Bug 1467651

Summary: Review Request: cvechecker - Tool for compare packages installed in your system with CVE database
Product: [Fedora] Fedora Reporter: Zamir SUN <sztsian>
Component: Package ReviewAssignee: Zbigniew Jędrzejewski-Szmek <zbyszek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: i, package-review, rebus, zbyszek
Target Milestone: ---Flags: zbyszek: fedora-review+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-14 21:50:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 563471    

Description Zamir SUN 2017-07-04 12:49:29 UTC 
Spec URL: https://zsun.fedorapeople.org/pub/pkgs/cvechecker/cvechecker.spec
SRPM URL: https://zsun.fedorapeople.org/pub/pkgs/cvechecker/cvechecker-3.7-1.fc25.src.rpm
Description: Tool for compare packages installed in your system with CVE database
Fedora Account System Username: zsun
Comment 1 Zamir SUN 2017-07-04 12:51:30 UTC 
*** Bug 1062808 has been marked as a duplicate of this bug. ***
Comment 2 Zbigniew Jędrzejewski-Szmek 2017-07-04 14:00:41 UTC 
> %global debug_package %{nil}
Are you sure that's needed? If yes, it deserves a comment in the spec file.

> make
Is parallel build not supported? If it is, use %make_build, otherwise, add a comment.

> %{__install}
You can just say 'install' — that's both less typing *and* clearer.

> %defattr(-,root,root)
Not needed.

Checking: cvechecker-3.7-1.fc27.x86_64.rpm
          cvechecker-3.7-1.fc27.src.rpm
cvechecker.x86_64: W: unstripped-binary-or-object /usr/bin/cvechecker
Hm. That's the first time I encounter this. Maybe this will go away if you create a debug package?

cvechecker.x86_64: W: only-non-binary-in-usr-lib
cvechecker.x86_64: W: hidden-file-or-dir /usr/lib/.build-id
cvechecker.x86_64: W: hidden-file-or-dir /usr/lib/.build-id
OK.

cvechecker.src:13: W: macro-in-comment %{url}
cvechecker.src:13: W: macro-in-comment %{_commit}
cvechecker.src:13: W: macro-in-comment %{_commit}
Please use %%.

cvechecker.src:14: W: mixed-use-of-spaces-and-tabs (spaces: line 6, tab: line 14)
Please fix.

2 packages and 0 specfiles checked; 0 errors, 8 warnings.

Looks all good.

(It seems that cvechecker likes to run as root. It'd be much better to create a dedicated user for it, since downloading stuff as root from the web is also a concern, but that's an upstream issue.)
Comment 3 Zamir SUN 2017-07-04 14:19:30 UTC 
Thanks for the quick response.
SPEC updated in place: https://zsun.fedorapeople.org/pub/pkgs/cvechecker/cvechecker.spec
New SRPM: https://zsun.fedorapeople.org/pub/pkgs/cvechecker/cvechecker-3.7-2.fc25.src.rpm
Comment 4 Zamir SUN 2017-07-04 14:21:28 UTC 
(In reply to Zbigniew Jędrzejewski-Szmek from comment #2)
> (It seems that cvechecker likes to run as root. It'd be much better to
> create a dedicated user for it, since downloading stuff as root from the web
> is also a concern, but that's an upstream issue.)
I am not familiar with packaging with dedicated user, so currently I'm not adding this way. Will work on this later once I figured out how to do it.
Comment 5 Zbigniew Jędrzejewski-Szmek 2017-07-04 15:13:33 UTC 
+ package name is OK
+ license is acceptable for Fedora (GPLv3)
+ license is specified correctly
+ builds and installs OK
+ fedora-review finds no issues
+ %check is present and passes
+ no scriptlets necessary
+ rpmlint has only false positives

> Group:          Applications/System
Not needed [https://fedoraproject.org/wiki/Packaging:Guidelines#Tags_and_Sections].

> %attr(0644,root,root)
You probably don't need those either, unless the build system sets some strange permissions on those files.

Package is APPROVED.
Comment 6 Gwyn Ciesla 2017-07-05 11:00:39 UTC 
Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/rpms/cvechecker
Comment 7 Zamir SUN 2017-07-05 13:54:23 UTC 
(In reply to Zbigniew Jędrzejewski-Szmek from comment #5)
> > Group:          Applications/System
> Not needed
> [https://fedoraproject.org/wiki/Packaging:Guidelines#Tags_and_Sections].
Thanks. Will remove this section in -3.
Comment 8 Fedora Update System 2017-08-06 02:40:37 UTC 
cvechecker-3.8-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-146693c8dc
Comment 9 Fedora Update System 2017-08-06 02:40:46 UTC 
cvechecker-3.8-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-146693c8dc
Comment 10 Fedora Update System 2017-08-07 06:26:03 UTC 
cvechecker-3.8-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b44ef74c4
Comment 11 Fedora Update System 2017-08-14 21:50:37 UTC 
cvechecker-3.8-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.