Package Review ============== Key: [x] = Pass [!] = Fail [-] = Not applicable [?] = Not evaluated [ ] = Manual review needed Issues: ======= - Permissions on files are set properly. Note: See rpmlint output See: http://fedoraproject.org/wiki/Packaging/Guidelines#FilePermissions ===== MUST items ===== C/C++: [ ]: Provides: bundled(gnulib) in place as required. Note: Sources not installed [ ]: Package does not contain kernel modules. [ ]: Package contains no static executables. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [ ]: %build honors applicable compiler flags or justifies otherwise. [ ]: Package contains no bundled libraries without FPC exception. [ ]: Changelog in prescribed format. [ ]: Sources contain only permissible code or content. [ ]: Each %files section contains %defattr if rpm < 4.4 Note: %defattr present but not needed [ ]: Package contains desktop file if it is a GUI application. [ ]: Development files must be in a -devel package [ ]: Package requires other packages for directories it uses. [ ]: Package uses nothing in %doc for runtime. [ ]: Package is not known to require ExcludeArch. [ ]: Package does not contain duplicates in %files. [ ]: Fully versioned dependency in subpackages, if present. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in openssh- clients , openssh-server , openssh-server-sysvinit , openssh-ldap , openssh-keycat , openssh-askpass [ ]: Package complies to the Packaging Guidelines [ ]: License file installed when any subpackage combination is installed. [ ]: Package consistently uses macro is (instead of hard-coded directory names). [ ]: Package is named according to the Package Naming Guidelines. [ ]: Package does not generate any conflict. [ ]: Package obeys FHS, except libexecdir and /usr/target. [ ]: If the package is a rename of another package, proper Obsoletes and Provides are present. [ ]: Package must own all directories that it creates. [ ]: Package does not own files or directories owned by other packages. [ ]: Requires correct, justified where necessary. [ ]: Spec file is legible and written in American English. [ ]: Package contains systemd file(s) if in need. [ ]: Useful -debuginfo package or justification otherwise. [ ]: Large documentation must go in a -doc subpackage. Note: Documentation size is 276480 bytes in 21 files. [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Spec file lacks Packager, Vendor, PreReq tags. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). ===== SHOULD items ===== Generic: [!]: Reviewer should test that the package builds in mock. [!]: Dist tag is present. Note: Multiple Release tags found [!]: Uses parallel make. [!]: Spec use %global instead of %define. Note: %define WITH_SELINUX 1 %define WITH_SELINUX 0 %define sshd_uid 74 %define sshd_gid 74 %define no_gnome_askpass 0 %define static_libcrypto 0 %define gtk2 1 %define pie 1 %define kerberos5 1 %define libedit 1 %define ldap 1 %define nologin 1 %define pam_ssh_agent 1 %define pam_ssh_agent 0 %define rescue 0 %define kerberos5 0 %define libedit 0 %define pam_ssh_agent 0 %define openssh_ver 6.1p1 %define openssh_rel 4 %define pam_ssh_agent_ver 0.9.3 %define pam_ssh_agent_rel 3 %define __spec_install_post %{?__debug_package:%{__debug_install_post}} %{__arch_install_post} %{__os_install_post} fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd %{nil} [ ]: Buildroot is not present Note: Buildroot: present but not needed [ ]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) Note: %clean present but not required [ ]: Final provides and requires are sane (see attachments). [ ]: Package functions as described. [ ]: Latest version is packaged. [ ]: Patches link to upstream bugs/comments/lists or are otherwise justified. [ ]: Scriptlets must be sane, if used. [ ]: SourceX tarball generation or download is documented. Note: Package contains tarball without URL, check comments [ ]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [ ]: Package should compile and build into binary rpms on all supported architectures. [ ]: %check is present and all tests pass. [ ]: Packages should try to preserve timestamps of original installed files. [x]: Sources can be downloaded from URI in Source: tag [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: SourceX is a working URL. ===== EXTRA items ===== Generic: [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: openssh-6.1p1-4.fc19.x86_64.rpm openssh-clients-6.1p1-4.fc19.x86_64.rpm openssh-server-6.1p1-4.fc19.x86_64.rpm openssh-server-sysvinit-6.1p1-4.fc19.x86_64.rpm openssh-ldap-6.1p1-4.fc19.x86_64.rpm openssh-keycat-6.1p1-4.fc19.x86_64.rpm openssh-askpass-6.1p1-4.fc19.x86_64.rpm openssh.x86_64: W: spelling-error %description -l en_US rlogin -> logging openssh.x86_64: W: spelling-error %description -l en_US rsh -> rah, rs, sh openssh.x86_64: W: spelling-error %description -l en_US untrusted -> entrusted, trusted, encrusted openssh.x86_64: W: incoherent-version-in-changelog 0.9.3-3 ['6.1p1-4.fc19', '6.1p1-4'] openssh.x86_64: W: non-standard-gid /usr/libexec/openssh/ssh-keysign ssh_keys openssh.x86_64: E: setgid-binary /usr/libexec/openssh/ssh-keysign ssh_keys 02111L openssh.x86_64: E: non-standard-executable-perm /usr/libexec/openssh/ssh-keysign 02111L openssh.x86_64: E: non-standard-executable-perm /usr/libexec/openssh/ssh-keysign 02111L openssh.x86_64: E: non-readable /etc/ssh/moduli 0600L openssh.x86_64: W: file-not-utf8 /usr/share/doc/openssh-6.1p1/LICENCE openssh.x86_64: W: file-not-utf8 /usr/share/doc/openssh-6.1p1/CREDITS openssh.x86_64: W: install-file-in-docs /usr/share/doc/openssh-6.1p1/INSTALL openssh-clients.x86_64: W: only-non-binary-in-usr-lib openssh-clients.x86_64: E: setgid-binary /usr/bin/ssh-agent nobody 02111L openssh-clients.x86_64: E: non-standard-executable-perm /usr/bin/ssh-agent 02111L openssh-clients.x86_64: E: non-standard-executable-perm /usr/bin/ssh-agent 02111L openssh-server.x86_64: W: only-non-binary-in-usr-lib openssh-server.x86_64: E: non-standard-dir-perm /var/empty/sshd 0711L openssh-server.x86_64: E: non-readable /etc/sysconfig/sshd 0640L openssh-server.x86_64: E: non-readable /etc/ssh/sshd_config 0600L openssh-server.x86_64: W: no-manual-page-for-binary sshd-keygen openssh-server.x86_64: W: non-standard-dir-in-var empty openssh-server-sysvinit.x86_64: W: spelling-error Summary(en_US) initscript -> inscription, postscript openssh-server-sysvinit.x86_64: W: summary-ended-with-dot C The SysV initscript to manage the OpenSSH server. openssh-server-sysvinit.x86_64: W: spelling-error %description -l en_US init -> unit, int, nit openssh-server-sysvinit.x86_64: W: spelling-error %description -l en_US systemd -> systems, system, system d openssh-server-sysvinit.x86_64: W: no-documentation openssh-server-sysvinit.x86_64: E: init-script-without-chkconfig-postin /etc/rc.d/init.d/sshd openssh-server-sysvinit.x86_64: E: init-script-without-chkconfig-preun /etc/rc.d/init.d/sshd openssh-server-sysvinit.x86_64: W: service-default-enabled /etc/rc.d/init.d/sshd openssh-server-sysvinit.x86_64: W: incoherent-subsys /etc/rc.d/init.d/sshd $prog openssh-server-sysvinit.x86_64: W: service-default-enabled /etc/rc.d/init.d/sshd openssh-server-sysvinit.x86_64: W: incoherent-init-script-name sshd ('openssh-server', 'openssh-serverd') openssh-ldap.x86_64: W: spelling-error %description -l en_US backend -> backed, back end, back-end openssh-keycat.x86_64: W: spelling-error Summary(en_US) mls -> mks, ml, ms openssh-keycat.x86_64: W: spelling-error Summary(en_US) backend -> backed, back end, back-end openssh-keycat.x86_64: W: spelling-error %description -l en_US mls -> mks, ml, ms openssh-keycat.x86_64: W: spelling-error %description -l en_US backend -> backed, back end, back-end openssh-askpass.x86_64: W: spelling-error Summary(en_US) passphrase -> pass phrase, pass-phrase, paraphrase openssh-askpass.x86_64: W: spelling-error %description -l en_US passphrase -> pass phrase, pass-phrase, paraphrase openssh-askpass.x86_64: W: self-obsoletion openssh-askpass-gnome obsoletes openssh-askpass-gnome openssh-askpass.x86_64: W: no-documentation openssh-askpass.x86_64: W: non-conffile-in-etc /etc/profile.d/gnome-ssh-askpass.sh openssh-askpass.x86_64: W: non-conffile-in-etc /etc/profile.d/gnome-ssh-askpass.csh 7 packages and 0 specfiles checked; 12 errors, 32 warnings. Requires -------- openssh-clients (rpmlib, GLIBC filtered): /bin/sh config(openssh-clients) fipscheck-lib(x86-64) libc.so.6()(64bit) libcom_err.so.2()(64bit) libcrypt.so.1()(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(OPENSSL_1.0.1)(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libdl.so.2()(64bit) libedit.so.0()(64bit) libfipscheck.so.1()(64bit) libgssapi_krb5.so.2()(64bit) libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit) libk5crypto.so.3()(64bit) libkrb5.so.3()(64bit) liblber-2.4.so.2()(64bit) libldap-2.4.so.2()(64bit) libnsl.so.1()(64bit) libresolv.so.2()(64bit) libselinux.so.1()(64bit) libtinfo.so.5()(64bit) libutil.so.1()(64bit) libz.so.1()(64bit) openssh rtld(GNU_HASH) openssh-server (rpmlib, GLIBC filtered): /bin/bash /bin/sh /usr/sbin/useradd config(openssh-server) fipscheck-lib(x86-64) libaudit.so.1()(64bit) libc.so.6()(64bit) libcom_err.so.2()(64bit) libcrypt.so.1()(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(OPENSSL_1.0.1)(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libdl.so.2()(64bit) libfipscheck.so.1()(64bit) libgssapi_krb5.so.2()(64bit) libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit) libk5crypto.so.3()(64bit) libkrb5.so.3()(64bit) libkrb5.so.3(krb5_3_MIT)(64bit) liblber-2.4.so.2()(64bit) libldap-2.4.so.2()(64bit) libnsl.so.1()(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libresolv.so.2()(64bit) libselinux.so.1()(64bit) libutil.so.1()(64bit) libwrap.so.0()(64bit) libz.so.1()(64bit) openssh pam rtld(GNU_HASH) systemd-sysv systemd-units openssh (rpmlib, GLIBC filtered): /bin/sh /sbin/nologin audit-libs config(openssh) libc.so.6()(64bit) libcom_err.so.2()(64bit) libcrypt.so.1()(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(OPENSSL_1.0.1)(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libdl.so.2()(64bit) libfipscheck.so.1()(64bit) libgssapi_krb5.so.2()(64bit) libk5crypto.so.3()(64bit) libkrb5.so.3()(64bit) liblber-2.4.so.2()(64bit) libldap-2.4.so.2()(64bit) libnsl.so.1()(64bit) libresolv.so.2()(64bit) libselinux libutil.so.1()(64bit) libz.so.1()(64bit) rtld(GNU_HASH) openssh-askpass (rpmlib, GLIBC filtered): libX11.so.6()(64bit) libatk-1.0.so.0()(64bit) libc.so.6()(64bit) libcairo.so.2()(64bit) libfontconfig.so.1()(64bit) libfreetype.so.6()(64bit) libgdk-x11-2.0.so.0()(64bit) libgdk_pixbuf-2.0.so.0()(64bit) libgio-2.0.so.0()(64bit) libglib-2.0.so.0()(64bit) libgobject-2.0.so.0()(64bit) libgtk-x11-2.0.so.0()(64bit) libpango-1.0.so.0()(64bit) libpangocairo-1.0.so.0()(64bit) libpangoft2-1.0.so.0()(64bit) libpthread.so.0()(64bit) openssh rtld(GNU_HASH) openssh-ldap (rpmlib, GLIBC filtered): /bin/sh libc.so.6()(64bit) libcom_err.so.2()(64bit) libcrypt.so.1()(64bit) libcrypto.so.10()(64bit) libdl.so.2()(64bit) libfipscheck.so.1()(64bit) libgssapi_krb5.so.2()(64bit) libk5crypto.so.3()(64bit) libkrb5.so.3()(64bit) liblber-2.4.so.2()(64bit) libldap-2.4.so.2()(64bit) libnsl.so.1()(64bit) libresolv.so.2()(64bit) libutil.so.1()(64bit) libz.so.1()(64bit) openssh rtld(GNU_HASH) openssh-server-sysvinit (rpmlib, GLIBC filtered): /bin/bash /bin/sh openssh-server(x86-64) openssh-keycat (rpmlib, GLIBC filtered): config(openssh-keycat) libaudit.so.1()(64bit) libc.so.6()(64bit) libfipscheck.so.1()(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libselinux.so.1()(64bit) libwrap.so.0()(64bit) openssh rtld(GNU_HASH) Provides -------- openssh-clients: config(openssh-clients) openssh-clients openssh-clients(x86-64) openssh-server: config(openssh-server) openssh-server openssh-server(x86-64) openssh: config(openssh) openssh openssh(x86-64) openssh-askpass: openssh-askpass openssh-askpass(x86-64) openssh-askpass-gnome openssh-ldap: openssh-ldap openssh-ldap(x86-64) openssh-server-sysvinit: openssh-server-sysvinit openssh-server-sysvinit(x86-64) openssh-keycat: config(openssh-keycat) openssh-keycat openssh-keycat(x86-64) MD5-sum check ------------- http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.9.3.tar.bz2 : CHECKSUM(SHA256) this package : 10017968f5a8a41e1fcfaac6cdec479b70998bbbd19a70e94e2f654befafe5a6 CHECKSUM(SHA256) upstream package : 10017968f5a8a41e1fcfaac6cdec479b70998bbbd19a70e94e2f654befafe5a6 Generated by fedora-review 0.4.0 (736af0d) last change: 2013-01-28 Buildroot used: fedora-raw-x86_64 Command line :/home/w0rm/work/projects/fedora-review/try-fedora-review -rpn openssh -m fedora-rawhide-x86_64 -v -x CheckRpmlintInstalled,CheckApprovedLicense,CheckContainsLicenseText,CheckLicenseField,CheckLicenseUpstream,CheckReqPkgConfig,CheckBuildCompleted,CheckPackageInstalls,CheckNoNameConflict,CheckBuild,CheckBuildRequires