https://bugzilla.redhat.com/show_bug.cgi?id=2078592 --- Comment #4 from Pino Toscano <ptoscano@xxxxxxxxxx> --- Hi Petr, thanks for the review! Note that this is mostly a split of an existing binary package to its new source from the "subscription-manager" source -- see my notes in comment #1. > I am not sure why /etc/rhsm/ca directory were chosen. I think much more > appropriate would be something like /etc/pki/rhsm. Could it maybe use > symlinks to pki for backward compatibility and move certificates to > /etc/pki, where I think this kind of content belongs. We cannot really change the directory, as it is what subscription-manager uses by default; I think it is also wanted to use a separate sets of certificates than the system ones, and in general this kind of discussion would be better suited for upstream. > Those pem files do not have %config(noreplace) tag. Are they configuration > files or not? Kinda not. If I read the RPM documentation correctly, I think we should rather use %config (without noreplace), as those files are generally not modified, so we want updates to them to be available by default. > I would suggest checking at least validity of certificates in %check > section. For example by openssl tool: > > for PEM in *.pem; do > openssl x509 -in $PEM -noout -checkend 0 > done I thought about that too, however it seemed "too dumb". Proposed upstream: https://github.com/candlepin/subscription-manager-rhsm-certificates/pull/1 (In reply to Petr Menšík from comment #3) > Issues found: > - /etc/rhsm is owned both by subscription-manager and > subscription-manager-rhsm-certificates > But python3-subscription-manager-rhsm, dependency of subscription-manager, > requires certificates anyway. > I think that makes /etc/rhsm directory candidate to be owned just by > certificates and subscription-manager > could just explicitly require rhsm-certificates as well. Hm maybe something to change in subscription-manager, rather than subscription-manager-rhsm-certificates. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2078592 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
