[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rpmlint warnings/errors

There is a versioned .so file, however, applications that use this package
often perform a dlopen(libopencryptoki.so, ...) at runtime. Removing this
link from the base package would cause problems for those applications
(or force the installer to create the symlinks themselves).

The pkcs11 group is created during %pre.

The daemon started by the init script is pkcsslotd, but the package
is opencryptoki (since it implements the Cryptoki spec). It seems to me
more natural to have the script named for the daemon than the
package as long as this is acceptable to the reviewers.

Thanks ...

>>>>> "DHJ" == Daniel H Jones <Daniel> writes:

DHJ> Is it sufficient to provide some explanation of the warning when
DHJ> a package is submitted?

It would help the reviewer if you did so.

DHJ> I have not found a list of acceptable/unacceptable rpmlint
DHJ> issues.

http://fedoraproject.org/wiki/Packaging/CommonRpmlintIssues (just
getting started).  You're free to add things there.  Make sure you run
"rpmlint -i" if you just need additional information about what
rpmlint is complaining about.

DHJ> W: opencryptoki devel-file-in-non-devel-package
DHJ> /usr/lib/libopencryptoki.so

Do you have a versioned .so file there as well
(i.e. libopencryptoki.so.1.2)?  If so, this is a blocker.

DHJ> E: opencryptoki non-standard-gid
DHJ> /var/lib/opencryptoki pkcs11

Not a blocker, assuming you properly create that user.

DHJ> W: opencryptoki
DHJ> service-default-enabled /etc/rc.d/init.d/pkcsslotd

This is a blocker.  Packages should not install services which are
turned on by default; otherwise, someone who installs a bunch of
packages ends up with a bunch of enabled services.  (Imagine the
theoretical "Everything" install.)

DHJ> W: opencryptoki incoherent-init-script-name pkcsslotd

It helps if the init file is named in such a way that it is associated
with the package, but this is not always reasonable.

- J<

Dan Jones
IBM Linux Technology Center, Security
512-838-1794 (T/L 678-1794)
danjones us ibm com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]