax
ok - Spec BuildRequires correct core modules, not perl-devel
-- - Spec contains correct MODULE_COMPAT Requires
ok - Requires/Provides are sane
-- - CPAN URL tag is not versioned
-- - All tests enabled where possible
-- - Use Build.PL if present unless justified otherwise
-- - .h files not split into -devel package

Python guidelines:
ok - Runtime Requires correct
-- - Python macros declared on < EL6
ok - All .py files packaged with .pyc, .pyo counterparts
-- - Includes .egg-info files/directories when generated
ok - Provides/Requires properly filtered
-- - Code that invokes gtk.gdk.get_pixels_array() Requires numpy
Comment 27 Andy Grimm 2012-10-05 19:50:48 EDT
New Package SCM Request
=======================
Package Name: eucalyptus
Short Description: Elastic Utility Computing Architecture
Owners: madsa arg gholms
Branches: f17 f18
InitialCC:
Comment 28 Jason Tibbitts 2012-10-08 12:39:36 EDT
This ticket is not assigned to anyone.  Please fix and re-raise the flag.
Comment 29 Andy Grimm 2012-10-08 12:55:04 EDT
New Package SCM Request
=======================
Package Name: eucalyptus
Short Description: Elastic Utility Computing Architecture
Owners: madsa arg gholms
Branches: f17 f18
InitialCC:
Comment 30 Gwyn Ciesla 2012-10-09 06:55:50 EDT
Git done (by process-git-requests).
Comment 31 Fedora Update System 2012-10-09 14:16:22 EDT
eucalyptus-3.1.2-0.6.20120917gitb8c109b4.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/eucalyptus-3.1.2-0.6.20120917gitb8c109b4.fc18
Comment 32 Fedora Update System 2012-10-10 01:04:56 EDT
eucalyptus-3.1.2-0.6.20120917gitb8c109b4.fc18 has been pushed to the Fedora 18 testing repository.

Note You need to log in before you can comment on or make changes to this bug.