Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: rssh - Restricted shell for use with OpenSSH, allowing only scp and/or sftp https://bugzilla.redhat.com/show_bug.cgi?id=456182 ------- Additional Comments From debarshi.ray@xxxxxxxxx 2008-07-23 23:44 EST ------- MUST Items: xx - rpmlint is unclean on RPM (can be ignored) + [rishi@ginger x86_64]$ rpmlint rssh-2.3.2-1.fc8.x86_64.rpm rssh.x86_64: E: setuid-binary /usr/libexec/rssh_chroot_helper root 04755 rssh.x86_64: E: non-standard-executable-perm /usr/libexec/rssh_chroot_helper 04755 [rishi@ginger x86_64]$ OK - follows Naming Guidelines OK - spec file is named as %{name}.spec OK - package does not meet Packaging Guidelines + To preserve timestamps you could consider using: make install INSTALL="%{__install} -p" DESTDIR=$RPM_BUILD_ROOT + https://fedoraproject.org/wiki/Packaging/Guidelines#Libexecdir suggests that files be put into package-specific subdirectories. Can this be done? OK - license meets Licensing Guidelines OK - License field meets actual license OK - upstream license file included in %doc OK - spec file uses American English OK - spec file is legible OK - sources match upstream sources OK - package builds successfully OK - ExcludeArch not needed OK - build dependencies correctly listed + It might be a good idea to add cvs, rdist and rsync to BuildRequires, because the configure script hard-codes their path to /usr/bin/cvs, /usr/bin/rdist, and /usr/bin/rsync, when they are absent. OK - no locales OK - no shared libraries OK - package is not relocatable OK - file and directory ownership OK - no duplicates in %file xx - file permissions set properly + The preferred attribute definition is: %defattr(-,root,root,-). If you use it, the %attr(755, root, root) and %attr(4755, root, root) become redundant. Since the example scripts will be retaining their executable bits, they can be turned off somewhere in the spec (maybe the %setup stanza). + The rssh(1) manual says: Additionally, create a group, for example "rsshuser", for rssh users. Put all your users who will be restricted by rssh in that group. Set the ownership and permissions on rssh and rssh_chroot_helper so that only those users can execute them. The following commands should illustrate: # groupadd rsshuser # chown root:rsshuser rssh rssh_chroot_helper # chmod 550 rssh # chmod 4550 rssh_chroot_helper Fedora's packaging guidelines for users and groups (https://fedoraproject.org/wiki/Packaging/UsersAndGroups) might then come into the picture. OK - %clean present OK - macros used consistently OK - contains code and permissable content OK - -doc is not needed OK - contents of %doc does not affect the runtime OK - no header files OK - no static libraries OK - no pkgconfig files OK - no library files OK - -devel is not needed OK - no libtool archives OK - %{name}.desktop file not needed OK - does not own files or directories owned by other packages OK - buildroot correctly prepped OK - all file names valid UTF-8 SHOULD Items: OK - upstream provides license text xx - no translations for description and summary OK - package builds in mock successfully OK - package builds on all supported architectures OK - package functions as expected OK - scriptlets are sane OK - subpackages are not needed OK - no pkgconfig files OK - no file dependencies -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review