Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=683587 --- Comment #18 from Andrew Elwell <andrew.elwell@xxxxxxxxx> 2011-11-16 06:07:21 EST --- OK - reviewing based on installation / use tests with F16 and EL6 binaries -- the 'tl;dr' version is "please can you check the dependencies in EL6" given that this package needs separate src.rpm / spec files for each release I'll do a full check on each release. That said - review for F16 is fine Normal review process: MUST Items: Rpmlint - src: PASS rpmlint ./gsi-openssh-5.8p2-2.fc16.src.rpm gsi-openssh.src: W: spelling-error %description -l en_US rlogin -> logging gsi-openssh.src: W: spelling-error %description -l en_US rsh -> rah, rs, sh gsi-openssh.src: W: spelling-error %description -l en_US untrusted -> entrusted, trusted, encrusted gsi-openssh.src: W: spelling-error %description -l en_US gsissh -> Gish gsi-openssh.src: W: strange-permission openssh-nukeacss.sh 0755L gsi-openssh.src:48: W: macro-in-comment %{version} gsi-openssh.src:49: W: macro-in-comment %{version} gsi-openssh.src:222: W: macro-in-comment %triggerun gsi-openssh.src:223: W: macro-in-comment %post gsi-openssh.src:223: W: macro-in-comment %triggerun gsi-openssh.src:279: W: macro-in-comment %patch22 gsi-openssh.src:394: W: rpm-buildroot-usage %build fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/gsissh $RPM_BUILD_ROOT%{_sbindir}/gsisshd \ gsi-openssh.src: W: invalid-url Source0: openssh-5.8p2-noacss.tar.bz2 1 packages and 0 specfiles checked; 0 errors, 13 warnings. spelling errors - false +ve strange-permission / macro-in-comment / rpm-buildroot-usage : same as the 'normal' openssh package. Nice to clean up but upstream should be fixed too. rpmlint built: PASS [aelwell@pcitgtelwell review]$ rpmlint /var/lib/mock/fedora-16-x86_64/result/gsi-openssh-5.8p2-2.fc16.x86_64.rpm gsi-openssh.x86_64: W: spelling-error %description -l en_US rlogin -> logging gsi-openssh.x86_64: W: spelling-error %description -l en_US rsh -> rah, rs, sh gsi-openssh.x86_64: W: spelling-error %description -l en_US untrusted -> entrusted, trusted, encrusted gsi-openssh.x86_64: W: file-not-utf8 /usr/share/doc/gsi-openssh-5.8p2/LICENCE gsi-openssh.x86_64: W: non-standard-gid /usr/libexec/gsissh/ssh-keysign ssh_keys gsi-openssh.x86_64: E: setgid-binary /usr/libexec/gsissh/ssh-keysign ssh_keys 02755L gsi-openssh.x86_64: E: non-standard-executable-perm /usr/libexec/gsissh/ssh-keysign 02755L gsi-openssh.x86_64: W: file-not-utf8 /usr/share/doc/gsi-openssh-5.8p2/CREDITS gsi-openssh.x86_64: E: non-readable /etc/gsissh/moduli 0600L gsi-openssh.x86_64: W: install-file-in-docs /usr/share/doc/gsi-openssh-5.8p2/INSTALL 1 packages and 0 specfiles checked; 3 errors, 7 warnings. The setgid Error matches that for openssh - ie [aelwell@pcitgtelwell review]$ ls -l /usr/libexec/openssh/ssh-keysign ---x--s--x. 1 root ssh_keys 245408 Jul 25 09:47 /usr/libexec/openssh/ssh-keysign ditto moduli: -rw-------. 1 root root 125811 Jul 25 09:47 /etc/ssh/moduli LICENCE and CREDITS matches upstream: /usr/share/doc/openssh-5.8p2/LICENCE: ISO-8859 English text /usr/share/doc/openssh-5.8p2/CREDITS: ISO-8859 English text so overall pass * Naming Guidelines - PASS * Spec matches %{name}.spec - PASS (gsi-openssh) * Packaging Guidelines - PASS previous discussions about naming, underscores, ACCS are explained and compliant. This package reuses the openssh spec file (as a diff will show) which is approved. * Licence - BSD - PASS. * Spec licence must match actual - PASS (detailed description in LICENSE) * Licence in %doc - PASS * Spec in en_US - PASS * md5sun of upsream - PASS - 123003edd779504e12e1c8b58e7ce5dc for main openssh-5.8p2-noacss.tar.bz2 file -- similar status for other release sources (matches that comparable in the openssh source) * Builds OK -- PASS For F16, on both x86_64 and i386, however the EL6 doesn't build under mock: ERROR: Command failed: # ['/usr/bin/yum-builddep', '--installroot', '/var/lib/mock/epel-6-x86_64/root/', '/var/lib/mock/epel-6-x86_64/root///builddir/build/SRPMS/gsi-openssh-5.3p1-3.el6.src.rpm'] Getting requirements for gsi-openssh-5.3p1-3.el6.src --> autoconf-2.63-5.1.el6.noarch --> automake-1.11.1-1.2.el6.noarch --> Already installed : 4:perl-5.10.1-115.el6.x86_64 --> zlib-devel-1.2.3-25.el6.x86_64 Error: No Package found for audit-libs-devel >= 2.0.5 installed OK on F16 and sanity checked: [aelwell@pcitgtelwell result]$ sudo yum localinstall ./gsi-openssh-clients-5.8p2-2.fc16.x86_64.rpm ./gsi-openssh-5.8p2-2.fc16.x86_64.rpm Loaded plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit Setting up Local Package Process Examining ./gsi-openssh-clients-5.8p2-2.fc16.x86_64.rpm: gsi-openssh-clients-5.8p2-2.fc16.x86_64 Marking ./gsi-openssh-clients-5.8p2-2.fc16.x86_64.rpm to be installed Examining ./gsi-openssh-5.8p2-2.fc16.x86_64.rpm: gsi-openssh-5.8p2-2.fc16.x86_64 Marking ./gsi-openssh-5.8p2-2.fc16.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package gsi-openssh.x86_64 0:5.8p2-2.fc16 will be installed --> Processing Dependency: libglobus_gsi_callback.so.0()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_gsi_cert_utils.so.0()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_gsi_credential.so.1()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_gsi_proxy_core.so.0()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_gsi_sysconfig.so.1()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_gss_assist.so.3()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_gssapi_gsi.so.4()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_oldgaa.so.0()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_openssl.so.0()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_openssl_error.so.0()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 --> Processing Dependency: libglobus_proxy_ssl.so.1()(64bit) for package: gsi-openssh-5.8p2-2.fc16.x86_64 ---> Package gsi-openssh-clients.x86_64 0:5.8p2-2.fc16 will be installed --> Running transaction check ---> Package globus-gsi-callback.x86_64 0:2.8-2.fc16 will be installed ---> Package globus-gsi-cert-utils.x86_64 0:6.7-2.fc16 will be installed ---> Package globus-gsi-credential.x86_64 0:3.5-3.fc16 will be installed ---> Package globus-gsi-openssl-error.x86_64 0:0.14-8.fc16 will be installed ---> Package globus-gsi-proxy-core.x86_64 0:4.7-2.fc16 will be installed ---> Package globus-gsi-proxy-ssl.x86_64 0:2.3-3.fc16 will be installed ---> Package globus-gsi-sysconfig.x86_64 0:3.2-1.fc16 will be installed ---> Package globus-gss-assist.x86_64 0:5.10-1.fc16 will be installed ---> Package globus-gssapi-gsi.x86_64 0:7.8-1.fc16 will be installed ---> Package globus-openssl-module.x86_64 0:1.3-3.fc16 will be installed --> Finished Dependency Resolution Dependencies Resolved =========================================================================================================================================== Package Arch Version Repository Size =========================================================================================================================================== Installing: gsi-openssh x86_64 5.8p2-2.fc16 /gsi-openssh-5.8p2-2.fc16.x86_64 721 k gsi-openssh-clients x86_64 5.8p2-2.fc16 /gsi-openssh-clients-5.8p2-2.fc16.x86_64 652 k Installing for dependencies: globus-gsi-callback x86_64 2.8-2.fc16 fedora 34 k globus-gsi-cert-utils x86_64 6.7-2.fc16 fedora 18 k globus-gsi-credential x86_64 3.5-3.fc16 fedora 30 k globus-gsi-openssl-error x86_64 0.14-8.fc16 fedora 15 k globus-gsi-proxy-core x86_64 4.7-2.fc16 fedora 30 k globus-gsi-proxy-ssl x86_64 2.3-3.fc16 fedora 17 k globus-gsi-sysconfig x86_64 3.2-1.fc16 fedora 26 k globus-gss-assist x86_64 5.10-1.fc16 fedora 28 k globus-gssapi-gsi x86_64 7.8-1.fc16 fedora 49 k globus-openssl-module x86_64 1.3-3.fc16 fedora 14 k Transaction Summary =========================================================================================================================================== Install 12 Packages Total size: 1.6 M Total download size: 261 k Installed size: 1.6 M Is this ok [y/N]: y Downloading Packages: (1/10): globus-gsi-callback-2.8-2.fc16.x86_64.rpm | 34 kB 00:00 (2/10): globus-gsi-cert-utils-6.7-2.fc16.x86_64.rpm | 18 kB 00:00 (3/10): globus-gsi-credential-3.5-3.fc16.x86_64.rpm | 30 kB 00:00 (4/10): globus-gsi-openssl-error-0.14-8.fc16.x86_64.rpm | 15 kB 00:00 (5/10): globus-gsi-proxy-core-4.7-2.fc16.x86_64.rpm | 30 kB 00:00 (6/10): globus-gsi-proxy-ssl-2.3-3.fc16.x86_64.rpm | 17 kB 00:00 (7/10): globus-gsi-sysconfig-3.2-1.fc16.x86_64.rpm | 26 kB 00:00 (8/10): globus-gss-assist-5.10-1.fc16.x86_64.rpm | 28 kB 00:00 (9/10): globus-gssapi-gsi-7.8-1.fc16.x86_64.rpm | 49 kB 00:00 (10/10): globus-openssl-module-1.3-3.fc16.x86_64.rpm | 14 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------- Total 209 kB/s | 261 kB 00:01 Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Installing : globus-gsi-openssl-error-0.14-8.fc16.x86_64 1/12 Installing : globus-gsi-proxy-ssl-2.3-3.fc16.x86_64 2/12 Installing : globus-gsi-sysconfig-3.2-1.fc16.x86_64 3/12 Installing : globus-openssl-module-1.3-3.fc16.x86_64 4/12 Installing : globus-gsi-cert-utils-6.7-2.fc16.x86_64 5/12 Installing : globus-gsi-callback-2.8-2.fc16.x86_64 6/12 Installing : globus-gsi-credential-3.5-3.fc16.x86_64 7/12 Installing : globus-gsi-proxy-core-4.7-2.fc16.x86_64 8/12 Installing : globus-gssapi-gsi-7.8-1.fc16.x86_64 9/12 Installing : globus-gss-assist-5.10-1.fc16.x86_64 10/12 Installing : gsi-openssh-5.8p2-2.fc16.x86_64 11/12 Installing : gsi-openssh-clients-5.8p2-2.fc16.x86_64 12/12 Installed: gsi-openssh.x86_64 0:5.8p2-2.fc16 gsi-openssh-clients.x86_64 0:5.8p2-2.fc16 Dependency Installed: globus-gsi-callback.x86_64 0:2.8-2.fc16 globus-gsi-cert-utils.x86_64 0:6.7-2.fc16 globus-gsi-credential.x86_64 0:3.5-3.fc16 globus-gsi-openssl-error.x86_64 0:0.14-8.fc16 globus-gsi-proxy-core.x86_64 0:4.7-2.fc16 globus-gsi-proxy-ssl.x86_64 0:2.3-3.fc16 globus-gsi-sysconfig.x86_64 0:3.2-1.fc16 globus-gss-assist.x86_64 0:5.10-1.fc16 globus-gssapi-gsi.x86_64 0:7.8-1.fc16 globus-openssl-module.x86_64 0:1.3-3.fc16 Complete! [aelwell@pcitgtelwell result]$ gsissh -V OpenSSH_5.8p1 GSI_GSSAPI_20110531 GSI, OpenSSL 1.0.0e-fips 6 Sep 2011 * Excluded Arch - None Mentioned. N/A * BuildRequires - PASS * locales - None listed - PASS * Shared libraries call ldconfig - N/A * System Libraries - None bundled. PASS * Non-relocatable package - N/A * Directory Ownweship - PASS * Dup files listed in spec - PASS * Permissions - PASS. see note above about setgid. * Macros - PASS * Package contains code - PASS * -doc subpackage - N/A - small no of small files. * %doc files non-critical - PASS * -devel package - N/A - no .h files bundled * -static package - N/A - no static libs bundled * suffixed library files - N/A - none bundled. * devel is fully versioned - N/A - no -devel package built. * Libtool .la - PASS. None present * GUI - PASS. N/A * owning other files - PASS. clashing (manpage / openssh) files are removed at build time. * UTF-8 filenames - PASS. SHOULD Items: * Licence file - PASS. As upstream. * non-english - N/A - Same as upstream openssh * mockbuilds - PASS (F16 / EL6 tested) * Functional tests: F16-x86_64 client OK, Positive fail against a machine my key's NOT installed on: [aelwell@pcitgtelwell review]$ voms-proxy-init --debug Detected Globus version: 2.2 Unspecified proxy version, settling on Globus version: 2 Number of bits in key :1024 Files being used: CA certificate file: none Trusted certificates directory : /etc/grid-security/certificates Proxy certificate file : /tmp/x509up_u500 User certificate file: /home/aelwell/.globus/usercert.pem User key file: /home/aelwell/.globus/userkey.pem Output to /tmp/x509up_u500 Enter GRID pass phrase: Your identity: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=aelwell/CN=671736/CN=Andrew Elwell Creating proxy to /tmp/x509up_u500 .....................................++++++ .....++++++ Done Your proxy is valid until Wed Nov 16 23:55:59 2011 [aelwell@pcitgtelwell review]$ gsissh -vv voalice12 -p 1975 OpenSSH_5.8p1 GSI_GSSAPI_20110531 GSI, OpenSSL 1.0.0e-fips 6 Sep 2011 debug1: Reading configuration data /home/aelwell/.ssh/config debug1: Applying options for * debug1: Reading configuration data /etc/gsissh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to voalice12 [128.142.198.14] port 1975. debug1: Connection established. debug2: key_type_from_name: unknown key type '-----BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-----END' debug1: identity file /home/aelwell/.ssh/id_rsa type 1 debug1: identity file /home/aelwell/.ssh/id_rsa-cert type -1 debug1: identity file /home/aelwell/.ssh/id_dsa type -1 debug1: identity file /home/aelwell/.ssh/id_dsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.0p1-hpn13v1 NCSA_GSSAPI_GPT_4.3 GSI debug1: match: OpenSSH_5.0p1-hpn13v1 NCSA_GSSAPI_GPT_4.3 GSI pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8 debug2: fd 3 setting O_NONBLOCK debug1: Offering GSSAPI proposal: gss-gex-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group1-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group14-sha1-dZuIebMjgUqaxvbF7hDbAw== debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: gss-gex-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group1-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group14-sha1-dZuIebMjgUqaxvbF7hDbAw==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@xxxxxxxxxxx,ssh-rsa-cert-v00@xxxxxxxxxxx,ssh-rsa,ssh-dss-cert-v01@xxxxxxxxxxx,ssh-dss-cert-v00@xxxxxxxxxxx,ssh-dss,null debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: gss-gex-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group1-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group14-sha1-dZuIebMjgUqaxvbF7hDbAw==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: Doing group exchange debug2: dh_gen_key: priv key bits set: 131/256 debug2: bits set: 527/1024 debug1: Calling gss_init_sec_context debug1: Delegating credentials debug1: Received GSSAPI_CONTINUE debug1: Calling gss_init_sec_context debug1: Delegating credentials debug1: Received GSSAPI_CONTINUE debug1: Calling gss_init_sec_context debug1: Delegating credentials debug1: Received GSSAPI_CONTINUE debug1: Calling gss_init_sec_context debug1: Delegating credentials debug1: Received GSSAPI_COMPLETE debug2: bits set: 508/1024 debug1: Rekey has happened - updating saved versions debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/aelwell/.ssh/id_rsa (0x7fcff4b0c750) debug2: key: aelwell@xxxxxxxxxxxxxxxxxxxx (0x7fcff4b7d5d0) debug2: key: /home/aelwell/.ssh/id_dsa ((nil)) debug1: Authentications that can continue: gssapi-keyex,external-keyx,gssapi-with-mic,gssapi debug1: Next authentication method: gssapi-keyex debug2: we sent a gssapi-keyex packet, wait for reply debug1: Remote: failed to set username from gssapi context debug1: Authentications that can continue: gssapi-keyex,external-keyx,gssapi-with-mic,gssapi debug2: we did not send a packet, disable method debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Delegating credentials debug1: Delegating credentials debug1: Delegating credentials debug1: Delegating credentials debug1: Authentications that can continue: gssapi-keyex,external-keyx,gssapi-with-mic,gssapi debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (gssapi-keyex,external-keyx,gssapi-with-mic,gssapi). I'd install the server but mockbuild on EL6 fails -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review