Spec URL: https://sourceforge.net/projects/ibmtpm20tss/files/NotForUsers_FedoraSourceRpm/tss2.spec SRPM URL: https://sourceforge.net/projects/ibmtpm20tss/files/NotForUsers_FedoraSourceRpm/tss2-713-1.el6.src.rpm Description: IBM's TCG Software Stack for TPM 2.0 and related utilities Fedora Account System Username: lo1.com Koji Build: http://koji.fedoraproject.org/koji/taskinfo?taskID=15196378 This is my first package and I need a sponsor.
Here is the rpmlint output: $ rpmlint tss2.spec ../SRPMS/*.rpm ../RPMS/*/*.rpm tss2.spec: W: invalid-url Source0: http://sourceforge.net/projects/ibmtpm20tss/files/ibmtss713.tar HTTP Error 404: Not Found tss2.src: W: invalid-url Source0: http://sourceforge.net/projects/ibmtpm20tss/files/ibmtss713.tar HTTP Error 404: Not Found tss2-debuginfo.x86_64: W: spelling-error Summary(en_US) tss -> ts, toss, ass tss2-debuginfo.x86_64: W: spelling-error %description -l en_US tss -> ts, toss, ass 4 packages and 1 specfiles checked; 0 errors, 4 warnings.
> # Copyright (C) IBM Corp. 2015,2016 please, no ;) > BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) not needed > BuildArch: x86_64 ppc64 it doesn't build for others? > make -f makefile.fedora missing %{?_smp_mflags} > rm -fr %{buildroot} not needed > %clean > [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} don't do that > %defattr(-,root,root) not needed > %{!?_licensedir:%global license %%doc} not needed
The spec file and srpm should be available directly, so that automatic tools like fedora-review can download it without issues. Please, just avoid sf.net. If you don't have any public web space available, you can ask for fp.o account (https://fedoraproject.org/wiki/Infrastructure/fedorapeople.org). Summary should not repeat the package name, it should say what the package is in a few words. The %description should describe the functionality in two-three paragraphs. Also not everybody knows what TSS/TCG/TPM is, so the abbrevs should be expanded. See 'rpm -qi python' for a reasonable template. It's good practice to explicitly list files in %{_bindir} and %{_libdir}, instead of using a wide pattern like %{_bindir}/*.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #3) > The spec file and srpm should be available directly, so that automatic tools > like fedora-review can download it without issues. Please, just avoid > sf.net. If you don't have any public web space available, you can ask for > fp.o account > (https://fedoraproject.org/wiki/Infrastructure/fedorapeople.org). > > Summary should not repeat the package name, it should say what the package > is in a few words. The %description should describe the functionality in > two-three paragraphs. Also not everybody knows what TSS/TCG/TPM is, so the > abbrevs should be expanded. See 'rpm -qi python' for a reasonable template. > > It's good practice to explicitly list files in %{_bindir} and %{_libdir}, > instead of using a wide pattern like %{_bindir}/*. Hi Zbignlew, Thanks for your comments! Given that there are 95 executables under the %{_bindir} in this case, do we still want to explicitlly list all files? Vicky
(In reply to Igor Gnatenko from comment #2) > > # Copyright (C) IBM Corp. 2015,2016 > please, no ;) > > > BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) > not needed > > > BuildArch: x86_64 ppc64 > it doesn't build for others? > > > make -f makefile.fedora > missing %{?_smp_mflags} > > > rm -fr %{buildroot} > not needed > > > %clean > > [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} > don't do that > > > %defattr(-,root,root) > not needed > > > %{!?_licensedir:%global license %%doc} > not needed Hi Igor, Thanks for your comments! I'll make modifications accordingly. I'll run Koji build for other architectures to see. Vicky
> Given that there are 95 executables under the %{_bindir} in this case, do we still want to explicitlly list all files? In this case %{_bindir}/tss* would be a reasonable compromise. And there's only two files in %{_libdir}/, so they should be listed explicitly: %files %{_bindir}/tss* %{_libdir}/libtss.so.0 %{_libdir}/libtss.so.0.* As an additional advantage, this protects against accidental so version bumps (which are forbidden in stable releases).
(In reply to Zbigniew Jędrzejewski-Szmek from comment #6) > > Given that there are 95 executables under the %{_bindir} in this case, do we still want to explicitlly list all files? > > In this case %{_bindir}/tss* would be a reasonable compromise. > And there's only two files in %{_libdir}/, so they should be listed > explicitly: > > %files > %{_bindir}/tss* > %{_libdir}/libtss.so.0 > %{_libdir}/libtss.so.0.* > > As an additional advantage, this protects against accidental so version > bumps (which are forbidden in stable releases). That makes perfect sense. Thank you! Vicky
(In reply to Igor Gnatenko from comment #2) > > > %{!?_licensedir:%global license %%doc} > not needed Hi Igor, I actually need that line for it to build; maybe because I'm running on RHEL6.6. Vicky
epel-rpm-macros defines that for you, provided you don't have the SCL macros installed. You can't do an epel mockbuild without having epel-rpm-macros installed, so there isn't much reason for a package to include that line. (It's not necessary in EPEL5, either.)
(In reply to Jason Tibbitts from comment #9) > epel-rpm-macros defines that for you, provided you don't have the SCL macros > installed. You can't do an epel mockbuild without having epel-rpm-macros > installed, so there isn't much reason for a package to include that line. > (It's not necessary in EPEL5, either.) Thanks! After I removed scl-utils and installed epel-rpm-macros, I could build without having '%{!?_licensedir:%global license %%doc}'. But, I wonder why epel-6-x86_64 mockbuild worked with me before when I didn't have epel-rpm-macros installed. Vicky
If you do a mock build, the buildroot will always have epel-rpm-macros. It is one of the packages that is guaranteed to be there, like rpm or redhat-rpm-config. This is all to simplify EPEL packaging just a bit. See https://fedoraproject.org/wiki/EPEL:Packaging for more detailed info. Anyway, none of this really has much to do with the review. That one line doesn't hurt anything besides looking like a mess of line noise. It's just not necessary for the package to build in the Fedora buildsystem.
Can you post the updated spec file and srpm? (See https://bugzilla.redhat.com/show_bug.cgi?id=1353000#c8 for an example that is in the most commonly used format which makes it easy for reviews to understand what has changed.)
(In reply to Zbigniew Jędrzejewski-Szmek from comment #12) > Can you post the updated spec file and srpm? > > (See https://bugzilla.redhat.com/show_bug.cgi?id=1353000#c8 for an example > that is in the most commonly used format which makes it easy for reviews to > understand what has changed.) I've been having problems ssh into my fedorapeople.org account. I've tried both RHEL and Fedora system's rsa keys and still not working. I'll get some help on that or see of there is an alternative public site that I can upload on Monday. Vicky
(In reply to Zbigniew Jędrzejewski-Szmek from comment #12) > Can you post the updated spec file and srpm? > > (See https://bugzilla.redhat.com/show_bug.cgi?id=1353000#c8 for an example > that is in the most commonly used format which makes it easy for reviews to > understand what has changed.) Hi Zbigniew, Will you be able to add me to a non CLA group? I haven't got responses from the groups that I wanted to join and seems like it's going to take a while.. Vicky
I'll do it; I should be done in a few minutes, but it might take another half an hour before you're able to access the servers.
(In reply to Jason Tibbitts from comment #15) > I'll do it; I should be done in a few minutes, but it might take another > half an hour before you're able to access the servers. Yay got it. Thank you!
Spec URL: https://fedorapeople.org/~honclo/tss2.spec SRPM URL: https://fedorapeople.org/~honclo/tss2-713-2.el6.src.rpm Description: TSS2 is a user space Trusted Computing Group's Software Stack (TSS) for TPM 2.0. It implements the functionality equivalent to the TCG TSS working group's ESAPI, SAPI, and TCTI layers (and perhaps more) but with a hopefully far simpler interface. It comes with about 80 "TPM tools" that can be used for rapid prototyping, education and debugging. Fedora Account System Username: lo1.com Koji Build: http://koji.fedoraproject.org/koji/taskinfo?taskID=15250859 This is my first package and I need a sponsor. I appreciate all the comments!
Rpmlint output: rpmlint tss2.spec ../SRPMS/tss2* ../RPMS/*/tss2* tss2.spec:73: E: files-attr-not-set tss2.spec:74: E: files-attr-not-set tss2.spec:75: E: files-attr-not-set tss2.spec:76: E: files-attr-not-set tss2.spec: W: no-cleaning-of-buildroot %install tss2.spec: W: no-cleaning-of-buildroot %clean tss2.spec: W: no-buildroot-tag tss2.spec: W: no-%clean-section tss2.src:73: E: files-attr-not-set tss2.src:74: E: files-attr-not-set tss2.src:75: E: files-attr-not-set tss2.src:76: E: files-attr-not-set tss2.src: W: no-cleaning-of-buildroot %install tss2.src: W: no-cleaning-of-buildroot %clean tss2.src: W: no-buildroot-tag tss2.src: W: no-%clean-section tss2-debuginfo.x86_64: W: spelling-error Summary(en_US) tss -> ts, toss, ass tss2-debuginfo.x86_64: W: spelling-error %description -l en_US tss -> ts, toss, ass 4 packages and 1 specfiles checked; 8 errors, 10 warnings. [lo1@vtpm2014 SPECS]$
(In reply to Igor Gnatenko from comment #2) > > BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) > not needed > > > rm -fr %{buildroot} > not needed > > > %clean > > [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} > don't do that > > > %defattr(-,root,root) > not needed > I did these cleanings. The 'rpmlint' tool wasn't too happy with all these changes I made. But, I assume that the tool doesn't apply to or hasn't caught up with the EPEL packaging. Thanks, Vicky
Spec URL: https://fedorapeople.org/~honclo/tss2.spec SRPM URL: https://fedorapeople.org/~honclo/tss2-713-3.el6.src.rpm Description: TSS2 is a user space Trusted Computing Group's Software Stack (TSS) for TPM 2.0. It implements the functionality equivalent to the TCG TSS working group's ESAPI, SAPI, and TCTI layers (and perhaps more) but with a hopefully far simpler interface. It comes with about 80 "TPM tools" that can be used for rapid prototyping, education and debugging. Fedora Account System Username: lo1.com Koji Build: http://koji.fedoraproject.org/koji/taskinfo?taskID=15291911 This is my first package and I need a sponsor. I appreciate all the comments and reviews! Rpmlint output: $ rpmlint tss2.spec ../SRPMS/tss2* ../RPMS/*/tss2* tss2.spec:73: E: files-attr-not-set tss2.spec:74: E: files-attr-not-set tss2.spec:75: E: files-attr-not-set tss2.spec:76: E: files-attr-not-set tss2.spec: W: no-cleaning-of-buildroot %install tss2.spec: W: no-cleaning-of-buildroot %clean tss2.spec: W: no-buildroot-tag tss2.spec: W: no-%clean-section tss2.src:73: E: files-attr-not-set tss2.src:74: E: files-attr-not-set tss2.src:75: E: files-attr-not-set tss2.src:76: E: files-attr-not-set tss2.src: W: no-cleaning-of-buildroot %install tss2.src: W: no-cleaning-of-buildroot %clean tss2.src: W: no-buildroot-tag tss2.src: W: no-%clean-section tss2.src: W: invalid-url Source0: http://sourceforge.net/projects/ibmtpm20tss/files/ibmtss713.tar <urlopen error timed out> tss2-debuginfo.x86_64: W: spelling-error Summary(en_US) tss -> ts, toss, ass tss2-debuginfo.x86_64: W: spelling-error %description -l en_US tss -> ts, toss, ass 4 packages and 1 specfiles checked; 8 errors, 11 warnings. %changelog * Wed Aug 17 2016 Hon Ching(Vicky) Lo <lo1.com> - 713-3 - modified supported arch to ppc64le
> cat /etc/fedora-release Fedora release 24 (Twenty Four) > rpmlint --version rpmlint version 1.9 Copyright (C) 1999-2007 Frederic Lepied, Mandriva > rpm -qf `which rpmlint` rpmlint-1.9-3.fc24.noarch > rpmlint tss2.spec ../SRPMS ../RPMS tss2.spec:14: E: buildarch-instead-of-exclusivearch-tag x86_64 ppc64le armv7hl i686 tss2.src:14: E: buildarch-instead-of-exclusivearch-tag x86_64 ppc64le armv7hl i686 tss2.x86_64: W: no-documentation tss2.x86_64: W: no-manual-page-for-binary tsspolicysigned tss2.x86_64: W: no-manual-page-for-binary tssnvwritelock tss2.x86_64: W: no-manual-page-for-binary tssnvread tss2.x86_64: W: no-manual-page-for-binary tsspolicyrestart tss2.x86_64: W: no-manual-page-for-binary tssevictcontrol tss2.x86_64: W: no-manual-page-for-binary tssshutdown tss2.x86_64: W: no-manual-page-for-binary tssnvcertify tss2.x86_64: W: no-manual-page-for-binary tssquote tss2.x86_64: W: no-manual-page-for-binary tssunseal tss2.x86_64: W: no-manual-page-for-binary tsspolicypcr tss2.x86_64: W: no-manual-page-for-binary tsspolicyor tss2.x86_64: W: no-manual-page-for-binary tsssequenceupdate tss2.x86_64: W: no-manual-page-for-binary tssrsadecrypt tss2.x86_64: W: no-manual-page-for-binary tsssetprimarypolicy tss2.x86_64: W: no-manual-page-for-binary tssnvundefinespace tss2.x86_64: W: no-manual-page-for-binary tsspolicycommandcode tss2.x86_64: W: no-manual-page-for-binary tssnvwrite tss2.x86_64: W: no-manual-page-for-binary tssnvchangeauth tss2.x86_64: W: no-manual-page-for-binary tssverifysignature tss2.x86_64: W: no-manual-page-for-binary tssgetrandom tss2.x86_64: W: no-manual-page-for-binary tssnvextend tss2.x86_64: W: no-manual-page-for-binary tssrsaencrypt tss2.x86_64: W: no-manual-page-for-binary tssactivatecredential tss2.x86_64: W: no-manual-page-for-binary tsspolicygetdigest tss2.x86_64: W: no-manual-page-for-binary tsscontextload tss2.x86_64: W: no-manual-page-for-binary tssgetsessionauditdigest tss2.x86_64: W: no-manual-page-for-binary tsscreateprimary tss2.x86_64: W: no-manual-page-for-binary tssclockrateadjust tss2.x86_64: W: no-manual-page-for-binary tssduplicate tss2.x86_64: W: no-manual-page-for-binary tsssignapp tss2.x86_64: W: no-manual-page-for-binary tsshash tss2.x86_64: W: no-manual-page-for-binary tssreadpublic tss2.x86_64: W: no-manual-page-for-binary tsssign tss2.x86_64: W: no-manual-page-for-binary tsscreate tss2.x86_64: W: no-manual-page-for-binary tsshmac tss2.x86_64: W: no-manual-page-for-binary tsswriteapp tss2.x86_64: W: no-manual-page-for-binary tsspolicynvwritten tss2.x86_64: W: no-manual-page-for-binary tssloadexternal tss2.x86_64: W: no-manual-page-for-binary tsspolicyauthvalue tss2.x86_64: W: no-manual-page-for-binary tsscreateek tss2.x86_64: W: no-manual-page-for-binary tsshmacstart tss2.x86_64: W: no-manual-page-for-binary tssclearcontrol tss2.x86_64: W: no-manual-page-for-binary tsspolicyauthorize tss2.x86_64: W: no-manual-page-for-binary tsseventextend tss2.x86_64: W: no-manual-page-for-binary tsssequencecomplete tss2.x86_64: W: no-manual-page-for-binary tsschangeeps tss2.x86_64: W: no-manual-page-for-binary tsspcrallocate tss2.x86_64: W: no-manual-page-for-binary tssnvdefinespace tss2.x86_64: W: no-manual-page-for-binary tsspolicysecret tss2.x86_64: W: no-manual-page-for-binary tssrewrap tss2.x86_64: W: no-manual-page-for-binary tsseventsequencecomplete tss2.x86_64: W: no-manual-page-for-binary tsspcrevent tss2.x86_64: W: no-manual-page-for-binary tsspowerup tss2.x86_64: W: no-manual-page-for-binary tssimport tss2.x86_64: W: no-manual-page-for-binary tssnvsetbits tss2.x86_64: W: no-manual-page-for-binary tssclockset tss2.x86_64: W: no-manual-page-for-binary tsspolicycphash tss2.x86_64: W: no-manual-page-for-binary tssload tss2.x86_64: W: no-manual-page-for-binary tsspolicymaker tss2.x86_64: W: no-manual-page-for-binary tsscontextsave tss2.x86_64: W: no-manual-page-for-binary tssnvreadlock tss2.x86_64: W: no-manual-page-for-binary tsshierarchychangeauth tss2.x86_64: W: no-manual-page-for-binary tssgetcommandauditdigest tss2.x86_64: W: no-manual-page-for-binary tssnvreadpublic tss2.x86_64: W: no-manual-page-for-binary tsshashsequencestart tss2.x86_64: W: no-manual-page-for-binary tsseccparameters tss2.x86_64: W: no-manual-page-for-binary tssstartauthsession tss2.x86_64: W: no-manual-page-for-binary tsspolicymakerpcr tss2.x86_64: W: no-manual-page-for-binary tssmakecredential tss2.x86_64: W: no-manual-page-for-binary tssobjectchangeauth tss2.x86_64: W: no-manual-page-for-binary tsshierarchycontrol tss2.x86_64: W: no-manual-page-for-binary tsspcrextend tss2.x86_64: W: no-manual-page-for-binary tsspolicypassword tss2.x86_64: W: no-manual-page-for-binary tssgetcapability tss2.x86_64: W: no-manual-page-for-binary tsspolicyticket tss2.x86_64: W: no-manual-page-for-binary tsspolicynv tss2.x86_64: W: no-manual-page-for-binary tssstartup tss2.x86_64: W: no-manual-page-for-binary tssdictionaryattackparameters tss2.x86_64: W: no-manual-page-for-binary tsspolicycountertimer tss2.x86_64: W: no-manual-page-for-binary tsspcrreset tss2.x86_64: W: no-manual-page-for-binary tssgettime tss2.x86_64: W: no-manual-page-for-binary tsscertify tss2.x86_64: W: no-manual-page-for-binary tssdictionaryattacklockreset tss2.x86_64: W: no-manual-page-for-binary tssstirrandom tss2.x86_64: W: no-manual-page-for-binary tssflushcontext tss2.x86_64: W: no-manual-page-for-binary tssreturncode tss2.x86_64: W: no-manual-page-for-binary tsschangepps tss2.x86_64: W: no-manual-page-for-binary tssclear tss2.x86_64: W: no-manual-page-for-binary tssnvglobalwritelock tss2.x86_64: W: no-manual-page-for-binary tsspcrread tss2.x86_64: W: no-manual-page-for-binary tssreadclock tss2.x86_64: W: no-manual-page-for-binary tssnvincrement tss2.x86_64: W: no-manual-page-for-binary tssencryptdecrypt tss2.x86_64: W: no-manual-page-for-binary tssnvundefinespacespecial tss2-devel.x86_64: W: only-non-binary-in-usr-lib 4 packages and 1 specfiles checked; 2 errors, 96 warnings.
I'll review this package. My comments: Use ExclusiveArch instead of BuildArch and in general follow https://fedoraproject.org/wiki/Packaging:Guidelines?rd=PackagingGuidelines#Architecture_Support If the reason for building on just the architectures specified is that the other platforms do not have the hardware needed, then please at least add a comment about this fact to the spec. The build is nonstandard and does not apply RPM_OPT_FLAGS and LDFLAGS during the build which means that hardening and optimalization is not applied. This must be fixed too. %attr(0755,root,root) %{_libdir}/*.so - %attr is not applicable to symlink
(In reply to Tomas Mraz from comment #23) > I'll review this package. > > My comments: > > Use ExclusiveArch instead of BuildArch and in general follow > https://fedoraproject.org/wiki/Packaging: > Guidelines?rd=PackagingGuidelines#Architecture_Support > If the reason for building on just the architectures specified is that the > other platforms do not have the hardware needed, then please at least add a > comment about this fact to the spec. > > The build is nonstandard and does not apply RPM_OPT_FLAGS and LDFLAGS during > the build which means that hardening and optimalization is not applied. This > must be fixed too. Thanks for taking time to review this package! The developer has been using nonstandard variables such as LNFLAGS (as opposed to LDFLAGS) and CCFLAGS (for CFLAGS) etc. There were other compile flags such as CCLFLAGS for compiling library and CCAFLAGS for compiling application. Would that be OK to keep the naming of those nonstandard variables, while I'm making sure that the build includes hardending and optimalization with the RPM_OPT_FLAGS? Vicky
(In reply to Jerry Snitselaar from comment #22) > > cat /etc/fedora-release > Fedora release 24 (Twenty Four) > > rpmlint --version > rpmlint version 1.9 Copyright (C) 1999-2007 Frederic Lepied, Mandriva > > rpm -qf `which rpmlint` > rpmlint-1.9-3.fc24.noarch > > > rpmlint tss2.spec ../SRPMS ../RPMS > tss2.spec:14: E: buildarch-instead-of-exclusivearch-tag x86_64 ppc64le > armv7hl i686 > tss2.src:14: E: buildarch-instead-of-exclusivearch-tag x86_64 ppc64le > armv7hl i686 > tss2.x86_64: W: no-documentation > tss2.x86_64: W: no-manual-page-for-binary tsspolicysigned > tss2.x86_64: W: no-manual-page-for-binary tssnvwritelock > tss2.x86_64: W: no-manual-page-for-binary tssnvread > tss2.x86_64: W: no-manual-page-for-binary tsspolicyrestart > tss2.x86_64: W: no-manual-page-for-binary tssevictcontrol > tss2.x86_64: W: no-manual-page-for-binary tssshutdown > tss2.x86_64: W: no-manual-page-for-binary tssnvcertify > tss2.x86_64: W: no-manual-page-for-binary tssquote > tss2.x86_64: W: no-manual-page-for-binary tssunseal > tss2.x86_64: W: no-manual-page-for-binary tsspolicypcr > tss2.x86_64: W: no-manual-page-for-binary tsspolicyor > tss2.x86_64: W: no-manual-page-for-binary tsssequenceupdate > tss2.x86_64: W: no-manual-page-for-binary tssrsadecrypt > tss2.x86_64: W: no-manual-page-for-binary tsssetprimarypolicy > tss2.x86_64: W: no-manual-page-for-binary tssnvundefinespace > tss2.x86_64: W: no-manual-page-for-binary tsspolicycommandcode > tss2.x86_64: W: no-manual-page-for-binary tssnvwrite > tss2.x86_64: W: no-manual-page-for-binary tssnvchangeauth > tss2.x86_64: W: no-manual-page-for-binary tssverifysignature > tss2.x86_64: W: no-manual-page-for-binary tssgetrandom > tss2.x86_64: W: no-manual-page-for-binary tssnvextend > tss2.x86_64: W: no-manual-page-for-binary tssrsaencrypt > tss2.x86_64: W: no-manual-page-for-binary tssactivatecredential > tss2.x86_64: W: no-manual-page-for-binary tsspolicygetdigest > tss2.x86_64: W: no-manual-page-for-binary tsscontextload > tss2.x86_64: W: no-manual-page-for-binary tssgetsessionauditdigest > tss2.x86_64: W: no-manual-page-for-binary tsscreateprimary > tss2.x86_64: W: no-manual-page-for-binary tssclockrateadjust > tss2.x86_64: W: no-manual-page-for-binary tssduplicate > tss2.x86_64: W: no-manual-page-for-binary tsssignapp > tss2.x86_64: W: no-manual-page-for-binary tsshash > tss2.x86_64: W: no-manual-page-for-binary tssreadpublic > tss2.x86_64: W: no-manual-page-for-binary tsssign > tss2.x86_64: W: no-manual-page-for-binary tsscreate > tss2.x86_64: W: no-manual-page-for-binary tsshmac > tss2.x86_64: W: no-manual-page-for-binary tsswriteapp > tss2.x86_64: W: no-manual-page-for-binary tsspolicynvwritten > tss2.x86_64: W: no-manual-page-for-binary tssloadexternal > tss2.x86_64: W: no-manual-page-for-binary tsspolicyauthvalue > tss2.x86_64: W: no-manual-page-for-binary tsscreateek > tss2.x86_64: W: no-manual-page-for-binary tsshmacstart > tss2.x86_64: W: no-manual-page-for-binary tssclearcontrol > tss2.x86_64: W: no-manual-page-for-binary tsspolicyauthorize > tss2.x86_64: W: no-manual-page-for-binary tsseventextend > tss2.x86_64: W: no-manual-page-for-binary tsssequencecomplete > tss2.x86_64: W: no-manual-page-for-binary tsschangeeps > tss2.x86_64: W: no-manual-page-for-binary tsspcrallocate > tss2.x86_64: W: no-manual-page-for-binary tssnvdefinespace > tss2.x86_64: W: no-manual-page-for-binary tsspolicysecret > tss2.x86_64: W: no-manual-page-for-binary tssrewrap > tss2.x86_64: W: no-manual-page-for-binary tsseventsequencecomplete > tss2.x86_64: W: no-manual-page-for-binary tsspcrevent > tss2.x86_64: W: no-manual-page-for-binary tsspowerup > tss2.x86_64: W: no-manual-page-for-binary tssimport > tss2.x86_64: W: no-manual-page-for-binary tssnvsetbits > tss2.x86_64: W: no-manual-page-for-binary tssclockset > tss2.x86_64: W: no-manual-page-for-binary tsspolicycphash > tss2.x86_64: W: no-manual-page-for-binary tssload > tss2.x86_64: W: no-manual-page-for-binary tsspolicymaker > tss2.x86_64: W: no-manual-page-for-binary tsscontextsave > tss2.x86_64: W: no-manual-page-for-binary tssnvreadlock > tss2.x86_64: W: no-manual-page-for-binary tsshierarchychangeauth > tss2.x86_64: W: no-manual-page-for-binary tssgetcommandauditdigest > tss2.x86_64: W: no-manual-page-for-binary tssnvreadpublic > tss2.x86_64: W: no-manual-page-for-binary tsshashsequencestart > tss2.x86_64: W: no-manual-page-for-binary tsseccparameters > tss2.x86_64: W: no-manual-page-for-binary tssstartauthsession > tss2.x86_64: W: no-manual-page-for-binary tsspolicymakerpcr > tss2.x86_64: W: no-manual-page-for-binary tssmakecredential > tss2.x86_64: W: no-manual-page-for-binary tssobjectchangeauth > tss2.x86_64: W: no-manual-page-for-binary tsshierarchycontrol > tss2.x86_64: W: no-manual-page-for-binary tsspcrextend > tss2.x86_64: W: no-manual-page-for-binary tsspolicypassword > tss2.x86_64: W: no-manual-page-for-binary tssgetcapability > tss2.x86_64: W: no-manual-page-for-binary tsspolicyticket > tss2.x86_64: W: no-manual-page-for-binary tsspolicynv > tss2.x86_64: W: no-manual-page-for-binary tssstartup > tss2.x86_64: W: no-manual-page-for-binary tssdictionaryattackparameters > tss2.x86_64: W: no-manual-page-for-binary tsspolicycountertimer > tss2.x86_64: W: no-manual-page-for-binary tsspcrreset > tss2.x86_64: W: no-manual-page-for-binary tssgettime > tss2.x86_64: W: no-manual-page-for-binary tsscertify > tss2.x86_64: W: no-manual-page-for-binary tssdictionaryattacklockreset > tss2.x86_64: W: no-manual-page-for-binary tssstirrandom > tss2.x86_64: W: no-manual-page-for-binary tssflushcontext > tss2.x86_64: W: no-manual-page-for-binary tssreturncode > tss2.x86_64: W: no-manual-page-for-binary tsschangepps > tss2.x86_64: W: no-manual-page-for-binary tssclear > tss2.x86_64: W: no-manual-page-for-binary tssnvglobalwritelock > tss2.x86_64: W: no-manual-page-for-binary tsspcrread > tss2.x86_64: W: no-manual-page-for-binary tssreadclock > tss2.x86_64: W: no-manual-page-for-binary tssnvincrement > tss2.x86_64: W: no-manual-page-for-binary tssencryptdecrypt > tss2.x86_64: W: no-manual-page-for-binary tssnvundefinespacespecial > tss2-devel.x86_64: W: only-non-binary-in-usr-lib > 4 packages and 1 specfiles checked; 2 errors, 96 warnings. Thanks for the review! I was using using V0.9 rpmlint on my RHEL system previously. I've fixed all warnings except for the "tss2-devel.x86_64: W: only-non-binary-in-usr-lib". Can this warning be ignored? I replaced with "%attr(0755,root,root) %{_libdir}/*.so" with "%{_libdir}/libtss.so", yet I still get that warning. The 'rpmlint -I' output for only-non-binary-in-usr-lib: "There are only non binary files in /usr/lib so they should be in /usr/share." doesn't make sense to me. I still see lots of symbolic links for libraries in /usr/lib, please let me know if the new rule is otherwise. Vicky
(In reply to lo1 from comment #24) > The developer has been using nonstandard variables such as LNFLAGS (as > opposed to LDFLAGS) and CCFLAGS (for CFLAGS) etc. There were other compile > flags such as CCLFLAGS for compiling library and CCAFLAGS for compiling > application. > > Would that be OK to keep the naming of those nonstandard variables, while > I'm making sure that the build includes hardending and optimalization with > the RPM_OPT_FLAGS? Yes, that should not be problem. However please also ensure that LDFLAGS set by rpm build environment are applied when linking the binaries and library. > I've fixed all warnings except for the "tss2-devel.x86_64: W: only-non-binary-in-usr-lib". Can this warning be ignored? Yes, this can be ignored.
Spec URL: https://fedorapeople.org/~honclo/tss2.spec SRPM URL: https://fedorapeople.org/~honclo/tss2-713-4.el6.src.rpm Description: TSS2 is a user space Trusted Computing Group's Software Stack (TSS) for TPM 2.0. It implements the functionality equivalent to the TCG TSS working group's ESAPI, SAPI, and TCTI layers (and perhaps more) but with a hopefully far simpler interface. It comes with about 80 "TPM tools" that can be used for rapid prototyping, education and debugging. Fedora Account System Username: lo1.com Koji Build: http://koji.fedoraproject.org/koji/taskinfo?taskID=15770811 This is my first package and I need a sponsor. Thanks for all the comments and review! Here is the Rpmlint outputs: # uname -a Linux fed24vm 4.5.5-300.fc24.x86_64 #1 SMP Thu May 19 13:05:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux # rpmlint --version rpmlint version 1.9 Copyright (C) 1999-2007 Frederic Lepied, Mandriva # rpmlint tss2.spec ../RPMS/ ../SRPMS/ sh: /usr/bin/python: No such file or directory tss2-devel.x86_64: W: only-non-binary-in-usr-lib 4 packages and 1 specfiles checked; 0 errors, 1 warnings. %changelog * Mon Sep 19 2016 Hon Ching(Vicky) Lo <lo1.com> - 713-4 - Used ExclusiveArch instead of BuildArch tag - Removed attr from symlink in devel subpackage - Added manpages and modified the Source0 - Added CCFLAGS and LNFLAGS to enforce hardening and optimization Vicky
(In reply to Tomas Mraz from comment #26) > (In reply to lo1 from comment #24) > > The developer has been using nonstandard variables such as LNFLAGS (as > > opposed to LDFLAGS) and CCFLAGS (for CFLAGS) etc. There were other compile > > flags such as CCLFLAGS for compiling library and CCAFLAGS for compiling > > application. > > > > Would that be OK to keep the naming of those nonstandard variables, while > > I'm making sure that the build includes hardending and optimalization with > > the RPM_OPT_FLAGS? > Done. I see that 2016-09-27 is the date for 100% Code Complete Deadline. We don't expect there is any more code change, once the package is accepted. If it gets accepted, are there any other steps that has to happen other than checking in the code before 9/27 on my part? I did see that the bug status has to be ON_QA, but I wonder how long it'll take from package acceptance till the bug is moved to ON_QA. Please advise. Thanks, Vicky
From Fedora packaging guideline, ExcludeArch is preferred than ExclusiveArch, see "ExcludeArch & ExclusiveArch" part @ https://fedoraproject.org/wiki/Architectures#Primary_Architectures . There are some explanations about ExcludeArch here: https://fedoraproject.org/wiki/Packaging:Guidelines?rd=PackagingGuidelines#Architecture_Support You might need to change to ExcludeArch. Actually, I was advised so when packing a similar TSS2 package: https://bugzilla.redhat.com/show_bug.cgi?id=1369708 . BTW, could we have a review swap?
I would say that in using Exclude vs. ExclusiveArch we should apply some reasoning - if it is positively known that the package does not work on anything else than x86_64 ppc64le armv7hl i686 then ExclusiveArch would be appropriate. If on the other hand we know that it does not work for example on aarch64 but it should work on anything else, then ExcludeArch would be more appropriate.
Spec URL: https://fedorapeople.org/~honclo/tss2.spec SRPM URL: https://fedorapeople.org/~honclo/tss2-713-5.fc24.src.rpm Description: TSS2 is a user space Trusted Computing Group's Software Stack (TSS) for TPM 2.0. It implements the functionality equivalent to the TCG TSS working group's ESAPI, SAPI, and TCTI layers (and perhaps more) but with a hopefully far simpler interface. It comes with about 80 "TPM tools" that can be used for rapid prototyping, education and debugging. Fedora Account System Username: lo1.com Koji Build: http://koji.fedoraproject.org/koji/taskinfo?taskID=15812194 This is my first package and I need a sponsor. Thanks for all the comments and review! Here is the Rpmlint outputs: $ rpmlint tss2.spec ../RPMS/ ../SRPMS/ tss2-devel.x86_64: W: only-non-binary-in-usr-lib 4 packages and 1 specfiles checked; 0 errors, 1 warnings. %changelog * Mon Sep 26 2016 Hon Ching(Vicky) Lo <lo1.com> - 713-5 - replaced ExclusiveArch with ExcludeArch
Updated Spec URL: https://fedorapeople.org/~honclo/tss2.spec Updated SRPM URL: https://fedorapeople.org/~honclo/tss2-713-6.fc24.src.rpm Koji Build: http://koji.fedoraproject.org/koji/taskinfo?taskID=15812569 Here is the Rpmlint outputs: $ rpmlint tss2.spec ../SRPMS ../RPMS tss2-devel.x86_64: W: only-non-binary-in-usr-lib 4 packages and 1 specfiles checked; 0 errors, 1 warnings. %changelog * Mon Sep 26 2016 Hon Ching(Vicky) Lo <lo1.com> - 713-6 - Added s390x arch as another "ExcludeArch"
(In reply to yunying.sun from comment #29) > From Fedora packaging guideline, ExcludeArch is preferred than > ExclusiveArch, see "ExcludeArch & ExclusiveArch" part @ > https://fedoraproject.org/wiki/Architectures#Primary_Architectures . > > There are some explanations about ExcludeArch here: > https://fedoraproject.org/wiki/Packaging: > Guidelines?rd=PackagingGuidelines#Architecture_Support > > You might need to change to ExcludeArch. Actually, I was advised so when > packing a similar TSS2 package: > https://bugzilla.redhat.com/show_bug.cgi?id=1369708 . > > BTW, could we have a review swap? Thanks for your review! I'll take a look at yours.
(In reply to Tomas Mraz from comment #30) > I would say that in using Exclude vs. ExclusiveArch we should apply some > reasoning - if it is positively known that the package does not work on > anything else than x86_64 ppc64le armv7hl i686 then ExclusiveArch would be > appropriate. If on the other hand we know that it does not work for example > on aarch64 but it should work on anything else, then ExcludeArch would be > more appropriate. Thanks! The package doesn't support big endian yet. Thus, I liisted ppc64 and s390x as ExcludeArch.
COPR output: https://copr.fedorainfracloud.org/coprs/honclo/TSS2/build/458951
Hi Tomas, If there is anything else that I can do in order for the package to get approved, please feel free to let me know. Thanks, Vicky
Please remove the %defattr(0644,root,root,-) in the -devel subpackage, this is causing: tss2-devel.x86_64: E: non-standard-dir-perm /usr/share/doc/tss2-devel 644 This can be corrected before the import. Please also fill the ExcludeArch bugs as required by https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#Architecture_Build_Failures Also note that we are moving to OpenSSL-1.1.0 in rawhide very soon, so please work on making the tss2 compile against it. rpmlint output: rpmlint -v tss2* tss2-debuginfo.x86_64: I: checking tss2-debuginfo.x86_64: I: checking-url http://sourceforge.net/projects/ibmtpm20tss/ (timeout 10 seconds) tss2-devel.x86_64: I: checking tss2-devel.x86_64: I: checking-url http://sourceforge.net/projects/ibmtpm20tss/ (timeout 10 seconds) tss2-devel.x86_64: W: only-non-binary-in-usr-lib tss2-devel.x86_64: E: non-standard-dir-perm /usr/share/doc/tss2-devel 644 tss2.src: I: checking tss2.src: I: checking-url http://sourceforge.net/projects/ibmtpm20tss/ (timeout 10 seconds) tss2.src: I: checking-url https://sourceforge.net/projects/ibmtpm20tss/files/NotForUsers_FedoraSourceRpm/ibmtss713withman.tar (timeout 10 seconds) tss2.x86_64: I: checking tss2.x86_64: I: checking-url http://sourceforge.net/projects/ibmtpm20tss/ (timeout 10 seconds) 4 packages and 0 specfiles checked; 1 errors, 1 warnings. Package is ACCEPTED
I have also sponsored you into Fedora packager group.
(In reply to Tomas Mraz from comment #38) > I have also sponsored you into Fedora packager group. Thank you very much for your reviews and willingness to sponsor me into the Feodra packager group! I'll be taking care of the follow-up work in the previous comment. Thanks, Vicky
(In reply to Tomas Mraz from comment #37) > Please remove the %defattr(0644,root,root,-) in the -devel subpackage, this > is causing: > > tss2-devel.x86_64: E: non-standard-dir-perm /usr/share/doc/tss2-devel 644 > > This can be corrected before the import. > > Please also fill the ExcludeArch bugs as required by > https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/ > Guidelines#Architecture_Build_Failures > Done. Updated spec: https://honclo.fedorapeople.org/tss2.spec Updated srpm: https://honclo.fedorapeople.org/tss2-713-7.fc24.src.rpm Updated Koji output: http://koji.fedoraproject.org/koji/taskinfo?taskID=15960383 Updated COPR output: https://copr.fedorainfracloud.org/coprs/honclo/TSS2/build/461625/
Fedora Account System Username: honclo
Yes, it is sponsored into Packagers now.
The builds were successful, both on rawhide and f25: http://koji.fedoraproject.org/koji/packageinfo?packageID=23163 I've submitted an update for the package (as this is later "Branched") via the Bodhi web interface.
(In reply to Tomas Mraz from comment #37) > Also note that we are moving to OpenSSL-1.1.0 in rawhide very soon, so > please work on making the tss2 compile against it. > The developer of the package, Kenneth Goldman has expressed the following concern: "..this is a huge task. 1.1 is not at all backward compatible with 1.0, and will likely break almost everything, not just the TSS." "It's not just a recompile. It's a major redesign. The issue is that they decided to make many structures opaque, and so applications like the TSS (and the TPM) that require manipulation of key material change completely. For example, a typical case, going from an RSA TPM key (n,d,e) to an openssl key structure. 1.0 - direct access to RSA structure using BIGNUMs, no setter and getter API 1.1 - RSA structure is opaque, setters and getters implemented 1.0 is on long term support, and they will likely coexist for many years"
tss2-713-7.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-20df2ce477
I would not say this is really so huge task as the changes in most cases are pretty straightforward. Also there will be no openssl-1.0.x in Fedora 26 that could be used to build tss2 against and even if it was there it would not be used by any main applications. There will be compat-openssl10 package but that will be useful only for third party packages built on some other system such as older Fedora. Current status of 1.0 is that it will be discontinued upstream on 2019-12-31. So it is right that it will be supported for some time but the advantages of moving to 1.1 API that brings the long needed ABI stability are so big that most distributions will move to it very soon.
Re, OpenSSL 1.1: For applications that use the high level API, changes may be straightforward. For applications like the TSS that require low level crypto manipulation, it's a rewrite. It's not just a rebuild with some minor changes. Note that, for the TPM side, which needs even more primitive functions, the port is even harder. It's open source. Anyone can try the port. My feeling is that I'd like to focus on developing applications at present.
tss2-713-7.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
I could find the LICENSE file under /usr/share/doc/tss2-713/ in RHEL6, but the "%license LICENSE" seemed to have ignored by Fedora. I couldn't find the LICENSE file anywhere, nor could I find much info about it. Does anyone know what's going on? please advise.
It's in /usr/share/licenses/tss2 - as you can find out by rpm -ql tss2
(In reply to Tomas Mraz from comment #50) > It's in /usr/share/licenses/tss2 - as you can find out by rpm -ql tss2 Oh, it is. :) I couldn't see that licenses directory by eyeballing...should have tried the tab. Thanks!