Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
Summary: Review Request: lua-sec - Lua binding for OpenSSL library
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Summary: Review Request: lua-sec - Lua binding for OpenSSL library Product: Fedora Version: rawhide Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: Package Review AssignedTo: nobody@fedoraproject.org ReportedBy: johan@x-tnd.be QAContact: extras-qa@fedoraproject.org CC: notting@redhat.com, fedora-package-review@redhat.com Estimated Hours: 0.0 Classification: Fedora
Spec URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec.spec SRPM URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec-0.4-1.fc12.src.rpm Description: Lua binding for OpenSSL library to provide TLS/SSL communication. It takes an already established TCP connection and creates a secure session between the peers.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #1 from Johan Cwiklinski johan@x-tnd.be 2010-01-01 15:51:26 EDT --- rpmlint is clean for all produced packages. SRPM builds fine in mock.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Johan Cwiklinski johan@x-tnd.be changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |551765
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Adam Goode adam@spicenitz.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |adam@spicenitz.org AssignedTo|nobody@fedoraproject.org |adam@spicenitz.org Flag| |fedora-review?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #2 from Adam Goode adam@spicenitz.org 2010-02-16 10:35:33 EST --- There seems to be a lot of duplicate code from luasocket here. Do you think it is possible to figure out if some of it can be removed (since luasec depends on luasocket anyway), or at least figure out how much code is duplicated? I mention this because of this:
http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #3 from Johan Cwiklinski johan@x-tnd.be 2010-02-16 15:15:04 EST --- I really do no know, I'll take a look at that. I did not pay attention code should be duplicated here :)
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #4 from Johan Cwiklinski johan@x-tnd.be 2010-02-20 10:08:01 EST --- Looks like file embedded from luasocket are from an older version, but the one in the repositories should be used I guess.
Problem is that luasocket doe not provide any -devel packages including .h files luasec should require. What can I do? Do I have to open a bug against luasocket for it to provide a -devel package?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #5 from Adam Goode adam@spicenitz.org 2010-02-23 01:25:29 EST --- Hmm. I think the correct thing to do is to get the necessary changes merged back into luasocket. I am not sure how easy it would be to get a new release of luasocket with these changes, there hasn't been a release in a while. Also, I am not sure how safe it would be for luasec to require "socket.core", because that would really tie luasec to the internals of the C interfaces. (It would probably be ok.)
It looks like only a tiny amount of changes would be necessary. io.h, socket.h, usocket.c?
Possibly it would make sense to merge luasocket and luasec together into one package at some point. luasocket is lacking IPv6, and this would require a new luasocket, so maybe it could just include luasec all together.
Practially speaking, if we want to move forward with luasec and prosody in Fedora soon, probably we should try to get a FESCO exemption for luasec's duplicate code from luasocket and then get a new luasocket/luasec released upstream that fixes these problems. Then IPv6 can be next.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Jan Kaluža jkaluza@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jkaluza@redhat.com
--- Comment #6 from Jan Kaluža jkaluza@redhat.com 2010-08-06 04:32:17 EDT --- Hi Johan, what's the current state, please? I would like to see Prosody in Fedora. If you haven't tried so far, I can contact luasocket author to find out his opinion of possible merge with luasec.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Adam Goode adam@spicenitz.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |504493
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #7 from Adam Goode adam@spicenitz.org 2010-08-10 14:40:20 EDT --- I think luasocket is pretty much completed, the upstream considers it finished, if I remember. Another big issue here is IPv6 support, which luasocket does not support and I don't think ever really will.
I commented on the prosody bugtracker on the IPv6 bug: http://code.google.com/p/lxmppd/issues/detail?id=68#c6
I think that nixio is the way forward, since it takes care of IPv6 and SSL all in one.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Thom Carlin bugzilla.acct@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bugzilla.acct@gmail.com Flag| |needinfo?(adam@spicenitz.or | |g)
--- Comment #8 from Thom Carlin bugzilla.acct@gmail.com 2011-02-18 18:11:43 EST --- Adam, any updates on this?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Adam Goode adam@spicenitz.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag|needinfo?(adam@spicenitz.or | |g) |
--- Comment #9 from Adam Goode adam@spicenitz.org 2011-02-20 13:30:17 EST --- There have been no changes: IPv6 is still not supported, and luasec is still a fork of luasocket. I consider both of these blockers for this review.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Thom Carlin bugzilla.acct@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag| |needinfo?(johan@x-tnd.be)
--- Comment #10 from Thom Carlin bugzilla.acct@gmail.com 2011-02-22 12:53:25 EST --- Johan, how do you feel about nixio vs. lua-sec?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #11 from Adam Goode adam@spicenitz.org 2011-02-22 23:14:34 EST --- The main reason for this package is to run prosody. You probably want to convince prosody upstream to use nixio instead of luasocket and luasec. Otherwise, there isn't much point to packaging nixio.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Johan Cwiklinski johan@x-tnd.be changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag|needinfo?(johan@x-tnd.be) |
--- Comment #12 from Johan Cwiklinski johan@x-tnd.be 2011-02-23 01:52:03 EST --- Since I've opened that review request, I've stopped to maintain packages in Fedora repositories. I do not really know what to do with this request, should it be closed?
Anyways, Adam is right, the only reason for me to make a package such as lua-sec was to run the Prosody jabber (see https://bugzilla.redhat.com/show_bug.cgi?id=551765) server over SSL.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Toshio Ernie Kuratomi a.badger@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |a.badger@gmail.com
--- Comment #13 from Toshio Ernie Kuratomi a.badger@gmail.com 2011-02-23 13:51:21 EST --- Does anybody want to take over this package submission? (Adam?) If not we should probably close it and if someone wants to take it up in the future, they can either reopen this request or start a new one.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #14 from Adam Goode adam@spicenitz.org 2011-02-23 14:10:57 EST --- No, this package is a dead end as it stands.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #15 from Thom Carlin bugzilla.acct@gmail.com 2011-02-23 14:18:06 EST --- What about Prosody?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Johan Cwiklinski johan@x-tnd.be changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |WONTFIX Last Closed| |2011-02-23 14:25:16
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #16 from Adam Goode adam@spicenitz.org 2011-02-23 15:06:40 EST --- I love prosody and use it myself. If it can be built without lua-sec, then it should go into Fedora. Lack of IPv6 support is unfortunate, but not a total showshopper in my opinion. lua-sec being a fork of luasocket is.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #17 from Matej Cepl mcepl@redhat.com 2011-05-23 12:48:24 EDT --- Just (In reply to comment #15)
What about Prosody?
just to note bug 551765 comment 21.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Adam Goode adam@spicenitz.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag|fedora-review? |
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #18 from Jan Kaluža jkaluza@redhat.com 2012-03-02 01:40:17 EST --- According to the last Fesco meeting forks are allowed and if I understand it well, it should be possible to review lua-sec now (If I'm not right, please correct me):
At the 2012-02-27 meeting we agreed to forks are allowed provided they do not conflict or interfere with other packages. FPC may add additional guidelines to forks as they see fit
-- https://fedorahosted.org/fesco/ticket/810
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Matěj Cepl mcepl@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ASSIGNED Resolution|WONTFIX | AssignedTo|adam@spicenitz.org |mcepl@redhat.com Flag| |fedora-review? Keywords| |Reopened
--- Comment #19 from Matěj Cepl mcepl@redhat.com 2012-03-02 08:01:06 EST --- In view of comment 18, reopening this bug and taking over the review.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #20 from Matěj Cepl mcepl@redhat.com 2012-03-02 09:46:51 EST --- Legend: + = PASSED, - = FAILED, 0 = Not Applicable
+ MUST: rpmlint must be run on every package. The output should be posted in the review
$ rpmlint -i *.rpm 3 packages and 0 specfiles checked; 0 errors, 0 warnings. $
+ MUST: package named according to the Package Naming Guidelines changed from luasec to lua-sec to follow https://fedoraproject.org/wiki/PackagingDrafts/Lua + MUST: The spec file name must match the base package %{name} - MUST: The package must meet the Packaging Guidelines . Per above mentioned Lua Packaging Guidelines spec file should contain
%if 0%{?fedora} >= 16 || 0%{?rhel} >= 7 Requires: lua(abi) = %{luaver} %else Requires: lua >= %{luaver} %endif
+ MUST: The package licensed with a Fedora approved license and meets the Licensing Guidelines + MUST: The License field in the package spec file matches the actual license MIT + MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. LICENSE is included. + MUST: The spec file must be written in American English. + MUST: The spec file for the package MUST be legible. + MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task MD5: 712158d60207bdbb6215fc7e07d8db24 + MUST: The package successfully compiles and builds into binary rpms on at least one primary architecture - build in koji, no problems 0 MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch + MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines Builds in koji (http://koji.fedoraproject.org/koji/taskinfo?taskID=3846510) 0 MUST: The spec file handles locales properly. This is done by using the %find_lang macro No locales are present. 0 MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. No libraries provided. + MUST: Packages must NOT bundle copies of system libraries 0 MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker - MUST: Package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory
Missing explicit requirement of lua package (which owns %{luapkgdir} used by package).
+ MUST: Package must not list a file more than once in the spec file's %files listings + MUST: Each package must have a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). + MUST: Each package must consistently use macros + MUST: The package must contain code, or permissible content 0 MUST: Large documentation files must go in a -doc subpackage + MUST: If a package includes something as %doc, it must not affect the runtime of the application 0 MUST: Header files must be in a -devel package 0 MUST: Static libraries must be in a -static package 0 MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig' 0 MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package 0 MUST: devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release} + MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built 0 MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section + MUST: Packages must not own files or directories already owned by other packages - MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) + MUST: All filenames in rpm packages must be valid UTF-8
Just a nitpicks: - please fix lua requirement as shown above.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #21 from Johan Cwiklinski johan@x-tnd.be 2012-03-06 15:05:48 EST --- I've upgraded the package to latest upstream release (0.4.1).
I'm unsure about lua requirement, since lua-sec requires lua-socket, wich one should take care of lua requirement; anyways, I've added the requirement to the new specfile version.
Spec URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec.spec SRPM URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec-0.4.1-1.fc16.trashy.src.rpm
Package builds fine in mock; rpmlint is clean.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Matěj Cepl mcepl@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag|fedora-review? |fedora-review+
--- Comment #22 from Matěj Cepl mcepl@redhat.com 2012-03-06 17:05:57 EST --- (In reply to comment #21)
I'm unsure about lua requirement, since lua-sec requires lua-socket, wich one should take care of lua requirement; anyways, I've added the requirement to the new specfile version.
It is not only requirements, but also packages are required to require packages which provide directories they use.
Spec URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec.spec SRPM URL: http://odysseus.x-tnd.be/fedora/lua-sec/lua-sec-0.4.1-1.fc16.trashy.src.rpm
Package builds fine in mock; rpmlint is clean.
Builds in koji as well http://koji.fedoraproject.org/koji/taskinfo?taskID=3860851
APPROVED!
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #23 from Matěj Cepl mcepl@redhat.com 2012-03-06 17:24:03 EST --- One more thing, please remove %{__mkdir} macros from
%{__mkdir} -p $RPM_BUILD_ROOT%{luapkgdir} %{__mkdir} -p $RPM_BUILD_ROOT%{lualibdir}
It is a bad mannerism and use of these macros is strongly discouraged by the Packaging guidelines.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Johan Cwiklinski johan@x-tnd.be changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag| |fedora-cvs?
--- Comment #24 from Johan Cwiklinski johan@x-tnd.be 2012-03-06 17:37:52 EST --- New Package SCM Request ======================= Package Name: lua-sec Short Description: Lua binding for OpenSSL library Owners: trasher Branches: f15 f16 el6 InitialCC: trasher
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #25 from Johan Cwiklinski johan@x-tnd.be 2012-03-06 17:38:44 EST --- (In reply to comment #23)
One more thing, please remove %{__mkdir} macros from [...]
OK, I'll fix that. Thank you for the review :)
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #26 from Jon Ciesla limburgher@gmail.com 2012-03-06 21:13:32 EST --- Git done (by process-git-requests).
Added f17.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |MODIFIED
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #27 from Fedora Update System updates@fedoraproject.org 2012-03-08 12:15:10 EST --- lua-sec-0.4.1-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/lua-sec-0.4.1-2.fc17
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #28 from Fedora Update System updates@fedoraproject.org 2012-03-08 12:15:22 EST --- lua-sec-0.4.1-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/lua-sec-0.4.1-2.fc15
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #29 from Fedora Update System updates@fedoraproject.org 2012-03-08 12:15:33 EST --- lua-sec-0.4.1-2.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/lua-sec-0.4.1-2.el6
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
--- Comment #30 from Fedora Update System updates@fedoraproject.org 2012-03-08 12:16:05 EST --- lua-sec-0.4.1-2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/lua-sec-0.4.1-2.fc16
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551763
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #31 from Fedora Update System updates@fedoraproject.org 2012-03-08 20:07:13 EST --- lua-sec-0.4.1-2.fc17 has been pushed to the Fedora 17 testing repository.
package-review@lists.fedoraproject.org