[Bug 1200389] Review Request: caml-crush - a PKCS#11 filtering proxy
bugzilla at redhat.com
bugzilla at redhat.com
Wed Mar 25 12:08:59 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1200389
--- Comment #15 from Petr Pisar <ppisar at redhat.com> ---
Spec file changes:
--- caml-crush.spec.old 2015-03-19 16:44:03.000000000 +0100
+++ caml-crush.spec 2015-03-23 09:54:24.000000000 +0100
@@ -2,12 +2,16 @@
Name: caml-crush
Version: 1.0.4
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: PKCS#11 filtering proxy
-License: CeCILL + CeCILL-B + FSFUL
+
+# The pkcs11proxyd server is under CeCILL, while the rest of the libraries are
+# under CeCILL-B. The pkcs11 bindings contain code under GPLv2+ and the RSA
+# cryptoki license which we don't use.
+License: CeCILL and CeCILL-B and FSFUL
URL: https://github.com/ANSSI-FR/caml-crush
-Source0:
https://github.com/ANSSI-FR/caml-crush/archive/v%{version}.tar.gz
+Source0: v%{version}-hobbled.tar.gz
Source1: filter.conf
Source2: pkcs11proxyd.conf
Source3: pkcs11proxyd-softhsm.service
@@ -22,6 +26,7 @@
Patch3: caml-crush-better-msgs.patch
Patch4: caml-crush-honor-CFLAGS.patch
+Requires(pre): shadow-utils
BuildRequires: autoconf
BuildRequires: ocaml >= 4.00
BuildRequires: ocaml-findlib-devel
@@ -35,7 +40,7 @@
%package softhsm
-License: CeCILL + CeCILL-B
+License: CeCILL and CeCILL-B
Summary: Deployment of caml-crush with softhsm
BuildRequires: systemd
@@ -45,7 +50,6 @@
Requires: inotify-tools
Requires: util-linux
Requires: p11-kit
-Requires(pre): shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
@@ -61,10 +65,6 @@
%prep
%setup -q -n caml-crush-%{version}
-rm -f src/bindings-pkcs11/des.h
-rm -f src/bindings-pkcs11/pkcs11t.h
-rm -f src/bindings-pkcs11/pkcs11h.h
-cp /usr/include/p11-kit-1/p11-kit/pkcs11.h
src/bindings-pkcs11/original_pkcs11.h
%patch1 -p1 -b .libname
%patch2 -p1 -b .exit
@@ -121,6 +121,8 @@
install -p -m 644 %{SOURCE8}
%{buildroot}%{_sharedstatedir}/pkcs11proxyd/.config/pkcs11/
install -p -m 644 %{SOURCE9}
%{buildroot}%{_sharedstatedir}/pkcs11proxyd/.config/pkcs11/modules
+%global __provides_filter_from ^%{_libdir}/pkcs11/.*\\.so$
+
%files
%doc README.md ISSUES.md
%license LICENSE.txt
@@ -152,6 +154,9 @@
%changelog
+* Mon Mar 23 2015 Nikos Mavrogiannopoulos <nmav at redhat.com> - 1.0.4-4
+- do not include the RSA's headers and GPLv3 code to simplify licensing
+
* Wed Mar 18 2015 Nikos Mavrogiannopoulos <nmav at redhat.com> - 1.0.4-3
- utilize global CFLAGS - suggested by Petr Pisar
> FIX: The is invalid syntax. Use `and' instead of `+'
> <https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Multiple_Licensing_Scenarios>.
-License: CeCILL + CeCILL-B + FSFUL
+
+# The pkcs11proxyd server is under CeCILL, while the rest of the libraries are
+# under CeCILL-B. The pkcs11 bindings contain code under GPLv2+ and the RSA
+# cryptoki license which we don't use.
+License: CeCILL and CeCILL-B and FSFUL
[...]
-License: CeCILL + CeCILL-B
+License: CeCILL and CeCILL-B
Ok.
> FIX: Removing badly licensed files at build time does not remove them from
> source RPM package. Either repackage the source archive, or ask Fedora legal
> for help.
-Source0:
https://github.com/ANSSI-FR/caml-crush/archive/v%{version}.tar.gz
+Source0: v%{version}-hobbled.tar.gz
Some files were removed and original_pkcs11.h replaced.
FIX: There is still src/bindings-pkcs11/pkcs11f.h with the same RSA license.
The file is not used. Remove it from the archive too.
> FIX: The dependency should on the main package, not softhsm sub-package as
> this where the %pre section belongs to.
+Requires(pre): shadow-utils
[...]
%package softhsm
[...]
-Requires(pre): shadow-utils
Ok.
> FIX: So either it's a public library, or it's a private library. See
> <https://fedoraproject.org/wiki/Packaging:AutoProvidesAndRequiresFiltering#Private_Libraries>
> for the second case, and
> <https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#Beware_of_Rpath> for the first case.
+%global __provides_filter_from ^%{_libdir}/pkcs11/.*\\.so$
+
TODO: Move the macro definition right before %description section. It's the
common place where to write the filters.
$ rpm -q --provides -p ../RPMS/x86_64/caml-crush-1.0.4-4.fc23.x86_64.rpm |
sort -f | uniq -c
1 caml-crush = 1.0.4-4.fc23
1 caml-crush(x86-64) = 1.0.4-4.fc23
1 config(caml-crush) = 1.0.4-4.fc23
1 libp11client.so()(64bit)
$ rpm -q --provides -p
../RPMS/x86_64/caml-crush-softhsm-1.0.4-4.fc23.x86_64.rpm | sort -f | uniq -c
1 caml-crush-softhsm = 1.0.4-4.fc23
1 caml-crush-softhsm(x86-64) = 1.0.4-4.fc23
1 libp11clientsofthsm.so()(64bit)
FIX: Your change did not removed the provides. The correct macro is name is
`__provides_exclude_from'. See
<https://fedoraproject.org/wiki/Packaging:AutoProvidesAndRequiresFiltering#Preventing_files.2Fdirectories_from_being_scanned_for_deps_.28pre-scan_filtering.29>.
TODO: Please append the expression to possible current %__provides_exclude_from
value like this:
%global __provides_exclude_from
%{?__provides_exclude_from:%__provides_exclude_from|}^%{_libdir}/pkcs11/.*\\.so$
It could happen the the value had already been defined somewhere else (macro
files) and you could lose the old filter.
$ rpmlint caml-crush.spec ../SRPMS/caml-crush-1.0.4-4.fc23.src.rpm
../RPMS/x86_64/caml-crush-*
caml-crush.spec:29: W: mixed-use-of-spaces-and-tabs (spaces: line 3, tab: line
29)
caml-crush.spec: W: invalid-url Source0: v1.0.4-hobbled.tar.gz
caml-crush.src: W: strange-permission pkcs11proxyd-init 0755L
caml-crush.src:29: W: mixed-use-of-spaces-and-tabs (spaces: line 3, tab: line
29)
caml-crush.src: W: invalid-url Source0: v1.0.4-hobbled.tar.gz
caml-crush.x86_64: W: no-manual-page-for-binary pkcs11proxyd
caml-crush-softhsm.x86_64: W: no-documentation
caml-crush-softhsm.x86_64: W: non-standard-uid
/var/lib/pkcs11proxyd/softhsm.conf pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-gid
/var/lib/pkcs11proxyd/softhsm.conf pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-uid
/var/lib/pkcs11proxyd/.config/pkcs11 pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-gid
/var/lib/pkcs11proxyd/.config/pkcs11 pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-uid
/var/lib/pkcs11proxyd/.config/pkcs11/pkcs11.conf pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-gid
/var/lib/pkcs11proxyd/.config/pkcs11/pkcs11.conf pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-conffile-in-etc
/etc/pkcs11proxyd/filter-softhsm.conf
caml-crush-softhsm.x86_64: W: non-standard-uid
/var/lib/pkcs11proxyd/.config/pkcs11/modules/softhsm.module pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-gid
/var/lib/pkcs11proxyd/.config/pkcs11/modules/softhsm.module pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-uid /var/lib/pkcs11proxyd/.config
pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-gid /var/lib/pkcs11proxyd/.config
pkcs11proxyd
caml-crush-softhsm.x86_64: W: hidden-file-or-dir /var/lib/pkcs11proxyd/.config
caml-crush-softhsm.x86_64: W: hidden-file-or-dir /var/lib/pkcs11proxyd/.config
caml-crush-softhsm.x86_64: W: non-conffile-in-etc
/etc/pkcs11proxyd/pkcs11proxyd-softhsm.conf
caml-crush-softhsm.x86_64: W: non-standard-uid /var/lib/pkcs11proxyd
pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-gid /var/lib/pkcs11proxyd
pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-uid
/var/lib/pkcs11proxyd/.config/pkcs11/modules pkcs11proxyd
caml-crush-softhsm.x86_64: W: non-standard-gid
/var/lib/pkcs11proxyd/.config/pkcs11/modules pkcs11proxyd
caml-crush-softhsm.x86_64: W: no-manual-page-for-binary pkcs11proxyd-init
4 packages and 1 specfiles checked; 0 errors, 26 warnings.
TODO: normalize the white spaces.
Package builds in F23
(http://koji.fedoraproject.org/koji/taskinfo?taskID=9319781). Ok.
Please correct all `FIX' items, consider fixing `TODO' items and provide new
spec file.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
More information about the package-review
mailing list