Bug 807476
| Summary: | Review Request:ima-evm-utils -IMA/EVM support utilities | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Paul Wouters <pwouters> |
| Component: | Package Review | Assignee: | Michael S. <misc> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | hannsj_uhl, i, misc, package-review, pwouters |
| Target Milestone: | --- | Flags: | misc:
fedora-review?
|
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-07-12 13:34:28 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1384450 | ||
|
Description
Paul Wouters
2012-03-27 21:29:41 UTC
rpmlint /home/paul/SRPMS/evm-utils-0.1-1.20110337gitae4710111.fc17.src.rpm /home/paul/RPMS/x86_64/evm-utils-0.1-1.20110337gitae4710111.fc17.x86_64.rpm evm-utils.src: W: invalid-url Source0: evm-utils-0.1.tar.gz evm-utils.x86_64: W: incoherent-version-in-changelog 0.3-1.20110337gitae4710111 ['0.1-1.20110337gitae4710111.fc17', '0.1-1.20110337gitae4710111'] evm-utils.x86_64: E: zero-length /usr/share/doc/evm-utils-0.1/NEWS evm-utils.x86_64: E: zero-length /usr/share/doc/evm-utils-0.1/COPYING evm-utils.x86_64: W: no-manual-page-for-binary evmctl 2 packages and 0 specfiles checked; 2 errors, 3 warnings. note that upstream only provides gits, without tags. But it mentioned the version "0.1" once, so that's what I'm basing the version on. The zer-length files are zero length at upstream. Hi, - is the package intended for EPEL 5 or 6 ? If no, you should remove %defattr, BuildRoot and %clean, as they are no longer needed ( the less cruft we have, the better we are ). - if the license is empty, can you make sure to warn upstream about it ( you likely already did but just to be sure ) ? - It would be nice to have the command used to generate the tarball in comment. While I expect everybody to know how to use git archive, it doesn't cost much to add some doc in case someone do not know. - Also, it would be nice to have a more detailed description ( again I guess people who will use it will know this is for the integrity subsystem, but that look better if there is less terse description ) - Still on the nitpicking side, I think BuildRequires on separate line help when reviewing patches. That's not blocking for the review but would make a nicer spec. - I see there is some tests, I assume there is no pratical way to run them in %check without being root ? Aside from that, I will start soon the formal review. Thanks for looking at this pacakge! Upstream tagged a version on my request, 0.1.0. I updated the package with this. No tar ball is available yet, but had been promised. Spec URL: ftp://ftp.nohats.ca/ima/evm-utils.spec SRPM URL: ftp://ftp.nohats.ca/ima/evm-utils-0.1.0-1.fc17.src.rpm - Yes the package is supposed to go into EL6 as well. - upstream will soon give us a tarball, probably we can wait until that is available before fedora-cvs - Tests are not practical to run as it might requires specific boot modes (ima normally disallows updating the IMA measurements stored in the EVM attributes unless special boot flags are used) - added git archive line - new description: The Trusted Computing Group(TCG) runtime Integrity Measurement Architecture (IMA) maintains a list of hash values of executables and other sensitive system files, as they are read or executed. These are stored in the file systems extended attributes. The Extended Verification Module (EVM) prevents unauthorised changes to these extended attributes on the filesystem. evm-utils is used to prepare the filesystem for these extended attributes. - I personally prefer the buildrequires as is. build tools combined and include/library dependancies combined Upstream renamed the package ima-evm-utils. Upstream now publishes proper tar archives. Spec URL: ftp://ftp.nohats.ca/ima/ima-evm-utils.spec SRPM URL: ftp://ftp.nohats.ca/ima/ima-evm-utils-0.2.0-1.fc17.src.rpm $ rpmlint /home/paul/SRPMS/ima-evm-utils-0.2-1.fc17.src.rpm /home/paul/RPMS/x86_64/ima-evm-utils-0.2-1.fc17.x86_64.rpm /home/paul/RPMS/x86_64/ima-evm-utils-debuginfo-0.2-1.fc17.x86_64.rpm ima-evm-utils.src: W: spelling-error %description -l en_US runtime -> run time, run-time, rudiment ima-evm-utils.src: W: spelling-error %description -l en_US executables -> executable, executable s, executrices ima-evm-utils.src: W: spelling-error %description -l en_US unauthorised -> unauthorized, authorized ima-evm-utils.src: W: spelling-error %description -l en_US filesystem -> file system, file-system, systemically ima-evm-utils.x86_64: W: spelling-error %description -l en_US runtime -> run time, run-time, rudiment ima-evm-utils.x86_64: W: spelling-error %description -l en_US executables -> executable, executable s, executrices ima-evm-utils.x86_64: W: spelling-error %description -l en_US unauthorised -> unauthorized, authorized ima-evm-utils.x86_64: W: spelling-error %description -l en_US filesystem -> file system, file-system, systemically ima-evm-utils.x86_64: E: zero-length /usr/share/doc/ima-evm-utils-0.2/COPYING ima-evm-utils.x86_64: E: zero-length /usr/share/doc/ima-evm-utils-0.2/NEWS ima-evm-utils.x86_64: W: no-manual-page-for-binary evmctl 3 packages and 0 specfiles checked; 2 errors, 10 warnings. ping? Sorry, was swamped at work.
Since the package is not for EL5 ( i assume kernel would not support it ), I think you should remove BuildRoot, and %defattr ( that's cleaner to remove boilerplate, IMHO )
As evm-utils was not in Fedora, I also think the Obsoletes/Provides could be removed ( I am a cleaning freak, I know ).
COPYING is empty, you should ask upstream to have the complete license.
If NEWS is empty, I think it not needed to ship it.
For the rest, here is the review :
Package Review
==============
Key:
- = N/A
x = Pass
! = Fail
? = Not evaluated
==== C/C++ ====
[x]: MUST Package does not contain any libtool archives (.la)
[x]: MUST Package does not contain kernel modules.
[x]: MUST Package contains no static executables.
[x]: MUST Rpath absent or only used for internal libs.
[x]: MUST Package is not relocatable.
==== Generic ====
[x]: MUST Package is licensed with an open-source compatible license and meets
other legal requirements as defined in the legal section of Packaging
Guidelines.
[x]: MUST Package successfully compiles and builds into binary rpms on at
least one supported primary architecture.
[x]: MUST %build honors applicable compiler flags or justifies otherwise.
[x]: MUST All build dependencies are listed in BuildRequires, except for any
that are listed in the exceptions section of Packaging Guidelines.
[!]: MUST Buildroot is not present
Note: Buildroot is not needed unless packager plans to package for EPEL5
[x]: MUST Package contains no bundled libraries.
[x]: MUST Changelog in prescribed format.
[x]: MUST Package has no %clean section with rm -rf %{buildroot} (or
$RPM_BUILD_ROOT)
Note: Clean is needed only if supporting EPEL
[x]: MUST Sources contain only permissible code or content.
[!]: MUST Each %files section contains %defattr if rpm < 4.4
Note: defattr(....) present in %files section. This is OK if packaging
for EPEL5. Otherwise not needed
[x]: MUST Macros in Summary, %description expandable at SRPM build time.
[x]: MUST Package requires other packages for directories it uses.
[x]: MUST Package uses nothing in %doc for runtime.
[x]: MUST Package is not known to require ExcludeArch.
[x]: MUST Permissions on files are set properly.
[x]: MUST Package does not contain duplicates in %files.
[x]: MUST Spec file lacks Packager, Vendor, PreReq tags.
[x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
beginning of %install.
Note: rm -rf would be needed if support for EPEL5 is required
[-]: MUST Large documentation files are in a -doc subpackage, if required.
[x]: MUST If (and only if) the source package includes the text of the
license(s) in its own file, then that file, containing the text of the
license(s) for the package is included in %doc.
[x]: MUST License field in the package spec file matches the actual license.
Note: Licenses found: "*No copyright* UNKNOWN", "LGPL (v2.1) " For
detailed output of licensecheck see file:
/home/misc/checkout/git/FedoraReview/src/807476/licensecheck.txt
[x]: MUST Package consistently uses macros (instead of hard-coded directory
names).
[x]: MUST Package is named according to the Package Naming Guidelines.
[x]: MUST Package does not generate any conflict.
[x]: MUST Package obeys FHS, except libexecdir and /usr/target.
[x]: MUST If the package is a rename of another package, proper Obsoletes and
Provides are present.
[x]: MUST Package must own all directories that it creates.
[x]: MUST Package does not own files or directories owned by other packages.
[x]: MUST Package installs properly.
[x]: MUST Requires correct, justified where necessary.
[!]: MUST Rpmlint output is silent.
rpmlint ima-evm-utils-0.2-1.fc18.i686.rpm
ima-evm-utils.i686: W: spelling-error %description -l en_US runtime -> run time, run-time, rudiment
ima-evm-utils.i686: W: spelling-error %description -l en_US executables -> executable, executable s, executrices
ima-evm-utils.i686: W: spelling-error %description -l en_US unauthorised -> unauthorized, authorized
ima-evm-utils.i686: W: spelling-error %description -l en_US filesystem -> file system, file-system, systemically
ima-evm-utils.i686: E: zero-length /usr/share/doc/ima-evm-utils-0.2/COPYING
ima-evm-utils.i686: E: zero-length /usr/share/doc/ima-evm-utils-0.2/NEWS
ima-evm-utils.i686: W: no-manual-page-for-binary evmctl
1 packages and 0 specfiles checked; 2 errors, 5 warnings.
rpmlint ima-evm-utils-debuginfo-0.2-1.fc18.i686.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
rpmlint ima-evm-utils-0.2-1.fc18.src.rpm
ima-evm-utils.src: W: spelling-error %description -l en_US runtime -> run time, run-time, rudiment
ima-evm-utils.src: W: spelling-error %description -l en_US executables -> executable, executable s, executrices
ima-evm-utils.src: W: spelling-error %description -l en_US unauthorised -> unauthorized, authorized
ima-evm-utils.src: W: spelling-error %description -l en_US filesystem -> file system, file-system, systemically
1 packages and 0 specfiles checked; 0 errors, 4 warnings.
[x]: MUST Sources used to build the package match the upstream source, as
provided in the spec URL.
/home/misc/checkout/git/FedoraReview/src/807476/ima-evm-utils-0.2.tar.gz :
MD5SUM this package : 3d31ff2bbd42690b6825068447b15dfd
MD5SUM upstream package : 3d31ff2bbd42690b6825068447b15dfd
[x]: MUST Spec file is legible and written in American English.
[x]: MUST Spec file name must match the spec package %{name}, in the format
%{name}.spec.
[-]: MUST Package contains a SysV-style init script if in need of one.
[x]: MUST File names are valid UTF-8.
[x]: MUST Useful -debuginfo package or justification otherwise.
[x]: SHOULD Reviewer should test that the package builds in mock.
[x]: SHOULD If the source package does not include license text(s) as a
separate file from upstream, the packager SHOULD query upstream to
include it.
[x]: SHOULD Dist tag is present.
[x]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin,
/usr/sbin.
[x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q
--requires).
[x]: SHOULD Package functions as described.
[x]: SHOULD Latest version is packaged.
[x]: SHOULD Package does not include license text files separate from
upstream.
[x]: SHOULD SourceX is a working URL.
[x]: SHOULD Description and summary sections in the package spec file contains
translations for supported Non-English languages, if available.
[x]: SHOULD Package should compile and build into binary rpms on all supported
architectures.
[-]: SHOULD %check is present and all tests pass.
[x]: SHOULD Packages should try to preserve timestamps of original installed
files.
[x]: SHOULD Spec use %global instead of %define.
Issues:
[!]: MUST Buildroot is not present
Note: Buildroot is not needed unless packager plans to package for EPEL5
See: http://fedoraproject.org/wiki/Packaging/Guidelines#BuildRoot_tag
[!]: MUST Each %files section contains %defattr if rpm < 4.4
Note: defattr(....) present in %files section. This is OK if packaging
for EPEL5. Otherwise not needed
See: http://fedoraproject.org/wiki/Packaging/Guidelines#FilePermissions
[!]: MUST Rpmlint output is silent.
rpmlint ima-evm-utils-0.2-1.fc18.i686.rpm
ima-evm-utils.i686: W: spelling-error %description -l en_US runtime -> run time, run-time, rudiment
ima-evm-utils.i686: W: spelling-error %description -l en_US executables -> executable, executable s, executrices
ima-evm-utils.i686: W: spelling-error %description -l en_US unauthorised -> unauthorized, authorized
ima-evm-utils.i686: W: spelling-error %description -l en_US filesystem -> file system, file-system, systemically
ima-evm-utils.i686: E: zero-length /usr/share/doc/ima-evm-utils-0.2/COPYING
ima-evm-utils.i686: E: zero-length /usr/share/doc/ima-evm-utils-0.2/NEWS
ima-evm-utils.i686: W: no-manual-page-for-binary evmctl
1 packages and 0 specfiles checked; 2 errors, 5 warnings.
rpmlint ima-evm-utils-debuginfo-0.2-1.fc18.i686.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
rpmlint ima-evm-utils-0.2-1.fc18.src.rpm
ima-evm-utils.src: W: spelling-error %description -l en_US runtime -> run time, run-time, rudiment
ima-evm-utils.src: W: spelling-error %description -l en_US executables -> executable, executable s, executrices
ima-evm-utils.src: W: spelling-error %description -l en_US unauthorised -> unauthorized, authorized
ima-evm-utils.src: W: spelling-error %description -l en_US filesystem -> file system, file-system, systemically
1 packages and 0 specfiles checked; 0 errors, 4 warnings.
See: http://fedoraproject.org/wiki/Packaging/Guidelines#rpmlint
Generated by fedora-review 0.2.0git
External plugins:
Spec URL: ftp://ftp.nohats.ca/ima/ima-evm-utils.spec SRPM URL: ftp://ftp.nohats.ca/ima/ima-evm-utils-0.2-2.fc17.src.rpm That resolves all issues you mentioned, There is no license shipped with it ( since empty COPYING was removed ) , I am not very confortable with that, and I am not sure if you need to include it or not :/ Otherwise it look good. ( and sorry again for not answering earlier ) the upstream git now shows COPYING containing proper information, but it is a little unclear whether or not they released 0.3. I've asked for confirmation, and will update it here when 0.3 is considered released. 0.3 is tagged in git since 2 months, they do still consider it as not released ? NEWS? ping. Please package 0.6 when you are free. |