[Bug 905024] Review Request: bind10 - The Berkeley Internet Name Domain 10 (BIND10) DNS and DHCP suite
bugzilla at redhat.com
bugzilla at redhat.com
Fri Feb 8 16:09:43 UTC 2013
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=905024
--- Comment #2 from Adam Tkac <atkac at redhat.com> ---
(In reply to comment #1)
> ISSUES:
> -------
>
> (1): Development (unversioned) .so files in -devel subpackage, if present.
> Note: Unversioned so-files in private %_libdir subdirectory (see
> attachment). Verify they are not in ld path.
>
> Unversioned so-files
> --------------------
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/log.so
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/util/cio/socketsession.so
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/libutil_io_python.so
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/pydnspp.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/acl/_dns.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/acl/acl.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/lib64/python3.2/site-packages/isc/datasrc/datasrc.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/libexec/bind10/backends/memory_ds.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/libexec/bind10/backends/sqlite3_ds.so
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm:
> /usr/libexec/bind10/backends/static_ds.so
>
> This is probably OK. Please correct me if I'm wrong.
Right, those libs shouldn't be versioned.
> (2): Fully versioned dependency in subpackages, if present.
> Note: No Requires: %{name}t = %{version}-%{release} in %package
> libs, %package devel
>
> Please add %{?_isa} macro in %package libs and %package devel Requires
> sections.
This macro is needed only in -devel pkg because no other subpackage explicitly
requires bind10-libs.
>
> (3): License file installed when any subpackage combination is installed.
>
> License is part of bind10-libs subpackage. But this subpackage is
> not Required by the base package! I think you should add Requires:
> %{name}-libs%{?_isa} = %{version}-%{release} into the base package.
Since binaries in the base package depends on libraries shipped in bind10-libs,
this dependency is automatically generated (for example b10-sockcreator from
bind10 depends on libb10-exceptions.so from bind10-libs).
>
> (4): SourceX / PatchY prefixed with %{name}.
> Note: Patch0 (0001-Rpath.patch)
>
> Please consider renaming this patch.
Renamed.
> (5): %check is present and all tests pass.
>
> %check section is NOT present and no tests are run. Please consider
> adding
> %check section and run tests provided by upstream.
Tests require root privileges so it's not possible to run them during build.
>
> (6): Large data in /usr/share should live in a noarch subpackage if package
> is
> arched.
> Note: Arch-ed rpms have a total of 1003520 bytes in /usr/share 901120
> bind10-1.0.0-0.1.beta.fc17.x86_64.rpm 10240
> bind10-libs-1.0.0-0.1.beta.fc17.x86_64.rpm 61440
> bind10-dns-1.0.0-0.1.beta.fc17.x86_64.rpm 30720
> bind10-dhcp-1.0.0-0.1.beta.fc17.x86_64.rpm
>
> Please explain why data in /usr/share are not packed separately or
> pack them in a separate subpackage.
>From my point of view ~1MB of documentation is not much so I'm not going to
create separate doc package for now.
> (7): RPMlint errors:
>
> bind10.x86_64: E: non-readable /etc/bind10/cmdctl-certfile.pem 0640L
> bind10.x86_64: E: non-readable /etc/bind10/cmdctl-keyfile.pem 0640L
> bind10.x86_64: E: non-standard-dir-perm /var/bind10 01775L
> bind10.x86_64: E: non-readable /etc/bind10/cmdctl-accounts.csv 0640L
>
> This looks OK to me. Correct me if I'm wrong. Also please explain
> the usage of sticky bit on /var/bind10.
Without the sticky bit on /var/bind10, bind10 cannot run under unprivileged
user. This might be a bug in bind10 but I'm not sure, yet. For now we can leave
/var/bind10 with sticky bit.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=1NLxb0GCPp&a=cc_unsubscribe
More information about the package-review
mailing list