[Bug 226228] Merge Review: pam
bugzilla at redhat.com
bugzilla at redhat.com
Tue Jan 22 05:25:59 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Merge Review: pam
https://bugzilla.redhat.com/show_bug.cgi?id=226228
kevin at tummy.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Flag|fedora-review? |fedora-review+
------- Additional Comments From kevin at tummy.com 2008-01-22 00:25 EST -------
>> 1. I see that upstream is named Linux-PAM. Perhaps consider re-naming it?
>I don't think it's worth the hassle - on the administrative side and on the
>users' confusion side as well.
Yeah, likely so... just thought I would mention it.
>> 2. Might add a comment about why this package needs it's own private copy
>> of the db package.
>OK, I've extended the comment on line 76.
Great, thanks!
>> 3. shouldn't the license of pam_tty_audit.c be GPLv2 per RedHat guidelines?
>No, this module will be upstreamed in the next upstream release, so it should
>keep the preferred upstream licence.
ok. Fair enough.
>> 4. Can some of the tests and such be moved from the install section to a %test
>> section?
>> like the dlopen tests and so forth.
>What is the %test section good for? I cannot find any mention of %test anywhere.
>I'd prefer to have these simple tests run as part of the build/install process,
>they are pretty simple and fast.
Sorry, my mistake there. I meant a %check section...
http://www.rpm.org/max-rpm-snapshot/s1-rpm-inside-scripts.html#S3-RPM-INSIDE-CHECK-SCRIPT
>> 5. Might ask upstream to include a copy of the GPL COPYING file too.
>Will do.
Thanks.
>> 6. Why strip the binaries?
>> # Forcibly strip binaries.
>> strip $RPM_BUILD_ROOT%{_sbindir}/* ||:
>>
>> debuginfo should pull that out.
>That is a workaround hack for an old problem with rpmbuild where it didn't strip
>setuid binaries. Removed.
Great, thanks.
>> 7. Might note that we can depreciate the pre/post hacks for USEMD5 after a while.
>They are not too useful anymore and even can break things. Removed.
Great, thanks.
>> 8. No need to require 'coreutils'.
>Why not? I need 'install' in %post
http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions
coreutils is in the base build env.
>> 9. 15 open bugs
>> You might look at https://bugzilla.redhat.com/show_bug.cgi?id=218063
>WONTFIXed - current rpm shouldn't complain anymore
>> and https://bugzilla.redhat.com/show_bug.cgi?id=428444 in particular.
>NOTABUG - there is already BuildRequires: libtool
ok.
>> 10. rpmlint says:
>>
>> pam.src:212: E: use-of-RPM_SOURCE_DIR
>>
>> You should be able to remove the following lines from prep:
>> cp %{SOURCE5} .
>> cp %{SOURCE6} .
>> cp %{SOURCE7} .
>>
>> Just refer to the sources directly when installing.
>Both changes done.
Great, thanks.
>> Ignore:
>>
>> pam.src:246: E: hardcoded-library-path in $RPM_BUILD_ROOT/lib/security
>> pam.src:327: E: hardcoded-library-path in /lib/security
>> pam.src: W: strange-permission dlopen.sh 0755
>> pam.x86_64: E: setuid-binary /sbin/pam_timestamp_check root 04755
>> pam.x86_64: E: non-standard-executable-perm /sbin/pam_timestamp_check 04755
>> pam.x86_64: E: executable-marked-as-config-file /etc/security/namespace.init
>> pam.x86_64: E: non-readable /sbin/unix_update 0700
>> pam.x86_64: E: non-standard-executable-perm /sbin/unix_update 0700
>> pam.x86_64: E: setuid-binary /sbin/unix_chkpwd root 04755
>> pam.x86_64: E: non-standard-executable-perm /sbin/unix_chkpwd 04755
>> pam.x86_64: E: non-readable /etc/security/opasswd 0600
>> pam.x86_64: W: log-files-without-logrotate /var/log/faillog
>> pam.x86_64: W: conffile-without-noreplace-flag /etc/security/console.perms
>> pam.x86_64: W: conffile-without-noreplace-flag
>> /etc/security/console.perms.d/50-default.perms
>> pam.x86_64: W: dangerous-command-in-%post rm
>> pam.x86_64: E: zero-length /etc/security/opasswd
>>
>> Fix if you like:
>>
>> pam.src: W: mixed-use-of-spaces-and-tabs (spaces: line 130, tab: line 137)
>>
>> 11. Might add a %{?_smp_mflags} to make?
>Unfortunately pam doesn't build with it yet. I'll fix the Makefiles in future
>and add this then.
Great. You might add a comment to the spec when you get a chance
mentioning this so it's not added in before it's ready upstream.
>
>Fixes are in pam-0.99.8.1-15.fc9.
>
Looks good. You might revisit items 4, 8 and 11, but none of them
are blockers at all. I see no further issues, so this package is
APPROVED.
Feel free to close RAWHIDE when you have looked at 4, 8 and 11 again.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list