FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > EPEL Development

 
 
LinkBack Thread Tools
 
Old 12-14-2011, 11:29 AM
Nelson Manuel Marques
 
Default Help wanted - lcm

Hi all

I want to submit lcm[1] (Lightweight Communications and Marshaling) to
EPEL soon, but I'm currently struggling with a few issues found by
rpmlint (and probably more).

I was wondering if I could get some help before submitting the package
to fix 2 particular issues. The spec file and a sample SRPM file are
available here[2].

The current errors I'm struggling with are the following:
lcm.x86_64: W: dangerous-command-in-%post mv
lcm.x86_64: E: use-tmp-in-%post
lcm.x86_64: W: dangerous-command-in-%preun mv
lcm.x86_64: E: use-tmp-in-%preun
1 packages and 0 specfiles checked; 2 errors, 2 warnings.

Any indications or help regarding this particular issues would be
welcomed.


Best Regards,
NM



[1] - http://code.google.com/p/lcm
[2] - http://nmarques.fedorapeople.org/packages/lcm-0.7.1/


_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
 
Old 12-14-2011, 11:45 AM
Paul Howarth
 
Default Help wanted - lcm

On 12/14/2011 12:29 PM, Nelson Manuel Marques wrote:

Hi all

I want to submit lcm[1] (Lightweight Communications and Marshaling) to
EPEL soon, but I'm currently struggling with a few issues found by
rpmlint (and probably more).

I was wondering if I could get some help before submitting the package
to fix 2 particular issues. The spec file and a sample SRPM file are
available here[2].

The current errors I'm struggling with are the following:
lcm.x86_64: W: dangerous-command-in-%post mv
lcm.x86_64: E: use-tmp-in-%post
lcm.x86_64: W: dangerous-command-in-%preun mv
lcm.x86_64: E: use-tmp-in-%preun
1 packages and 0 specfiles checked; 2 errors, 2 warnings.

Any indications or help regarding this particular issues would be
welcomed.


The scriptlets use predictable temporary filenames, which is a security
vulnerability (see http://www.linuxsecurity.com/content/view/115462/151/
for an explanation).


Think carefully about whether it's actually necessary to edit
/etc/sysctl.conf in %post/%postun; an alternative approach might be to
document the required changes in a README.rpm file. It's hard to say as
I don't know how important the suggested changes are for the package's
operation and what any drawbacks might be of setting those values.


Paul.

_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
 
Old 12-14-2011, 02:15 PM
Nelson Manuel Marques
 
Default Help wanted - lcm

On Wed, 2011-12-14 at 12:45 +0000, Paul Howarth wrote:
> On 12/14/2011 12:29 PM, Nelson Manuel Marques wrote:
> > Hi all
> >
> > I want to submit lcm[1] (Lightweight Communications and Marshaling) to
> > EPEL soon, but I'm currently struggling with a few issues found by
> > rpmlint (and probably more).
> >
> > I was wondering if I could get some help before submitting the package
> > to fix 2 particular issues. The spec file and a sample SRPM file are
> > available here[2].
> >
> > The current errors I'm struggling with are the following:
> > lcm.x86_64: W: dangerous-command-in-%post mv
> > lcm.x86_64: E: use-tmp-in-%post
> > lcm.x86_64: W: dangerous-command-in-%preun mv
> > lcm.x86_64: E: use-tmp-in-%preun
> > 1 packages and 0 specfiles checked; 2 errors, 2 warnings.
> >
> > Any indications or help regarding this particular issues would be
> > welcomed.
>
> The scriptlets use predictable temporary filenames, which is a security
> vulnerability (see http://www.linuxsecurity.com/content/view/115462/151/
> for an explanation).

Hi Paul,

Thanks for this link, it's actually pretty much useful not only to this
situations to others I forsee.


> Think carefully about whether it's actually necessary to edit
> /etc/sysctl.conf in %post/%postun; an alternative approach might be to
> document the required changes in a README.rpm file. It's hard to say as
> I don't know how important the suggested changes are for the package's
> operation and what any drawbacks might be of setting those values.

I've consulted the engineers who work with this component and they
pointed to me this are optimal values for internal usage. They do
recommend them, but we will do this internally using another methodoly
so we can maintain this package on EPEL. The 'offending/superfluous' %
post and %postun for lcm package are removed.

I will proceed now into submission to EPEL.

Thanks for your help, it was most welcome.

Nelson

>
> Paul.
>
> _______________________________________________
> epel-devel-list mailing list
> epel-devel-list@redhat.com
> https://www.redhat.com/mailman/listinfo/epel-devel-list


_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
 

Thread Tools




All times are GMT. The time now is 07:42 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org