Re: FC12: Hidden files in /usr/bin/*

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 22, 2010 at 12:13:06PM -0500, Jarod Wilson wrote:
> On Fri, Jan 22, 2010 at 12:10 PM, Jarod Wilson <jarod@xxxxxxxxxxxx> wrote:
> >> I have no idea if it actually requires them to be alongside the
> >> executables, but hopefully the link will help.
> >
> > It doesn't. Also, ugh. I'm the one who actually reviewed hmaccalc to
> > get included in Red Hat Enterprise Linux 5 (a separate review from the
> > Fedora one), and pointed out this same problem, and it was done
> > properly for RHEL5:
> >
> > $ rpm -ql hmaccalc
> > /usr/bin/sha1hmac
> > /usr/bin/sha256hmac
> > /usr/bin/sha384hmac
> > /usr/bin/sha512hmac
> > /usr/lib64/hmaccalc
> > /usr/lib64/hmaccalc/sha1hmac.hmac
> > /usr/lib64/hmaccalc/sha256hmac.hmac
> > /usr/lib64/hmaccalc/sha384hmac.hmac
> > /usr/lib64/hmaccalc/sha512hmac.hmac
> > /usr/share/doc/hmaccalc-0.9.6
> > /usr/share/doc/hmaccalc-0.9.6/LICENSE
> > /usr/share/doc/hmaccalc-0.9.6/README
> > /usr/share/man/man8/sha1hmac.8.gz
> > /usr/share/man/man8/sha256hmac.8.gz
> > /usr/share/man/man8/sha384hmac.8.gz
> > /usr/share/man/man8/sha512hmac.8.gz
> >
> > It should be simple enough to just update the Fedora packages with the
> > changes in RHEL5 and we can all go eat cake. But first, I'm going to
> > go play some pickup soccer...
> 
> Oh. Wait. Crap. We're talking about packages other than hmaccalc
> itself that do integrity checks. But I do agree with Ralf here, the
> checksum files don't belong in /usr/bin/, and there's no
> standard-based need for them to be there.
> 
>
So few things that need doing here:

1) The present packages need to be fixecd.  Sounds like fipscheck, hmaccalc,
and openssh.  They are violating the FHS which is prohibited by the
Guidelines.  Ralf, have you opened bugs?

2) We need to decide where to place the files.  I don't know what uses them,
so I'm not entirely certain about this.  Here's some suggestions:
  * If each binary checks itself then %{_libdir}/%{name}/$PROGNAME.hmac
    seems reasonable.
  * If there are one of more programs (fipscheck?) that check the integrity
    of other binaries then we probably want a directory structure that is
    namespaced by itself and allows that other program to lookup the
    checksum for the binary.  Something like:
    %{_libdir}/hmac%{_bindir}/$PROGNAME.hmac
    %{_libdir}/hmac%{_sbindir}/$PROGNAM2.hmac

The packaging guidelines can be updated to include #2 if necessary so that
people needing to install these checksums know where they need to be
installed but there's nothing blocking our making the changes now.

-Toshio

Attachment: pgpriViaIwekF.pgp
Description: PGP signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux