Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=537587 --- Comment #43 from Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> 2010-01-08 11:53:31 EDT --- For -0.14: * -n specification - For example "%package -n dspam-libs" can simply be "%package libs" (and the latter form is commonly used). Another example is that "%post -n dspam-libs -p /sbin/ldconfig" can simply be "%post libs -p /sbin/ldconfig". * Directory ownership issue - This time the following directories are not owned by any packages: --------------------------------------------------------------------- /usr/share/dspam/sql-scripts --------------------------------------------------------------------- * Timestamp http://fedoraproject.org/wiki/Packaging:Guidelines#Timestamps - When using "cp" or "install" commands, add "-p" option to keep timestamps on installed files. * Again owner/group/permission (In reply to comment #41) > I've checked and the odd permissions on /var/lib/dspam in necessary for > security purposes. > > The dspam binary is setgid on purpose. It isn't strictly necessary in *all* > ways it can be configured, however the most common ways use that. I'll get more > clarification as to what it does setgid vs non setgid methods of operation. We > use it on our production servers in that mode. - To be clear, what I am said is that currently the group of /usr/bin/dspam is root and I guess this is wrong when this binary has setgid, because with this setgid/group executing /usr/bin/dspam is always done with root group. build.log says: --------------------------------------------------------------------- 826 if test x"nobody" != xnone; then \ 827 chown "nobody" /builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam; \ 828 fi 829 chown: changing ownership of `/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam': Operation not permitted 831 if test x"mail" != xnone; then \ 832 chgrp "mail" /builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam; \ 833 fi 834 chgrp: changing group of `/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam': Operation not permitted --------------------------------------------------------------------- So I guess /usr/bin/dspam should have %attr(2511,nobody,mail). Would you again check permission/owner/group of all files/directories? ! Note - Also, for binaries/directories which have some special permission/group/owner, you should write these permission/group/owner with explicit %attr directive in the spec file like --------------------------------------------------------------------- %files ... %attr(0770,root,%{dspam_group}) %dir %{dspam_logdir}/ %attr(0770,root,%{dspam_group}) %dir %{dspam_homedir}/ %attr(%{dspam_mode},%{dspam_user},%{dspam_group}) %dir %{_var}/run/dspam ... ... %{_bindir}/css* %attr(%{dspam_mode},%{dspam_user},%{dspam_group}) %{_bindir}/dspam %{_bindir}/dspam[-_c]* ... --------------------------------------------------------------------- (i.e. if the permission/group/owner is not (0755,root,root) (for directory/ executable files) or (0644,root,root) (normal files), you must use %attr explicitly in the spec file) -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review