[Bug 551765] New: Review Request: prosody - Flexible communications server for Jabber/XMPP
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
Summary: Review Request: prosody - Flexible communications server for Jabber/XMPP
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Summary: Review Request: prosody - Flexible communications server for Jabber/XMPP Product: Fedora Version: rawhide Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: Package Review AssignedTo: nobody@fedoraproject.org ReportedBy: johan@x-tnd.be QAContact: extras-qa@fedoraproject.org CC: notting@redhat.com, fedora-package-review@redhat.com Estimated Hours: 0.0 Classification: Fedora
Spec URL: http://odysseus.x-tnd.be/fedora/prosody/prosody.spec SRPM URL: http://odysseus.x-tnd.be/fedora/prosody/prosody-0.6.1-1.fc12.src.rpm Description: Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Johan Cwiklinski johan@x-tnd.be changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends on| |551763
--- Comment #1 from Johan Cwiklinski johan@x-tnd.be 2010-01-01 16:03:43 EDT --- rpmlint is not quiet for this package, but all warning should be safely ignored: $ rpmlint prosody-0.6.1-1.fc12.src.rpm prosody.src:40: W: configure-without-libdir-spec
This one should be ok since upstream does not use autotools but a specific configure script ; which does not provide any '--libdir' flag.
$ rpmlint prosody-0.6.1-1.fc12.x86_64.rpm prosody.x86_64: W: non-standard-uid /var/run/prosody prosody prosody.x86_64: W: non-standard-gid /var/run/prosody prosody prosody.x86_64: W: non-standard-uid /var/lib/prosody prosody prosody.x86_64: W: non-standard-gid /var/lib/prosody prosody prosody.x86_64: W: incoherent-subsys /etc/rc.d/init.d/prosody $prog
non-standard uid/gid are ok because the package creates it own user for the daemon to run. incoherent-subsys is due to the use of '$prog' in the initd file.
Package builds fine in mock.
Note that to use ssl possibilities, we need to have lua-sec which is not yet in the repositories (I've made a review request for this one also : https://bugzilla.redhat.com/show_bug.cgi?id=551763)
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #2 from Johan Cwiklinski johan@x-tnd.be 2010-05-01 18:14:06 EDT --- I've upgraded to the latest stable version (0.6.2): Spec URL: http://odysseus.x-tnd.be/fedora/prosody/prosody.spec SRPM URL: http://odysseus.x-tnd.be/fedora/prosody/prosody-0.6.2-1.fc13.src.rpm
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #3 from Johan Cwiklinski johan@x-tnd.be 2010-07-14 04:40:59 EDT --- I've upgraded to the latest stable version (0.7.0): Spec URL: http://odysseus.x-tnd.be/fedora/prosody/prosody.spec SRPM URL: http://odysseus.x-tnd.be/fedora/prosody/prosody-0.7.0-1.fc13.src.rpm
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Adam Goode adam@spicenitz.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |adam@spicenitz.org
--- Comment #4 from Adam Goode adam@spicenitz.org 2010-07-14 16:16:45 EDT --- I wonder if you should just go ahead without luasec and SSL support, and not block on luasec which has issues for Fedora.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #5 from Johan Cwiklinski johan@x-tnd.be 2010-07-14 18:44:03 EDT --- Indeed that should be a good solution.
Anyways, since nobody seems to be interested in reviewing prosody for now, luasec issue is not really a blocker :)
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Matthias Saou matthias@rpmforge.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |matthias@rpmforge.net
--- Comment #6 from Matthias Saou matthias@rpmforge.net 2010-09-09 10:42:58 EDT --- I've started testing this package because I wanted to set up a simple XMPP server. I ran into a fist issue when I tried this as root :
prosodyctl adduser username@mydomain
Apparently, that command drops privileges to the "prosody" user, which is good. But it tries to create /var/lib/prosody/mydomain/accounts/username.dat and all of its parent directories, but fails.
My first guess is that you should add an empty /var/lib/prosody owned by the "prosody" user to the package.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #7 from Matthias Saou matthias@rpmforge.net 2010-09-09 12:58:13 EDT --- The missing /var/lib/prosody might also be because I have /usr/com/prosody since I've tested on EL5 where _sharedstatedir probably evaluates to that. Maybe use %{_var}/lib/prosody instead? The programs are using the default of /var/lib/prosody anyway in all cases since --datadir= isn't passed to configure.
A second issue is that the included crt/key pair comes as-is from the "certs" directory of the source package. It will expire on October 17th 2010, in little over a month. It also eases man-in-the-middle attacks since the default certificate is identical on all servers. The best would be to generate a unique long-lasting key/crt pair upon package install, like the mod_ssl package does.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #8 from Johan Cwiklinski johan@x-tnd.be 2010-09-09 13:45:37 EDT --- (In reply to comment #6)
My first guess is that you should add an empty /var/lib/prosody owned by the "prosody" user to the package.
The package already ships that directory: $ rpm -ql prosody | grep /var /var/lib/prosody /var/run/prosody
(In reply to comment #7)
The missing /var/lib/prosody might also be because I have /usr/com/prosody since I've tested on EL5 where _sharedstatedir probably evaluates to that. Maybe use %{_var}/lib/prosody instead? The programs are using the default of /var/lib/prosody anyway in all cases since --datadir= isn't passed to configure.
I've not yet tested on EL-5 (Fedora 12 and 13 only for now), I'll try.
A second issue is that the included crt/key pair comes as-is from the "certs" directory of the source package. It will expire on October 17th 2010, in little over a month. It also eases man-in-the-middle attacks since the default certificate is identical on all servers. The best would be to generate a unique long-lasting key/crt pair upon package install, like the mod_ssl package does.
You are right, I will change the specfile so it will generate a ssl cert at install time.
Thank you :)
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #9 from Matthias Saou matthias@rpmforge.net 2010-09-09 16:38:22 EDT --- About the /var/lib/prosody : If you test on EL-5 you'll see what I mean. The macro you use creates and owns /usr/com/prosody there instead, so things fail. You'll also notice that _initddir doesn't exist, you might want to change to _sysconfdir/init.d or similar.
Another issue (I find them while moving forward) : The crt and key files are mode 644, which means that any user of the machine can get them. Bad. I suggest you include them as 600 which then requires them to be readable by the "prosody" user. You can either/also change /etc/prosody/certs to be mode 700, and/or /etc/prosody too. I'm unsure as if there is a strict policy about key and crt files, but another option would be to put them in /etc/pki/tls/{certs,private}/ with all the other files and make them mode 600 and owned by "prosody".
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #10 from Johan Cwiklinski johan@x-tnd.be 2010-09-11 01:04:03 EDT --- Ok, that iss in fact documented on Fedora's wiki: https://fedoraproject.org/wiki/Packaging:RPMMacros
« Differences in EPEL 4 & 5 %{_initddir} does not exist in EPEL 4 & 5, use the deprecated %{_initrddir} macro instead %{_sharedstatedir} expands to %{_prefix}/com in EPEL 4 & 5 »
No luck, I've throwed the two big differences between Fedora and EPEL in this SPEC :-D
I'm working on having it build properly under EL-5, and will take a look at the same time for the SSL certs generation. I'll search if a specific policy exists for such certificates, that is the first RPM I build that needs such certs.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #11 from Johan Cwiklinski johan@x-tnd.be 2010-09-11 03:37:12 EDT --- Ok, here is the new version (this one is only for Fedora, using recommended macros): Spec URL: http://odysseus.x-tnd.be/fedora/prosody/prosody.spec SRPM URL: http://odysseus.x-tnd.be/fedora/prosody/prosody-0.7.0-2.fc13.src.rpm
For EL-5: Spec URL: http://odysseus.x-tnd.be/fedora/prosody/EL-5/prosody.spec SRPM URL: http://odysseus.x-tnd.be/fedora/prosody/EL-5/prosody-0.7.0-2.src.rpm
Note that lua-expat (required by prosody) is not available on EPEL repositories. such as lua-socket (required by lua-sec).
Those two missing dependencies (rebuilt from F-13 SRPMs) and a build of lua-sec for EL-5 are available on: http://odysseus.x-tnd.be/fedora/prosody/EL-5/
I did not found any policy for SSL certificates, so I did it exactly the same way mod_ssl does (including permissions, certificate duration, etc.).
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #12 from Johan Cwiklinski johan@x-tnd.be 2010-12-11 06:18:21 EST --- A new version (fedora only for now) that fix a build issue on i686 systems: Spec URL: http://odysseus.x-tnd.be/fedora/prosody/prosody.spec SRPM URL: http://odysseus.x-tnd.be/fedora/prosody/prosody-0.7.0-3.fc14.src.rpm
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #13 from Johan Cwiklinski johan@x-tnd.be 2011-02-23 02:08:11 EST --- I no longer maintain any package in Fedora repositories ; what to do with thie review? Should it be closed?
Since I continue to use Prosody on my own server, I've made a new version of the specfile which take care of both Fedora and EL-5. If someone else is interested in packaging prosody, my actual specfile can be found here: https://bitbucket.org/trashy/rpm/src/c44f843cde0a/prosody/prosody.spec
The main issue for this package is still lua-sec (to add Prosody SSL support) I guess. That point was discussed in the relevant bz entry: https://bugzilla.redhat.com/show_bug.cgi?id=551763
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Toshio Ernie Kuratomi a.badger@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |a.badger@gmail.com
--- Comment #14 from Toshio Ernie Kuratomi a.badger@gmail.com 2011-02-23 13:51:00 EST --- Yeah, if someone doesn't want to take this up right away, it's better to close this -- the next person who wants to work on it can either reopen or file a new review request. hopefully they'll see your spec file and use it as a base to start from.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Bug 551765 depends on bug 551763, which changed state.
Bug 551763 Summary: Review Request: lua-sec - Lua binding for OpenSSL library https://bugzilla.redhat.com/show_bug.cgi?id=551763
What |Old Value |New Value ---------------------------------------------------------------------------- Resolution| |WONTFIX Status|NEW |CLOSED
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Johan Cwiklinski johan@x-tnd.be changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |WONTFIX Last Closed| |2011-02-23 14:25:46
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #15 from Adam Goode adam@spicenitz.org 2011-02-23 15:07:13 EST --- Please reopen if prosody can be built without lua-sec.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #16 from Matej Cepl mcepl@redhat.com 2011-02-24 06:10:40 EST --- (In reply to comment #15)
Please reopen if prosody can be built without lua-sec.
Wouldn't the Fedora way be porting it to the luasocket? (not that I would do it ;))
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #17 from Johan Cwiklinski johan@x-tnd.be 2011-02-24 10:23:57 EST --- As far as I know, Prosody can be compiled without lua-sec ; but as I personnaly was not interested in a jabber server without SSL support (I guess that SSL is the only thing lua-sec provides that lua-socket does not ; but I may be wrong, I do not know lua at all).
Anyways, I've never tried such a build.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #18 from Adam Goode adam@spicenitz.org 2011-03-06 14:40:34 EST --- Good news, maybe IPv6 is coming in luasocket?
http://code.google.com/p/lxmppd/issues/detail?id=68#c11
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #19 from Matej Cepl mcepl@redhat.com 2011-04-04 07:06:59 EDT --- Wouldn't it be worthy to keep prosody and lua-spec packages at least in http://repos.fedorapeople.org/ until the issue will be reconciled somehow?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Jan Kaluža jkaluza@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jkaluza@redhat.com
--- Comment #20 from Jan Kaluža jkaluza@redhat.com 2011-04-14 03:34:54 EDT --- Note that the problem with this review is more about lua-sec (that is about SSL support, which is more or less "must have" for Jabber server). IPV6 is another problem, but it doesn't make Prosody useless in practical usage.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #21 from Matej Cepl mcepl@redhat.com 2011-04-14 12:08:08 EDT --- (In reply to comment #19)
Wouldn't it be worthy to keep prosody and lua-spec packages at least in http://repos.fedorapeople.org/ until the issue will be reconciled somehow?
Just to note that the repository on http://repos.fedorapeople.org/repos/mcepl/prosody/ has been updated to prosody 0.8 (I am missing lua-dbi package, so still using old plain text only storage).
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Bug 551765 depends on bug 551763, which changed state.
Bug 551763 Summary: Review Request: lua-sec - Lua binding for OpenSSL library https://bugzilla.redhat.com/show_bug.cgi?id=551763
What |Old Value |New Value ---------------------------------------------------------------------------- Resolution|WONTFIX | Status|CLOSED |ASSIGNED
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #22 from Matěj Cepl mcepl@redhat.com 2012-03-06 17:07:32 EST --- Reporter, if you reopen this review, I would gladly make you review.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Johan Cwiklinski johan@x-tnd.be changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ASSIGNED Depends on| |707016 Resolution|WONTFIX | Keywords| |Reopened
--- Comment #23 from Johan Cwiklinski johan@x-tnd.be 2012-03-06 17:45:11 EST --- I've been recently working on an upgrade to use systemd on Fedora; but I'm not done yet (need some tests).
I also need to make some changes regarding the comments you've made on lua-sec review (__mkdir macros, lua requirement, and so on); I'll post a new specfile soon.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #24 from Matěj Cepl mcepl@redhat.com 2012-03-06 18:03:37 EST --- (In reply to comment #23)
I've been recently working on an upgrade to use systemd on Fedora; but I'm not done yet (need some tests).
Cool, but please keep sysvinit files as an alternative ... this is a server software, so it should be running on RHEL-6 (at least) as well.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
Johan Cwiklinski johan@x-tnd.be changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEW
--- Comment #25 from Johan Cwiklinski johan@x-tnd.be 2012-03-06 19:27:38 EST --- I've made a new version of the package:
Spec URL: http://odysseus.x-tnd.be/fedora/prosody/prosody.spec SRPM URL: http://odysseus.x-tnd.be/fedora/prosody/prosody-0.8.2-2.fc16.src.rpm
The main change is systemd integration for Fedora. It should also work on EL-6. Mock builds fine (tested on F-16/x86_64 and EL-6/X86_64).
rpmlint is still not clean : prosody.src:40: W: configure-without-libdir-spec
This one should be ok since upstream does not use autotools but a specific configure script ; which does not provide any '--libdir' flag.
prosody.x86_64: W: non-standard-uid /var/run/prosody prosody prosody.x86_64: W: non-standard-gid /var/run/prosody prosody prosody.x86_64: W: non-standard-uid /var/lib/prosody prosody prosody.x86_64: W: non-standard-gid /var/lib/prosody prosody prosody.x86_64: W: no-manual-page-for-binary prosody
non-standard uid/gid are ok because the package creates it own user for the daemon to run.
no-manual-page: well.. there is no manual page. I guess that is OK as well.
On EL only: prosody.x86_64: W: incoherent-subsys /etc/rc.d/init.d/prosody $prog
incoherent-subsys is due to the use of '$prog' in the initd file.
lua-expat and lua-socket are now available on EL-6 as well, so missing dependencies are now lua-sec (approved today - bz #551763) and lua-dbi (bz #707016).
package-review@lists.fedoraproject.org
-
Red Hat Bugzilla