Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=537587
--- Comment #43 from Mamoru Tasaka mtasaka@ioa.s.u-tokyo.ac.jp 2010-01-08 11:53:31 EDT --- For -0.14:
* -n specification - For example "%package -n dspam-libs" can simply be "%package libs" (and the latter form is commonly used).
Another example is that "%post -n dspam-libs -p /sbin/ldconfig" can simply be "%post libs -p /sbin/ldconfig".
* Directory ownership issue - This time the following directories are not owned by any packages: --------------------------------------------------------------------- /usr/share/dspam/sql-scripts ---------------------------------------------------------------------
* Timestamp http://fedoraproject.org/wiki/Packaging:Guidelines#Timestamps - When using "cp" or "install" commands, add "-p" option to keep timestamps on installed files.
* Again owner/group/permission (In reply to comment #41)
I've checked and the odd permissions on /var/lib/dspam in necessary for security purposes.
The dspam binary is setgid on purpose. It isn't strictly necessary in *all* ways it can be configured, however the most common ways use that. I'll get more clarification as to what it does setgid vs non setgid methods of operation. We use it on our production servers in that mode.
- To be clear, what I am said is that currently the group of /usr/bin/dspam is root and I guess this is wrong when this binary has setgid, because with this setgid/group executing /usr/bin/dspam is always done with root group.
build.log says: --------------------------------------------------------------------- 826 if test x"nobody" != xnone; then \ 827 chown "nobody" /builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam; \ 828 fi 829 chown: changing ownership of `/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam': Operation not permitted 831 if test x"mail" != xnone; then \ 832 chgrp "mail" /builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam; \ 833 fi 834 chgrp: changing group of `/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam': Operation not permitted --------------------------------------------------------------------- So I guess /usr/bin/dspam should have %attr(2511,nobody,mail). Would you again check permission/owner/group of all files/directories?
! Note - Also, for binaries/directories which have some special permission/group/owner, you should write these permission/group/owner with explicit %attr directive in the spec file like --------------------------------------------------------------------- %files ... %attr(0770,root,%{dspam_group}) %dir %{dspam_logdir}/ %attr(0770,root,%{dspam_group}) %dir %{dspam_homedir}/ %attr(%{dspam_mode},%{dspam_user},%{dspam_group}) %dir %{_var}/run/dspam ... ... %{_bindir}/css* %attr(%{dspam_mode},%{dspam_user},%{dspam_group}) %{_bindir}/dspam %{_bindir}/dspam[-_c]* ... --------------------------------------------------------------------- (i.e. if the permission/group/owner is not (0755,root,root) (for directory/ executable files) or (0644,root,root) (normal files), you must use %attr explicitly in the spec file)