Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=566757 --- Comment #6 from Gerd v. Egidy <gerd@xxxxxxxx> 2010-03-07 19:20:45 EST --- Hi James, thanks for looking into our package. > > E: non-readable /etc/ipsec.conf 0600 > > E: non-readable /etc/strongswan.conf 0600 > > E: non-standard-dir-perm /etc/ipsec.d/aacerts 0700 > > E: non-standard-dir-perm /etc/ipsec.d/acerts 0700 > > E: non-standard-dir-perm /etc/ipsec.d/cacerts 0700 > > E: non-standard-dir-perm /etc/ipsec.d/certs 0700 > > E: non-standard-dir-perm /etc/ipsec.d/crls 0700 > > E: non-standard-dir-perm /etc/ipsec.d/ocspcerts 0700 > > E: non-standard-dir-perm /etc/ipsec.d/private 0700 > > E: non-standard-dir-perm /etc/ipsec.d/reqs 0700 > > Do these all need to be only readable by root, or can you use 644 for the > .confs? There could be secret keys in these dirs. They should go in /etc/ipsec.d/private but I've already seen some scripts which create one file containing secret key and cert. So I think we should be a bit cautious with these dirs. I changed the permissions to 0750 user:root group:ipsec now. So users or daemons who should get some control over strongswan could be put in that group. This is the recommended setup for the manager web-gui. > > W: incoherent-init-script-name ipsec ('strongswan', 'strongswand') > > initscript should be the same as the packagename. hmm. I'd prefer to use "ipsec" because this was used in FreeS/WAN and is still used in openswan. So there are a lot of documentations out there using stuff like "/etc/init.d/ipsec restart". Most users of a *swan are expecting the initscript to be called ipsec. Of course we could change it if it is really important. > > W: strange-permission ipsec.init 0755 > > You don't need to have the source executable, instead do: > install -D -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/%{name} Installing it like this is already done. The file doesn't have 0755 in my repo. Johannes, could you check if that is some glitch in your tree? > > W: summary-not-capitalized C strongSwan Internet Key Exchange (v1) daemon > > W: summary-not-capitalized C strongSwan Internet Key Exchange (v2) daemon > > W: summary-not-capitalized C strongSwan plugin for LDAP > > W: summary-not-capitalized C strongSwan plugin for MySQL > > W: summary-not-capitalized C strongSwan plugin for sqlite > > W: summary-not-capitalized C strongSwan utility and crypto library > > These are just formatting issues in the summaries. The official way of capitalizing it is "strongSwan", see www.strongswan.org. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review