[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Fedora Update System changed: What|Removed |Added Status|ON_QA |CLOSED Resolution|--- |ERRATA Last Closed||2021-06-09 03:06:34 --- Comment #7 from Fedora Update System --- FEDORA-2021-c52fab53a9 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Fedora Update System changed: What|Removed |Added Status|MODIFIED|ON_QA --- Comment #6 from Fedora Update System --- FEDORA-2021-c52fab53a9 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --advisory=FEDORA-2021-c52fab53a9 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-c52fab53a9 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Fedora Update System changed: What|Removed |Added Status|POST|MODIFIED --- Comment #5 from Fedora Update System --- FEDORA-2021-c52fab53a9 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-c52fab53a9 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 --- Comment #4 from Jens Petersen --- (fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/openiked -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Robert-André Mauchin 🐧 changed: What|Removed |Added Status|ASSIGNED|POST Flags|fedora-review? |fedora-review+ --- Comment #3 from Robert-André Mauchin 🐧 --- Package approved. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 --- Comment #2 from Henrik Boeving --- I addressed the things you mentioned and published a new version here: - SRPM: https://github.com/hargoniX/openiked-copr/releases/download/rv2/openiked-6.9.0-1.fc34.src.rpm - Spec: https://github.com/hargoniX/openiked-copr/blob/master/openiked.spec -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Robert-André Mauchin 🐧 changed: What|Removed |Added Status|NEW |ASSIGNED CC||zebo...@gmail.com Assignee|nob...@fedoraproject.org|zebo...@gmail.com Doc Type|--- |If docs needed, set a value Flags||fedora-review? --- Comment #1 from Robert-André Mauchin 🐧 --- - BuildArch: x86_64 aarch64 BuildArch is not for this, you should use ExclusiveArch: ExclusiveArch: x86_64 aarch64 Also you should justify why you can't build on other arches. - Splitting one BR per line is preferred: BuildRequires: cmake BuildRequires: libevent-devel BuildRequires: openssl-devel BuildRequires: byacc BuildRequires: clang BuildRequires: systemd-rpm-macros - This is not necessary: Requires: libevent openssl It is automatically detected. - You are trying to to build with Clang: by default gcc is the Fedora compiler of choice. Only if you can't build with GCC you should use Clang. In that case, use: %global toolchain clang so that the Fedora default build flags for Clang are set up. Here since you haven't specified that, the build is performed with gcc. So you should BR gcc instead of Clang. - This is not required; %systemd_requires %{?sysusers_requires_compat} - You also need the following scriptlet in %preun: %preun %systemd_preun openiked.service - %attr(0755,root,root) and %attr(0644,root,root), should not be used, the default values are enough. Only keep %attr(0600,root,root) and %attr(0700,root,root) are they are specific. %files %license LICENSE %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/iked.conf %{_sbindir}/iked %{_sbindir}/ikectl %{_mandir}/man5/iked.conf.5.gz %{_mandir}/man8/ikectl.8.gz %{_mandir}/man8/iked.8.gz %{_unitdir}/openiked.service %{_sysusersdir}/openiked.conf %{_sysconfdir}/iked/ca %{_sysconfdir}/iked/certs %{_sysconfdir}/iked/crls %{_sysconfdir}/iked/pubkeys/ipv4 %{_sysconfdir}/iked/pubkeys/ipv6 %{_sysconfdir}/iked/pubkeys/fqdn %{_sysconfdir}/iked/pubkeys/ufqdn %attr(0700,root,root) %{_sysconfdir}/iked/private %{_libexecdir}/openiked/openiked-keygen %{_unitdir}/openiked-keygen.service %{_unitdir}/openiked-keygen.target - You could probably simplify that: %attr(0755,root,root) %{_sysconfdir}/iked/pubkeys/ipv4 %attr(0755,root,root) %{_sysconfdir}/iked/pubkeys/ipv6 %attr(0755,root,root) %{_sysconfdir}/iked/pubkeys/fqdn %attr(0755,root,root) %{_sysconfdir}/iked/pubkeys/ufqdn into %{_sysconfdir}/iked/pubkeys - Related to this, you do not own the following directories: Note: No known owner of /etc/iked/pubkeys, /usr/libexec/openiked, /etc/iked If you do the change above, you'll just need to add: %dir %{_sysconfdir}/iked/ %dir %{_libexecdir}/openiked/ Otherwise also add: %dir %{_sysconfdir}/iked/pubkeys - The extension for man pages should be globbed as the compression may change in the future. %{_mandir}/man5/iked.conf.5.* %{_mandir}/man8/ikectl.8.* %{_mandir}/man8/iked.8.* - Do not mix $RPM_BUILD_ROOT and %{buildroot}, choose only one and stick to it. - Shouldn't that be 755: install -p -D -m744 %{SOURCE4} $RPM_BUILD_ROOT/%{_libexecdir}/openiked/openiked-keygen - use install -p here too: install -p -m644 %{SOURCE5} $RPM_BUILD_ROOT/%{_unitdir}/openiked-keygen.service install -p -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/openiked-keygen.target - You download the asc as Source1 but never check the signature. The signature should be verified with OpenBSD signify utility but it is not packaged for Fedora. You could maybe drop the asc from the source. If not, please note that the asc must be uploaded to dit-git along with archive (fedpkg import will detect it, or don't forget to upload it with fedpkg new-sources). - You should write a Summary that describe what the package does, not simply mentioning that it is a OpenBSD port. Package Review == Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: === - Package uses either %{buildroot} or $RPM_BUILD_ROOT Note: Using both %{buildroot} and $RPM_BUILD_ROOT See: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_macros - systemd_post is invoked in %post, systemd_preun in %preun, and systemd_postun in %postun for Systemd service files. Note: Systemd service file(s) in openiked See: https://docs.fedoraproject.org/en-US/packaging- guidelines/Scriptlets/#_scriptlets = MUST items = C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Henrik Boeving changed: What|Removed |Added Comment|0 |updated --- Comment #0 has been edited --- Spec URL: https://github.com/hargoniX/openiked-copr/blob/master/openiked.spec SRPM URL: https://github.com/hargoniX/openiked-copr/blob/master/openiked.spec Description: OpenIKED is a free, permissively licensed Internet Key Exchange (IKEv2) implementation, developed as part of the OpenBSD project. It is intended to be a lean, secure and interoperable daemon that allows for easy setup and management of IPsec VPNs. Fedora Account System Username: hargonix I have a little question as well, I tried to build the SRPM here https://koji.fedoraproject.org/koji/taskinfo?taskID=68718747 but the thing failed with: error: line 20: Unknown tag: %systemd_requires However according to these docs: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/ this tag should be known (and it builds locally for me as well) so I'm slightly confused as to whether this is a bug on my side or on the build system? Furthermore as you can see I am downloading the .asc signature from the OpenBSD FTP servers but I'm not qutie sure as to how to verify them, I saw in the OpenSSH package that it is verified using some GPG key but I didn't exactly get where that GPG key is coming from. The idea with the openiked-keygen service is taken over from the OpenSSH package. Large parts of the installation process are also taken from here: https://github.com/openiked/openiked-arch-linux which is made by the official maintainer of iked-portable. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure