Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at
Bug 169378 - Review Request: shorewall
Summary: Review Request: shorewall
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Aurelien Bompard
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2005-09-27 18:18 UTC by Robert Marcano
Modified: 2010-08-10 11:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-10-11 19:02:02 UTC
Type: ---

Attachments (Terms of Use)

Description Robert Marcano 2005-09-27 18:18:56 UTC
Spec Name or Url:
SRPM Name or Url:
Description: The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/router/server or on a standalone GNU/Linux system.

It has been recently removed from extras, I updated it and I am trying to be the maintainer of this package

Comment 1 Aurelien Bompard 2005-09-27 22:44:13 UTC
Needs work:
* the conf files in /etc/shorewall should be set with flag noreplace
* /usr/share/shorewall dir should be 755 and the files in it should be readable,
since they are not conf files there is no point in making them 600.
* the service is enabled by default, please run a substitution on
/etc/init.d/shorewall to change the chkconfig line
* Requirements: missing dependancy on chkconfig in %post and %preun
* Scriptlets: missing "service" command in %preun and %postun 
  (wiki: ScriptletSnippets)
* In the files list, /sbin should be replaced with %{_sbindir}

* remove empty %build section
* %{_prefix}/share should be replaced with %{_datadir}

Comment 2 Ville Skyttä 2005-09-28 06:14:57 UTC
%{_sbindir} != /sbin 

Comment 3 Aurelien Bompard 2005-09-28 06:25:01 UTC
(In reply to comment #2)
> %{_sbindir} != /sbin 

Ooops, right :)
Please forget about this one.

Comment 4 Robert Marcano 2005-09-28 14:07:18 UTC
Thanks for the review. It has been updated... see

I disabled the service autostart using a patch and no a substitution. I think is
more easy to detect when the source init script is changed when the patch does
not applies anymore

Comment 5 Robert Marcano 2005-09-28 14:40:31 UTC
Well I still have a few warnings.. It is my first time running rpmlint :-(

> W: shorewall no-version-in-last-changelog
My mistake

> E: shorewall non-standard-dir-perm /var/lib/shorewall 0700
> E: shorewall non-readable /var/lib/shorewall/proxyarp 0600
> E: shorewall non-readable /var/lib/shorewall/nat 0600
> E: shorewall non-readable /var/lib/shorewall/chains 0600
> E: shorewall non-readable /var/lib/shorewall/zones 0600
> E: shorewall non-readable /var/lib/shorewall/restarted 0600
This files are generated by shorewall, and some are shell scripts that must be
hidden to non root users. When they do not exist, shorewall creates them with
0600. I think that the author of the original SPEC file add them empty in order
to be sure they are removed when uninstalled

> E: shorewall non-standard-executable-perm /sbin/shorewall 0554
Will be fixed to 0774

> E: shorewall non-executable-script /usr/share/shorewall/firewall 0644
> E: shorewall non-executable-script /usr/share/shorewall/functions 0644
> E: shorewall non-executable-script /usr/share/shorewall/help 0644
This scripts are sourced by other shell scripts, they are not called directly,
so I will let them non-executable

> W: shorewall no-reload-entry /etc/rc.d/init.d/shorewall
Will be fixed

> E: shorewall subsys-not-used /etc/rc.d/init.d/shorewall
What this means?

Comment 6 Aurelien Bompard 2005-09-28 15:30:41 UTC
(In reply to comment #5)
> > E: shorewall subsys-not-used /etc/rc.d/init.d/shorewall
> What this means?

Regular daemons should write their PID in a file in /var/lock/subsys. In
shorewall's case, you can ignore it.

Comment 8 Aurelien Bompard 2005-09-29 04:30:26 UTC
Review for release 4:
* RPM name is OK
* Source shorewall-2.4.4.tar.bz2 is the same as upstream
* This is the latest version
* Builds fine in mock
* rpmlint of shorewall looks OK
* File list of shorewall looks OK
* Works fine.

Comment 9 Robert Marcano 2005-10-09 19:37:09 UTC
Updated to 2.4.5

Comment 10 Aurelien Bompard 2005-10-09 20:08:03 UTC
Review for release 1:
* Changes are OK
* Source shorewall-2.4.5.tar.bz2 is the same as upstream

Comment 11 Robert Marcano 2005-10-11 19:02:02 UTC
Build logs:

is this the last step in order to push it to the repositories?

Comment 12 Aurelien Bompard 2005-10-12 05:35:31 UTC
Yes, the package is in the repos now. Thanks for maintaining it.

Comment 13 Jonathan Underwood 2010-08-07 20:36:48 UTC
Please create a EL6 branch.

Comment 14 Kevin Fenzi 2010-08-09 17:22:13 UTC
There is already a EL-6 branch. ;)

Comment 15 Jonathan Underwood 2010-08-10 11:24:15 UTC
Oh yes, so there is, apologies. I'll blame early onset Alzheimers.:)

Note You need to log in before you can comment on or make changes to this bug.