[Bug 280541] Review Request: setools - SELinux policy analysis tools
bugzilla at redhat.com
bugzilla at redhat.com
Sun Sep 9 16:59:28 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: setools - SELinux policy analysis tools
https://bugzilla.redhat.com/show_bug.cgi?id=280541
------- Additional Comments From mtasaka at ioa.s.u-tokyo.ac.jp 2007-09-09 12:59 EST -------
Created an attachment (id=191091)
--> (https://bugzilla.redhat.com/attachment.cgi?id=191091&action=view)
rpmlint complaint for 3.3.1-1
Well, for 3.3.1-1 there are not a few issues to be fixed.
Please check the following URLs for general packaging issue.
http://fedoraproject.org/wiki/Packaging/Guidelines
http://fedoraproject.org/wiki/Packaging/ReviewGuidelines
A. %description stage
* AutoReqProv
- Please explain you want to disable AutoReqProv.
The fact that you check the libraries' dependencies is _not_
a good reason because even in the case it is still preferable
that the dependency for libraries are _also_ automatically
checked by __find_requires. Usually you must only write
"version specific Requires" for libraries and leave the other
libraries' dependency to __find_requires unless you have special
reason you don't want to.
- Also, please consider to remove redundant version
specific dependency. For example, even FC6 has GTK 2.10.13
and I don't find any reason you want to write
"%define gtk_ver 2.8".
* EVR specific dependency
- Dependency between subpackages must be EVR (epoch:version:*release*)
specific.
* Vertual provides
- Please explain why you want to add vertual provides such as
"Provides: libqpol = %{libqpol_ver}". This may cause some
complicated problems for upgrade paths by yum.
* Typo
- "sqlite >= ${sqlite_ver}" and so on are apparent typo.
B. %prep/%build/%install stage
* Timestamp
- Please keep timestamp. When using "install" or "cp", use
"-p" option.
- Also,
--------------------------------------------------------
make DESTDIR=${RPM_BUILD_ROOT} INSTALL="install -p" install
--------------------------------------------------------
is more preferable to keep timestamps on more files.
* Macros
- Please use macros. For example, /usr/share must be %_datadir.
http://fedoraproject.org/wiki/Packaging/RPMMacros
* Desktop file
- desktop file must be installed by using "desktop-file-install"
(BuildRequires: desktop-file-utils is needed).
C. %files
* defattr
- Now we recommend %defattr(-,root,root,-)
- Note: %defattr(0755,root,root) is usually wrong (see
the debuginfo issue below).
* Directory ownership issue
- Please make it ensure that all the directories created by
setools related rpms are surely owned by setools related rpms.
Actually many directories are not owned.
----------------------------------------------------
/usr/include/apol
/usr/include/poldiff
/usr/include/qpol
/usr/lib/python2.5/site-packages/setools/
.... (and many others)
----------------------------------------------------
! Note: When you write
----------------------------------------------------
%files
foo/
----------------------------------------------------
(where foo is a directory), this means the directory foo/
itself and all files/directories/etc.. under foo/.
This way of writing %files entry cleans up and shorten
%files entry and makes directory ownership issue more
visible than writing verbose file lists.
* static archive
- Static archive must be seperated from -devel subpackage
and must be packages in another subpackage.
D. rpmlint
The result for rpmlint is attached (please check how rpmlint
complains before submitting)
You can get the explanation of each rpmlint by using
"rpmlint -I". For example:
--------------------------------------------------------
[tasaka1 at localhost ~]$ rpmlint -I mixed-use-of-spaces-and-tabs
mixed-use-of-spaces-and-tabs :
The specfile mixes use of spaces and tabs for indentation, which is a
cosmetic annoyance. Use either spaces or tabs for indentation, not both.
--------------------------------------------------------
Summary:
* mixed-use-of-spaces-and-tabs
- See above.
* non-executable-script
- /usr/share/setools-3.3/seaudit-report-service must have
executable permission
* script-without-shebang
- Scripts without shebang must not have executable permission
* unstripped-binary-or-object
- Setting executable permission by %attr like
--------------------------------------------------------------
%attr(755,root,root) %{pkgpyexecdir}/_qpol.so
--------------------------------------------------------------
is actually not right.
Unless binaries have executable permission at the time %install
ends, the binaries are not stripped by find-debuginfo.sh or
so.
i.e. you have to change those binaries by the time %install
ends "manually", not by trying to set executable permission
by %attr.
* use-old-pam-stack
- Using "pam_stack.so" is deprecated, and moreover, pam_stack.so
module is *removed* from pam. So %_sysconfdir/pam.d/seaudit
must be updated not to use pam_stack.so.
* invalid-desktopfile
- See above (desktop-file-install)
* devel-file-in-non-devel-package
- Symlinks %_libdir/*.so should be moved to -devel subpackage
* symlink-should-be-relative
- Please change symlinks to relative, not absolute.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-package-review
mailing list