[Bug 452901] Review Request: ocspd - OpenCA OCSP Daemon

bugzilla at redhat.com bugzilla at redhat.com
Wed Jul 2 14:32:20 UTC 2008 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: ocspd - OpenCA OCSP Daemon


https://bugzilla.redhat.com/show_bug.cgi?id=452901





------- Additional Comments From pm at datasphere.ch  2008-07-02 10:32 EST -------
New version: 1.5.1-0.1.rc1
Spec file at: http://www.etude-riondel.ch/pm/ocspd.spec
SRPM at: http://www.etude-riondel.ch/pm/ocspd-1.5.1-0.1.rc1.fc8.src.rpm
_ Full URL in Source:.
_ No more vendor:.
_ No openssl version requirement.
_ No openssl install-time requirement.
_ RPM_BUILD_ROOT tests for cleaning removed.
_ Directory %{_sysconfdir}/ocspd now owned by the package.
_ %{_initrddir} used where possible.
_ %defattr completed.
_ init.d script reworked in a more fedora-styled way.

But:
* Yes, %{_sysconfdir}/ocspd/ocspd.conf is listed twice, as well as
%{_sysconfdir}/ocspd/private. I did not find another "clean" way to do it,
sinces these two items need specialized attributes/ownership. Even using a file
list, I do not see a better "readable" way to own %{_sysconfdir}/ocspd and
package theses two special subitems without listing them twice. 

This version "mock"ed successfully on fedora-devel-i386

rpmlint says:
$ rpmlint SPECS/ocspd.spec 
0 packages and 1 specfiles checked; 0 errors, 0 warnings.
$ rpmlint SRPMS/ocspd-1.5.1-0.1.rc1.fc8.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
$ rpmlint RPMS/i386/ocspd-debuginfo-1.5.1-0.1.rc1.fc8.i386.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
$ rpmlint RPMS/i386/ocspd-1.5.1-0.1.rc1.fc8.i386.rpm 
ocspd.i386: W: non-standard-uid /etc/ocspd/private ocspd
ocspd.i386: E: non-standard-dir-perm /etc/ocspd/private 0700
1 packages and 0 specfiles checked; 1 errors, 1 warnings.

Explanation: /etc/ocspd/private is a directory intended to contain private
cryptographic keys, that should be readable only by the user running the daemon
(user ocspd created in the %pre section). Any other "more standard" solution ?

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the Fedora-package-review mailing list