https://bugzilla.redhat.com/show_bug.cgi?id=1200389 Petr Pisar <ppisar@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |182235 (FE-Legal) --- Comment #10 from Petr Pisar <ppisar@xxxxxxxxxx> --- > FIX: Source0 is invalid: Source archive is original (SHA-256: a9a248456f06de31475da8e3aeb673b1617bfa677fd4ee4869e4e67c3a0879a2). Ok. > FIX: Many Makefile.in files hard-code C compiler optimization level > (CFLAGS_OPT variable). Distribution's CCFLAGS should be respected. Following files still inject -O2: src/bindings-pkcs11/Makefile.in:4 (this is followed by system CFLAGS) src/pkcs11proxyd/Makefile.in:7 > TODO: The patches are prefixed `ocaml-crush', while the package is called > `caml-crush'. Please rename the patches to start with `caml-crush-1.0.4'. Ok. > > FIX: Do not bundle filter.conf (Source1). Patch src/pkcs11proxyd/filter.conf > > instead. The difference is 4 lines only. > Not done. I do want to keep a fedora config file which I control. Ok. > TODO: Use printf(1) instead of echo(1) in pkcs11proxyd-init. Handling escape > sequences is undefined by POSIX. Not addressed. Ok. > TODO: Consider using <https://fedoraproject.org/wiki/Packaging:Tmpfiles.d> > instead of manual named socket handling by pkcs11proxyd-post. Not addressed. Ok. > TODO: Remove initial `a' from Summary. Ok. Summary is Ok. Description is Ok. TODO: The caml-crush description reads `This software is a computer program' which sound a little bit redundant. I would remove the phrase. FIX: License tag is wrong. Found licenses: CeCILL-B (src/rpc-pkcs11/rpc_helpers.ml, src/client-lib/modwrap_crpc.c etc.) RSA??? (src/bindings-pkcs11/pkcs11t.h, src/bindings-pkcs11/original_pkcs11.h) GPLv2+ (src/bindings-pkcs11/des.h) GPLv3+ (config.guess) CeCILL (LICENSE.txt, covers other files without a license statement probably. Actually this is the only file where this license is mentioned. Authors included wrong license text probably. Please raise a question.) Please add this listing as a comment into spec file to document source code licenses in contrast to License tag which covers binary RPMs only. Change License tag to `CeCILL and CeCILL-B and RSA???' for the caml-crush package, change License tag to `CeCILL and CeCILL-B' for caml-crush-softhsm package: config.guess is not installed. src/bindings-pkcs11/des.h is not included because --with-aliasing is not passed to configure. src/bindings-pkcs11/pkcs11t.h is included by src/bindings-pkcs11/pkcs11_functions.c and linked into pkcs11proxyd executable. FIX: The src/bindings-pkcs11/pkcs11t.h file has unknown license <https://fedoraproject.org/wiki/Licensing>: /* License to copy and use this software is granted provided that it is * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface * (Cryptoki)" in all material mentioning or referencing this software. * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. */ Ask fedora-legal to identify it and assign an identifier. Then replace the RSA??? with it. FIX: Build-require `systemd' for %{_unitdir} macro in the spec file. TODO: Remove redundant configure arguments: --bindir, --libdir FIX: Require(pre) `shadow-utils because of useradd in %pre section. FIX: Add `exit 0' at the end of %pre section <https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation>. RPM scriptlets are not allowed to fail in Fedora. TODO: Run-require p11-kit by caml-cruh-softhsm pacakge for %{_datadir}/p11-kit/modules directory. $ rpmlint caml-crush.spec ../SRPMS/caml-crush-1.0.4-3.fc23.src.rpm ../RPMS/x86_64/caml-crush-* caml-crush.src: W: strange-permission pkcs11proxyd-init 0755L caml-crush.x86_64: W: no-manual-page-for-binary pkcs11proxyd caml-crush-softhsm.x86_64: W: no-documentation caml-crush-softhsm.x86_64: W: non-standard-uid /var/lib/pkcs11proxyd/softhsm.conf pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-gid /var/lib/pkcs11proxyd/softhsm.conf pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-uid /var/lib/pkcs11proxyd/.config/pkcs11 pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-gid /var/lib/pkcs11proxyd/.config/pkcs11 pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-uid /var/lib/pkcs11proxyd/.config/pkcs11/pkcs11.conf pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-gid /var/lib/pkcs11proxyd/.config/pkcs11/pkcs11.conf pkcs11proxyd caml-crush-softhsm.x86_64: E: script-without-shebang /var/lib/pkcs11proxyd/.config/pkcs11/pkcs11.conf caml-crush-softhsm.x86_64: W: non-conffile-in-etc /etc/pkcs11proxyd/filter-softhsm.conf caml-crush-softhsm.x86_64: W: non-standard-uid /var/lib/pkcs11proxyd/.config/pkcs11/modules/softhsm.module pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-gid /var/lib/pkcs11proxyd/.config/pkcs11/modules/softhsm.module pkcs11proxyd caml-crush-softhsm.x86_64: E: script-without-shebang /var/lib/pkcs11proxyd/.config/pkcs11/modules/softhsm.module caml-crush-softhsm.x86_64: W: non-standard-uid /var/lib/pkcs11proxyd/.config pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-gid /var/lib/pkcs11proxyd/.config pkcs11proxyd caml-crush-softhsm.x86_64: W: hidden-file-or-dir /var/lib/pkcs11proxyd/.config caml-crush-softhsm.x86_64: W: hidden-file-or-dir /var/lib/pkcs11proxyd/.config caml-crush-softhsm.x86_64: W: non-conffile-in-etc /etc/pkcs11proxyd/pkcs11proxyd-softhsm.conf caml-crush-softhsm.x86_64: W: non-standard-uid /var/lib/pkcs11proxyd pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-gid /var/lib/pkcs11proxyd pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-uid /var/lib/pkcs11proxyd/.config/pkcs11/modules pkcs11proxyd caml-crush-softhsm.x86_64: W: non-standard-gid /var/lib/pkcs11proxyd/.config/pkcs11/modules pkcs11proxyd caml-crush-softhsm.x86_64: W: no-manual-page-for-binary pkcs11proxyd-init 4 packages and 1 specfiles checked; 2 errors, 22 warnings. FIX: Remove executable bit from /var/lib/pkcs11proxyd/.config/pkcs11/pkcs11.conf and /var/lib/pkcs11proxyd/.config/pkcs11/modules/softhsm.module. FIX: Mark /etc/pkcs11proxyd/filter-softhsm.conf and /etc/pkcs11proxyd/pkcs11proxyd-softhsm.conf as configuration file by `%config(noreplace)' in the %files section. $ rpm -q -lv -p ../RPMS/x86_64/caml-crush-1.0.4-3.fc23.x86_64.rpm drwxr-xr-x 2 root root 0 Mar 19 09:37 /etc/pkcs11proxyd -rw-r--r-- 1 root root 10861 Mar 19 09:37 /etc/pkcs11proxyd/filter.conf -rw-r--r-- 1 root root 2356 Mar 19 07:41 /etc/pkcs11proxyd/pkcs11proxyd.conf -rwxr-xr-x 1 root root 113992 Mar 19 09:37 /usr/lib64/pkcs11/libp11client.so -rwxr-xr-x 1 root root 4067512 Mar 19 09:37 /usr/sbin/pkcs11proxyd drwxr-xr-x 2 root root 0 Mar 19 09:37 /usr/share/doc/caml-crush -rw-r--r-- 1 root root 9425 Dec 2 09:41 /usr/share/doc/caml-crush/ISSUES.md -rw-r--r-- 1 root root 3645 Dec 2 09:41 /usr/share/doc/caml-crush/README.md drwxr-xr-x 2 root root 0 Mar 19 09:37 /usr/share/licenses/caml-crush -rw-r--r-- 1 root root 21781 Dec 2 09:41 /usr/share/licenses/caml-crush/LICENSE.txt File permissions and layout are Ok. $ rpm -q -lv -p ../RPMS/x86_64/caml-crush-softhsm-1.0.4-3.fc23.x86_64.rpm -rw-r--r-- 1 root root 10861 Mar 19 09:37 /etc/pkcs11proxyd/filter-softhsm.conf -rw-r--r-- 1 root root 2364 Mar 19 07:41 /etc/pkcs11proxyd/pkcs11proxyd-softhsm.conf -rw-r--r-- 1 root root 485 Mar 19 07:41 /usr/lib/systemd/system/pkcs11proxyd-softhsm.service -rwxr-xr-x 1 root root 114000 Mar 19 09:37 /usr/lib64/pkcs11/libp11clientsofthsm.so -rwxr-xr-x 1 root root 779 Mar 19 07:41 /usr/sbin/pkcs11proxyd-init -rw-r--r-- 1 root root 380 Mar 19 07:41 /usr/share/p11-kit/modules/pkcs11proxyd-softhsm.module drwxr-xr-x 2 pkcs11prpkcs11pr 0 Mar 19 09:37 /var/lib/pkcs11proxyd drwxr-xr-x 2 pkcs11prpkcs11pr 0 Mar 19 09:37 /var/lib/pkcs11proxyd/.config drwxr-xr-x 2 pkcs11prpkcs11pr 0 Mar 19 09:37 /var/lib/pkcs11proxyd/.config/pkcs11 drwxr-xr-x 2 pkcs11prpkcs11pr 0 Mar 19 09:37 /var/lib/pkcs11proxyd/.config/pkcs11/modules -rwxr-xr-x 1 pkcs11prpkcs11pr 23 Mar 19 07:41 /var/lib/pkcs11proxyd/.config/pkcs11/modules/softhsm.module -rwxr-xr-x 1 pkcs11prpkcs11pr 18 Mar 19 07:41 /var/lib/pkcs11proxyd/.config/pkcs11/pkcs11.conf -rw-r--r-- 1 pkcs11prpkcs11pr 79 Mar 19 07:41 /var/lib/pkcs11proxyd/softhsm.conf FIX: Remove executable bit from /var/lib/pkcs11proxyd/.config/pkcs11/pkcs11.conf and /var/lib/pkcs11proxyd/.config/pkcs11/modules/softhsm.module. $ rpm -q --requires -p ../RPMS/x86_64/caml-crush-1.0.4-3.fc23.x86_64.rpm | sort -f | uniq -c 4 /bin/sh 1 config(caml-crush) = 1.0.4-3.fc23 1 libc.so.6()(64bit) 1 libc.so.6(GLIBC_2.14)(64bit) 1 libc.so.6(GLIBC_2.15)(64bit) 1 libc.so.6(GLIBC_2.2.5)(64bit) 1 libc.so.6(GLIBC_2.3)(64bit) 1 libc.so.6(GLIBC_2.3.2)(64bit) 1 libc.so.6(GLIBC_2.3.4)(64bit) 1 libc.so.6(GLIBC_2.4)(64bit) 1 libc.so.6(GLIBC_2.7)(64bit) 1 libc.so.6(GLIBC_2.8)(64bit) 1 libdl.so.2()(64bit) 1 libdl.so.2(GLIBC_2.2.5)(64bit) 1 libm.so.6()(64bit) 1 libm.so.6(GLIBC_2.2.5)(64bit) 1 libpthread.so.0()(64bit) 1 libpthread.so.0(GLIBC_2.2.5)(64bit) 1 librt.so.1()(64bit) 1 librt.so.1(GLIBC_2.2.5)(64bit) 1 librt.so.1(GLIBC_2.3.3)(64bit) 1 rpmlib(CompressedFileNames) <= 3.0.4-1 1 rpmlib(FileDigests) <= 4.6.0-1 1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 1 rpmlib(PayloadIsXz) <= 5.2-1 1 rtld(GNU_HASH) Binary requires are Ok. $ rpm -q --requires -p ../RPMS/x86_64/caml-crush-softhsm-1.0.4-3.fc23.x86_64.rpm | sort -f | uniq -c 1 /bin/sh 1 caml-crush(x86-64) = 1.0.4-3.fc23 1 inotify-tools 1 libc.so.6()(64bit) 1 libc.so.6(GLIBC_2.14)(64bit) 1 libc.so.6(GLIBC_2.2.5)(64bit) 1 libc.so.6(GLIBC_2.3.4)(64bit) 1 libc.so.6(GLIBC_2.4)(64bit) 1 libpthread.so.0()(64bit) 1 libpthread.so.0(GLIBC_2.2.5)(64bit) 1 rpmlib(CompressedFileNames) <= 3.0.4-1 1 rpmlib(FileDigests) <= 4.6.0-1 1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 1 rpmlib(PayloadIsXz) <= 5.2-1 1 rtld(GNU_HASH) 1 softhsm 3 systemd 1 util-linux Binary provides are Ok. $ rpm -q --provides -p ../RPMS/x86_64/caml-crush-1.0.4-3.fc23.x86_64.rpm | sort -f | uniq -c 1 caml-crush = 1.0.4-3.fc23 1 caml-crush(x86-64) = 1.0.4-3.fc23 1 config(caml-crush) = 1.0.4-3.fc23 1 libp11client.so()(64bit) Fix: Do not provide `libp11client.so()(64bit)'. It's a private library in non-standard path (/usr/lib64/pkcs11/libp11client.so). $ rpm -q --provides -p ../RPMS/x86_64/caml-crush-softhsm-1.0.4-3.fc23.x86_64.rpm | sort -f | uniq -c 1 caml-crush-softhsm = 1.0.4-3.fc23 1 caml-crush-softhsm(x86-64) = 1.0.4-3.fc23 1 libp11clientsofthsm.so()(64bit) FIX: Do not provide `libp11clientsofthsm.so()(64bit)` because it's not in the standard path recognized by a linker. $ resolvedeps rawhide ../RPMS/x86_64/caml-crush-1.0.4-3.fc23.x86_64.rpm ../RPMS/x86_64/caml-crush-softhsm-1.0.4-3.fc23.x86_64.rpm Binary dependencies resolvable. Ok. Package builds in F23 (http://koji.fedoraproject.org/koji/taskinfo?taskID=9272455). Ok. TODO: debuginfo generator complains on missing source files: cpio: caml-crush-1.0.4/src/client-lib/modwrap_.c: Cannot stat: No such file or directory cpio: caml-crush-1.0.4/src/client-lib/modwrap_softhsm.c: Cannot stat: No such file or directory Otherwise the package is inline with Fedora packaging guidelines. Please correct all `FIX' items, consider fixing `TODO' items, and provide new spec file. Resolution: NOT approved. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=182235 [Bug 182235] Fedora Legal Tracker -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review