https://bugzilla.redhat.com/show_bug.cgi?id=2354888 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zbyszek@xxxxxxxxx --- Comment #8 from Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> --- install -p -D app.ini.tmpl %{buildroot}%{_sysconfdir}/%{name}/conf/app.ini.tmpl install -p -D %{S:4} %{buildroot}%{_sysconfdir}/%{name}/public/robots.txt install -p -D %{name}.complete %{buildroot}%{_datadir}/bash-completion/completions/%{name} install -p -D %{S:5} %{buildroot}%{_unitdir}/%{name}.service install -p -D %{S:6} %{buildroot}%{_sysusersdir}/%{name}.conf 'install' unfortunately defaults to mode +x, and this needs to be overridden with -m 0644 in all cases where a non-executable file is installed. The scriptlet that creates the config must be moved out to a separate service, see https://docs.fedoraproject.org/en-US/packaging-guidelines/Initial_Service_Setup/. "Any action that must be performed on the system where the service will be run whose output is not identical for all systems running that service." The operation here clearly falls under this definition. > %{?sysusers_requires_compat} > > %pre > %sysusers_create_compat %{S:6} This is only needed in F41-. It's a noop in rawhide now. Please consider dropping it in the rawhide branch. %description is very short. It'd be nice to mention that this package is used (or will be used) for src.fedoraproject.org. > %attr(0640,-,%{name}) %{_sysconfdir}/%{name}/conf/app.ini.tmpl Does the template really need to be owned by the user? (And if not, then the mode can be relaxed too.) The service: 1. Can the service be socket-activated? 2. Type=simple is not great. There is no notification of readinesss. Type=exec is marginally better. There might be some missing upstream functionality, but ideally Type=notify or Type=notify-reload would be used. 3. There is a little bit of sandboxing, but I think more could be added. Does the service make *outgoing* connections? If not, maybe it could be run with PrivateNetwork=yes. Those issues do not need to be handled during the review, but it'd be good to improve the service before we actually deploy this. I'd be happy to help with crafting of the service file. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2354888 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202354888%23c8 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
