[Bug 226214] Merge Review: openldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Merge Review: openldap


https://bugzilla.redhat.com/show_bug.cgi?id=226214





------- Additional Comments From jsafrane@xxxxxxxxxx  2008-01-25 10:08 EST -------
Thanks for review!

> rpmlint on SRPM:
> 
> openldap.src:351: E: use-of-RPM_SOURCE_DIR
> You use $RPM_SOURCE_DIR or %{_sourcedir} in your spec file. If you have to
> use a directory for building, use $RPM_BUILD_ROOT instead.

Fixed

> openldap.src:750: W: macro-in-%changelog _sbindir
> Macros are expanded in %changelog too, which can in unfortunate cases lead

All macros in changelog are fixed.

> openldap.src: W: mixed-use-of-spaces-and-tabs

Fixed

> rpmlint on rpms:
> 
> openldap.i386: W: obsolete-not-provided compat-openldap
> If a package is obsoleted by a compatible replacement, the obsoleted package
> must also be provided in order to provide clean upgrade paths and not cause
> unnecessary dependency breakage.  If the obsoleting package is not a compatible
> replacement for the old one, leave out the provides.
> 

The compat-openldap is *not* obsoleted by compatible replacement. It just does
not exists anymore and I want it to be removed on update (otherwise openldap
cannot be updated by yum, because compat-openldap will require the same version
of openldap to be installed).

> openldap-clients.i386: W: summary-ended-with-dot Client programs for OpenLDAP.
> Summary ends with a dot.
>
> openldap-devel.i386: W: summary-ended-with-dot OpenLDAP development libraries
> and header files.
> Summary ends with a dot.

Both fixed.

> openldap-devel.i386: W: file-not-utf8
> /usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt
> The character encoding of this file is not UTF-8.  
> 
> openldap-devel.i386: W: file-not-utf8
> /usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-acl-model-xx.txt
> The character encoding of this file is not UTF-8.  

It's some sort of official document and I dont' think it's appropriate to
convert it to UTF-8. Apart from that, there are only 3 non-UTF-* characters in
these documents.

> openldap-devel.i386: W: one-line-command-in-%post /sbin/ldconfig
> You should use %post -p <command>

Fixed

> openldap-servers.i386: W: non-conffile-in-etc /etc/openldap/schema/README
> A non-executable file in your package is being installed in /etc, but is not
> a configuration file. All non-executable files in /etc should be configuration
> files. Mark the file as %config in the spec file.
> 
> Possibly move to %doc, rename schema-README?

Moved to %doc as README.schema

> openldap-servers.i386: E: non-readable /etc/sysconfig/ldap 0640
> The file can't be read by everybody.

It is readable now.

> openldap-servers.i386: E: non-standard-gid /etc/openldap/slapd.conf ldap
> A file in this package is owned by a non standard group.

Filed bug #430206 (together with other guid/uid reports)

> openldap-servers.i386: E: executable-marked-as-config-file /etc/rc.d/init.d/ldap
> Executables must not be marked as config files because that may
> prevent upgrades from working correctly.

Fixed

> openldap-servers.i386: W: non-conffile-in-etc /etc/openldap/DB_CONFIG.example
> A non-executable file in your package is being installed in /etc, but is not
> a configuration file. All non-executable files in /etc should be configuration
> files. Mark the file as %config in the spec file.
> 
> Move to %doc?

Not sure about this. People are used that this file is in /etc. I'll keep it
there as %config. 

> openldap-servers.i386: E: non-standard-dir-perm /var/lib/ldap 0700
> A standard directory should have permission set to 0755. If you get this
> message, it means that you have wrong directory permissions in some dirs
> included in your package.
>
> Ok.

I'd like to keep it 0700 too, users should not read ldap database files unless
admin explicitly allows it

> openldap-servers.i386: W: summary-ended-with-dot OpenLDAP servers and related
files.
> Summary ends with a dot.
 
Fixed

> openldap-servers.i386: W: conffile-without-noreplace-flag
> /etc/pki/tls/certs/slapd.pem
> A configuration file is stored in your package without the noreplace flag.
> A way to resolve this is to put the following in your SPEC file:

Fixed.

> %config(noreplace) /etc/your_config_file_here
> 
> openldap-servers.i386: W: conffile-without-noreplace-flag /etc/rc.d/init.d/ldap
> A configuration file is stored in your package without the noreplace flag.
> A way to resolve this is to put the following in your SPEC file:
> 
> %config(noreplace) /etc/your_config_file_here

Not fixed - init.d/ldap is not config file anymore.
 
> openldap-servers.i386: E: file-in-usr-marked-as-conffile
> /usr/share/openldap/migration/migrate_common.ph
> A file in /usr is marked as being a configuration file.
> Store your conf files in /etc/ instead.
> 
> Why is this marked conf and not in etc?

It contains configuration of migration tools. Whole concept of migration tools
stored in /usr/share is somewhat weird, see bug #236697. I'll remove the %config
for now and try to separate it to standalone package later.

> openldap-servers.i386: W: spurious-bracket-in-%pre
> The %pre scriptlet contains an "if []" construct without a space before
> the "]".
> openldap-servers.i386: W: spurious-bracket-in-%preun
> The %preun scriptlet contains an "if []" construct without a space before
> the "]".

Can't find it - %pre/%preun servers has all brackets correct. Rpmlint is maybe
confused by '/var/lib/ldap/[a]lock'???
 
> openldap-servers.i386: W: dangerous-command-in-%pre chown
> openldap-servers.i386: W: dangerous-command-in-%post rm
> openldap-servers.i386: W: dangerous-command-in-%preun rm

This is ok, there is some magic to upgrade database to new version when the
package is being updated.

> openldap-servers.i386: W: no-reload-entry /etc/rc.d/init.d/ldap
> In your init script (/etc/rc.d/init.d/your_file), you don't
> have a 'reload' entry, which is necessary for good functionality.

To be fixed as part of bug #247012.
 
> openldap-servers.i386: W: incoherent-init-script-name ldap
> The init script name should be the same as the package name in lower case,
> or one with 'd' appended if it invokes a process by that name.
> 
> What would be broken if this was fixed?

It would probably break nothing, but people are used to it. I'd like to keep it
as it is.

> openldap-servers-sql.i386: W: spurious-executable-perm
> /usr/share/doc/openldap-servers-sql-2.4.7/rdbms_depend/timesten/create_schema.sh
> /usr/share/doc/openldap-servers-sql-2.4.7/rdbms_depend/timesten/ttcreate_schema.sh
> The file is installed with executable permissions, but was identified as one
> that probably should not be executable.  Verify if the executable bits are
> desired, and remove if not.

Executability removed.
 
> openldap-servers-sql.i386: W: summary-ended-with-dot OpenLDAP server SQL support
> module.
> Summary ends with a dot.
 
Fixed.

> Should .a files be in a -static subpackage?

Is there any .a file? I hope not. If you mean .la files, these are necessary to
load openldap modules. I did not find any way how to make modules work without
them :(.

I fixed the glitches mentioned above and created openldap-2.4.7-4, which has
following rpmlint problems, all commented above.

openldap.i386: W: obsolete-not-provided compat-openldap
openldap-devel.i386: W: file-not-utf8
/usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt
openldap-devel.i386: W: file-not-utf8
/usr/share/doc/openldap-devel-2.4.7/drafts/draft-ietf-ldapext-acl-model-xx.txt
openldap-servers.i386: E: non-standard-gid /etc/openldap/slapd.conf ldap
openldap-servers.i386: E: non-readable /etc/openldap/slapd.conf 0640
openldap-servers.i386: E: non-standard-uid /var/lib/ldap ldap
openldap-servers.i386: E: non-standard-gid /var/lib/ldap ldap
openldap-servers.i386: E: non-standard-dir-perm /var/lib/ldap 0700
openldap-servers.i386: E: non-standard-uid /var/run/openldap ldap
openldap-servers.i386: E: non-standard-gid /var/run/openldap ldap
openldap-servers.i386: W: spurious-bracket-in-%pre
openldap-servers.i386: W: dangerous-command-in-%pre chown
openldap-servers.i386: W: dangerous-command-in-%post rm
openldap-servers.i386: W: spurious-bracket-in-%preun
openldap-servers.i386: W: dangerous-command-in-%preun rm
openldap-servers.i386: W: no-reload-entry /etc/rc.d/init.d/ldap
openldap-servers.i386: W: incoherent-init-script-name ldap


-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]