[Bug 537587] Review Request: dspam - bayesian filtering daemon, client, library and web ui
bugzilla at redhat.com
bugzilla at redhat.com
Fri Jan 8 16:53:34 UTC 2010
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=537587
--- Comment #43 from Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> 2010-01-08 11:53:31 EDT ---
For -0.14:
* -n specification
- For example "%package -n dspam-libs" can simply be
"%package libs" (and the latter form is commonly used).
Another example is that "%post -n dspam-libs -p /sbin/ldconfig"
can simply be "%post libs -p /sbin/ldconfig".
* Directory ownership issue
- This time the following directories are not owned by any packages:
---------------------------------------------------------------------
/usr/share/dspam/sql-scripts
---------------------------------------------------------------------
* Timestamp
http://fedoraproject.org/wiki/Packaging:Guidelines#Timestamps
- When using "cp" or "install" commands, add "-p" option to keep
timestamps on installed files.
* Again owner/group/permission
(In reply to comment #41)
> I've checked and the odd permissions on /var/lib/dspam in necessary for
> security purposes.
>
> The dspam binary is setgid on purpose. It isn't strictly necessary in *all*
> ways it can be configured, however the most common ways use that. I'll get more
> clarification as to what it does setgid vs non setgid methods of operation. We
> use it on our production servers in that mode.
- To be clear, what I am said is that currently the group
of /usr/bin/dspam is root and I guess this is wrong when this binary
has setgid, because with this setgid/group executing /usr/bin/dspam
is always done with root group.
build.log says:
---------------------------------------------------------------------
826 if test x"nobody" != xnone; then \
827 chown "nobody"
/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam; \
828 fi
829 chown: changing ownership of
`/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam': Operation
not permitted
831 if test x"mail" != xnone; then \
832 chgrp "mail"
/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam; \
833 fi
834 chgrp: changing group of
`/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam': Operation
not permitted
---------------------------------------------------------------------
So I guess /usr/bin/dspam should have %attr(2511,nobody,mail).
Would you again check permission/owner/group of all files/directories?
! Note
- Also, for binaries/directories which have some special
permission/group/owner,
you should write these permission/group/owner with explicit %attr
directive in the spec file like
---------------------------------------------------------------------
%files
...
%attr(0770,root,%{dspam_group}) %dir %{dspam_logdir}/
%attr(0770,root,%{dspam_group}) %dir %{dspam_homedir}/
%attr(%{dspam_mode},%{dspam_user},%{dspam_group}) %dir %{_var}/run/dspam
...
...
%{_bindir}/css*
%attr(%{dspam_mode},%{dspam_user},%{dspam_group}) %{_bindir}/dspam
%{_bindir}/dspam[-_c]*
...
---------------------------------------------------------------------
(i.e. if the permission/group/owner is not (0755,root,root) (for directory/
executable files) or (0644,root,root) (normal files), you must use
%attr explicitly in the spec file)
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the package-review
mailing list