https://bugzilla.redhat.com/show_bug.cgi?id=1421506 Bug ID: 1421506 Summary: Review Request: smlnj - Standard ML of New Jersey Product: Fedora Version: rawhide Component: Package Review Severity: medium Priority: medium Assignee: nobody@xxxxxxxxxxxxxxxxx Reporter: dmoerner@xxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: package-review@xxxxxxxxxxxxxxxxxxxxxxx Spec URL: https://dmoerner.fedorapeople.org/smlnj/smlnj.spec SRPM URL: https://dmoerner.fedorapeople.org/smlnj/smlnj-110.80-1.fc26.src.rpm Description: Standard ML of New Jersey (SML/NJ) is a compiler and programming environment for the Standard ML programming language. It was originally developed jointly at Bell Laboratories and Princeton University, and is now a joint project between researchers at Bell Laboratories, Lucent Technologies, Princeton University, Yale University (The FLINT Project), AT&T Research, and the University of Chicago. Fedora Account System Username: dmoerner This is a complicated spec and review. I welcome all feedback, even if you are not in a position to offer a full review. I have built on previous work by Ricky Zhou in an older review request, https://bugzilla.redhat.com/show_bug.cgi?id=670088 Comments for potential reviewers: 1. Note that this package is self-bootstrapping, and so will need Fedora Packaging Committee approval. Successful koji build using upstream precompiled binaries: https://koji.fedoraproject.org/koji/taskinfo?taskID=17823150 Logs and rpms from successful local mock self-bootstrapping using the koji rpms: https://dmoerner.fedorapeople.org/smlnj/self-bootstrap-logs/ 2. SML/NJ is 32-bit only, and of the 32 bit arches available in Fedora, has only been bootstrapped on x86. After asking around in IRC, I made the package ExclusiveArch: %{ix86}. If this is incorrect, and I should use ExcludeArch, it is easy to change. (I do not believe that being only available on x86 makes SML/NJ a bad candidate for the archive. Upstream is still active, and very slowly working on 64-bit support, and SML/NJ is actively used in a variety of academic environments.) 3. Upstream builds a static library, which can be used by the user to build statically linked SML binaries using the supplied heap2exec script. I have chosen to package this library in a separate -static subpackage. It could, however, just be removed entirely. 4. rpmlint output and commentary: smlnj.i686: E: missing-call-to-setgroups-before-setuid /usr/lib/smlnj/bin/.run/run.x86-linux.so smlnj.i686: E: missing-call-to-setgroups-before-setuid /usr/lib/smlnj/bin/.run/run.x86-linux I have looked carefully into this and I believe that this is not an issue. The setuid calls come base/runtime/c-libs/posix-procenv/setuid.c, part of where SML/NJ implements an SML function for the C setuid command, as part of implementing POSIX.1-2001. There could be a risk here that a user-constructed SML program could use this function in a dangerous way. But so far as I can see, this is a risk shared by any compiler that only implements POSIX.1-2001, of which setgroups is not a part. smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.run-sml smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.heap smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.heap smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.arch-n-opsys smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.run smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.run smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.link-sml These hidden files are baked into upstream. I removed about 170 of these warnings by setting the variable CM_DIR_ARC, but these last 7 cannot be removed without major patching. smlnj-static.i686: W: no-documentation No issue; see note #3 above. Thanks! -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
