[Bug 1310092] Review Request: cryptobone - Secure Communication Under Your Control
bugzilla at redhat.com
bugzilla at redhat.com
Thu Mar 17 02:54:12 UTC 2016
https://bugzilla.redhat.com/show_bug.cgi?id=1310092
--- Comment #17 from Richard Shaw <hobbes1069 at gmail.com> ---
(In reply to Ralf Senderek from comment #16)
>> (In reply to Richard Shaw from comment #14)
> > I'm assuming the sudogetuser in %post creates an interactive prompt?
> >
> > Unfortunately the guidelines strictly forbid interactive installs, it's one
> > of the biggest differences between Fedora/Redhat and Debian philosophies.
> >
>
> OK, I've made the whole installation process non-interactive now!
Ok, good. While I understand why you wanted it, I was worried about gui based
installs, I'm not even sure what would happen.
> >
> > Also, this is probably not compliant:
> >
> >
> > if ! systemctl is-active sshd > /dev/null ; then
> > systemctl enable sshd
> > fi
>
> I have added a line "Requires=sshd.service" to the cryptoboned.service file
> and removed the code above from the spec file.
OK.
> > Some other script feedback:
> >
> > Daemons are not allowed to be enabled on install unless they have been
> > approved to do so. You should be using the systemd macros which take care of
> > this for you:
>
> OK, I have resolved these issues by transferring the activation of my daemons
> to the source code (/usr/lib/cryptobone/sudogetuser). The spec file now has
> a %prosttrans section, which informs the user to run this script.
> This can be done any time, as long as the user has knowledge of the
> root password, to set the sudoers.d/cbcontrol file and to activate the
> deamon.
Ok, I may have to dig into this one a bit. There is actually a process to get
permission to be enabled by default, I believe it requires an FPC ticket but
really I don't for this kind of process that it's unreasonable to have them
read a little documentation so they know why they're getting into and enable
the daemon explicitly.
This is a pretty invasive package so I appreciate your patience with getting me
up to speed and making all the requisite changes.
I'll start on the full review as soon as I have a few moments.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
More information about the package-review
mailing list