On Mon, 1 Feb 2010 13:38:13 -0500 Toshio Kuratomi a.badger@gmail.com wrote:
On Fri, Jan 22, 2010 at 12:13:06PM -0500, Jarod Wilson wrote:
On Fri, Jan 22, 2010 at 12:10 PM, Jarod Wilson jarod@wilsonet.com wrote:
I have no idea if it actually requires them to be alongside the executables, but hopefully the link will help.
It doesn't. Also, ugh. I'm the one who actually reviewed hmaccalc to get included in Red Hat Enterprise Linux 5 (a separate review from the Fedora one), and pointed out this same problem, and it was done properly for RHEL5:
$ rpm -ql hmaccalc /usr/bin/sha1hmac /usr/bin/sha256hmac /usr/bin/sha384hmac /usr/bin/sha512hmac /usr/lib64/hmaccalc /usr/lib64/hmaccalc/sha1hmac.hmac /usr/lib64/hmaccalc/sha256hmac.hmac /usr/lib64/hmaccalc/sha384hmac.hmac /usr/lib64/hmaccalc/sha512hmac.hmac /usr/share/doc/hmaccalc-0.9.6 /usr/share/doc/hmaccalc-0.9.6/LICENSE /usr/share/doc/hmaccalc-0.9.6/README /usr/share/man/man8/sha1hmac.8.gz /usr/share/man/man8/sha256hmac.8.gz /usr/share/man/man8/sha384hmac.8.gz /usr/share/man/man8/sha512hmac.8.gz
It should be simple enough to just update the Fedora packages with the changes in RHEL5 and we can all go eat cake. But first, I'm going to go play some pickup soccer...
Oh. Wait. Crap. We're talking about packages other than hmaccalc itself that do integrity checks. But I do agree with Ralf here, the checksum files don't belong in /usr/bin/, and there's no standard-based need for them to be there.
So few things that need doing here:
- The present packages need to be fixecd. Sounds like fipscheck,
hmaccalc, and openssh. They are violating the FHS which is prohibited by the Guidelines. Ralf, have you opened bugs?
I see:
openssl-0:1.0.0-0.20.beta5.fc13.i686 openssh-clients-0:5.3p1-21.fc13.x86_64 fipscheck-0:1.2.0-4.fc13.x86_64 libgcrypt-0:1.4.5-1.fc13.x86_64 fipscheck-lib-0:1.2.0-4.fc13.i686 openswan-0:2.6.24-1.fc13.x86_64 openssh-server-0:5.3p1-21.fc13.x86_64 fipscheck-lib-0:1.2.0-4.fc13.x86_64 openssl-0:1.0.0-0.20.beta5.fc13.x86_64 libgcrypt-0:1.4.5-1.fc13.i686 hmaccalc-0:0.9.12-1.fc13.x86_64
in rawhide that have *.hmac* files.
kevin