Bug 566819
Summary: | Review Request: suricata - IDS Engine | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Steve Grubb <sgrubb> |
Component: | Package Review | Assignee: | Jan F. Chadima <jchadima> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | fedora-package-review, jchadima, mcepl, notting, tcallawa |
Target Milestone: | --- | Flags: | jchadima:
fedora-review+
j: fedora-cvs+ |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-02-27 13:37:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Steve Grubb
2010-02-19 20:46:12 UTC
build the package suricata failed on rawhide/x86-64 from build log: + autoreconf -fv --install /var/tmp/rpm-tmp.mVSkMD: line 40: autoreconf: command not found error: Bad exit status from /var/tmp/rpm-tmp.mVSkMD (%prep) build info on http://koji.fedoraproject.org/koji/taskinfo?taskID=2000565 maybe missing autoconf in BuldRequires Subdirectory libhtp/ seems to be correctly licensed as GPLv2 v exception for compatibility with any FLOSS license. However, code in subdirectory src/ has no comments about licensing and there doesn't seem to be any README explaining licensing. Even worse, some files have just files (e.g., src/suricata.c) have this /* Copyright (c) 2008 Victor Julien <victor> */ which is IMHO bad for Fedora. Please, consider the legal status of this package and whether there is some way how make this package acceptable without contacting the upstream, or whether it has to be fixed by the original author. Thank you rpmlint of spec file is 100%ok 0 packages and 1 specfiles checked; 0 errors, 0 warnings. rpmlint of src.rpm have 3 warnings suricata.src: W: name-repeated-in-summary C Suricata suricata.src: W: spelling-error %description -l en_US Multi -> Mulch, Mufti suricata.src: W: spelling-error %description -l en_US Gzip -> Zip, G zip, Grip 1 packages and 0 specfiles checked; 0 errors, 3 warnings. 1) Its recomended to not use the name of the package in the summary 2) maybe s/Mufti/Multi/ 3) maybe s/Grip/.... The binary packages not yet rpmlinted Improved package uploaded. This is still a work in progress. Fixed BR in Comment 1. As for Comment #2, I have been working with the project to get files correctly stating the license since January. It really is GPLv2 from top to bottom. I will continue pressing for this documentation to be corrected. They do have a COPYING and LICENSE file, but I am only keeping the COPYING file in the %doc section. Regarding Comment #3, the spelling errors are actually false positives. You will also now get warnings and errors about directory/file permissions. Because this is an IDS system, I want tight permissions. build the package suricata failed on rawhide/x86-64 autoreconf: running: /usr/bin/autoconf --force configure.ac:70: error: possibly undefined macro: AM_PROG_LIBTOOL If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoreconf: /usr/bin/autoconf failed with exit status: 1 build info on http://koji.fedoraproject.org/koji/taskinfo?taskID=2001609 maybe missing libtool in BuldRequires rpmlint i386.rpm suricata.i686: W: spelling-error %description -l en_US Multi -> Mulch, Mufti suricata.i686: W: spelling-error %description -l en_US Gzip -> Zip, G zip, Grip suricata.i686: W: unstripped-binary-or-object /usr/lib/debug/usr/lib/libhtp-0.2.so.1.0.2.debug suricata.i686: E: shared-lib-without-dependency-information /usr/lib/debug/usr/lib/libhtp-0.2.so.1.0.2.debug suricata.i686: W: unstripped-binary-or-object /usr/lib/debug/usr/bin/suricata.debug suricata.i686: E: statically-linked-binary /usr/lib/debug/usr/bin/suricata.debug suricata.i686: W: hidden-file-or-dir /usr/lib/debug/.build-id suricata.i686: W: hidden-file-or-dir /usr/lib/debug/.build-id suricata.i686: E: non-standard-dir-perm /var/log/suricata 0750L suricata.i686: E: non-readable /etc/sysconfig/suricata 0600L suricata.i686: E: non-readable /etc/suricata.yaml 0600L suricata.i686: E: non-standard-dir-perm /etc/suricata/rules 0750L suricata.i686: E: non-standard-dir-perm /etc/suricata 0750L It seems that /usr/lib/debug is in both the debugifo and the main package I understand the unstardard permissions, I'll disscuss it with fedora people. It's not recommended to have %{_bindir}/* or %{_libdir}/* in %files section, better is to have all files pointed by name. It's reconended to use %{?dist} in %release New srpm is located here since name changed while adding %{?dist}: http://people.redhat.com/sgrubb/files/suricata/suricata-0.8.1-1.fc12.src.rpm Added libtool BR. debuginfo as I understand it is something out of my control. Its rpm or build system doing it. The binary is now called out by name. The library will likely change versions, so I am not calling it out by name. I have libhtp-* instead. The init script is now working with the app. However, it looks like I need to work with upstream on the config file and verbosity in daemon mode. the problem with the debuginfo is the problem with %{_libdir}/* it includes the debuginfo into the regular package (In reply to comment #4) > As for Comment #2, I have been working with the project to get files correctly > stating the license since January. It really is GPLv2 from top to bottom. I > will continue pressing for this documentation to be corrected. They do have a > COPYING and LICENSE file, but I am only keeping the COPYING file in the %doc > section. Just to emphasize, that this doesn't have to be that big deal ... just ask upstream to add unequivocal statement somewhere (e.g., README) about their intentions and I think we are all set. Of course, one nice run of sed on src/ directory would be better. (In reply to comment #10) > the problem with the debuginfo is the problem with %{_libdir}/* it includes the > debuginfo into the regular package solved CFLAGS="$CFLAGS xxxx" is same as CFLAGS+="xxxx" but is better legible. The library libhtp is generic library which can be obtained from source forge as a separate project. It is not yet in fedora. There is a possibility to port it as a separate package. In reply to comment #11, anyone contributing code to this project has to agree to a contributor agreement: http://www.openinfosecfoundation.org/index.php/contributors. The foundation has full control over all the source code and placed a GPL license in the distribution. So, I am sure its an oversight to not have documented each file being under the license they provided. The authors of the files are listed on the project page meaning they should have a contributor's agreement in place: http://www.openinfosecfoundation.org/index.php/team. Is this good enough or do we need to wait for a new release? As for comment #14, libhtp is only available as a cvs snapshot. There are no releases except through the suricata project. http://sourceforge.net/projects/libhtp/files. I don't like cvs snapshots as the only definitive source because its hard to verify if its different from other distributions. Not only that, you might take a snapshot on a day that a feature is only partially working. I'd rather take the embedded version since its the one the project is testing with. If libhtp ever starts making releases from sourceforge, then it might be a different story. aprooved Whoopsi, we need to wait on FE-Legal to be cleared. I'll lift FE-Legal on this, but please keep leaning on upstream to clarify the licensing properly on a per-file basis. aprooved New Package CVS Request ======================= Package Name: suricata Short Description: Intrusion Detection System Owners: sgrubb Branches: F-13 InitialCC: CVS done (by process-cvs-requests.py). suricata-0.8.1-1.fc14 has been built. |