[Bug 905024] Review Request: bind10 - The Berkeley Internet Name Domain 10 (BIND10) DNS and DHCP suite

bugzilla at redhat.com bugzilla at redhat.com
Fri Feb 8 16:09:43 UTC 2013 

Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=905024

--- Comment #2 from Adam Tkac <atkac at redhat.com> ---
(In reply to comment #1)
> ISSUES:
> -------
> 
> (1): Development (unversioned) .so files in -devel subpackage, if present.
>      Note: Unversioned so-files in private %_libdir subdirectory (see
>      attachment). Verify they are not in ld path. 
> 
> Unversioned so-files
> --------------------
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/log.so
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/util/cio/socketsession.so
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/libutil_io_python.so
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/pydnspp.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/acl/_dns.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/acl/acl.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/datasrc/datasrc.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/libexec/bind10/backends/memory_ds.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/libexec/bind10/backends/sqlite3_ds.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/libexec/bind10/backends/static_ds.so
> 
>      This is probably OK. Please correct me if I'm wrong.

Right, those libs shouldn't be versioned.

> (2): Fully versioned dependency in subpackages, if present.
>      Note: No Requires: %{name}t = %{version}-%{release} in %package
>      libs, %package devel
> 
>      Please add %{?_isa} macro in %package libs and %package devel Requires
>      sections.

This macro is needed only in -devel pkg because no other subpackage explicitly
requires bind10-libs.

> 
> (3): License file installed when any subpackage combination is installed.
> 
>      License is part of bind10-libs subpackage. But this subpackage is
>      not Required by the base package! I think you should add Requires:
>      %{name}-libs%{?_isa} = %{version}-%{release} into the base package.

Since binaries in the base package depends on libraries shipped in bind10-libs,
this dependency is automatically generated (for example b10-sockcreator from
bind10 depends on libb10-exceptions.so from bind10-libs).

> 
> (4): SourceX / PatchY prefixed with %{name}.
>      Note: Patch0 (0001-Rpath.patch)
> 
>      Please consider renaming this patch.

Renamed.

> (5): %check is present and all tests pass.
> 
>      %check section is NOT present and no tests are run. Please consider
> adding
>      %check section and run tests provided by upstream.

Tests require root privileges so it's not possible to run them during build.

> 
> (6): Large data in /usr/share should live in a noarch subpackage if package
> is
>      arched.
>      Note: Arch-ed rpms have a total of 1003520 bytes in /usr/share 901120
>      bind10-1.0.0-0.1.beta.fc17.x86_64.rpm 10240
>      bind10-libs-1.0.0-0.1.beta.fc17.x86_64.rpm 61440
>      bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm 30720
>      bind10-dhcp-1.0.0-0.1.beta.fc17.x86_64.rpm
> 
>      Please explain why data in /usr/share are not packed separately or
>      pack them in a separate subpackage.

>From my point of view ~1MB of documentation is not much so I'm not going to
create separate doc package for now.

> (7): RPMlint errors:
> 
>      bind10.x86_64: E: non-readable /etc/bind10/cmdctl-certfile.pem 0640L
>      bind10.x86_64: E: non-readable /etc/bind10/cmdctl-keyfile.pem 0640L
>      bind10.x86_64: E: non-standard-dir-perm /var/bind10 01775L
>      bind10.x86_64: E: non-readable /etc/bind10/cmdctl-accounts.csv 0640L
> 
>      This looks OK to me. Correct me if I'm wrong. Also please explain
>      the usage of sticky bit on /var/bind10.

Without the sticky bit on /var/bind10, bind10 cannot run under unprivileged
user. This might be a bug in bind10 but I'm not sure, yet. For now we can leave
/var/bind10 with sticky bit.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=1NLxb0GCPp&a=cc_unsubscribe

More information about the package-review mailing list