[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468

Steve Grubb  changed:

   What|Removed |Added

 Status|ASSIGNED|CLOSED
 Resolution|--- |RAWHIDE
Last Closed||2018-02-16 14:04:01



--- Comment #22 from Steve Grubb  ---
fapolicyd-0.8.5-1 was built into rawhide. Thanks for the assistance.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #21 from Gwyn Ciesla  ---
(fedrepo-req-admin):  The Pagure repository was created at
https://src.fedoraproject.org/rpms/fapolicyd

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468

Marek Tamaskovic  changed:

   What|Removed |Added

  Flags|fedora-review?  |fedora-review+



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #20 from Steve Grubb  ---
It is using non-standard permissions because the people being watched should
not be able to see the actual policy to work out loop holes in the policy. The
group permission is so that the daemon can reread its config files on a SIGHUP
once that is supported.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468

Marek Tamaskovic  changed:

   What|Removed |Added

  Flags|fedora-review+  |fedora-review?



--- Comment #19 from Marek Tamaskovic  ---
One thing, why are you using some obscure file permissions?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468

Marek Tamaskovic  changed:

   What|Removed |Added

  Flags||fedora-review+



--- Comment #18 from Marek Tamaskovic  ---
Rpmlint
---
Checking: fapolicyd-0.8.5-1.x86_64.rpm
  fapolicyd-debuginfo-0.8.5-1.x86_64.rpm
  fapolicyd-debugsource-0.8.5-1.x86_64.rpm
  fapolicyd-0.8.5-1.src.rpm
fapolicyd.x86_64: W: spelling-error %description -l en_US whitelisting -> white
listing, white-listing, whitewashing
fapolicyd.x86_64: W: spelling-error %description -l en_US fanotify -> fa
notify, fa-notify, notify
fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd fapolicyd
fapolicyd.x86_64: E: non-standard-dir-perm /etc/fapolicyd 750
fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.mounts fapolicyd
fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.rules fapolicyd
fapolicyd.x86_64: W: log-files-without-logrotate
['/var/log/fapolicyd-access.log']
fapolicyd-debugsource.x86_64: W: no-documentation
fapolicyd.src: W: spelling-error %description -l en_US whitelisting -> white
listing, white-listing, whitewashing
fapolicyd.src: W: spelling-error %description -l en_US fanotify -> fa notify,
fa-notify, notify
4 packages and 0 specfiles checked; 1 errors, 9 warnings.



Now I am satisfied with spec file.
The build is passing so I think we are done here.

https://koji.fedoraproject.org/koji/taskinfo?taskID=25087975

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #17 from Daniel Kopeček  ---
(In reply to Steve Grubb from comment #16)
> The guidelines say we can use the variables as long as we are self
> consistent. There are no uses of %{buildroot}, so it is self consistent.

Consistent would be to use "%{optflags}" and "%{buildroot}". Or
"$RPM_OPT_FLAGS" and "$RPM_BUILD_ROOT". Macros or variables, not both. 

See the official guidelines:
https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#Using_.25.7Bbuildroot.7D_and_.25.7Boptflags.7D_vs_.24RPM_BUILD_ROOT_and_.24RPM_OPT_FLAGS

> However, its not worth discussing. I changed it and updated the FSF address.
> New spec file and SRPM are posted.

Thanks!

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #16 from Steve Grubb  ---
The guidelines say we can use the variables as long as we are self consistent.
There are no uses of %{buildroot}, so it is self consistent. However, its not
worth discussing. I changed it and updated the FSF address. New spec file and
SRPM are posted.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #15 from Daniel Kopeček  ---
(In reply to Steve Grubb from comment #14)
> >In %build section you are using macro style and in %install you are 
> > using variable style. Choose one.
> 
> To make sure we are looking at the same thing, this is what I see in the
> spec file:
> 
> %build
> %configure --with-audit
> make CFLAGS="%{optflags}" %{?_smp_mflags}
> 
> %install
> make DESTDIR="${RPM_BUILD_ROOT}" INSTALL='install -p' install

I think the point is to use "%{buildroot}" instead of "${RPM_BUILD_ROOT}" so
that macros are used everywhere instead of mixing them with usage of variables.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #14 from Steve Grubb  ---
>In %build section you are using macro style and in %install you are 
> using variable style. Choose one.

To make sure we are looking at the same thing, this is what I see in the spec
file:

%build
%configure --with-audit
make CFLAGS="%{optflags}" %{?_smp_mflags}

%install
make DESTDIR="${RPM_BUILD_ROOT}" INSTALL='install -p' install

There is no %{buildroot} anywhere. It only uses ${RPM_BUILD_ROOT}. Will check
on the fsf address. But if we can close the above issue, then I can do a respin
with updated fsf address.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468

Marek Tamaskovic  changed:

   What|Removed |Added

 Comment #13 is|1   |0
private||



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #12 from Steve Grubb  ---
(In reply to Marek Tamaskovic from comment #11)
> If the daemon is not required during boot or recovery it is supposed to go
> to /usr/sbin.[1]

This was already moved in last respin. :-) Is there something else wrong?

> And change RPM_BUILD_ROOT variable to macro `%{buildroot}`. It should be
> consistent. Don't mix macros and variables.

I'm not mixing styles. %{buildroot} is not used anywhere, and RPM_BUILD_ROOT is
used once. I prefer using RPM_BUILD_ROOT. The rule is about using both in the
same spec file.

So...are we done? I think everything has been fixed. :-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #11 from Marek Tamaskovic  ---
If the daemon is not required during boot or recovery it is supposed to go to
/usr/sbin.[1]

And change RPM_BUILD_ROOT variable to macro `%{buildroot}`. It should be
consistent. Don't mix macros and variables.


[1] - http://www.pathname.com/fhs/pub/fhs-2.3.html#SBINSYSTEMBINARIES

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #10 from Steve Grubb  ---
>Why are you using /sbin in configure? On your github you are working with 
>>/usr/sbin. Working with /sbin is not standard.

Its because /sbin is where daemons belong on most distributions. To fix this
means also changing the systemd.service file. And this spec file is exactly the
upstream spec file. Regardless, changed to /usr/sbin.

> And why are you using runtime arguments with %configure?

Because ./configure takes options like whether or not to use the audit library.

>Why are you ghosting the log file?

Because it doesn't always exist but if it does, then we want to claim ownership
when someonme runs rpm -qf /var/log/fapolicyd-access.log. This is normal for
log files.

New spec and SRPM posted.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #9 from Marek Tamaskovic  ---
And build is passing:
https://koji.fedoraproject.org/koji/taskinfo?taskID=25067209

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #8 from Marek Tamaskovic  ---
Created attachment 1396423
  --> https://bugzilla.redhat.com/attachment.cgi?id=1396423&action=edit
first review checklist

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #7 from Marek Tamaskovic  ---
Issues:
===
- Dist tag is present.
- Header files in -devel subpackage, if present.
  Note: fapolicyd-debugsource :
  /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/event.h fapolicyd-debugsource
  : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/file.h fapolicyd-
  debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/lru.h
  fapolicyd-debugsource :
  /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/message.h fapolicyd-
  debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/mounts.h
  fapolicyd-debugsource :
  /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/notify.h fapolicyd-
  debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/nv.h fapolicyd-
  debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/object-attr.h
  fapolicyd-debugsource :
  /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/object.h fapolicyd-
  debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/policy.h
  fapolicyd-debugsource :
  /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/process.h fapolicyd-
  debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/queue.h
  fapolicyd-debugsource :
  /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/rules.h fapolicyd-debugsource
  : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/subject-attr.h fapolicyd-
  debugsource : /usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/subject.h
  See: http://fedoraproject.org/wiki/Packaging/Guidelines#DevelPackages
- Sources used to build the package match the upstream source, as provided
  in the spec URL.
  Note: Upstream MD5sum check error, diff is in /home/mtamasko/Work/pkg-
  review/fapolicyd/review-fapolicyd/diff.txt
  See: http://fedoraproject.org/wiki/Packaging/SourceURL


Other issues:
=
[!]: %build honors applicable compiler flags or justifies otherwise.
 'rpm_build_macro is not applied'
[!]: Package consistently uses macros (instead of hard-coded directory names).
 'path /sbin is not a macro %{_sbindir}'
 'log path is not using macro %{_localstatedir}/log'

Rpmlint
---
Checking: fapolicyd-0.8.5-1.x86_64.rpm
  fapolicyd-debuginfo-0.8.5-1.x86_64.rpm
  fapolicyd-debugsource-0.8.5-1.x86_64.rpm
  fapolicyd-0.8.5-1.src.rpm
fapolicyd.x86_64: W: spelling-error %description -l en_US whitelisting -> white
listing, white-listing, whitewashing
fapolicyd.x86_64: W: spelling-error %description -l en_US fanotify -> fa
notify, fa-notify, notify
fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd fapolicyd
fapolicyd.x86_64: E: non-standard-dir-perm /etc/fapolicyd 750
fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.mounts fapolicyd
fapolicyd.x86_64: W: non-standard-gid /etc/fapolicyd/fapolicyd.rules fapolicyd
fapolicyd.x86_64: W: log-files-without-logrotate
['/var/log/fapolicyd-access.log']
fapolicyd-debugsource.x86_64: W: no-documentation
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/event.c
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/event.h
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/fapolicyd.c
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/file.c
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/file.h
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/lru.c
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/lru.h
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/message.c
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/message.h
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/mounts.c
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/mounts.h
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/notify.c
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/notify.h
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/nv.h
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/object-attr.c
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/object-attr.h
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/object.c
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/object.h
fapolicyd-debugsource.x86_64: E: incorrect-fsf-address
/usr/src/debug/fapolicyd-0.8.5-1.x86_64/src/

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #6 from Steve Grubb  ---
Ah! You are right. We are using libudev and it has been subsumed into systemd.
So, systemd-devel is appropriate. Fixed.

New spec and SRPM is posted.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #5 from Marek Tamaskovic  ---
I can't build that package without the systemd-devel

Checking for required libraries
checking for udev_device_get_devnode in -ludev... no
configure: error: libudev not found
error: Bad exit status from /var/tmp/rpm-tmp.f6JG6O (%build)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.f6JG6O (%build)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468

Steve Grubb  changed:

   What|Removed |Added

  Flags|needinfo?(sgr...@redhat.com |
   |)   |



--- Comment #4 from Steve Grubb  ---
(In reply to Marek Tamaskovic from comment #3)
> Missing: 'BuildRequires: systemd-devel'

I think we are good here. The report in Comment #1 was that the -devel needed
to go. I check the systemd guidelines and that appears true:

https://fedoraproject.org/wiki/Packaging:Systemd#Filesystem_locations

rpm -ql systemd-devel shows nothing useful unless you are building a C program
against libsystemd.


> BuildRequires - no multiple requires in one line. Every package should be on
> unique line.

I can't find this in the packaging guidelines. Packaging guidelines just say
all dependencies need to be stated.

https://fedoraproject.org/wiki/Packaging:Guidelines#Build-Time_Dependencies_.28BuildRequires.29


> In files use macros i.e. etc: %{_sysconfdir} == /etc

Fixed.

New spec and SRPM posted.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468

Marek Tamaskovic  changed:

   What|Removed |Added

 CC||sgr...@redhat.com
  Flags||needinfo?(sgr...@redhat.com
   ||)



--- Comment #3 from Marek Tamaskovic  ---
Missing: 'BuildRequires: systemd-devel'
BuildRequires - no multiple requires in one line. Every package should be on
unique line.
In files use macros i.e. etc: %{_sysconfdir} == /etc

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #2 from Steve Grubb  ---
Thanks for the review. New SRPM and spec file reposted.

(In reply to Robert-André Mauchin from comment #1)
> Hello,
> 
>  - Not used in Fedora anymore:
> 
> Group:
> 
> BuildRoot:
> 
> rm -rf $RPM_BUILD_ROOT
> 
> %defattr(-,root,root,-)

Removed


>  - Use the correct systemd macros:
> 
> %{?systemd_requires}
> BuildRequires: systemd

Removed -devel


>  - the license file must be included with %license, not %doc:
> 
> %files
> %doc README
> %license COPYING

Fixed

>  - These %attr(644,root,root) %attr(755,root,root) are not needed because
> they are already the default value.

I like explicit permissions in case the make file has an accident. There are a
number of executable man pages on Fedora. :-)


>  - COPYING contains GNU General Public License v3.0 but your license header
> contains GPLv2+. Please use GPLv3 or GPLv3+.

Doh! Fixed.


>  - Please follow
> https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation
> to add user and group.
>Add Requires(pre): shadow-utils

Fixed.

> %pre
> getent group GROUPNAME >/dev/null || groupadd -r GROUPNAME
> getent passwd USERNAME >/dev/null || \
> useradd -r -g GROUPNAME -d HOMEDIR -s /sbin/nologin \
> -c "Useful comment about the purpose of this account" USERNAME
> exit 0

I think the existing code should do the trick. The default behavior is to
create both user and group unless overridden. So, checking the user should
suffice for simple cases.

>  - In %files, for man pages, don't directly link to the gz extension but use
> a glob:
> 
> %{_mandir}/man8/fapolicyd.8.*
> %{_mandir}/man5/fapolicyd.rules.5.*
> 
> See https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages for
> rationale.

Fixed. I widened the glob as there will certainly be future man pages added.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468



--- Comment #1 from Robert-André Mauchin  ---
Hello,

 - Not used in Fedora anymore:

Group:

BuildRoot:

rm -rf $RPM_BUILD_ROOT

%defattr(-,root,root,-)

 - Use the correct systemd macros:

%{?systemd_requires}
BuildRequires: systemd

 - the license file must be included with %license, not %doc:

%files
%doc README
%license COPYING

 - These %attr(644,root,root) %attr(755,root,root) are not needed because they
are already the default value.

 - COPYING contains GNU General Public License v3.0 but your license header
contains GPLv2+. Please use GPLv3 or GPLv3+.

 - Please follow
https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation to
add user and group.
   Add Requires(pre): shadow-utils

%pre
getent group GROUPNAME >/dev/null || groupadd -r GROUPNAME
getent passwd USERNAME >/dev/null || \
useradd -r -g GROUPNAME -d HOMEDIR -s /sbin/nologin \
-c "Useful comment about the purpose of this account" USERNAME
exit 0

 - In %files, for man pages, don't directly link to the gz extension but use a
glob:

%{_mandir}/man8/fapolicyd.8.*
%{_mandir}/man5/fapolicyd.rules.5.*

See https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages for rationale.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1544468] Review Request: fapolicyd - Application Whitelisting Daemon

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1544468

Daniel Kopeček  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
 CC||dkope...@redhat.com
   Assignee|nob...@fedoraproject.org|mtama...@redhat.com



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org