Bug 566819

Summary: Review Request: suricata - IDS Engine
Product: [Fedora] Fedora Reporter: Steve Grubb <sgrubb>
Component: Package ReviewAssignee: Jan F. Chadima <jchadima>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, jchadima, mcepl, notting, tcallawa
Target Milestone: ---Flags: jchadima: fedora-review+
j: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-02-27 13:37:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steve Grubb 2010-02-19 20:46:12 UTC 
Spec URL: http://people.redhat.com/sgrubb/files/suricata/suricata.spec
SRPM URL: http://people.redhat.com/sgrubb/files/suricata/suricata-0.8.1-1.src.rpm

Description: 
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-Threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching and coming soon hardware acceleration on CUDA and OpenCL
GPU cards.
Comment 1 Jan F. Chadima 2010-02-19 22:33:47 UTC 
build the package suricata failed on rawhide/x86-64

from build log:
+ autoreconf -fv --install
/var/tmp/rpm-tmp.mVSkMD: line 40: autoreconf: command not found
error: Bad exit status from /var/tmp/rpm-tmp.mVSkMD (%prep)

build info on http://koji.fedoraproject.org/koji/taskinfo?taskID=2000565

maybe missing autoconf in BuldRequires
Comment 2 Jan F. Chadima 2010-02-19 22:55:58 UTC 
Subdirectory libhtp/ seems to be correctly licensed as GPLv2 v exception for compatibility with any FLOSS license.

However, code in subdirectory src/ has no comments about licensing and there doesn't seem to be any README explaining licensing. Even worse, some files have just files (e.g., src/suricata.c) have this

/* Copyright (c) 2008 Victor Julien <victor> */

which is IMHO bad for Fedora.

Please, consider the legal status of this package and whether there is some way how make this package acceptable without contacting the upstream, or whether it has to be fixed by the original author.

Thank you
Comment 3 Jan F. Chadima 2010-02-20 06:04:31 UTC 
rpmlint of spec file is 100%ok
0 packages and 1 specfiles checked; 0 errors, 0 warnings.
rpmlint of src.rpm have 3 warnings
suricata.src: W: name-repeated-in-summary C Suricata
suricata.src: W: spelling-error %description -l en_US Multi -> Mulch, Mufti
suricata.src: W: spelling-error %description -l en_US Gzip -> Zip, G zip, Grip
1 packages and 0 specfiles checked; 0 errors, 3 warnings.

1) Its recomended to not use the name of the package in the summary
2) maybe s/Mufti/Multi/
3) maybe s/Grip/....

The binary packages not yet rpmlinted
Comment 4 Steve Grubb 2010-02-20 16:22:29 UTC 
Improved package uploaded. This is still a work in progress.

Fixed BR in Comment 1. 

As for Comment #2, I have been working with the project to get files correctly stating the license since January. It really is GPLv2 from top to bottom. I will continue pressing for this documentation to be corrected. They do have a COPYING and LICENSE file, but I am only keeping the COPYING file in the %doc section.

Regarding Comment #3, the spelling errors are actually false positives.

You will also now get warnings and errors about directory/file permissions. Because this is an IDS system, I want tight permissions.
Comment 5 Jan F. Chadima 2010-02-20 17:37:22 UTC 
build the package suricata failed on rawhide/x86-64

autoreconf: running: /usr/bin/autoconf --force
configure.ac:70: error: possibly undefined macro: AM_PROG_LIBTOOL
      If this token and others are legitimate, please use m4_pattern_allow.
      See the Autoconf documentation.
autoreconf: /usr/bin/autoconf failed with exit status: 1

build info on http://koji.fedoraproject.org/koji/taskinfo?taskID=2001609

maybe missing libtool in BuldRequires
Comment 6 Jan F. Chadima 2010-02-20 17:48:46 UTC 
rpmlint i386.rpm

suricata.i686: W: spelling-error %description -l en_US Multi -> Mulch, Mufti
suricata.i686: W: spelling-error %description -l en_US Gzip -> Zip, G zip, Grip
suricata.i686: W: unstripped-binary-or-object /usr/lib/debug/usr/lib/libhtp-0.2.so.1.0.2.debug
suricata.i686: E: shared-lib-without-dependency-information /usr/lib/debug/usr/lib/libhtp-0.2.so.1.0.2.debug
suricata.i686: W: unstripped-binary-or-object /usr/lib/debug/usr/bin/suricata.debug
suricata.i686: E: statically-linked-binary /usr/lib/debug/usr/bin/suricata.debug
suricata.i686: W: hidden-file-or-dir /usr/lib/debug/.build-id
suricata.i686: W: hidden-file-or-dir /usr/lib/debug/.build-id
suricata.i686: E: non-standard-dir-perm /var/log/suricata 0750L
suricata.i686: E: non-readable /etc/sysconfig/suricata 0600L
suricata.i686: E: non-readable /etc/suricata.yaml 0600L
suricata.i686: E: non-standard-dir-perm /etc/suricata/rules 0750L
suricata.i686: E: non-standard-dir-perm /etc/suricata 0750L

It seems that /usr/lib/debug is in both the debugifo and the main package
I understand the unstardard permissions, I'll disscuss it with fedora people.
Comment 7 Jan F. Chadima 2010-02-20 17:54:21 UTC 
It's not recommended to have %{_bindir}/* or %{_libdir}/* in %files section, better is to have all files pointed by name.
Comment 8 Jan F. Chadima 2010-02-20 17:55:28 UTC 
It's reconended to use %{?dist}  in %release
Comment 9 Steve Grubb 2010-02-20 18:26:29 UTC 
New srpm is located here since name changed while adding %{?dist}:

http://people.redhat.com/sgrubb/files/suricata/suricata-0.8.1-1.fc12.src.rpm

Added libtool BR. 
debuginfo as I understand it is something out of my control. Its rpm or build system doing it.
The binary is now called out by name. The library will likely change versions, so I am not calling it out by name. I have libhtp-* instead.

The init script is now working with the app. However, it looks like I need to work with upstream on the config file and verbosity in daemon mode.
Comment 10 Jan F. Chadima 2010-02-20 18:41:28 UTC 
the problem with the debuginfo is the problem with %{_libdir}/* it includes the debuginfo into the regular package
Comment 11 Matěj Cepl 2010-02-22 10:35:51 UTC 
(In reply to comment #4)
> As for Comment #2, I have been working with the project to get files correctly
> stating the license since January. It really is GPLv2 from top to bottom. I
> will continue pressing for this documentation to be corrected. They do have a
> COPYING and LICENSE file, but I am only keeping the COPYING file in the %doc
> section.

Just to emphasize, that this doesn't have to be that big deal ... just ask upstream to add unequivocal statement somewhere (e.g., README) about their intentions and I think we are all set. Of course, one nice run of sed on src/ directory would be better.
Comment 12 Jan F. Chadima 2010-02-22 12:23:52 UTC 
(In reply to comment #10)
> the problem with the debuginfo is the problem with %{_libdir}/* it includes the
> debuginfo into the regular package    

solved
Comment 13 Jan F. Chadima 2010-02-22 12:27:26 UTC 
CFLAGS="$CFLAGS xxxx" is same as CFLAGS+="xxxx" but is better legible.
Comment 14 Jan F. Chadima 2010-02-22 12:32:07 UTC 
The library libhtp is generic library which can be obtained from source forge as a separate project. It is not yet in fedora. There is a possibility to port it as a separate package.
Comment 15 Steve Grubb 2010-02-22 13:59:20 UTC 
In reply to comment #11, anyone contributing code to this project has to agree to a contributor agreement: http://www.openinfosecfoundation.org/index.php/contributors. The foundation has full control over all the source code and placed a GPL license in the distribution. So, I am sure its an oversight to not have documented each file being under the license they provided. The authors of the files are listed on the project page meaning they should have a contributor's agreement in place: http://www.openinfosecfoundation.org/index.php/team. Is this good enough or do we need to wait for a new release?

As for comment #14, libhtp is only available as a cvs snapshot. There are no releases except through the suricata project. http://sourceforge.net/projects/libhtp/files. I don't like cvs snapshots as the only definitive source because its hard to verify if its different from other distributions. Not only that, you might take a snapshot on a day that a feature is only partially working. I'd rather take the embedded version since its the one the project is testing with. If libhtp ever starts making releases from sourceforge, then it might be a different story.
Comment 16 Jan F. Chadima 2010-02-22 14:50:23 UTC 
aprooved
Comment 17 Matěj Cepl 2010-02-22 15:25:21 UTC 
Whoopsi, we need to wait on FE-Legal to be cleared.
Comment 18 Tom "spot" Callaway 2010-02-25 21:16:19 UTC 
I'll lift FE-Legal on this, but please keep leaning on upstream to clarify the licensing properly on a per-file basis.
Comment 19 Jan F. Chadima 2010-02-26 08:16:19 UTC 
aprooved
Comment 20 Steve Grubb 2010-02-26 21:24:22 UTC 
New Package CVS Request
=======================
Package Name: suricata
Short Description: Intrusion Detection System
Owners: sgrubb
Branches: F-13
InitialCC:
Comment 21 Jason Tibbitts 2010-02-26 23:50:00 UTC 
CVS done (by process-cvs-requests.py).
Comment 22 Steve Grubb 2010-02-27 13:37:14 UTC 
suricata-0.8.1-1.fc14 has been built.