Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
Summary: Review Request: mod_fcgid Product: Fedora Extras Version: devel Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: Package Review AssignedTo: bugzilla-sink@leemhuis.info ReportedBy: paul@city-fan.org QAContact: fedora-package-review@redhat.com
Spec URL: http://www.city-fan.org/~paul/extras/mod_fcgid/mod_fcgid.spec SRPM URL: http://www.city-fan.org/~paul/extras/mod_fcgid/mod_fcgid-1.09-8.fc5.src.rpm
Description:
mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi. mod_fcgid has a new process management strategy, which concentrates on reducing the number of fastcgi servers, and kicking out corrupt fastcgi servers as soon as possible.
This package contains a loadable SELinux policy module to support its operation when built on FC5 or later. Hopefully the review process for this package will help to find any SELinux-related issues, and also reveal if there are any issues with the SELinux-related scriptlets for systems using different policies, or even with SELinux disabled. The long-term plan is to submit this policy for inclusion in the SELinux reference policy and remove it from this package.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
mfleming+rpm@enlartenment.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|bugzilla-sink@leemhuis.info |mfleming+rpm@enlartenment.co | |m
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
mfleming+rpm@enlartenment.com changed:
What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|163776 |163778 nThis| |
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From mfleming+rpm@enlartenment.com 2006-06-18 01:57 EST -------
NEEDSWORK (but not much)
Review for release 8.fc5: * RPM name is OK * Source mod_fcgid.1.09.tar.gz is the same as upstream * Works OK (some of my scripts aren't ready for it though. :-)) * Builds OK in mock (Core 5, i386 and x86_64)
Needs work: * Spec file: some paths are not replaced with RPM macros (wiki: QAChecklist item 7)
Note from me: Your spec uses a lot of %{_rm} style expansions (rather than plain ol' whatever-"rm"-is-in-$PATH) so this may confuse rpmlint et. al. I personally don't have an issue with it as long as it's readable and consistent.
* The BuildRoot must be cleaned at the beginning of %install
Notes: * I got the following barf to console when removing the package via rpm -e (FC5, up-to-date targeted policy)
[root@pong mfleming]# rpm -e mod_fcgid /usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed. /usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed. libsepol.sepol_genbools_array: boolean allow_httpd_fastcgi_script_anon_write no longer in policy
I do like having the policy there, mind you. I should probably do something similar for mlmmj (which can be tricky with targeted policy out of the box)
* Would it be possible/useful to scrape the upstream documentation, primarily for the extra directives info?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From paul@city-fan.org 2006-06-18 05:21 EST ------- (In reply to comment #1)
NEEDSWORK (but not much)
Review for release 8.fc5:
- RPM name is OK
- Source mod_fcgid.1.09.tar.gz is the same as upstream
- Works OK (some of my scripts aren't ready for it though. :-))
- Builds OK in mock (Core 5, i386 and x86_64)
Needs work:
- Spec file: some paths are not replaced with RPM macros (wiki: QAChecklist item 7)
I think I've got this right; paths where this package installs things to are replaced by macros, whereas paths referring to files owned by different packages (e.g. selinux-policy) are hardcoded. This allows the person building the package to put things in different places by changing the macro definitions, which wouldn't work if directory macros were used for files owned by other packages.
Note from me: Your spec uses a lot of %{_rm} style expansions (rather than plain ol' whatever-"rm"-is-in-$PATH) so this may confuse rpmlint et. al. I personally don't have an issue with it as long as it's readable and consistent.
Good, as that's my preferred style that I use in all of my packages. rpmlint has no problems expanding the macros.
- The BuildRoot must be cleaned at the beginning of %install
It is: %install %{__rm} -rf %{buildroot}
Notes:
I got the following barf to console when removing the package via rpm -e (FC5, up-to-date targeted policy)
[root@pong mfleming]# rpm -e mod_fcgid /usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed. /usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed. libsepol.sepol_genbools_array: boolean allow_httpd_fastcgi_script_anon_write no longer in policy
I missed discarding the output of semodule in %postun; I'll fix that.
I do like having the policy there, mind you. I should probably do something similar for mlmmj (which can be tricky with targeted policy out of the box)
If you need any help with that, you'll get good advice over on fedora-selinux-list.
- Would it be possible/useful to scrape the upstream documentation, primarily for the extra directives info?
I've now included a copy of the "configuration" and "documentation" pages from the upstream website.
Updated packages (1.09-9) available here: http://www.city-fan.org/~paul/extras/mod_fcgid/
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From paul@city-fan.org 2006-07-04 06:33 EST ------- Package updated to -10: http://www.city-fan.org/~paul/extras/mod_fcgid/
I updated the SELinux policy module to allow httpd to read httpd_fastcgi_content_t content without having to set the httpd_builtin_scripting boolean.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From paul@city-fan.org 2006-07-04 09:50 EST ------- A new upstream version (1.10) has been released.
I have also updated the SELinux policy to allow httpd_fastcgi_script_t to read /etc/resolv.conf without having the httpd_can_network_connect boolean set.
Packages (1.10-1) available in usual place: http://www.city-fan.org/~paul/extras/mod_fcgid/
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From paul@city-fan.org 2006-07-05 07:21 EST ------- I have updated the SELinux policy again to allow FastCGI apps to do DNS lookups.
Packages (1.10-2) available in usual place: http://www.city-fan.org/~paul/extras/mod_fcgid/
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
mfleming+rpm@enlartenment.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE OtherBugsDependingO|163778 |163779 nThis| |
------- Additional Comments From mfleming+rpm@enlartenment.com 2006-07-20 05:08 EST ------- Sorry about the time taken to knock this one over, been ill or busy or both.
- All the items I'd previously pointed out are well and truly fixed - The SELinux module is EXTREMELY cool and much appreciated, a fair bit of consideration has gone into it. Anything that encourages people to better consider system security (in a sane and non-onerous manner) is a Good Thing.
Two thumbs up, APPROVED.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
paul@city-fan.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |NEW Keywords| |Reopened Resolution|NEXTRELEASE |
------- Additional Comments From paul@city-fan.org 2006-07-20 11:27 EST ------- Bug appears to have been closed by mistake.
I have some tweaks I need to make here, as the selinux-policy package has been split into selinux-policy and selinux-policy-devel in rawhide. I'll upload a version that builds on rawhide shortly.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
paul@city-fan.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From paul@city-fan.org 2006-07-21 05:09 EST ------- Update to package so that it builds in rawhide, where the /etc/httpd/build symlink has gone, and selinux-policy-devel is required.
Packages (1.10-3) available in usual place: http://www.city-fan.org/~paul/extras/mod_fcgid/
Could you just give this new package a try and re-approve, since this is what I'd be importing into CVS?
As a ametter of interest, which application(s) have you tried this with?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From paul@city-fan.org 2006-07-28 11:28 EST ------- Update to package, moving SELinux policy modules from /usr/share/selinux/packages/POLICYNAME to /usr/share/selinux/POLICYNAME now that the Core selinux-policy (in rawhide, should be updated in FC5 with the next update) no longer automatically tries to link all modules in this directory, and includes the correct directory ownership.
This package version also hardlinks the policy module packages together if they're identical, thius avoiding duplicate files.
Packages (1.10-4) available in usual place: http://www.city-fan.org/~paul/extras/mod_fcgid/
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From paul@city-fan.org 2006-07-29 05:23 EST ------- Another update. I've split the SELinux policy module off into a subpackage. This has the benefit for people not using SELinux that the main package has no dependency on selinux-policy, and installation time is reduced as there are no scriptlets to run.
Packages (1.10-5) available in usual place: http://www.city-fan.org/~paul/extras/mod_fcgid/
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From paul@city-fan.org 2006-08-29 11:56 EST ------- Another update. The recent FC5 selinux-policy package update has split out a separate selinux-policy-devel package, as per FC6. So the buildreqs are now the same for FC5 and FC6 onwards.
Packages (1.10-6) available in usual place: http://www.city-fan.org/~paul/extras/mod_fcgid/
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
------- Additional Comments From paul@city-fan.org 2006-09-06 09:05 EST ------- Given that this package was approved (Comment #6) earlier, I shall now import and build it.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195666
paul@city-fan.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE
------- Additional Comments From paul@city-fan.org 2006-09-06 10:25 EST ------- 16330 (mod_fcgid): Build on target fedora-development-extras succeeded. Build logs may be found at http://buildsys.fedoraproject.org/logs/fedora-development-extras/16330-mod_f...
owners.list updated, FE6 comps entry added, FE-5 branch request made
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: mod_fcgid
https://bugzilla.redhat.com/show_bug.cgi?id=195666
bugzilla@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |medium Priority|normal |medium Product|Fedora Extras |Fedora Version|devel |rawhide
package-review@lists.fedoraproject.org
-
Red Hat Bugzilla