Bug 905024 - Review Request: bind10 - The Berkeley Internet Name Domain 10 (BIND10) DNS and DHCP suite
Review Request: bind10 - The Berkeley Internet Name Domain 10 (BIND10) DNS an...
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Hozza
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-28 07:07 EST by Adam Tkac
Modified: 2013-04-30 19:53 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-20 11:54:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
thozza: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)
Comment (70.70 KB, text/plain)
2013-02-04 12:17 EST, Tomas Hozza
no flags Details

  None (edit)
Description Adam Tkac 2013-01-28 07:07:33 EST
Spec URL: http://atkac.fedorapeople.org/bind10/bind10.spec
SRPM URL: http://atkac.fedorapeople.org/bind10/bind10-1.0.0-0.1.beta.fc18.src.rpm
Description: BIND10 DNS and DHCP suite
Fedora Account System Username: atkac
Comment 1 Tomas Hozza 2013-02-04 12:17:45 EST
Created attachment 915668 [details]
Comment

(This comment was longer than 65,535 characters and has been moved to an attachment by Red Hat Bugzilla).
Comment 2 Adam Tkac 2013-02-08 11:09:43 EST
(In reply to comment #1)
> ISSUES:
> -------
> 
> (1): Development (unversioned) .so files in -devel subpackage, if present.
>      Note: Unversioned so-files in private %_libdir subdirectory (see
>      attachment). Verify they are not in ld path. 
> 
> Unversioned so-files
> --------------------
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/log.so
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/util/cio/socketsession.so
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/libutil_io_python.so
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/pydnspp.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/acl/_dns.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/acl/acl.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/datasrc/datasrc.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/libexec/bind10/backends/memory_ds.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/libexec/bind10/backends/sqlite3_ds.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/libexec/bind10/backends/static_ds.so
> 
>      This is probably OK. Please correct me if I'm wrong.

Right, those libs shouldn't be versioned.

> (2): Fully versioned dependency in subpackages, if present.
>      Note: No Requires: %{name}t = %{version}-%{release} in %package
>      libs, %package devel
> 
>      Please add %{?_isa} macro in %package libs and %package devel Requires
>      sections.

This macro is needed only in -devel pkg because no other subpackage explicitly requires bind10-libs.

> 
> (3): License file installed when any subpackage combination is installed.
> 
>      License is part of bind10-libs subpackage. But this subpackage is
>      not Required by the base package! I think you should add Requires:
>      %{name}-libs%{?_isa} = %{version}-%{release} into the base package.

Since binaries in the base package depends on libraries shipped in bind10-libs, this dependency is automatically generated (for example b10-sockcreator from bind10 depends on libb10-exceptions.so from bind10-libs).

> 
> (4): SourceX / PatchY prefixed with %{name}.
>      Note: Patch0 (0001-Rpath.patch)
> 
>      Please consider renaming this patch.

Renamed.

> (5): %check is present and all tests pass.
> 
>      %check section is NOT present and no tests are run. Please consider
> adding
>      %check section and run tests provided by upstream.

Tests require root privileges so it's not possible to run them during build.

> 
> (6): Large data in /usr/share should live in a noarch subpackage if package
> is
>      arched.
>      Note: Arch-ed rpms have a total of 1003520 bytes in /usr/share 901120
>      bind10-1.0.0-0.1.beta.fc17.x86_64.rpm 10240
>      bind10-libs-1.0.0-0.1.beta.fc17.x86_64.rpm 61440
>      bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm 30720
>      bind10-dhcp-1.0.0-0.1.beta.fc17.x86_64.rpm
> 
>      Please explain why data in /usr/share are not packed separately or
>      pack them in a separate subpackage.

From my point of view ~1MB of documentation is not much so I'm not going to create separate doc package for now.

> (7): RPMlint errors:
> 
>      bind10.x86_64: E: non-readable /etc/bind10/cmdctl-certfile.pem 0640L
>      bind10.x86_64: E: non-readable /etc/bind10/cmdctl-keyfile.pem 0640L
>      bind10.x86_64: E: non-standard-dir-perm /var/bind10 01775L
>      bind10.x86_64: E: non-readable /etc/bind10/cmdctl-accounts.csv 0640L
> 
>      This looks OK to me. Correct me if I'm wrong. Also please explain
>      the usage of sticky bit on /var/bind10.

Without the sticky bit on /var/bind10, bind10 cannot run under unprivileged user. This might be a bug in bind10 but I'm not sure, yet. For now we can leave /var/bind10 with sticky bit.
Comment 3 Adam Tkac 2013-02-08 11:12:21 EST
Updated spec and srpm:
http://atkac.fedorapeople.org/bind10/bind10.spec
http://atkac.fedorapeople.org/bind10/bind10-1.0.0-0.2.beta.fc18.src.rpm

I also renamed original specfile to bind10.spec.1 and put it on http://atkac.fedorapeople.org/bind10/. You can compare changes in specfile to avoid doing whole review again...
Comment 4 Tomas Hozza 2013-02-11 04:42:24 EST
(In reply to comment #2)
> (In reply to comment #1)
> > (2): Fully versioned dependency in subpackages, if present.
> >      Note: No Requires: %{name}t = %{version}-%{release} in %package
> >      libs, %package devel
> > 
> >      Please add %{?_isa} macro in %package libs and %package devel Requires
> >      sections.
> 
> This macro is needed only in -devel pkg because no other subpackage
> explicitly requires bind10-libs.

OK, -devel package has it so no issue here.

> > (3): License file installed when any subpackage combination is installed.
> > 
> >      License is part of bind10-libs subpackage. But this subpackage is
> >      not Required by the base package! I think you should add Requires:
> >      %{name}-libs%{?_isa} = %{version}-%{release} into the base package.
> 
> Since binaries in the base package depends on libraries shipped in
> bind10-libs, this dependency is automatically generated (for example
> b10-sockcreator from bind10 depends on libb10-exceptions.so from
> bind10-libs).

I checked it again and it seems you are right. 

> > (4): SourceX / PatchY prefixed with %{name}.
> >      Note: Patch0 (0001-Rpath.patch)
> > 
> >      Please consider renaming this patch.
> 
> Renamed.

Resolved in bind10-1.0.0-0.2.beta.fc18.src.rpm.

> > (5): %check is present and all tests pass.
> > 
> >      %check section is NOT present and no tests are run. Please consider
> > adding
> >      %check section and run tests provided by upstream.
> 
> Tests require root privileges so it's not possible to run them during build.

Thank you for explanation.

> > (6): Large data in /usr/share should live in a noarch subpackage if package
> > is
> >      arched.
> >      Note: Arch-ed rpms have a total of 1003520 bytes in /usr/share 901120
> >      bind10-1.0.0-0.1.beta.fc17.x86_64.rpm 10240
> >      bind10-libs-1.0.0-0.1.beta.fc17.x86_64.rpm 61440
> >      bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm 30720
> >      bind10-dhcp-1.0.0-0.1.beta.fc17.x86_64.rpm
> > 
> >      Please explain why data in /usr/share are not packed separately or
> >      pack them in a separate subpackage.
> 
> From my point of view ~1MB of documentation is not much so I'm not going to
> create separate doc package for now.

I agree.

> > (7): RPMlint errors:
> > 
> >      bind10.x86_64: E: non-readable /etc/bind10/cmdctl-certfile.pem 0640L
> >      bind10.x86_64: E: non-readable /etc/bind10/cmdctl-keyfile.pem 0640L
> >      bind10.x86_64: E: non-standard-dir-perm /var/bind10 01775L
> >      bind10.x86_64: E: non-readable /etc/bind10/cmdctl-accounts.csv 0640L
> > 
> >      This looks OK to me. Correct me if I'm wrong. Also please explain
> >      the usage of sticky bit on /var/bind10.
> 
> Without the sticky bit on /var/bind10, bind10 cannot run under unprivileged
> user. This might be a bug in bind10 but I'm not sure, yet. For now we can
> leave /var/bind10 with sticky bit.

Having a sticky bit is not a big issue, it's just non standard. Thank you for explanation.


Issues have been resolved. This PACKAGE HAS BEEN APPROVED!
Comment 5 Adam Tkac 2013-02-11 08:14:15 EST
New Package SCM Request
=======================
Package Name: bind10
Short Description: The BIND10 DNS and DHCP suite
Owners: atkac
Branches: 
InitialCC:
Comment 6 Jon Ciesla 2013-02-11 08:53:54 EST
Git done (by process-git-requests).
Comment 7 Adam Tkac 2013-02-20 11:54:22 EST
bind10-1.0.0-0.4.beta.fc19 has been successfully built, closing.

Note You need to log in before you can comment on or make changes to this bug.