[Bug 2174438] Review Request: painless-password-rotation - Automates password rotation using HashiCorp Vault

bugzilla@xxxxxxxxxx · Tue, 07 Mar 2023 22:07:05 +0000

https://bugzilla.redhat.com/show_bug.cgi?id=2174438

--- Comment #6 from Robby Callicotte <rcallicotte@xxxxxxxxxxx> ---
Review Items
============

In the spec file, the line:
    install -m 0600 vault-rotate
%{buildroot}%{_sysconfdir}/sysconfig/vault-rotate

Generates the following rpmlint error:
    painless-password-rotation.noarch: E: non-readable
/etc/sysconfig/vault-rotate 600

Is this file supposed to be readable only by the root user? According to the
guidelines[1],
the default mode for files is 644.  Please advise.

The following review message was observed:
    [!]: Packages should try to preserve timestamps of original installed
         files.

This can be remedied by adding install's "p" flag to the %install lines below: 
    install -m 0755 rotate-linux-password.sh
%{buildroot}%{_bindir}/rotate-linux-password.sh
    install -m 0644 systemd/rotate-password.service
%{buildroot}%{_unitdir}/rotate-password.service
    install -m 0644 systemd/rotate-password.timer
%{buildroot}%{_unitdir}/rotate-password.timer
    install -m 0600 vault-rotate
%{buildroot}%{_sysconfdir}/sysconfig/vault-rotate

The following lines:

    BuildRequires: systemd
    Requires(post): systemd
    Requires(preun): systemd
    Requires(postun): systemd

Can be simplified with:
%{?systemd_requires}

It is your choice if you want to use the short for or not.

[1] -
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_permissions

-- 
You are receiving this mail because:
You are always notified about changes to this product and component
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2174438
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue