https://bugzilla.redhat.com/show_bug.cgi?id=2274150 --- Comment #3 from Dominik Wombacher <dominik@xxxxxxxxxxxx> --- Thanks for your initial spec Review Neal. > > %define __spec_install_post %{nil} > > %define debug_package %{nil} > > %define __os_install_post %{_dbpath}/brp-compress > > What's all this for? We shouldn't need any of this... I have to admit, idk. Removed. Next time I will highlight which lines I'm not sure about and seek guidance. > > %global with_selinux 1 > > We do not need a conditional if it's always enabled, so drop it. Dropped. > > Requires: openssh >= 6.9.0, coreutils, openssh-server >= 6.9.0, openssl, curl, systemd > > Requires(pre): glibc-common, shadow-utils, systemd, systemd-units > > Requires(post): grep, coreutils, openssh-server >= 6.9.0, systemd, systemd-units > > Requires(preun): systemd, systemd-units > > Requires(postun): shadow-utils, systemd, systemd-units > > Please reformat this to have one dependency per line instead of listing them out like this. That makes it easier to recognize in diffs. Done. > > # Create/configure system user > > %{_bindir}/getent passwd ec2-instance-connect || %{_sbindir}/useradd -r -M -s %{_sbindir}/nologin ec2-instance-connect > > %{_sbindir}/usermod -L ec2-instance-connect > > This needs to be converted to sysusers. Done. > Additionally, all the scriptlets need to be rethought, we can't have scriptlets modifying things like this when drop-in files can be shipped in subpackages or whatnot. As discussed via Matrix, upstream it was done that way to have some sort of safeguard to not affect a already existing `AuthorizedKeysCommand` config. More details here: https://github.com/aws/aws-ec2-instance-connect-config/issues/19 As you suggested, I moved the shell printf part to create a drop-in file into a separate file that is used in the sub-package `ec2-instance-connect-config`. `ec2-instance-connect` recommends the config sub-package. It can be removed by a User in case of issues with a current config (sshd_config, another drop-in file). In that case the actual ec2-instance-connect scripts and selinux policy can stay on the system and used by applying the `AuthorizedKeysCommand` settings manually. New version from latest copr build (https://copr.fedorainfracloud.org/coprs/wombelix/ec2-instance-connect/build/7337112/): - Spec: https://download.copr.fedorainfracloud.org/results/wombelix/ec2-instance-connect/fedora-rawhide-x86_64/07337112-ec2-instance-connect/ec2-instance-connect.spec - SRPM: https://download.copr.fedorainfracloud.org/results/wombelix/ec2-instance-connect/fedora-rawhide-x86_64/07337112-ec2-instance-connect/ec2-instance-connect-1.1.17-1.fc41.src.rpm -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2274150 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202274150%23c3 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
