Bug 1245640

Summary: Review Request: msed - Tools to manage the activation and use of self encrypting drives
Product: [Fedora] Fedora Reporter: Charles R. Anderson <cra>
Component: Package ReviewAssignee: Till Hofmann <thofmann>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: package-review, thofmann
Target Milestone: ---Flags: thofmann: fedora-review+
gwync: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-29 04:29:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Charles R. Anderson 2015-07-22 12:49:09 UTC
Spec URL: https://cra.fedorapeople.org/msed/msed.spec
SRPM URL: https://cra.fedorapeople.org/msed/msed-0.23-0.4.beta.gite38a16d.fc21.src.rpm
Description: MSED is a Self-Encrypting Drive (SED) management program and Pre-Boot Authorization (PBA) image that will allow the activation and use of
self encrypting drives that comply with the Trusted Computing Group
Opal 2.0 SSC.

This package provides the msed and linuxpba binaries, but not the PBA
image itself.

Fedora Account System Username: cra

Comment 1 Till Hofmann 2015-07-26 18:34:15 UTC
Minor comments/questions after a first glance:

- Why do you create backups during patching?
- You use "buildconf x86_64" on ALL arch'es, are you sure this is intended? It certainly looks odd.
- You can use a URL pointing to github as Source0 URL instead of using a local file, for details see [1] (although this probably won't work, see next comment).
- It seems like you need to have the full git repository in order to specify the GIT_VERSION correctly. Couldn't you instead define the version when calling make (e.g. by defining additional CPPFLAGS)? I understand this would require some patching, but it seems like the cleaner solution.
- Are the patches generic or are these Fedora-specific patches? If they are generic, are they included upstream? Did you send them upstream?


[1] https://fedoraproject.org/wiki/Packaging:SourceURL?rd=Packaging/SourceURL#Git_Hosting_Services

Comment 2 Charles R. Anderson 2015-07-26 23:51:51 UTC
New build:

Spec URL: https://cra.fedorapeople.org/msed/msed.spec
SRPM URL: https://cra.fedorapeople.org/msed/msed-0.23-0.5.beta.gite38a16d.fc21.src.rpm

(In reply to Till Hofmann from comment #1)
> Minor comments/questions after a first glance:
> 
> - Why do you create backups during patching?

Common practice to make it easy to use "gendiff" to maintain patches.

> - You use "buildconf x86_64" on ALL arch'es, are you sure this is intended?
> It certainly looks odd.

I added comments explaining this.  Upstream only provides x86_64 and i686 build targets--we need to pick one of those, and override all the CFLAGS to build for other arches anyway.

> - You can use a URL pointing to github as Source0 URL instead of using a
> local file, for details see [1] (although this probably won't work, see next
> comment).

Thanks, I like this method so I've adopted it.

> - It seems like you need to have the full git repository in order to specify
> the GIT_VERSION correctly. Couldn't you instead define the version when
> calling make (e.g. by defining additional CPPFLAGS)? I understand this would
> require some patching, but it seems like the cleaner solution.

I now patch GitVersion.sh using sed in the spec file and I've dropped the "git" BR.

> - Are the patches generic or are these Fedora-specific patches? If they are
> generic, are they included upstream? Did you send them upstream?

All patches now have comments to explain their status.

rpmlint:

Checking: msed-0.23-0.5.beta.gite38a16d.fc24.x86_64.rpm
          msed-0.23-0.5.beta.gite38a16d.fc24.src.rpm
msed.x86_64: W: no-manual-page-for-binary linuxpba
msed.x86_64: W: no-manual-page-for-binary msed
msed.src: W: spelling-error %description -l en_US linuxpba -> Linux
2 packages and 0 specfiles checked; 0 errors, 3 warnings.

Upstream does not provide manual pages.

Comment 3 Till Hofmann 2015-07-27 10:39:33 UTC
Your new solution for GitVersion.sh looks good!


[!]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.

Could you link to upstream bugs and/or link to pull requests? Your last version already improved this a lot, but links in the Spec file to the upstream bugs/pull requests would be really helpful, especially if the fixes aren't Fedora-specific.

non-blocking issue:
msed/MsedHexDump.h has a misleading license header. licensecheck detects it as BSD-licensed, but the file does not actually contain any proper license header. It's only one line of code, so I guess it's a non-blocker, but it would be nice if this could be reported upstream such that they can fix the header.

Other than that, the package looks good. I'll post a formal review after the issue above has been fixed.

Comment 4 Charles R. Anderson 2015-07-27 15:30:01 UTC
Spec URL: https://cra.fedorapeople.org/msed/msed.spec
SRPM URL: https://cra.fedorapeople.org/msed/msed-0.23-0.6.beta.gite38a16d.fc21.src.rpm

Comments about pull requests have been added.  I've opened an upstream issue about the MsedHexDump.h:

https://github.com/r0m30/msed/issues/29

Thanks!

(In reply to Till Hofmann from comment #3)
> Other than that, the package looks good. I'll post a formal review after the
> issue above has been fixed.

Comment 5 Till Hofmann 2015-07-27 16:01:10 UTC
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "BSD", "GPL (v3 or later)", "Unknown or generated". 3 files
     have unknown license.
     Comment: BSD detection is wrong, MsedHexDump.h is not BSD-licensed, but a
     proper license header is missing.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
     Note: You can use %{buildroot} instead of $RPM_BUILD_ROOT
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 20480 bytes in 4 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[?]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: msed-0.23-0.5.beta.gite38a16d.fc22.x86_64.rpm
          msed-0.23-0.5.beta.gite38a16d.fc22.src.rpm
msed.x86_64: W: no-manual-page-for-binary linuxpba
msed.x86_64: W: no-manual-page-for-binary msed
msed.src: W: spelling-error %description -l en_US linuxpba -> Linux
2 packages and 0 specfiles checked; 0 errors, 3 warnings.




Rpmlint (debuginfo)
-------------------
Checking: msed-debuginfo-0.23-0.5.beta.gite38a16d.fc22.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.





Rpmlint (installed packages)
----------------------------
msed.x86_64: W: incoherent-version-in-changelog 0.23-0.4.beta ['0.23-0.4.beta.gite38a16d.fc22', '0.23-0.4.beta.gite38a16d']
--> this looks like an issue with fedora-review, actual version in changelog is correct
msed.x86_64: W: no-manual-page-for-binary linuxpba
msed.x86_64: W: no-manual-page-for-binary msed
2 packages and 0 specfiles checked; 0 errors, 3 warnings.



Requires
--------
msed (rpmlib, GLIBC filtered):
    libc.so.6()(64bit)
    libgcc_s.so.1()(64bit)
    libgcc_s.so.1(GCC_3.0)(64bit)
    libm.so.6()(64bit)
    libncurses.so.5()(64bit)
    libstdc++.so.6()(64bit)
    libstdc++.so.6(CXXABI_1.3)(64bit)
    libtinfo.so.5()(64bit)
    rtld(GNU_HASH)



Provides
--------
msed:
    msed
    msed(x86-64)



Source checksums
----------------
https://github.com/r0m30/msed/archive/e38a16da6fbd3f92c23c37fc28a4d0e00a9c0602/msed-e38a16da6fbd3f92c23c37fc28a4d0e00a9c0602.tar.gz :
  CHECKSUM(SHA256) this package     : 4c888ba10cc992e797b43e3730441c06478ea8c4b5fc42e7023840bb227fcebd
  CHECKSUM(SHA256) upstream package : 4c888ba10cc992e797b43e3730441c06478ea8c4b5fc42e7023840bb227fcebd


Generated by fedora-review 0.6.0 (3c5c9d7) last change: 2015-05-20
Command line :/usr/bin/fedora-review -b 1245640
Buildroot used: fedora-22-x86_64
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6



Thanks, the package looks good!

APPROVED

Comment 6 Charles R. Anderson 2015-07-27 17:16:06 UTC
New Package SCM Request
=======================
Package Name: msed
Short Description: Tools to manage the activation and use of self encrypting drives 
Upstream URL: http://www.r0m30.com/msed/
Owners: cra
Branches: f21 f22 f23 epel7
InitialCC:

Comment 7 Gwyn Ciesla 2015-07-27 19:20:38 UTC
Git done (by process-git-requests).