[Bug 226228] Merge Review: pam
bugzilla at redhat.com
bugzilla at redhat.com
Mon Jan 14 12:51:30 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Merge Review: pam
https://bugzilla.redhat.com/show_bug.cgi?id=226228
------- Additional Comments From tmraz at redhat.com 2008-01-14 07:51 EST -------
(In reply to comment #2)
> Issues:
>
> 1. I see that upstream is named Linux-PAM. Perhaps consider re-naming it?
I don't think it's worth the hassle - on the administrative side and on the
users' confusion side as well.
> 2. Might add a comment about why this package needs it's own private copy
> of the db package.
OK, I've extended the comment on line 76.
> 3. shouldn't the license of pam_tty_audit.c be GPLv2 per RedHat guidelines?
No, this module will be upstreamed in the next upstream release, so it should
keep the preferred upstream licence.
> 4. Can some of the tests and such be moved from the install section to a %test
> section?
> like the dlopen tests and so forth.
What is the %test section good for? I cannot find any mention of %test anywhere.
I'd prefer to have these simple tests run as part of the build/install process,
they are pretty simple and fast.
> 5. Might ask upstream to include a copy of the GPL COPYING file too.
Will do.
> 6. Why strip the binaries?
> # Forcibly strip binaries.
> strip $RPM_BUILD_ROOT%{_sbindir}/* ||:
>
> debuginfo should pull that out.
That is a workaround hack for an old problem with rpmbuild where it didn't strip
setuid binaries. Removed.
> 7. Might note that we can depreciate the pre/post hacks for USEMD5 after a while.
They are not too useful anymore and even can break things. Removed.
> 8. No need to require 'coreutils'.
Why not? I need 'install' in %post
> 9. 15 open bugs
> You might look at https://bugzilla.redhat.com/show_bug.cgi?id=218063
WONTFIXed - current rpm shouldn't complain anymore
> and https://bugzilla.redhat.com/show_bug.cgi?id=428444 in particular.
NOTABUG - there is already BuildRequires: libtool
> 10. rpmlint says:
>
> pam.src:212: E: use-of-RPM_SOURCE_DIR
>
> You should be able to remove the following lines from prep:
> cp %{SOURCE5} .
> cp %{SOURCE6} .
> cp %{SOURCE7} .
>
> Just refer to the sources directly when installing.
Both changes done.
> Ignore:
>
> pam.src:246: E: hardcoded-library-path in $RPM_BUILD_ROOT/lib/security
> pam.src:327: E: hardcoded-library-path in /lib/security
> pam.src: W: strange-permission dlopen.sh 0755
> pam.x86_64: E: setuid-binary /sbin/pam_timestamp_check root 04755
> pam.x86_64: E: non-standard-executable-perm /sbin/pam_timestamp_check 04755
> pam.x86_64: E: executable-marked-as-config-file /etc/security/namespace.init
> pam.x86_64: E: non-readable /sbin/unix_update 0700
> pam.x86_64: E: non-standard-executable-perm /sbin/unix_update 0700
> pam.x86_64: E: setuid-binary /sbin/unix_chkpwd root 04755
> pam.x86_64: E: non-standard-executable-perm /sbin/unix_chkpwd 04755
> pam.x86_64: E: non-readable /etc/security/opasswd 0600
> pam.x86_64: W: log-files-without-logrotate /var/log/faillog
> pam.x86_64: W: conffile-without-noreplace-flag /etc/security/console.perms
> pam.x86_64: W: conffile-without-noreplace-flag
> /etc/security/console.perms.d/50-default.perms
> pam.x86_64: W: dangerous-command-in-%post rm
> pam.x86_64: E: zero-length /etc/security/opasswd
>
> Fix if you like:
>
> pam.src: W: mixed-use-of-spaces-and-tabs (spaces: line 130, tab: line 137)
>
> 11. Might add a %{?_smp_mflags} to make?
Unfortunately pam doesn't build with it yet. I'll fix the Makefiles in future
and add this then.
Fixes are in pam-0.99.8.1-15.fc9.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list