[Bug 752223] Review Request: racoon2 - an implementation of key management system for IPsec

bugzilla at redhat.com bugzilla at redhat.com
Sat Jan 21 12:35:38 UTC 2012 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=752223

Pavel Simerda <pavlix at pavlix.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #532589|0                           |1
        is obsolete|                            |
 Attachment #532682|0                           |1
        is obsolete|                            |

--- Comment #39 from Pavel Simerda <pavlix at pavlix.net> 2012-01-21 07:35:36 EST ---
Created attachment 556688
  --> https://bugzilla.redhat.com/attachment.cgi?id=556688
SRPM release 12

The wiki pages about initscripts and systemd units packaging is rather
confusing. I decided to remove the sysvinit package because the wiki
recommendations simply don't work.

The current package is still intended for both Fedora and EPEL, tested on
Fedora, and this is accomplished by two simple conditionals. It can be split
into branches when it gets to Git if needed.

rpmlint output:

racoon2.i686: E: non-standard-dir-perm /etc/racoon2 0700L

/etc/racoon2 contains IPsec configuration. Administrator
can include keys in there and forget to set proper permissions.

Setting mode 700 is *not* necessary but it helps to prevent ordinary
users from accessing IPsec configuration.

Upstream protects individual files but we have the advantage
of knowing the diretory name.

Please see also Bug 753354, review request for Strongswan.

racoon2.i686: E: non-standard-dir-perm /var/run/racoon2 0700L

Setting mode 700 helps users prevent accessing runtime data of Racoon2.

racoon2.i686: W: dangerous-command-in-%post chmod

Running chmod is necessary to protect a key generated during %post.

Changes:

* Sun Jan 15 2012 Pavel Šimerda <pavlix at pavlix.net> - 20100526a-12
- Removed sysvinit subpackage
- Added conditionals to handle different init systems
- Changed initrd macro to initd
- Marked functions as config file

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list