Bug 971836
| Summary: | Review Request: hardening-check - Tool to check ELF for being built hardened | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Björn Esser (besser82) <besser82> |
| Component: | Package Review | Assignee: | Ville Skyttä <ville.skytta> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | notting, package-review, ville.skytta |
| Target Milestone: | --- | Flags: | ville.skytta:
fedora-review+
gwync: fedora-cvs+ |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | hardening-check-2.3-2.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-06-11 09:09:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Björn Esser (besser82)
2013-06-07 11:37:06 UTC
koji builds are fine: rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=5479433 F19: https://koji.fedoraproject.org/koji/taskinfo?taskID=5479436 F18: https://koji.fedoraproject.org/koji/taskinfo?taskID=5479438 EL6: https://koji.fedoraproject.org/koji/taskinfo?taskID=5479442 The binutils and glibc-common build deps are redundant and should be removed.
Renaming the docs seems unusual and quite pointless deviation from upstream to me, I'd just refer to their names like in %doc debian/... (non-blocker as far as the review goes).
I suspect that the examples in parenthesis in %description are not quite accurate and are also subject to bitrot, I'd just remove them and while at it, remove some unnecessary bits off it and remove some extraneous hyphens, fix capitalization etc:
----
%{name} is a tool to check whether an already compiled ELF file
was built using hardening flags.
It checks, using readelf, for these hardening characteristics:
* Position Independent Executable
* Stack protected
* Fortify source functions
* Read-only relocations
* Immediate binding
Spec URL: http://besser82.fedorapeople.org/review/hardening-check/hardening-check.spec SRPM URL: http://besser82.fedorapeople.org/review/hardening-check/hardening-check-2.3-2.fc19.src.rpm %changelog * Sun Jun 09 2013 Björn Esser <bjoern.esser> - 2.3-2 - removed BuildRequires: binutils glibc-common - not renaming docs in debian/ - removed terms to be possibly subject to bitrot from %%description - as suggested by Ville Skyttä during review * Fri Jun 07 2013 Björn Esser <bjoern.esser> - 2.3-1 - initial rpm release Thanks for your review, Ville! If I can do a favour (read: review your pkgs) to you, just let me know. With above changes everything should be fine, I think. Looks good, approved. And thanks for the offer, I'll try to keep it in mind when/if I have some new packages to submit sometime. Allright! Thanks again! Just drop me a PM, somewhen... New Package SCM Request ======================= Package Name: hardening-check Short Description: Tool to check ELF for being built hardened Owners: besser82 Branches: f19 f18 el6 InitialCC: Git done (by process-git-requests). hardening-check-2.3-2.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/hardening-check-2.3-2.fc19 hardening-check-2.3-2.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/hardening-check-2.3-2.fc18 hardening-check-2.3-2.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/hardening-check-2.3-2.el6 hardening-check-2.3-2.el6 has been pushed to the Fedora EPEL 6 testing repository. hardening-check-2.3-2.fc18 has been pushed to the Fedora 18 stable repository. hardening-check-2.3-2.fc19 has been pushed to the Fedora 19 stable repository. hardening-check-2.3-2.el6 has been pushed to the Fedora EPEL 6 stable repository. |