[Bug 225292] Merge Review: audit

bugzilla at redhat.com bugzilla at redhat.com
Fri Jan 11 17:47:18 UTC 2008 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Merge Review: audit


https://bugzilla.redhat.com/show_bug.cgi?id=225292





------- Additional Comments From kevin at tummy.com  2008-01-11 12:47 EST -------
OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name.
OK - Spec has consistant macro usage.
OK - Meets Packaging Guidelines.
OK - License (LGPLv2+, GPLv2+)
OK - License field in spec matches
OK - License file included in package
OK - Spec in American English
OK - Spec is legible.
OK - Sources match upstream md5sum:
53ede8c7422cb251d01d06c7a5e3027b  audit-1.6.5.tar.gz
53ede8c7422cb251d01d06c7a5e3027b  audit-1.6.5.tar.gz.1
OK - BuildRequires correct
OK - Spec handles locales/find_lang
OK - Package has %defattr and permissions on files is good.
OK - Package has a correct %clean section.
OK - Package has correct buildroot
OK - Package is code or permissible content.
OK - Packages %doc files don't affect runtime.
OK - Package has rm -rf RPM_BUILD_ROOT at top of %install
OK - Headers/static libs in -devel subpackage.
See below - Spec has needed ldconfig in post and postun
OK - .so files in -devel subpackage.
OK - -devel package Requires: %{name} = %{version}-%{release}
OK - .la files are removed.
See below - Package is a GUI app and has a .desktop file

OK - Package compiles and builds on at least one arch.
OK - Package has no duplicate files in %files.
OK - Package doesn't own any directories other packages own.
OK - Package owns all the directories it creates.
See below - No rpmlint output.
OK - final provides and requires are sane.

SHOULD Items:

OK - Should build in mock.
OK - Should build on all supported archs
OK - Should function as described.
OK - Should have sane scriptlets.
OK - Should have subpackages require base package with fully versioned depend.
OK - Should have dist tag
OK - Should package latest version
OK - check for outstanding bugs on package.

Issues:

1. You should not call rpm from inside a spec file. Just use the hard coded version
of selinux-policy thats available?

2. The Source0 url should be:
http://people.redhat.com/sgrubb/audit/audit-1.6.5.tar.gz

3. Why is the check section commented? Not working?
Perhaps add a comment why it's not working and when it's expected to be added.

4. Do you need to ship static libs here?

5. The postun for libs can be simplified from:
%postun libs
/sbin/ldconfig 2>/dev/null

to:

%postun libs -p /sbin/ldconfig

6. Please use desktop-file-install to install the desktop file...
see:
http://fedoraproject.org/wiki/Packaging/Guidelines#head-d559ee7363418a5840ce63090c608c991cd39ce6

7. You can probibly remove
Prereq: coreutils

8. rpmlint says:

The following seem ignorable:

audispd-plugins.x86_64: E: non-readable /sbin/audispd-zos-remote 0750
audispd-plugins.x86_64: E: non-standard-executable-perm /sbin/audispd-zos-remote
0750
audispd-plugins.x86_64: E: non-readable
/etc/audisp/plugins.d/audispd-zos-remote.conf 0640
audispd-plugins.x86_64: E: non-readable /etc/audisp/zos-remote.conf 0640
audispd-plugins.x86_64: E: non-readable /etc/audisp/plugins.d/syslog.conf 0640
audispd-plugins.x86_64: W: non-conffile-in-etc /etc/audisp/plugins.d/syslog.conf
audit.x86_64: E: non-standard-dir-perm /etc/audisp/plugins.d 0750
audit.x86_64: E: non-readable /etc/audit/audit.rules 0640
audit.x86_64: E: non-standard-dir-perm /usr/lib64/audit 0750
audit.x86_64: E: non-readable /sbin/aulastlog 0750
audit.x86_64: E: non-standard-executable-perm /sbin/aulastlog 0750
audit.x86_64: E: non-standard-dir-perm /etc/audit 0750
audit.x86_64: E: non-readable /sbin/autrace 0750
audit.x86_64: E: non-standard-executable-perm /sbin/autrace 0750
audit.x86_64: E: non-readable /sbin/auditctl 0750
audit.x86_64: E: non-standard-executable-perm /sbin/auditctl 0750
audit.x86_64: E: non-readable /sbin/auditd 0750
audit.x86_64: E: non-standard-executable-perm /sbin/auditd 0750
audit.x86_64: E: non-readable /etc/audisp/audispd.conf 0640
audit.x86_64: E: non-readable /sbin/audispd 0750
audit.x86_64: E: non-standard-executable-perm /sbin/audispd 0750
audit.x86_64: E: non-readable /etc/audit/auditd.conf 0640
audit.x86_64: E: non-standard-dir-perm /etc/audisp 0750
audit.x86_64: E: non-readable /etc/audisp/plugins.d/af_unix.conf 0640
audit.x86_64: E: non-standard-dir-perm /var/log/audit 0750
audit.x86_64: E: non-readable /etc/sysconfig/auditd 0640
audit-libs.x86_64: W: no-documentation
audit-libs.x86_64: E: non-readable /etc/libaudit.conf 0640
audit-libs-python.x86_64: W: no-documentation
audit-libs-python.x86_64: E: non-standard-executable-perm
/usr/lib64/python2.5/site-packages/auparse.so 0775
audit.x86_64: W: service-default-enabled /etc/rc.d/init.d/auditd
audit.x86_64: W: service-default-enabled /etc/rc.d/init.d/auditd

These seem like they should be addressed:

audit.x86_64: W: non-conffile-in-etc /etc/audisp/plugins.d/af_unix.conf

Make it a config?

audit.src:21: W: prereq-use coreutils

Remove it?

audit.src:232: E: hardcoded-library-path in
/usr/lib/python?.?/site-packages/audit.py*

Are these arch independent? Then this can be ignored.

audit.x86_64: W: log-files-without-logrotate /var/log/audit

Add a logrotate file?

audit.x86_64: W: dangerous-command-in-%post mv

Do you need those upgrade commands in post anymore?
Perhaps remove them or comment on what version is migrated here so it can be
removed down the road.

system-config-audit.x86_64: W: symlink-should-be-relative
/usr/libexec/system-config-audit-server /usr/bin/consolehelper

Make this a relative link?

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the Fedora-package-review mailing list