Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=532402 --- Comment #6 from Mark McKinstry <mmckinst@xxxxxxxxxxx> 2010-01-15 17:11:40 EST --- > 1. Now it does build. rpmlint has issues with the rpm: APF is kind of weird in the way its written. It is essentially a collection of shell scripts that act as a wrapper to iptables. It, by default, installs everything including executables in /etc/apf . The documentation advises against changing the install directory so I have went with the authors advice. I went through what rpmlint said and commented on it. > apf.noarch: E: non-executable-script /etc/apf/conf.apf 0640 /bin/bash > apf.noarch: E: non-executable-script /etc/apf/extras/dshield/cron.ds 0640 /bin/bash > apf.noarch: E: non-executable-script /etc/apf/internals/functions.apf 0640 /bin/bash > apf.noarch: E: script-without-shebang /etc/apf/extras/.ca.def > apf.noarch: E: script-without-shebang /etc/apf/vnet/vnetgen This is just the way APF is written. > apf.noarch: E: non-readable /etc/apf/allow_hosts.rules 0640 > apf.noarch: E: non-readable /etc/apf/apf 0750 > apf.noarch: E: non-readable /etc/apf/bt.rules 0640 > apf.noarch: E: non-readable /etc/apf/conf.apf 0640 > apf.noarch: E: non-readable /etc/apf/deny_hosts.rules 0640 > apf.noarch: E: non-readable /etc/apf/ds_hosts.rules 0640 > apf.noarch: E: non-readable /etc/apf/ecnshame_hosts.rules 0640 > apf.noarch: E: non-readable /etc/apf/extras/dshield/cron.ds 0640 > apf.noarch: E: non-readable /etc/apf/extras/dshield/dshield-3.2.tar.gz 0640 > apf.noarch: E: non-readable /etc/apf/extras/dshield/install 0750 > apf.noarch: E: non-readable /etc/apf/extras/dshield/README 0640 > apf.noarch: E: non-readable /etc/apf/extras/get_ports 0750 > apf.noarch: E: non-readable /etc/apf/firewall 0750 > apf.noarch: E: non-readable /etc/apf/glob_allow.rules 0640 > apf.noarch: E: non-readable /etc/apf/glob_deny.rules 0640 > apf.noarch: E: non-readable /etc/apf/internals/compat.0.9.5 0640 > apf.noarch: E: non-readable /etc/apf/internals/cports.common 0640 > apf.noarch: E: non-readable /etc/apf/internals/functions.apf 0640 > apf.noarch: E: non-readable /etc/apf/internals/icmp.types 0640 > apf.noarch: E: non-readable /etc/apf/internals/internals.conf 0640 > apf.noarch: E: non-readable /etc/apf/internals/multicast.networks 0640 > apf.noarch: E: non-readable /etc/apf/internals/private.networks 0640 > apf.noarch: E: non-readable /etc/apf/internals/rab.ports 0640 > apf.noarch: E: non-readable /etc/apf/internals/reserved.networks 0640 > apf.noarch: E: non-readable /etc/apf/log.rules 0640 > apf.noarch: E: non-readable /etc/apf/main.rules 0640 > apf.noarch: E: non-readable /etc/apf/postroute.rules 0640 > apf.noarch: E: non-readable /etc/apf/preroute.rules 0640 > apf.noarch: E: non-readable /etc/apf/sdrop_hosts.rules 0640 > apf.noarch: E: non-readable /etc/apf/sysctl.rules 0640 > apf.noarch: E: non-readable /etc/apf/VERSION 0640 > apf.noarch: E: non-readable /etc/apf/vnet/main.vnet 0640 > apf.noarch: E: non-readable /etc/apf/vnet/vnetgen 0750 > apf.noarch: E: non-readable /etc/apf/vnet/vnetgen.def 0640 > apf.noarch: E: non-standard-dir-perm /etc/apf 0750 These are intentional so everyone on the system can't read the firewall rules. > apf.noarch: E: non-standard-executable-perm /etc/apf/apf 0750 > apf.noarch: E: non-standard-executable-perm /etc/apf/extras/dshield/install 0750 > apf.noarch: E: non-standard-executable-perm /etc/apf/extras/get_ports 0750 > apf.noarch: E: non-standard-executable-perm /etc/apf/firewall 0750 > apf.noarch: E: non-standard-executable-perm /etc/apf/vnet/vnetgen 0750 > apf.noarch: W: hidden-file-or-dir /etc/apf/extras/.ca.def > apf.noarch: W: non-conffile-in-etc /etc/apf/extras/dshield/cron.ds > apf.noarch: W: non-conffile-in-etc /etc/apf/extras/dshield/dshield-3.2.tar.gz > apf.noarch: W: non-conffile-in-etc /etc/apf/extras/dshield/README > apf.noarch: W: non-conffile-in-etc /etc/apf/internals/compat.0.9.5 > apf.noarch: W: non-conffile-in-etc /etc/apf/internals/cports.common > apf.noarch: W: non-conffile-in-etc /etc/apf/internals/functions.apf > apf.noarch: W: non-conffile-in-etc /etc/apf/internals/icmp.types > apf.noarch: W: non-conffile-in-etc /etc/apf/internals/internals.conf > apf.noarch: W: non-conffile-in-etc /etc/apf/internals/multicast.networks > apf.noarch: W: non-conffile-in-etc /etc/apf/internals/private.networks > apf.noarch: W: non-conffile-in-etc /etc/apf/internals/rab.ports > apf.noarch: W: non-conffile-in-etc /etc/apf/internals/reserved.networks > apf.noarch: W: non-conffile-in-etc /etc/apf/VERSION > apf.noarch: W: non-conffile-in-etc /etc/apf/vnet/main.vnet > apf.noarch: W: non-conffile-in-etc /etc/apf/vnet/vnetgen.def See the comment about how how it stores everything in /etc/apf. > apf.noarch: E: subsys-not-used /etc/init.d/apf This is the way it is written. It doesn't have a daemon or PID so I can't create a lockfile for it. When you start or restart the service it runs its collection of shell scripts to create all the rules for iptables based on your config file, then exits while iptables continues to run. > apf.noarch: E: zero-length /etc/apf/ds_hosts.rules > apf.noarch: E: zero-length /etc/apf/ecnshame_hosts.rules > apf.noarch: E: zero-length /etc/apf/sdrop_hosts.rules Theses files do get used by APF. > apf.noarch: W: non-conffile-in-etc /etc/logrotate.d/apf I'm not sure why this is being marked. > 2. I'd take out the BuildArch: noarch tag. If I do this, rpmlint complains that it has no binary > 3. add the %{?dist} tag to release. Done. > 4. Please don't chkconfig a service on by default: chkconfig --level 345 apf on Fixed. > 5. instead of defining basedir: Fixed. > 6. You can take out these two lines: Fixed. Spec URL: http://mmckinst.nexcess.net/apf/apf.spec SRPM URL: http://mmckinst.nexcess.net/apf/apf-9.7.1-3.fc12.src.rpm -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review