Bug 1202064

Summary: Review Request: knock - A port-knocking server/client
Product: [Fedora] Fedora Reporter: Christos Triantafyllidis <christos.triantafyllidis>
Component: Package ReviewAssignee: Raphael Groner <projects.rg>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: christos.triantafyllidis, e, gbailey, madko, mike, package-review, projects.rg
Target Milestone: ---Keywords: Reopened
Target Release: ---Flags: projects.rg: fedora-review+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-23 00:24:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christos Triantafyllidis 2015-03-14 23:28:18 UTC
Spec URL: 
https://ctria.fedorapeople.org/packaging/knock/knock.spec

SRPM URL: 
https://ctria.fedorapeople.org/packaging/knock/knock-0.7-1.fc21.src.rpm

Description:
This is a port-knocking server/client.  Port-knocking is a method where a
server can sniff one of its interfaces for a special "knock" sequence of
port-hits.  When detected, it will run a specified event bound to that port
knock sequence.  These port-hits need not be on open ports, since we use
libpcap to sniff the raw interface traffic.

Fedora Account System Username:
ctria

Comment 1 Christos Triantafyllidis 2015-03-14 23:40:15 UTC
The FSF address is wrong, there is a pull request on upstream's repository for this:
https://github.com/jvinet/knock/pull/18

I'm going to re-pack it if/when it is merged.

Cheers,
Christos

Comment 2 Eduardo Mayorga 2015-08-15 15:59:14 UTC
Rpmlint (installed packages)
----------------------------
knock.x86_64: W: invalid-url URL: http://www.zeroflux.org/projects/knock <urlopen error [Errno -5] No address associated with hostname>
knock.x86_64: E: incorrect-fsf-address /usr/share/doc/knock/COPYING
knock-server.x86_64: W: invalid-url URL: http://www.zeroflux.org/projects/knock <urlopen error [Errno -5] No address associated with hostname>
knock-server.x86_64: E: incorrect-fsf-address /usr/share/doc/knock/COPYING
knock-server.x86_64: E: non-readable /etc/knockd.conf 600
knock-debuginfo.x86_64: W: invalid-url URL: http://www.zeroflux.org/projects/knock <urlopen error [Errno -5] No address associated with hostname>
knock-debuginfo.x86_64: E: incorrect-fsf-address /usr/src/debug/knock-0.7/src/knock.c
knock-debuginfo.x86_64: E: incorrect-fsf-address /usr/src/debug/knock-0.7/src/list.c
knock-debuginfo.x86_64: E: incorrect-fsf-address /usr/src/debug/knock-0.7/src/knockd.c
knock-debuginfo.x86_64: E: incorrect-fsf-address /usr/src/debug/knock-0.7/src/list.h
3 packages and 0 specfiles checked; 7 errors, 3 warnings.

- E: non-readable must be fixed. Permissions must be 644.

- You must use %license macro to include the license text in %files.
  See: http://fedoraproject.org/wiki/Packaging/LicensingGuidelines#License_Text

Address these issues and I'll run a full review.

Comment 3 Upstream Release Monitoring 2015-12-14 23:00:24 UTC
ctria's scratch build of knock-0.7.5-1.20151214git36efbdb.fc23.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12190049

Comment 4 Upstream Release Monitoring 2015-12-14 23:13:58 UTC
ctria's scratch build of knock-0.7.5-1.20151214git36efbdb.fc23.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12190127

Comment 5 Upstream Release Monitoring 2015-12-14 23:46:27 UTC
ctria's scratch build of knock-0.7.5-1.20151214git36efbdb.fc23.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12190313

Comment 6 Christos Triantafyllidis 2015-12-14 23:50:44 UTC
Updated to latest version in github and fixed the above:
SPEC:
https://ctria.fedorapeople.org/packaging/knock/knock.spec

SRPM:
https://ctria.fedorapeople.org/packaging/knock/knock-0.7.5-1.20151214git36efbdb.fc23.src.rpm

Rawhide build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=12190313

rpmlint output:
$ rpmlint knock knock-server knock.spec  ~/rpmbuild/RPMS/x86_64/knock-0.7.5-1.20151214git36efbdb.fc23.x86_64.rpm ~/rpmbuild/RPMS/x86_64/knock-server-0.7.5-1.20151214git36efbdb.fc23.x86_64.rpm ~/rpmbuild/SRPMS/knock-0.7.5-1.20151214git36efbdb.fc23.src.rpm 
knock.x86_64: W: spelling-error %description -l en_US libpcap -> slipcase
knock-server.x86_64: W: spelling-error %description -l en_US libpcap -> slipcase
knock.x86_64: W: spelling-error %description -l en_US libpcap -> slipcase
knock-server.x86_64: W: spelling-error %description -l en_US libpcap -> slipcase
5 packages and 1 specfiles checked; 0 errors, 4 warnings.

Comment 7 Mike Goodwin 2016-03-01 03:41:06 UTC
Any news on this?

Comment 8 Raphael Groner 2016-03-28 18:55:18 UTC
Ping? Do you still look for a reviewer?

Comment 9 Raphael Groner 2016-06-16 13:20:30 UTC
Are you interested in a review swap? Please take a look into bug #1344115 or bug #1343733.

Comment 10 Raphael Groner 2016-07-11 19:37:15 UTC
Review swap with bug #1346457?

Comment 11 Raphael Groner 2016-07-17 15:09:48 UTC
Another friendly reminder. Any news here?

Comment 12 Christos Triantafyllidis 2016-07-18 11:19:38 UTC
Hello,

Sorry missed the previous updates.

I'm taking the cava one but expect an update by the end of the week.

Cheers,
Christos

Comment 13 Christos Triantafyllidis 2016-07-18 11:22:57 UTC
Please hold on that as there is an updated version I'd like to package instead (I wanted to avoid updating it all the time till it gets a reviewer).

Comment 15 Raphael Groner 2016-08-06 16:30:46 UTC
You should use concrete date of used commit in posttag, instead of a (random) build date. E.g. 20151227git258a27e

Comment 16 Raphael Groner 2016-08-06 17:55:31 UTC
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "GPL (v2 or later)", "Unknown or generated". 5 files have
     unknown license. Detailed output of licensecheck in /home/builder
     /fedora-review/1202064-knock/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[!]: Package must own all directories that it creates.
     Note: Directories without known owners: /usr/lib/systemd/system,
     /usr/lib/systemd
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[x]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 61440 bytes in 8 files.
[!]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: %config files are marked noreplace or the reason is justified.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: No %config files under /usr.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[-]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in knock-
     server , knock-debuginfo
[?]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[!]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
=> Patch0: knock_fix_knock_helper_ipt_location.patch

[x]: Scriptlets must be sane, if used.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Package should not use obsolete m4 macros
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: knock-0.7.8-1.20160721git258a27e.fc25.x86_64.rpm
          knock-server-0.7.8-1.20160721git258a27e.fc25.x86_64.rpm
          knock-debuginfo-0.7.8-1.20160721git258a27e.fc25.x86_64.rpm
          knock-0.7.8-1.20160721git258a27e.fc25.src.rpm
knock.x86_64: W: spelling-error %description -l en_US libpcap -> slipcase
knock-server.x86_64: W: spelling-error %description -l en_US libpcap -> slipcase
4 packages and 0 specfiles checked; 0 errors, 2 warnings.




Rpmlint (debuginfo)
-------------------
Checking: knock-debuginfo-0.7.8-1.20160721git258a27e.fc25.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.





Rpmlint (installed packages)
----------------------------
knock.x86_64: W: spelling-error %description -l en_US libpcap -> slipcase
knock-server.x86_64: W: spelling-error %description -l en_US libpcap -> slipcase
3 packages and 0 specfiles checked; 0 errors, 2 warnings.



Requires
--------
knock (rpmlib, GLIBC filtered):
    libc.so.6()(64bit)
    libpcap.so.1()(64bit)
    rtld(GNU_HASH)
    systemd

knock-server (rpmlib, GLIBC filtered):
    /bin/sh
    config(knock-server)
    libc.so.6()(64bit)
    libpcap.so.1()(64bit)
    rtld(GNU_HASH)

knock-debuginfo (rpmlib, GLIBC filtered):



Provides
--------
knock:
    knock
    knock(x86-64)

knock-server:
    config(knock-server)
    knock-server
    knock-server(x86-64)

knock-debuginfo:
    knock-debuginfo
    knock-debuginfo(x86-64)



Source checksums
----------------
https://github.com/jvinet/knock/archive/258a27e5a47809f97c2b9f2751a88c2f94aae891/knock-258a27e5a47809f97c2b9f2751a88c2f94aae891.tar.gz :
  CHECKSUM(SHA256) this package     : 940a8de61b4b3530560805c3b9310a077c28c99173c2ccb07ff96720b0e93c58
  CHECKSUM(SHA256) upstream package : 940a8de61b4b3530560805c3b9310a077c28c99173c2ccb07ff96720b0e93c58


Generated by fedora-review 0.6.1 (f03e4e7) last change: 2016-05-02
Command line :/usr/bin/fedora-review -v -m fedora-rawhide-x86_64 -b 1202064
Buildroot used: fedora-rawhide-x86_64
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP
Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6

Comment 17 Raphael Groner 2016-08-06 17:59:45 UTC
Issues:

MUST
- Add 'Requires: systemd' to fix ownership of directories.

SHOULD
- Add a comment about the patch. Did you send it to upstream?
- Please fix Release, see comment#15.

Comment 18 Raphael Groner 2016-09-01 19:34:04 UTC
Friendly reminder. Are you still interested in this package?

Comment 19 Christos Triantafyllidis 2016-09-02 11:11:09 UTC
Hello,

I think I've addressed all the notes:

Updated version:
https://fedorapeople.org/~ctria/packaging/knock/knock.spec
https://fedorapeople.org/~ctria/packaging/knock/knock-0.7.8-1.20151227git258a27e.fc24.src.rpm

rawhide scratch build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=15470281

The patch for the helper script has been submitted upstream:
https://github.com/jvinet/knock/pull/46

Cheers,
Christos

Comment 20 Raphael Groner 2016-09-05 17:14:32 UTC
APPROVED

Please be aware about the %systemd_requires macro. Sorry, I forget to recommend.
https://fedoraproject.org/wiki/Packaging:Scriptlets?rd=Packaging:ScriptletSnippets#Scriptlets

Thanks for this package!

Comment 21 Gwyn Ciesla 2016-09-06 13:14:19 UTC
Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/rpms/knock

Comment 22 Christos Triantafyllidis 2016-09-07 08:18:19 UTC
Package has been built for rawhide.

Comment 23 Fedora Update System 2016-09-07 08:24:36 UTC
knock-0.7.8-1.20151227git258a27e.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-23c3c06ca8

Comment 24 Fedora Update System 2016-09-12 15:29:40 UTC
knock-0.7.8-1.20151227git258a27e.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-23c3c06ca8

Comment 25 Fedora Update System 2016-09-23 00:24:17 UTC
knock-0.7.8-1.20151227git258a27e.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.