[Bug 226228] Merge Review: pam

bugzilla at redhat.com bugzilla at redhat.com
Tue Jan 22 05:25:59 UTC 2008 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Merge Review: pam


https://bugzilla.redhat.com/show_bug.cgi?id=226228


kevin at tummy.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
               Flag|fedora-review?              |fedora-review+




------- Additional Comments From kevin at tummy.com  2008-01-22 00:25 EST -------
>> 1. I see that upstream is named Linux-PAM. Perhaps consider re-naming it?
>I don't think it's worth the hassle - on the administrative side and on the
>users' confusion side as well.

Yeah, likely so... just thought I would mention it.

>> 2. Might add a comment about why this package needs it's own private copy
>> of the db package.
>OK, I've extended the comment on line 76.

Great, thanks!

>> 3. shouldn't the license of pam_tty_audit.c be GPLv2 per RedHat guidelines?
>No, this module will be upstreamed in the next upstream release, so it should
>keep the preferred upstream licence.

ok. Fair enough.

>> 4. Can some of the tests and such be moved from the install section to a %test
>> section?
>> like the dlopen tests and so forth.
>What is the %test section good for? I cannot find any mention of %test anywhere.
>I'd prefer to have these simple tests run as part of the build/install process,
>they are pretty simple and fast.

Sorry, my mistake there. I meant a %check section...

http://www.rpm.org/max-rpm-snapshot/s1-rpm-inside-scripts.html#S3-RPM-INSIDE-CHECK-SCRIPT

>> 5. Might ask upstream to include a copy of the GPL COPYING file too.
>Will do.

Thanks.

>> 6. Why strip the binaries?
>> # Forcibly strip binaries.
>> strip $RPM_BUILD_ROOT%{_sbindir}/* ||:
>>
>> debuginfo should pull that out.
>That is a workaround hack for an old problem with rpmbuild where it didn't strip
>setuid binaries. Removed.

Great, thanks.

>> 7. Might note that we can depreciate the pre/post hacks for USEMD5 after a while.
>They are not too useful anymore and even can break things. Removed.

Great, thanks.

>> 8. No need to require 'coreutils'.
>Why not? I need 'install' in %post

http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions
coreutils is in the base build env.

>> 9. 15 open bugs
>> You might look at https://bugzilla.redhat.com/show_bug.cgi?id=218063
>WONTFIXed - current rpm shouldn't complain anymore
>> and https://bugzilla.redhat.com/show_bug.cgi?id=428444 in particular.
>NOTABUG - there is already BuildRequires: libtool

ok.

>> 10. rpmlint says:
>>
>> pam.src:212: E: use-of-RPM_SOURCE_DIR
>>
>> You should be able to remove the following lines from prep:
>> cp %{SOURCE5} .
>> cp %{SOURCE6} .
>> cp %{SOURCE7} .
>>
>> Just refer to the sources directly when installing.
>Both changes done.

Great, thanks.

>> Ignore:
>>
>> pam.src:246: E: hardcoded-library-path in $RPM_BUILD_ROOT/lib/security
>> pam.src:327: E: hardcoded-library-path in /lib/security
>> pam.src: W: strange-permission dlopen.sh 0755
>> pam.x86_64: E: setuid-binary /sbin/pam_timestamp_check root 04755
>> pam.x86_64: E: non-standard-executable-perm /sbin/pam_timestamp_check 04755
>> pam.x86_64: E: executable-marked-as-config-file /etc/security/namespace.init
>> pam.x86_64: E: non-readable /sbin/unix_update 0700
>> pam.x86_64: E: non-standard-executable-perm /sbin/unix_update 0700
>> pam.x86_64: E: setuid-binary /sbin/unix_chkpwd root 04755
>> pam.x86_64: E: non-standard-executable-perm /sbin/unix_chkpwd 04755
>> pam.x86_64: E: non-readable /etc/security/opasswd 0600
>> pam.x86_64: W: log-files-without-logrotate /var/log/faillog
>> pam.x86_64: W: conffile-without-noreplace-flag /etc/security/console.perms
>> pam.x86_64: W: conffile-without-noreplace-flag
>> /etc/security/console.perms.d/50-default.perms
>> pam.x86_64: W: dangerous-command-in-%post rm
>> pam.x86_64: E: zero-length /etc/security/opasswd
>>
>> Fix if you like:
>>
>> pam.src: W: mixed-use-of-spaces-and-tabs (spaces: line 130, tab: line 137)
>>
>> 11. Might add a %{?_smp_mflags} to make?
>Unfortunately pam doesn't build with it yet. I'll fix the Makefiles in future
>and add this then.

Great. You might add a comment to the spec when you get a chance
mentioning this so it's not added in before it's ready upstream.

>
>Fixes are in pam-0.99.8.1-15.fc9.
>

Looks good. You might revisit items 4, 8 and 11, but none of them
are blockers at all. I see no further issues, so this package is
APPROVED.

Feel free to close RAWHIDE when you have looked at 4, 8 and 11 again. 

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the Fedora-package-review mailing list