Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 510729 (pkcs11-helper) - Review Request: pkcs11-helper - A library for using PKCS#11 providers
Summary: Review Request: pkcs11-helper - A library for using PKCS#11 providers
Keywords:
Status: CLOSED ERRATA
Alias: pkcs11-helper
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jason Tibbitts
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-07-10 13:43 UTC by Kalev Lember
Modified: 2009-07-29 22:56 UTC (History)
2 users (show)

Fixed In Version: 1.07-2.el5.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-16 07:00:59 UTC
Type: ---
Embargoed:
j: fedora-review+
j: fedora-cvs+

Attachments (Terms of Use)

Description Kalev Lember 2009-07-10 13:43:12 UTC 
Spec URL: http://www.smartlink.ee/~kalev/pkcs11-helper.spec
SRPM URL: http://www.smartlink.ee/~kalev/pkcs11-helper-1.07-1.fc12.src.rpm
Description:
pkcs11-helper is a library that simplifies the interaction with PKCS#11
providers for end-user applications using a simple API and optional OpenSSL
engine. The library allows using multiple PKCS#11 providers at the same time,
enumerating available token certificates, or selecting a certificate directly
by serialized id, handling card removal and card insert events, handling card
re-insert to a different slot, supporting session expiration and much more all
using a simple API.

Koji scratch build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1465526
Comment 1 Jason Tibbitts 2009-07-11 17:57:11 UTC 
I wonder if upstream realizes that they're supposed to replace "<ORGANIZATION>" in their license text with either their names or the name of their organization.  Without doing that the provision is essentially void and they might just as well use the 2-clause BSD or the MIT license.

rpmlint says:
  pkcs11-helper.x86_64: W: unused-direct-shlib-dependency
   /usr/lib64/libpkcs11-helper.so.1.0.0 /lib64/libz.so.1
I guess the openssl pkgconfig files mandate that everything link against zlib, even if nothing in zlib is being called.   You can clean this up if you like, but it's not really a problem.

It looks like /usr/share/aclocal is unowned.  This package needs to depend on automake if it's going to put files there.

* source files match upstream.  sha256sum:                 
   7849ddd06a4f3996358264ca6f92fbb4980d40aefaf6cda67a05f524476c345f
   pkcs11-helper-1.07.tar.bz2
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.                                                              
* description is OK.                                                          
* dist tag is present.
* build root is OK.
* license field matches the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
* debuginfo package looks complete.
* rpmlint has acceptable complaints.
* final provides and requires are sane:
  pkcs11-helper-1.07-1.fc12.x86_64.rpm
   libpkcs11-helper.so.1()(64bit)
   pkcs11-helper = 1.07-1.fc12
   pkcs11-helper(x86-64) = 1.07-1.fc12
  =
   /sbin/ldconfig
   libcrypto.so.8()(64bit)
   libpkcs11-helper.so.1()(64bit)
   libz.so.1()(64bit)

  pkcs11-helper-devel-1.07-1.fc12.x86_64.rpm
   pkgconfig(libpkcs11-helper-1) = 1.07
   pkcs11-helper-devel = 1.07-1.fc12
   pkcs11-helper-devel(x86-64) = 1.07-1.fc12
  =
   /usr/bin/pkg-config
   libpkcs11-helper.so.1()(64bit)
   openssl-devel
   pkcs11-helper = 1.07-1.fc12
   pkgconfig

* shared libraries are installed:
   ldconfig is called properly.
   unversioned .so link is in the -devel package.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no generically named files.
* scriptlets are OK (ldconfig).
* code, not content.
* %docs are not necessary for the proper functioning of the package.
* headers are in the -devel package.
* pkgconfig files are in the -devel package with pkgconfig dependency.
* no static libraries.
* no libtool .la files.

The package review process needs reviewers!  If you haven't done any package
reviews recently, please consider doing one.
Comment 2 Kalev Lember 2009-07-11 19:17:42 UTC 
Thanks for your review!

> I wonder if upstream realizes that they're supposed to replace "<ORGANIZATION>"
> in their license text with either their names or the name of their
> organization.  Without doing that the provision is essentially void and they
> might just as well use the 2-clause BSD or the MIT license.

I notified Alon Bar-Lev by email and also added opensc-devel mailing list to CC:
http://www.opensc-project.org/pipermail/opensc-devel/2009-July/012311.html


> rpmlint says:
>   pkcs11-helper.x86_64: W: unused-direct-shlib-dependency
>    /usr/lib64/libpkcs11-helper.so.1.0.0 /lib64/libz.so.1
> I guess the openssl pkgconfig files mandate that everything link against zlib,
> even if nothing in zlib is being called.   You can clean this up if you like,
> but it's not really a problem.

The warning looks harmless enough that I guess I'm going to leave it as it is.


> It looks like /usr/share/aclocal is unowned.  This package needs to depend on
> automake if it's going to put files there.

Added automake dependency to devel subpackage:
Spec URL: http://www.smartlink.ee/~kalev/pkcs11-helper.spec
SRPM URL: http://www.smartlink.ee/~kalev/pkcs11-helper-1.07-2.fc12.src.rpm
Comment 3 Jason Tibbitts 2009-07-11 20:25:27 UTC 
Looks good.

APPROVED
Comment 4 Kalev Lember 2009-07-11 22:47:52 UTC 
Thanks for the quick review, Jason!

New Package CVS Request
=======================
Package Name: pkcs11-helper
Short Description: A library for using PKCS#11 providers
Owners: kalev
Branches: F-10 F-11 EL-5
InitialCC:
Comment 5 Jason Tibbitts 2009-07-12 16:59:09 UTC 
CVS done.
Comment 6 Fedora Update System 2009-07-12 21:28:55 UTC 
pkcs11-helper-1.07-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/pkcs11-helper-1.07-2.fc11
Comment 7 Fedora Update System 2009-07-12 21:29:00 UTC 
pkcs11-helper-1.07-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/pkcs11-helper-1.07-2.fc10
Comment 8 Fedora Update System 2009-07-13 08:13:40 UTC 
pkcs11-helper-1.07-2.el5.1 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pkcs11-helper-1.07-2.el5.1
Comment 9 Fedora Update System 2009-07-13 19:39:49 UTC 
pkcs11-helper-1.07-2.el5.1 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pkcs11-helper'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0074
Comment 10 Fedora Update System 2009-07-16 07:00:54 UTC 
pkcs11-helper-1.07-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2009-07-16 07:07:46 UTC 
pkcs11-helper-1.07-2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2009-07-29 22:56:43 UTC 
pkcs11-helper-1.07-2.el5.1 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.