[Bug 593125] Review Request: gridsite - Grid Security for the Web, Web platforms for Grids

bugzilla at redhat.com bugzilla at redhat.com
Wed May 19 11:56:16 UTC 2010 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=593125

--- Comment #1 from Mattias Ellert <mattias.ellert at fysast.uu.se> 2010-05-19 07:56:12 EDT ---
Fedora review - gridsite - 2010-05-19

rpmlint output:

$ rpmlint 587812741769102067396616/result/gridsite/*.rpm
gridsite.src: W: spelling-error %description -l en_US apache -> Apache, apace
gridsite.src: W: spelling-error %description -l en_US httpd -> HTTP
gridsite.x86_64: W: spelling-error %description -l en_US apache -> Apache,
apace
gridsite.x86_64: W: spelling-error %description -l en_US httpd -> HTTP
gridsite.x86_64: W: hidden-file-or-dir /var/lib/gridsite/.gacl
gridsite-gsexec.x86_64: W: spelling-error Summary(en_US) Setuid -> Setup,
Setting, Settled
gridsite-gsexec.x86_64: W: spelling-error %description -l en_US setuid ->
setup, setting, settled
gridsite-gsexec.x86_64: E: setuid-binary /usr/sbin/gsexec root 04510
gridsite-gsexec.x86_64: E: non-standard-executable-perm /usr/sbin/gsexec 04510
gridsite-gsexec.x86_64: E: non-standard-executable-perm /usr/sbin/gsexec 04510
gridsite-libs.x86_64: W: spelling-error %description -l en_US runtime -> run
time, run-time, untimely
7 packages and 0 specfiles checked; 3 errors, 8 warnings.

Since the whole point of the gsexec binary is to be able to switch
users, the fact that it has the setuid bit set is not an error.

+ Package named according to guidelines
+ Specfile named after package
+ The specified license "ASL 2.0" is a Fedora approved License

? The following files are indeed distributed under the Apache-2.0 license:

  - src/gsexec.c
  - src/gsexec.h
  - src/mod_gridsite.c (partly)
  - src/mod_ssl-private.h (partly)

  However, the rest of the files seems to be distributed under BSD.

+ LICENSE file is included as %doc
+ Spec file is written in legible English
+ Source matches upstream:

$ cksum gridsite-1.5.18.src.tar.gz srpm/gridsite-1.5.18.src.tar.gz 
891063198 213822 gridsite-1.5.18.src.tar.gz
891063198 213822 srpm/gridsite-1.5.18.src.tar.gz

+ Package builds in mock (Fedora 12)
+ BuildRequires are sane
+ ldconfig called appropriately
+ No bundled system libraries
+ Package owns the directories it creates
+ No duplicate files

+ Permissions are sane, and %files have %defattr
  There is one setuid binary, but it is put in a separate rpm so that
  only those who need it hve to install it.

? Specfile uses macros more or less consistently, however
  - it uses both %{_var}/lib/%{name} and %{_var}/lib/gridsite
  - it uses both %{_var}/lib and %{_sharedstatedir}

? Should the doxygen documentation be split off into a separate doc
  subpackage?

+ %doc is not runtime essential
+ headers and .so symlink are in -devel subpackage
+ -devel requires -libs with fully qualified version
+ No .la files
+ Package does not own other's directories
+ Installed filenames are valid UTF8

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list