Bug 1362265 (yara-review)
Summary: | Review Request: yara - Malware identification tool | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michal Ambroz <rebus> |
Component: | Package Review | Assignee: | Antonio T. (sagitter) <anto.trande> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | anto.trande, i, package-review, rebus |
Target Milestone: | --- | Flags: | anto.trande:
fedora-review+
|
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-08-27 10:42:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 563471, 1363935 |
Description
Michal Ambroz
2016-08-01 18:51:04 UTC
*** Bug 1129023 has been marked as a duplicate of this bug. *** - %if 0%{?fedora} <= 21 Fedora <= 21 ? - %if 0%{?with_python3} BuildRequires: python-tools <-- Python3 BuildRequires: python3-devel BuildRequires: python3-setuptools %endif # if with_python3 - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Is this package for epel5? > Fedora <= 21 ? - ... it is just generic definition of the python rpm macros - I use this spec file for quite some time now, building also on some more exotic platforms. It is there for compatibility with other repositories as well to keep single version of a spec file working. > BuildRequires: python-tools <-- Python3 You are right - python-tools was not needed indeed. I believed that 2.7 version of 2to3 python tool is used when building the python3 codebase, but actually the module is binary, so 2to3 is not needed at all - removed. >Is this package for epel5? I hope to ship for EPEL7, EPEL6. I hope to find a way to make it working for EPEL5, but it is not a priority now. SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.4.0-5.fc23.src.rpm Best regards Michal Ambroz Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. Note: License file COPYING is not marked as %license See: http://fedoraproject.org/wiki/Packaging/LicensingGuidelines#License_Text - Please, follow naming of python package according to the packaging guidelines for Python. http://fedoraproject.org/wiki/Packaging:Python#Example_common_spec_file - BuildRoot: is for EPEL5 only. - Some libyara/* files are licensed under GPLv2+ license. Please, include it in the License line. - Required package lines are not fully versioned arch-specific: Requires: %{name} = %{version}-%{release} Requires: yara == %{version} should be replaced with Requires: %{name}%{?_isa} = %{version}-%{release} - Compiler uses additional flags like "-O3 -Wall -Wno-deprecated-declarations". Set AM_CFLAGS variable with 'make' by using default Fedora flags. - Build HTML documentation - You can run (Python2/Python3) tests by using 'python(3)-nose'. - Please, remove commented commands. - Fix the warning: incoherent-version-in-changelog 3.4.0-4 ['3.4.0-5.fc25', '3.4.0-5'] ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Apache (v2.0)", "GPL (v2 or later)", "Unknown or generated", "BSD (4 clause)", "BSD (3 clause)", "BSD (2 clause)". 57 files have unknown license. Detailed output of licensecheck in /home/sagitter/1362265-yara/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [!]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [!]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [!]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [?]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 30720 bytes in 4 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [?]: Buildroot is not present Note: Buildroot: present but not needed [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [!]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in yara- devel , yara-python , yara-python3 , yara-debuginfo [ ]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Scriptlets must be sane, if used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [!]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Uses parallel make %{?_smp_mflags} macro. [x]: The placement of pkgconfig(.pc) files are correct. [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Package should not use obsolete m4 macros Note: Some obsoleted macros found, see the attachment. See: https://fedorahosted.org/FedoraReview/wiki/AutoTools [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: yara-3.4.0-5.fc25.x86_64.rpm yara-devel-3.4.0-5.fc25.x86_64.rpm yara-python-3.4.0-5.fc25.x86_64.rpm yara-python3-3.4.0-5.fc25.x86_64.rpm yara-debuginfo-3.4.0-5.fc25.x86_64.rpm yara-3.4.0-5.fc25.src.rpm yara.x86_64: W: incoherent-version-in-changelog 3.4.0-4 ['3.4.0-5.fc25', '3.4.0-5'] yara-devel.x86_64: W: only-non-binary-in-usr-lib yara-devel.x86_64: W: no-documentation yara-python.x86_64: W: no-documentation yara-python3.x86_64: W: no-documentation yara.src:126: W: macro-in-comment %{optflags} yara.src:126: W: macro-in-comment %{__python2} yara.src:130: W: macro-in-comment %{optflags} yara.src:130: W: macro-in-comment %{__python3} yara.src:138: W: macro-in-comment %{__python2} yara.src:138: W: macro-in-comment %{buildroot} 6 packages and 0 specfiles checked; 0 errors, 11 warnings. Rpmlint (debuginfo) ------------------- Checking: yara-debuginfo-3.4.0-5.fc25.x86_64.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. Rpmlint (installed packages) ---------------------------- yara.x86_64: W: incoherent-version-in-changelog 3.4.0-4 ['3.4.0-5.fc25', '3.4.0-5'] yara-python.x86_64: W: no-documentation yara-devel.x86_64: W: only-non-binary-in-usr-lib yara-devel.x86_64: W: no-documentation yara-python3.x86_64: W: no-documentation 5 packages and 0 specfiles checked; 0 errors, 5 warnings. Requires -------- yara (rpmlib, GLIBC filtered): /sbin/ldconfig libc.so.6()(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libjansson.so.4()(64bit) libm.so.6()(64bit) libmagic.so.1()(64bit) libpthread.so.0()(64bit) rtld(GNU_HASH) yara-python (rpmlib, GLIBC filtered): libc.so.6()(64bit) libpthread.so.0()(64bit) libpython2.7.so.1.0()(64bit) libyara.so.3()(64bit) python(abi) rtld(GNU_HASH) yara yara-debuginfo (rpmlib, GLIBC filtered): yara-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config libyara.so.3()(64bit) pkgconfig yara zlib-devel yara-python3 (rpmlib, GLIBC filtered): libc.so.6()(64bit) libpthread.so.0()(64bit) libpython3.5m.so.1.0()(64bit) libyara.so.3()(64bit) python(abi) rtld(GNU_HASH) yara Provides -------- yara: libyara.so.3()(64bit) yara yara(x86-64) yara-python: python-yara python-yara(x86-64) python2.7dist(yara-python) yara-python yara-python(x86-64) yara-debuginfo: yara-debuginfo yara-debuginfo(x86-64) yara-devel: pkgconfig(yara) yara-devel yara-devel(x86-64) yara-python3: python3.5dist(yara-python) yara-python3 yara-python3(x86-64) Unversioned so-files -------------------- yara-python: /usr/lib64/python2.7/site-packages/yara.so yara-python3: /usr/lib64/python3.5/site-packages/yara.cpython-35m-x86_64-linux-gnu.so Source checksums ---------------- https://github.com/VirusTotal/yara/archive/040db952d484dea406ed7d4e622f7b8ba9b683cb/yara-3.4.0-040db95.tar.gz : CHECKSUM(SHA256) this package : 3889a84e1e826b5e2bc253fd209bace4796f34b1138e2d5098fc9416e75ba9c0 CHECKSUM(SHA256) upstream package : 3889a84e1e826b5e2bc253fd209bace4796f34b1138e2d5098fc9416e75ba9c0 https://github.com/Koodous/androguard-yara/archive/fc14c0f3d4d2fbcb0188b9a02321aa74983f588b/androguard-yara-3.4.0-fc14c0f.tar.gz : CHECKSUM(SHA256) this package : 78871e368e4e44d10d3fa5fe77caef37061c9ada63f12fc89f49ccc394b2a3c2 CHECKSUM(SHA256) upstream package : 78871e368e4e44d10d3fa5fe77caef37061c9ada63f12fc89f49ccc394b2a3c2 AutoTools: Obsoleted m4s found ------------------------------ AC_PROG_LIBTOOL found in: yara- 040db952d484dea406ed7d4e622f7b8ba9b683cb/configure.ac:23 Generated by fedora-review 0.6.1 (f03e4e7) last change: 2016-05-02 Command line :/usr/bin/fedora-review -m fedora-rawhide-x86_64 -b 1362265 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, C/C++ Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6 I missed a couple of issues: - [!]: Latest version is packaged. https://github.com/VirusTotal/yara/releases/tag/v3.5.0 - AutoTools: Obsoleted m4s found ------------------------------ AC_PROG_LIBTOOL found in: yara- 040db952d484dea406ed7d4e622f7b8ba9b683cb/configure.ac:23 [!]: Package should not use obsolete m4 macros Note: Some obsoleted macros found, see the attachment. See: https://fedorahosted.org/FedoraReview/wiki/AutoTools ROFL ... was nearly done with the python stuff when they decided to remove it from the yara package with the fresh release (after one year) :D Thanks for the review ... 3.5.0 package on the way and I will probably raise one another review request for the python-yara module - to at least use all the goodies you gave me. Update to version 3.5.0 SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-1.fc23.src.rpm Build on COPR: https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438010/ >Note: License file COPYING is not marked as %license I have added COPYING to license% - sorry i forgot to change this >Please, follow naming of python package according to the packaging guidelines for Python. in version 3.5.0 all python stuff was removed from the yara package and was moved to separate package yara-python. I will be submitting new package review for python-yara package to continue with this stuff. >- BuildRoot: is for EPEL5 only. I have canged conditions to apply only for rhel <= 5 although packaging guidelines is not prohibiting this one, just saying it is not necessary https://fedoraproject.org/wiki/Packaging:Guidelines >- Some libyara/* files are licensed under GPLv2+ license. Please, include it in the License line. I have added the GPLv2+ note on the license field and explaning notes. Although all files having GPLv2+ license are the bison grammars which by the already present exception can be also licensed as the package containing those - in this case ASL v2.0 >- Required package lines are not fully versioned arch-specific: I have changed to the recommended version checking >- Compiler uses additional flags like "-O3 -Wall -Wno-deprecated-declarations". >Set AM_CFLAGS variable with 'make' by using default Fedora flags. I believe there is no need to override the AM_CFLAGS. The idea is that tools should invoke: gcc $AM_CFLAGS $CFLAGS file.c -o file.o In this way if there is something set in $AM_CFLAGS (what the author of the program thought should be set), it can be always overrode by users (in this case packager's resp. distribution) CFLAGS. As in the yara build scripts the %optflags are already configured by the %configure macro when running ./configure and then stored in the makefiles in form of CFLAGS, it is not needed or wanted to override any of AM_CFLAGS nor CFLAGS as it overrides also "-pthread" where necessary. >- Build HTML documentation I have created subpackage doc with the HTML documentation >- Please, remove commented commands. done >- You can run (Python2/Python3) tests by using 'python(3)-nose'. Will do in python-yara. >- Fix the warning: incoherent-version-in-changelog 3.4.0-4 ['3.4.0-5.fc25', '3.4.0-5'] done >- AutoTools: Obsoleted m4s found For the autotools macros I have created bug upstream, but as this is "should" and not "must" according the guidelines, then I guess this should not be a blocker for the package acceptance. Upstream bug report https://github.com/VirusTotal/yara/issues/491 >- Build HTML documentation I have created subpackage doc with the HTML documentation It is a noarch package and do not need to require main package; therefore Requires: %{name}%{?_isa} = %{version}-%{release} is not needed. And you must add a "BuildArch: noarch" line. Also, if you want provide yara-doc as standalone package, then it must provide its own license file. > #install the html documentation > mkdir -p %{buildroot}%{_datadir}/doc/%{name}/ > cp -rp docs/_build/html %{buildroot}%{_datadir}/doc/%{name}/ > rm -f %{buildroot}%{_datadir}/doc/%{name}/html/.buildinfo is a surplus, is sufficient to list that directory with %doc. %files doc %defattr(-,root,root,-) <-- permissions are set automatically %doc docs/_build/html Thank you Antonio. Updated package: SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-2.fc23.src.rpm Build: https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438156/ > %if 0%{?rhel} && 0%{?rhel} <= 5 > BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) > %endif why do you want to have this? you're not building this package for EL5. > Source0: https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz if you build from commit then you should specify it in Release tag, otherwise you should build from tag. > #bison grammar parsers in libyara/* are licensed under ASL 2.0 and GPLv2+ license. > License: ASL 2.0 and GPLv2 you say that it's GPLv2+, but write GPLv2 > Requires: pkgconfig drop this from -devel subpkg as it doesn't really need it > Requires: zlib-devel should have %{?_isa} in the end > %defattr(-,root,root,-) drop it > Group: Development/Libraries consider removing Group tags from all packages. * Missing BuildRequires: gcc Thank you Antonio. Updated package: SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-3.fc23.src.rpm Build: https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438534/ >why do you want to have this? you're not building this package for EL5. OK, it doesn't build with 5 right now, you are right >> Source0: https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz >if you build from commit then you should specify it in Release tag, >otherwise you should build from tag. Referring "Source" to tag-based tarball instead of commit-based tarball is "should" and not "must". Commit 74734418a256c5304ccaf1d322c57e305ff75362 is the one used for the v3.5.0 tag release - see https://github.com/VirusTotal/yara/releases So I believe marking the package as the normal release (and not the git snapshot release tag) is OK. I prefer to refer to the commit based tarbal, as it gives me easy access to any pinpoint in the github without switching the spec there and back when testing new versions or pre-releases. > #bison grammar parsers in libyara/* are licensed under ASL 2.0 and GPLv2+ license. > License: ASL 2.0 and GPLv2 > you say that it's GPLv2+, but write GPLv2 Well ... actually in the yara release 3.5.0. it is GPLv3+ for the grammar files I believe that the license of the binary package is ASL 2.0 only - so I returned it back to this value and kept the explanation in comments. As GPLv3 is incompatible to be included in ASL, but those bison-generated grammar files are also dual licensed with the original ASL license of the project by exception, so the result is ASL only. >> Requires: pkgconfig >drop this from -devel subpkg as it doesn't really need it dropped >> Requires: zlib-devel >should have %{?_isa} in the end dropped, I believe this should come from dependencies automatically >> %defattr(-,root,root,-) >drop it dropped >> Group: Development/Libraries >consider removing Group tags from all packages. Unfortunately without this build fails for RHEL6 because of that. As it is not prohibited I preffer to keep it for all packages in unconditional form due to readability. >* Missing BuildRequires: gcc added. duh ... I have to change probably all my packages I also added some more recommended by auto-buildrequire Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - Unbundle all fonts installed in yara-doc-3.5.0-3.fc25.noarch.rpm/usr/share/doc/yara-doc/html/_static/fonts. They are already in Fedora. (You just need to create symbolic links) - That is not the right way to make the %changelog section. http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs (Please, remove my name/surname) ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Apache (v2.0)", "GPL (v3 or later)", "Unknown or generated", "BSD (4 clause)", "BSD (3 clause)", "BSD (2 clause)". 53 files have unknown license. Detailed output of licensecheck in /home/sagitter/1362265-yara/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [!]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 3 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: Uses parallel make %{?_smp_mflags} macro. [!]: Avoid bundling fonts in non-fonts packages. Note: Package contains font files [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in yara-doc , yara-devel , yara-debuginfo [ ]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: Scriptlets must be sane, if used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: The placement of pkgconfig(.pc) files are correct. [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Package should not use obsolete m4 macros Note: Some obsoleted macros found, see the attachment. See: https://fedorahosted.org/FedoraReview/wiki/AutoTools [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: yara-3.5.0-3.fc25.x86_64.rpm yara-doc-3.5.0-3.fc25.noarch.rpm yara-devel-3.5.0-3.fc25.x86_64.rpm yara-debuginfo-3.5.0-3.fc25.x86_64.rpm yara-3.5.0-3.fc25.src.rpm yara-doc.noarch: W: hidden-file-or-dir /usr/share/doc/yara-doc/html/.buildinfo yara-devel.x86_64: W: only-non-binary-in-usr-lib yara-devel.x86_64: W: no-documentation 5 packages and 0 specfiles checked; 0 errors, 3 warnings. Rpmlint (debuginfo) ------------------- Checking: yara-debuginfo-3.5.0-3.fc25.x86_64.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. Rpmlint (installed packages) ---------------------------- yara-doc.noarch: W: hidden-file-or-dir /usr/share/doc/yara-doc/html/.buildinfo yara-devel.x86_64: W: only-non-binary-in-usr-lib yara-devel.x86_64: W: no-documentation 4 packages and 0 specfiles checked; 0 errors, 3 warnings. Requires -------- yara-doc (rpmlib, GLIBC filtered): yara (rpmlib, GLIBC filtered): /sbin/ldconfig libc.so.6()(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libjansson.so.4()(64bit) libm.so.6()(64bit) libmagic.so.1()(64bit) libpthread.so.0()(64bit) rtld(GNU_HASH) yara-debuginfo (rpmlib, GLIBC filtered): yara-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config libyara.so.3()(64bit) yara(x86-64) Provides -------- yara-doc: yara-doc yara: libyara.so.3()(64bit) yara yara(x86-64) yara-debuginfo: yara-debuginfo yara-debuginfo(x86-64) yara-devel: pkgconfig(yara) yara-devel yara-devel(x86-64) Source checksums ---------------- https://github.com/VirusTotal/yara/archive/74734418a256c5304ccaf1d322c57e305ff75362/yara-3.5.0-7473441.tar.gz : CHECKSUM(SHA256) this package : 49e949ca20eacf5833a70055e7a220330663276d9694ad9ccb8ed526b282607a CHECKSUM(SHA256) upstream package : 49e949ca20eacf5833a70055e7a220330663276d9694ad9ccb8ed526b282607a https://github.com/Koodous/androguard-yara/archive/fc14c0f3d4d2fbcb0188b9a02321aa74983f588b/androguard-yara-3.5.0-fc14c0f.tar.gz : CHECKSUM(SHA256) this package : 78871e368e4e44d10d3fa5fe77caef37061c9ada63f12fc89f49ccc394b2a3c2 CHECKSUM(SHA256) upstream package : 78871e368e4e44d10d3fa5fe77caef37061c9ada63f12fc89f49ccc394b2a3c2 AutoTools: Obsoleted m4s found ------------------------------ AC_PROG_LIBTOOL found in: yara- 74734418a256c5304ccaf1d322c57e305ff75362/configure.ac:23 Generated by fedora-review 0.6.1 (f03e4e7) last change: 2016-05-02 Command line :/usr/bin/fedora-review -m fedora-rawhide-x86_64 -b 1362265 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, C/C++ Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6 >[!]: Changelog in prescribed format. rpmlint yara.spec doesn't show any errors in the prescribed format of Changelog. >[!]: Avoid bundling fonts in non-fonts packages. I guess this is some false positive - I am not aware of any fonts being bundled to yara package. >[!]: Package should not use obsolete m4 macros Both old and new macros used in the upstream project. Issue reported upstream https://github.com/VirusTotal/yara/issues/491 As it is "should" not "must" requirement and currently doesn't represent build issue to Fedora package on all supported releases I decided to not patch at this point. (In reply to Michal Ambroz from comment #14) > >[!]: Changelog in prescribed format. > rpmlint yara.spec doesn't show any errors in the prescribed format of > Changelog. rpmlint is not able to recognize something like this. Please, take a look to what guidelines say. http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs > > >[!]: Avoid bundling fonts in non-fonts packages. > I guess this is some false positive - I am not aware of any fonts being > bundled to yara package. I have indicated where they are: yara-doc-3.5.0-3.fc25.noarch.rpm/usr/share/doc/yara-doc/html/_static/fonts Hello Antonio Sorry haven't paid attention closely to the fc25 version. Having static fonts is not manifesting in FC23. It is apparently specifics of the newer version of sphinx that it brings the theme sphinx_rtd_theme installed by default (and the associated fonts). I have patched configuration of the doc degenration to use the default theme (without embedded fonts) no matter what. Updated package: SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-4.fc23.src.rpm Build: https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/439570/ Just a note: hidden directory /usr/share/doc/yara-doc/html/.buildinfo can be erased, i think. Package approved. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Apache (v2.0)", "GPL (v3 or later)", "Unknown or generated", "BSD (4 clause)", "BSD (3 clause)", "BSD (2 clause)". 53 files have unknown license. Detailed output of licensecheck in /home/sagitter/1362265-yara/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 3 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: Uses parallel make %{?_smp_mflags} macro. [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in yara-doc , yara-devel , yara-debuginfo [ ]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: Scriptlets must be sane, if used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: The placement of pkgconfig(.pc) files are correct. [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [?]: Package should not use obsolete m4 macros Note: Some obsoleted macros found, see the attachment. See: https://fedorahosted.org/FedoraReview/wiki/AutoTools [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: yara-3.5.0-4.fc26.x86_64.rpm yara-doc-3.5.0-4.fc26.noarch.rpm yara-devel-3.5.0-4.fc26.x86_64.rpm yara-debuginfo-3.5.0-4.fc26.x86_64.rpm yara-3.5.0-4.fc26.src.rpm yara-doc.noarch: W: hidden-file-or-dir /usr/share/doc/yara-doc/html/.buildinfo yara-devel.x86_64: W: only-non-binary-in-usr-lib yara-devel.x86_64: W: no-documentation 5 packages and 0 specfiles checked; 0 errors, 3 warnings. Rpmlint (debuginfo) ------------------- Checking: yara-debuginfo-3.5.0-4.fc26.x86_64.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. Rpmlint (installed packages) ---------------------------- yara-doc.noarch: W: hidden-file-or-dir /usr/share/doc/yara-doc/html/.buildinfo yara-devel.x86_64: W: only-non-binary-in-usr-lib yara-devel.x86_64: W: no-documentation 4 packages and 0 specfiles checked; 0 errors, 3 warnings. Requires -------- yara-doc (rpmlib, GLIBC filtered): yara (rpmlib, GLIBC filtered): /sbin/ldconfig libc.so.6()(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libjansson.so.4()(64bit) libm.so.6()(64bit) libmagic.so.1()(64bit) libpthread.so.0()(64bit) rtld(GNU_HASH) yara-debuginfo (rpmlib, GLIBC filtered): yara-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config libyara.so.3()(64bit) yara(x86-64) Provides -------- yara-doc: yara-doc yara: libyara.so.3()(64bit) yara yara(x86-64) yara-debuginfo: yara-debuginfo yara-debuginfo(x86-64) yara-devel: pkgconfig(yara) yara-devel yara-devel(x86-64) Source checksums ---------------- https://github.com/VirusTotal/yara/archive/74734418a256c5304ccaf1d322c57e305ff75362/yara-3.5.0-7473441.tar.gz : CHECKSUM(SHA256) this package : 49e949ca20eacf5833a70055e7a220330663276d9694ad9ccb8ed526b282607a CHECKSUM(SHA256) upstream package : 49e949ca20eacf5833a70055e7a220330663276d9694ad9ccb8ed526b282607a https://github.com/Koodous/androguard-yara/archive/fc14c0f3d4d2fbcb0188b9a02321aa74983f588b/androguard-yara-3.5.0-fc14c0f.tar.gz : CHECKSUM(SHA256) this package : 78871e368e4e44d10d3fa5fe77caef37061c9ada63f12fc89f49ccc394b2a3c2 CHECKSUM(SHA256) upstream package : 78871e368e4e44d10d3fa5fe77caef37061c9ada63f12fc89f49ccc394b2a3c2 AutoTools: Obsoleted m4s found ------------------------------ AC_PROG_LIBTOOL found in: yara- 74734418a256c5304ccaf1d322c57e305ff75362/configure.ac:23 Generated by fedora-review 0.6.1 (f03e4e7) last change: 2016-05-02 Command line :/usr/bin/fedora-review -m fedora-rawhide-x86_64 -b 1362265 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, C/C++ Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6 >Package approved. Thank you for the review Antonio. >Just a note: hidden directory /usr/share/doc/yara-doc/html/.buildinfo >can be erased, i think. OK, I will put the directory removal back Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/rpms/yara yara-3.5.0-5.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-888d2c3942 yara-3.5.0-5.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b846998bed yara-3.5.0-5.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8500ff0387 yara-3.5.0-5.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-82dd825cb6 yara-3.5.0-5.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ba9ee6258f yara-3.5.0-5.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-82dd825cb6 yara-3.5.0-5.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b846998bed yara-3.5.0-5.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8500ff0387 yara-3.5.0-5.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ba9ee6258f yara-3.5.0-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-888d2c3942 yara-3.5.0-5.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. yara-3.5.0-5.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. yara-3.5.0-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. yara-3.5.0-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. yara-3.5.0-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |