Bug 484735

Summary: Review Request: fipscheck - A library for integrity verification of FIPS validated modules
Product: [Fedora] Fedora Reporter: Tomas Mraz <tmraz>
Component: Package ReviewAssignee: Marcela Mašláňová <mmaslano>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, herrold, notting
Target Milestone: ---Flags: mmaslano: fedora-review+
kevin: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-02-11 13:34:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Mraz 2009-02-09 18:26:19 UTC
Spec URL: http://people.redhat.com/tmraz/fipscheck/fipscheck.spec
SRPM URL: http://people.redhat.com/tmraz/fipscheck/fipscheck-1.0.4-1.fc11.src.rpm
Description: 
FIPSCheck is a library for integrity verification of FIPS validated
modules. The package also provides helper binaries for creation and
verification of the HMAC-SHA256 checksum files.

This package will be a dependency of openssh and possibly other packages which will have testing support for future FIPS 140-2 validation.

Comment 1 Marcela Mašláňová 2009-02-10 08:28:19 UTC
OK source files match upstream: 6626b490c5b62a796e6272126e4ff6e8
OK package meets naming and versioning guidelines.
OK specfile is properly named, is cleanly written and uses macros consistently.
OK dist tag is present.
OK build root is correct.
OK license field matches the actual license.
OK license is open source-compatible. License text not included upstream.
OK latest version is being packaged.
OK BuildRequires are proper.
OK %clean is present.
OK package builds in mock (Rawhide/x86_64).
OK debuginfo package is need and ok.
OK rpmlint is silent.
    fipscheck-devel.x86_64: W: no-documentation
    - The devel package don't have to contain documentation.
OK final provides and requires look sane.
OK no shared libraries are added to the regular linker search paths.
OK owns the directories it creates.
OK no duplicates in %files.
OK file permissions are appropriate.
OK no scriptlets present.
OK documentation is small, so no -docs subpackage is necessary.
OK %docs are not necessary for the proper functioning of the package.
OK no headers.
OK no pkgconfig files.
OK no libtool .la droppings.

The script ltmain.sh is under GPLv2+ but you are not installing this file, so the licence is ok as is.

Could you please explain the line below? Couldn't you change automake to install it in right place?
mv $RPM_BUILD_ROOT%{_libdir}/libfipscheck.so.* $RPM_BUILD_ROOT/%{_lib}

Comment 2 Tomas Mraz 2009-02-10 08:32:45 UTC
(In reply to comment #1)
> The script ltmain.sh is under GPLv2+ but you are not installing this file, so
> the licence is ok as is.

Of course.
 
> Could you please explain the line below? Couldn't you change automake to
> install it in right place?
> mv $RPM_BUILD_ROOT%{_libdir}/libfipscheck.so.* $RPM_BUILD_ROOT/%{_lib}
I could probably use --libdir in %configure, but I'd have to move the devel .so symlink to _libdir then so I don't think it make much sense to do that. This library is very small and it can be potential dependency of binaries which will reside in /sbin so I have to put it in /%{_lib}.

Comment 3 Marcela Mašláňová 2009-02-10 08:47:23 UTC
ACCEPT

Comment 4 Tomas Mraz 2009-02-10 09:13:49 UTC
New Package CVS Request
=======================
Package Name: fipscheck
Short Description: A library for integrity verification of FIPS validated modules
Owners: tmraz
Branches:
InitialCC:

Comment 5 Kevin Fenzi 2009-02-10 22:26:38 UTC
cvs done. 

You may want to consider a fedorahosted space for upstream development of this.