[Bug 226220] Merge Review: openssl

bugzilla at redhat.com bugzilla at redhat.com
Wed Jan 23 16:41:50 UTC 2008 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Merge Review: openssl


https://bugzilla.redhat.com/show_bug.cgi?id=226220





------- Additional Comments From limb at jcomserv.net  2008-01-23 11:41 EST -------
rpmlint on SRPM:
openssl.src:115: W: make-check-outside-check-section #patch33 is applied after
make test
Make check or other automated regression test should be run in %check, as
they can be disabled with a rpm macro for short circuiting purposes.

Should be fixed.

openssl.src:202: E: hardcoded-library-path in
$RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion}
A library path is hardcoded to one of the following paths: /lib,
/usr/lib. It should be replaced by something like /%{_lib} or %{_libdir}.

openssl.src:203: E: hardcoded-library-path in $RPM_BUILD_ROOT/usr/lib/engines
A library path is hardcoded to one of the following paths: /lib,
/usr/lib. It should be replaced by something like /%{_lib} or %{_libdir}.

openssl.src:206: E: hardcoded-library-path in $RPM_BUILD_ROOT/usr/lib/*
A library path is hardcoded to one of the following paths: /lib,
/usr/lib. It should be replaced by something like /%{_lib} or %{_libdir}.

Should be fixed.

openssl.src:819: W: macro-in-%changelog _datadir
Macros are expanded in %changelog too, which can in unfortunate cases lead
to the package not building at all, or other subtle unexpected conditions that
affect the build.  Even when that doesn't happen, the expansion results in
possibly "rewriting history" on subsequent package revisions and generally
odd entries eg. in source rpms, which is rarely wanted.  Avoid use of macros
in %changelog altogether, or use two '%'s to escape them, like '%%foo'.

openssl.src: W: mixed-use-of-spaces-and-tabs (spaces: line 269, tab: line 137)
The specfile mixes use of spaces and tabs for indentation, which is a
cosmetic annoyance.  Use either spaces or tabs for indentation, not both.

openssl.src: W: patch-not-applied Patch33: openssl-0.9.7f-ca-dir.patch
A patch is included in your package but was not applied. Refer to the patches
documentation to see what's wrong.

These are largely cosmetic, but easy to fix.

openssl.src: W: strange-permission make-dummy-cert 0755
A file that you listed to include in your package has strange
permissions. Usually, a file should have 0644 permissions.

openssl.src: W: strange-permission hobble-openssl 0755
A file that you listed to include in your package has strange
permissions. Usually, a file should have 0644 permissions.

I assume these are for a good reason?


rpmlint on rpms:

openssl.i386: E: non-standard-dir-perm /etc/pki/CA/private 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

openssl.i386: E: non-standard-dir-perm /etc/pki/CA 0700
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

Probably for a good reason, but I'd like to be sure.

openssl.i386: W: non-conffile-in-etc /etc/pki/tls/certs/Makefile
A non-executable file in your package is being installed in /etc, but is not
a configuration file. All non-executable files in /etc should be configuration
files. Mark the file as %config in the spec file.

Not sure about this.

openssl.i386: W: file-not-utf8 /usr/share/doc/openssl-0.9.8g/CHANGES
The character encoding of this file is not UTF-8.  Consider converting it
in the specfile for example using iconv(1).

Should be fixed.

openssl-debuginfo.i386: W: spurious-executable-perm
/usr/src/debug/openssl-0.9.8g/crypto/bn/bn_const.c
The file is installed with executable permissions, but was identified as one
that probably should not be executable.  Verify if the executable bits are
desired, and remove if not.

Should be fixed.

There is no URL in the Source: tag.  Since I can't find a tarball by that name
and no URL to it is provided, I can't md5 it against the tarball in the SRPM. 
If the tarball included is a modified version of something upstream, please
explain in the spec how it is created, or, even better, include a script to
convert the upstream tarball to the included one.

Other than the above, no blockers.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the Fedora-package-review mailing list