https://bugzilla.redhat.com/show_bug.cgi?id=2448590
--- Comment #7 from Marc-Andre Lureau <[email protected]> --- Some other issues found with Claude help: - %{?sysusers_requires_compat} should be added for rhel9 - Node.js.adoc: All Node.js module spec files must include a `+%check+`, add %check %{__nodejs} -e 'require("%{buildroot}%{nodejs_sitearch}/pccs/pccs_server.js")' || : - ReviewGuidelines.adoc: Each architecture listed in `+ExcludeArch+` *MUST* have a bug filed in bugzilla - PatchUpstreamStatus.adoc: All patches in Fedora spec files *SHOULD* have a comment - pccs.service line 16: InaccessibleDirectories= has been deprecated in favor of InaccessiblePaths=. (ok for rhel9) - The spec comments (lines 68-73) say PCCS can run on any platform since it doesn't require local SGX hardware. But the service file has ConditionPathExists=/dev/sgx_enclave - Systemd Unit File: Consider Adding Security Hardening The service file already has DevicePolicy=closed and InaccessibleDirectories=/home, which is good. Per the systemd guidelines, consider adding more hardening: ProtectSystem=strict ProtectHome=yes NoNewPrivileges=yes ReadWritePaths=/var/lib/pccs /var/log/pccs /etc/pccs - -admin Subpackage Missing Versioned Dependency on Base Line 133: The Recommends uses %{?_isa} but the admin subpackage is BuildArch: noarch (line 134). Using %{?_isa} on a noarch package recommending an arch-specific package will resolve to the build architecture, which may cause issues. It should be: Recommends: sgx-pccs = %{epoch}:%{version}-%{release} The rest reported seemed minor to me -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2448590 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202448590%23c7 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
