Re: OpenPKG Packaging guidelines

2004-07-29 Thread Ruud Koendering 
On Thursday 29 July 2004 12:17, Bill Campbell wrote:
 On Mon, Jul 26, 2004, Simon Mudd wrote:
 Hello all,
 
 Are there any packaging guidelines for building RPM packages?  Not how
 to build the rpm, but how to make a freshly installed package
 behave.
 
 The reason that I ask is that I've been looking at the OpenPKG Postfix
 RPM and notice that, as installed, it will NEVER work correctly,
 something contrary to how the author expects his software to be
 installed[1].
 
 Specifically:
 
 - the provided main.cf configuration file only allows connections from
   and to address 127.0.0.1 effectively disabling all non-local network
   activity.[2]

 This is intentional, for the same reason that SuSE and others have their
 default configurations listening only on localhost, to prevent the clueless
 from accidentally opening services that may be abused or exploited from the
 outside world.

 - the provided main.cf configuration file specifically sets various
   dummy configuration values which are WRONG (in the sense that if not
   changed they will generate errors). mydomain and myhostname are
   examples.

 Again this is intentional.  One could change the example.com to the base
 domain name, and the myhostname to the output of the ``hostname'' command,
 but this can cause problems using ``hostname'' as that varies amongst *nix
 systems (e.g. SuSE = 8.0 returns the short hostname, not the FQDN).  One
 could do something automatic using a perl script with ``use Net::Domain;''
 to handle things like this or use the coreutils ``ghostname'' to do the
 same thing.

 ...

 For experienced users seeing what to change is not a problem, but it
 seems that this is not helpful for users new to the software.

 Letting totally inexperienced users do things they don't understand with
 programs that can be abused and exploited from the Internet may not be a
 very Good Idea(tm).  Granted that the postfix default configuration is
 pretty tight, the overall philosophy is to require people to think a little
 before opening services to the world.

 Microsoft's philosophy of making things easy to use for the clueless has
 worked very well don't you think?  It's responsible for the vast majority
 of spam and network abuse that plagues the Internet today.

 Not providing the package's own documentation (although man pages are
 included) is unhelpful.

 I tend to agree with that for many packages, but I don't think that's the
 case isth postfix as it has full man pages, and the examples are well
 commented.

 ...

 I'd like to help address the specific Postfix issues I've seen (which
 should be trivial), but want to make sure that I'm not overlooking
 something.

 Postfix is one of the OpenPKG packages that I modify before using, mostly
 because I've added a ``/bin/rpm'' package, openpkg-postfix'', to the
 postfix package that installs when ``/bin/rpm'' is found that ``Obsoletes:
 postfix'' and ``Provides: smtp_daemon''.  This works around a problems on
 SuSE systems which will automatically reinstall their postfix if it's
 removed because other SuSE RPMS require the ``smtp_daemon''.

 Bill
 --
 INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
 UUCP:   camco!bill  PO Box 820; 6641 E. Mercer Way
 FAX:(206) 232-9186  Mercer Island, WA 98040-0820; (206)
 236-1676 URL: http://www.celestial.com/

 The cry has been that when war is declared, all opposition should
 therefore be hushed.  A sentiment more unworthy of a free country could
 hardly be propagated.  If the doctrine be admitted, rulers have only to
 declare war and they are screened at once from scrutiny ...  In war,
 then, as in peace, assert the freedom of speech and of the press.
 Cling to this as the bulwark of all our rights and privileges.
   -- William Ellery Channing
 __
 The OpenPKG Projectwww.openpkg.org
 User Communication List  [EMAIL PROTECTED]

 
 Deze e-mail is door E-mail VirusScanner van Planet Internet gecontroleerd
 op virussen. Op http://www.planet.nl/evs staat een verwijzing naar de
 actuele lijst waar op wordt gecontroleerd.


That is funny, I unsubscribed yesterday with receiving:

From:  [EMAIL PROTECTED]

Your approval mail has been received and been processed sucessfully.

d'omt want to receive any e-mail anymore help please


Deze e-mail is door E-mail VirusScanner van Planet Internet gecontroleerd op 
virussen.
Op http://www.planet.nl/evs staat een verwijzing naar de actuele lijst waar op 
wordt gecontroleerd.
-- 
Vriendelijke groeten / Kind regards,

Ruud Koendering
Sr. Programme / Project Manager

De Wickelaan 11
2265 DG  Leidschendam
Netherlands / Nederland
__
Tel/Phone: +31(0)70 3271506
Mob/Mob:    +31(0)6 4137 2381

Re: OpenPKG Packaging guidelines

2004-07-29 Thread Simon Mudd 
Hi Bill,

Bill Campbell [EMAIL PROTECTED] writes:

 On Mon, Jul 26, 2004, Simon Mudd wrote:
 Hello all,
 
 Are there any packaging guidelines for building RPM packages?  Not how
 to build the rpm, but how to make a freshly installed package
 behave.
 
 The reason that I ask is that I've been looking at the OpenPKG Postfix
 RPM and notice that, as installed, it will NEVER work correctly,
 something contrary to how the author expects his software to be
 installed[1].
 
 Specifically:
 
 - the provided main.cf configuration file only allows connections from
   and to address 127.0.0.1 effectively disabling all non-local network
   activity.[2]
 
 This is intentional, for the same reason that SuSE and others have their
 default configurations listening only on localhost, to prevent the clueless
 from accidentally opening services that may be abused or exploited from the
 outside world.

That decision certainly is understandable. The OpenPKG RPMs seem to be
well built, but I could not see any explicit reference to policies and
certainly it is frustrating if this sort of thing is not explicitly
stated.

Other distributions are the same (or worse) so this is not a criticism
of OpenPKG, more a request for clarification, which often in the long
term helps everyone a lot.

 - the provided main.cf configuration file specifically sets various
   dummy configuration values which are WRONG (in the sense that if not
   changed they will generate errors). mydomain and myhostname are
   examples.
 
 Again this is intentional.  One could change the example.com to the base
 domain name, and the myhostname to the output of the ``hostname'' command,
 but this can cause problems using ``hostname'' as that varies amongst *nix
 systems (e.g. SuSE = 8.0 returns the short hostname, not the FQDN).  One
 could do something automatic using a perl script with ``use Net::Domain;''
 to handle things like this or use the coreutils ``ghostname'' to do the
 same thing.

Again the question was more a clarification.  I think the choice to
explicitly configure the server to use a domain.com domain is not
terribly helpful, but do understand that if the hostname output is not
FQ then this will cause other issues.

 ...
 For experienced users seeing what to change is not a problem, but it
 seems that this is not helpful for users new to the software.
 
 Letting totally inexperienced users do things they don't understand with
 programs that can be abused and exploited from the Internet may not be a
 very Good Idea(tm).  Granted that the postfix default configuration is
 pretty tight, the overall philosophy is to require people to think a little
 before opening services to the world.

Perhaps but I doubt an OpenPKG user is going to be typical. My
guess is that the majority of interest is probably going to come from
organisations which use multiple OSes or versions of one OS.  The
average RPM user will be happy with yum or up2date, and the average
Debian user with apt.  My interest is for using the same RPM versions
on RedHat 7.x, RedHat 9.x, different flavours of Solaris and (maybe if
it works AIX 5).

[snip]
 Not providing the package's own documentation (although man pages are
 included) is unhelpful.
 
 I tend to agree with that for many packages, but I don't think that's the
 case isth postfix as it has full man pages, and the examples are well
 commented.

Examples and HOWTOs are always useful. Leaving them out is IMO a
shame.

[...] 
 Postfix is one of the OpenPKG packages that I modify before using, mostly
 because I've added a ``/bin/rpm'' package, openpkg-postfix'', to the
 postfix package that installs when ``/bin/rpm'' is found that ``Obsoletes:
 postfix'' and ``Provides: smtp_daemon''.  This works around a problems on
 SuSE systems which will automatically reinstall their postfix if it's
 removed because other SuSE RPMS require the ``smtp_daemon''.

Yes, I can see certain packages fulfilling a system role and
requiring something which tells the underlying OS that it is
there. A dummy rpm for RPM distributions /etc/mail/mailer.conf for
FreeBSD and their equivalents for other OSes/packages.

Thanks for the comments.

Regards,

Simon
__
The OpenPKG Projectwww.openpkg.org
User Communication List  [EMAIL PROTECTED]