[Bug 226214] Merge Review: openldap
bugzilla at redhat.com
bugzilla at redhat.com
Fri Jan 25 15:08:16 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Merge Review: openldap
https://bugzilla.redhat.com/show_bug.cgi?id=226214
------- Additional Comments From jsafrane at redhat.com 2008-01-25 10:08 EST -------
Thanks for review!
> rpmlint on SRPM:
>
> openldap.src:351: E: use-of-RPM_SOURCE_DIR
> You use $RPM_SOURCE_DIR or %{_sourcedir} in your spec file. If you have to
> use a directory for building, use $RPM_BUILD_ROOT instead.
Fixed
> openldap.src:750: W: macro-in-%changelog _sbindir
> Macros are expanded in %changelog too, which can in unfortunate cases lead
All macros in changelog are fixed.
> openldap.src: W: mixed-use-of-spaces-and-tabs
Fixed
> rpmlint on rpms:
>
> openldap.i386: W: obsolete-not-provided compat-openldap
> If a package is obsoleted by a compatible replacement, the obsoleted package
> must also be provided in order to provide clean upgrade paths and not cause
> unnecessary dependency breakage. If the obsoleting package is not a compatible
> replacement for the old one, leave out the provides.
>
The compat-openldap is *not* obsoleted by compatible replacement. It just does
not exists anymore and I want it to be removed on update (otherwise openldap
cannot be updated by yum, because compat-openldap will require the same version
of openldap to be installed).
> openldap-clients.i386: W: summary-ended-with-dot Client programs for OpenLDAP.
> Summary ends with a dot.
>
> openldap-devel.i386: W: summary-ended-with-dot OpenLDAP development libraries
> and header files.
> Summary ends with a dot.
Both fixed.
> openldap-devel.i386: W: file-not-utf8
> /usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt
> The character encoding of this file is not UTF-8.
>
> openldap-devel.i386: W: file-not-utf8
> /usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-acl-model-xx.txt
> The character encoding of this file is not UTF-8.
It's some sort of official document and I dont' think it's appropriate to
convert it to UTF-8. Apart from that, there are only 3 non-UTF-* characters in
these documents.
> openldap-devel.i386: W: one-line-command-in-%post /sbin/ldconfig
> You should use %post -p <command>
Fixed
> openldap-servers.i386: W: non-conffile-in-etc /etc/openldap/schema/README
> A non-executable file in your package is being installed in /etc, but is not
> a configuration file. All non-executable files in /etc should be configuration
> files. Mark the file as %config in the spec file.
>
> Possibly move to %doc, rename schema-README?
Moved to %doc as README.schema
> openldap-servers.i386: E: non-readable /etc/sysconfig/ldap 0640
> The file can't be read by everybody.
It is readable now.
> openldap-servers.i386: E: non-standard-gid /etc/openldap/slapd.conf ldap
> A file in this package is owned by a non standard group.
Filed bug #430206 (together with other guid/uid reports)
> openldap-servers.i386: E: executable-marked-as-config-file /etc/rc.d/init.d/ldap
> Executables must not be marked as config files because that may
> prevent upgrades from working correctly.
Fixed
> openldap-servers.i386: W: non-conffile-in-etc /etc/openldap/DB_CONFIG.example
> A non-executable file in your package is being installed in /etc, but is not
> a configuration file. All non-executable files in /etc should be configuration
> files. Mark the file as %config in the spec file.
>
> Move to %doc?
Not sure about this. People are used that this file is in /etc. I'll keep it
there as %config.
> openldap-servers.i386: E: non-standard-dir-perm /var/lib/ldap 0700
> A standard directory should have permission set to 0755. If you get this
> message, it means that you have wrong directory permissions in some dirs
> included in your package.
>
> Ok.
I'd like to keep it 0700 too, users should not read ldap database files unless
admin explicitly allows it
> openldap-servers.i386: W: summary-ended-with-dot OpenLDAP servers and related
files.
> Summary ends with a dot.
Fixed
> openldap-servers.i386: W: conffile-without-noreplace-flag
> /etc/pki/tls/certs/slapd.pem
> A configuration file is stored in your package without the noreplace flag.
> A way to resolve this is to put the following in your SPEC file:
Fixed.
> %config(noreplace) /etc/your_config_file_here
>
> openldap-servers.i386: W: conffile-without-noreplace-flag /etc/rc.d/init.d/ldap
> A configuration file is stored in your package without the noreplace flag.
> A way to resolve this is to put the following in your SPEC file:
>
> %config(noreplace) /etc/your_config_file_here
Not fixed - init.d/ldap is not config file anymore.
> openldap-servers.i386: E: file-in-usr-marked-as-conffile
> /usr/share/openldap/migration/migrate_common.ph
> A file in /usr is marked as being a configuration file.
> Store your conf files in /etc/ instead.
>
> Why is this marked conf and not in etc?
It contains configuration of migration tools. Whole concept of migration tools
stored in /usr/share is somewhat weird, see bug #236697. I'll remove the %config
for now and try to separate it to standalone package later.
> openldap-servers.i386: W: spurious-bracket-in-%pre
> The %pre scriptlet contains an "if []" construct without a space before
> the "]".
> openldap-servers.i386: W: spurious-bracket-in-%preun
> The %preun scriptlet contains an "if []" construct without a space before
> the "]".
Can't find it - %pre/%preun servers has all brackets correct. Rpmlint is maybe
confused by '/var/lib/ldap/[a]lock'???
> openldap-servers.i386: W: dangerous-command-in-%pre chown
> openldap-servers.i386: W: dangerous-command-in-%post rm
> openldap-servers.i386: W: dangerous-command-in-%preun rm
This is ok, there is some magic to upgrade database to new version when the
package is being updated.
> openldap-servers.i386: W: no-reload-entry /etc/rc.d/init.d/ldap
> In your init script (/etc/rc.d/init.d/your_file), you don't
> have a 'reload' entry, which is necessary for good functionality.
To be fixed as part of bug #247012.
> openldap-servers.i386: W: incoherent-init-script-name ldap
> The init script name should be the same as the package name in lower case,
> or one with 'd' appended if it invokes a process by that name.
>
> What would be broken if this was fixed?
It would probably break nothing, but people are used to it. I'd like to keep it
as it is.
> openldap-servers-sql.i386: W: spurious-executable-perm
> /usr/share/doc/openldap-servers-sql-2.4.7/rdbms_depend/timesten/create_schema.sh
> /usr/share/doc/openldap-servers-sql-2.4.7/rdbms_depend/timesten/ttcreate_schema.sh
> The file is installed with executable permissions, but was identified as one
> that probably should not be executable. Verify if the executable bits are
> desired, and remove if not.
Executability removed.
> openldap-servers-sql.i386: W: summary-ended-with-dot OpenLDAP server SQL support
> module.
> Summary ends with a dot.
Fixed.
> Should .a files be in a -static subpackage?
Is there any .a file? I hope not. If you mean .la files, these are necessary to
load openldap modules. I did not find any way how to make modules work without
them :(.
I fixed the glitches mentioned above and created openldap-2.4.7-4, which has
following rpmlint problems, all commented above.
openldap.i386: W: obsolete-not-provided compat-openldap
openldap-devel.i386: W: file-not-utf8
/usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt
openldap-devel.i386: W: file-not-utf8
/usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-acl-model-xx.txt
openldap-servers.i386: E: non-standard-gid /etc/openldap/slapd.conf ldap
openldap-servers.i386: E: non-readable /etc/openldap/slapd.conf 0640
openldap-servers.i386: E: non-standard-uid /var/lib/ldap ldap
openldap-servers.i386: E: non-standard-gid /var/lib/ldap ldap
openldap-servers.i386: E: non-standard-dir-perm /var/lib/ldap 0700
openldap-servers.i386: E: non-standard-uid /var/run/openldap ldap
openldap-servers.i386: E: non-standard-gid /var/run/openldap ldap
openldap-servers.i386: W: spurious-bracket-in-%pre
openldap-servers.i386: W: dangerous-command-in-%pre chown
openldap-servers.i386: W: dangerous-command-in-%post rm
openldap-servers.i386: W: spurious-bracket-in-%preun
openldap-servers.i386: W: dangerous-command-in-%preun rm
openldap-servers.i386: W: no-reload-entry /etc/rc.d/init.d/ldap
openldap-servers.i386: W: incoherent-init-script-name ldap
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list