[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Fedora Update System changed: What|Removed |Added Status|ON_QA |CLOSED Resolution|--- |ERRATA Last Closed||2021-06-09 03:06:34 --- Comment #7 from Fedora Update System --- FEDORA-2021-c52fab53a9 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Fedora Update System changed: What|Removed |Added Status|MODIFIED|ON_QA --- Comment #6 from Fedora Update System --- FEDORA-2021-c52fab53a9 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --advisory=FEDORA-2021-c52fab53a9 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-c52fab53a9 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Fedora Update System changed: What|Removed |Added Status|POST|MODIFIED --- Comment #5 from Fedora Update System --- FEDORA-2021-c52fab53a9 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-c52fab53a9 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 --- Comment #4 from Jens Petersen --- (fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/openiked -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Robert-André Mauchin 🐧 changed: What|Removed |Added Status|ASSIGNED|POST Flags|fedora-review? |fedora-review+ --- Comment #3 from Robert-André Mauchin 🐧 --- Package approved. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 --- Comment #2 from Henrik Boeving --- I addressed the things you mentioned and published a new version here: - SRPM: https://github.com/hargoniX/openiked-copr/releases/download/rv2/openiked-6.9.0-1.fc34.src.rpm - Spec: https://github.com/hargoniX/openiked-copr/blob/master/openiked.spec -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576
Robert-André Mauchin 🐧 changed:
What|Removed |Added
Status|NEW |ASSIGNED
CC||zebo...@gmail.com
Assignee|nob...@fedoraproject.org|zebo...@gmail.com
Doc Type|--- |If docs needed, set a value
Flags||fedora-review?
--- Comment #1 from Robert-André Mauchin 🐧 ---
- BuildArch: x86_64 aarch64
BuildArch is not for this, you should use ExclusiveArch:
ExclusiveArch: x86_64 aarch64
Also you should justify why you can't build on other arches.
- Splitting one BR per line is preferred:
BuildRequires: cmake
BuildRequires: libevent-devel
BuildRequires: openssl-devel
BuildRequires: byacc
BuildRequires: clang
BuildRequires: systemd-rpm-macros
- This is not necessary:
Requires: libevent openssl
It is automatically detected.
- You are trying to to build with Clang: by default gcc is the Fedora compiler
of choice. Only if you can't build with GCC you should use Clang. In that case,
use:
%global toolchain clang
so that the Fedora default build flags for Clang are set up.
Here since you haven't specified that, the build is performed with gcc. So you
should BR gcc instead of Clang.
- This is not required;
%systemd_requires
%{?sysusers_requires_compat}
- You also need the following scriptlet in %preun:
%preun
%systemd_preun openiked.service
- %attr(0755,root,root) and %attr(0644,root,root), should not be used, the
default values are enough. Only keep %attr(0600,root,root) and
%attr(0700,root,root) are they are specific.
%files
%license LICENSE
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/iked.conf
%{_sbindir}/iked
%{_sbindir}/ikectl
%{_mandir}/man5/iked.conf.5.gz
%{_mandir}/man8/ikectl.8.gz
%{_mandir}/man8/iked.8.gz
%{_unitdir}/openiked.service
%{_sysusersdir}/openiked.conf
%{_sysconfdir}/iked/ca
%{_sysconfdir}/iked/certs
%{_sysconfdir}/iked/crls
%{_sysconfdir}/iked/pubkeys/ipv4
%{_sysconfdir}/iked/pubkeys/ipv6
%{_sysconfdir}/iked/pubkeys/fqdn
%{_sysconfdir}/iked/pubkeys/ufqdn
%attr(0700,root,root) %{_sysconfdir}/iked/private
%{_libexecdir}/openiked/openiked-keygen
%{_unitdir}/openiked-keygen.service
%{_unitdir}/openiked-keygen.target
- You could probably simplify that:
%attr(0755,root,root) %{_sysconfdir}/iked/pubkeys/ipv4
%attr(0755,root,root) %{_sysconfdir}/iked/pubkeys/ipv6
%attr(0755,root,root) %{_sysconfdir}/iked/pubkeys/fqdn
%attr(0755,root,root) %{_sysconfdir}/iked/pubkeys/ufqdn
into
%{_sysconfdir}/iked/pubkeys
- Related to this, you do not own the following directories:
Note: No known owner of /etc/iked/pubkeys, /usr/libexec/openiked,
/etc/iked
If you do the change above, you'll just need to add:
%dir %{_sysconfdir}/iked/
%dir %{_libexecdir}/openiked/
Otherwise also add:
%dir %{_sysconfdir}/iked/pubkeys
- The extension for man pages should be globbed as the compression may change
in the future.
%{_mandir}/man5/iked.conf.5.*
%{_mandir}/man8/ikectl.8.*
%{_mandir}/man8/iked.8.*
- Do not mix $RPM_BUILD_ROOT and %{buildroot}, choose only one and stick to
it.
- Shouldn't that be 755:
install -p -D -m744 %{SOURCE4}
$RPM_BUILD_ROOT/%{_libexecdir}/openiked/openiked-keygen
- use install -p here too:
install -p -m644 %{SOURCE5} $RPM_BUILD_ROOT/%{_unitdir}/openiked-keygen.service
install -p -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/openiked-keygen.target
- You download the asc as Source1 but never check the signature. The signature
should be verified with OpenBSD signify utility but it is not packaged for
Fedora. You could maybe drop the asc from the source. If not, please note that
the asc must be uploaded to dit-git along with archive (fedpkg import will
detect it, or don't forget to upload it with fedpkg new-sources).
- You should write a Summary that describe what the package does, not simply
mentioning that it is a OpenBSD port.
Package Review
==
Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed
Issues:
===
- Package uses either %{buildroot} or $RPM_BUILD_ROOT
Note: Using both %{buildroot} and $RPM_BUILD_ROOT
See: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_macros
- systemd_post is invoked in %post, systemd_preun in %preun, and
systemd_postun in %postun for Systemd service files.
Note: Systemd service file(s) in openiked
See: https://docs.fedoraproject.org/en-US/packaging-
guidelines/Scriptlets/#_scriptlets
= MUST items =
C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: If your application is a C or C++ application you must list a
BuildRequires against gcc, gcc-c++ or clang.
[x]: Header files in -devel subpackage, if present.
[x]
[Bug 1964576] Review Request: openiked - Port of OpenBSD's OpenIKED to Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1964576 Henrik Boeving changed: What|Removed |Added Comment|0 |updated --- Comment #0 has been edited --- Spec URL: https://github.com/hargoniX/openiked-copr/blob/master/openiked.spec SRPM URL: https://github.com/hargoniX/openiked-copr/blob/master/openiked.spec Description: OpenIKED is a free, permissively licensed Internet Key Exchange (IKEv2) implementation, developed as part of the OpenBSD project. It is intended to be a lean, secure and interoperable daemon that allows for easy setup and management of IPsec VPNs. Fedora Account System Username: hargonix I have a little question as well, I tried to build the SRPM here https://koji.fedoraproject.org/koji/taskinfo?taskID=68718747 but the thing failed with: error: line 20: Unknown tag: %systemd_requires However according to these docs: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/ this tag should be known (and it builds locally for me as well) so I'm slightly confused as to whether this is a bug on my side or on the build system? Furthermore as you can see I am downloading the .asc signature from the OpenBSD FTP servers but I'm not qutie sure as to how to verify them, I saw in the OpenSSH package that it is verified using some GPG key but I didn't exactly get where that GPG key is coming from. The idea with the openiked-keygen service is taken over from the OpenSSH package. Large parts of the installation process are also taken from here: https://github.com/openiked/openiked-arch-linux which is made by the official maintainer of iked-portable. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
