[Bug 1310092] Review Request: cryptobone - Secure Communication Under Your Control

bugzilla at redhat.com bugzilla at redhat.com
Thu Mar 17 02:54:12 UTC 2016 

https://bugzilla.redhat.com/show_bug.cgi?id=1310092



--- Comment #17 from Richard Shaw <hobbes1069 at gmail.com> ---
(In reply to Ralf Senderek from comment #16)
>> (In reply to Richard Shaw from comment #14)
> > I'm assuming the sudogetuser in %post creates an interactive prompt?
> > 
> > Unfortunately the guidelines strictly forbid interactive installs, it's one
> > of the biggest differences between Fedora/Redhat and Debian philosophies. 
> > 
> 
> OK, I've made the whole installation process non-interactive now!

Ok, good. While I understand why you wanted it, I was worried about gui based
installs, I'm not even sure what would happen.


> > 
> > Also, this is probably not compliant:
> > 
> > 
> >      if ! systemctl is-active sshd > /dev/null ; then
> >           systemctl enable sshd 
> >      fi
> 
> I have added a line "Requires=sshd.service" to the cryptoboned.service file
> and removed the code above from the spec file.

OK.


> > Some other script feedback:
> > 
> > Daemons are not allowed to be enabled on install unless they have been
> > approved to do so. You should be using the systemd macros which take care of
> > this for you:
> 
> OK, I have resolved these issues by transferring the activation of my daemons
> to the source code (/usr/lib/cryptobone/sudogetuser). The spec file now has
> a %prosttrans section, which informs the user to run this script.
> This can be done any time, as long as the user has knowledge of the 
> root password, to set the sudoers.d/cbcontrol file and to activate the
> deamon.

Ok, I may have to dig into this one a bit. There is actually a process to get
permission to be enabled by default, I believe it requires an FPC ticket but
really I don't for this kind of process that it's unreasonable to have them
read a little documentation so they know why they're getting into and enable
the daemon explicitly.

This is a pretty invasive package so I appreciate your patience with getting me
up to speed and making all the requisite changes.

I'll start on the full review as soon as I have a few moments.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component

More information about the package-review mailing list